Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise
news for all interests
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page
Other LWN stuff:
Archives/search
Recent features: Here is the permanent site for this page. See also: last week's LWN.
|
Leading items and editorialsWhat is open source? There have been a few amusing attempts to characterize the open source world this week; here's a summary. Is open source:
The free software world is far from perfect, but criticism like that shown above misses the point. Expect to see more of it in the future, though. Eric S. Raymond's latest missive is entitled Two faces and Big Lies; it's about DeCSS, Napster, and related issues. Eric rips into just about everybody with this one, from the DVD Copy Control Association through to people ripping off copyrighted music through Napster. It's worth reading. The free software community needs to come to a consistent ethical position on these things. As Eric says: We have a special responsibility because we are the king toolmakers of the digital age; our work and our values will have a large part in shaping the future of communications and media everywhere. We have a special need because the way these intellectual-property issues work out will come back to haunt us more than most if we get then wrong.
One thing that's worth adding to this discussion: remember that the free software world, too, is dependent on copyrights. Licenses like the GPL depend on copyright law. The free software world has a lot to contribute to the discussion on just how far copyright protections should apply, but if we promote the ignoring of copyright altogether, we are polluting our own well. The Linux Development Platform Specification version 1.0-beta was released by the Free Standards Project on July 22. LWN mentioned the release in the daily updates page, but an editorial slip caused it to be dropped from the July 27 weekly edition. We regret the error. The LDPS is interesting. It's essentially a stopgap specification designed to help in the creation of programs that are portable between Linux distributions; eventually it should be incorporated within the full Linux Standard Base. The LSB has proved to be long in coming; meanwhile the LDPS can be used, by developers and distributors both, to avoid the worst portability problems The LDPS developers are looking for feedback! If you have suggestions for improvements, they should go back to the Free Standards project by August 7. Please have a look at the "comment instructions" on the LDPS 1.0-beta page; they are asking that comments use a specific format. The LDPS text itself makes interesting reading. It is short and to the point, and it highlights just what the portability problems between Linux distributions really are. Some of these include:
There is more to the list than what we have listed above, of course. There are two patterns that emerge from this list: interfaces that change, and vendor additions. As Linux has matured, the magnitude of both of these problems has been reduced, but it's far from clear that they will ever go away. Interfaces change because people find better ways of doing things. There is value in keeping backward compatibility, but there is also a point where the whole system gets weighed down by compatibility code. Sometimes you simply have to move forward. The willingness to occasionally break old interfaces is what will keep Linux alive for many years to come. And, of course, the open source nature of the system means that distributors will always be able to tweak the code to meet their customers' needs. The best of these changes usually make it into the code base and become standard features. But there will always be good reasons to add nonstandard stuff. Thus, for all the talk of incompatibility and fragmentation between distributions, we see from the LDPS that the list of real portability problems is small, and that the problems that do exist reflect the strengths of the Linux platform. CopyLeft was added as a defendant in the DVD case this week. The DVDCCA pigeonholed them into one of the "John Doe" slots on the suit after apparently figuring out that CopyLeft is selling T-shirts with the DeCSS code on the back. This move will, of course, bring the "free speech" aspect of the case into an even more prominent position. The one immediate result, however, seems to be that CopyLeft is selling far more shirts. Since each shirt sold generates $4 for the Electronic Frontier Foundation, the DVDCCA may end up doing a favor for the defense. Inside this week's Linux Weekly News:
This Week's LWN was brought to you by:
|
August 3, 2000
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Security page. |
News and EditorialsOpenBSD runs fuzz. For those of you with very good memories, the University of Wisconsin "Fuzz" program experimented with throwing garbage input onto the command line of common Unix commands and evaluating the result. Run twice, with a five-year interval, it turned up most of the same errors the second time. Theo de Raadt from OpenBSD picked up fuzz and ran it on OpenBSD to test the results. Here is what he found. Even with OpenBSD's emphasis on fixing all bugs and auditing code, fuzz still turned up errors in many basic commands. It also turned up a debate on BugTraq as to the usefulness of such tools. The bugs found by fuzz previously and now are arguably not actually security bugs. However, they are still bugs and therefore deserve to be fixed. Theo commented, "I still consider fuzz to be somewhat of a crutch. For about half of these fixes, inspection found other things we could improve". Perhaps so, but inspection had not turned them up until fuzz gave them a reason to look again at code that has been around for a long, long time. In the end, such tools have their use and the current state of computer software in general argues a lot for the need for tools like this. However, Theo's point that software that passes all automated tests still likely has problems that are best found by a source code audit by trained staff shouldn't be forgotten either. Also hypothesized in the report is the existence of commercial software from various vendor quality assurance groups to do "fuzz-like" testing and more. Such code is currently locked away within each organization; the release of such tools, and the pooling of ideas and knowledge to improve them, might be a boon. Of course, depending on the quality of the code, its availability might not make as much of a difference as we might hope. Silence is the best security policy (ZDNet). This is apparently one argument that will never end. This ZDNet article argues that security holes should be "hushed up", not published. "Marcus Ranum, chief technology officer for intrusion detection software maker Network Flight Recorder Inc., used hard language to say that security can't be improved unless 'gray hat' hackers stop disclosing security holes to the public and stop creating tools for so-called 'script kiddies' to exploit the holes." As someone who has followed vendor security reports for over ten years, this editor can testify that unpublished vendor security holes simply went unfixed. So much for "improving security". Bull announces CDSA security software for Linux as open source. Bull has announced the forthcoming release of its Common Data Security Architecture implementation under an (unspecified) open source license. Code will be available on August 24. New Security ReportsCVS vulnerabilities. Two CVS-related vulnerabilities were reported this past week. The first vulnerability impacts the CVS server, which can be made to execute an arbitrary binary via the Checkin.prog script. An unofficial patch for CVS 1.10.8 has been posted.The second vulnerability impacts the CVS client, which blindly trusts path information from a CVS server and can thus be "tricked" into creating files in arbitrary locations. No workaround or patch has been posted, as of yet. These vulnerabilities sparked a long discussion on the security of anonymous CVS servers. The consensus seems to be that CVS was simply not designed to be run in an "untrusted" mode (sound familiar?). Therefore, if you are running a CVS server, you should assume that the people authorized to use the CVS server are also authorized to get login access to the machine hosting the CVS server. A dedicated, highly controlled CVS server was recommended for less trusted circumstances. Also mentioned in the discussion was a new open source project, subversion. Still in early development, it is meant to be a CVS replacement, presumably with better security built into the design. A "proof of concept" release is currently scheduled for September. TurboLinux: cvsweb. TurboLinux has issued a security advisory for cvsweb-1.90 and earlier. Remote reading/writing of arbitrary files as the cvsweb user is possible. Updated packages for cvsweb-1.91 are provided.Mailman. A vulnerability has been reported in mailman 2.0beta3 and 2.0beta4. Mailman can be exploited by a local user to read public and private data, passwords and potentially replace binaries and scripts. An unofficial patch against the current CVS tree is provided. Mailman 2.0beta5 has also been released and is reported to contain a fix for this problem.GNU userv vulnerability. A security vulnerability in userv 1.0.0 and earlier has been reported which, under some circumstances, can allow a local user to carry out an unauthorized action. Userv is a system facility to allow one program to invoke another when there is only limited trust between the two programs.GNU userv 1.0.1 has been released with a fix for this vulnerability. Linux-Mandrake security update to kon2. MandrakeSoft has issued a security update to the kon2 package which patches up fld, a vulnerable setuid program. The Linux-Mandrake kon2 package contains KON, software for displaying kanji characters on Linux console screen.OpenLDAP installation permissions. The installation permissions for openldap 1.2.11 (and possibly earlier versions) allow the binary itself to be writable by group. However, the installation does not choose the group that will be used, allowing it to potentially default to an untrusted group. This problem was reported on BugTraq by Dr. Christian Kleinewaechter. The problem can be dealt with by modifying the installation script itself or by checking the group ownership and permissions of the binary and modifying them, if necessary, after installation.ntop. A BugTraq posting warns that ntop, a network usage display, can be used to remotely read any file on the system, if run in web mode. Ntop in web mode is a web server, run suid. Access to the server can be locked down via a configuration file, but the documentation incorrectly reports the proper location for this configuration file.Commercial products. The following commercial products were reported to contain vulnerabilities:
UpdatesNetscape/Mozilla JPEG marker vulnerability. Check last week's Security Summary for more information.pam. A vulnerability in pam is triggered when a display manager and XDMCP are both enabled. It can allow unprivileged users to fake a console login and shut down the machine. Check the Red Hat advisory for more details
Multiple gpm vulnerabilities. New problems with gpm were reported last week, including the ability for a local user to execute arbitrary commands with elevated group privileges and a local denial-of-service attack.This week's updates: Previous updates:
dhcp. A second set of problems with the ISC dhcp client was reported in the July 20th Security Summary. New updates to dhcp-3.0b1pl17 (instead of pl12) are now coming out.
Linux-Mandrake: zope. Linux-Mandrake has put out Zope 2.1.6 packages, fixing a security flaw in the DocumentTemplate package that can allow documents to be changed without adequate authorization. Check the June 22nd Security Summary for information on the problem, which has also been fixed in Zope 2.1.7 and 2.2 beta 2.ResourcesDan and Wietse's Forensic Tools. Dan Farmer and Wietse Venema have released The Coroner's Toolkit (TCT), a set of tools for doing a post-mortem on a Unix system after a break-in. "To set your expectations, the TCT software is not for the faint of heart. It is relatively unpolished compared to the software that we usually release. TCT can spend a lot of time collecting data. And although TCT collects lots of data, many analysis tools still need to be written. Nevertheless TCT sure beats the competition, which is non-existent, and beats them at the right price, too." The tools are released under a combination of the IPL (IBM Public License) and a modified version of the BSD license. TrinityOS. David Ranch, the IP Masquerade HOWTO author/maintainer and co-author of the SANS "Securing Linux: Step by Step" book, has also made available a website he calls TrinityOS. Like the Bastille Linux project, the website contains scripts for automating the process of securing various Linux services. Note, however, that the scripts themselves don't appear to have been heavily tested and provide no easy way to back out the changes they make. In many ways, they make a better reference for what ought to be done than a one-step method of securing a system for use by a novice. Red Hat, Linux-Mandrake, and Slackware are all referenced. In addition to the afore-mentioned scripts, TrinityOS contains a wealth of links to additional security resources. Hack Proofing Your Network. Hack Proofing Your Network is a new book from Syngress Publishing. Ryan Russell is the author and the list of contributing authors is quite interesting: " Contributing writers include: Rain Forest Puppy; Elias Levy, BugTraq moderator; Blue Boar, Vuln-dev moderator; Dan "Effugas" Kaminsky, Cisco Systems; Oliver Friedrichs, SecurityFocus.com; Riley "Caezar" Eller, Internet Security Advisors; Greg Hoglund, Click To Secure, Jeremy Rauch, and Georgi Guninski." LinuxSecurity.com Weekly Newsletter. LinuxSecurity.com's weekly newsletter is also available, for those of you looking for additional Linux security news. EventsToorCon pre-registration closes August 6th. Pre-registration for this year's ToorCon closes August 6th. The ToorCon Security Expo will be held on September 1st-3rd in San Diego, California, USA. "ToorCon is a comprehensive three day computer security extravaganza featuring lectures from some of the top experts in the field, hand-on demonstrations of the newest approaches to computer security, and a competitive game called RootWars which tests your penetration and defensive skills in a real-time simulation." Check their web-page for more details. August/September security events.
Section Editor: Liz Coolbaugh |
August 3, 2000
| |||||||||||||||||||||||||||||||||
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Kernel page. |
Kernel developmentThe current development kernel release is 2.4.0-test5. Linus actually sent out an announcement for this release, describing what's in it. The first prepatch for the -test6 release is available. It consists mostly of small tweaks (many of which are spelling corrections), but also has some MIPS architecture fixes, an IBM MCA SCSI driver update, a big USB storage update, an ext2 filesystem update, and a reorganization of user process accounting. Ted Ts'o, the new keeper of the 2.4 status list, has posted an updated summary of where the 2.4 release stands. The list remains long. Ted is also maintaining a web page on SourceForge with the current list. The current stable kernel release is still 2.2.16. The 2.2.17 prepatch is up to 2.2.17pre14; probably at least one more iteration is forthcoming before the official 2.2.17 release. Towards a new virtual memory system. Difficulties with Linux virtual memory have been popping up since early in the 2.2 stable series. While it works for most people, there are those who can easily get the system into a thrashing, useless state. Lots of work has been done trying to fix things up, with some success. Nonetheless, the current development kernels still can do unpleasant things with some loads. It looks like 2.4.0 will go out with a less-than-optimal VM implementation. There is still room for tweaking, but Linus is not interested in major changes at this time. And he has a point; there comes a time when you have to draw the line and ship a kernel. So now the developers are looking toward 2.5, when they'll be able to go in and make radical changes. To that end, Rik van Riel has posted a description of a new VM subsystem as he would like to implement it. It's based heavily on the FreeBSD scheme, which works quite well. But, of course, it will have some special Linux tweaks of its own. See Rik's posting for the details. Changes to the mount system call, both large and small are on the table. Starting with the smaller issue: the current development kernels handle mounts a little differently from previous kernels (and most Unix systems) in that mounts can stack. Should a system administrator type: # mount /dev/hda1 /mnt # mount /dev/hda2 /mntboth mounts will succeed. Somebody looking in /mnt after both operations would see the filesystem that lives on /dev/hda2 - the last one mounted. Unix systems over the years have not allowed this sort of operation - the second mount would fail with a "mount point busy" error. It seems there are quite a few people who depend on those semantics - a number have complained about the "overmount by default" behavior. The end result looks to be a return to the old semantics - stacked mounts will not happen unless explicitly requested by the user. (Some might ask why stacked mounts are needed at all; among other things, the automounter can use them to provide for "direct" mount maps.) The person working with the mount semantics is the same guy who has been making changes all over the filesystem layer - Alexander Viro. He is also working on the addition of "union mounts", where several filesystems can be combined together into a larger, virtual filesystem containing all the files in each of the component parts. The semantics of union mounts still need some thought, however, and no work will be done on them until the 2.5 development series. In the process of thinking about all this, Mr. Viro came to realize that the current mount interface shows, shall we say, some historical baggage. See this lengthy posting for the full scoop on the problem. Essentially it comes down to (1) the current mount system call interface is, um, inelegant, and (2) it is going to be very hard to add new features, such as union mounts, using the given interface. So a brand new mount call ("mount6", perhaps) has been proposed, with an API like: int mount6 (action, mountpoint, type, flags, device, data);What's new here is the "action" parameter, which can have values like "mount", "remount", and "bind". With the current interface, the "flags" argument is used, sometimes, to indicate that an action other than a straightforward mount is to occur. Separating the action out will make the interface a lot cleaner. There seems to be little opposition to the new interface, so it will likely go in at some point. The old mount interface will be preserved (probably by libc), of course, but in this case the interface change will be relatively painless anyway. After all, not very many programs call mount. How should user space get information about the kernel? It all started with a posting about a compile problem involving one of the kernel header files. It seems that, in some situations, some headers are still being included directly out of the kernel source into user programs. That was supposed to stop happening entirely with glibc 2, and for the most part it has. However, it is still tricky for glibc to get certain kinds of information about how the kernel is configured without going to the header files. Ulrich Drepper, the maintainer of the Linux glibc port, is direct in his criticism of Linus for not providing a straightforward kernel interface - a sysconf() call - to obtain kernel parameters. Linus has been even more direct, to the point of messing up his soft-spoken image, in his criticism of how glibc does things. According to Linus, kernel support should not be needed to provide user space with various kernel parameters. How, then, is a user program to obtain information like the maximum number of groups allowed, or the clock tick frequency? Well, according to Linus, the best way to get at constant system parameters is to store them in a file, such as /etc/sysconf. The library can just look in that file, which would be updated (at boot time, perhaps), by a special program that knows where to look. This registry-like file could also contain pure user space information, whatever might be useful in tracking the state of the system configuration. Not everybody likes the idea; there are some obvious issues to keeping the file synchronized with reality. But Linus is quite clear on the point that no sort of sysconf system call will be added to the kernel. How can standalone kernel modules find include files? This question came up as a side branch of the sysconf discussion. When a kernel module is built separately from the kernel it will run under (i.e. if it's not part of the standard kernel source), the build process needs to be able to find the right header files. In general, that requires that the person building the module edit the makefile and set the kernel source path directly. That works, but lacks elegance and can be hard for people who are not normally accustomed to building kernels. Installed kernel modules themselves live in a directory corresponding to the kernel version number under /lib/modules. Thus, modules for a 2.2.16 kernel are likely to be found in /lib/modules/2.2.16 (though many distributor-supplied kernels add on to the version number). So the question came up: when installing the modules, why not have a kbuild directory that has the source to the build kernel as well? Said directory would just be a link to the kernel source tree, of course. Consensus was achieved rather quickly on this idea; expect to see it implemented in future kernels. The change has also found its way into the 2.2.17 prepatch. Other patches and updates released this week include:
Section Editor: Jonathan Corbet |
August 3, 2000 For other kernel news, see: Other resources: |
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Distributions page.
Lists of Distributions |
DistributionsPlease note that security updates from the various distributions are covered in the security section. News and EditorialsEuropean Linux distribution numbers. This July 20th Computer Weekly article focuses on the perceived lack of enterprises products and services for Linux in Europe. Encased within it, however, are some statistics from IDC on Linux market share in Western Europe, from IDC. As usual, when we get little snippets of such information, the exact method in which the statistics have been gathered is jealously guarded and therefore their accuracy cannot be accurately judged. Nonetheless, it is not hard to believe that the popularity of different distributions would vary in different international regions.
Corel LINUX OS: Second Edition to be previewed at LinuxWorld. Corel has announced that it will demonstrate the second edition of its Linux distribution at LinuxWorld on August 15. It is certainly about time that Corel released a new version of its Linux distribution. Corel Linux 1.0 was released in November of 1999 and, though promising, was considered "beta quality" by many reviewers. Many of us expected that Corel would integrate the feedback they received and release an updated version fairly quickly. Instead, months went by with no news from that front. Still, this latest announcement indicates that work on Corel Linux has continued. Unfortunately, the press release contains no details about the improvements we hope to see in this new edition. Interview with Joseph Cheek of Redmond Linux (GNULinux.com). GNULinux.com arranged for an interview with Joseph Cheek, the organizer of the Redmond Linux project. "GNULinux: Will Redmond Linux try to hide the command line from the user when possible (ex: such as COAS or Webmin tools do with basic administration)?Cheek: Oh yes. For personal edition at least, if you have to use the command line to do anything it will be an error on our part. A bug. For other editions, the command line may play a role. It's nice to have it for power users, so later editions geared to power users will probably have it. "Red Hat, SuSE, others update Linux offerings (News.com). News.com looks at upcoming Linux releases. "These new versions, though, are a step ahead of the heart of Linux, called the kernel, which isn't moving along as fast as earlier hoped. Despite psychological tricks such as naming the current development version '2.4.0-test,' the new and improved 2.4 kernel still hasn't arrived." New player emerges in embedded Linux race (News.com). Here's a News.com article about TimeSys. "But the company also has its own individual flavor, said chairman and co-founder Ragunathan Rajkumar. First, its Linux/RT version is 'hard real-time,' meaning that it's guaranteed to respond within a fixed amount of time--a tricky programming issue but one that makes the software appealing to some specialized customers. Second, the company will sell software that allows real-time Java software to run on its Linux systems, Rajkumar said." Caldera OpenLinuxCaldera launches OpenLearning Linux education programs. Caldera Systems has announced the launch of its "OpenLearning" series of education courses. The courses are aimed at LPI certification, and are available from a network of training providers. New FAQs. Caldera has released new FAQs with answers to questions about Java, sound, NTFS support and more. CoyoteCoyote Linux is a single-floppy distribution based on the Linux Router Project (LRP), but using its own configuration tools. Coyote Pro, the commercial version of Coyote, makes a Windows Wizard available for configuration. Coyote Pro is now reported to be active and under development again.DebianDebian Weekly News. This week's Debian Weekly News is entitled "No News is Good News". No show-stopper bugs have been found so far in test cycle 3, so the schedule for the release of Debian 2.2 in time for LinuxWorld San Jose still stands. A new Debian project for a port to the IA64 has begun, but is currently hamstrung due to lack of access to the hardware. Also new this week was a mention of Gibraltar, a Debian-based distribution entering the router/firewall arena. It is designed to run off of CDROM, using a floppy to store configuration information. KondaraKondara Linux (Duke of URL). The Duke of URL reviews Kondara Linux in this article. "While Kondara sounds like another Red Hat-based distribution with a funky name, it's breaking ground. The trademark feature is a single multi-lingual binary. Does Digital Factory's distro have what it takes to become the next big player in the Linux wars?" LibranetLibranet Linux 1.8 released. Libra Computer Systems has announced the release of Libranet Linux 1.8. It is based on packages from the Debian potato release, with some updated packages from woody. Debian potato is the version currently in test cycle 3, which Debian hopes to release officially in the next couple of weeks. Debian woody is the development release already in progress for the release after this one. Red HatRed Hat 'pinstripe' release. Red Hat has sent out an announcement for its latest beta release, called "Pinstripe." With Pinstripe, the Red Hat distribution expands onto a second CD. A list of changes is in the announcement; it includes more LDAP and Kerberos integration, the replacement of lpr with LPRng, and the addition of packages like SANE, gphoto, MySQL, AbiWord, XEmacs, and others. As noted in the announcement: "Important data should not be entrusted to Pinstripe, as it may eat it and make loud belching noises." SuSESuSE 7.0 pre-announcement. Here's an announcement from SuSE about the 7.0 release, which will be out at the end of August. With 7.0, SuSE is splitting the distribution into flavors: the "personal" and "professional" editions. The personal variant is aimed at newcomers and desktop applications, while the professional version is set up for servers. TrustixA Request for Discussion (RFD) has been posted for the created of an unmoderated newsgroup, comp.os.linux.trustix. The newsgroup itself, barring any unforeseen objection, will probably be available within a month or so.Section Editor: Liz Coolbaugh |
August 3, 2000
Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.
| ||||||||||||
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Development page. |
Development projectsNews and EditorialsNotes from the VA Open Source Printing Summit. Printing has never been an area where Linux has particularly stood out. In an attempt to change that situation, VA Linux Systems convened a "printing summit" in Sunnyvale, attended by many people who are actively developing in the printing area. Grant Taylor's notes from the event are worthwhile reading. "Mark VanderWiele then presented his project, which frankly took most of us by surprise. IBM has over the years written printer drivers for essentially all printers to support OS/2. They are porting this project to Linux and releasing it as free software: probably GPL or perhaps LGPL." Grant has also announced the launch of LinuxPrinting.org, his site dedicated to information about printing under Linux. Internet Groupware for Scientific Collaboration. Jon Udell has written up a report on Internet Groupware for the Software Carpentry project. The report looks at the tools that are currently available, and talks about where those tools should really be. It's a good overview of what could be done to make the net better for collaborative work, recommended reading. Browsers/MailMozilla Status Update (July 29th). A new Mozilla Status Update went on-line on July 29th. Each group appears to be making progress towards eliminating bugs that are considered "show-stoppers" for beta 2 release. KMail progress review. As part of the lead-in to the 2.0 release, the KDE project has set up a "launch pad" page with information on what's changed. The most recent addition is a detailed review of the new features in the KDE mail client KMail. It looks like the developers have been busy... KMailcvt - Exchange email's with Outlook Express. Hans Dijkema has reported the completion of two working import filters for KMail and Kab (KDE address book). They support the import of Outlook Express 5.0 folders into KMail and MS Exchange .PAB format files into Kab. This should be pleasant news for KDE users that still need to use Outlook and Exchange as well. Web Browsers on the Linux Desktop (Web Review). Here's a survey of Linux web browsers on Web Review. "Timing for the first official [Mozilla] release is unclear, though looking at overall progress and various snippets on the Mozilla Web site gives the impression that we will see one before the year's end. At any rate, M16 is already a usable browser for Linux and I expect the next 'milestone' release to replace Netscape on my own desktop." qmail-autoresponder version 0.93. The qmail-autoresponder appears to be approaching its first stable release. This should be a useful little tool for qmail-based sites. EducationSEUL/edu Linux in Education Report. The SEUL/edu Linux in Education Report for July 31 is out. It contains information on efforts to support Linux in education in Colombia. In addition, recent discussion on the mailing lists has focused on the need to provide lessons plans, developed by teachers, that utilize Linux software instead of commercial packages. New effort has begun as a result, currently focusing on getting permission to adapt existing lesson plans to Linux and re-publish them. Many additional topics are also covered. GamesWorldForge 'Acorn' demo alpha release. The WorldForge project has announced the 0.1 (alpha) release of its Acorn demonstration game. This is the first chance for many to see this open source multiplayer game platform in action. InteroperabilityA toast to wine for running win apps (ZDNet). A ZDNet columnist writes about his experiments with Lotus Notes and Wine. "The performance was similar to running Notes under Windows-the longest lags were in accessing the Notes server. This surprised me, but after all, Wine's name stands for 'Wine Is Not an Emulator.' Rather than slog through the emulation of a full machine and OS, Wine only provides an alternate implementation of the Windows API." Network ManagementScoreBoard Inc to support OpenNMS. ScoreBoard Inc has announced plans to support development on OpenNMS by hiring an OpenNMS fellow, another full-time person dedicated to this open source project. They are currently looking for the right person to fill this position. OpenNMS Development Update. This week's OpenNMS Development Update highlights the release of the "Service Control Manager" spec. "This is the hallmark event in what should be several successive weeks of new programming specs. Knock wood." It also includes an informal report back from DefCon. Office ApplicationsGnumeric and the Gnu Love of my Life (ShowMeLinux). Here's a review of Gnumeric on the ShowMeLinux site. "Hold onto your hats, Excel fans, it gets even better. On the higher end, some of the most useful Excel features are supported: goal seeking, solver, and quite a lot of analysis tools, which unfortunately don't allow the interaction of Excel when it comes to selecting ranges, but the tools themselves work great." Evolution 0.3. Another development snapshot for Evolution, the Gnome groupware suite, has been put out. This is primarily a bug-fix release. The Graphics Lab on Your Linux Desktop (LinuxPlanet). LinuxPlanet looks at Linux graphical tools, especially gPhoto and the Gimp. "gPhoto offers a very friendly and easy-to-use package that covers a wide array of cameras. When I was shopping for a camera, I loaded the supported list of cameras on to my Palm and went shopping. I was pleasantly surprised to notice that there was support for almost every model on the shelves of several local merchants. The only exception was a $75 toy. Everything else, from $200 beginner models to pricier almost-$1000 units were supported by gPhoto." AbiWord Weekly News. Last week's AbiWord Weekly News focused on Online help, toolbar improvements, and major BeOS fixes. This week's edition reports great progress on the binary Word export. On the DesktopKDE 2.0 Beta 3 Released (1.92). The KDE Project has announced the release of the third beta of KDE 2.0. This release contains a lot of bug fixes, and some new functionality as well. Helix GNOME: Unix For Humans (O'Reilly Network). The O'Reilly Network has put up a detailed article on obtaining and installing the Helix GNOME distribution. "Helix Code aims to provide an easy-to-use and easy-to-install open source desktop. They do this by taking the standard GNOME desktop and then enhancing it with a few additional features that make it both nicer and more user-friendly. However, what basically has made Helix GNOME so popular is its awesome installation and update programs. With these programs, setting up the latest version of a GNOME desktop, and then keeping it up-to-date, has become really easy." Web-site DevelopmentIBM offers free tool for writing Linux software (News.com). According to this News.com article, IBM is about to release a new web development tool. "The product, Sash Weblications for Linux, was written by seven IBM summer interns and will be available for download to the open-source community within the next few weeks..." Latest Zope faqts update. Here's an update detailing the latest entries in the zope.faqts.com knowledge base. Check it out for instructions on making the Zope tutorial work, and the distressingly ugly truth of how one simulates a "while" loop in DTML. Section Editor: Forrest Cook |
August 3, 2000
|
|
Development toolsNews and EditorialsThe OpenTcl Movement. On July 24th, in response to discussions on comp.lang.tcl, John Ousterhout posted a proposal for a "Tcl Core Team" to manage the Tcl core. "Our conclusion matches what many of you have been arguing for a while, which is that we should open up the Tcl core to encourage contributions by a broader cross-section of people." This week, Michael McLennan posted an announcement for a community election of the new Tcl/Tk Development Team. Nominations must be received by 11:59pm EST on Sunday, August 6. Voting starts on August 7 and continues until 11:59 EST on August 11. Check http://www.tcltk.com for more details. The next few months are likely to be pivotal in the history of Tcl/tk. A transition from a tightly-controlled development to a more fully open development is not an easy one. Nonetheless, in this case, it seems an obvious evolutionary step. We wish them good luck. VAR'AQ: Finally, programming support for Klingon. For the fearless only, NTK reports on var'aq, a "stack-based, Forth-ish language, with Lispish data structures, and an object-verb-structure grammar designed for use by Klingons." Comments project leader Brian/B'Rian Connors/C'onnarrghs, "'If you are afraid to tread in hostile territory like this, you might want to hold off on playing with var'aq for a while.'" NTK retorts, "But then, maybe you are weak, and dishonour us all with your cowardice, toDSaH!" Hey, if my dog can understand Klingon, surely programming in it can't be hard? JavaJava2 v1.2.2, Java3D 1.2 FCS, and JAI 1.0.2-beta. The Blackdown team proudly announced three new releases this week, including Java2 v1.2.2, Java3D 1.2 FCS, and JAI 1.0.2-beta. The JCK status page for Java 1.2.2 indicates that the Intel port has passed all tests. They also mention that Java v1.3, the JMF and Debian packages for all the recent releases are "soon to come". MumpsMumps Compiler Version 2.0. Mumps is a programming language with a long history of use in the development of software for the health-care industry. Version 2.0 of the Mumps to C translator/compiler has been released. It appears to provide some specific PostgreSQL support. Note that this is not free software; commercial use requires a license. The full 1995 Mumps standard has not been implemented. Nonetheless, if you have legacy code, this may be a way to get your software ported reasonably painlessly to a new environment.PerlDevelopers To Polish New Perl (ZDNet). ZDNet reports on the plans for Perl 6. "The upgrade will better Perl's management of system memory, improve its ability to parse eXtensible Markup Language and search for XML-tagged documents, and make the language more compatible with Java and other software programs." For those of you wanting to follow the development progress for Perl 6, we recommend bookmarking http://www.perl.org/perl6/. PythonPython-URL for July 31. Here's Dr. Dobb's Python-URL for July 31; it contains the usual mix of Python development items, including a pointer to this posting by Tim Peters clarifying the Python license situation. Tcl/tkTcl-URL (July 31st). This week's Tcl-URL contains a link to another posting from John Ousterhout regarding the development of the Tcl Core Team, works from Sergei Kucherov containing wizardly Expect advice and other useful posts from the past week. Section Editor: Forrest Cook |
Language Links Erlang Guile Haskell Blackdown.org IBM Java Zone Perl News PHP Daily Python-URL Python.org JPython Smalltalk Tcl Developer Xchange Tcltk.com |
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Commerce page. |
Linux and BusinessCaldera and SCO: it's official. Caldera Systems and SCO announced this week the purchase deal that has been rumored for some time now. LWN attended the "analyst conference call" on the merger; here's what we were able to pick up. The deal itself is as follows. Caldera Systems will pick up the Server Software and Professional Services divisions of SCO. A new holding company, called simply "Caldera, Inc." will be created to take possession of the new groups. Ransom Love will be Caldera Inc.'s CEO, while David McCrabb from SCO will become the President and COO. What SCO gets out of the deal is 28% of Caldera, Inc., $7 million in cash, and an $18 million loan from the Canopy Group, the major stockholder in Caldera. SCO also retains the "OpenServer revenue stream", even though it is Caldera that "will have exclusive distribution rights for the SCO OpenServer product line, and is fully committed to servicing and supporting the SCO OpenServer customer base." SCO will also hold on to its outside investments, such as the stake in LinuxMall.com. Caldera's plan is to build a unified product line out of its current Linux offerings and SCO's products. They see Linux as being best suited to the lower end systems, while UnixWare works better at the high end, especially in clustering applications. In general, SCO's clustering seems to be Caldera's path into this very competitive area. Caldera also has high hopes for Monterey as the high-end system for the IA-64 architecture. In all of these cases, they emphasize that there will be a single API for developers to use - the Linux API. Caldera also gets SCO's channels and its large list of customers. SCO's logos are also part of the deal, leading to the question of what the remainder of SCO will call itself. They had no answer to that, but pointed out that "Tarantella, Inc." already exists; since Tarantella will be the core of SCO's operation now, there is an obvious name change there. Will SCO's products be released as open source? Caldera's answer was, at best, ambiguous. There was a lot of talk about "source access" licenses - meaning, perhaps, that if you license the products you can get at the source but not redistribute it. Caldera also devoted a lot of words to how it gives back to the community, so it's clear they feel some pressure there. But it's not clear how they will respond. Needless to say, Caldera is upbeat about the deal. They claim that the company is now the first to show a truly coherent Linux business model with a clear path to profitability. Time will tell... (For more information, see this SEC filing from Caldera, which covers most of the important parts of the deal. Also some of the less important points: "Both companies will continue to use the SCO Cafeteria in Santa Cruz. Ingrid and her staff will continue to produce their tasty creations.") Linux on IBM's S/390. Here is the formal announcement from IBM of its new pricing structure for Linux on the S/390. For those using Linux on the S/390, Computer Associates announced that it is making "a comprehensive suite of eBusiness management software" available, including Unicenter, MasterIT, Ingres, ARCserv, and eTrust, and BMC Software has announced that its "PATROL" and "Knowledge Module" system management tools are available with a free trial period offer. More Red Hat News. Singapore based Donovan Systems will bundle Red Hat Linux on its 64 bit hardware systems. Red Hat, Inc. completed the acquisition of WireSpeed Communications Corporation Inc. Red Hat and Ericsson have announced a deal to jointly develop a range of consumer products oriented around home communications. The first such product will be Ericsson's "Cordless Screen Phone," due to be available by the end of this year. Aug. 4 is Last Day for Nominations. A position is being made available, for the second year, to the Linux development/Open Source community on the International Softswitch Consortium (ISC), paid for by Vovida Networks. Nominations for the position are open until August 4. A list of nominees will be posted Monday, August 7, 2000 at Vovida's web site. Set-top Boxes. Bluepoint Linux Software Corp. has announced the signing of a letter of intent to develop a Chinese Linux system for a new set top box to be deployed by Bridge Group. Coollogic announced the availability of a new, Linux-based set-top box designed to enable Internet access via a television set. Press Releases:Commercial Products for Linux.
Products Using Linux.
Products with Linux Versions.
Java Products.
Books & Training.
Partnerships.
Investments and Acquisitions.
Financial Results.
Personnel.
Linux At Work.
Section Editor: Rebecca Sobol. |
August 3, 2000
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Linux in the news page. |
Linux in the NewsRecommended Reading. Salon has run this no-holds-barred piece on the shutdown of Napster. "On the open Net, a thousand new Napsters are blooming. And what will be the impact of the court-ordered shutdown of Napster? These projects -- small, underground efforts that grew unnoticed in the shadow of Napster the company -- will be flooded with energy. Users will flock to them, and talented software hackers will work overtime to perfect them. From the recording industry's point of view, it is slaying one enemy only to seed the field with a thousand new opponents -- opponents who are, not incidentally, its own best customers." Here's an Upside article about the open source database market. "With Linux plays fighting to hold onto their market caps, it seems strange that other companies would be in such a rush to pour money, code and accumulated labor into another unproven market. According to land rush participants, however, databases and the e-commerce applications that feed off them offer an even bigger open source opportunity than Linux ever did." Napster and Related Topics. ZDNet questions the consistency of Napster's approach to intellectual property in a lengthy article. "Napster's Barry, a former corporate lawyer, insists there is nothing inconsistent about the company's efforts to protect its intellectual property. 'We are not an open-source software company,' he says. 'This is not Gnutella,' he adds, referring to the popular free software product that lets users exchange music files." A federal judge enjoined Napster from distributing copyrighted music. (Upside) "Judge Marilyn Patel chastised Napster for failing to turn its technologic expertise against copyright infringement on its system and scoffed at the company's argument that many people use its system legally. In fact, Patel said, Napster has sought to profit from music piracy since its inception." OS Opinion has run an article on the recent Napster injunction. "With 78 million projected users, Napster would have had a near monopoly on music sharing. It would have been far easier to then develop a licensing system with those users, gathered in a central place. By shutting down Napster without a ready replacement, they insure that music sharing will be driven "underground" in the GNUtella network." The New York Times has run this article on the Napster ruling. "Like many of Napster's millions of users, Mr. Frost, a 23-year-old systems administrator in San Francisco, did not see the court's ruling as a victory for copyright law or a defeat for a particular company. He saw it as a call to arms. "I wanted to get more involved in keeping free music distribution alive," Mr. Frost said." Upside looks at another Napster-like site known as Napigator. "'Right now, we're looking into getting more bandwidth,' says the 21-year-old co-owner of Dublin, Calif.-based thirty4 Interactive LLC, which operates Napigator. 'I think a lot of [Napster users] will go to Opennap.'" USA Today reports that Napster filed a last-minute appeal in federal court to avoid being shut down. Meanwhile, traffic on other free music sites has surged. "At Scour, cofounder Dan Rodrigues says traffic rose 80%, and adds, ''We're prepared for this weekend.'' Scour is being sued by the record industry and the Motion Picture Association of America." Upside assesses Gnutella's readiness to pick up for Napster if need be. "Now that the court has stayed the judge's order that would have shut Napster down and has allowed Napster's service to keep running during the RIAA trial, the pressure is off somewhat. But the last 48 hours have given Gnutella developers a sense of what improvements they must make to the network in order to prepare for the landslide of users it may be asked to handle." Wired News reports on yet another file sharing system, this one's called "MojoNation." It's decentralized along the lines of Gnutella, but also has a commercial aspect to it. "In an attempt to spread MojoNation quickly through the hacker underground, Autonomous Zone plans to release the beta version at the DefCon convention this weekend in Las Vegas. Versions will be available on sourceforge.net for Windows and Linux machines." According to this ZDNet article, the folks at CopyLeft have been added as defendants in the DVD suit as a result of their selling T-shirts with the DeCSS code on the back. Beyond selling a lot of shirts, this move should help to bring the "code as speech" issue into an even more prominent role in the suit. IBM. Here's an Upside article about IBM's Bluetooth release. "The source code, which will be released under the Gnu General Public License, governs portions of both the communications protocol and the device drivers that allow Linux-based devices to communicate via the low power, wireless Bluetooth standard." IBM is offering special deals for mainframe hardware and software to encourage Linux usage, according to this CNet article. "A new Linux pricing plan means that current customers using the company's G6 mainframes can buy a new processor for $125,000 as long as it's used only to run Linux, McCaffrey said. A new processor normally costs three times that, he said." LinuxPlanet attends a Linux S/390 installfest, and looks at IBM's Linux strategy in general. "IBM has been getting the message loud and clear from its customers that Linux on S/390 is a hot product--and that IBM needed to refine the installation process if people were going to make it work as anything other than a lab toy." ComputerWorld has put up this article on IBM's new pricing schemes for Linux support on the S/390. "Key among the features is hardware called the Integrated Facility for Linux. It will let users of IBM's Generation 6 and Generation 5 mainframes add processor capacity exclusively for Linux applications without increasing charges for all other software on the server." (Thanks to Peter Link). Companies. According to this News.com article, Linuxcare has managed to scare up some new funds. "A new round of funding will be necessary to bring Linuxcare back from the brink and restore its status as one of the earliest companies to make a serious go at turning Linux's popularity into a business. But the funding is no guarantee that it will be able to stave off new and current competitors." Here's an article in Upside about Oracle's new jobs site run by Collab.Net. "According to the deal, Collab.Net will manage OTNXchange, a website that will employ the Collab.Net-owned integrated development environment SourceCast. OTNXchange is scheduled to go live Sept. 15, and to stimulate community involvement, Oracle plans to release a collection of unlicensed freeware tools designed to augment and interact with the company's proprietary database platform. The only catch is that developers must be part of the Oracle Technology Network to participate..." Perth based Harvest Road has shown a 100 percent growth for the financial year that ended on June 30, reports AFR. "A recent deal with the Brisbane-based local unit of Red Hat, a leading developer of open-source Linux operating system software, to bundle HarvestRoad's web collaboration applications with Linux in Australia and Asia has given HarvestRoad an inexpensive point of entry into the Chinese and Indian markets." ZDNet looks at the Red Hat/Ericsson deal. "With open software and open standards as its basis, is it possible that a growing community of developers and users will transform the Ericsson screen phone into an open, multi-vendor Internet Appliance platform -- a sort of 'Palm Pilot' of web pads? 'Yes, that's quite possible,' says Red Hat's Knuttila, 'that's an interesting way to frame it.'" News.com also looks at the Red Hat/Ericsson deal. "Ericsson will pay Red Hat to create specialized versions of the Linux operating system in several Internet-enabled devices for the home, said Kim Knuttila, general manager of Red Hat's client services group. In addition, Red Hat will help Ericsson adapt its product line to Linux, and both companies will engage in joint marketing and branding work, he said." ZDNet covers the Caldera/SCO deal. "Red Hat CEO Matthew Szulik would agree with that, although in a harsher manner. 'This validates what we and the IDC numbers have been saying all along about the death of the proprietary Unix market. As advocates of open source, we look forward to Caldera's support of open sourcing SCO's proprietary Unix technology to the entire open-source community.'" Evan Leibovitch's latest ZDNet column is about the Caldera Linux Technology Preview distribution. "Based on pre-release versions of the 2.4 kernel, KDE 2.0 and the newest XFree86, the LTP is the first kit I've seen in a while that easily allows those unversed in kernel installation to examine future developments." Business.
ZDNet picks up on
speculation that Microsoft might open source their C# language
from the
minutes of a meeting held two weeks ago in Orlando as part of
ECMA's previously obscure TC39 technical committee. "Q:
Will Microsoft be open sourcing their implementation? A:
This is under consideration, but has not been decided. Microsoft has
been approached by a number of companies desiring to partner on
this. Jim expressed his opinion that he saw it likely that the
source to a reference implementation would be made available, but
declined to speculate on the licensing details. John Dvorak writes about Linux in China in this rambling column. "I can't see how Microsoft has a prayer in China unless it gives away all its code for years to come. Linux and the open-source movement have China written all over them, because they play entirely in the public domain. Among other things, the government in China abhors piracy and knows it's not good for business. Because Linux is free, there's nothing to pirate, so China will move its computer scene toward Linux officially." (Thanks to Bill Cory). ABOUT's Aron Hsaio has written an article that discusses the emergence of Linux on palmtop devices.
"Linux is getting smaller.
Not in terms of market share, mind you. Physically smaller. In a trend
which marks a departure of sorts from the Unix and
large-scale computing roots of Linux, manufacturers of
all kinds of small and even tiny devices are embracing
Linux as the embedded operating system of choice. It
could well be that in the future, rather than using
Linux on the desktop, we'll all be using Linux on the palmtop. In this OS Opinion article, Xavier Barosa discusses past failures of closed systems and how they relate to today's world. "The CDless policy that Microsoft has imposed on the OEMs will eventually backfire and ensure that success of the Alternative Software movement; in particular, LINUX and BeOS." Resources. The University of Auckland, New Zealand's Tamaki Campus has a DebianGNU/Linux based cluster named Kalaka. Kalaka is built from already installed machines in an open network. ZDNet has posted this tutorial article on using PHP with database systems. "In this article, I'll introduce you to the process of interfacing PHP scripts with the database of choice. We won't go in-depth into the functions for each database type - those can be found in the PHP Manual, in the 'Function Reference' section." Here's a survey of Linux web browsers on Web Review. "Timing for the first official [Mozilla] release is unclear, though looking at overall progress and various snippets on the Mozilla Web site gives the impression that we will see one before the year's end. At any rate, M16 is already a usable browser for Linux and I expect the next 'milestone' release to replace Netscape on my own desktop." Reviews. Linux Power's Jeremy Katz reviews Caldera's Computer Based Training (CBT). "So, what should I expect? According to the back of the box, I should get the information needed to do an install of Linux, login, use some of the various parts of KDE, get help, and shutdown properly in about an hour of going through the product. With this in mind, I stuck the CD in my CD-ROM drive and mounted the CD to find that it would autorun on a Windows machine as well as an AUTORUN.SH which I assume would autorun on a Caldera machine, although it did nothing of note on my Red Hat box." GnuLinux.com has run this review of PhatLinux 3.2. "PHATLinux, the name alone is an indication of what kind of experience you are in for when using and installing this distribution. This is by far one of the most pleasant experiences with installing a distribution of Linux that we have ever had. At only 180 Mb for the download this is one small Linux (comparably), but it does come with most of the essentials needed." Hardware Unlimited reviews the 3dfx Voodoo 5 5500 AGP video card under Linux. "As I mentioned before, the Linux drivers are very young, and lacking many features, such as FSAA and the ability to use both of the VSA-100 processors. It doesn't feel very good running a Voodoo4 when you're supposed to have a Voodoo5, that's for sure. If you're thinking of buying 3dfx for their Linux support-you may just want to wait a few months for their drivers to mature." Finally. The (U.S.) National Public Radio ran a segment on open source software in its August 2 Morning Edition program. "NPR's Larry Abramson reports on the open source movement. It may sound unfamiliar, but considering what it's done for operating systems like Linux and Red Hat, it may be the hottest trend in computer programming." The program is available as an 8-minute RealAudio file. (Thanks to Sean Dague). Bruce Perens has put up an editorial on Technocrat on buffer overflow exploits. He blames much of the problem on the i386 architecture, and calls for non-executable stack patches to be incorporated into the Linux kernel. "The people on the Linux kernel list, I'm told, have discussed and rejected this idea twice now. Maybe it's time for the rest of us to take it more seriously." Here's an ABC News column criticizing Linux's security. The author has a strange view that the number of vulnerabilities in an operating system should be proportional to the number of users it has. "If you look this list over, and measure each system's number of vulnerabilities against the number of its customers, Linux is arguably the worst operating-system product in history, and Microsoft's the best. As Linux zealots are beginning to find out, it's a lot easier to masquerade as a better product than it is to go out and be one." Section Editor: Rebecca Sobol |
August 3, 2000 |
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Announcements page. |
AnnouncementsThe "Linux Newbie Administrator Guide" has been significantly updated. ResourcesAugust Linux Gazette available. The August 2000 Linux Gazette - issue 56 - is now available. First two issues of LinuxUser online. LinuxUser, a U.K.-based print magazine, has put its first two issues on the web. All of the articles are available - but they are in PDF format. lhD Driver Database launched. The Linux Hardware Database has announced the launch of its Linux Device Driver Database, which is claimed to have entries for more than 800 drivers. Archive of Netcraft surveys. The beginnings of an archive of older Netcraft surveys has been made available, in response to requests from LWN.net. Many thanks to Matt Hunt! EventsReports from the Linux Beer Hike. The 2000 version of the Linux Beer Hike is now underway in Coniston, England. Reports and pictures from the event are now being posted for the benefit of those who couldn't go. "Power was the first bete-noir. The hall is a little short of the requirements of most systems rooms and a hall-full of Sun CRTs was a little too demanding. ....so we all ran fsck for while..." Additional events can be found in the LWN Event Calendar. Event submissions should be sent to lwn@lwn.net. User Group NewsEmilia Romagna Linux User Group. ErLUG has organized an Italian LUG community meeting at the University of Bologna, Italy, on October 29th and 30th. |
August 3, 2000 |
|
Software AnnouncementsDue to an unexpected glitch, our weekly software announcements are not available this week. They will return next week. |
Our software announcements are provided courtesy of FreshMeat
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Back page page. |
Linux Links of the WeekMuch of what David Gelernter writes is interesting, and The Second Coming: A Manifesto is no exception. It's his vision of how computing will evolve in the near future. Worth a read. Those who are into high-end sound applications on Linux may want to have a look at LinuxDJ.com. This rather utilitarian site is the home for a number of audio development projects and documents. Section Editor: Jon Corbet |
August 3, 2000 |
|
This week in historyTwo years ago (August 6, 1998 LWN): LWN commented on the relative lack of FUD (fear, uncertainty, and doubt) attacks against Linux, and predicted that there would be more such in the future. Microsoft has obliged a couple of times, but, in general, there have been remarkably few FUD attacks on Linux. This week's front page, however, shows that they are not completely absent. Eric Raymond celebrated the first six months of the "open source" term. Because if we truly desire world domination, we've got to get our LSD into the corporate elite's conceptual water supply and alter the beast's consciousness. That means we need to co-opt the media that shape decision-making at the highest corporate levels of the Fortune 500.
The development kernel was 2.1.114; work continued on the 2.0.36 stable release. Much energy went into a vast flamewar over whether the devfs patch should go into the 2.2 kernel; in the end it didn't happen, but it will be there in 2.4. The beer-drinking penguin logo was removed from the development series. One year ago (August 5, 1999 LWN): SGI jumped into Linux with both feet, announcing a new Linux-based server system. The company also let it slip that Irix would not be ported to the Intel architecture. Eric Raymond addresses the question of whether free software can be original: But there is a more fundamental error in the implicit assumption that the cathedral model (or the bazaar model, or any other kind of management structure) can somehow make innovation happen reliably. This is nonsense. Gangs don't have breakthrough insights -- even volunteer groups of bazaar anarchists are usually incapable of genuine originality, let alone corporate committees of people with a survival stake in some status quo ante. Insight comes from individuals.
The development kernel release was 2.3.12. Linus Torvalds announced that the 2.3 kernel would go into feature freeze "in about two weeks." Here we are, a year later... The stable kernel release remained 2.2.10. A Linux Lament in Salon complained about problems with the Red Hat community stock offering: We coders had been abruptly disenfranchised, after having had silver carrots waved in front of our noses. I'd opened my first money-market account just now, in order to take part in the commercial future of something I believed in -- and the door had been slammed in my face.
| |
|
Letters to the editorLetters to the editor should be sent to letters@lwn.net. Preference will be given to letters which are short, to the point, and well written. If you want your email address "anti-spammed" in some way please be sure to let us know. We do not have a policy against anonymous letters, but we will be reluctant to include them. | |
Date: Thu, 27 Jul 2000 23:35:42 -0400 From: Patrick Callahan <pac1@tiac.net> To: lwn@lwn.net, "basiclinux@topica.com" <basiclinux@topica.com> Subject: LWN - So what happens when Linux really explodes >So what happens when Linux really explodes, as seems (to some) >inevitable? Just how weird is it going to get? Will we look back with >nostalgia to 1994, when nobody knew what we were talking about? Will we >want our old Linux back? For now this is still our revolution, and we >can maybe shape its future. Before long, that may no longer be true. I've jumped on the Linux bandwagon recently. August 1999. I think things have changed radically since then. When I first started, it was not unusual to get a well reasoned response to a request for specific information in a linux help chat room on irc. Maybe lately I've been hanging out too much on the wrong sort of channels but it seems that the overall tone of the irc experince for geeks like me is changing somewhat. Has anyone else noticed this? There seem to be many more seekers of information than givers. There seem to be more questions from people who haven't read the fine manual, don't know where the manual is, and don't care... yet.... As always, there's interesting and interested people to chat with, but the noise is getting louder... I wonder if the Linux Cognecenti are overwhelmed by the increasing numbers of people arriving at linux. Have they stopped responding to newcomers, just because there's so many of them. Or maybe they're just responding to questions that interest them. How do people who have been here since the early days feel about people like me who are late to the party? Some responses in some forums lately seem quite harsh or irritated, almost as if the information givers are getting fed up repeating themselves to each newcomer who arrives on the scene. Other places are a delight to be in. The Basic Linux Training Mailing list is terrific. I think its because most of its members are newcomers, committed before they join the list, to actually working at learning linux . This may not be the case in other forums. -Pat Callahan | ||
Date: Fri, 28 Jul 2000 11:36:01 -0400 (EDT) From: Elliot Lee <sopwith@redhat.com> To: "Aaron J. Seigo" <aseigo@mountlinux.com> Subject: Your LWN post Just wanted to correct a small technical point: > I point to Icaza's own project Gnome as an example that he is (to > quoth him) "smoking crack" when spouting these arguments. Gnome sets > policy, and in the right place, too: on the application level. That is incorrect - all desktop-generic policy is set in gnome-libs and the other Gnome libraries, not in the applications themselves. gnome-libs and related pieces would generally be accepted as part of the operating environment, rather than part of the application. And an opinion: > Well, look at BeOS/Mac/Windows. They each enforce policies on > programmers and users at the system level, but because of that they > are each cordonned off into their own space of the computing arena. > Unix is a substrate that strives to be flexible enough for _any_ > policy. You may be ignoring a few things: . BeOS/Mac/Windows are intended primarily to meet the end-user's needs n the desktop, which is why they have to set policy. . The unavailability of a widely used group of UNIX libraries that set user policy is a large reason for the failure of UNIX on the desktop so far. . Gnome's goal (and I believe the goal of all the desktop projects) is to make UNIX viable as an end-user desktop platform, which *requires* setting policy across apps. . For what it's worth, it is possible to define an aweful lot more policy on BeOS/Mac/Windows than your post would imply - you are making a lot of assumptions based on having used them rather than any real facts. (Not that they aren't sometimes a pain to use :) I think a main point of confusion lies in the fact that you see "the system should set policy" and start to incorrectly think that the kernel will suddenly start to know about my mouse settings or root window background. This is not what is being advocated. I think you are also confusing "setting policy" (which is a good thing) with "the system is not transparent or flexible". The latter is the case with BeOS/Mac/Windows, is a reason I like UNIX so much, and has nothing to do with policy being set. It is entirely practical to both set policy _and_ be transparent/flexible. If you wish to argue that ever setting any policy on an inter-application basis is evil, that is most likely because your goal could to continue using the same old (and definitely fun from a hacker's perspective! :) UNIX that has been around for ages, rather than bring UNIX to the desktop and other new frontiers, as Miguel's goal is. If you choose to argue this, that is fine - you may not agree with this goal and the changes it requires, but recognize & respect the reasons for which the opinion was expressed. Not a Miguel fanboy, but annoyed at random rants, -- Elliot The best way to accelerate a Macintosh is at 9.8 meters per second per second. | ||
Date: Wed, 02 Aug 2000 17:02:49 -0400 From: "George B. Moody" <george@mit.edu> To: letters@lwn.net Subject: Fred Moody's story, "Linux Sux Redux" The story indicates that the numbers of vulnerabilities reported on BugTraq for "Red Hat and the other Linuxes" were 122 in 1999 and 47 so far this year, and notes that Windows NT's counts of 99 and 37 are significantly lower. The error is that the numbers for Linux *include* those for Red Hat, so that adding the Red Hat numbers to those for Linux results in counting the Red Hat vulnerabilities twice. In fact, the correct numbers for all versions of Linux put together are 84 for 1999 and 30 for 2000, and for Red Hat they are 38 for 1999 and 17 for 2000. In round numbers, the numbers of vulnerabilities in Windows NT are about three times as high as those for Red Hat. Fred says, "If you look this list over, and measure each system's number of vulnerabilities against the number of its customers, Linux is arguably the worst operating-system product in history, and Microsoft's the best." A more bizarre way to assess quality would be hard to imagine. If I understand him correctly, Fred is suggesting that quality is proportional to market share, and that having more customers in some way can overcome having more bugs. This is no more true of software than it is of food. The greasy spoon in the mall may attract more visitors despite high prices and poor sanitation, but those who are lucky enough to enjoy a friend's home cooking are not only getting a free lunch but a better one, and they get to inspect the ingredients if they care to do so. Those who are so thoroughly in the grip of the belief that what costs more must be better, and that anything free is therefore worthless, might spend their money on a nice bunch of flowers for the cook; or they can throw a brick through their friend's window and go eat the best mystery meat in town at the greasy spoon with Fred. "As Linux zealots are beginning to find out, it's a lot easier to masquerade as a better product than it is to go out and be one." Earth to Fred: Get a clue! We Linux zealots(TM) know that marketing can make people believe that expensive and shoddy products are better than superior free alternatives, and guess what? Anyone who has ever paid too much for something just because it comes in a shiny box knows it, too. -- George Moody (no relation to Fred, as far as I know) | ||