Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise
news for all interests
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page
Other LWN stuff:
Archives/search
Recent features: Here is the permanent site for this page. See also: last week's LWN.
|
Leading items and editorialsThe first round of the DVD case is over, and the MPAA has won. For those who are interested, Judge Kaplan's ruling is available as a 90-page PDF file. The judge found in favor of the MPAA on every front:
This case is far from over, of course; now it moves into the appeals stage. It could be a long time before any sort of final resolution is reached. This verdict is a chilling one for users of free software (and those who value freedom in general). Our ability to write software to meet our needs has been significantly restricted - at least, in the United States. This sort of ruling is a direct threat to our ability to use free software in the future. There is no doubt about the free software community's ability to to develop the software it needs. But if that development becomes a crime, then free software is in trouble. As an example of where things could go, consider the recent reports in the media that the plaintiffs in the Napster case are likely to seek damages against not only Napster the company, but also directly against its investors and the programmers that wrote the system. Here we have gone beyond attempts to suppress the Napster service; this is an attempt to penalize those who write code. Napster is a proprietary system. But if Napster's programmers can be hauled into court for the crime of coding, the same can happen with those who write free software. It is sufficient, evidently, to show that the software in question can be used for copyright infringement. The Free Software Foundation, source of the GNU "cp" command, had better watch its back. And we all need to be concerned. How to respond to attacks on Linux. Linux has been blessed, in recent times, by a relative scarcity of FUD ("Fear, Uncertainty, and Doubt") attacks. But they seem to be on the rise again; perhaps the critics have grown tired of sneering at stock prices and have turned their attention back to the technology itself. As always, some of the criticisms make more sense than others. The classic example of the week, of course, is ABC columnist Fred Moody's latest, which not only tries to trash Linux, but descends to the level of personal attacks on Linux users as well. We'll not dignify the text with a quote here; suffice to say that the article would be considered a low-level troll in any Usenet group or Slashdot comment. (The article may have moved by the time you read this; if so, it will be findable via the archive page). LWN hasn't sermonized on response to FUD for a little while, so maybe it's time. Mr. Moody has most certainly received no end of critical email, some of which will be even sillier and more childish than his own writings. Such mail just becomes another weapon in the hands of those who would bash Linux - Mr. Moody uses his to accuse Linux developers of being "not great thinkers." Yes, he knows that it's not the developers who are sending that mail; that's not the point. Linux is winning. Free software is better. We do not in any way need to resort to low-level attacks as a defense against FUD. The free software community is much better served by calm, dignified, and factual responses to these sorts of attacks. Please, before answering any sort of critical press, take the time and effort to do so in a way that reflects well on Linux. Please don't feed the trolls. For more suggestions on how to respond to attacks, we strongly recommend taking a look at the Linux Advocacy HOWTO. The GNOME vs. KDE thing. It has been a little while since we have had a good GNOME and KDE fight, so it shouldn't be surprising to see one turn up now. These battles have grown somewhat tiresome over the years. But this one is just a little different, and it's worth looking at what is going on. The interesting thing is that the developers of both systems don't seem to be all that involved. No GNOME developer used the project's time in the spotlight last week to attack KDE. The KDE camp, perhaps feeling ambushed, has been a little more vocal; but they seem to be much more concerned with the upcoming 2.0 release. To the extent that there has been shooting between the camps, it has been at a relatively interesting level. For example, the two projects have taken very different approaches to building component-oriented systems; GNOME has chosen CORBA, which has standards and network transparency behind it, but is also a heavyweight and complex solution. KDE has taken the "light and easy" approach with KParts. It will be most interesting to see which choice looks better in a year or two. Meanwhile, there should be a technical conversation on the merits of each approach. So why, then, are we seeing articles in the press referring to the "war"? There seems to be a certain interest in fanning the flames here. See this week's Linux in the News page for some examples. Just like in the wider world, it's easier to write an article if there's some big battle to talk about. Let's not go along with that. There is no "war" here. There are two competing implementations of a Linux desktop. The Linux community is richer for having both of them. The two embody different approaches to usability, different technical choices, and different organizational choices as well. Nobody knows what is the best way to do a Linux desktop - if, indeed, there is a single best way. The two projects are experiments which have a lot to teach us. Both are good things, neither is going away anytime soon, and there is no point in talking about "war." Inside this week's Linux Weekly News:
This Week's LWN was brought to you by:
|
August 24, 2000
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Security page. |
News and EditorialsHelix GNOME advisories. Two advisories came out this week for security problems in Helix GNOME packages, including:
It is interesting to notice these problems, particularly since security is one area in which the GNOME project, and Helix, have not taken as active a stance as some could wish. For example, when asked about security issues at the recent press conference for the announcement of the GNOME Foundation, Miguel de Icaza's response was that people concerned about security should join the GNOME team and do something about it. This is an example of expecting to go back and "fix" a product to make it secure, rather than designing security into a product from the beginning. In addition, the latitude given an average Open Source project to allow it to develop according to the interests of the developers who happen to choose to get involved is much wider than the latitude given to the product of a commercial company. Helix GNOME is a hybrid of both; it is available via the GPL, but also a key product of a new commercial company. It is important that Helix realize the difference in their position, now that they are no longer just donating their time to a worthy cause. Last, with the addition of Helix GNOME Update and Installer, the developers have moved from the GNOME application space, where security is often considered less critical, to the arena of systems administration, where security is extremely important, if not paramount. That needs to signal a change in focus to the Helix developers. A security design review would be an excellent idea; pro-active auditing of their code (and the GNOME code) for security problems is even more essential. Otherwise, we may be dealing with security advisories for Helix GNOME on a regular basis. Note that neither of the advisories above will apply to GNOME as shipped with most Linux distributions. They will only apply if you have downloaded and installed Helix GNOME. The World's Most Secure Operating System (The Standard).
Of course, Helix GNOME and the GNOME project should not be singled out as
the only Open Source projects that need to rethink their approaches to
security. The Standard took a look at OpenBSD and, in particular, Theo
de Raadt, in this
article. They found much to admire and many reasons why Open Source
projects in general should consider following their example.
"OpenBSD's proactive approach is unique among open-source systems,
which normally rely on user
reports and public forums to find vulnerabilities. The
Linux security philosophy, for example, can be
summed up as 'more eyes means better security' - that is,
since the source code is open to peer
review, bugs will be quickly spotted and patched.
De Raadt scoffs at that credo. Most reviewers of open-source
code, he says, are amateurs. Security Checkup (eWeek). Want to know what it would be like to have a security audit done for your company or organization? This eWeek article details the experience of a bank that recently did so. "...the increasing popularity of security audits is a manifestation of a growing trend among all enterprises to view security as far more than just something techies can fix with some network software". CERT advisory on rpc.statd vulnerability. CERT has issued an advisory regarding the rpc.statd vulnerability first announced in July. The usual drill with CERT applies - if they have actually put out an advisory, that means the hole is being actively exploited. If you have not yet applied the update, you should have a look and think about doing so. This week's prize for "Clueless Media Report" goes to Henry Kingman, who picked up the CERT advisory and therefore reported a "new Linux NFS vulnerability" in this article, in spite of the fact that the Debian and Red Hat advisories that he linked into his article are both from July. Security Reportsxlockmore. A bug in xlockmore and a patch for the problem was posted to BugTraq this week. Check BugTraq ID 1585 for more details. This vulnerability may be exploited to execute arbitrary code with root privileges on some systems. On others, including the latest Debian release, such a root exploit is not possible, but access to encrypted passwords from /etc/shadow is. An update to xlockmore 4.17.1 is recommended.GNOME-lokkit. Alan Cox reported a bug in the GNOME-Lokkit firewall package which could result in exposed network ports contrary to the user's request. An update to GNOME-Lokkit 0.41 should fix this problem.ntop. A new problem in ntop 1.3.1 has been reported when run in web mode (-w). FreeBSD has put out updated packages that disable the -w mode, but reports other potential problems with the package. Personal suggestion: consider not using ntop. If that is not an option, read the FreeBSD advisory for other suggested workarounds.Multiple buffer overflows in top. Ben Lull reported multiple buffer overflows in the procps top included with Slackware Linux. An unofficial patch is included with the post. No confirmation from the Slackware team has been seen, as of yet.xchat URL handler bug. Versions of xchat from 1.3.9 through and including 1.4.2 can allow commands to be passed from IRC to a shell. Check BugTraq ID 1601 for more details.PHP-Nuke. The PHP-Nuke web portal is reported to erroneously allow access to administrator privileges. This has been fixed as of the latest version.gopherd. A buffer overflow in the University of Minnesota's Gopher Daemon can be exploited to gain root access. No fix for this has been made available so far. Check BugTraq ID 1591 for more details.darxite. Guido Bakker reported a vulnerability in the darxite daemon, a program written by Ashley Montanaro and used to retrieve files via FTP or HTTP. This bug can be used to execute arbitrary code under the login of the process running darxite. Check BugTraq ID 1598 for more details.Jukka Lahtinen minicom. An installation-dependent vulnerability has been reported in minicom on Red Hat 6.1 and 6.2 and Slackware 7.0. SuSE and Linux-Mandrake are reported not vulnerable. FreeBSD has been both reported vulnerable and not vulnerable; no final information is yet available. This bug will allow the creation of files with ownership uucp. Vulnerable systems running uucp can have system configuration files overwritten.Originally reported by Michal Zalewski, more information can be found via BugTraq ID 1599. CGI scripts. The following CGI scripts were reported to contain vulnerabilities:
Commercial products. The following commercial products were reported to contain vulnerabilities:
UpdatesAnother Zope update. It turns out that the fix for the Zope "mutable object" security hole (discussed in last week's LWN weekly edition) did not entirely solve the problem. Thus, a new update has been posted. Zope sites which let untrusted users edit DTML should apply the new patch.Netscape 'Brown Orifice' vulnerability.Check the August 10th Security Summary for information on the Brown Orifice vulnerability. Two weeks later, fixed versions of netscape have finally become available. dhcp. A second set of problems with the ISC dhcp client was reported in the July 20th Security Summary. Older updates:
cvsweb. Versions of cvsweb prior to 1.86 may allow remote reading/writing of arbitrary files as the cvsweb user. Check the July 20th Security Summary for the original report from Joey Hess. The FreeBSD advisory also contains a good summary of the problem. Older updates:
proftpd format string vulnerability. FreeBSD has released new advisory with information on upgrading proftpd to fix the ftp setproctitle() format string vulnerability discussed in the July 13th Security Summary. ResourcesFeature: Securing Linux-Mandrake (Rootprompt). Rootprompt has written up a description of recommended steps to take to secure a Linux-Mandrake system. "If you are going to be allowing POP or IMAP connections to your host, install stunnel. stunnel is a program that can take any connection on a port and turn it into an encrypted SSL connection." EventsAugust/September security events.
Section Editor: Liz Coolbaugh |
August 24, 2000
| ||||||||||||||||||||||||
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Kernel page. |
Kernel developmentThe current development kernel release is 2.4.0-test7, which was released just before LWN went to "press." There is no official announcement, but Linus's summary of 2.4.0-test7-pre7 gives a mostly-complete list of what is in -test7. As would be expected, it consists mostly of bug fixes; there is also a fair amount of moving files around as part of the driver reorganization (see below). One thing that did go in after -pre7 was the TUN/TAP virtual network driver. The current stable kernel release is still 2.2.16. The latest 2.2.17 prepatch is 2.2.17pre19. This prepatch was put out on August 18 as the final one, but the official stable release has yet to happen as of this writing. vger.rutgers.edu is no more. As was reported last week, the system which has handled linux-kernel and many other mailing lists for years suffered a disk disaster and went off the net. David Miller had been planning to move the lists anyway (the folks at Rutgers were getting tired of them), so this failure was the obvious opportunity to finish the job. The lists made a brief stop at vger.redhat.com, but not everybody was happy with the use of a vendor-specific domain. So the lists moved again - at least virtually - to their permanent home at vger.kernel.org. Some effort went into scrubbing every mention of Red Hat from the list headers. So, to all appearances, linux-kernel is redhat-clean, but Red Hat is still hosting the list - and doing the community a favor in the process. If you were on any of the old vger lists, you should have gotten the note saying that you have to resubscribe to the new version. All of the lists are controlled by majordomo, so the usual subscription drill applies. Driver locations, code sharing and the 'curse of the gifted'. This week's linux-kernel fight started out as part of an ongoing effort to reorganize the device driver tree. This reorganization has created some new directories such as "media" for things like video drivers and "input" for joysticks and such. Many drivers have found new homes in this process, but Linus drew the line at a patch that moved many of the USB drivers into the "input" directory. Most Linux users, most likely, are not concerned with the details of the organization of the Linux kernel source tree. But the conversation took a more interesting turn when one person defended the change by saying that it would help to promote sharing of code between drivers. Linus answered back with a statement that code sharing is not all it has been cracked up to be, and that often it's better to just make a copy of something useful and modify it as needed. Unsurprisingly, quite a few people disagree with this assessment. But it's worth considering his point of view for a moment. Linus is essentially saying that overzealous attempts to share code lead to modules that have been stretched beyond what they can comfortably handle. The result is a great many special cases, situations that maintainers can not test, and bugs. Rather than deal with all that, why not just make a copy that is able to properly handle a specific situation? For what it's worth, Linus's comments are very general, but his examples all have to do with device drivers that try to support too wide a variety of hardware. There certainly are situations in that area where splitting code apart makes sense, especially when support of old, "legacy" hardware can be left behind in a relatively static driver. But the comments on code sharing in general have caused some concern among members of the linux-kernel list. In particular, Eric Raymond joined in with an interesting letter accusing Linus of suffering from the "curse of the gifted." In Eric's view, Linus resembles the talented high school student who need not study to do well, and, as a result, never learns how. Linus's programming talents are such that he has never had to adopt the tools and techniques that most programmers rely on: things like source code management systems, bug tracking and regression testing systems, and, yes, code sharing. The talented high school student in Eric's example falls apart at the University because the necessary study skills have never been developed. Eric fears that something similar could happen when the complexity of the Linux kernel reaches a point that it outstrips even Linus's talents. Will he, at that point, be able to fall back on the software engineering techniques that so many others depend on? If you accept Eric's "curse of the gifted" argument, it is an issue worth pondering. Other patches and updates released this week include:
Section Editor: Jonathan Corbet |
August 24, 2000 For other kernel news, see: Other resources: |
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Distributions page.
Lists of Distributions |
DistributionsPlease note that security updates from the various distributions are covered in the security section. News and EditorialsNew Debian development tree: testing. Currently, the Debian development is generally split into two trees: stable and unstable. Debian 2.2, now that it has been released, has become the new "stable" tree. It will be maintained, bugfixes and security fixes released against it and probably point releases will be issued against it every six months or so. The new unstable tree began as soon as Debian 2.2 was frozen for testing. Given how long Debian 2.2 stayed in freeze, the new unstable tree ("woody") has been underway for many months. Anthony Towns has started a new tree (called a "distribution" in Debian circles, but given the use of that term in this summary, we are avoiding it) called "testing". Testing will lag behind the unstable tree by a couple of weeks and will avoid integrating packages introduced into unstable that then rapidly log bug reports against them. The goal is to produce a development tree that is more up-to-date than stable, but relatively bug-free compared to unstable. This tree would then be the one frozen and released as stable, allowing a shorter time cycle between major releases. One disadvantage to the new testing tree will be yet another place where bugfixes have to be introduced. Currently, when Debian releases a security advisory, they generally provide updates for both the stable and unstable tree, for each architecture. Now they'll have to release updates against three trees, stable, testing and unstable, an approximately 50% increase (sometimes the updates for either "stable" or "unstable" will be the same as those needed for "testing"). Nonetheless, the idea has merit. Debian has been struggling for a couple of years now, debating ideas for speeding up their release cycles without sacrificing their commitment to quality. It will be interesting to see if the "testing" tree offers at least a partial solution. Five new products hit the Linux arena (CNN). CNN looks at a few interesting announcements from LinuxWorld. "On the front of new distributions is Kondara MNU/Linux from Digital Factory USA Kondara's innovation enables you to use multiple languages at the same time without requiring a reboot to switch your Linux OS to a different language version." ReviewsDistributionWatch Review: Debian GNU/Linux 2.2 (LinuxPlanet). LinuxPlanet reviews Debian 2.2. "Pretty anticlimactic stuff, when it comes down to it, and therein lies one of the strengths of Debian GNU/Linux. The project moves forward at a seemingly ponderous pace, but a little time spent reading through the myriad developer and user lists reveals a disarmingly feverish quest for perfection." Review: Corel Linux Second Edition (LinuxISO). LinuxISO.org has put up a review of Corel Linux Second Edition. "The most outstanding feature in this distribution, and in line with Corel's stated ease-of-use goals, is the HTML-based Help system. Both context-sensitive and system-wide help are readily available, with Index and Search functions included in the main Help program." New DistributionsPocketLinux. We mentioned PocketLinux on last week's Front Page as one of the spiffier announcements from the LinuxWorld conference. PocketLinux is an embedded Linux distribution for handhelds, currently supporting the VTech Helio and the Compaq IPaq. For more detailed information, you may wish to check out this PocketLinux introduction from Jim Pick. For the adventurous, it appears they may have some VTech Helios available for new developers. Repairlix. Weighing in at 12MB in size, Repairlix is designed for installation on a business-card-size CD for use as a system recovery tool. Fd Linux. A new mini-distribution, Fd Linux, has come to light. It uses two floppies and provides a Linux system with networking, logging and firewall capabilities. General Purpose DistributionsDebian Weekly News for August 22. The Debian Weekly News for August 22 is out. It covers how the 2.2 release is going, the new "testing" distribution, and more. If you want to download an ISO of Debian 2.2, be sure to pick up version 2.2rev0a, since some of the initial ISOs had problems (particularly Sparc and Alpha ISOs). A tale of two Linux Expos (ITWorld). ITWorld's George Lawton dwelled on Debian quite a bit in this article on the highlights of LinuxWorld. "Much attention has been paid to the commercialization of Linux, but the spirit of open source that drives Linux may be best seen in efforts like the Debian development group, which is something of a labor of love for the programmers involved." It also provided a nice, concise list of the highlights of the Debian 2.2 release. "Version 2.2's adherents say it is more scalable and robust than previous versions, and supports the ability to update the underlying OS or applications without rebooting the machine. It runs on major hardware platforms, including Pentium, PowerPC, Sparc, Alpha, and even old 68000-based machines like the Amiga and Atari. Debian 2.2 also supports multiple languages, including Japanese, German, and French; support for Chinese is nearing completion. It supports authentication and LDAP, and is said to include better support for the new Linux File Hierarchy Standard." Debian GNU/Hurd. The Debian Kernel Cousin Hurd from August 16th provides the latest information from the development of this non-Linux free software operating system. LinuxPPC employees go to jail for good cause. LinuxPPC has put out this press release on a fundraising effort by employees Jeff Carr and Mariam Darvish for the battle against neuromuscular disease; it involves "going to jail" (in a motel room) until the fundraising goals are met. Slackware Linux Essentials. You can now check out Slackware Linux Essentials: The Official Guide to Slackware Linux on-line. The print version of it is also available, either by itself or as part of the retail boxed set. Embedded DistributionsBlue Cat Linux. LynuxWorks has announced the release of BlueCat Linux 3.0. In a separate announcement, the company states that BlueCat Linux now supports the Hitachi SuperH processor; and there's even one more on the new support for the ARM architecture. PeeWeeLinux 0.50 released. From LinuxDevices.com we get the news that PeeWeeLinux 0.50 has been released. This is the first stable release of PeeWeeLinux, which is a distribution aimed at embedded applications. Special Purpose DistributionsBuild Your Linux Disk 1.0beta3 was released this week and now includes ftp, telnet and busybox.Section Editor: Liz Coolbaugh |
August 24, 2000
Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Development page. |
Development projectsNews and EditorialsLet's move towards easier software installations. In the world of open-source software, "payment" comes in the form of recognition and fame and programs with a large user base are more likely to succeed. Therefore, it is in the programmer's interest for their code to be widely used. This should provide a strong incentive for developers to support easy installation of their software, but the reality doesn't always match up. Unworkable installations cause the open-source community to suffer because an otherwise good application will go unused.We should go the extra mile and provide easy installation; it may be the difference between code going somewhere or languishing in the dust. A lot of effort may go into the writing of software; a small amount of the developers' time should also go into streamlining the installation process. Here are some basic suggestions that would help. First, installation should be easy for novices and experts alike. Many installations require a well-seasoned software developer to deal with tricky compiler problems and dependencies. Often, such a person just isn't available. Build your installation for the average person, not for the expert. Second, consider dependencies. It is common and desirable for packages to utilize code and capabilities already available in an existing package. When one program depends on another, though, an update to one package can break a package that depends upon it. Often older versions of dependency code get aged off of the distribution sites. If practical, it is a good idea to make a working version of the dependency code available for download with the dependent code. Third, test on multiple distributions. Developers should build their code to work on a generic Linux system, possibly with the use of the Linux Development Platform Specification. Testing should preferably be done on several different distributions. Software package systems such as RPM and dpkg are one very good solution to many of the problems mentioned above. Package maintainers would do well to distribute their code in one or more of these package formats, and keep the packaged versions up to date. Open source systems will move forward faster if the component pieces are more available to "regular folks". Let's make it easier to use! BrowsersMozilla Status Update. The latest Mozilla Status Update is out. News includes bug fixes and improvements to the LDAP code. XUL Reference Available. Zvon.org has made an XUL Reference available for downloading. The reference can be read online with Mozilla M17. DatabasesPostgreSQL benchmarks. Great Bridge has run benchmark tests on several databases including PostgreSQL and MySQL. Also see these related articles on the benchmark results. EducationLinux for Kids. The Linux for Kids page is now managing its mailing lists on Source Forge. There are 3 lists: translation, general, and devel. ElectronicsIcarus Verilog compiler 20000819 snapshot. A new snapshot of the Icarus Verilog compiler has been released. Verilog is an electronic simulation and synthesis tool. InteroperabilityWine release 20000821. The August 21, 2000 release of Wine has been announced. Improvements include bug fixes, DocBook SGML documentation, thread-safe GDI, and improved DBCS support. Timpanogas Research Group announces open source NetWare compatible system. The Timpanogas Research Group has announced a project to create an open source, NetWare-compatible operating system in 2001. TRG has already been supporting a free NetWare filesystem for Linux; the kernel for the new system is available as well. They are pulling in a lot of Linux kernel code to fill in much of the needed capabilities. Of course, they would like to hear from anybody who wants to contribute. Network ManagementOpenNMS update for August 22. Here is the OpenNMS update for August 22, covering the "Boulevard of Broken Arms" and other events in OpenNMS development. Firestarter 0.4.1 announced. Firestarter 0.4.1 has been announced. Firestarter is a GNOME based gui tool for creation of a firewall system. Office ApplicationsAbiWord Weekly News for August 17. The AbiWord Weekly News for August 17 (which actually covers two weeks) is out. New features include an improved PalmDoc exporter, completion of the Zoom dialog, and an improved lists dialog. GIMP 1.1.25 Available. A new developer's version of the Gimp has been released. See the Change Log for a list of the changes. Review: Nautilus 0.1. Eric Kidd has posted a review of Nautilus 0.1 on the UserLand Discussion site. "Guess what: The folks at Eazel haven't lost any of their old magic. Nautilus is slick, slick enough to make Michael Dell start wondering about Linux on the desktop." Here is where you can download Nautilus preview release 1 to try it out for yourself. Eye of Gnome 0.4 is released (Gnome.org). Eye of Gnome, an "insanely cool image viewer" has been released. You can download the code from this location. On the DesktopKDE 2.0 beta 4 released. KDE 1.93, also known as "Kooldown," is the fourth beta for KDE 2.0 and has been released. With luck, this will be the last beta before the "early fourth quarter" KDE 2.0 release. Major changes include speed improvements to the HTML rendering widget, integrated support for GTK themes, JavaScript library work, Office 2000 imports, and lots of bug fixes Simon Hausmann on KDE components. Simon Hausmann writes about some common misconceptions concerning KDE's component technologies. Evolution 0.4.1 released. Evolution 0.4.1 has been released. Evolution is the GNOME mailer, calendar, and addressbook application. ScienceThe Computer History Graphing Project version 0.4. The Computer History Graphing Project has released version 0.4. This project's goal is to graph the progress of computers under a family tree. Thanks to Scott Fenton Web-site DevelopmentThe return of the Midgard Weekly Summary. After a bit of an absence, the Midgard Weekly Summary is back. It contains, as always, the latest in the development of the Midgard application server system. IBM Open Sources SashXB (Gnome.org). IBM has released another package as open-source under the LGPL license. "SashXB is a technology that allows web developers to access the native GUI". See the SashXB for Linux page for more information. Section Editor: Forrest Cook |
August 24, 2000
|
|
Programming LanguagesC/C++POSIX threads explained, Part 2 (IBM). In Part 2 of this series, Daniel Robbins explains the use of mutexes to deal with the locking of Posix threads. If you missed it, Part 1 of the article gives a general overview of Posix threads and how to get started coding them. PerlAI::NeuralNet::Mesh, version 0.20. Josiah Bryan has announced the first public release of AI::NeuralNet::Mesh. This is an optimized accurate neural network Mesh for Perl. PythonThis week's Python-URL. Here is Dr. Dobb's Python-URL for August 21. As always, check it out for the latest in Python development news. PyStream - a C++ stream emulation. Andreas Jung has written PyStream, a new Python module that emulates C++ streams in Python. Tcl/tkThis week's Tcl-URL. Here is Dr. Dobb's Tcl-URL for August 21. It covers the latest in the Tcl/Tk development world, including the Tcl Wiki page. TMML - Tcl manual markup language. Joe English has announced TMML, a tool for converting TCL documentation to XML and has proposed its use for conversion of the TCL documentation. Xlib TCL tutorial. George Peter Staplin announced the availability of a tutorial on using Xlib to draw into a Tcl/Tk window. Software Development ToolsSoftware Carpentry reopens testing tool competition. The Software Carpentry Project, which had removed the testing tool objective from its software design competition after the first round, has now reinstated the testing category with a new set of objectives. See the Unit and Regression Testing page for the new rules and requirements. May the best new testing system win. Section Editor: Forrest Cook |
Language Links Erlang Guile Haskell Blackdown.org IBM Java Zone Perl News PHP Daily Python-URL Python.org JPython Smalltalk Tcl Developer Xchange Tcltk.com |
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Commerce page. |
Linux and BusinessTransmeta files for IPO.
Transmeta has put in its IPO filing. The
full S-1 filing is available for those who wish to slog through
it. Unfortunately we don't have a summary available yet. Hopefully
by next week we'll have one ready for publication. In the meantime
here are a few highlights: Linus Torvalds' name appears twice in the filing, as a way of showing the expertise Transmeta employs. Some more information may be found in this News.com article. "Hypersecretive Transmeta has not released its chips to the public yet or even revealed a complete set of performance benchmarks. As a result, most analysts admit that they have not been able to evaluate the overall performance of the Crusoe family." VA Linux and Caldera reported financial results. VA Linux Systems has reported its results for its fiscal 2000 year. The company brought in $120 million over the year, a nice increase over 1999's $18 million. The company is still losing money, of course, but less so than before. Also in the announcement: "VA Linux estimates that SourceForge now hosts over 76 percent of the world's known Open Source software, with 8,000 software projects and over 53,000 registered users." Caldera Systems has announced its third-quarter results. Revenue for the quarter was $1.2 million, up 9% from the year before. They turned in a net loss of $7.5 million in that time. KDE Desktop is Show Favorite At Linuxworld Expo. The KDE Project has put out a press release proclaiming its election as "show favorite" in the desktop category. The PR also states that the fourth beta of KDE 2.0 comes out tomorrow. Itanium News. SuSE has joined VA Linux Systems and Red Hat in announcing the availability of a free Itanium "compile farm" that may be used to port applications. There is also an IA-64 version of SuSE Linux 7.0 which is available for download. Red Hat has also announced a new service called the "IA-64 JumpStart Program" which is aimed at helping developers get software working on the IA-64 processor. It includes training, support services, and an IA-64 compile farm which can be used to test things out. Software releases. AbriaSoft has announced the release of its "Abria SQL Standard" product, which is a boxed distribution of MySQL. Apache, PHP, Perl, and some others have been thrown in for good measure, as has the O'Reilly MySQL book. It even comes with technical support. Price is $59. Sun has announced the availability of a porting kit which can be used to make Linux device drivers work on Solaris (Intel) systems. NeTraverse has announced the 2.0 release of its "Win4Lin" product, which allows running Windows applications under Linux. Surveys and Studies. Here's the results (in German) of a study that examined every www.* host in the .de domain, trying to identify what system is running behind each. The result: Linux wins, with 44% of the systems identified. English text is available via babelfish. (Thanks to Lenz Grimmer). Red Hat has put out a press release publicizing the latest IDC report, which finds that Red Hat had 52% of Linux server shipments worldwide. Caldera and SCO announce 'Linux and UNIX Marriage'. Caldera and SCO's Server division have put out an announcement on some new initiatives which are presented as "the first steps along the path to a Linux and Unix marriage." These include the "Linux Kernel Personality" for UnixWare which appears to be an enhanced compatibility layer and which also got its own announcement. There is also a new set of service offerings. Newtella Inc. formed around music sharing network software . A company called Newtella, which somehow plans to make money by supporting the use of Gnutella to share music files, has announced its existence. Press Releases:Open Source Products.
Commercial Products for Linux.
Products Using Linux.
Products with Linux Versions.
Java Products.
Books & Training.
Partnerships.
Investments and Acquisitions.
Financial Results.
Linux At Work.
Other.
Section Editor: Rebecca Sobol. |
August 24, 2000
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Linux in the news page. |
Linux in the NewsRecommended Reading. This ZDNet column starts as a LinuxWorld piece, but wanders off into Linux desktops. "Yet it's precisely this perceived importance of interface consistency, continuity and discipline that is AWOL in any of the current Linux desktop efforts. Without it, Linux will not appear on the desktop in any meaningful numbers. It seems that the fervent engineers have neglected to internalize that users actually care about usability." Upside has posted a summary from LinuxWorld. "Although smaller companies showed up in force, this week's LinuxWorld only reconfirmed the growing suspicion that large-scale companies are the ones truly making a killing off the Linux phenomenon. IBM, a company that now supports Linux on every one of its hardware platforms -- including the wristwatch-sized server prototype it showed off Wednesday -- appears to have assumed kingmaker status in the Linux business community." Here's another ZDNet article which starts off as a general LinuxWorld piece. "And while Linus said he was relieved not to be writing another keynote the night before the show, RMS and ESR may have felt differently. Why else would they have kept sneaking into the Working Press room and talking a little too loudly with anyone who'd listen? Even ubiquitous Linuxshow emcee Jon 'Maddog' Hall was more seen than heard at this LinuxWorld..." Thereafter, the article becomes a lengthy look at Helix Code and Eazel; worth a read, even if it does say that GNOME 1.0 came out six months ago. GNOME vs. KDE. News.com reports on GNOME and KDE. "Owen Taylor, the Red Hat employee responsible for maintaining GTK, said he stays in touch with Qt programmers so the two packages have similar abilities and features such as the ability to drag text from a Gnome program and drop it into a KDE program. However, he added, 'There's no way we can merge the toolkits.'" (Thanks to César A. K. Grossmann). ZDNet tries to play up the GNOME-vs-KDE thing. "For a war that supposedly isn't, the battle over open-source desktops seems to be getting bloodier. It's GNOME vs. KDE. And even though many open-source backers are loath to admit the existence of a rift within their ranks on any software development front, sides are being taken and two distinct camps are forming." LinuxPlanet isn't happy about the GNOME Foundation. "To me, the GNOME Foundation is really nothing more than an attempt by large vendors to impose their agendas on the Linux community and stifle both innovation and community involvement. For Sun, this is nothing more than an attempt to push StarOffice on the Linux community by tying it to a single desktop standard; it's also a rather blatant effort to crush K Office before it's released, and that saddens me a great deal, because K Office has the potential to be a killer application rising solely from the Linux community." ZDNet ponders the GNOME Foundation. "Still, The Gnome Foundation faces tall challenges. History shows that multivendor efforts often fail because managers from member companies can't put aside their differences long enough to beat Microsoft." This ZDNet column questions the GNOME Foundation's prospects for taking over the desktop. "While a Linux desktop sounds good in theory, the idea faces the same obstacle Linux encountered when trying to gain a foothold in the server room- namely, status quo. IT managers who have begun to run Linux servers in the back room said they will hold off on putting Linux in the front office until it looks like Windows." O Linux interviews KDE founder Mattias Ettrich. "The key to the success of KDE is the huge amount of code that is shared between applications. We implemented the basic idea of free software - code sharing - to a degree that was never done before. This was possible due to two reasons: a) the choice of an object oriented language and its sane use within the project and b) the concept of open source in general." Here's an osOpinion piece essentially arguing the "GNOME is superior" point of view. "It's worth noting that had the KDE group gone with CORBA components, it would have been possible to write components that would work in both GNOME and KDE. This would have given developers a very powerful way to write common code for both environments." If you are tired of the latest GNOME/KDE silliness, you probably do not want to have a look at this LinuxPlanet column, which strives to fan the flames in every way. "Does anyone else see the irony of a project headed by a guy who's in it for the money, backed by companies who are in it for the money, getting the official Glorious October Revolution seal of approval, while a volunteer effort driven by sheer love of the project does not? Yes, there are people from distributions who work on KDE, but they have not set up little companies for themselves to capitalize on it." Reports From LinuxWorld. Upside reports from LinuxWorld, with an emphasis on embedded systems. "Virtually invisible on the LinuxWorld floor a year ago, fast-growing companies such as Lineo, MontaVista and LynuxWorks poured their precious pre-IPO dollars into lavish booth displays. It was an eerie sight, considering that many of the same companies had been displaying their wares on card tables only five weeks before at the Embedded Linux Conference." LinuxDevices.com summarizes LinuxWorld from an embedded systems point of view. "Better than one in ten of the more than 160 exhibitors rolled out new products and services aimed at embedded Linux developers and applications." TechWeb reveals that Linux businesses are businesses in this LinuxWorld summary. "Major corporations joining the Linux love feast this week managed to quietly support their own agendas while boosting the operating system and its open-source contributors." The article also manages to attribute the stock symbol "SUSEX" to (privately-held) SuSE. ZDNet talks with Linus Torvalds at LinuxWorld. "Rapid content serving on Linux is probably going to be an option in the next 2.4 release of the kernel, he said. It's also a priority to work Riesser [sic] file journaling into the next release." News.com covers Ransom Love's LinuxWorld keynote. "But for high-end systems, Caldera will advocate the use of UnixWare, one of SCO's versions of the Unix operating system on which Linux is based. 'Linux currently does not scale to the high-end data center, (but) other operating systems in the industry do,' he said. 'A single operating system kernel cannot scale,' he said." Here's a ZDNet column that is somewhat critical of open source proponents. "Amidst the pony-tailed, multi-pierced, roller-blading attendees of this week's conference is an underlying air of tolerance. Open source is premised upon the equal participation of any and every hacker, regardless of gender, race, religion or hair-color choice. But if tolerance is the watchword in the open-source world, why is the community so hard on newbies?" The DukeOfUrl covers day one, day two and day three of LinuxWorld. From day three: "I was fortunate enough to attend the Mandrake party on Tuesday and the VA Linux party on Wednesday. Both were great events at swanky locals. Although everyone was amongst friends, no one bothered to take to the dance floor. It seemed really awkward, as everyone was crowded around the collection of vintage video games. Finally, a few brave souls dare out to the dance floor and broke the ice." LinuxPower has put up more coverage and pictures from LinuxWorld. MPAA wins DVD case. Wired News covers the DVD decision. "A DVD-descrambling program is akin to a virulent Internet epidemic that must be eradicated, a federal judge said Thursday as he agreed with Hollywood that DVDs must be protected from decryption and copying." The Boston Globe. "Robin Gross of the Electronic Frontier Foundation, an Internet civil liberties group, rejects the idea that DeCSS is an illegal computer program. But she said that even if it is, 2600 has a constitutional right to tell people how to get it." CNN. "Martin Garbus, a lawyer for Corley, said: 'We understood that this was an issue that has to be resolved by the Supreme Court. The judge's First Amendment analysis is wrong.'" News.com. "'To the extent that defendants have linked to sites that automatically commence the process of downloading DeCSS upon a user being transferred by defendants' hyperlinks, there can be no serious question,' [Judge] Kaplan wrote. 'Defendants are engaged in the functional equivalent of transferring DeCCS code to the user themselves.'" (Thanks to Toon Moene). The New York Times (registration required). "Because Judge Kaplan sits on the district court, which is the trial court of the federal system, his decision is not binding on other federal courts and is subject to review by the Court of Appeals for the Second Circuit. But the judge's decision has considerable persuasive force for other courts both because it is the first time the law has been tested and because the Manhattan court is among the more prestigious district courts." (Thanks to Paul Hewitt and John Villalovos). Corel. ZDNet's Evan Leibovitch looks at Michael Cowpland's resignation from Corel. "So here we are, with what might have been the unthinkable -- a Corel without Cowpland. At the news conference, Cowpland stated that his resignation was voluntary and had nothing to do with Corel's beleaguered state. I dunno, I just can't see the company sustained for very long. This looks to me like Corel is making the conditions right in anticipation of a sale." Here's a ZDNet column on Michael Cowpland's departure from Corel. It does not pull any punches. "Corel Chairman and CEO Michael Cowpland finally did something right Tuesday, when he announced his resignation from both posts at the Canadian software developer. Most shareholders would argue the unceremonious departure comes several years too late." Forbes chimes in on Michael Cowpland's departure from Corel. "Forget about restructuring or retrenching. Burney's job should be to put investors out of their misery and get the company ready for sale." News.com has run a pronouncement from a Gartner analyst on Corel's future. "More recently, Cowpland and Corel placed a large bet on moving the company's applications to Linux on the desktop. In North America, at least, Linux on the desktop has been a non-starter. This strategy may have received its heaviest blow yesterday, when several large vendors--Compaq Computer, Hewlett-Packard, IBM and Sun Microsystems--announced support for the Gnome Foundation's Linux desktop project. Key parts of this open-source interface are productivity applications that run on top of Unix and Linux. The Gnome Foundation likely has further reduced whatever revenue opportunity Corel had in this area." Companies. ZDNet looks at the Ogg Vorbis codec. "In simpler terms, Ogg Vorbis is a new digital audio compression format that is similar to MP3, but costs nothing. It is completely open source, is entirely free of patents, and is supposed to have better audio quality and compression than MP3." Here's a ZDNet article about IBM's approach to Linux. "IBM's multifaceted moves to Linux go a long way toward opening up the company?s commercial code base. This is a far cry from the IBM of old, which once teamed up with Hewlett-Packard and Digital Equipment Corp. to create the Open Software Foundation (OSF), whose sole purpose was to splinter Unix and protect its members' respective proprietary OSes." LinuxDevices.com looks at Red Hat's other operating system. "Red Hat's ongoing eCos commitment surfaced yesterday in the form of a joint announcement between Red Hat and CrosStor Software. CrosStor, it seems, is porting its network-attached storage (NAS) software -- which currently depends on Wind River's VxWorks as its underlying RTOS platform -- to Red Hat's eCos." News.com covers Nokia's plans to release the source to its phone-based browser. "'This doesn't mean it's going to be Mozilla open source. It needs to be better supported than that,' said Paul Chapple, manager of Nokia's U.S. business development team. 'But we've learned that you have to provide the source so the customers can control the destinies of their own products.'" The New Zealand Herald has put up this article on the production of the Lord of the Rings trilogy. "Wellington-based Weta Digital's ability to process work on the Lord of the Rings movie trilogy has just dramatically improved - with big savings to boot. Weta has bought 16 dual-processor SGI 1200 servers running the Linux operating system." (Thanks to Andrew Simpson). ZDNet reports on a poll of Java developers on whether Sun should open source the language. "Opinion so far is divided. As of Monday, 28.8 percent of developers voting said there was nothing wrong with Sun's Java licensing, while 26 percent said Java should also be made available under the GPL." Here's a ZDNet column claiming to advocate an open source strategy for Microsoft. The author is not entirely clear on the concept, however: "I propose a slight alteration to the open-source model. Microsoft, of course, would expose the complete source code for its operating systems. This code could be downloaded by any user and compiled for personal use. However, Microsoft would be the only company allowed to create a distribution of the Windows operating system licensed for business use." Business. Upside ponders the future of Linux. "This unlikely method of developing software works amazingly well for a process that seems to resemble nothing so much as a form of voluntary socialism. I have never seen a business model operate this way. Certainly not in a capitalist country like the United States, where Linux is extremely popular and Linux companies are being funded with the faith that we can somehow make money off it. It makes me wonder how well it will stand up to the capitalist winds of change." Wired News looks at a new Forrester Research report which predicts great gains for open source software. "Forrester analyst Carl D. Howe predicts that Microsoft's business model will clash so severely with the new open-source-fueled development and distribution models that the company's market share will shrink for the first time in its history. And eventually, the report forecasts, MS will become little more than a 'legacy vendor,' offering support for its antiquated products." (Thanks to Lance Jones). News.com reports on a deal between Dell, OpenSales, and Linuxcare. "Dell will sell a server loaded with OpenSales' e-commerce software, which lets people create and run shopping Web sites, bundled with support from Linuxcare, said Dell account manager Jay Gleason. The product will be unveiled in the fourth quarter and will be called E-Shop-in-a-box." ComputerWorld put up this article on Unix vendors who are adding Linux binary compatibility layers to their systems. "However, it could also spell danger for the very vendors that are offering the support, facilitating a wholesale migration away from their proprietary Unix versions toward Linux, observers said." Here's a ZDNet column which predicts a bright future for Linux. "The main reason to be bullish on Linux's future is not that it will replace Windows. Rather, like Microsoft once was, Linux is the technology that is best aligned with a changing economy and will grow in step with it. This means, of course, in some instances Windows and Windows 2000 servers will be replaced by Linux, but that is a minimal definition of success." Here's another ZDNet column looking at the growth of Linux. "Like all things democratic, a truly free and open operating system (OS) will require constant vigilance by an industry that is organized not to collaborate, but to compete. What's more, sundry paradoxes threaten to stymie even the sincerest efforts to create a lingua franca platform that is simultaneously free, open, universal and dynamic." Upside has run some letters to the editor in response to recent columns about Linux. "I can't see many IT managers adopting Linux. Even if the software license is 'free', I doubt that the cost of server software licenses is a very big part of the typical IT budget. How many IT managers really want to have their own customized version of an OS? Oh please, give me a break." Money.com posted this article on its discovery that Linux is still around. "Linuxmania 1.0 centered mainly around 'pure plays' like Red Hat and Caldera. But now it has become clear that Linux's biggest impact may be on some of the biggest companies in the tech world--AOL, Hewlett-Packard, IBM, and Dell." Resources. The LinuxDevices.com Embedded Linux Weekly Newsletter for August 17 is out. LinuxLinks.com has posted a survey of relational database systems for Linux with an emphasis on business use. "PostgreSQL has been in development for over 10 years and represents a mature product. This is an important consideration to a corporation who cannot afford to trust their precious data to a product that has not been extensively tested." Reviews. A review of the ABIT BX133 motherboard has gone up on NewsForge. "The first benchmark is a set of timed Linux kernel compiles. Compiling a kernel is a common action for a Linux user, making it a very valid benchmark for a Linux system." Interviews. The Wall Street Journal talks with Linus Torvalds in this article reprinted on MSNBC. "Mr. Torvalds defended his habits. He said, for example, that not selecting an 'official' Linux user interface allows the best one to emerge through competition." Upside talks with Richard Stallman. "If this year's LinuxWorld seemed a little less colorful than the two previous San Jose episodes, maybe it was because the man who usually supplies the color decided not to show up." Section Editor: Rebecca Sobol |
August 24, 2000 |
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Announcements page. |
AnnouncementsEventsPLUTO meeting 2000. The PLUTO Meeting 2000 will be held on December 9 through 11 in Terni, Italy. There is a call for papers out now; see the web site for details.
More LinuxWorld pictures from LinuxNewbie. LinuxNewbie.org has put up another set of pictures from LinuxWorld. SkyEvents' Linux Expo. There is a call for papers for Linux Expo Toronto (October 30 - November 1, 2000) and Linux Expo Paris (January 31 - February 2, 2001). August/September events.
Additional events can be found in the LWN Event Calendar. Event submissions should be sent to lwn@lwn.net. Web sitesinternet.com adds two new Linux related web sites. internet.com announced that it has added new internally developed Web sites, including AllLinuxDevices.com and EnterpriseLinuxToday.com. User Group NewsAugust/September events.
Additional events can be found in the LWN Event Calendar. Event submissions should be sent to lwn@lwn.net. Plain text please. |
August 24, 2000 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Software Announcements
|
Our software announcements are provided courtesy of FreshMeat
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Back page page. |
Linux Links of the WeekReady for some fun? Check out the Lego Mindstorm with Linux Mini-HOWTO, go to the toy store, and have a blast... Lambda the Ultimate bills itself as "The Programming Languages Weblog." Therein you'll find discussions on language design, functional programming, and no end of obscure languages. It's a welcome break from the C/C++ battles. Section Editor: Jon Corbet |
August 24, 2000 |
|
This week in historyTwo years ago (August 27, 1998 LWN): the short-lived Linux Standards Association had its biggest day in the spotlight when it publicly questioned the validity of the Linux trademark. That move forced the hand of Linus Torvalds and Linux International, and brought about an intervention by the lawyers. The LSA, in the end, backed down and started explicitly acknowledging the trademark. At that time, trademark acknowledgements were relatively rare. The Linux International site did not have one, and neither did many distributions. After this episode, that all changed. Nobody really questions Linus's trademark anymore. ZDNet chimed in with some Good Old Time FUD: Technically, Linux might be a reasonable choice, but what kind of company is going to rely on unsupported freeware or something that's supported by two tiny vendors? Rejecting Linux is a straightforward business decision. If it were supported by an IBM or a Hewlett-Packard, then that would be an entirely different matter,
One year ago (August 26, 1999 LWN): Linux-Mandrake celebrated the end of its first year with two "Editor's Choice" awards from LinuxWorld, its first big equity investment, and the launch of its "Cooker" development version. LWN celebrated with an interview with Linux-Mandrake creator Gaël Duval. Caldera Systems and Red Hat were the first distributors to claim year-2000 compliance for their systems. It seemed important at the time. Ted Nelson's long-hyped Xanadu system was released as open source this week, after well over two decades of development. It also seemed important at the time. | |
|
Letters to the editorLetters to the editor should be sent to letters@lwn.net. Preference will be given to letters which are short, to the point, and well written. If you want your email address "anti-spammed" in some way please be sure to let us know. We do not have a policy against anonymous letters, but we will be reluctant to include them. | |
To: editor@lwn.net Subject: Note about GNOME Foundation From: Havoc Pennington <hp@redhat.com> Date: 23 Aug 2000 23:44:49 -0400 Although most responses have been positive, some articles and comments about our recent GNOME Foundation announcement have been disappointingly inaccurate. In particular, two mistakes are common. The first is referring to the Foundation as "consortium"; the Foundation is not a consortium, but an organization of individual contributors to the GNOME Project. The companies joining the Foundation join an advisory board which has no decision-making function; decisions are made by a board of GNOME contributors elected by the membership. At this time, around two-thirds of the members of the Foundation are independent volunteers not employed by one of the advisory board companies. The Foundation is simply a legal entity that can act on behalf of the 3-year-old GNOME Project. The GNOME Foundation is comparable to SPI/Debian and the Apache Software Foundation. For more details, see the press release: http://www.gnome.org/pr-foundation.html The second mistake is that this represents some kind of flareup or resurgence of a "war" with KDE. At our press conference, we took pains to discourage this interpretation of the announcement when members of the press asked about it (see Bob Young's comments, for example). We are interested in healthy and friendly cooperation with the KDE project and other free software projects. Interoperability efforts such as http://www.freedesktop.org continue and will not be affected by the GNOME Foundation. Both GNOME and KDE have valuable contributions to make. We're creating a foundation to help us run GNOME well, and we're excited about the recent commercial acceptance of GNOME, but these things are advances for GNOME, not attacks on anyone else. Our primary focus is to expand the userbase of free software; competing with other free software is not the point. Havoc | ||
From: Tom Cowell <tcowell@terma.com> To: "'letters@lwn.net'" <letters@lwn.net> Subject: Offtopic letter from Eric S. Raymond Date: Fri, 18 Aug 2000 17:29:10 +0200 Shame on the LWN editor(s) for publishing a letter from Eric S. Raymond = (LWN back page August 17, 2000) with a sig that takes up (according to = wc -c) not much less that half the total message, and puts forward his = views on gun control (nothing to do with Linux). I'm not going to reveal my views on gun control - that's the whole = point. LWN, I think, should not have let this message through the = editorial filter (or should have removed the sig). ESR should not abuse = his position as a celebrity among users of the Linux kernel by = publicising his views on other issues. Tom Cowell | ||
Date: Thu, 17 Aug 2000 22:59:19 +0200 From: Toon Moene <toon@moene.indiv.nluug.nl> To: letters@lwn.net Subject: Judge halts posting of DVD cracking code I just read the following on http://news.cnet.com/news/0-1005-200-2547756.html > "Computer code is not purely expressive any more than the assassination of > a political figure is purely a political statement," Kaplan wrote in his > opinion today. "The Constitution...is a framework for building a just and > democratic society. It is not a suicide pact." Now, I don't know anything about US Law, but *this* statement just smells as "guilt by association". Surely, the US legal system can do better than *that* ?!?!?!? -- Toon Moene - mailto:toon@moene.indiv.nluug.nl - phoneto: +31 346 214290 Saturnushof 14, 3738 XG Maartensdijk, The Netherlands GNU Fortran 77: http://gcc.gnu.org/onlinedocs/g77_news.html GNU Fortran 95: http://g95.sourceforge.net/ (under construction) | ||
Date: Tue, 22 Aug 2000 08:37:17 -0400 From: David Rysdam <david.rysdam@openone.com> To: letters@lwn.net Subject: Not understanding "Open Source" From your daily page: > 'Here's a ZDNet column claiming to advocate an open source strategy for > Microsoft. The author is not entirely clear on the concept, however: "I > propose a slight alteration to the open-source model. Microsoft, of > course, would expose the complete source code for its operating systems. > This code could be downloaded by any user and compiled for personal use. > However, Microsoft would be the only company allowed to create a > distribution of the Windows operating system licensed for business use.' Remember 2+ years ago when everyone was bemoaning the confusing term "Free Software"? And how ESR and friends swooped in with the saving term "Open Source"? That has come back to bite us.Because of the way the "Open Source Movement" pushes features like "fewer bugs", "fast development time", and "hardware support" a person could be forgiven if they forgot about (or never even heard about) the real purpose of Free Software: freedom. Don't get me wrong, I *like* the features of Open Source software: reliability, flexibility, low cost, ease of use (for a power user, anyway). But I even more like the main feature of Free Software: freedom. No worrying about multiple installations, redistributions or modifications. | ||
From: "Donald Braman" <donald.braman@yale.edu> To: <letters@lwn.net> Subject: FW: logical reasoning and the English language Date: Fri, 18 Aug 2000 16:35:20 -0400 Thought you might appreciate this letter to Fred Moody. -Don -----Original Message----- From: Donald Braman [mailto:donald.braman@yale.edu] Sent: Friday, August 18, 2000 4:27 PM To: melmoth73@hotmail.com Subject: logical reasoning and the English language Dear Fred, Two quick notes on your commentary, Linux Revisited: 1. On logical reasoning: You assume that the people who write to you are representative of people who create Linux patches. I suspect that this assumption is unwarranted. 2. On the English language: You write: ...people, [the clause discussed above], who are not great thinkers." Consider writing, instead, ...people who, [the clause discussed above], are not great thinkers." You know the saying about glass houses and the people who live in them, don't you? Sincerely, Donald Braman donald.braman@yale.edu | ||
Date: Mon, 21 Aug 2000 13:09:07 -0400 From: "Jay R. Ashworth" <jra@baylink.com> To: melmoth73@hotmail.com Subject: Linux column, and proponents. G'day, Mr. Moody. My, but you're an unpopular person this month. :-) I have some exception to take with some of the comments in your current column; I hope you find my remarks comprehensible, rather than compost. > Now the basic, distilled-to-one-line message of my column was this: If > Linux had to stand up to the amount of use and abuse Windows NT did, > it would not be up to the task. I'm afraid I must say that I think this comment, similarly to this one: > Citing statistics posted on BugTraq, SecurityFocus.com's computer > security mailing list which tracks vulnerabilities in operating > systems, and relying on the testimony of security experts, I wrote > that Linux systems are weaker than the state of the art in operating > systems. I also noted that the number of its reported > vulnerabilities, when measured against its market share, was, in > essence, higher than the number of Windows NT reported > vulnerabilities when measured against its market share. demonstrates a fundamental misperception of the situation at hand. I do not choose to attribute this misperception, unlike some; my intention is merely to clear it up. I do not have current statistics on the number of Linux systems exposed to the raw Internet, vs the number of NT boxes. Nor do I wish to comment on the relative sturdiness and security of these systems as shipped. That's not really the point at hand here. As I see it, as a front-liner who gets the calls when someone's box gets rooted, it's like this: regardless of whether Linux *requires* work to make it sufficiently secure to live in the wild, *it is possible to MAKE it sufficiently secure* -- and, of course, I only have to do it once, no matter how many machines I have -- and I can then push the changes out to the various boxes (because stock Linux supports secure, signed, remote distribution of system updates, and NT does not). Now, the strawman argument that is commonly made here -- it was made in a CFOnet piece by a Meta Group analyst to which I replied in last week's Linux Weekly News' Letters column <http://lwn.net/2000/0817/backpage.php3> -- is this: "but, the fact that you can change everything so easily means that you'll never know what you're running!" Or, in our case here, that you're always going to miss something because you have so much to do. Well, it's like this, Fred: That's not Linux's fault. If I hired an MIS guy and told him to network my 6 locations across the Internet, and make everything as secure as he could... and he picked NT... and someone broke in through a publicized security hole that Microsoft simply hadn't gotten around to bothering with, what should I do with him. I'll tell you what I *would* do with him: I'd fire him. Yes; for buying Microsoft. Because the simple truth is this: the Mean Time To Security Fix Publication for Microsoft, while much better than it has ever been, is still an order of magnitude worse than that of the open source operating systems, and I don't see that it will ever get better. If Microsoft doesn't feel now that they have sufficient impetus to improve this, I guess it will take a Navy ship run by NT getting blown up because of a blue screen, instead of merely having to be towed back to port, to make the point. In the business world, we call it due diligence: making sure that you've done enough research that you can say with some assurance that there's not a better way to do the job: in this case, that the balance between expenditure and risk reduction has been struck as effectively as possible. I don't much care whether the answer is OpenBSD, NetBSD, or Linux; any of them is a better answer, from a system maintainability and hole-chasing standpoint, than any current version of NT. Stipulated, and here's the crux of the strawman: you do have to *do* the work. But at least it is *possible* for you to do the work, a luxury you don't have with MS. I don't know NT5 (oh, excuse me: "Windows 2000" <snicker>) well enough to dis it on constructive grounds. I'll have to make due with noting that it, too, is a 1.0 version. (Even though it's published version number is 5.0, notwithstanding that NT3.1 was itself a 1.0 release; don't get me started on this one.) Cheers, -- jra Jay R. Ashworth jra@baylink.com Member of the Technical Staff The Suncoast Freenet Tampa Bay, Florida http://baylink.pitas.com +1 727 804 5015 | ||