Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise
news for all interests
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page
Other LWN stuff:
Archives/search
Recent features: Here is the permanent site for this page. See also: last week's LWN.
|
Leading items and editorialsThe other free software war. There are two competing free software projects out there, both working on solutions to the same problem. There are strong differences of opinion on who has the best technology; a fair amount of sniping goes back and forth. Corporate interests are increasingly visible, and accusations of selling out are occasionally heard. There is also occasional talk of bringing the two projects together, but it doesn't look likely to ever happen. No, the issue is not desktops - it's real time Linux. And while the term "war" overstates the case (just as it does with desktops), "intense competition" certainly does not. And the stakes are high: Linux is clearly poised to take over a large part of the embedded market, and many embedded applications require real time capabilities. There are numerous contenders in the real time arena, but two projects dominate:
Both projects are based on the same idea: a module is loaded into the Linux kernel which pushes Linux to the side and runs it as the lowest-priority process. Thus the full set of Linux capabilities is there to use whenever no hard real-time task needs the processor. Both require that hard real-time code be written as kernel modules, and both provide FIFO-oriented communication mechanisms to move data between Linux and real-time tasks. So what are the differences? RTLinux takes a very spartan approach to features; reliability, absolutely deterministic response, and portability to many platforms are the project's priorities. For example, no dynamic memory allocation is possible in RTLinux. RTAI aims to provide a broader set of features to the real-time programmer, but only runs on Intel systems. RTLinux makes many changes to the standard kernel source, while RTAI takes a minimalist approach to kernel changes. That small set of differences has become a rather wide divide; the two camps often seem to not like each other very much. The situation is certainly not helped by the fact that both projects are headed up by, shall we say, highly determined men with strong opinions. Also unhelpful, in this regard, is that Victor Yodaiken owns a software patent on the real-time Linux concept. While Mr. Yodaiken has never attempted to exercise this patent against RTAI or any company using it, he also has not plainly said that such action will not happen in the future. As the stakes get higher, expect the rivalry between these two projects to become louder and more public. Consider, for example, the case of MontaVista Software, which announced the availability of a prototype, fully-preemptable Linux kernel with a claim that it was the first hard real-time Linux system available. The announcement drew a gentle correction from Mr. Yodaiken (MontaVista is a supporter of RTLinux), and a much stronger one from Lineo, an RTAI supporter (via Zentropix, which it acquired). The desire to be the dominant real-time Linux solution will certainly drive more of this sort of claims and counter-claims. Of course, the quest to be the real-time Linux solution is likely to be as futile as that to be the desktop solution. The same dynamics apply: the competition has caused both groups to push harder to release a quality product while providing choices to real-time programmers. This kind of diversity is a good thing. All we have to do is to keep it friendly and polite... More on the :CueCat. Last week's LWN discussed the sad story of the :CueCat scanner and the Linux driver that the :CueCat's backer, Digital Convergence, seeks to suppress. That issue lacks any sort of resolution at this point, but there are a few followup items that are worth mentioning:
For those who are having trouble with the :CueCat's sophisticated "XOR with 'C'" encryption scheme, here's a bit of Perl code (from the "Dissecting" page) that does the trick; it's attributed to Larry Wall: #!/usr/bin/perl -n printf "Serial: %s Type: %s Code: %s\n", map { tr/a-zA-Z0-9+-/ -_/; $_ = unpack 'u', chr(32 + length()*3/4) . $_; s/\0+$//; $_ ^= "C" x length; } /\.([^.]+)/g; In the end, the :CueCat is a classic example of a broken business model. One can no longer (if, indeed, one ever could) put out a piece of hardware with the expectation that people will not seek to improve its operation with new software. And, in the free software world, only one person need code up improvements before everybody can enjoy the fruit of that labor. Digital Convergence was very generous to give away all of those barcode scanners; but to expect them to be used only with their software was naive in the extreme. LWN readers have spoken. We had guessed that the popup windows with the software announcements would be unpopular. In fact, not a single reader wrote in favor of them. So they are gone, forevermore. We still don't have the announcements sorted by license, but that will change next week... we promise... Inside this week's Linux Weekly News:
This Week's LWN was brought to you by:
|
September 14, 2000
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Security page. |
News and EditorialsCome meet the SuSE Linux Security Team. The SuSE Linux Security Team has added some new members in the past couple of weeks. A series of mail exchanges with SuSE gave us some background on the new members and their planned activity, but also the opportunity to find out more about the entire team. So here, with only a bit of fanfare, is the SuSE Linux Security Team, in chronological order of the date they joined the team.
Marc, Sebastian and Thomas handle the source code auditing, development of security-related bug fixes and customer assistance with security-related problems. They also write security papers and develop new security tools. For their work, they monitor and interact with both public and private security mailing lists. When a team member finds a bug report or exploit that affects SuSE Linux, they notify the rest of the team and then take over responsibility for working on that particular bug. Once a fix is developed, it is sent on to the SuSE maintainers, for integration with the main development trees, and to Roman, who will write up the security advisory and release it once new RPMs are built. Big patches are also sent back to the author of the program involved. Other Linux vendors are informed via a private mailing list. In addition to this reactive work, the team works pro-actively to audit source code, write and maintain security tools and papers, look around for new tools and generally improve the overall security of SuSE Linux. Unix, Linux computers vulnerable to damaging new attacks (News.com). News.com reports on "format string" vulnerabilities. "Fans of Unix and its close relative, Linux, pride themselves on the general security of their operating systems compared with Microsoft Windows, which has been plagued with security problems. But the format string issue highlights the fact that weaknesses can lurk for years within software, and that it's hard to track them down among hundreds of thousands of lines of programming code." Primed and ready (Upside). Upside looks at the expiration of the RSA patent. "Perhaps hoping to stifle any Mozilla-type celebration within the anti-software patent community, RSA Security (RSAS), official administrators of the RSA public key encryption patent, dumped their crown jewel into the public domain on Wednesday, two weeks ahead of schedule." Security ReportsHorde/IMP format string vulnerability. A format string vulnerability in the Horde library 1.2 and earlier was reported to BugTraq and is remotely exploitable. The Horde library comes from the Horde Project, which develops a set of Web-based productivity, messaging, and project-management applications, under the GPL. The Horde library itself is released under the LGPL. The format vulnerability in the Horde library has been shown to impact IMP, a PHP-based Internet Messaging Program from the Horde Project. In addition, it may impact other, not-yet-reported, applications that use the Horde library. An upgrade to Horde 1.2.1 and IMP 2.2.1 should fix the problem and is strongly recommended.This week's updates: pam_smb remotely-exploitable stack buffer overflow. A remotely-exploitable stack buffer overflow has been reported in the pam_smb pluggable authentication module. This is a severe vulnerability, which could lead to a remote root compromise. All versions of pam_smb prior to 1.1.6 are affected. If you are using Samba and pam_smb, an immediate upgrade is strongly urged.This week's updates:
Linux-Mandrake security update for mod_perl. Linux-Mandrake has issued a security advisory and updated packages to fix a configuration-based security problem in mod_perl. XMail remotely exploitable buffer overflow. Davide Libenzi's XMail is an Internet and intranet mail server, currently at release 0.59. Aviram Jenik reported a remotely exploitable buffer overflow in all versions of XMail prior to 0.59. Anyone using this software is strongly urged to upgrade to the latest version.SuSE security update to Apache. SuSE issued an advisory reporting configuration-based security problems with Apache, as shipped with SuSE 6.0 through SuSE 7.0. The misconfigurations could allow CGI source code to be made visible and allow files on the web-server to be modified, if WebDAV has been installed. These problems appear to be specific to SuSE. SuSE users are strongly urged to upgrade their Apache packages, or correct their configurations, immediately.@stake, Inc. originated the discovery of these problems. They sent advisories for the Apache and WebDAV problems to BugTraq, after SuSE had a chance to make updated packages available. Mailman writable variable . The external archiving mechanism in all versions of Mail prior to 1.2beta uses an internal variable %(listname), which can be exploited to run arbitrary code. Check this BugTraq posting from Christopher Lindsey, which includes a patch, or BugTraq ID 1667 for more details. An upgrade to Mailman 1.2beta or later is recommended.tmpwatch fork bomb denial-of-service. tmpwatch, a binary provided with Red Hat 6.1 for use in cleaning up unused files in temporary directories, is vulnerable to a denial-of-service attack. Nested directories can be used to cause a "fork bomb", where the process recursively generates more and more sub-processes. The problem was reported to Red Hat's BugZilla, but no vendor response has been seen as of yet. Subsequent postings pointed out that a system could be defended from such problems either by setting process resources limits or using stmpclean, another, similar program.Format string vulnerability in muh. muh is an IRC-bouncing tool. Multiple format string vulnerabilities exist in muh 2.05 (and potentially earlier versions). These can be used to crash muh and possibly to execute arbitrary code as the muh user. Here is the original report from Maxime Henrion, and a followup, including an unofficial patch, from Kris Kennaway. The author recommends disabling logging until the program has been patched. An official patch is not yet available.YaBB.pl input check vulnerabilities. YaBB (formerly www.yabb.org) is a web-based bulletin board system written in Perl. It has been reported that the YaBB.pl perl script fails to apply security checks to input in several places. As a result, arbitrary files on the system can be read. YaBB 9.11.2000 has been released as a result and should fix these problems. Check BugTraq ID 1668 for more details.Cgi-bin script vulnerabilities. The following cgi-bin scripts have been reported to contain vulnerabilities:
Commercial products. The following commercial products were reported to contain vulnerabilities:
Updatesglibc vulnerabilities. Check last week's Security Summary for more details. The updates below take care of both the ld.so environment variable vulnerability and the locale format string vulnerability. If you do not see an update for your distribution, you may want to check last week's summary for updates that fix at least the ld.so problem.In addition, for those of you who are reluctant to upgrade your glibc library at this point, this BugTraq posting from Lionel Cons at CERN describes the methods they are using to protect against the recently-reported glibc bugs without upgrading the glibc package. Note that an upgrade is still strongly recommended as your first choice. This week's updates:
xpdf symlink race condition. Check the August 31st Security Summary for the original report.This week's updates: Previous updates:
screen setuid root vulnerability. A vulnerability in screen 3.9.5 and earlier that can be exploited by a local user to gain root was recently reported last week. Note that screen must be installed setuid root in order to be exploited. Screen 3.9.5 and earlier contain this vulnerability. This week's updates: Previous updates:
mgetty temporary link vulnerability. Check the August 31st Security Summary for details. An upgrade to mgetty 1.2.22 should fix the problem. This week's updates: Older updates:
PHP upload vulnerability. Check last week's Security Summary for more details. This week, the PHP Group provided an official advisory for this problem, with programming recommendations and links to updated PHP packages (4.0.3RC1 and 3.0.17RC1) that contain functionality to help avoid insecure programming practices with PHP. mopd updates for Linux. Last week, we mentioned a mopd advisory for FreeBSD. If you are using mopd under Linux, you might want to note that the Linux/VAX recommends the use of this mopd-linux port, which is based on the OpenBSD sources and includes the latest security fixes. [Thanks to Andy Phillips]. xchat URL handler bug. Versions of xchat from 1.3.9 through and including 1.4.2 can allow commands to be passed from IRC to a shell. Check BugTraq ID 1601 for more details. This week's updates:
Resourcesscanssh. Just announced this week, scanssh is a network scanner that probes for running SSH servers and determines their version numbers. "scanssh supports random selection of IP addresses from large network ranges and is useful for gathering statistics on the deployment of SSH servers in a company or the Internet as whole". Librnet, Library for Raw Networking. To assist those who wish to develop their own `low-level' network-related software, Gigi Sullivan has released the Librnet library. This is the initial release; note the author's comment: "As stated above, Librnet is far from being complete and stable." EventsSeptember/October security events.
Section Editor: Liz Coolbaugh |
September 14, 2000
| |||||||||||||||||||||||||||
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Kernel page. |
Kernel developmentThe current development kernel release is 2.4.0-test8. This release was announced on September 8. It seems to have the real fix to the the file corruption bug, along with quite a few other updates and fixes. There is also a change to the licensing terms; Linus has put in a note that only the current version of the GPL applies to the source - any future versions that come out will not automatically be applicable. Ted Ts'o posted a (lengthy) new 2.4 status liston September 13. The current stable kernel release is 2.2.17. The stable kernel prepatch is up to 2.2.18pre6. There is a constant call for the inclusion of the NFS patches in 2.2.18. Protesters have begun blocking streets in Swansea. The basic problem is the same as it has been for a while: the standard Linux NFS implementation works poorly, especially if you are trying to set up a big server. The available fixes make things a lot better - to the point that many distributions include them with their kernels. Alan seems to be softening his position on this one; some recent postings from him have suggested that NFS will go into a stable kernel soon, perhaps even into 2.2.18. It now seems to be a matter of stabilizing some of the other changes and waiting for the time to be right. A new 2.0.39 prepatch is out; this one is 2.0.39pre8. The pre7 patch was supposed to be the last, but evidently a problem of the "brown paper bag" variety turned up... The kernel debugger discussion continues, without a whole lot in the way of new and interesting contributions. There are two well entrenched positions, and the debate does not seem to be convincing many people to change their minds. The pro-debugger debugger case was well stated by Keith Owens, modutils and kdb maintainer, in The case for a standard kernel debugger: Seven of the twelve architectures in the standard kernel already have built in debuggers. Where is the evidence that these architectures have more bad patches because of the presence of the debuggers?
For those who can't fathom why Linus would be opposed to the inclusion of a kernel debugger, a reading of his explanationmight help to clear things up. I don't think kernel development should be "easy". I do not condone single-stepping through code to find the bug. I do not think that extra visibility into the system is necessarily a good thing....
One nice thing about Linus, one does not usually have to wonder about just where he stands... Andrea Arcangeli, meanwhile, has made available the slides from a recent talk he gave on the available kernel debugging tools. MontaVista's preemptable kernel got some attention this week following the company's press release announcing its availability. It's time for a quick look at what MontaVista has done. In most Unix systems since the very beginning, kernel code has had a hold on the processor for as long as it wanted. While user code can be preempted at any time, kernel code keeps on running until it explicitly yields control. Kernel developers used to take great advantage of that fact, since they didn't have to worry about surprises from shared access to resources. Life has gotten harder with the arrival of SMP systems; kernel code must now be prepared to cooperate with more kernel code running on other processors. It is still true, however, that Linux kernel code is not kicked off a processor involuntarily. (OK, there are a few small exceptions, such as interrupt handling). The non-preemptable kernel brings about problems, however. Sometimes the system must be able to respond very quickly to an event. Many real-time tasks require very quick response, but even dealing with everyday audio and video streams can be a problem if the system reacts too slowly. An operating system which cannot preempt its own kernel code is going to be susceptible to this sort of long latency; if some kernel function gets going on a long task, it may not give up the processor for way too long a time. What MontaVista has done is to make the kernel code preemptable. The idea is not new; Linus mentioned the possibility back in July. MontaVista just jumped out ahead of the pack by offering an implementation well ahead of the beginning of the 2.5 development series. MontaVista's kernel is not completely preemptable. Whenever code is handling interrupts, doing bottom half processing (essentially an extension of interrupt processing), or running the scheduler it can not be preempted. More significantly, any code which is holding a spinlock will not be pushed out of the CPU. This restriction makes sense for performance and deadlock reasons, but also greatly limits the preemptability of the kernel. Much of what is done in the kernel happens under the protection of one or more spinlocks. And, in fact, a set of latency benchmarksperformed on the MontaVista kernel by Benno Senoner show that, while the kernel performs better, it still has significant latencies. In particular, the system can be quite slow to respond when it is performing significant disk activity. Mr. Senoner also tested Ingo Molnar's latest low-latency patch with significantly better results. So MontaVista's kernel is perhaps not the ultimate hard real-time solution that the company would like. It is a significant bit of work, though, that may well find its way into the 2.5 development series, whenever that may begin. More information on MontaVista's work can be found in this white paper published on LinuxDevices.com. A proposal for a Linux kernel patch management system was posted this week. The proposal is the work of Linus Torvalds, Ted Ts'o, Daniel Quinlan, and Sebastian Kuzminsky, who is writing the code to implement it. The current system, which can be described as "send patches repeatedly to Linus and/or the subsystem maintainer, then watch new releases to see if it appears" tends not to work very well for a lot of people, so something more organized is called for. The proposed system is relatively straightforward. A mailing address would be set up to accept patches; a program sitting behind the address will store and log them. Mechanisms can be put into place to track the outstanding patches, perform certain types of automated testing, and more. With luck, the new system will make life easier for both Linus (who is buried in patches) and the kernel developers (who never know what the status of their patches is). No more IDE backport for 2.2. Andre Hedrick, maintainer of the Linux IDE subsystem, has announced that he will no longer be able to support the 2.2 backport of his IDE work. This port has seen heavy use, and is included by a number of vendors in their standard kernels. It's valuable work, but getting the 2.4 kernel stabilized is more important, for now. The backport will, hopefully, remain available, as Bartlomiej Zolnierki has indicated his willingness to maintain it in the future. Watch out for ECN. Support for IP Explicit Congestion Notification (ECN) started finding its way into the kernel with 2.4.0-test3, with -test7 providing a full implementation. ECN, as described by RFC2481, allows routers to set a bit inside an IP packet to indicate that the route taken by the packet is experiencing congestion. A compliant implementation should then throttle back its transmission rate in much the same way as it would when packets start getting dropped. The advantage with ECN is that congestion can be indicated without actually dropping packets, leading to fewer retransmissions. It turns out, however, that some firewalls from a very large network equipment manufacturer do not deal with ECN correctly; in fact, they simply drop packets that attempt to use the ECN feature. The result is that, if you are using ECN, a substantial portion of the Internet (a figure of 8% has been posted) is unreachable. This was not the desired result. For now, people running development kernels will almost certainly want to turn off CONFIG_INET_ECN to avoid this problem. The longer term solution will probably involve pressure to get the non-compliant systems upgraded, and, perhaps, some mechanism to detect connections that are broken by ECN and automatically turn it off. Other patches and updates released this week include:
Section Editor: Jonathan Corbet |
September 14, 2000 For other kernel news, see: Other resources: |
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Distributions page.
Lists of Distributions |
DistributionsPlease note that security updates from the various distributions are covered in the security section. New DistributionsAnnouncing SmoothWall - a distribution for firewalling. A new distribution, called SmoothWall, has hit the net. SmoothWall is a severely pared-down system whose one role in life is to turn a computer into a dialup router and firewall for homes and small offices. It is available for download now; the ISO image is only 18MB. Many Linux router/firewall projects already exist, such as Bifrost, Coyote Linux, floppyfw, Gibraltar and ShareTheNet. Many of these are, in turn, derived from the Linux Router Project. SmoothWall chose a different route. As documented in their September newsletter (PDF format), co-founders Lawrence Manning and Richard Morrell examined existing firewall/router projects first. They found either commercial products or products that required Linux administration skills. Feeling strongly that good security should not have to be purchased, they set goals for their product that included GPL licensing, secure Internet connectivity and problem-free installation, even for non-Linux users. This way, the benefits of Linux and Open Source could spread quickly across PCs without requiring people to first "change the way they work". They took their market research to a local LUG meeting (HantsLUG) for feedback and peer review. In addition, the LUG eventually also provided them with additional developer talent for their project. SmoothWall started with the 645MB VA Linux distribution and then pared it down to 45MB. The finished product requires a 486 machine with a small disk, something they felt would be fairly easily available, either as discards from companies or for small amounts of money. They recently started hosting their downloads on Sourceforge and have been extremely pleased with the response they've received in a short period of time (63,000+ hits on their website within 37 hours and over 3000 downloads). Due to request, and available assistance, their installation document and FAQs are now being translated into thirteen different languages. That's an impressive start for such a new project. Darkstar Linux. A new distribution development project was announced on the linux-kernel and linux-ppc development lists this week. Darkstar Linux plans to build yet another Linux distribution. In this case, their goal is to have a distribution that can be consistent across hardware platforms, ranging in size from PDAs to Mainframes. They have stated that they will not restrict the software that is included to any one license; software released under any license that allows free distribution will be considered for inclusion. Presumably their choices will be somewhat restricted, though, based on the need to only include packages that are supported across hardware platforms. StarOffice, for example, would not fit their stated goals, since it is currently only supported on the Intel platform (though, of course, given the licensing of the not-yet-release StarOffice 6.0 under the GPL, this may change). The project has just begun and they are "seeking system administrators, kernel developers, and userland contributors to help with the development and maintenance of the system. Knowledge of CVS and make(8) is recommended, but not absolutely required". AdministriviaDistribution list changes. As you may have noticed last week, we've continued to break our distributions list into multiple categories. The work is not yet done and it is, of necessity, somewhat arbitrary, since we list each distribution only once, even though it might fit in multiple categories. Still, check it out, let us know what you think and, above all else, do let us know if you see any errors introduced as a result. General-Purpose DistributionsSuSE Linux News. SuSE has announced that a version of its distribution for SPARC processors is now available for download. This expands their platform support to cover Intel, PowerPC, Alpha, Sparc and the IBM S/390. In addition, SuSE also announced their free test environment for the Intel Itanium 64-bit architecture, along with access to the preliminary version of SuSE 7.0 for IA-64. Debian Weekly News (Sep 12). This week's Debian Weekly News joyously reports the rapid introduction of KDE packages into Debian. "All of the core of KDE is already present in unstable, and more packages are sure to follow". It is good to see such a swift response to the relicensing of Qt under the GPL. Other topics this week include potentially new licensing problems with Python 1.6, the possibility of a point release for Debian 2.2 in the near future, to integrate security updates and some packages that didn't make it into the initial release, and, last, a technical discussion on whether or not daemons should automatically be started up if they are installed. Conectiva Linux 6.0 beta launched. Conectiva has announced the release of the 6.0 beta. It contains an initial release of an RPM-enable apt-get, which should be very interesting. The usual caveats apply: "This is a beta, and quite informal. Do not expect it to work." Linux-Mandrake 7.2beta2. The latest Linux-Mandrake beta, dubbed ulysses-2, is now available for download in ISO format. [Thanks to Luc Taesch]. Terra Soft simplifies Yellow Dog Linux product line. Terra Soft Solutions has announced the simplification of its Yellow Dog Linux product line. While other distributions are busily adding "corporate" and "enterprise" versions, Terra Soft has decided to combine its "Champion Server" and "Gone Home" into a single product. Mini/Special Purpose DistributionsCoyote Linux 1.20 Released. The latest, stable version of Coyote Linux, version 1.20, was released on September 6th. Coyote Linux is a single-floppy distribution based on the Linux Router Project. The Coyote website reports, "This version contains full support for Ethernet (DHCP and Static IP), PPPoE, and PPP Dialup connection types." DragonLinux v2r1. A new release of DragonLinux, v2r1, is now available for download. "DragonLinux v2r1 is based on Slackware v7.1. With our own custom installation we offer a partition-less installation. You no longer need to repartition your hard drive to install Linux. (A bootable MS-DOS or Windows [3.x or 98/98] drive is required.) Linux gurus will note that UMSDOS, as was used in previous versions of DragonLinux, is no longer used." Section Editor: Liz Coolbaugh |
September 14, 2000
Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Development page. |
Development projectsBrowsersNew site: mozdev.org. A new web site, mozdev.org, is now open for browsing. Mozdev.org is hosted by Alphanumerica and caters to development projects that are based on the Mozilla project. Visual XUL Environment, ViXEn. A new development project known as ViXEn has been announced. "Vixen is designed to be a Visual XUL IDE similar to Visual Basic, Delphi, Macromedia Dreamweaver and Glade, but for the XPToolkit technology developed by the Mozilla project. The initial goal of Vixen is to allow developers to quickly develop professional quality dialogs and windows without having to write any (or at least much) XUL or CSS by hand. The long term goal is to create a comprehensive development environment for rapid development of XUL applications." EducationSEUL/edu Linux in Education Report. The SEUL/edu Linux in Education Report for September 11 is out. It covers SEUL/edu's trade show presence, and a number of other issues. GamesGnome Games (Show Me Linux). Show Me Linux has an article on Gnome Games. Seventeen different games are described in the article. InteroperabilityWine 20000909 released. A new version of wine, version 20000909 has been announced. This release includes improved Win32 dll loading, more DBCS codepage support, and lots of bugfixes. Wine Weekly News for September 11, 2000. The September 11 version of the Wine Weekly News is out. The 20000909 release of wine is discussed and there is an interview with Alexandre Julliard concerning the future of Wine. Network ManagementOpenNMS Update for September 12. Here is the OpenNMS Update for September 12 with the latest news from the Open Network Management Software project. Office ApplicationsAbiWord Weekly News (Sep 6). The AbiWord Weekly News returns to its regularly scheduled slot with this week's issue. Topics include the Tabs Dialog, a website outage, the imminent release of 0.7.11 and a discussion about AbiWord's development methodology. LyX Development News. The LyX Development News for September 13 is out. It includes a set of photos from the fourth International LyX Developers Meeting. On the DesktopUpcoming release of Snapper development system. Gnome.org has published an article on the upcoming release of the Snapper Development System. " The Snapper Development System enables a Linux GTK+/Gnome application to be "beamed" to a user desktop or web appliance running Linux. Snapper works by embedding the application in an XML file, which can reside in a relational database or on a file or web server, and since the application is GTK+/Gnome based the user will enjoy the "look and feel", and speed of a native Linux program. By using this foundation the possibilities are endless." An Evangelist for Free Software (Time). Time has added Miguel de Icaza to it's list of 100 most influential innovators for the 21st centry. "In an idealistic corner of the computer world, there is a breed of benign engineers called open-source software programmers. They believe in sharing their work rather than selling it." Interview of Miguel de Icaza and Nat Friedman (Linux Planet). Linux Planet's Dennis E. Powell has interviewed Miguel de Icaza and Nat Friedman. " 'This isn't just about free software,' he (Nat Friedman) says. 'It's about the Internet and communications. Certain types of businesses revolved around communicating data, for instance selling music, selling software, weather services, things like this. Now that we have this communications medium which is becoming fairly ubiquitous, and which allows you to transfer information from one place to another very quickly and at relatively low cost, things are changing--certain businesses are just changing. So people have to come up with new ways of making money. Certain industries will die, and certain companies will not be able to keep up and will also die as a result.'" GNOME FAQs posted. Version 1.0 of the GNOME Foundation FAQ has been posted. If you have questions about the newly-created Foundation, that's the first place to look. The latest general GNOME FAQ by Telsa Gwynne is also available. KDE packages are pouring into Debian (Debian Weekly News). The Debian Weekly News talks about getting KDE running under Debian as a result of recent KDE licensing changes. "All of the core of KDE is already present in unstable, and more packages are sure to follow." The People Behind KDE: Matthias Ettrich. KDE.org's Christine Bastian has published the first in a series of profiles and interviews on KDE developers. The first profile is on Matthias Ettrich , founder of KDE. ScienceLinux Med News' top articles. Linux Med News celebrates the publication of its one hundredth article and has published a list of the best articles posted to the site in the last year. Web-site DevelopmentBRL 2.1.16. Version 2.1.16 of BRL, the Beautiful Report Language has been released. BRL is a scheme based language for server side web database applications. Section Editor: Forrest Cook |
September 14, 2000
|
|
Programming LanguagesJavaJava Push (IBM). IBM's Developer Works has run this article by Shawn Bedard on using code written in Java to push Java applets and applications out of a web server. Source code is included with the article. LispNew book: Basic Lisp Techniques. A new book, Basic Lisp Techniques by David J. Cooper Jr. has been made available for download in pdf format. PerlOnline interview of Nathan Torkington (IT World). IT World is running an online interview of Perl 6 project manager Nathan Torkington from September 13 through 15. If you have any burning Perl 6 questions, this is a good place to take them. Perl 6: New From the Ground Up (SD Times). SD Times has run an article that discusses work being done for Perl 6. "While it's been reported that Perl 6 would be rewritten in C++ from its original C, Sugalski said, 'It's far too early to tell in a project this size to be talking about code. It may be C or it may be C++.'" PythonThis week's Python-URL. Here is Dr. Dobb's Python-URL for September 12 with the latest in Python development news. FPIG: FORTRAN to Python Interface Generator Release 2. A new release of FPIG, the FORTRAN to Python Interface Generator has been released. FPIG is a command line tool that allows FORTRAN code to be called from Python. FPIG is licensed under the LGPL license. XML Matters (IBM). IBM's developerWorks has run two parts of an ongoing series by David Mertz on integrating XML and Python. Part One introduces XML, Python, and xml_pickle. Part two discusses the use of xml_objectify for making Python objects out of an XML document. New Python 2.0 documentation packages. A new release of the documentation packages for the Python 2.0 beta 1 release has been announced. Tcl/tkThis week's Tcl-URL. Here is Dr. Dobb's Tcl-URL for September 11. Check it out for the latest happenings in the Tcl/Tk world. Tcl MoveController. A TCL Movie Controller was announced this week. The program is intended to be a: "Tcl-only-QuickTime-look-alike-megawidget-movie-controller". Autodoc 2.4 released. Autodoc version 2.4 is now available. Autodoc is "an application to convert specially formatted documentation embedded into tcl code into a cross-referenced set of HTML pages describing this code." Section Editor: Forrest Cook |
Language Links Erlang Guile Haskell Blackdown.org IBM Java Zone Perl News PHP Daily Python-URL Python.org JPython Smalltalk Tcl Developer Xchange Tcltk.com |
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Commerce page. |
Linux and BusinessRed Hat Center and 'Center Stage'. The Red Hat Center is a non-profit, private foundation endowed by Bob Young and Marc Ewing, the founders of Red Hat, Inc. The purpose of the Center is to support, promote, and engage in a wide range of initiatives to advance the principles of transparent technology. What is transparent technology? "Transparent technology is the general term Red Hat Center uses to describe any type of technology where the public is permitted to see, understand, and possibly improve on what's being developed." This would naturally include Open Source or Free Software. In order to increase public awareness of open source, the Center has launched a series of public forums at Center Stage. Bob Young kicked off Center Stage last Tuesday, September 12. Look for the following people to host Center Stage in the coming months: Paul Jones, Founder and Director of MetaLab ; Tim O'Reilly, Founder and President of O'Reilly & Associates ; and Brian Behlendorf, Founder and CTO of Collab.Net. Intel releases computer vision software for Linux. Intel Corporation has announced the initial release of its "Open Source Computer Vision Library." The library provides a wide range of functions, including gesture recognition, object-tracking, face recognition and camera calibration. Its written in C and released under this open source license and can be downloaded at http://www.intel.com/research/mrl/research/cvlib/. The Open Source Computer Vision Library was first announced at the IEEE Computer Society Conference on Computer Vision and Pattern Recognition in June of this year. It has had two alpha releases prior to this open source release. More open source releases. Network ICE has jumped into a growth market with this announcement for "Altivore," an open source email surveillance system. Now we all can watch how Big Brother watches us... Cadence has announced that its "TestBuilder" testbench library, used by "designers, IP developers, and EDA vendors to develop interoperable testbenches for chip or system design verification," will be released under an open source license. A quick glance at the license text shows it to be roughly GPLish in form; it does require a name change if any modifications are made, though. News from Red Hat. Red Hat has announced the availability of a new set of training courses covering topics like embedded systems, IA-64 engineering, Apache, and secure web server administration. Red Hat has announced the completion of its acquisition of C2Net. New at VA Linux. VA Linux Systems has gotten into the network-attached storage market with this announcement of its "9205 NAS" system. VA's Open Source Development Network has announced the launch of its NewsForge site. Super Computing. IBM has announced the opening of a "Linux Supercluster Briefing Center" at the University of New Mexico. This center will " assist customers in planning their Linux and Linux clusters plans with IBM, and allow them to benchmark and 'test-drive' key applications" Terra Soft has announced the availability of a new, eight-node PowerPC cluster product, running Black Lab Linux. Sandia National Laboratory has put out this announcement on the pending expansion of its "Antartica" Linux cluster. It's growing from "only" 600 nodes to 1600; they expect it to take the 20th spot on the list of the world's fastest computers. MontaVista announces preemptable kernel. MontaVista Software has announced the availability of its preemptable version of the Linux kernel. Nokia's 'Media Terminal'. Nokia has announced the (future) availability of its Linux-based Media Terminal, "a powerful infotainment center for the home." There is also a separate press release emphasizing the open source aspects of the system. "Nokia's commitment to the open source community is strong and Nokia therefore intends to make source code available in order to maximize freedom to create applications for the Media Terminal." Acrylis Inc., launches WhatifLinux Personal Edition. A company called Acrylis, Inc., has announced the availability of "WhatifLinux Personal Edition," which appears to be a software update service. "WhatifLinux Personal Edition provides users with immediate access to software updates, security alerts, patches and the latest open source software information right from their Web browser." Pogolinux offers free Linux CDs. Pogolinux has posted an offer of a free Linux CD, sent through the mail, to anyone who asks. It even comes with a month of email support. They don't say so, but the design of the entry form suggests they are only prepared to ship within the U.S. Press Releases:Open Source ProductsUnless specified, license is unverified.
Commercial Products for Linux
Products Using Linux
Products with Linux Versions
Java Products
Support and Service
Books and Training
Partnerships
Investments and Acquisitions
Financial Results
Personnel
Linux At Work
Other
Section Editor: Rebecca Sobol. |
September 14, 2000
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Linux in the news page. |
Recommended ReadingHow Big Blue fell for Linux (Salon). Andrew Leonard has posted the next installment of his Free Software Project book on Salon; this piece looks at how IBM and Linux came together. "The story of how IBM made friends with free software hackers, from the early days when it dipped its toes into the Apache Project to its current headfirst plunge into Linux, is not the story of a carefully executed strategy. It is instead a tale of contingency, luck, a few committed engineers and a few canny executives. Its twists and turns hinge on the results of combating agendas, political maneuvering and software ambition. At its most mundane, it is a story that hints at how the battle for dominance over new software markets will be waged over the next few years." (Thanks to Paul Hewitt). A bug in the legal code? (Salon). Salon talks with David Touretzky, the professor who gave the first amendment testimony in the New York DVD case. "What was the judge thinking? If he really wants to prevent people from telling others where to get the code, he should have made it illegal to publish the URL in any form. But that would make the fascist nature of his ruling even more painfully obvious. Instead he's opted for a fig leaf, although I can't imagine how he could do this without embarrassment." Go read it. Patents and LicensesPatents vs. Antipatents (Newsforge). Newsforge has printed an excellent article on patent issues and patent reform. "'The problem with our patent system is not clueless examiners,' Hargrave and Malamud write. 'The problem is a classic management bureaucracy coupled with an environment changing at the pace of Internet time. The current system is no surprise. The Congress has given the Patent Office a charge to make money ... Patent examiners are on quotas to produce more patents, not better patents.'" [Thanks to Karl Vogel]. Open source licensing battle comes to an end (Upside). Upside takes a look at recent signs of the power of the GPL, including Trolltech and Sun's recent decisions. "On Monday, both Eng and KDE project leader Matthias Ettrich cited the recent OpenOffice announcement as one of many influences on their decision to throw in the towel and add a GPL-licensed version of Qt to the company software lineup." CompaniesA Sneak Peek at Nautilus from Eazel (LinuxPlanet). LinuxPlanet has put up this look at the latest Nautilus release; it also gets into Eazel and its relations with the GNOME project. "Commenting on the project's stability is pointless at this stage in the process: the Nautilus team put their efforts up not to provide a day-to-day file manager, but to give the community at large a chance to see what their efforts are leading up to. Our experience over several days ranged from being unable to keep it running for more than a minute to leaving it up and being able to look into various features for several hours." Open source: KDE hits back at GNOME (ZDNet). ZDNet reports on rumors that the KDE project may be about to set up a "foundation" of its own. "But sources close to the KDE Project say the group is now leaning toward establishing an alternative to the GNOME Foundation, tentatively called the KDE League. Among the expected backers, sources said, are Linux distributors including Caldera Systems, Mandrake and SuSE." MontaVista unveils fully preemptable Linux kernel prototype (LinuxDevices.com). LinuxDevices.com reports on MontaVista's new preemptable Linux kernel. "The prototype kernel modification is currently showing better than a 10-fold improvement in worst-case kernel responsiveness, but is expected to reach gains of 100-fold or better, by the time the technology is incorporated into MontaVista's Hard Hat Linux distribution in the January 2001 timeframe." Embedded Linux companies square off in PR shoot-out (Upside). Upside looks at MontaVista's preemptable kernel announcement. "From a strategic perspective, last week's MontaVista announcement served two purposes: first, it win over real-time application developers to the concept of working on the actual Linux kernel rather than an RTAI-derived emulation; and second, to lobby the inner circle of kernel developers such as Linux creator Linus Torvalds on the importance of including further real-time development in the upcoming 2.5 and 2.6 versions of the kernel." Linux Getting Its Game Face On (Wired News). Wired News looks at Loki Software and its role in porting games to Linux. "But although its games have been highly acclaimed among Linux aficionados for being virtually indistinguishable from the Windows originals, Loki has made a far greater contribution to the gaming industry: In the process of converting Windows games for Linux play, the company has created a number of open-source development tools billed as an alternative to DirectX, Microsoft's set of proprietary, Windows-only game development libraries." Investor AM: Red Hat in the spotlight (ZDNet). ZDNet looks forward to Red Hat's earnings announcement, due Thursday. "Aside from the usual top-line and bottom-line tallies, analysts are looking for fissures that could indicate problems ahead. Analysts are projecting a loss of 2 cents a share on sales of about $18.5 million to $19 million. And, oh by the way, a new CFO would be nice too." VA Linux plunges into booming storage market (News.com). News.com covers VA's new network-attached storage system. "The product offers the ability to send email alerts to VA and customer support personnel, the company said. It also comes with Linux's new ext3 'journaling' file systems, a technology that logs file changes and therefore enables a server to recover from a crash more quickly." Details of Nokia's MediaScreen (LinuxDevices.com). Here's a closer look into the details of Nokia's Linux-based MediaScreen. "The Mediascreen runs an embedded Linux operating system, and makes use of a unique Nokia software device, called navibars, to make it easier for viewers to locate desired programs and services." The AIX and pains of 64-bit computing (ZDNet). This ZDNet column looks at IBM, Caldera, and Monterey. "Strong words, but ironically the commandeering of Monterey by IBM may suit Caldera's interests better than those of the pre-Caldera SCO. Having IBM maintain AIX L at the very highest end -- in the thin air of 32-CPU systems and huge installations, which Linux won't be ready to handle for a while -- leaves Caldera to concentrate on the low end where Linux and SCO 32-bit operating systems are jostling for the same mind share." Commentary: After SCO deal, Caldera needs a Linux-Unix vision (News.com). News.com offers some advice to Caldera on how to make the SCO deal work. "To keep SCO customers from drifting to Windows 2000, Caldera must deliver a coherent road map for SCO's OpenServer and Caldera's OpenLinux and must clarify the data center UnixWare strategy for Intel's IA-64 processors (from SCO's work on Project Monterey)." SCO slashes its work force by 19 percent (ZDNet). ZDNet reports on the SCO job cuts. "Caldera Systems CEO Ransom Love said that the bulk of the cuts would come from the SCO side, but that a few Caldera people would be cut, as well. 'This is clearly a SCO layoff, not a Caldera layoff,' Love said. 'We are simply positioning the (combined) company to be profitable before any other Linux company is.'" BusinessClose Enough for Government Work? (LinuxNews.com). LinuxNews.com looks at open source and security especially in regard to use by the U.S. government. "Linux is up against some stern arguments against its use in secure government computing--arguments open source security experts are happily blowing apart." Two SuSE Linux Apache Vulnerabilities Identified (ZDNet). ZDNet reports on two security problems with SuSE's version of Apache - both are difficulties with the default configuration. "One vulnerability allows a malicious user to read passwords and discern network structure while the other allows a malicious user to create or browse file directories on a Web server." Linux VCs Coming Back? (Andover.Net). Here's an Andover.Net column on how venture capitalists are once again beginning to fund Linux businesses. "Forrester Research, among others, thinks Linux could be IBM's chance to retake its old position as the 'Infrastructure Gorilla' of the computing industry. And if IBM is betting much of its future on Linux, that's good enough for many in the venture community." (Thanks to César A. K. Grossmann). Linux great and small (ZDNet). ZDNet UK looks at Beowulf clusters. "Beowulf has a way to go before it delivers cheap, high-performance, high-security computing. Not all computing operations are amenable to being spread across a lot of independent systems, and in any case the application software needs to be written specifically for clustering. But some traditional applications can use Beowulf to maximise online availability -- servers and some database systems, for instance -- so there's an attraction for ordinary business users already." Supporting WAP in Linux (LinuxDevices.com). LinuxDevices.com has put up a white paper on supporting the Wireless Application Protocol in Linux. "For many in the Linux community, WAP -- the Wireless Application Protocol -- leaves a bittersweet taste because of its semi-open nature. The WAP forum is an elitist club for telecommunication giants that requires $27,500 up front and does not promote open discussion about its specifications." Two Rivals, One Destination (ZDNet). ZDNet compares IBM's and Sun's strategies for Linux. "Most recently, IBM CEO Lou Gerstner and Sun CEO Scott McNealy have hitched a ride with the Linux parade. It's sure to be an interesting trip. Both companies hope to maintain certain proprietary ad vantages, while opening up their respective Unixes just enough to support mainstream Linux tools and user interfaces." The article spends most of its space on Solaris and AIX, though. MS on Linux: Thanks, but no thanks (ZDNet). ZDNet talks with Microsoft product manager Doug Miller about Linux. "Microsoft knows where it doesn't want to go, Miller says, and that's headlong into the open-source camp. Microsoft wants to stay a for-profit software company that charges for products and services. And it has no use for open-source development models, he says, claiming that Microsoft's existing peer-review and beta-testing processes give Microsoft better quality control than open source can provide." Linux can't compete (Australian IT). Here's a report in Australian IT on Bill Gates' latest comments on Linux. "'The myths of Linux just don't add up,' he said. 'It's not free unless you don't place value on the costly development and support resources it takes to make it work.'" See also: this response from Paul Ferris in LinuxToday. "Mr Ferris said he remained confident that the marketplace would be competitive for years to come. He also said that Linux would surprise even the most clueless of market analysts and journalists by gaining a sizeable desktop share in the next couple of years." (Thanks to Gary Shears). Is Microsoft Going Down The Tubes? (ZDNet). Here's a ZDNet column suggesting that Microsoft will soon be "just another company," with Linux getting much of the credit for bringing about the change. "The usual response to that by Microsoft fans is, 'But there aren't any applications!' Give me a break. You've got Sun's Star Office and VistaSource's Applixware for office work, Netscape Navigator for a browser and mail readers that aren't susceptible to Outlook Transmitted Diseases (OTD) like Melissa. That argument hasn't held water for years." ResourcesSeptember LinuxFocus available. The September issue of LinuxFocus is now available. It includes articles on REBOL, MagicPoint, Bastille Linux, and more. LinuxDevices.com Embedded Linux Weekly Newsletter. Here's the LinuxDevices.com Embedded Linux Weekly Newsletter for September 7. As usual, it contains a comprehensive summary of events and coverage in the embedded Linux arena. Using Postfix (BSD Today). BSD Today has put up this tutorial article on installing Postfix, an alternative mail system. "Tired of the sendmail's cryptic configuration, or do you find yourself complaining about its speed? Well then, postfix could be the MTA for you." Gnome Games (ShowMeLinux). ShowMeLinux rates several GNOME games. "Gataxx: D+. Um. is this Othello? It looks like Othello, it plays like it. Or is Gataxx some other Shakespeare play I didn't read in high school. No help, no instructions. It's just black and white pieces, it must be easy." ReviewsReview: Think Unix (Danny Yee's Book Reviews). Danny Yee reviews Jon Lasser's Think Unix. "Rather than trying to be a detailed guide to a particular system, a comprehensive reference work, or a source of answers to particular problems, Lasser tries to teach the fundamental concepts of Unix and the Unix way of thinking. He also captures something of the way in which Unix is a way of life and a culture, not just an operating system, with a good leavening of humour, history, and hackish lore." InterviewsSoftware That's Free For All (MSNBC). MSNBC is running an interview with Miguel de Icaza, originally from Newsweek. "We at Gnome are developing features that we want to see in the next generation, but often people want features other than the ones we planned for. By accepting contributions from users, we've been able to make software that has a lot more features for the desktop. We have some of the most exciting software out there." Section Editor: Rebecca Sobol |
September 14, 2000 |
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Announcements page. |
AnnouncementsResourcesLPI news. Here's the Linux Professional Institute newsletter for September 6, 2000. Also LPI announced the Polish language version of the LPI web site. EventsSecond Annual Linux Storage Management Workshop. The Second Annual Linux Storage Management Workshop will be held October 15 to 19 in Miami, Florida. The list of speakers has been posted; it contains many prominent names. If you are interested in Linux and data storage, this looks like the place to be. September/October events.
Additional events can be found in the LWN Event Calendar. Event submissions should be sent to lwn@lwn.net in a plain text format. Web sitesLinuxfool.com passes on the torch to IQLinux.com. Linuxfool.com, a question and answer website, has handed over their operation to IQLinux.com. User Group NewsSkåne Sjælland Linux User Group. SSLUG presents a new and updated version of "The Big Danish Word List", which can be used by spell checking programs. "The Big Danish Word List" is issued under the General Public License (GPL). SSLUG is a joint Swedish and Danish Linux User Group. LUG Events: September 14 - September 28, 2000.
Additional events can be found in the LWN Event Calendar. Event submissions should be sent to lwn@lwn.net in a plain text format. |
September 14, 2000 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Software AnnouncementsSoftware announcements sorted by license will be available next week.
|
Our software announcements are provided courtesy of FreshMeat
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Back page page. |
Linux Links of the WeekIf you've not yet had enough real-time Linux for the week, the Real-Time Linux HOWTO should be able to fill in the gap. It is a comprehensive resource covering everything in the real-time area. Tired of bloated executables? Have a look at A Whirlwind Tutorial on Creating Really Teensy ELF Executables for Linux on the MuppetLabs site. If you're determined, you can make them really small... (Thanks to Nicolas Pitre). Section Editor: Jon Corbet |
September 14, 2000 |
|
This week in historyTwo years ago (September 17, 1998 LWN): Some people began to question the role that Richard Stallman was playing in the Linux world. An LWN article on the subject drew more hostile mail than anything else we have ever written. RMS is as uncompromising as ever, but somehow he seems less controversial these days (KDE "forgiveness" editorials notwithstanding). To an extent, that may be because his points on freedom have sunk in. The development kernel was 2.1.112; it was in the 2.2 feature freeze. 2.0.36 was in the prepatch stage; people were complaining because Alan Cox would not include patches to make gcc 2.8 and egcs compile it correctly (due to stability concerns). Shipments of the international version of SuSE 5.3 were halted due to an unpleasant installation problem. One year ago (September 16, 1999 LWN): a company called "Channel One Gmbh" registered the "Linux" trademark in Germany. Whatever their plans were, they didn't last long. Under great pressure, they caved in and signed the trademark over. IBM's first "Red Hat Certified" laptop turned out to not run Linux very easily or well; see the lengthy instructions on how to make it go. The development kernel was 2.3.18; this kernel saw the long-awaited integration of PCMCIA support into the mainline source tree. Linus also announced a feature freeze: The feature freeze should be turning into a code freeze in another two months or so, and a release by the end of the year. And as everybody knows, our targets never slip. It is, of course, one year (and quite a few new features) later... Caldera 2.3 was released that week, as were LinuxPPC 1999 Q3 and Yellow Dog Champion Server 1.1. Corel put out its first call for beta testers for its upcoming distribution. And SuSE 6.2 got a review: My view is that, if you study SuSE Linux, you'll see a revolution in the making that will devastate current hi-tech business models, causing a fundamental shift in the computing world. I found that Linux was the Aladdin's Cave of computing.
Cobalt Networks surprised people by becoming the second Linux company to file for an IPO. | |
|
Letters to the editorLetters to the editor should be sent to letters@lwn.net. Preference will be given to letters which are short, to the point, and well written. If you want your email address "anti-spammed" in some way please be sure to let us know. We do not have a policy against anonymous letters, but we will be reluctant to include them. | |
Date: Thu, 07 Sep 2000 11:09:02 +0200 From: Fred Mobach <fred@mobach.nl> To: letters@lwn.net Subject: Cuecat drivers Hello, In LWN of September 7 you noticed that "The case appears weak, but the company has managed to get the :CueCat drivers pulled down - for now". But on Linux Today I found a talkback at http://linuxtoday.com/news_story.php3?ltsn=2000-09-01-012-06-NW-CY where is stated : "Still available in Europe You can find it here : ftp://ftp.flashnet.it/mirror/8/linuxberg/files/console/network/cuecat-0.0.5.tar.gz ftp://ftp.tuniv.szczecin.pl/dsk4/Linuxberg/files/console/network/cuecat-0.0.5.tar.gz ftp://ftp.uakom.sk/pub/linuxberg/files/console/network/cuecat-0.0.5.tar.gz ftp://ftp.datacomm.ch/.3/linuxberg/files/console/network/cuecat-0.0.5.tar.gz ftp://ftp.sektornet.dk/mirrors/mirror.linuxberg.com/files/console/network/cuecat-0.0.5.tar.gz ftp://ftp.uni-c.dk/mirrors/mirror.linuxberg.com/files/console/network/cuecat-0.0.5.tar.gz" Regards, Fred Mobach fred@mobach.nl | ||
From: "Lindenmayer, Louie L" <Louie.Lindenmayer@PSS.Boeing.com> To: "'letters@lwn.net'" <letters@lwn.net> Subject: Digital Convergence vs. FooCat Date: Thu, 7 Sep 2000 11:02:57 -0700 If a Linux driver is developed indepedently and released GPL'd because the original developer was Windows-centric, then the original developer threatens litigation against the Linux developers, will the original developers be able to make a Linux driver that won't infringe on the GPL'd code and would they have to prove it? Could the original developer invalidate and usurp the GPL'd code on the basis of 'illegal reverse-engineering'? *************************************************** Louie L. Lindenmayer III E/E WIRS SUPPORT - North NEW --> (425) 266-8290 <-- NEW http://wirs.ca.boeing.com | ||
Date: Fri, 08 Sep 2000 10:52:36 -0500 From: Pete Flugstad <pete_flugstad@icon-labs.com> To: stephens@cnet.com, letters@lwn.net Subject: Re: Unix, Linux computers vulnerable to damaging new attacks Mr Shankland, You missed a couple of points in your article: One, this particular bug is, to be blunt, "nothing new". Anyone who has spent ANY time at all programming in C is going to run into it or something like it. Since just about every major OS out there, including Linux, all Unix varieties, ALL MS Windows varieties, and just about every RTOS (VxWorks, pSOS, etc), use C as the basic language, they are ALL vulnerable to this type of attack. That's right, MS Windows, including NT & 2000, are vulnerable to this type of thing. The bug fundamentally stems from the nature of C programming, and the printf (and related) library functions, used for printing out messages. Just about every program/OS out there uses a form of printf, EXTENSIVELY. Just about all the text you see on your screen right now, window titles, icon labels, menu entries, was created with printf at one level or another. So, the fact that we haven't seen similar attacks on Windows is just because no one has really tried... yet. Second, you miss the point of the Linux's open source license. Since it is open, and we have the source code, we CAN go through and audit the code for this type of thing. That is precisely what is happening here, and it's why these are popping up now. Previously, Unix/Linux was not a large enough installed base for anyone to bother auditing the source, as the number of targets for these types of attacks was not worth it for a Cracker to bother with. Now, as Linux and Unix are gaining popularity because of their stability and usefulness as web/internet servers, it's becoming important to do this type of security audit. Go ask MS if you can audit the 40+ million lines of Windows 2000 source code for bugs like this. Don't blame me when they laugh you out of the building. And don't believe them when they say they've done this already. If Sun/IBM/HP have not yet done it with all the years they've had their respective versions of Unix, there is no way MS has done in in the small amount of time they've been shipping Win2k, with its millions of lines of new code in the last 4 years. Pete Flugstad Sr. Software Consultant Icon Labs | ||
Date: Mon, 11 Sep 2000 13:22:30 -0400 From: David Wittenberg <dkw@cs.brandeis.edu> To: letters@lwn.net Subject: Profitable Open Source company Cygnus support was created almost 10 years ago to provide support for open source products. John Gilmore told me that they were quite profitable their first year, and I expect most years after that. They have since been bought by RedHat. -- --David Wittenberg dkw@cs.brandeis.edu | ||
Date: Sun, 10 Sep 2000 04:58:25 -0600 From: Dylan Griffiths <Dylan_G@bigfoot.com> To: letters@lwn.net Subject: Confused about GPL comments. I was reading the 7th of September, 2000 LWN when I happened upon this piece from Martin Cracauer <cracauer@BIK-GmbH.DE>: "The GPL tries to eleminate (sic) all software that is not GPLed or can be made so. That is a problem for people like me who use much software under different licenses where none of the clauses is a problem for me (i.e. the formerly BSD advertising clause and many university licenses)." And I'd just like to say: the author of the code decides on the licence. They take the time to look, examine, and evaluate the licences. The GPL itself is not a sentient entity, nor is it a living entity. It is not a virus. It is not anything organic. It is simple a licence written by a man, RMS, who wants to ensure that if you make big changes and distribute them -- that you include the source so that you pass on the freedom to modify you used in the first place. Now, this may sound like I'm a GPL lover. I'm not. I just can't stand to see licence bigotry by people who think that licences are living entities which seek to 'infect' other programs. That's just ludicrous. If you don't agree with that part of the GPL -- don't use the GPL. And if you want to link with a GPLed program, get one side to grant an exclusion for the other side. Instant legality without the "viral" nature. -- www.kuro5hin.org -- technology and culture, from the trenches. | ||