Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page All in one big page See also: last week's Back page page. |
Linux Links of the WeekTheGeek.org is another amusing news site, apparently relatively new. Check them out now, before they get popular... The plug was apparently just pulled on the last Multics machine. Multics had a great influence over many of the systems that followed, including Linux. Have a look at this RISKS posting by Peter Neumann on the goals of the Multics project; more can then be found at the Multicians.org site. Section Editor: Jon Corbet |
November 16, 2000 |
|
This week in historyTwo years ago (November 19, 1998 LWN): Trolltech announced that the Qt library would be released under an open source license. That license, the QPL, was truly open source, but remained controversial anyway. The Qt licensing issue didn't really die down until the library was relicensed under the GPL this year. Bruce Perens warned about the danger of trojan horse software. Two years later, there have been very few trojan incidents, but the danger is probably more real than ever. Stable kernel 2.0.36 was released with the first known application of "holy penguin pee." According to Linus: This, btw, is not something I would suggest you do in your living room. Getting a penguin to pee on demand is _messy_. We're talking yellow spots on the walls, on the ceiling, yea verily even behind the fridge. However. I would also advice against doing this outside - it may be a lot easier to clean up, but you're likely to get reported and arrested for public lewdness. Never mind that you had a perfectly good explanation for it all.
The Linux Journal Editor's Choice Awards went out...the product of the year was Netscape Communicator, the "most desired port" Quark Xpress, and the best new hardware was the Corel Netwinder. Some awards just don't stand the test of time... Slackware 3.6 was released. Both Red Hat and SuSE announced support programs for their distributions. Red Hat hired Matthew Szulik to be the company president. VA Research (now VA Linux Systems) received a venture investment from Sequoia Capital, and Netscape purchased "NewHoo," which has since become the Open Directory Project. FUD of the week: Linux may be a great way for computer-literate individuals to get under the hoods of their computers for little cost, but it's nothing more than a convenient form of protest and public relations for the major software vendors that plan to support it. If nothing else, the Linux community has an influence beyond its numbers, and getting on its good side might help sales elsewhere. As long as Linux remains a religion of freeware fanatics, Microsoft (and other NOS vendors) have nothing to worry about.
One year ago (November 18, 1999 LWN): The first Linux Business Expo happened as part of Comdex in Las Vegas. The Linux Professional Institute completed its first certification exam, finally. SuSE 6.3 was announced - though it was not due to hit the net until December. Mozilla M11 was released. Rumors were circulating of a new company to be formed by GNOME hackers Miguel de Icaza and Nat Friedman. Red Hat's purchase of Cygnus Solutions was confirmed. VA Linux Systems decreed that its IPO would happen at $11-13 per share - rather short of the $30 that it eventually went out at (but fairly close to today's price). Scary thought of the week: I don't think people realize just how close we came to a Microsoft-dominated Web. If Microsoft, having trounced Netscape, hadn't been surprised by the unexpected strength of Apache, Perl, FreeBSD and Linux, I can easily imagine a squeeze play on Web protocols and standards, which would have allowed Microsoft to dictate terms to the Web developers who are currently inventing the next generation of computer applications.
Advogato hit the net. | |
|
Letters to the editorLetters to the editor should be sent to letters@lwn.net. Preference will be given to letters which are short, to the point, and well written. If you want your email address "anti-spammed" in some way please be sure to let us know. We do not have a policy against anonymous letters, but we will be reluctant to include them. | |
Date: Fri, 10 Nov 2000 09:53:40 -0800 From: Jean Tourrilhes <jt@bougret.hpl.hp.com> To: lwn@lwn.net Subject: IrDA status in 2.4 Hi, I'm writting to Jonathan Corbet, about the blurb he wrote in this section of the LWN : http://lwn.net/2000/1109/kernel.php3 You assesment of the IrDA in kernel 2.4 situation is both premature and innacurate : 1) Don't take all Linus words for granted, patch size is not the only issue : http://www.uwsg.indiana.edu/hypermail/linux/kernel/0011.1/0023.html 2) This is not a "last minute query", there has been an ongoing process of trying to get IrDA in the kernel in the last 6 month (I personally sent mails/patches to Linus in August), it was just private. 3) Don't underestimate the difficulty of feeding patch to Linus when he give absolutely no feedback whatsoever and totally ignore what you are doing. Alan Cox is much easier to work with. 4) Don't over estimate the ability of Linus to understand and appreciate patches for a large body of code he is unfamiliar with and in a area where he doesn't have experience. 5) This kind of flame is unfortunately the only way to get things moving. I don't like it. That's it ! Jean | ||
From: Zygo Blaxell <zblaxell@genki.hungrycats.org> Date: Tue, 14 Nov 2000 13:00:35 -0500 To: letters@lwn.net Subject: Re: Linux's security Kevin Breit <battery841@mypad.com> wrote: >I know that the Linus and Co. think it's nazi-admin, but enable wheel >group on Linux distributions by default. Funny, I've been called a Nazi administrator more than once, but I don't agree. :-) Wheel-group just trades setuid security holes for setgid security holes, without solving the real problems: buggy programs (setuid or not) with privileges, plaintext passwords, and unsecured communications channels. On the other hand, wheel-group introduces new administration procedures and interoperation difficulties. Better to remove the setuid bits entirely from /bin/login and /bin/su, and disable or completely remove from the system any software that allows login as root in ways not explicitly approved by the "wheel" people. The vast majority of users are much better off if they can only get root privileges by logging into the console (or via ssh, if remote root access is a requirement). >But Linux definatly doesn't touch OpenBSD's quality in regards to >security, and I feel it's arguable that it has some catchup to do with >FreeBSD. I've been following both the FreeBSD and Debian (GNU/)Linux security situation for some time now. My experience suggests that Debian and FreeBSD are fairly evenly matched (within a few weeks of each other) in terms of security issues. Both distributions consist of three categories of packages: essential software, optional but installed-by-default software, and optional but not-installed-by-default software. There is little security distinction between Debian and FreeBSD within each category: both sets of essential software tend to be very secure, while both sets of non-essential software tend to have multiple exploitable vulnerabilities exposed every week, and both sets of installed-by-default optional software fall somewhere in between. Every now and then, a vulnerability is found even in the essential software category, but when that happens both Debian and FreeBSD release upgrades within days (if not hours) of each other. Both Debian and FreeBSD feature some kind of mostly automatic upgrade mechanism for end users which can be used to install security patches in a painless and timely manner. Now that I've said all that: there is a gap between Debian and other Linux distributions, and it goes both ways. Some Linux distributions are as fanatical about security as the OpenBSD people (although they don't have OpenBSD's four year head start). On the other hand, I'm sure we all know of at least one Linux distribution where some trivial but essential task is by default performed with the "assistance" of millions of lines of unaudited GUI code cobbled together from two or three competing X11 toolkits, written by people who barely understand C, let alone concepts like system() exploits or /tmp races, all running under root privileges and 'xhost +'. Heck, even Debian has optional packages like that if you want to install them. ;-) Granting software the freedom to evolve guarantees only different results, not better ones. ;-) | ||
Date: Thu, 09 Nov 2000 14:29:23 +0100 From: Simone Lazzaris <sw2@task84.it> To: letters@lwn.net Subject: Again about Microsoft Network compromise Hi all I just want to make some remarks about the recent network compromise at Microsoft and to reply to some letters read here on lwn about the "not so exceptional" security in linux-based systems. I think that, while it's true that almost all big distro ships with big security holes, the impact of this exploit is not just about the reliability of an OS, but falls into the realms of the security paradigm. I mean, we all know that every system can be breaked. It's just a matter of time. But hiding security holes, encrypting password with XOR, putting security bits in quirk places - in other words, security through obscurity - that Microsoft preaches cannot be hold if the source code can be exposed. And with this network compromise we all know that the source code can (and maybe was) be exposed. They don't have any more excuses. We cannot trust Microsoft on security subject. Full Stop. (Not that *I* ever trusted them. But this is another story). --- Simone Lazzaris simone@omni.it | ||
Date: Thu, 09 Nov 2000 08:40:54 -0600 From: Michael Coyne <coynem@airwire.com> To: lwn@lwn.net Subject: GNOME Office: StarOffice vs. Abiword Having used both Staroffice's word processor and Abiword extensively since their early days, I would not really be in favour of Staroffice becoming the de facto word processing standard under Gnome--it's large, clunky and slow. Abiword is small, lightweight, and does what I need--I also find it far easier to use. I think it would be a real shame if Abiword died out because of Staroffice--but I don't think it will. Let Sun concentrate on Staroffice. I think that we in the free software community should concentrate on things like Abiword and gnumeric. Do we really want to be dependent on Sun for our office software? Sure, it's open source--but the code remains Sun's property, even if we write it. Sun is a big proponent of Linux right now, but I wouldn't be surprised to see them drop it like a hot potato if the marketplace changes. Regards, Michael -- Michael Coyne coynem@airwire.com | ||
To: letters@lwn.net Subject: AbiWord vs. OpenOffice: Who's Gnomey? From: Alan Shutko <ats@acm.org> Date: 09 Nov 2000 11:18:03 -0500 In reference to AbiWord does not really see itself as a GNOME project - they want to produce "the world's word processor." Thus, AbiWord runs on platforms not supported by GNOME - things like BeOS and, yes, Windows. There is little or no desire on their part to narrow their focus at this point. At this point, both the AbiWord and OpenOffice developers have their eyes set on producing a cross-platform application. The OpenOffice mailing list archives hold a number of examples where something was done to ensure cross-platform builds or functionality. IMO, it's too early right now to try to predict how either application will fit into "GNOME Office". Many of the technologies being developed (bonobo, for instance) are under rapid development, and it will be a while before the best ways to use them are understood. Eventually we (as a community) will be able to decide the best way to proceed. (Me, I'm patient. I remember when nobody thought a "word processor" project could succeed, because so many had started and died. The amount of progress made in the last couple years is amazing.) -- Alan Shutko <ats@acm.org> - In a variety of flavors! 1 days, 23 hours, 26 minutes, 37 seconds till we run away. Never trust an operating system. | ||
From: "Mason, Gerard" <gm95015@GlaxoWellcome.co.uk> To: "'letters@lwn.net'" <letters@lwn.net> Subject: Eazel Online Storage Date: Fri, 10 Nov 2000 17:49:27 -0000 Since Nautilus is GPL'd, does anyone know if it is easy, or even possible, to replace Eazel's Online Storage facility (and perhaps, though it is not so important, the Software Catalog facility), with A.N. Other ISP's? Ideally the user would simply have to change a line in a configuration file. It wouldn't matter too much if ISPs had to do a fair bit of implementation to support this, since they would only have to do it once. Is the server-side source code (assuming there is any) also GPL'd? Gerard Mason. | ||
|