Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise
news for all interests
Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters
Other LWN stuff:
Archives/search
Recent features: Here is the permanent site for this page. See also: last week's LWN.
|
Leading items and editorialsThe Caldera/SCO deal completes. Caldera Systems - now Caldera International - announced on May 7 that its acquisition of much of SCO had finally been completed. It has been a long process - the deal was originally announced last August. With this acquisition, Caldera now claims to be "the largest Linux company in the world." Certainly it will be a change for the company, and perhaps for the Linux industry in general. Caldera is getting SCO's Server Software and Professional Services divisions, along with UnixWare and OpenServer. This all brings:
None of this comes for free, of course. SCO gets $23 million in cash now, another $8 million in installments after a year, and 16 million shares in Caldera. If Caldera manages to make more than expected from OpenServer, SCO gets a 45% cut of the excess as well. All that revenue looks nice, but it's best not to lose sight of the overall picture, as found in the registration statement (warning: 2MB of legalese) filed in March: Caldera has not been profitable. The server and professional services groups have not been profitable and their revenue has been declining. Somehow Caldera is going to have to find a way to arrest the fall in SCO's revenues while cutting enough costs to actually make a profit. As an added little challenge, Caldera gets the costs of the SCO groups immediately, but none of their accounts receivable or bank balances, meaning that those groups will be a dead weight until the new invoices go out and get paid. Caldera has money in the bank, even after handing $23 million to SCO, but it may well see those reserves shrink quickly in the near future. Caldera's hopes, of course, are to work the company firmly into the enterprise market by way of SCO's existing extensive customer base and deployments. The current UnixWare and OpenServer business can be extended by improving those products' interoperability with Linux. Meanwhile, as SCO customers begin to think about transitioning over to Linux, Caldera will be very nicely positioned to help them out. With luck, SCO's customers will drive Caldera's Unix and Linux business for years to come. It might just work, if Caldera can manage to keep the attention and loyalty of SCO's customer base, and if it can get revenue and expenses a little better in line. Those are big ifs, but nobody said that the business world was easy. This is a new phase in the development of the Linux business community, we're most curious to see how it will turn out. No profitable businesses? That said, give us a moment to gripe about one sentence buried deep within the Caldera/SCO registration statement: Caldera knows of no company that has built a profitable business based in whole or in part on open source software. Is it really true that no open source company has been profitable? How about:
Business is hard, and free software business may yet prove to be harder than many others. But it should not be said that nobody has succeeded. PriorArt.org enters the software patent fray. A new site called PriorArt.org has announced its existence. This site is positioned as a way for free software developers to avoid having their techniques patented out from underneath them. The idea is this: patents can be invalidated by a demonstration of "prior art" - proof that somebody else had already invented the technology of interest. Prior art must be documented, however; it's not enough for somebody to say that they were using a technique years ago. It is also highly preferable that the prior art be available to patent examiners when a patent is applied for. When the information is easily available, the patent should be denied at that stage. Otherwise a court case may be required to bust a patent that has been issued, and that is an expensive proposition. So PriorArt.org is inviting free software developers to disclose their innovations through their site. Disclosures go into a large database, which may be searched by anybody. It is claimed that this database, which is maintained by IP.com, is consulted by patent examiners. Disclosures are timestamped and notarized (somehow) so that there is no doubt as to the timing of any particular discovery. This approach thus differs from BountyQuest, which focuses on digging up prior art to break patents which have already been granted. The service is not truly free. The normal charge for this sort of disclosure through IP.com is $19.95. This charge is not being waived for free software disclosures; instead, donations are being solicited to purchase "publication vouchers" for free software inventions. IP.com thus hopes to make money from this operation - and an extensive database full of inventions could prove useful as well. Any effort which helps defeat software patents is helpful, certainly. There are some problems with this approach, though, that could affect its long-term success. For example, consider the problem of who will actually disclose inventions through this system. Free software developers are busy people who are unlikely to find the time to write up every "invention" and feed it to a web site - especially a web site for a proprietary database which requires a credit card number even to submit a "free" disclosure. Remember also that the most obnoxious software patents cover techniques that seem obvious to developers. Reasonable hackers don't tend to think that a little function they just put together might be patentable. Disclosures will also be limited, of course, by the number of donations received to pay for them. At $20 per disclosure, the bill could get high fairly quickly. But, more to the point, free software developers already disclose everything they invent, in the clearest possible form: working code. Source repositories on SourceForge and many other sites contain a detailed, time-stamped history of free software development. Rather than try to convince developers to write up their techniques, it would be preferable to find a way to mine the incredible database of prior art that already exists. A detailed of the kernel, gcc, emacs, PostgreSQL, or any other significant free software project would probably yield more prior art than will ever find its way into PriorArt.org. In the end, however, this is all defensive action, based on the idea that the patent system is really OK, the only problem is that insufficient information is available to patent examiners. If you believe that the real problem is in the concept of software patents to begin with, these approaches will seem inadequate. Wouldn't it be better if we could fix the patent laws, and prevent software patents from being implemented where they do not yet exist? Bruce Perens: Software Patents vs. Free Software. For a different approach to software patents, consider this lengthy piece by Bruce Perens: Ironically, some of the biggest patent holders are the Free Software Community's own partners, companies like IBM and HP that have aggressively incorporated GNU/Linux into their business plans and expect significant revenue from it before long. IBM is said to hold 10% of software patents, and HP is one of the largest patent holders in general. It's important for us to start a dialogue with these and other partners. That's why I am calling a summit meeting on Free Software and The Law.
This meeting will have some specific goals, including getting a formal promise from the companies involved that they will not sue free software developers for patent infringement. Even better would be a promise to defend developers from patent suits brought by others. The companies involved in the meeting are, after all, benefitting from the work of these developers. It will be interesting to see what comes of this summit, but patience will be required - it's happening at the end of August, after the LinuxWorld conference.
Inside this week's Linux Weekly News:
This Week's LWN was brought to you by:
|
May 10, 2001
|
Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Security page. |
SecurityNews and EditorialsImmunix 7.0 commercial release. Immunix 7.0 is now commercially available for those wishing to buy their own CD. It comes with a subset of Red Hat 7.0 with the majority of the binaries recompiled using StackGuard and FormatGuard-enhanced compilers, thus protecting users from most buffer overflows and format string vulnerabilities, whether known or unknown. It also includes SubDomain, a kernel extension providing "least privilege confinement", the ability to specify exactly precisely what files a program can access and what actions it can perform. Before you go out to purchase Immunix 7.0, though, you need to be aware of the licensing changes that have occurred between the release of Immunix 6.2 and the release of Immunix 7.0. Immunix 6.2 was available as a free download under the GPL. Immunix 7.0 is, instead, under a new license, which includes this phrase: The license granted to End User by WireX shall be a non-exclusive, non-transferable license to use Licensed Software on the Designated Equipment in machine-readable form only, solely for End User?s internal business purposes (Authorized Use). End User is not entitled to receipt or use of the source code to any Licensed Software. End User shall not modify, decompile, disassemble or otherwise reverse engineer the Licensed Products.
This language means that the Immunix distribution itself cannot be freely redistributed. That may, initially, seem to be impossible legally, since it includes a great deal of software licensed under the GPL. However, there is no restriction on the GPL'd software within Immunix, just on the bundled product itself. The restrictions on Immunix stem from both the inclusion of the SubDomain product, the non-kernel portions of which are both proprietary and closed source, and the inclusion of BSD-licensed binaries, for which they currently include source (but may not in the future) but which they place under a proprietary license. This would imply that you could take Immunix, remove SubDomain from it, remove or replace the BSD-based binaries with ones that you've compiled yourself (with or without StackGuard or FormatGuard) and then distribute the result freely. However, if you haven't done the above, then legally you are not allowed to freely distribute what you download or purchase or to use the CD on multiple machines. A full discussion of WireX's choice of license for Immunix can be found in this thread on the immunix-users mailing list. As a result of this licensing choice, the Immunix distribution itself no longer meets the requirements of the Debian Free Software Guidelines. In essence, it is a Linux distribution that is not Free Software; although built primarily with free software, it is a proprietary product. It is notable that this move resembles comments made this week by Caldera's Ransom Love. "Love said he thinks Microsoft was right in its claim that the GPL doesn't make much business sense. Consequently, Caldera is likely to add a non-GPL licensing mechanism -- most likely one based on the BSD license -- to its repertoire in the coming months". We disagree with Mr. Love on this point; we believe the GPL makes a great deal of sense, both for business and non-business users. Nonetheless, both Caldera and WireX are, to the best of our knowledge, making choices that are legal. It is possible that, in reaction to these licensing changes, someone else may step forward to make a competing Linux distribution with StackGuard and FormatGuard-protected binaries that is actually Free Software. This would mirror what happened when the licensing behind QT affected KDE and speared the development of Gnome. Alternately, if the audience for this product is small and does not, in general, care about the issue of free software versus proprietary software, Immunix may move forward uncontested in this arena. We have always been strong proponents of WireX and their work in the past; StackGuard and FormatGuard have been important contributions to the community and Immunix 7.0 looks like an excellent product. Their licensing choices, though, while understandable from a revenue perspective, may end up hampering the adoption of Immunix. In particular, the use of closed source programs for security is one that we particularly distrust, so their choice to make portions of SubDomain closed source is a bit disheartening. Turbolinux security advisories return. After a period of total inactivity lasting almost six months, Turbolinux has issued a spate of new advisories this week. The turnaround on the advisories is admittedly terrible; the vulnerabilities that they fix go as far back as July 20, 2000. Presumably, the cause of that terrible response has now been addressed. As a result, Turbolinux appears to be doing a general house-cleaning, checking known vulnerabilities against its distribution and trying to get fixes out for them (no matter how old). Before Turbolinux gets all the negative attention, though, it is worth taking a look at the vulnerabilities they've now addressed, as we've done below in our Update Section. The vulnerabilities in it are listed in reverse order of when they were reported (most recent ones first). You'll quickly notice that many of the vulnerabilities, even the ones that have been known for quite a while, have not been addressed by all the other distributions either. Perhaps a "spring cleaning" should be on the list for all the security teams. OpenSSH 2.9 released. OpenSSH 2.9 has been announced. This release includes a number of new features, some fixes, and makes version 2 of the SSH protocol the default. "OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support." 'No limits' browser planned (BBC News). The BBC News talks about a promised new browser, Peekabooty, which The Cult of the Dead Cow is planning on releasing this year. The goal of Peekabooty is to combine encryption and a Gnutella-like network to circumvent censorship. "The inventors of the new browser said they were developing it for people living under restrictive regimes who wanted to see information they were otherwise denied." Although China, Malaysia, Singapore and many Arabic countries are given as specific examples of countries that restrict what their constituents can view on the web, the DeCSS case might arguably add the USA to the list and Germany could be argued for inclusion as well. (Thanks to Fred Mobach). Open Source Security Testing Methods (LinuxSecurity.com). The folks at LinuxSecurity.com talk with Pete Herzog, creator of the Open-Source Security Testing Methodology Manual. "As it is, security testers are an innovative group who need to be both methodical and radical to perform their job well. This manual works with them, guiding their hand, not forcing it." Security Reportsvixie-cron crontab permissions lowering failure. It has been reported that a security fix applied to fix a problem back in January has resulted in a failure to drop permissions properly. As a result, a local root exploit has been introduced. Paul Vixie Vixie Cron 3.0pl1 fixes this latest problem.
Samba 2.0.9 released (security fix). Andrew Tridgell has released Samba 2.0.9, which fixes the security bug (from April 19th) that he had thought was fixed in 2.0.8. If you're running a 2.0 version of Samba, an upgrade is recommended; look for one from your favorite distributor soon. 2.2.0 users are not affected by this problem.
Minicom XModem Format String Vulnerability. Multiple format string vulnerabilities have been reported in Minicom which can be triggered when sending files via XModem. As a result, uucp privileges can be gained by a local user. An exploit has been published. No patch or update has been published so far, though removing the setgid bit from minicom will close the hole (and disable minicom for non-privileged users) temporarily. Check BugTraq ID 2681 for more details.
Red Hat 7.1-specific improper swapfile creation vulnerability. Red Hat has issued an advisory warning swap files (not swap partitions) created during an upgrade to installation of Red Hat 7.1 are created with improper permissions, allowing world-read access. Red Hat Linux 7.1 offers the option of creating swapfiles during the upgrade if the amount of swap space available is less than the physical RAM. The world read-access exposes data in the swapfile, including potentially passwords. An updated mount package has been issued to fix the problem. mandb symlink vulnerability. Debian reported a symlink vulnerability in mandb, a tool distributed with the man-db package. The vulnerability was found by Ethan Benson. Debian has provided updated packages to fix the problem. Other distributions that install man setgid will also be impacted.
web scripts. The following web scripts were reported to contain vulnerabilities:
Proprietary products. The following proprietary products were reported to contain vulnerabilities:
Updatesgnupg 1.0.5 released with multiple security fixes. gnupg 1.0.5 was released on April 29th. Check the May 3rd LWN Security Summary for details. An upgrade to 1.0.5 is recommended.This week's updates: Previous updates:
KDEsu tmplink vulnerability. Check the May 3rd LWN Security summary for details. Fixes for the problem are included in kdelibs-2.1.2. The KDE Project recommends an upgrade both to kdelibs-2.1.2 and to KDE 2.1.1.This week's updates: Previous updates:
Zope Zclass security update. Check the May 3rd LWN Security Summary for the original report. Sites running Zope should upgrade as soon as possible.This week's updates: gftp format string vulnerability. Check the May 3rd LWN Security Summary for the original report or BugTraq ID 2657 for additional details. The problem is fixed in gftp 2.0.8 and later.This week's updates: Previous updates:
NEdit temporary file link vulnerability. Check the April 26th LWN Security Summary for the original report or BugTraq ID 2627 for additional details.This week's updates: Previous updates:
ntp remotely exploitable static buffer overflow. Check the April 12th LWN Security Summary for the original report. An exploit for this vulnerability has been published and it is remotely exploitable to gain root access, so updating ntp is a high priority for anyone using it. For more details and links to related posts, check BugTraq ID 2540.This week's updates: Previous updates:
Netscape 4.76 GIF comment vulnerability. Check the April 12th LWN Security Summary for the original report. The vulnerability can be used to embed executable Javascript in GIF comments which are then executed by the viewer when loading the GIF file. This has been fixed in Netscape 4.77, which is available for download from ftp.netscape.com.This week's updates: Previous updates:
sgml-tools temporary file vulnerability. See the March 15th LWN security page for the initial report or 2683 for more details.This week's updates: Previous updates:
vixie-cron long username buffer overflow. Check the February 22nd LWN Security Summary for the original report.This week's updates: Previous updates:
Analog buffer overflow. An exploitable buffer overflow in analog was reported in the February 22nd LWN Security Summary. Version 4.16 contains a fix for the problem, which affects all earlier versions. Check BugTraq ID 2377 for additional details.This week's updates: Previous updates:dhcp buffer overflow. Check the January 18th LWN Security Summary for the original report from Caldera.This week's updates: Previous updates:
squid tmprace problem. Check the January 11th LWN Security Summary for the initial report.This week's updates: Previous updates:
dialog lockfile symlink vulnerability. Check the December 28th, 2000 LWN Security Summary for the original report of this problem.This week's updates: Previous updates:
pico symbolic link vulnerability. Check the December 14th, 2000 LWN Security Summary for the initial report of this problem. Note that this has also been reported as a pine vulnerability, but the vulnerable component is still pico, not pine. Check BugTraq ID 2097 for more details.This week's update: Previous updates:ed symlink vulnerability. Originally reported on November 30th, 2000, Alan Cox noticed that GNU ed, a basic line editor, creates temporary files unsafely. The problem has subsequently been fixed in ed 0.2-18.1.This week's updates: Previous updates:
ncurses buffer overflow. Check the October 12th, 2000 LWN Security Summary for the initial report of this problem.This week's updates: Previous updates:
Format string vulnerability in locale. Check the September 7th, 2000 LWN Security Summary for the initial report or BugTraq ID 1634 (updated January 18th, 2001) for more details. The updates below also address other glibc security issues discussed in the past five months, including the glibc LD_PRELOAD file overwriting vulnerability and the glibc RESOLV_HOST_CONF file read access vulnerability. This week's updates:
Previous updates:
cvsweb. Versions of cvsweb prior to 1.86 may allow remote reading/writing of arbitrary files as the cvsweb user. Check the July 20th, 2000 Security Summary for the original report from Joey Hess. The FreeBSD advisory also contains a good summary of the problem.
ResourcesPrelude 0.3. Prelude is a Network Intrusion Detection system that MandrakeSoft will be shipping with MandrakeSecurity as an alternative to Snort. Version 0.3 has just been released, but is reportedly much further along than one might expect from a 0.3 level release. PIKT 1.13.0. PIKT, otherwise known as the Problem Informant/Killer Tool, version 1.13.0 was released on Tuesday, May 8th. "PIKT, an innovative new paradigm for administering heterogeneous networked workstations, is a cross-platform, multi-functional toolkit for monitoring systems, reporting and fixing problems, and managing system configurations. You can also use PIKT as a basis for managing system security". EventsKernel Security Extensions BOF at Usenix. NAI Labs is sponsoring a Kernel Security Extensions BOF (Birds of a Feather session) at the upcoming USENIX Technical Conference being held June 25th through the 30th in Boston, Massachusetts, USA. "Crispin Cowan (WireX), Peter Loscocco (NSA), Amon Ott (RSBAC) and Robert Watson (NAI Labs and the FreeBSD Project) have kindly agreed to kick off the session with short presentations on their work". For those people unfamiliar with Birds of a Feather (BOF) sessions, they are generally informal events that bring together experts and enthusiasts in a given field. This looks like an excellent one; we wish we could be there. Digital Rights v. Free Speech: a focus of the upcoming Internet Security Conference. TISC 2001 is coming up June 4th through the 8th, in Los Angeles, CA, USA. It will include a CEO Roundtable entitled "Digital Rights Enforcement". "The TISC CEO Roundtable will include discussion of the current events, technologies and constitutional rights debate surrounding the Secure Digital Music Initiative (SDMI) as it relates to the Digital Millennium Copyright Act (DMCA)". Upcoming Security Events.
For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net. Section Editor: Liz Coolbaugh |
May 10, 2001
LWN Resources | ||||||||||||||||||||||||||||||||||||||
Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Kernel page. |
Kernel developmentThe current kernel release is 2.4.4. There have been no kernel releases (not even prepatches) from Linus since 2.4.5pre1came out on May 2. Alan Cox remains busy; his latest is 2.4.4ac6, which contains another long list of fixes but nothing radical. To top it off, Alan has also started the 2.2.20 prepatch series with 2.2.20pre1. At this point, only serious fixes are going in at this point: "Expect me to be very picky on changes to the core code now." Moving block devices to the page cache. In last week's kernel page we looked at a subtle metadata corruption bug brought about by the fact that I/O to block devices uses the buffer cache, while the filesystem code uses the page cache. Conversation on this topic has continued in this (otherwise slow) week, so it's worth another look. Some background first... Linux systems use two distinct caches to improve performance. Both are used to keep copies of disk-resident data in main memory, and thus to avoid excessive disk I/O operations. These caches are:
The individual blocks of a page cache entry, of course, are still managed through the buffer cache. But, as we saw last week, accessing the buffer cache directly can create confusion between the two levels of caching. Reading and writing a block device directly, as is done by utilities like dump and fsck, works only with the buffer cache. It turns out that Linus wants to change this behavior, even though he is not tremendously concerned about the corruption problem discussed last week. Having block devices use the page cache will clean up a lot of design issues, improve performance, and gets away from the idea of using the buffer cache as a cache. The buffer cache, for Linus, really should just be a low-level block I/O mechanism that leaves the actual caching tasks to higher levels. Not much time passed before Andrea Arcangeli released a patch moving block I/O into the page cache. Essentially, he has eliminated the special-purpose block_read and block_write functions, and made a block device look like a large file. So now the general-purpose file I/O functions may be used instead. As an added bonus, Andrea has obsoleted the raw I/O interface, implementing instead an O_DIRECT flag which may be used to perform I/O directly between the device and user space. This change makes raw I/O a much more straightforward affair, since it's no longer necessary to set up and bind the separate /dev/raw devices. A change of this magnitude, of course, would not normally be expected to go into the 2.4 kernel - though some other surprising things have made it in. Expect to see something like Andrea's patch be incorporated early in the 2.5 cycle, however. ReiserFS - ready for prime time. Hans Reiser has posted a note saying, essentially, that all of the real bugs in the ReiserFS filesystem have been fixed as of 2.4.4. Since the filesystem was included in 2.4.1, its user base has grown greatly and that has, not surprisingly, led to an increase in bug reports. The ReiserFS hackers have been tracking down these problems quickly, and many fixes have come out. As a result, the "beta period" appears to have come to a close. There are a few outstanding issues, though. ReiserFS still only works on small-endian machines, for example (a patch exists which fixes this problem, but it hasn't seen wide testing yet). You still need to apply an additional patch to use ReiserFS and the NFS server together. And the filesystem checker tool still needs some work. But the biggest problems appear to have been overcome; the "experimental" label may be removed from ReiserFS in a kernel release soon. The problem of broken configurations in CML2. Now that a lot of the CML2 issues have been resolved, people are starting to think more about how they will actually use the new kernel configuration system. And a bit of a problem has come up. Anybody who builds a lot of kernels becomes quickly enamored of the "make oldconfig" operation, which makes a configuration from an old kernel work with a new one. It will stop and ask about any new configuration options, and it makes some attempts to resolve things when an old configuration violates the rules in the new kernel. Some hackers noticed that CML2 did not handle things well when a new kernel adds rules that make an old configuration invalid. Eric Raymond's initial response was to say that recovering from broken configurations was too hard. He had the numbers to back the point up: But wait! There's more! If some of the variables participate in multiple constraints, the numbers get *really* large. Worst-case you wind up having to filter 3^1976 or
People might have been more impressed with this display of mathematical analysis skills if it weren't for the fact that make oldconfig works with the old configuration system. The problem, perhaps, is that the technique used (configure out anything that breaks the rules in the new kernel) lacks the sort of elegance that Eric would like to see in his code: I guess you didn't know that I trained as a mathematical logician. On the one hand, that predisposes me to try to find "elegant" solutions where you might regard brutality and heuristics as more appropriate.
Elegance appears to have lost, though - witness the announcement of CML2 1.4.0, the "brutality and heuristics" release... Other patches and updates released this week include:
Section Editor: Jonathan Corbet |
May 10, 2001 For other kernel news, see: Other resources: |
Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Distributions page.
Lists of Distributions
|
DistributionsPlease note that security updates from the various distributions are covered in the security section. News and EditorialsYellow Dog Linux 2.0. We spoke with Kai Stats, co-founder and CEO of Terra Soft Solutions this week about their upcoming release of Yellow Dog Linux 2.0. Yellow Dog Linux is one of two Linux distributions that focus exclusively on the Apple PowerPC and IBM RS/6000 hardware platforms (the other is LinuxPPC). For the past two years, Terra Soft Solutions (makers of Yellow Dog Linux and Black Lab Linux) have felt that the biggest barrier to adoption has been the installer. As a result, the Yellow Dog Linux development team has spent the last fourteen months building a brand-new installer for YDL 2.0 from the ground up. Kai Stats just returned from a road tour demonstrating beta versions of YDL 2.0, culminating last week with a presentation at the Macintosh Business Expo in Portland, Oregon. Kai commented: During my road tour, I had the chance to watch resellers (who are not always that technically-savvy) install Yellow Dog Linux without needing a manual or guide. That was really exciting for me. The feedback from the audience was very positive.
The team of people who put the new release of Yellow Dog Linux together include a couple of TerraSoft executives wearing dual hats, Kevyn Shortell, former Linux Technologies manager from Apple Computer, who is now Chief Technology Officer for Terrasoft Solutions and Dan Burcaw, co-founder of the company, and also Chief Information Officer. In addition, Hollis Blanchard and Ben Mesander have both worked part-time on the new release under contract to TerraSoft Solutions. There is another big change coming with the release of Yellow Dog Linux 2.0. Formerly, TerraSoft Solutions supported two PowerPC-based distributions, Yellow Dog Linux, the more general-purpose distribution, and Black Lab Linux, which was tailored both for embedded systems development and for high-performance, parallel computing. Now, however, the two distributions will become one. Black Lab Linux, instead of being separate from Yellow Dog Linux, will be available as an enhancement CD providing developer tools for Yellow Dog Linux customers. This has allowed Black Lab Linux developer Jeremias Sauceda to focus on adding new functionality to the developer tool set rather than on the many tasks involved with supporting a full distribution. Like most Linux distributions, looking at the staff actually paid by the company behind the distribution (if there is one) only tells part of the story. TerraSoft Solutions also thanks community members Tom Rini, from MontaVista Systems, who helped with various video driver issues, Andrew Clauson, the author of parted and Jeremy Smith, for his work on "propaganda". The source code to the new installer will be released under the GNU GPL. Meanwhile, the development team is turning their attention to the next release of Yellow Dog Linux where they will be fine-tuning the new installer, and porting some new applications. "We expect to gain a lot of feedback from our customers, both upgrade and new, and put their suggestions into action", said Kai in summary. The ROCK Linux Philosophy (O'Reilly Net). From the O'Reilly Network we get this essay on the philosophy behind the ROCK Linux distribution. "ROCK Linux aims to be admin-friendly. There is no YaST, Linuxconf, or Control-Panel. Configuration is done where it has to be done: in the config files. A configuration tool has to help an administrator -- not replace him (I don't think that it's possible to replace an administrator with a config tool.)." Distribution NewsRed Hat News. For those of you who have been following Red Hat's development of Red Hat Linux 7.1 via the Wolverine mailing list, note that the Seawolf mailing list opened up on April 16th and is covering issues in the new version of the distribution. Debian News. The Debian Weekly News has returned, as of Sunday, May 6th with a new three-person editorial team to replace former editor Joey Hess. The new editors are Jean-Christophe Helary, Joe 'Zonker' Brockmeier and Tollef Fog Heen. We're happy to see DWN return and we wish all the new editors the best of luck. Meanwhile, after this week's DWN was published, Anthony Towns sent out his second progress report on the state of the Woody freeze. Most importantly, strong progress has been made solving the problems with the boot-floppies, so a preview release of Woody is now expected to make it out in the next few weeks. The Kernel Cousin Debian Hurd for May 8th is also available. Linux-Mandrake News. Those of you interested in Linux installations on laptops may want to check out this description, covering installing Linux-Mandrake 8.0 on an IBM Thinkpad. "Wobo has sent me a description of Tractopel instalation on his Thinkpad, and his description starts with 'WOW, that was really smooth'." If you're in Germany and would like to meet up with a couple other Linux-Mandrake enthusiasts, check out the planned road-trip. Slackware News. Massive changes have gone into the Slackware trees this past week, the highlight of which is an upgrade to Gnome 1.4. Mozilla, Galeon and Nautilus packages have been made available, along with a package of Ogg Vorbis utilities, Samba updates, new elflibs, mc, xf86prog and freefont packages. "Do we know how to prep for beta, or what?" Linux Router Project News. The Linux Router Project reports that Sangoma has recently become an LRP Sponsor and has provided "very generous support to further the LRP effort". FreeBSD News. The FreeBSD'zine is a bi-weekly on-line magazine that reports on FreeBSD. Here is the May 2nd edition. Linux for the S/390 News. A bug database has been added to the Think Blue site, along with some updated packages. Minor Distribution updates
Distribution ReviewsComparison: Red Hat 7.1 and Linux-Mandrake 8.0 (Newsforge). Newsforge is running an article by Jeff Field comparing Red Hat 7.1 and Linux-Mandrake 8.0. "Mandrake and Red Hat are very similar, at most one revision off from each other. Already in this fast-paced world both are outdated, as the 2.4.4 Linux kernel has just been released. However, Mandrake is the winner in up-to-date major software releases." Distribution ErrataPer reader-request, three of the distributions on our distributions list have officially been moved to the inactive list: Alphanet, Gentus, and Storm Linux.Section Editor: Liz Coolbaugh |
May 10, 2001
Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.
|
Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters See also: last week's On the Desktop page.
|
On The DesktopThe latest poll from the KDE.com gives people a chance to vote on what feature they would most like to see in KDE soon. "I just installed Linux Mandrake 7.2 (until my SuSE package arrives), and after upgrading to KDE 2.1.1, I feel that a KDE port of the configuration utilities could bring a huge amount of polish to this distribution. A KDE interface to Linuxconf might be a good start. Others would however prefer a KDE installer, and some simply think that KDE should be faster and/or less of a memory hog. Here's your chance to cast a vote and voice an opinion". The answers are coming in on the poll and KDE dot News reports that the area of greatest concern for KDE 2.2 is speed. The report includes suggestions for C++ program speed improvements from KDE developer Waldo Bastian. This discussion on speed brings some interesting questions to mind. Some of us (but not all of us) at LWN still use the ancient, but reliable FVWM window manager for our daily needs and tend to work with KDE and GNOME only for testing purposes. Some of us are also running relatively old (300 MHz and slower) CPUs. Older hardware tends to amplify the effects of slowness. It would be interesting to run a speed test of FVWM, GNOME, and KDE on what these days is considered a slow machine, for example, a 200 MHz or even a 120 MHz Pentium if one can be found. Non-scientific, but real-world experience shows that FVWM is the fastest environment and, at least last year, KDE tended to be a bit more snappy than GNOME. The standard disclaimer that KDE and GNOME are much more than simple window managers such as FVWM applies as always. An interesting phenomenon of moving to a slower machine is how sluggish everything feels. Try working on a faster machine for a few weeks, then go back to the slower machine. What used to seem normal now feels very slow and unresponsive. Perhaps the KDE and GNOME developers should consider this approach for optimizing performance if they don't already do so. Of course, with the slowdown in the tech economy, good deals are to be found on fast machines. The most practical solution for most people may well be to get a new motherboard with a 1.3 GHz CPU, install the latest KDE or GNOME, and not worry about small differences in window system performance. Desktop EnvironmentsThis week's GNOME Summary. The GNOME Summary for May 5, 2001 is out. It includes brief coverage of the May 1 GNOME board meeting, the GNOME Packaging Project, and more. GTK+ 1.3.5. A new beta of GTK+ (and dependent libs) is now available. This beta has a draft of the new default look and adds a dependency on the Accessibility Toolkit (ATK). Installing the beta won't affect your stable GTK+ version and RPMs are available. So install it, break it and report bugs. Ximian GNOME 1.4: The Monkey Has Landed (LinuxPlanet). LinuxPlanet also takes a look at Ximian's package. "Ximian has also added a pair of applications unique to the company's release: MonkeyTalk and Red Carpet 1.0, both of which we'll look at further on in this review. Briefly, MonkeyTalk is a help application that connects users with a live chat session in a stripped-down version of the IRC program xchat; and Red Carpet is a package management tool designed to ease software installation and removal." Miguel de Icaza: Can't We All Just Get Along? [A Response to Dennis Powell] (LinuxToday). Miguel has put out his response (via LinuxToday) to Dennis Powell's article in the LinuxPlanet. "As with anyone who has questions about what we are trying to achieve or how we are doing things, I'd like to address and bring clarity to some of the issues surrounding GNOME and Ximian in Dennis' column, especially as they regard the control of GNOME, the role of my and other companies". GNOME 1.4 reviewed (C|Net). GNOME 1.4 is reviewed by CNet. They like it, for the most part. "Linux (and Unix) users will find that GNOME 1.4 offers an effective and stable environment. GNOME 1.4 setup is hampered by its sheer size and download time, but current GNOME users will find this upgrade more than worth the effort." Release of a new set of XML/XSLT libraries. Updated versions of both libxml and libxslt have been announced. They promise bug-fixes, speed improvements and full readiness to handle the GNOME project documentation formatting needs (note that KDE is also reportedly deploying the libraries). People Behind KDE: Werner Trobin. Werner Trobin, a member of the KOffice team, is interviewed as part of the continuing People Behind KDE series. "How and when did you get involved in KDE? About three years ago I installed Linux for the first time and started to use KDE. As I already did a lot of programming before on DOS/Windows I tried to play with some toy applications and enjoyed it. After reading Kalle's article in the c't archive (yes, *this* Kalle article) I decided to do some KDE program as my final project on school (with another guy from my class). Fortunately our teachers agreed and so it all started." Desktop ApplicationsNautilus 1.0.3 is out. As announced on Gnotices, Nautilus 1.0.3 is out. It has a number of performance improvements, and a few new features, like a news sidebar. Mozilla 0.9 released. Mozilla 0.9 has been released. There are a few new features (such as automatic proxy configuration), but most of the work appears to have been in the area of performance improvements. Fer de Lance - Truly Intelligent Multimedia Browsing. The dot (dot.kde.org) is covering the Fer de Lance project. This project aims to properly integrate GIFT's technology in Free Software desktop environments and browsers. Defenestrating Windows (LinuxDevices). LinuxDevices founder Rick Lehrbaum discusses his experiences in moving from Windows to Linux on his daytime work machine. "It all started back in December of '99. Since I was going to be running a Linux-related website, it only made sense to try to do my work on a Linux-powered desktop computer." Section Editor: Forrest Cook |
May 10, 2001
|
Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Development page. |
Development projectsNews and EditorialsThe LinuxFund funds a new round of grants.The LinuxFund has announced the funding of a new round of grants for open-source software and open-hardware developers. Five projects will each receive a $1000 grant. This round's projects include the Simple DirectMedia Layer, Ocularis, the Leviathan Project, OpenDecoder, and GNUpdate.
StandardsLinux Standard Base 0.9. The Linux Standard Base project is getting toward the end of its specification process. Version 0.9 of the LSB has been released, and is in a 30-day comment period. Once the comments have been addressed, the LSB will go to the Free Standards Group for adoption. AudioGLAME 0.4.1 released. A new version of the GLAME audio editing tool has been released. This version fixes some bugs that turned up in the recently released GLAME 0.4.0. CORBAManage CORBA with scripting (Unix Insider). Unix Insider takes a look at CORBA in a Regular Expressions article: "For the purpose of this column, the main point to take from CORBA's history is that the protocol is a smashing success. We mean this in a precise sense: CORBA 1.0 was difficult, expensive, and esoteric. Ten years later, CORBA costs little or nothing (at least in some varieties), it is widely used, and hobbyists and students expect to use it safely." DatabasesPostgreSQL version 7.1.1 released. A new version of the PostgreSQL database has been released. Version 7.1.1 contains mostly bug fixes and optimizations. upgrading from version 7.1 does not require a dump/restore operation. Some new interactive documentation is also available for PostgreSQL version 7.1. DocumentationLinux Documentation Project News for May 8, 2001. Here's the May 8 edition of the LDP weekly news. Embedded SystemsLinuxDevices.com Embedded Linux newsletter. Here's the latest LinuxDevices.com Embedded Linux newsletter, with pointers to the LinuxDevices articles for the past week. Topics include an updated tiny SBC list, conference information, an open-source camera server, several video systems, and more. GraphicsCal3D - 3d character animation library. The initial release of Cal3D, a free, skeletal based character animation library has been announced. "This release is significant due to the extreme scarcity of Free Software options for skeletal-based animation, and thus may provide a very important advancement for Free Game development projects." Mail SoftwareMailman version 2.0.5 released. Another new release of Mailman, the Gnu mailing list manager has been announced. Version 2.0.5 is a bugfix release that fixes a problem with stale lock files. Network ManagementOpenNMS Update v2.19. For the latest news on OpenNMS, a project that is building a fully distributed network management platform, check this week's OpenNMS Update v2.19. The OpenNMS team will be talking tomorrow at the Boulder Linux User Group, if you are interested in meeting them in person. Printing SystemsCUPS 1.17 released. Version 1.1.7 of the Common Unix Printing System (CUPS) has been released. This version has improved configuration scripts, better documentation, a number of non-root command modes, and lots of bug fixes. SecurityOpenSSH 2.9 released. OpenSSH 2.9 has been announced. This release includes a number of new features, some fixes, and makes version 2 of the SSH protocol the default. Software DevelopmentAn Introduction to Extreme Programming (O'Reilly). O'Reilly's Linux DevCenter features an article on Extreme Programming, somewhat of a catch-phrase these days. "In its purest form, Extreme Programming is simple. The central tenet is, 'Find the essential elements of creating good software, do them all of the time, and discard everything else.'" Web-site DevelopmentOpenACS 3.2.5 announced. OpenACS is an Open Source toolkit for creating "Web services with a collaborative dimension". It is based on the ArsDigita Community System (ACS) but uses PostgreSQL instead of Oracle. OpenACS 3.2.5 has just been announced and includes multiple, important security fixes as well as support for PostgreSQL 7.1. Midgard Weekly Summary (May 4th). Like many "weekly" development reports recently, the Midgard Weekly Summary took a hiatus for a month or two. However, it is back now with a lot of news to cover. One particular highlight, Henri Bergius (one of Midgard's original architects) has started a new commercial firm, Nemein Solutions, which uses Midgard as a core technology. Zope Weekly News for May 4th. The Zope Weekly News for May 4th is out. Topics include a Berkeley Storage beta, the Zope book, Zope 2.4 progress, SmartObjects compared to an ODB, and more. Squishdot 1.1.0 released. A new version of the Zope based Squishdot news publication system has been announced. The Squishdot 1.1.0 The list of changes includes a number of changes, including improved searching, modified HTML parsing, and use of Zope 2.3.2 Btrees. MoinMoin 0.9 released. A new version of MoinMoin, a Python based Wiki program has been announced. Version 0.9 adds some new XSLT features, more user configuration actions, and several bug fixes. Section Editor: Forrest Cook |
May 10, 2001
|
|
Programming LanguagesC++Convert C to C++ with a Python program. A new Python script that converts C code to C++ has been announced. CamlCaml Weekly News for May 9, 2001. The latest edition of the Caml Weekly News is out. Topics this week include an announcement for a new French Caml book and a beta release of the Caml Development Kit. JavaSimplify XML programming with JDOM (IBM developerWorks). IBM's developerWorks features an article by Wes Biggs and Harry Evans on XML programming with JDOM. "In many ways, the Java language has become the programming language of choice for XML. With groundbreaking work from the Apache Software Foundation and IBM alphaWorks, there are now complete tool chains for creating, manipulating, transforming, and parsing XML documents." LispSBCL 0.6.12 released. Version 0.6.12 of SBCL, Steel Bank Common Lisp, has been released. This version includes bug fixes, optimizations, and some patches from CMU Common Lisp have been worked in. PerlApocalypse 2. Larry Wall has released Apocalypse 2, the second article in a series describing Perl 6. Atoms, molecules, data types, variables, names, literals, context, lists, files, and properties are covered. Using SOAP::Lite with Perl (IBM developerWorks). Joe Johnston discusses the use of Perl to work with SOAP. "Marrying SOAP, the darling protocol of the Web services world, to Perl, the grande dame of Web programming languages, is a natural fit. This article will present a no-nonsense approach to using SOAP::Lite, Perl's window into SOAP Web services." PHPPHP Weekly News for May 7, 2001. The May 7, 2001 edition of the PHP Weekly News is out. This issue covers PHP 4.0.6 RC1, Advanced Data Types, extension dependencies, variable, class and function naming issues, and more. PythonThis week's Python-URL. Dr. Dobb's Python-URL for May 7 is out, with coverage of the new iterator proposal, the Java Python Extension, dealing with fixed point calculations for currency, and more. Developing a full-text indexer in Python (IBM developerWorks). The next installment in the Charming Python series looks at an indexer module for better searches. Tcl/TkThis week's Tcl-URL. Dr. Dobb's Tcl-URL for May 7 is out, with the latest from the Tcl/Tk development community. Section Editor: Forrest Cook |
Language Links Caml Caml Hump Tiny COBOL Erlang g95 Fortran Gnu Compiler Collection (GCC) Gnu Compiler for the Java Language (GCJ) Guile Haskell IBM Java Zone Jython Free the X3J Thirteen (Lisp) Use Perl O'Reilly's perl.com Dr. Dobbs' Perl PHP PHP Weekly Summary Daily Python-URL Python.org Python.faqts Python Eggs Ruby Ruby Garden MIT Scheme Schemers Squeak Smalltalk Why Smalltalk Tcl Developer Xchange Tcl-tk.net O'Reilly's XML.com Regular Expressions |
Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Commerce page. |
Linux and BusinessCraig Mundie's speech. Is anyone really suprised that Microsoft execs attack open source software? It has happened before and it will happen again (and again and again). They don't 'get it' and people that invested in the cathedral model will not easily understand the bazaar (to borrow a metaphor). The more Microsoft attacks open source the more obvious it becomes just how threatened they are by it. The latest incident happened on Thursday May 3, when Microsoft Senior Vice President Craig Mundie gave a speech entitled "The Commercial Software Model" at the New York University Stern School of Business. The speech talks about Microsoft's "shared source" model, which, of course, avoids all of the problems of free software. Of the open source model he says: The OSS development model leads to a strong possibility of unhealthy 'forking' of a code base, resulting in the development of multiple incompatible versions of programs, weakened interoperability, product instability, and hindering businesses' ability to strategically plan for the future. Furthermore, it has inherent security risks and can force intellectual property into the public domain.
Given the timing of the speech, on LWN publication day, we've had a week to gather the many replies. Others have already said everything that needs to be said, and then some, so without further ado here are some of the replies.
Playstation Linux update. On May 9 we received an update from Japan on Linux for the Playstation 2. It seems that Sony doubled the number of units it planned to sell (to 2000), and sold the entire stock in all of eight minutes. An additional announcement of additional shipments came out the next day, though there was no mention in regard to quantity and date. One would hope that they would conclude that there is interest in Linux on their hardware... Linux NetworX / EBIZ merger canceled. Another merger goes down: Linux NetworX has announced that it will not be merging with EBIZ after all. The two appear to be parting on relatively good terms, and will retain some joint manufacturing and reseller agreements. MontaVista's Hard Hat Linux in China. MontaVista Software has announced that it will be distributing and supporting Hard Hat Linux in China, in partnership with PocketIX Software. This week's News from the Linux Professional Institute (LPI). In this week's LPI-News, the LPI has announced a new Linux jobs board, a report from Comdex Chicago, and large sales of bulk exams to IBM and NEC. A progress report on the Level 2 exams is also given. "There are now 430 LPIC-1 graduates worldwide, as of March 31st 2001. Congratulations on this achievement - to you all". IBM's community S/390 system. Have you been wishing you could play with Linux on an S/390 mainframe, but couldn't find room in your basement for the hardware? IBM's willing to help out. The Linux Community Development System makes virtual machines running Linux on a ten-processor S/390 available to people who want to port and test Linux applications. You even get a choice of SuSE or Turbolinux on your virtual system... Linux Stock Index for May 03 to May 09, 2001.
LSI at closing on May 03, 2001 ... 32.30
The high for the week was 33.82
Press Releases:Open source products
Distributions and bundled products
Proprietary Products for Linux
Products and Services Using Linux
Products With Linux Versions
Java Products
Books & Training
Partnerships
Investments and Acquisitions
Personnel & New Offices
Financial Results
Linux At Work
Other
Section Editor: Rebecca Sobol. |
May 10, 2001
|
Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Linux in the news page. |
Linux in the newsRecommended ReadingLinux makes a move into handhelds (News.com). This C|Net article looks at the future of Linux on handheld devices. "[IDC analyst Kevin] Burden anticipates market share for the open-source Linux operating system will be very small compared with Palm's OS and Microsoft's Pocket PC, which have been in the market longer and are more established. But, "two years down the road, we may be talking about Linux a lot more," he said." Pigeon-powered Internet takes flight (News.com). Did you know there is a standard for using pigeons to transfer information using the Internet Protocol (IP)? Well, there is and the Bergen Linux Users Group has implemented that protocol. "The pigeon protocol didn't mean the fastest of networks, though. Taking an hour and 42 minutes to transfer a 64-byte packet of information makes the pigeon network about 5 trillion times slower than today's cutting-edge 40 gigabit-per-second optical fiber networks." Argentina Mulls Open-Source Move (Wired). According to this Wired article, Argentina may become the first country to require that Open Source software be used in government offices. Argentina is under pressure to reduce software piracy; the government itself is apparently one of the larger violators. Switching to free software will remove the legal pressure, as well as save the country money. "But switching to open-source software would mean big savings for the government, which is already crippled by a $145 billion debt, said Mario Albornoz, the director of the Institute of Social Studies of Science and Technology". DVD copyright appeal hinges on what's fair (CNN). CNN has an article on the DVD appeal. "Meanwhile, Jack Valenti, president of the Motion Picture Association of America (MPAA), the umbrella group for the studios that lodged the case against 2600, issued a terse press statement saying he remains confident that the appeal will not be overturned, although he believes that the defense made use of 'red herrings' to obscure the facts. It was not immediately clear what red herrings Valenti was referring to." CompaniesCaldera completes Unix acquisition (News.com). News.com reports on the completion of the SCO acquisition by Caldera Systems. " SCO initially derided Linux as immature, but the Unix clone nevertheless encroached on the company's Unix products at the same time that much of the Unix spending was being lavished on Sun Microsystems and other Unix server companies." Site of the Month: Linux2order.com (ZDNet). ZDNet reviews Linux2order.com. "We have some minor quibbles with the site--notably, you have to register, even to access the free downloads. Still, Linux2order offers convenient, inexpensive alternatives to snail-speed downloads." Linux2order.com will also mail you a custom-burned Linux CD. BusinessKiller Applications for Open Source (Consulting Times). Consulting Times looks at Linux in Business, and why open source makes sense. "Last year, Linux made it into MIS departments, because it had a compelling reason to do so. For many, that reasons revolved around eliminating dozens of servers and dissimilar operating platforms in favor of a small cluster, a rack of 1U boxes or simply because Linux is a multi-user operating system. Many companies found that Linux helped recycle their UNIX resources and people. Also, network appliances like Cobalt?s Raq and Qube made sense to so many people." ReviewsThe Evil3D team reviews Shogo: Mobile Armored Division. The Evil3D team has provided this review of Hyperion's Linux port of Shogo: Mobile Armored Division. "In Shogo you are Sanjuro, and it is your duty to kill everything in site. Well, not really. For Anime, there has to be a plot in there somewhere right? Right! To help you remember that, the local guards will "kindly" remind you not to peg the wrong person. Of course by doing it "kindly" they end up killing you. So as you jump into the game, check your fire. Target assessment will keep you on your toes when its trigger time!" MiscellaneousA gathering of GNOMEs (LinuxPower). Christian Schaller writes about his experience at GUADEC 2 in this LinuxPower article. "Day three started with a keynote speech by Richard Stallman. This was user day so there were many more people here than the previous two days. I don't have an exact number but I would guess something like 250-300 people. Fun thing was that when Richard had arrived the previous day he found the the GUADEC catalog used the term Linux instead of GNU/Linux. To fix this he had managed to make little white stickers with a new introduction text which he went around and 'patched' onto every catalog he could find. He also 'patched' all of the catalogs which where to be handed out to users this morning, so everyone got a GUADEC catalog personally patched by Richard Stallman himself. Nobody can accuse Richard for not being thorough :) Richard's speech was interesting and really pointed out why software patents are more damaging to the people they are intended to help than helpful." The trouble with JXTA (OpenP2P). The O'Reilly OpenP2P site is running this criticism of JXTA. "What does an active research community absolutely not need? Great big Sun stomping in and slamming down standards left, right and center. The only thing most P2P applications have in common is TCP/IP; everything else depends on the specific P2P application. This is quite natural when everybody is trying out ideas, because few of the P2P applications share much above the presentation layer." .comment: Wanna Invest in a Bridge? (LinuxPlanet). Here's a most cynical article on Linux Planet on Ximian, Eazel, and the Free Software Foundation. "I am not alleging impropriety here. It could be that it's all mere coincidence. But it is absolutely undeniable that the FSF has thrown its support behind a desktop controlled by two for-profit companies, one of which has an officer who sits on the FSF's board; the same company has purchased advertising aimed at confounding those who are seeking a desktop that is truly free in every rational sense of the word; and the other company has suggested that users can assist its product in surviving but help it avoid paying its bills by donating to the Free Software Foundation, or else an officer of that company has flung down and danced upon his fiduciary responsibilities by saying, in a communication that is part of his corporate function, that people might want to send money to the FSF instead of the company. And they all do it, evangelists as they are for 'free' software, with a holier-than-thou air." Section Editor: Forrest Cook |
May 10, 2001 |
Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Announcements page. |
AnnouncementsResourcesThe sayings of Caveman Og. Thanks to Rick Moen, it's now possible to peruse an archive of Caveman Og's postings to news.admin.net-abuse.email. Even the spam wars can be fun. "Og say if you tribe have coffee, and you tribe keep cat, put coffee down, and shoo cat away. Og know Og make'm you laugh, spill coffee on cat and keyboard. You see'm post from Og, you assume you also see'm this warning. Og not warn again. Og not want ship another stone keyboard to Australia." A data compression primer (IBM developerWorks). If you have wanted to know more about data compression, this article is for you. Tip Of The Week: Be Lazy With alias. LinuxLookup looks at the alias command. Events2,261 pre-registered to Linux@work Europe. This free series of Linux events is taking place in European cites now. Events in the Netherlands. Fred Mobach wrote to us about several events coming up in the Netherlands that look interesting. First is the Linux 2001 congress, May 22 - 23, 2001 in Ede, the Netherlands. Next, the Unix Users Group the Netherlands, NLUUG will present a spring conference. The topic of this conference is UNIX and High Availability, but we have it on good authority that several presentations will be GNU/Linux oriented. You can find the program here. The conference will be held May 31, 2001 in the congress centre "De Reehorst", also in Ede, the Netherlands. The previously mentioned Linux@work series will visit Amsterdam on June 15, 2001. Then, Networking Event 2000, ne2000, will take place July 19 - 25, 2001 in Nuenen, The Netherlands, South. Fred Mobach is presenting a workshop on "How to build a secure GNU/Linux server". There should be other workshops of interest to the GNU/Linux crowd as well. MontaVista Seminars Help Software Developers Evolve. MontaVista Software Inc. is sponsoring four half-day seminars for embedded software developers in California, the Midwest and Canada. The seminars, entitled "Moving from a Proprietary RTOS to Embedded Linux", will be held at the Santa Clara Hilton in Santa Clara, Calif., on Thursday, May 24; at the Irvine Hilton in Irvine, Calif., on Thursday, May 31; in Chicago on Tuesday, June 5; and in Toronto on Thursday, June 7. All seminar times are from 9 a.m. to 1 p.m. NCSA to Host 'Linux Revolution'. The National Computational Science Alliance is sponsoring a Linux users' and system administrators' conference June 25 - 27, 2001 in Urbana, IL, the home of the National Center for Supercomputing Applications (NCSA) at the University of Illinois, Urbana-Champaign. USENIX 2001 brings world's best minds to Boston. Here's an update from USENIX including some new speakers. USENIX is taking place at the Boston Marriott Copley Place in Boston, Mass. from June 25 - June 30, 2001. Red Hat Introduces Red Hat TechWorld. After dropping its involvement in the Linux conference segment via the original Linux Expo in Durham, North Carolina, Red Hat has now returned with a series of global events entitled "Red Hat TechWorld". The first one is scheduled for September 17 - 18, 2001, in Brussels, Belgium. Annual Linux Showcase. The Annual Linux Showcase & Conference wants to remind everyone that the call for papers is open until June 5, 2001. ALS takes place November 6 - 10, 2001 in Oakland, CA. Events: May 10 - July 5, 2001.
User Group NewsLinux User Group of Davis. LUGOD will meet on May 21, 2001 where they will discuss LDAP: Lightweight Directory Access Protocol presented by Brian Lavendar. The Nashua Chapter of the Greater New Hampshire Linux Users Group. The Nashua Chapter of GNHLUG will meet on May 23 at Martha's Exchange in Nashua, NH. Rob Lembree of Metro Link will discuss Universal Plug & Play, Mobile Computing, and other up and coming technologies for Linux. LUG Events: May 10 - May 24, 2001.
|
May 10, 2001 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Software AnnouncementsHere are this week's Freshmeat software announcements. Freshmeat now offers the announcements sorted in two different ways: The Alphabetical List and Sorted by license |
Our software announcements are provided courtesy of FreshMeat
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Linux History page. |
This week in Linux historyThree years ago (May 14, 1998 LWN): How many of you remember the Wang lawsuit, alleging that Netscape had violated its Videotex patents with its web browser? On May 6, 1998 that lawsuit was dismissed. Netscape's lawyers credited people on the net with having sent in much useful information that lead to the dismissal of the suit. The Association Francophone des Utilsateurs de Linux et des Logiciels Libres was founded to promote free software in the French-speaking world. In the last three years it has been a powerful force behind free software in France. Happy Birthday! Corel made a much-hyped "we support open source" announcement, which essentially boiled down to the company porting all of its applications to Linux. Dell claimed that none of their customers wanted Linux in this ZDNet article. LWN received an open letter from Jim Dennis to Dell telling them that their customers were already using Linux on Dell computers. Dell still isn't completely convinced. To this day the main Dell site does not mention Linux and won't even point you to the Dell Linux site.
Two years ago (May 13, 1999 LWN): Ken Thompson, perhaps best known as the co-author of Unix, was interviewed by IEEE Computer. His comments about Linux were somewhat negative. My experience and some of my friends' experience is that Linux is quite unreliable. Microsoft is really unreliable but Linux is worse. In a non-PC environment, it just won't hold up. If you're using it on a single box, that's one thing. But if you want to use Linux in firewalls, gateways, embedded systems, and so on, it has a long way to go. Eric Raymond talked to Ken about his "anti-Linux" stance and provided LWN with summary of the conversation, which was much less negative than the original statement. The best news, I guess, is that Ken says he didn't intend to write off Linux itself as simply an anti-Microsoft backlash; what he was trying to say was that he believes the recent popularity of Linux in the press is an anything-but-Microsoft phenomenon. He adds ``i very much appreciate the chance to look at available code when i am faced with the task of interfacing to some nightmare piece of hardware'' and that ``i think the open software movement (and linux in particular) is laudable.'' Of course Linux is still a work in progress, and having someone like Ken Thompson point out flakiness just gives developers another challenge. Those areas where Ken saw flaky code two years ago, we see Linux flourishing today. Linus released kernel 2.3.0, beginning the new development series. The U.S. Ninth Circuit Court of Appeals decided that the U.S. Government's Crypto export regulations were in violation of the first amendment. Source code is speech, and the government can not regulate it, they said. While the decision was only binding in a few western states, it was an important step in allowing the free flow of cryptographic information that we enjoy today. Open Season was an article appearing in Wired about free software. Never mind that some of these open-source-come-latelies may be trying to cover up for some misbegotten product that would never have had a prayer in the marketplace, or that they may well be aiming to exploit open-source resources without giving anything back in return. Those two little words - open source - have become a magical incantation, like portal in 1998 or push in 1997. Just whisper them and all will be yours: media attention, consumer interest, and, of course, venture capital. Of course these days venture capital is pretty hard to come by, regardless of magical incantation. Nonetheless several open source companies are profitable. See this week's front page.
One year ago (May 11, 2000 LWN): Security was very much in the news. Microsoft users were contending with the "ILOVEYOU" virus/worm that was turned loose on the net by somebody with a strange idea of fun. Nicholas Petreley wrote: Put bluntly, most developers in the Linux community would not be stupid enough to create a program as insecure and dangerous as Outlook. And if anyone were foolish enough to do so in the open source community, such a design would not be likely to survive the peer review it would receive. True enough, but LWN warned Linux users not to gloat. It is true that we have little enough to worry about with viruses like "ILOVEYOU", but this was also the week that apache.org was cracked and the folks at Digital Creations found an ugly problem with redirects. The Apache hack turned out to be an exploit of a badly configured configuration file, easy enough to document and fix. The redirect problem is not that hard to fix either, but it still exists on many sites and has been occasionally exploited. From time to time Microsoft advocates like to point out that with open source software there is no one that you can sue when bad things happen. Of course, even with proprietary software there are no guarantees. Although millions of people were affected by "ILOVEYOU", with damages estimated in the billions of dollars, Microsoft disclaimed any responsibility. Phil Agre wrote that "Microsoft shouldn't be broken up. It should be shut down." Red Hat gave up its portal ambitions, laying off most of the Wide Open News staff and ceasing original writing there. Instead, Red Hat went into the venture capital business. "Red Hat Ventures" would make investments of $500,000 to $2 million in new, open source-related companies, they announced. Investments had already been made in Sendmail, Inc., Rackspace.com, and e-smith. The Linux Standard Base (LSB) and Linux Internationalization Initiative (LI18NUX) joined forces to become the Free Standards Group. An announcement about the 0.9 release from the Free Standards Base is covered on this week's development page.
|
May 10, 2001 |
Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Letters page. |
Letters to the editorLetters to the editor should be sent to letters@lwn.net. Preference will be given to letters which are short, to the point, and well written. If you want your email address "anti-spammed" in some way please be sure to let us know. We do not have a policy against anonymous letters, but we will be reluctant to include them. |
May 10, 2001 |
From: Con Zymaris <conz@cyber.com.au> To: letters@lwn.net Subject: Re: Why is the support business so hard? Date: Tue, 8 May 2001 14:34:51 +1000 LWN asks: > Linux has taken off, and the support options exist. So why are so few > companies buying those support services? Perhaps there are far fewer > important Linux deployments than people think. Without deployments, > there is little need for support contracts. We don't believe it, though You ask the right questions, now I'll happily provide our version of some answers. In short, Linux is causing a small boom in our systems professional services business in Australia. The market is there if you want to work it. First, some background. Cybersource has been successfully providing Unix/Linux/Internet Professional Services in Australia for 10 years. Linux has gone from being a small part of our revenues, to perhaps the largest part, in the space of the last 4 years. Our target market is broad. SMEs, Government and Corporate. While it's true that for the most part, the majority of the growth in Linux services has been in the SME area, this is changing. Perhaps the big-name US-based support organisations who have been experiencing problems have been trying to pitch business primarily to the larger customers; these same customers who are only now moving into Linux. Due to the cost of overheads (very high-profile advertising, largish instant staff, expensive high-profile location offices) that some of these big-name Linux support organisations carry, they actually _need_ to target customers in the higher margin corporate and government. It is our belief that to start small (Cybersource has only 40 staff) and grow organically through word-of-mouth, befits the Linux/Open Source market better, than to start with a big-expenditure splash, as made in recent years by the various big-name Linux support start-ups. Grow with the market, not ahead of it. In short, the demand is really out there. Join us in bringing Linux and free software to the business world. Cheers, Con Zymaris CEO Cybersource -- _____________________________________________________________________________ Con Zymaris <conz@cyber.com.au> Level 9, 140 Queen St, Melbourne. 9642 5997 Cybersource: Successfully Providing IT Professional Services for 10 Years Specialists in Unix/Linux, TCP/IP and Web App. Development www.cyber.com.au | ||
From: "CARNIELLO, MIKE L. [FIN/1820]" <mike.l.carniello@pharmacia.com> To: "'letters@lwn.net'" <letters@lwn.net> Subject: Advocacy, not unreasonableness Date: Thu, 3 May 2001 14:16:45 -0500 To the Editor, Your recent comments regarding Linuxcare (03-MAY-2001) indicate that perhaps it's time to yet again adjust your rose-colored glasses you seemingly use for OpenSource/Linux issues. You mention: "What if the truth were something else: what if Linux users simply do not need support? ... Could it be that, in the end, technical support services are only needed for proprietary, black-box systems?" Oh, come on! Linux is incredibly complicated operating system to use and maintain, whether server-based or desktop-based. Support is needed for all types who come in touch with a Linux system - end users, application adminis, system admins, and hardware people. This support may be provided by intra-company or external sources, but it still must be provided. You go on to appropriate the corporate catchphrase 'empower' in writing: "Free software empowers its users to take responsibility for keeping their own systems going." Empowers??? I think the word you're looking for is "forces." And that's not necessarily a bad thing, but it is a double-edged sword. Mike Carniello mlcarn1@home.com | ||
From: "Michael Farnbach" <mfarnbach@conneq.com> To: <editor@lwn.net> Subject: Support for Linux Date: Thu, 3 May 2001 11:22:08 -0700 First, I have always loved your journalistic style. But maybe the tone on the front page of this weeks issue was a little too appologetic? Either way I'd like to add my two cents being somewhat in the support industry myself. I remember calling Eklektix a while ago when you were one of the only games in town when it came to Linux support, Liz truely is cool. Since then I have installed various machines in small buisnesses and I can attest that they just run. Our longest out box just recently was brought in for service. We updated it, added a raid1 and a journaling filesystem and a better web admin tool (we were using swat and linuxconf). The amazing part is that we hadn't touched, rebooted, been contacted by them in the 18 months since we deployed it. It just worked, and Time flew by. And since the client's office is pretty low on Linux knowledge I can assure you they weren't kind to it and shouldn't be accused of pampering or administring it themselves. We haven't ever been called for support on any of our other deployed boxes either. Linux seems to be the perfect Drop and Forget server deployment tool for a small IT outsourcing buisness like ours. | ||
From: Rob Landley <rlandley@austin.rr.com> To: letters@lwn.net Subject: LinuxCare's "support" business. Date: Fri, 04 May 2001 17:59:52 -0500 Making money from Linux tech support runs into two problems. First of all you don't need it, and secondly you can do it yourself. First, most of the support people need is the "getting it to work in the first place" variety. Install and configuration is a one-shot deal, not an ongoing revenue stream. Once you've configured a reliable system, it can get buried behind sheetrock during remodeling and nobody's likely to notice for about five years. (This has actually happened to novell servers and PDP 8 systems. http://www.techweb.com/wire/story/TWB20010409S0012 ). Perhaps you contract out the installation of the system and take out an insurance policy against anything going wrong the first few months, but after a while there's no reason to keep paying for babysitting. Secondly, if you're not going to totally outsource your information technology infrastructure (not just a "tech support" contract but having the servers and their caretakers live in an IBM data center), then you're going to have an IT staff. Even if it's just one guy, he'll have the complete source code to everything and will be quite capable of fixing things himself. Perhaps he'll have to search a few newsgroups to find the information he needs, but keeping it running will be part of his job. So LinuxCare's problem is that it either does too much or doesn't do enough. Red Hat provides install time support, and IBM provides throw-money-at-the-problem complete solutions. In between, there's just not much revenue. Linux has never been something you make money ON. It's something you make money WITH. Rob | ||
From: Derek Kite <derekkite@netidea.com> To: letters@lwn.net Subject: Support business so hard? Date: Sat, 5 May 2001 20:00:38 -0700 Support in any industry is a treacherous business. I work in the refrigeration service industry, and the number of company failures are very high. The difficulties are due to the high level of competence required from not the managers or salesmen, but the people with the dirty fingernails. Good technicians are rare and rather independant minded, more likely to start their own small service company than work for a large firm, or would rather be part of a small organisation. The only advantage that a large firm has is connections to head office, and a depth of expertise that the likes of IBM. Otherwise, the only difference is a larger overhead. Why would someone hire Linuxcare over the local small firm of competent linux technicians? I hope for their sake the reasons are clear in their customer's mind. All I know is that there will be many failures, especially of large firms that sell services. But there will be (and is) a large industry of small firms that will do increasingly well as linux becomes a common option. Derek Kite | ||
From: "John Carter" <john.carter@tait.co.nz> To: <letters@lwn.net> Subject: Package mechanisms break Open Source. Date: Mon, 7 May 2001 11:28:16 +1200 (NZST) Current distributions and package mechanisms break the power of Open Source. In the bad old days if you wanted a program you downloaded the source, compiled and ran. If it died you fired up gdb, sniffed around, fixed it and sent the patch in. If it lacked, you added code until it did what you want. If you didn't know how things worked, you "Used the Source Luke". Distributions and package mechanisms and the need to squeeze onto small disk drives have removed the current generation from that. Now disk drives have grown huge. Distribution and Package tools should now by default put unstripped binaries _and_ the source onto your drive. If a process segfaults, it should drop you into gdb. I'm willing to bet you the pace of Open Source evolution will increase by a factor of a 100 if this recommendation is followed. John Carter Phone : (64)(3) 358 6639 Tait Electronics Fax : (64)(3) 359 4632 PO Box 1645 Christchurch Email : john.carter@tait.co.nz New Zealand | ||
From: "james c" <james_dasfleet@hotmail.com> To: letters@lwn.net Subject: Someone To Sue Date: Fri, 04 May 2001 15:56:19 -0000 I had to laugh when I read your item which quoted 32BitsOnLine as saying "I would sleep better knowing that I could shift blame to Bill Gates." Does 32BitsOnLine think Mr Bill cares? I've heard similar statements many times in my consulting career, usually from a manager who says something like "we have to buy commercial products so there is someone to sue if it goes wrong". My usual response is along the lines of "So imagine we buy a database from a multi-national corporation, and something in it breaks and we lose a million dollars. Do you really think you can sue AcmeMegacorp/Microsoft/whoever? Their lawyers would take you apart, haven't you ever actually read a licence agreement?" I'd much rather have a product with good support, or the source code so I can support it in-house, than one with the supposedly sleep-inducing properties of an un-sue-able megacorp behind it. Cheers, James | ||
From: Max.Hyre@cardiopulmonarycorp.com To: letters@lwn.net Subject: Free-Software's impetus, contra Mr. Mundie Date: Fri, 4 May 2001 15:43:01 -0400 Dear LWN: Though it is true that repeated sales of Free Software is not a viable business model, this observation only applies to that class of people involved in making money by selling the software. It completely ignores the class of people making money using such software as a tool. For this second class, the cost of software is a loss, mitigated by its utility. Getting that utility at a fraction of the cost will be an extremely attractive proposition. It makes sense for them to band together with others, even competitors, to develop and improve programs which are part of their infrastructure. Witness the Apache Group, which grew out of a number of webmasters, for whom the server is a means, not an end. Even if some of them were business competitors, so long as that business wasn't selling Web servers, they were better off cooperating to sharpen the tool. Such cooperation doesn't arise out of nothing. But all it takes is one generous soul to free a useful program. That early, probably minimal and buggy, program then serves as a focus about which the larger group organizes. Think of it as the impurity which starts crystallization of a supersaturated solution. The effects are all out of proportion to the initial stimulus, but rather reflect the size of the group which can fruitfully use the program. =That= is why a model that's unworkable for a software company can nevertheless thrive. It's not a business model, it's an operational model. The worth to its users is greater than its worth to a single proprietary company. When Mr. Mundie asks: 2.Should an information-based economy protect the intellectual property assets that are driving its growth? he's missing the point that the ``information-based economy'' for which the answer is `yes' comprises only software companies. When ``economy'' is understood to take in =all= businesses, the answer frequently becomes `no'. He actually alludes to this when he points to ``the shift of focus away from the technology IP to content IP''. The only way a company can hope to continue making the big bucks from ``technology IP'' is to =own= that IP. So long as protocols can be independently implemented, such a company is at risk of losing customers to a clone. (Watch for a push to outlaw reverse engineering generally. We already have an attempt to do that for encryption methods, in the DMCA.) [The GPL] also fundamentally undermines the independent commercial software sector because it effectively makes it impossible to distribute software on a basis where recipients pay for the product rather than just the cost of distribution. Bingo! He's got it, but can't accept it because it threatens his business model exactly in proportion to how much it helps other businesses. GPLed software is worth the big bucks a maximum of once. Best wishes, Max Hyre | ||
From: David Kastrup <David.Kastrup@neuroinformatik.ruhr-uni-bochum.de> To: letters@lwn.net Subject: Open Source and Forking Date: Sat, 5 May 2001 02:36:50 +0200 Mundie from Microsoft has told us that Open Source carries the danger of leading to forked software. Open Source pundits tell us proudly that few examples of serious forking exist, presumably because of the discipline of Open Source programmers. Both are way off the mark. The question is: who wants to fork code in the first place? It turns out that individuals not out to make fast money are not interested in forking third party code, or even working with it. Sad witness to this fact are, for example, literally dozens of independent Web browser projects with different feature sets and in different state of progress. In almost all cases, the incitement to forking is only there for commercial entities. This is essentially what happened to the BSD code base: the free base remained strong, and every company rolled their own specialties. Forks all around, and exactly because all of these companies were able to protect their added value, their intellectual property. All but a few have died since, because the cost of maintaining a separate fork beside a prospering free tree is high. This is the reason for proprietary Unices collapsing under the impetus of the currently available free Unices. So what does this tell us? Forks rarely have a future in Open Source. Even where proprietary forks are allowed (as with a BSD license), natural selection tends to kill them off. Where the incentive of property is absent in the first place (such as with the GPL), forks are even more rare. Most of them have remerged at some time (such as the gcc/egcs fork). Only the strongest projects have a chance of keeping more than one branch alive after a fork. One of these rare cases has been the Emacs/XEmacs split. So it seems that Open Source does not lead to forking, and voluntary programmers are not interested in forking either. They either want to help improve an existing project, or roll their own. The only reason for forking is to make money off your additional invested work by keeping your branch proprietary. So a license like the GPL is about the strongest imaginable measure against forking, whereas a BSD-like license relies on the power of natural selection to let only the worthy projects survive and thrive. In short, forking is about the least of our worries. Total duplication of effort is much more prevalent. -- David Kastrup, Kriemhildstr. 15, 44793 Bochum, Germany Email: David.Kastrup@neuroinformatik.ruhr-uni-bochum.de | ||