Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise
news for all interests
Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters
Other LWN stuff:
Archives/search
Recent features: Here is the permanent site for this page. See also: last week's LWN.
|
Leading items and editorialsWhat distribution will your handheld system run? Palm Computing's dominance in the handheld personal digital assistant (PDA) market seems to be coming to an end. The new PDA systems provide far more power and functionality; they are full-strength computers in their own right. And Linux is the obvious system to run on them. But it will be interesting to see which Linux that will be. At the moment, the company that most obviously appears to be making a determined effort to be the supplier of Linux for handheld systems is Lineo. Sharp's new Linux-based PDA uses Lineo's distribution and tools, of course; according to this announcement the next generation PDA (which will be sold in the U.S.) will also be developed with Lineo. Lineo has also announced a deal with Insignia, Opera, and Trolltech to create "Embedix Plus for Smart Handheld Devices." The carefully-worded release describes the "open standards platform" which will be developed by these companies. It will doubtless be a well-designed system, but it will not be an "open source" platform. Don't expect to be able to download your copy anytime soon. The other company that is making a try for handheld systems is Transvirtual, with its PocketLinux system. At a first glance, PocketLinux appears to be grinding to a halt - there has been no release since 1.0 in January, and mailing list traffic has slowed to a stop. One could be forgiven for thinking that things look grim for those wanting to run a 100% free system on their PDAs. Appearances can be deceptive, however. Transvirtual has been quiet, evidently, due to a move into a new, larger office in San Francisco. There are also rumors about a new round of financing that is to be announced soon. But it does seem that there will be a major change with PocketLinux - new releases are going to be based on a different system, called Familiar. Familiar is a bit of a stealth project; your editor must confess to having been ignorant of it until recently. A quick look, though, reveals that work on a free handheld distribution is proceeding nicely. Familiar is a new distribution being produced as part of the Handhelds.org project; it is currently oriented toward the Compaq iPAQ system, but, as it stabilizes, it will certainly be ported to other platforms as well. Familiar is loosely based on the Debian ARM distribution, but it uses its own (smaller, simpler) package manager ("ipkg"). Much of the development work on handheld applications (the first appears to be a contact manager) is being done with Python, Gtk, and GDK. The 0.4 release came out on May 14. The Familiar distribution looks like it will be the base for most other free handheld systems. As mentioned, PocketLinux will be using it; Transvirtual will undoubtedly add Kaffe and a bunch of other Java goodies as well. The Intimate distribution adds full Debian package management, at the cost of not fitting into a minimally-equipped iPAQ. As the next generations of handheld systems arrive, the commercial distributors will doubtless come out with high-quality products that run on them. But the work on Familiar (and derivatives) is important - it is defining the shape, and providing much of the source, that future handheld distributions will have. Now if only those iPAQ systems were a little cheaper... The empire strikes harder. For those who still haven't seen it, this interview with Microsoft CEO Steve Ballmer in the Chicago Sun Times is worth a look. Here are his comments on Linux: Open source is not available to commercial companies. The way the license is written, if you use any open-source software, you have to make the rest of your software open source. If the government wants to put something in the public domain, it should. Linux is not in the public domain. Linux is a cancer that attaches itself in an intellectual property sense to everything it touches. That's the way that the license works.
We are, of course, getting used to critical comments from Microsoft. As the company gets more worried, the attacks are becoming more frequent and more pointed. Even so, describing Linux as "a cancer" seems like a bit much. Even for Steve Ballmer. The only rational response is to laugh. The worst part of those comments, however, is not the comparison between free software and deadly diseases. It is this line: The way the license is written, if you use any open-source software, you have to make the rest of your software open source.
Anybody who has looked at free software licenses at all knows that the above is not true - even for the GPL, which is far from the only free license. The CEO of Microsoft can be reasonably expected to know what he is talking about when criticising the competition. Words like "unamerican" or "cancer" are value judgements. The above, instead, is a blatant, deliberate lie. Microsoft, clearly, wants to scare companies away from Linux with this sort of untruth. It seems unlikely to work. Quite a few companies are working with free software, and there is a distinct lack of horror stories about those companies losing the rights to their own software. Even the most risk-averse of companies will eventually figure that one out. But we have seen how the opposition plans to play; it's going to be an interesting time. For a longer analysis of Mr. Ballmer's comments, see this missive from Eric Raymond. "In the open-source community, we have a favorite quote from Mohandas Gandhi: 'First they ignore you. Then they laugh at you. Then they fight you. Then you win.' Evidently, we're getting close to winning." Craig Mundie to speak at the O'Reilly Open Source Convention. When an opponent is spreading untruths, often the best thing to do is to shine a light on what they are saying. So O'Reilly is to be congratulated for its announcement that Microsoft VP Craig Mundie will be presenting the "shared source" program at the Open Source Convention, to be held in San Diego next month. Mr. Mundie will be followed by Michael Tiemann, who will take the "open source" side. There will then be a panel discussion. This event is likely to draw some media attention. Given the setting, Mr. Mundie will not be able to get away with untruthful statements about free software, so he is likely to come off in a rather different light. Maybe he'll even learn something. We're looking forward to the event. Another DMCA lawsuit - with a twist. Here's a press release from the EFF about a lawsuit launched by Professor Edward Felten and associates against the RIAA, the SDMI, Verance, and the U.S. Justice Department. Essentially, the suit is asking the court to rule that Prof. Felten may present his paper on the cracking of the SDMI watermarking system without fear of legal reprisal. The legal route is being taken because, among other things, a simple "permission note" from the SDMI would not be sufficient. The point, of course, is that researchers should not have to ask permission from corporate interests before publishing their findings. More information on the action, including the full text of the legal filing, may be found on the EFF's 'Felten v. RIAA' page. We wish them luck.
Penguin Gallery update. After far too much delay, the LWN.net Penguin Gallery has been updated by Dennis Tenney. There are now some 350 penguins on 13 pages; some of them are quite imaginative. Have a look to see what Tux has been up to... Time for a thank-you note. Last week we posted a reader survey and a request for volunteers to fill it out for us. We have received thousands of responses over the last week, despite the fact that numerous people had difficulties with the Tucows survey form. We greatly appreciate all of you who have taken the time to fill out the survey and provide us with much-needed information. One of the best things about producing LWN is the quality of readers we have been able to attract. Thanks! We're just beginning to look at the results of the survey; several hundred of you supplied additional comments, so it's going to take us a while. We'll get back to you with what we learned once the process is complete. Inside this week's Linux Weekly News:
This Week's LWN was brought to you by:
|
June 7, 2001
|
Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Security page. |
SecurityNews and EditorialsKaladix Linux - Paranoid Security Linux Distribution. Kaladix Linux showed up on Freshmeat on June 1st, describing itself as a "Paranoid Security Linux Distribution". It is based on LinuxFromScratch (LFS) with mandatory access controls and access control lists enabled (RSBAC). Also to be included are Openwall, FormatGuard and other similar patches.They have just barely gotten started, with a 0.3 release expected out soon. Note that the license for Kaladix is listed as "Free for non-commercial use". "I am aware that it is not possible to relicense GPL licensed software. Taking into respect that I do not like companies that make money from my work, I thought of licensing Kaladix Linux free for non-commercial use according to the following assumption: Every single piece of software that is included in Kaladix Linux is still licensed under GPL and may be used by whomsoever for whatsoever. However, the creation of configuration files, the compilation of software packages, my worktime and other various aspects of Kaladix Linux is my service (work) so that I can choose whatever license I wish and can thus assume to be able to distribute Kaladix Linux under a free for non-commercial use license".
Interview with Wietse Venema about his tcp_wrappers license (BSD Today). Fun with licensing continued this week with a look at the license for tcp_wrappers. BSD Today interviewed Wietse Venema, tcp_wrappers author, about its license, which original read, "If someone wants to redistribute the TCP Wrapper code in a manner that is not covered by the Copyright notice, then they are expected to contact me. I am a nice person and I haven't refused permission to anyone yet." After discussion with many different people, Wietse has updated the license to read, "Redistribution and use in source and binary forms, with or without modification, are permitted provided that this entire copyright notice is duplicated in all such copies". A nice, simple answer to a licensing problem. Would that all of them could be resolved so quickly and cleanly! Happy Birthday, PGP. PGP author Phil Zimmerman marked the 10 year anniversary of the release of PGP 1.0 on Tuesday, June 5th. "It was on this day in 1991 that I sent the first release of PGP to a couple of my friends for uploading to the Internet". It quickly grew faster than he had ever dreamed possible. "Volunteers from around the world were clamoring to help me port it to other platforms, add enhancements, and generally promote it". The anniversary is also covered in this Wired article by Declan McCullagh Security ReportsOpenSSH tmplink vulnerability. A tmplink vulnerability has been reported in OpenSSH when X forwarding is enabled on both the client and the server. It has been reported fixed in the OpenSSH CVS development tree, but is not yet mentioned in the OpenBSD 2.9 errata page. Until an updated version of OpenSSH is made available, disabling X forwarding for both the client and server might be a good idea. This is also covered in BugTraq ID 2825.Sendmail multiple race condition vulnerabilities. Michal Zalewski issued a paper describing race conditions in sendmail's signal handlers. As a result, sendmail 8.11.4 and 8.12.0.Beta10 have been released with fixes for these problems. Check 2794 for additional details. No distribution updates for this problem have been reported so far.
man malicious cache file creation vulnerability. Yet more trouble for the beleaguered man command. This week, a new vulnerability was reported in which files are cached in the system cache directory from outside of the system manual page hierarchy search path. It is believed that this can be used together with man, mandb or any other utility which trusts cached filenames in order to gain elevated privileges. A workaround is to eliminate the setuid bit from the 'mandb' binary (not the wrapper). xinetd default umask vulnerability. Red Hat issued an advisory this week reporting that the default umask for xinetd in Red Hat 7.0 and 7.1 was set to zero. As a result, some daemons started from xinetd that did not set their own permissions were creating world-writable files. The default umask has been set instead to 022. No information has been posted yet on whether this problem is specific to Red Hat or shows up in other distributions (though Red Hat-based distributions are likely vulnerable).ispell symbolic link vulnerabilities. OpenBSD released patches to fix problems in ispell where the use of mktemp() (instead of mkstemp()) left it vulnerable to symlink attacks. The patches also modify the use of gets() to use fgets() instead. This is also covered under BugTraq ID 2827.
Qualcomm qpopper username buffer overflow. A buffer overflow was introduced into Qualcomm qpopper 4.0, 4.0.2 and 4.0.2 as a result of the way in which the client-supplied username is handled. As a result, a remote root attack is possible. An upgrade to 4.0.3 is strongly recommended.Horde IMP Message Attachment symbolic link vulnerability. A symbolic link vulnerability has been reported in the Horde Imp versions prior to 2.2.5. The vulnerability comes from the use of the PHP tempnam function for creating temporary files. Prior to PHP 4.0.5, tempnam used mktemp for creating temporary files instead of mkstemp. Upgrading to Imp 2.2.5 and PHP 4.0.5 is recommended.fvwm initialization script vulnerability. If no $HOME environment variable is set, fvwm may read the .fvwm2rc from the current directory instead of from the home directory, making it possible for a local attacker to execute commands as another user. fvwm-2.2.5 fixes this issue.
OpenBSD Dup2 VFS Race Condition Denial Of Service Vulnerability. It has been reported that a local user can cause a kernel panic on OpenBSD if a file descriptor shared by two processes is set to null by one process while the other process is asleep. This can be used to facilitate a local denial-of-service attack. All versions of OpenBSD are reportedly vulnerable. No confirmation or advisory for the problem has been posted on the OpenBSD site as of yet.Acme.Serve 1.7 arbitrary file access vulnerability. Acme.serve is a Java class that contains a small, embeddable HTML browser. By default, Acme.Serve 1.7 allows all connections to browse the entire filesystem. No fix for the problem has been reported so far. Check BugTraq ID 2809 for more details.Proprietary products. The following proprietary products were reported to contain vulnerabilities:
Updatesgnupg format string vulnerability. Check the May 31st LWN Security Summary for the initial report. gnupg 1.0.5 and earlier are vulnerable; gnupg 1.0.6 contains a fix for this problem and an upgrade is recommended. Werner Koch also sent out a note warning of minor build programs with gnupg 1.0.6 when compiled without gcc.This week's updates: Previous updates:Webmin environment variable inheritance vulnerability. Check the May 31st LWN Security Summary for the original report. This week's updates:
MIT Kerberos FTP daemon buffer overflows. Check the May 24th LWN Security Summary for the initial report. MIT Kerberos 5, all versions, is affected. If anonymous ftp is enabled, a remote root exploit is possible. Otherwise, a local root exploit or a remote root exploit via an authorized login is still possible.This week's updates: Previous reports:
Red Hat update to mktemp. Check the May 24th LWN Security Summary for the initial report. This problem is specific to Red Hat Linux prior to version 7 (and other distributions based on Red Hat).This week's updates: Previous updates:man -S heap overflow. Check the May 17th LWN Security Summary for the initial report. The exploitability is definitely on whether or not the man command is installed setgid group man.This week's updates: Previous updates:
ResourcesLinux Intrusion Detection System (LIDS) 1.0.9 for 2.4.5. LIDS 1.0.9 has been ported over to the 2.4.5 kernel and includes a few other minor bugfixes. oftpd - a secure anonymous FTP server. oftpd is an anonymous FTP server specifically designed for security. Author Shane Kerr sent us a note describing some of its features and explaining why he chose to implement only anonymous ftp access. "Non-anonymous FTP is a security risk, despite certain FTP extensions that support encryption via SSL or other mechanisms. As used most commonly FTP is a fundamentally flawed protocol, in that it sends passwords in the clear. Because of this I suggest that no matter how secure you make your server software, FTP should be avoided for data transfer, especially since excellent alternatives such as SSH are available". The first stable release of oftpd occurred in March. The most recent release is 0.3.5, a development release made in mid-April. Research Paper - ICMP Usage In Scanning v3.0. Ofir Arkin has released version 3 (PDF) of his paper entitled "ICMP Usage In Scanning". EventsUpcoming Security Events.
For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net. Section Editor: Liz Coolbaugh |
June 7, 2001
LWN Resources | |||||||||||||||||||||||||||
Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Kernel page. |
Kernel developmentThe current kernel release is still 2.4.5. Linus is back from his trip to Japan, and has released the first 2.4.6 prepatch. It contains the usual scattering of fixes, including some aimed at the ongoing virtual memory problems with the 2.4 kernel series. The prepatch also contains one problem that can cause problems with unresolved symbols in some modular kernels. Ingo Molnar produced a simple fix which gets around the problem; after several iterations he also released a much more involved fix dealing with a number of other difficulties introduced in 2.4.6pre1. Alan Cox, meanwhile, is up to 2.4.5ac9. Along with the usual fixes he has included a new driver for the Sony Vaio I/O controller, the new improved Configure.help file (see below), and a number of fixes for problems found by the Stanford checker. Another approach to bounce buffers. The discussion last week on virtual memory and bounce buffers passed over one interesting approach to fixing the problem. We'll try to make it up this week, but doing so requires a little bit of background in how Linux memory management works. The following discussion is somewhat specific to the x86 architecture, but the concepts carry over to any 32-bit system. On a processor with 32-bit addresses, a total of 4GB of memory may be addressed. Linux systems have traditionally not been able to handle that much memory, however, due to the way memory is laid out. For some time, the virtual address space has been broken up as shown in this diagram:
(Please excuse your editor's crude use of the "dia" tool...). Thus, any individual user-space process may have up to 3GB of address space, with the uppermost 1GB being reserved for the kernel. 2.2 kernels always laid out memory in this way, and 2.4 still does by default. Before 2.2, the kernel mapped the entire range of physical memory into its portion of the address space, since that mapping provided easy, direct access to all of the memory on the system. It made life easy for kernel hackers, but it also limited the total amount of memory on the system to the amount that could be mapped in the kernel segment - 1GB, with subtractions for things like the PCI I/O memory space. That is why 2.2 kernels could only make use of about 960MB of memory. The 2.4 release lifted that restriction by enabling the kernel to work with memory that is not directly mapped. The result was (1) the ability to handle up to 64GB of memory on x86 systems, and (2) the creation of a new class of memory, "high memory," which is a little trickier to work with. So physical memory is now divided into three zones, as shown by another ugly diagram:
The "DMA" zone is memory which is addressable by old ISA peripherals that can only do 24-bit DMA; "normal" is memory above 16M which is directly mapped into the kernel, and "high memory" is memory which is not directly mapped. On systems with tremendous amounts of memory, most of that memory is "high memory." Now, finally, we can get to the bounce buffer problem. With current 2.4 kernels, any memory which is in the DMA or normal zones may be used in DMA operations with reasonable devices on reasonable buses. When I/O must be performed to or from high memory, however, a bounce buffer is allocated in one of the lower zones. The data is copied through the bounce buffer in its travels between the device and its high memory home. On I/O bound systems with a lot of high memory, bounce buffers can create a lot of pressure in the normal and DMA zones, leading to memory shortage problems. All that copying isn't entirely desirable either. Jens Axboe looked at this problem and made an observation that, in retrospect, should have been fairly obvious. PCI devices can (usually) address 32 bits (4GB) of memory. When the kernel uses a bounce buffer for high memory below 4GB, it is really wasting time and memory. The kernel may not be able to address that memory directly, but the peripheral can. So why not just do the DMA operation directly and skip the bounce buffer? So Jens announced a patch which does exactly that - at least, for block devices. (He neglected the little detail of where to find the patch; he filled that in a little later). This patch adds a fourth memory zone, called "DMA32," that sits between the top of the normal zone and the 4GB barrier. Whenever block I/O is being performed on memory in the DMA32 zone, it is done directly without the use of a bounce buffer. Bounce buffers are still required above 4GB; it's a rare peripheral that can reach memory that high. But, even in that case, the bounce buffer can live in the DMA32 zone. The benefits of this patch are clear. Given that, in all likelihood, most systems with high memory have no more than 4GB, bounce buffers can be eliminated entirely in many cases. And for the rest, the available memory for the allocation of these buffers has increased. The patch was not included in 2.4.6pre1, but chances are good that a version of it will appear in a future release. About that swapping problem. Problems with the use of swap space in 2.4.x were also mentioned last week. The amount of complaining has gone up recently, as more people try out the 2.4.5 kernel, which appears to be worse. The response from the kernel hackers so far has been "make sure your swap area is at least twice as large as the amount of RAM in the system." That allows the kernel, essentially, to waste half of the swap space as a copy of what is currently in RAM, and actually swap to the other half. That technique helps, but a number of people are, not surprisingly, unimpressed with that requirement. 2.2 systems seemed to work better, after all. In fact, 2.2 had the same problem with swapping, but the more aggressive approach to caching in 2.4 has made the problem bite a lot more people. Help is on the way, however. Marcelo Tosatti has posted a patch which cleans the junk out of swap space. Some testers have reported that it improves things for them. There is currently some debate, however, as to whether the locking used by the patch is safe. So it's probably not for everybody, yet. A different swap patch was posted by Mike Galbraith; it is new as of this writing and has not seen much testing yet. With luck, however, some variant of one of these patches will make it into a 2.4 kernel soon. How should the kernel handle temperatures? David Welton pointed out that parts of the kernel that handle temperatures (generally watchdog drivers) are not consistent - some code uses Fahrenheit, and other parts use Celsius. He proposed a global configuration option to decide what should be used kernel-wide. The response that came back will be familiar to linux-kernel watchers; the kernel should use one standard temperature format, and user-space tools can convert to other standards if necessary. Fahrenheit has very few defenders for that standard, not surprisingly. But the proponents of Celsius look like they will lose as well. If one is going to use standard units, one should do it right and use kelvins. That way nobody is happy. Then again, one reader proposed that BogoDegrees be used instead... Configure.help is complete. Eric Raymond has announced that, after great effort, the kernel Configure.help file now contains help entries for every one of the 2699 known configuration symbols. Of course, Eric knows how ephemeral such a victory can be. So he is also proposing a policy that no patches will be accepted unless they contain help entries for any new configuration symbols they introduce. Other patches and updates released this week include:
Section Editor: Jonathan Corbet |
June 7, 2001 For other kernel news, see: Other resources: |
Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Distributions page.
Lists of Distributions |
DistributionsPlease note that security updates from the various distributions are covered in the security section. News and EditorialsDistributions based on your existing installation. After quite a lull, where we were beginning to think that the flood of new distributions had permanently slowed to a trickle, a huge number of new distributions showed up this past week, in part thanks to contributors such as Fred Mobach and Gratien D'haese. In fact, so many showed up that we haven't even included all of them in this page; a few of them have been held back and will be listed next week instead. Getting so many new distributions at the same time gives us a good chance to look for patterns. We didn't find a lot. One distribution for handhelds/PDAs, one for the PA-RISC architecture, one distributed with a German magazine and a couple floppy-based distributions. However, we did find two distributions that shared a common theme. In this case, both distributions base themselves not on a specific distribution, but on an existing installation, meaning that they build themselves using the kernel, modules and applications installed on your current computer. The two distributions are MkCDrec and Mindi Linux. MkCDrec, as the name suggests, builds a CD-based Linux distribution. Mindi Linux builds a floppy-based distribution. In both cases, they could also be considered toolkits rather than distributions, because they pull the actual kernel and applications off your existing system rather than from a software repository. MkCDrec was of particular interest to us because it is specifically tailored to disaster-recovery. In addition to creating a bootable image based on your existing system, it will create a backup of the entire system, either onto the bootable CD, if there is room, or onto a multi-volume CD set. As a result, if your system fails, you'll have everything you need to restore it completely. Of course, the restore will be only as up-to-date as the last time you created your backup. Still, it is nice to have your backups be bootable -- it should make it easier to test backups, to make sure they are working properly and eliminates one step in the disaster-recovery process. Disk-cloning is also supported. PA-RISC Linux Version 0.9 released. HP has released version 0.9 of PA-RISC Linux, a version of the Debian distribution for the PA-RISC processor. Although we knew that HP has been working on Linux for the PA-RISC platform for sometime, we had no direct link to the project on our list. With this announcement for the latest release of PA-RISC Linux, we've also added them officially to our list. Support for both 32 and 64 bit systems is included in the new release, along with support for large memory systems (up to 16GB). "This release is the result of several years of work by developers in the Free Software community including developers from The Debian Project, Hewlett Packard, and Linuxcare". Linux-Mandrake for Itanium. Thanks to Bob Finch for pointing out to us that Linux-Mandrake is available for Itanium-based systems. The ISO images can be downloaded now. This distribution was announced on May 29 with the others, but we managed to miss it. Fully Automated Installation 2.0 released. Thomas Lange has announced the release of FAI (Fully Automatic Installation) 2.0. This package is intended to ease the installation of the Debian distribution on clusters, but can be used in any situation where multiple systems need to be installed. Redmond Linux, deepLinux merger. Redmond Linux and deepLinux have merged to form the Redmond Linux, Corp., according to the press release. "The deepLinux acquisition brings Redmond Linux additional expertise, product lines, and a presence in the Silicon Valley". ThinkNIC in Europe. The ThinkNIC has passed European Certification and is now available for sale in Europe. Distribution NewsRed Hat News. XFree86 4.1.0 rpms are now available on Rawhide. Note, however, that updated kernel modules will be required before these will work well. Meanwhile, for those of you interested in running ReiserFS under Red Hat on big-endian machines like the IBM S/390, check out this post by Jeff Mahoney. He has a very large patch that you are going to need. Debian News. Anthony Towns noted that the Debian Freeze is still on hold indefinitely, because they do not yet have a set of boot-floppies that work for all the i386 installs listed in their archives. A new version of the Debian Policy document has been uploaded. This will be of interest primarily to developers, since it defines what must be done to make their packages compliant with policy. A new Kernel Cousin Debian Hurd was published on May 30th. Hurd F2 ISO images are now available and major progress using XFree86 was reported. Last but not least, master.debian.org is down with disk failures, resulting in the loss of many services, including mail to anyone at debian.org. It went down Wednesday, June 6th and will presumably be up as soon as humanly possible. Linux-Mandrake News. The second Linux-Mandrake Community Newsletter is out. Topics covered include MandrakeSoft's presence at Linux Expo Montreal, Linux-Mandrake for the Itanium, the Single Network Firewall product, and more. MandrakeSecurity "Single Network Firewall" has been released. Check the newsletter for detailed features. Meanwhile, in news from MandrakeForum, a new version of drakfont was released to fix a problem importing Windows fonts. Meanwhile, the reports from road trips in Germany and Brazil are worth reading as well. Slackware News. Most of the progress this week took place in the Intel development. Speakup support (a speech synthesizer/screen reader) was adding in under 2.2.19. Sendmail was upgraded to 8.11.4 (fixing a security issue, see this week's security section) and XFree86 4.1.0 is now the default. Some interesting bugfixes went in, along with updates to vim, zsh, fvsm, guile, gnome-print and lesstif. Most interesting was the comment, "I'm still looking it over to see, but we can't be far from a freeze now". The SPARC and Alpha ports saw much less activity. Both of them got upgraded versions of autoconf, cvs and libtool. The 2.2.X kernel series under SPARC was upgraded to 2.2.20pre2 due to an nfs bug under SPARC that can cause kernel panics. OpenBSD 2.9. OpenBSD 2.9 was released this week. It promises major improvements in filesystems speed, support for Alpha architectures, new drivers and more. Of course, it comes with OpenSSH 2.9. In addition, it will run both on the Alpha platform and on the new Apple Titanium PowerBook G4. Yellow Dog Linux 2.0 teaches Mac new tricks (ZDNet). Yellow Dog Linux extends support to older Mac hardware that the new Mac OS X can't reach, according to this ZDNet report. "If somebody has a [Power Mac] 8500, they can't run Mac OS X. They may need the robustness of Unix, but Mac OS X just doesn't run on their hardware. With Yellow Dog Linux, they can say, 'Look, I've got this old machine, and suddenly it's useful again' as a server." kmLinux 2.0, a German distribution for schools. kmLinux is a Linux distribution for schools out of Germany. It is of particular interest since it is sponsored by the Landesbildungsserver Schleswig-Holstein, a German governmental organization in cooperation with the Verein Freie Software und Bildung e.V. (Union for Free Software and Education). kmLinux 2.0 has just been released with a new installer that has the ability to automatically resize an existing windows partition. Included you will find the Linux 2.4.4 kernel, XFree86 4.0.3, KDE 2.1.2 and KOffice 1.1beta2. ReviewsReview: Red Hat Linux 7.1 (ZDNet). ZDNet reviews Red Hat's latest Linux release, Red Hat Linux 7.1. "Managing multiple user accounts and passwords can be a significant burden for a systems administrator. On the client side, Red Hat Linux lets you specify which NIS, LDAP, or Kerberos server you'd like for user authentication. Red Hat's support for client- and server-side centralized user authentication is an attractive option for organizations looking to minimize the number of passwords that users are required to remember." Linux-Mandrake 8.0 (CNet). CNet reviews Linux-Mandrake 8.0. "Simply put, no other distribution beats the polished user experience offered by Linux-Mandrake 8.0." NetBSD 1.5 (Duke of URL). The Duke of URL turned his attention this week to NetBSD 1.5. "If you took a poll on who has used NetBSD -- a lot of people would probably respond that they've never touched in, when in fact, it's closer than many may think. Today, NetBSD is not only competing in the *BSD arena, but it's also making inroads with users who don't even know they're using it. Apple's Mac OS X and the more-obscure OpenBSD both utilize the NetBSD core, which has been both praised and put down by many in the industry". New DistributionsThis was definitely "New Distribution" week. It has been a long time since we got so many new distributions within such a short amount of timeEnter Runix: Linux for the PlayStation (ZDNet). Runix, which is coming from a Czech company, is set to be released under the GPL in order "to make the PlayStation2 a low cost PC," according to this ZDNet story. ViraLinux_II. Rick Hohensee, author of the cLIeNUX distribution, sent us a pointer to ViraLinux_II, a floppy-based Linux distribution. "It's an uncompressed minimal Linux that can boot with no HD or ramdisk, i.e. it can boot with / on the floppy. It has about 300k of space free on the floppy for the user to write programs. It has ash, eforth with 160 Linux syscalls, and my 3-stack language with 50 Linux syscalls. How is this possible in 1.1 meg? No libc". UltraLinux. UltraLinux is not a commercial distribution, but instead a central point for sharing information in support of Linux on SPARC and UltraSPARC platforms. It provides links to all of the full distributions that provide Sparc versions. [Thanks to Fred Mobach]. Go!Linux. Go!Linux is a German distribution that comes with the magazine PC!Linux, though you can also purchase it directly. [Thanks to Fred Mobach]. Familiar Linux. Handhelds.org is now hosting a new Linux distribution, Familiar Linux. Designed from the ground up to run on the Compaq iPAQ, Familiar Linux uses the ipkg package system (modeled on Debian's dpkg). The name "Familiar" stems from the meaning of the word as a noun, not as an adjective. In this case, a "familiar" is an intimate companion, "a spirit often embodied in an animal and held to attend and serve a person". Version 0.4 of Familiar was released on May 14th and the website has some nice screenshots. Check this week's Front Page for more in-depth coverage [Thanks to Richard Cohen]. Distribution Updates
Section Editor: Liz Coolbaugh |
June 7, 2001
Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.
|
Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters See also: last week's On the Desktop page.
|
On The DesktopLinux and the Palm Pilot. While the influx of Linux based PDA (personal digital assistant) devices is growing (see the Yopy, iPAQ and VR3, for example - LinuxDevices summarizes them all), most users of handheld systems are still using devices based on the Palm OS. In order to synchronize data between the handheld device and your Linux system you need tools that are called conduits. According to Palm's definition: A conduit is a plug-in to HotSync® technology that runs when you press the HotSync button on a handheld cradle or modem. A conduit synchronizes data between the application on the desktop and the application on the handheld. In other words, conduits should:
In the Linux world, the primary tool for synchronizing between a Pilot and a Linux desktop is the Pilot Link software. This package is a set of libraries and command line tools that work with the basic set of Memos, Todo List, Address Book and Calendar on the Pilot. These tools have been around for quite some time and the latest version, 0.9.3, should work well with most PalmOS 3.0 or earlier devices. The limitation here is that PalmOS devices that use a USB connector may not work with older versions of Pilot Link (see "Other Tools" section below). While the command line tools in Pilot Link are reasonable, they aren't quite sufficient to make complete use of what the Pilot can provide. They were written mostly as test applications and then expanded lightly for general use. But managing individual records on the Pilot (such as deleting one specific Todo list item) can't be done with the command line tools. That's the bad news. The good news is the Pilot Link library (libpisock) actually does allow such management. All that is missing are tools that properly use this library. Surprisingly, there aren't that many GUI tools around that take full advantage of libpisock. There are projects for both GNOME (gnome-pilot) and KDE (KPilot) that are in varying stages of development. JPilot is probably the most full featured and mature application, though some may argue that PilotManager may be better. Finally, XNotesPlus offers support for downloading Memos and the Address Book and limited support for database syncing. Besides these, one other command line tool worth noting is Syncal, which performs synchronizing of the Pilot calendar with the ical program. GNOME Pilot. If you're using GNOME 1.4 (either the generic distribution or Ximian's) you should probably have the GNOME Pilot tool already installed. You have to look under the GNOME Control Center (gnomecc if you run it from the command line) to configure it to use conduits, though it's not clear how to use any of them other than the Backup conduit (which backs up all or some of the files from the Pilot). In any case, the first thing you need to do is select the Peripherals->PilotLink option to configure where your Pilot is connected and how to communicate with it. GNOME Pilot uses a newer and unsupported version of the Pilot Link software, version 0.9.5 that may or may not be widely distributed yet. The setup wizard implies support for both IrDA and USB connected devices. After completing configuration you can then use any of the conduits presented under Peripherals->Pilot selection in gnomecc. These include backup, mail, memos, and even expense conduits. Tests with Ximian GNOME 1.4 showed that only a few of the conduits actually provided any configuration options. No information was provided on how to actually use those conduits. The current developer's release is only 0.1.54, with 0.1.55 in prelease, so this project is obviously in early development. GNOME Pilot appears to use a client/server architecture where the gpilotd server is started and waits for connections from the Pilot cradle or from applications. It then opens the communications path on the other end. Conduits seem to be accessed via embedded applets inside particular applications (GNOMECal, for example), though this could't be proven at the time of testing. Unfortunately, documentation is practically non-existant (unless you download the README with the source code) and the web site contains many broken links. If you're interested in following this project, you can subscribe to the gnome-pilot mailing list. KPilot. This project takes a slightly different approach than its GNOME counterpart. First, the application is at least partially self contained. That means the configuration, memo, address and file transfer features are all part of KPilot and not embedded (at least in the 3.2.1 version) in other applications. While this makes the application a little easier to figure out (start KPilot to configure it instead of start gnomecc to configure gnome-pilot), it isn't completely apparent how to use it. KPilot will HotSync address and memo files from the Pilot directly using the HotSync button on the main window. After the HotSync completes, the address records can be viewed and edited from within KPilot. The same is true for the Pilot's Memos. To access the Todo and Calendar databases from the Pilot you need to install external conduits which are provided with KPilot and configure them manually. When the next HotSync is performed the Todo and Calendar databases are written to a local calendar file that can be accessed and edited using KOrganizer as long as you use the same calendar file, which normally tends to be $HOME/.kde/apps/korganizer/file.vcsLike GNOME Pilot, KPilot is built around a client/server architecture. The KPilot daemon, appropriately named kpilotDaemon, waits for connections from either side and can even launch the KPilot GUI when the HotSync button on a Pilot cradle is pressed. There is more documentation available for KPilot than with GNOME Pilot. The KPilot users guide is launched in a Konqueror window when you select the Help->Contents menu option on the KPilot main menu bar. The documentation is sufficient to learn how to use KPilot, which certainly gives it a step up on the current GNOME Pilot release. The current stable release seems to be 3.2.1, with 4.0 being actively worked on by the developers. Unfortunately, KPilot's web site forces you into using KDE 2.2 and the 4.0 version out of CVS which is not very end-user friendly unless you happen to have KDE 2.2 already installed. You have to dig around to find an RPM for the older 3.2 version. JPilot. JPilot seems to have a strong following among some of the users queried. That may be because the program is a bit more mature and includes a complete set of features: calendar, todo list, memos and address book, all built directly into the application. In fact, the only real problem with JPilot seems to be the layout of the windows, which can be kind of klunky to use. There are diamond shaped buttons next to phone/email/fax fields, for example, that are mutually exclusive though no hint is provided as to their function. JPilot, like both GNOME Pilot and KPilot, uses the Pilot Link libraries for communicating with the Pilot. Also like its two competitors, JPilot will synchronize the complete set of databases on each HotSync. This seems a little overkill if, for example, you only make updates to the calendar regularly. JPilot will display address entries using the name or company fields and sorting is always done alphabetically by those fields. The best feature just may be the ability to search in all databases for a given string - look under File->Find in the main menu bar. While JPilot offers fairly complete sync and edit features for each of the four main Pilot tools, it does have a few minor flaws. First, there is no built in help system. The GNOME and KDE tools launch browsers to display help, but JPilot only provides simple "About" dialogs. That said, the online documentation on the web site is outstanding, including a complete HOWTO styled document that explains all the features as well as how to write plugins for the application. Another annoying but relatively minor flaw is that JPilot won't sync with a pilot that doesn't have a user name and ID installed. You have to run the Pilot Link command line tool intall-user to add these manually. JPilot does not run on a client/server model. It is linked directly to the Pilot Link libraries. The process is asynchronous (as it is with the GNOME and KDE applications) so the application continues to function during the HotSync process. Other Tools. There are a few other tools worth mentioning in this report.
The bad news overall is that pilot-link may or may not be supported any further. While gnome-pilot seems to use an upgraded version, there doesn't seem to be a web site anywhere with updated information on the status of the package and the pilot-unix mailing list is apparently dead. The last word from David Desrosiers, the most recent Pilot Link maintainer, was that Pilot Link was being rewritten to clean up lots of old cruft in the source and provide a cleaner distribution. Note that the SourceForge site for pilot-link is ancient - the project was moved away from there some time back and the new web site is simply a CVS dump of file activity. DVD on Linux (Duke of URL). The Duke of URL has posted a DVD on Linux summary, explaining what DVD cards are supported and what graphical players are available. "You'll also want to check on various restrictions and missing features in each piece of software. I've noticed kernel 2.4.x seems to work best, and there are bugs in the kernel 2.4.1 which will prevent you from using your DVD drive with that particular kernel version." Font anti-aliasing for GTK+ 1.2. This isn't user oriented, per se, but it is interesting to compare the current GTK+ 1.2 with the current Qt, which already handles anti-aliased fonts. A patch was made available for GTK 1.2 that allows that GUI library to render anti-aliased fonts using the Xrender extension. Screenshots are available, but are difficult to see clearly. Havoc Pennington noted that similar patches always break GTK 1.2 internationalization (see comments) but that GTK 2.0, due out later this year, already has support for Xrender.
Desktop EnvironmentsKDE 2.2alpha2 is out. The latest developer release of the version 2.2 for the KDE desktop has been released. There are many improvements in this version over the last alpha release along with the addition of the new Kooka scanning application. GNOME Summary for May 27 - June 02, 2001. The latest GNOME Summary has been published. Highlights include a call for help for Gnotices (the GNOME news site). Gnome-print 0.29. A new version of the gnome-print package for GNOME 1.4 was released this past week. This was strictly a bug fix release. Minutes of the GNOME Board meeting 29 May 2001. The weekly summary of the GNOME Foundation board meeting has been posted. Office ApplicationsAbiWord Weekly News #46. A new edition of the recently reborn AbiWord Weekly News is now available. If this site gives you problems, try the AbiWord.org site instead. Desktop ApplicationsIs Netscape Leaving the Browser World? (BrowserWatch). It appears, as this story reports, that Netscape will be cutting back on browser development. "Instead of continuing the battle against Microsoft's Internet Explorer, Netscape will instead focus on developing Netscape Netcenter as a Web portal, incorporating content from other Time-Warner publishing outlets." GDM 2.2.2.1. A new release of the GNOME Desktop Manager (gdm) became available this past week. GDM is the tool that provides graphical logins to the GNOME desktop. This release fixes, among other things, a security problem where cookies could be used to bypass security. And in other news...Linux on an iPAQ (O'Reilly). This second installment on Linux and handhelds covers the Compaq iPAQ handheld. "For those who want to run a more familiar operating system, Linux can replace WinCE in the unit's 16 megabytes of flash ROM. While Compaq won't sell a unit without WinCE, they are contributing considerable resources to making Linux work on the machines." Linux Not Ready for Desktop Move (AP). This AP Technology story says that the Linux desktop isn't being accepted yet because of a lack of a choice of applications. "'If we look at what drives people to select an operating system, it's not the operating system,' [IDC analyst Dan Kusnetzky] said. 'Almost always, the things that drive them to select something is the availability of their chosen applications.'" Linux on the Desktop: The Possibility Still Exists (Penguinista). This opinion piece says that the Linux Desktop isn't dead, with or without Eazel. "Why am I comparing Eazel's Nautilus to Konqueror in an article about the Linux desktop? The point is that, while it was good to have the additional support from Eazel, the Linux desktop can and will continue to improve without Eazel. The mistaken assumption that it will not arises from another false idea - that GNOME is the Linux desktop." KDE Dot News changes servers. The KDE news server has been moved to a new home. Hopefully this will cure some of the problems people have had accessing the well followed news stream. Company offers free Linux installs on desktops (CNN). CNN reports on one company's offer to install Linux for free to help push Linux onto the desktop. "With graphical interfaces for Linux beginning to look more like Windows, better stability, and improved networking hookups and security, Linux Centers is betting that more business and individual users will be willing to at least give it another look for the desktop." Section Editor: Michael J. Hammel |
June 7, 2001
| |
Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Development page. |
Development projectsNews and EditorialsXFree86 4.1.0 released. The people at the XFree86 Project have released XFree86 version 4.1.0. The README file lists a number of interesting capabilities of version 4.1.0, some of which were introduced in release 4.0.0 including:
The Driver Status page documents all of the currently supported boards and chip sets. Incidentally, XFree86 has switched to a new version numbering scheme as of this release. The code is available from the heavily loaded XFree86 FTP site as well as a few mirror sites, and Installation Details have also been published. (Thanks to Frank Lapore and Oliver Jost) AudioGLAME 0.4.2 released. Another release of the Glame audio tool has been announced. This version features a few bug fixes and a nifty new quick start guide in the built-in documentation. The guide will walk you through all of the steps required to play a WAV file, edit the file, record a new file, and save the results. See the Glame home page for more information. Some recent linux music app releases (Mstation.org). Mstation.org's Miriam Rainsford looks at some new Linux music software in a feature article on Mstation.org. Software examined includes SpiralLoops, Audacity, Ecaenvelopter, PVNation, Bonk, CheeseTracker, and GtkGEP, a program that can turn your PC into a guitar effects processor. DocumentationLDP Weekly News. This week's issue of the Linux Documentation Project Weekly News is now available. News includes an online store that is funneling a portion of the profits to LDP, a new HOWTO for Linux MP3 CD burning, a "Linux-Apache-PHP-Sybase mini-HOWTO", and some updated documentation. Mind your FAQs (IBM developerWorks). IBM developerWorks features an article by Jodi Bollaert on writing and maintaining FAQs. "Frequently Asked Questions (FAQs) are a great way to provide quick, easy answers to users' most common questions. However, ensuring that they fulfill their purpose effectively requires careful planning and design. This article provides 16 tips to help you mind your FAQs." ElectronicsXcircuit 2.3.1 available. A new beta version of the Xcircuit schematic drawing program is available for download. Version 2.3.1 includes a lot of underlying structural changes to the label and parameter code and also includes some new but well tested netlist generation code. Embedded SystemsEmbedded Linux Newsletter for May 31, 2001 (LinuxDevices). The weekly summary from LinuxDevices.com for the embedded Linux marketplace is now available. Topics include embedded Linux and Java, the Net2Phone Tux-tone dialing service, the new Sharp Zaurus PDA, recently availability of the Agenda VR3 PDAs, and lots more. Nanozilla gets a name change and website facelift (LinuxDevices). The Nanozilla project, targeted at a Mozilla adaptation to embedded systems, has changed its name to Nxzilla. Ripley -- a Linux-based wearable computer (LinuxDevices). The founder of ZeroSpin talks about his companies wearable computer project, known as Ripley, in this LinuxDevices.com article. "The first design, Ripley-1.0, was modeled loosely after Dr. Steve Mann's WearComp6 wearable computer. The Ripley's core, however, was based on Cell Computing's CardPC technology and the batteries were COTS (commercial off the shelf) Sony InfoLithium camcorder batteries." GamesWorldForge update. A new "unofficial" update for the WorldForge gaming project is now available. "To me, Stage is the gem in our crown, a highly configurable server system that provides a toolkit for game developers. Work is progressing rapidly now, after years of gestation". InteroperabilityWine Weekly News Issue 21 is out. The latest issue of the Wine Weekly News is available. This issue covers the addition of a new section to the wine configuration file, dealing with the latest XP, Office installation issues, using Wine with Suse and Mandrake, and more. Network ManagementInterview with Wietse Venema about his tcp_wrappers license (BSD Today). BSD Today interviews Wietse Venema, author of such tools at SATAN and Postfix, about the license included with his tcp_wrappers package. "If someone wants to redistribute the TCP Wrapper code in a manner that is not covered by the Copyright notice, then they are expected to contact me. I am a nice person and I haven't refused permission to anyone yet." Be sure to read to the end of the article regarding Wietse's updated license. (Thanks to Ben De Rydt) OpenNMS Update for June 5, 2001. The June 5, 2001 edition of the OpenNMS Update is available. Topics include preparations for the 0.7.6 release, managing CAPSD, coding project status, and a wish list, among other things. System AdministrationBulletproofing Servers: Building a Challenge for Murphy (O'Reilly). Andy Neely discusses techniques for making a critical server more reliable in an O'Reilly OnLAMP article. "Most system administrators who have maintained a server for more than a few months will have their own stories to tell. It might be an installation or a configuration problem, a daemon that stops responding every six or eight weeks, or the 150 million duplicate entries that filled up the log partition last Sunday." Web-site DevelopmentLatest Zope News. A few interesting developments have shown up in the latest Zope News. Among other things, Zope 2.4.0 alpha 1 is available and version 1.1 beta of CMF, the Content Management Framework, has been released. Using CGI::Application (www.perl.com). Www.perl.com features an article by Jesse Erlbaum on the Perl CGI::Application module. "CGI::Application builds upon the bedrock of CGI, adding a structure for writing truly reusable Web-applications. CGI::Application takes what works about CGI and simply provides a structure to negate some of the more onerous programming techniques that have cast an unfavorable light upon it." Window SystemsBonobo and Mozilla's XPCOM. IBM developerWorks has two articles by Uche Ogbuji available on "Bridging Bonobo and XPCOM". One goes into specific techniques for bridging components and the other provides a walk through example implementations. Both tutorials require a free registration. GNUstep LaunchPad Version 1.0.1. The GNUstep project has released an update to their LaunchPad libraries for creating non-GUI applications using an API based on OpenStep and the MacOS X API. Gtk-Perl version 0.7007 released. A new version of the Perl bindings fo GTK has been released by project maintainer Paolo Molaro. This version features better documentation, bug fixes, memory leak fixes, and support for new versions of the Gnome libraries. Section Editor: Forrest Cook |
June 7, 2001
|
|
Programming LanguagesCamlCaml Weekly News for June 5, 2001. The June 5, 2001 edition of the Caml Weekly News is out. News this week features a new release of Camlp4, OCaml compiler optimizations, and more. FORTRANg95: Free Crunch Time. If you have some FORTRAN 95 code that you want to run, check out the g95 Fortran Compiler project. The compiler is still in an "embryonic state", but appears to be moving forward at a decent rate. The g95 team aims to have the software included in GCC, the Gnu Compiler Collection. HaskellHaskell Updates. A few updates to the Haskell project have been announced. Version 5.00.1 of the Glasgow Haskell Compiler is available, and a beta version of Hat, the Haskell tracker was also announced. JavaJava2 SE v1.3.1 rc 1. The Blackdown Java-Linux Team has announced the release of Java2 SE v1.3.1 rc 1 for the Linux/ARM architecture. LispLISA 0.9.2 Beta released. Version 0.9.2 Beta of the Lisp-based Intelligent Software Agents (LISA) has been released. This version features bug fixes, improved support for CLOS pattern matching, and an updated reference guide. Prototype cCLan announced. A prototype of the comprehensive Common Lisp archive network, or cCLan, has been announced. The site aims to be the Lisp language equivalent of the Perl CPAN, a central repository for Lisp packages. PerlTurning the Tides on Perl's Attitude Toward Beginners ( Perl.com). This article from Perl.com examines how the Perl community can open its arms to beginners better than it has in the past. "After said programmer has been flambe'ed to perfection they have to endure five more messages concerning the use of chop() and its evils, not to mention a handful of warnings about why putting double quotes around $username will cause famine in the land. Granted, these last few messages contain good information, but it's unlikely the beginner will even read these messages. Why would anyone want to subject themselves to more abuse when it's easier to delete the messages and move on to another programming language?" Perl 5 Porters for June 5, 2001. The June 5, 2001 edition of the Perl 5 Porters digest is out. Topics include improving the Perl test suite, installing libnet into the core of Perl, work on making Perl build cleanly with -Wall (with no mention of -Larry), and more. Perl 6 Porters for June 3, 2001. The June 3 edition of Perl 6 Porters is available. This week's issue covers more on virtual registers, coding conventions, the new magical variable it, and more. Tracking Perl Module Use (Dr. Dobbs'). Brian Dfoy takes a look at tracking Perl Modules in a Dr. Dobbs' article. "Hundreds of Perl modules are available to expand the language for almost any task. There are even modules, such as CPAN.pm and Devel::Modlist, to help manage the modules you use." PHPPHP Weekly Summary for June 4, 2001. The June 4, 2001 edition of the PHP Weekly Summary has been published. Topics include fixing the cURL extension and the PHP test suite, a new TUX SAPI module, and timing for the release of the upcoming PHP 4.0.6 rc2. PythonDr. Dobb's Python-URL! for June 4, 2001. The June 4, 2001 edition of the Dr. Dobb's weekly Python summary is available. Topics include the DISLIN data plotting library, generating graphics with Piddle, the PYUI user interface, Python games, and more. Getting started with PyXPCOM (IBM developerWorks). IBM's developerWorks looks at PyXPCOM, the Python interface to XPCOM that comes as part of the Komodo project. "The main developer of PyXPCOM is Mark Hammond, who is also the main force behind the Python binding for COM. He's had help from others including David Ascher and the expanding community of PyXPCOM users. PyXPCOM allows the developer to access XPCOM objects from Python code and implement XPCOM objects in Python code." Dive Into Python Chapter 5. Chapter 5 of the free online Python book has been announced. This chapter covers Python unit testing with PyUnit. Pyagent 1.00 released. Version 1.00 of pyagent, an open infrastructure for intelligent agents has been announced. "Pyagent provides a simple, open infrastructure for intelligent agents. pyagent is based on Frederik Lundh's implementation of XML-RPC." RubyRuby 1.6.4 available. A new version of Ruby is available from the Ruby home page. The list of changes includes numerous bug fixes. Tcl/TkDr. Dobb's Tcl-URL! for June 4, 2001. The June 4, 2001 edition of the Dr. Dobb's Tcl-URL! is available. Topics include Tcl and 64 bit integers, building TclPro, working with directories and sym links, and more. "Also noteworthy, from the director of the Tcl Consortium: 'The lawyers can make rules, but these guys (open source programmers) will find a way to get around them.'" XMLThe State of XML: Why Individuals Matter (O'Reilly). Edd Dumbill adapted his closing notes to the XML Europe 2001 conference and has produced an article on Why Individuals Matter. "Adding XML into your computing environment can be like initiating a chain reaction. Once one component can import, export, or process XML, it becomes obvious that there will be great benefit if the next component does, and the next, and so on. Within organizations and systems, XML is starting to form the basis for a 'data bus,' where information can flow between applications with less resistance and effort than previously." The article provides a good overall look at the current state of XML. Revisiting XML tools for Python (IBM developerWorks). David Mertz takes a look at Python based XML tools in an IBM developerWorks article. "The first two installments of Charming Python by David Mertz provided an overview of working with XML in Python. In the year since those initial writings, however, the state of XML tools for Python has advanced significantly. Unfortunately, most of these advances have not been backwards compatible. This special installment article revisits the author's previous discussion of XML tools, and provides up-to-date code samples." Section Editor: Forrest Cook |
Language Links Caml Caml Hump Tiny COBOL Erlang g95 Fortran Gnu Compiler Collection (GCC) Gnu Compiler for the Java Language (GCJ) Guile Haskell IBM Java Zone Jython Free the X3J Thirteen (Lisp) Use Perl O'Reilly's perl.com Dr. Dobbs' Perl PHP PHP Weekly Summary Daily Python-URL Python.org Python.faqts Python Eggs Ruby Ruby Garden MIT Scheme Schemers Squeak Smalltalk Why Smalltalk Tcl Developer Xchange Tcl-tk.net O'Reilly's XML.com Regular Expressions |
Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Commerce page. |
Linux and BusinessSharp's PDA. This week's big commerce news came out of the JavaOne conference in San Francisco. Rumors of the new Sharp Zaurus personal digital assistant have been floating around for some time but this week the reality hit the road. The new device is a Linux based StrongARM platform which uses a Java virtual machine for applications. Lineo was chosen to provide their Embedix Embedded Linux distribution for the system. The device, which is expected to become widely available sometime this Fall, currently holds 32MB of memory with an additional 16MB available in Flash. It sports a 240x320 reflective TFT color display and multiple card slots. Communication with the device will be possible through IrDA, USB, and serial ports, along with an audio out headphone jack. Amiga has already announced their plans to port and write Java applications for gaming, 2D, 3D, animation, video, and music to the new platform.
EuroLinux alliance on the Hague Convention. The EuroLinux Alliance has issued a press release on the dangers posed by the draft Hague Convention revision. EuroLinux fears that, among other things, the Convention could pave the way for the enforcement of U.S. laws in Europe - including software patents and the Digital Millennium Copyright Act. Have a look for more information. IBM, Devgen analyze genomic data. Belgium-based biotech company Devgen NV has deployed IBM technology to conduct genetic research on a microscopic roundworm (C. elegans). This research is being done to help fight human diseases such as diabetes, depression and obesity. Devgen's new system includes a cluster of IBM eServer systems running Linux and AIX which is used to analyze genome information. VMware Offers 2001 College Graduates Special. VMWare has announced a program for graduating college students to get a discount on VMWare Express. The discount drops the price to $20.01 from the retail price of $79.00. Caldera Establishes Japanese Subsidiary. Caldera announced the formation of its Japanese subsidiary, Caldera K.K. The venture will be backed by Fujitsu and Hitachi. Open source WAP/SMS gateway developer files for bankruptcy. Wapit, the Finish company that developed the Open Source WAP and SMS gateway Kannel has announced it is filing for bankruptcy after failing to secure a second round of funding. (Thanks to J.H.M. Dassen) Linux Stock Index for May 31 to June 06, 2001
LSI at closing on May 31, 2001 31.96
The high for the week was 32.85
Press Releases:Open source productsUnless specified, license is unverified.
Distributions and bundled products
Proprietary Products for Linux
Hardware and bundled products
Products and Services Using Linux
Products With Linux Versions
Java Products
Books & Training
Partnerships
Personnel & New Offices
Financial Results
Other
Section Editor: Michael J. Hammel. |
June 7, 2001
|
Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Linux in the news page. |
Linux in the newsRecommended ReadingUnsung heroes: Linux Kernel Janitors (NewsForge). NewsForge looks at the Kernel Janitors Project. "The chosen name, Janitors, indicates the relative glory of code cleanup. Still, the prestige of contributing to a major piece of free software is hard to ignore. Half of becoming a free software developer is knowing where to start." A Constitutional Right to Decode? (Wired). Wired examines the EFF's battle over the DeCSS rulings. "During oral arguments on May 1, the three-judge panel appeared to be siding with copyright over free speech, but then took the unusual step a week later of sending both sides 11 questions to answer. The queries included "Does the dissemination of DeCSS have both speech and non-speech elements?" and "Does the use of DeCSS to decrypt an encrypted DVD have both speech and non-speech elements?"" Brazilian Army adopts free software. According to this portuguese language article, the Brazilian Army is set to adopt free software. "The Brazilian Army also is in phase of implementation of free software, already using the Linux, StarOffice and Direto - developed in partnership for the Procergs and university - as solution for the e-mail." The Babelfish translation is failry clear with this one. (Thanks to Cesar G.) Itanium: New Opening For linux? (ZDNet). Interactive Week thinks Itanium may be just the ticket that Linux vendors need to get into the high end server market. "Intel has teamed with Linux vendors to bring the open source OS to the new chip. And those vendors are eager to raise Linux to a high-performance platform." Linux forklifts in the data warehouse (ZDNet). Last week's LinuxWorld Tokyo showed just how involved database vendors, both proprietary and open source, are getting in the Linux arena. For example, Oracle has taken more than a 50% stake in the Japanese Miracle Linux distribution. "PostgreSQL lists a Web page full of commercial support organizations, of which the best-known (or at least best-funded) is GreatBridge. For those in Japan who don't need all the horsepower of Oracle, Miracle Linux offers a Linux/PostgreSQL bundle." Free Web: Its days are numbered? (ZDNet). While some free web services are drying up, access to wide spread free content will never go away, even as some sites are learning to make a successful business out of sbuscription based content, according to this ZDNet special report. "Copyrighted or not, most of the basic information that viewers found for free yesterday will be freely available tomorrow. For this reason, many industry experts doubt that Yahoo and other portals will be able to charge for some content because it is so widely available through other online sources." Looking Ahead To Linux 2.5, 2.6 (Byte). An interesting and rather detailed look at what may be ahead for the 2.5 and 2.6 kernel series comes from this Byte article. "Next to the inclusion of SGI's XFS and IBM's JFS file systems in the current 2.4.x source tree, several other new features might show up in 2.5. For one thing, senior Linux people and I have discussed including the Mosix clustering software in the standard source tree. Activating the Mosix cluster on any given Intel machine would just require re-compiling the kernel with the Mosix option = TRUE." Open-source spat spurs software change (News.com). News.com covers the IPFilter licensing debate. "The squabble illustrates some of the pitfalls of the open-source software movement, in which philosophical principles can butt heads with the legal complexities of intellectual property law. Though proprietary software isn't immune from such tangles, companies writing proprietary code typically have better access to legal advice than the open-source programmers, often volunteers working on their own time." CompaniesSun promotes Java on Cobalt servers (News.com). Sun has released a developer's kit to make Java software run on Linux-based Cobalt servers run. "The software kit comes with features that let the servers run Java programs called servlets and deliver custom Web pages using the Java Server Pages software, Sun said. These technologies are built into an open-source software package called Tomcat that ships with new Cobalt servers." Sharp picks Intel for handheld (Reuters). A brief Reuters note indicates that the Sharp Linux-PDA will be using a StrongARM chip from Intel. "Until now, Japan's Sharp has used Hitachi chips. Compaq Computer's iPaq handheld already uses Intel's StrongARM chip. Sharp's upcoming handheld will run on the upstart and increasing popular Linux operating system". BusinessOpen Source-onomics: Examining some pseudo-economic arguments about Open Source (FreeOS.com). The failure of Linux stocks is not representative of the truth behind Linux economics, as this article tries to prove. "At a certain point in time, commercial vendors may be reduced to selling differentiated features that 90 percent of the market doesn't need, while the most commonly-required features will be available to all, free of charge. Those common features will conform to standards, while proprietary, differentiating features will remain exactly that, -- proprietary and non-standard. It is such commoditization of the market that could slaughter proprietary commercial software, driving it into niches and ensuring that the mainstream goes Open Source." This is a well thought out treatise on the value of Linux both for business and individuals and is definitely worth a read. ReviewsTaking linux in hand (ZDNet). ZDNet examines the Linux-based VR3. "The VR3 runs Linux-VR, a branch of the Linux 2.4 test kernel from Silicon Graphics Inc. The VR3's GUI is driven by a slimmed-down X server and the Fast Light Window Manager." Python Documentation Tips and Tricks (ONLamp). Cameron Laird looks at the documentation of Python code in this ONLamp article. "The culture of the Python community reinforces high standards in documentation. Since the existing documentation is good, code authors expect that they will need to do as well for new contributions." MiscellaneousLinux on the Desktop--an Impossible Dream? (Linux Journal). Is the usable desktop an unattainable goal for Linux? Not according to this Linux Journal opinion piece. "I believe there's a bright future for Linux on the desktop, but understanding this future requires going beyond viewing the Linux desktop in isolation. Smith's point focuses on the difficulties of Linux in 'pulling' users away from Windows and Mac OS--but that's only part of the story. As the history of personal computing reveals, major usage shifts involve 'push' as well as 'pull.'" Section Editor: Forrest Cook |
June 7, 2001 |
Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Announcements page. |
AnnouncementsResourcesWhat is open source software? (CNN). CNN tries to explain open source software to the common man. "The concept of open source software is sometimes hard to understand for IT executives who are familiar with traditional ways of buying software. Concerns about support and accountability are valid when thinking about using open source software. But supporters assert that open source is more reliable because problems can be found and fixed quicker." Linux Gazette #67 (June 2001). The monthly Linux Gazette has been published for the month of June. Topics in this issue include spam protection with Mailfilter, an introduction to awk and using ssh-agent. HumorThe tribulations of being a wandering penguin. Dr. Fun tells us that it can be tough to be a penguin on the move.... EventsLinux-Kongress 2001 Announcement and Call-For-Papers. The announcement and call-for-papers for the Linux-Kongress 2001 has been released. The event will be held November 28-30, 2001 at the University of Twente, Enschede, The Netherlands. Linux-Kongress "has evolved into the most important meeting for Linux experts and developers in Europe. This year is special because we celebrate the 10th anniversary of Linux and are organizing the conference for the first time outside Germany". Linux@work Paris & Brussels. Linux@work Paris and Brussels, scheduled June 13th and 14th, will be holding two keynote panels on the topic "Is Open Source Software threatening intellectual property?" Australian Open Source Symposium. The Australian Open Source Symposium will be held next week, on Saturday, June 16th, in Canberra, Australia. "The purpose of this event is to bring together the Australian Open Source community on an annual basis". Events: June 7th - August 2nd, 2001.
User Group NewsLUG Events: June 7th - June 21st, 2001.
Event announcements should be sent to lwn@lwn.net in plain text. |
June 7, 2001 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Software AnnouncementsHere are this week's Freshmeat software announcements. Freshmeat now offers the announcements sorted in two different ways: The Alphabetical List and Sorted by license |
Our software announcements are provided courtesy of FreshMeat
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Linux History page. |
This week in Linux historyFive years ago: Linus Torvalds released the 2.0 kernel on June 9, 1996. This was the first (stable) release to support the Alpha processor and to support SMP systems, among many other things. The penguin logo was offically adopted at this time as well. After five years, it seems like Tux has been around forever. Three years ago (June 11, 1998 LWN): yes, it's been three years since the infamous John Dodge article, one of the classic examples of early-day ZDNet FUD: First, let me say that I am uniquely unqualified to write about this week's topic. Like most of you, I've never used Linux.... "Uniquely unqualified" indeed. Adaptec finally saw the light, and started providing programming information for its controllers to the Linux community. The long-awaited GIMP 1.0 release happened, finally. GNOME 0.2 was also released. Two years ago: (June 10, 1999 LWN): Red Hat filed for its initial public offering of stock - the first of (shorter than expected) series of Linux IPOs. LWN's analysis of the IPO filing is still available; it is interesting to see how things have changed. Somehow "my.redhat.com" never did seem like a winner... But the mere fact that there is now an official SEC document that includes the text of the GPL serves as fairly astonishing proof that the rules of the software business really are being rewritten.
The Debian Project chose its new logo, after a long process involving a great many proposals. Debian also officially adopted the Filesystem Hierarchy Standard. One year ago (June 8, 2000 LWN): Richard Stallman went on the attack against Open Motif and its not-really-free license. Their announcement says they have released Motif to "the open source community", but this is true only in an unnatural interpretation of the words. They have not made Motif available within the free software community; instead, they have invited the people in the free software community to leave the community by using Motif.
One year later, the non-free license remains. Plan 9, meanwhile, was released under a not-quite-free license. Linux-Mandrake 7.1 was released. Turbolinux had its first big round of layoffs, at the same time that it was paying founders Cliff and Iris Miller over $8 million to leave the company. Remember how people were talking about Eazel a year ago? When is a startup more than a startup? When that startup is kissed with the golden glow of success long before it retains a public relations firm or the first PowerPoint presentation is drafted. What does such a firm look like? It might have $13 million in startup funding based on a handful of phone calls. It might have some of the most talented programmers the world has produced to date. It might have the kind of seasoned management, with a little gray at the temples, that makes venture capitalists nod sagely and move along to the next and more troublesome funding project. Things sure did look different back then... Ah yes, it has now been one year since the antitrust judgement against Microsoft. Not much has changed on that front either.... |
June 7, 2001
LWN Linux Timelines |
Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Letters page. |
Letters to the editorLetters to the editor should be sent to letters@lwn.net. Preference will be given to letters which are short, to the point, and well written. If you want your email address "anti-spammed" in some way please be sure to let us know. We do not have a policy against anonymous letters, but we will be reluctant to include them. |
June 7, 2001 |
From: "Michael Hunt" <michael.j.hunt@usa.net> To: <letters@lwn.net> Subject: Some positive thoughts on the Desktop section Date: Thu, 31 May 2001 12:30:24 +0100 It seems lately that Hammel has been getting some flack over his writings for LWN's Desktop section and while I can see the point of peoples claims (i.e. that the feel of the writing is not in the tradition or spirit of LWN) I do want to point out some positive points (since I am ever the optimist). 1. This weeks Desktop section was the best so far and I think much more in line with what readers expect from LWN. Having read Michael's GIMP book the expertise on Linux printing is to be expected and shows through and I wish to applauded him for the quality of it. 2. His pointers to good resources on the subject of printing showed research and allowed people who were interested in the topic to pursue it, while leaving others free to move on. 3. Comment was concise and to the point. It was also stated in a "mater of fact" way not a "I think this is right". 4. News coverage was to the point and not long winded. I understand that any new direction that LWN takes is going to be meet with challenges such as readership acceptance, maintaining of style, keeping your core focus etc. So far the desktop section has not entirely meet all of these satisfactorily but if this weeks edition is anything to go by you are getting much closer. Michael Hunt An Aussie in Africa P.S. As a GNOME user I have enough trouble just trying to stay up to date with it let alone all the other desktops out there. | ||
From: Hans-Peter Fischer <hp.fischer@heidenheim.com> To: letters@lwn.net Subject: On The Desktop Date: Thu, 31 May 2001 19:10:51 +0200 (CEST) Dear editor, I am writing to you because I am somewhat appalled by the hostile reaction of some of your readers to Michael J. Hammel's desktop column, especially Bret Mogilefsky's arrogant "he's got to go" comment. Have all these self-made desktop experts who can't stand witnessing somebody learning something forgotten how to skip an article they don't like? I have no intention to either install KDE or Gnome on my machine because I don't see what they could possibly do for me that fvwm2 can't and because I like all my applications look and behave differently, but I still enjoy reading Mr. Hammel's column simply because it is well written, and sometimes also informative. What I find annoying about LWN is something totally different, namely that it has become more and more "business-minded" over time, and apparently so without any member of the "free" Linux community complaining. So why not split LWN in two: one edition about Linux - in which there would certainly be a place for Mr. Hammel - and one about stock quotes and business with/on Linux? Yours sincerely, Hans-Peter Fischer -- Visit http://www.hei-news.de/ | ||
From: Robert L Krawitz <rlk@alum.mit.edu> To: letters@lwn.net Subject: Printing Date: Thu, 31 May 2001 21:05:19 -0400 I read the On The Desktop section of your May 31 edition with considerable interest. As the project lead for Gimp-Print, I'd like to explain the relationship between Gimp-Print, the GIMP, CUPS, and other printing systems. Gimp-print has indeed seen a major overhaul. It is no longer just the Print plugin for the GIMP; it can be used with CUPS, Ghostscript, Foomatic (http://www.linuxprinting.org/foomatic.html), and (via Ghostscript) plain unadorned lpd and LPRng. At the core, it's organized as a set of dithering routines, color management (of a sort, presently rather ad-hoc), and a collection of drivers for the main families of printers we support (Epson, HP, Lexmark, and Canon). In 4.1 (the current development mainline), this was organized into a shared library that applications that need to generate printer output link against. The current clients of this library are the GIMP Print plugin, a CUPS driver, and a Ghostscript driver (named "stp" when compiled into Ghostscript). Using this package directly through Ghostscript is not recommended due to the large number of options; it's much more convenient to use it with CUPS or Foomatic. The GIMP plugin aside, the package is strictly a driver package. We leave spooling and rendering to people who are experts in that field, and work with those people to ensure that the interfaces between layers are appropriate for our needs. The focus of this project (at least since I started working on it) has always been on high quality output, comparable to or better than OEM drivers in many cases. Some of our developers have backgrounds in color and dithering theory and practice, and this has been of enormous value to the project. We're working on supporting additional printers, including high end professional devices such as the Epson Stylus Pro series of printers. I think that the name of the project, Gimp-Print, is confusing to many people; it's easy to assume that it's just the GIMP plugin. However, we've never succeeded in coming up with a better name, and to be perfectly honest, the association with the GIMP (the premier free end-user graphics application) isn't anything to be ashamed of :-) -- Robert Krawitz <rlk@alum.mit.edu> http://www.tiac.net/users/rlk/ Tall Clubs International -- http://www.tall.org/ or 1-888-IM-TALL-2 Member of the League for Programming Freedom -- mail lpf@uunet.uu.net Project lead for Gimp Print/stp -- http://gimp-print.sourceforge.net "Linux doesn't dictate how I work, I dictate how Linux works." --Eric Crampton | ||
From: "Kevin Postlewaite" <kevin.postlewaite@tumbleweed.com> To: "'lwn@lwn.net'" <lwn@lwn.net> Subject: Response to LWN's statement about Linux security costs Date: Thu, 31 May 2001 12:25:25 -0700 In LWN's front page article about the relative security costs of Linux versus Windows, you wrote: "While it is nice to see a (hopefully) objective result that favors Linux, it is also a little disappointing. 5-15% is a fairly small margin; we should really be able to do better than that. It's a start, anyway. " I used to work for PricewaterhouseCoopers auditing computer security of our clients. We would go in and try to penetrate our clients' systems (with their permission, of course). The main flaws that existed did not have to do with the particular OS but depended on the skill and conscientousness of the system administrators, as well as the computerl security education of the company's employees. The most successful penetrations were obtained when some sysadmin would set the root password to root (or better yet, none at all) or have the Windows Administrator password be Administrator. Also, a surprisingly high number of employees would gladly give out useful information (including accounts and passwords) to people that they didn't know over the phone. People were the weakest link, not the OSes. Thus, I wouldn't expect that the underlying OS would affect the expected damages by much. Far more important than installing Linux is educating the users(not that they shouldn't install Linux anyway :-) ). -Kevin | ||
From: "First Name Last Name" <spamalabasura@my-deja.com> To: letters@lwn.net Subject: Software Auditing Date: Fri, 1 Jun 2001 13:39:32 -0700 Dear LWN editors, I read your front page article on the auditing of free software. You make a good point that not enough auditing is being done. Your articles in LWN can play a very beneficial role in encouraging more people to participate in the auditing process. Instead of describing auditing as 'tedious' and auditors as 'obscure participants' you could focus on successful code auditors. Probably the most active community in the auditing scene of Free Operating Systems is OpenBSD, led by Theo DeRaadt. For OpenBSD hackers, auditing is not tedious and auditors are 'star players'! All areas of software can be interesting once you find the right community. Some people say that writing installation packages is boring but you can ask Debian developers and they'll give you a very different perspective. In future editorial articles on the state of Linux auditing, you could add links to interviews to OpenBSD hackers on how fascinating code auditing can be and also add some pointers on where to learn more about this subject. Approach this subject with enthusiasm and you will encourage more people to do something similar for Linux. Best Regards, Eusebio C Rufian-Zilbermann ------------------------------------------------------------ | ||
From: "Charles Hethcoat" <CHETHCOA@oss.oceaneering.com> To: <lwn@lwn.net> Subject: On the auditing of free software Date: Fri, 01 Jun 2001 17:02:11 -0500 I think your outlook on auditing of code is a tad pessimistic. Sure, code may sit there for years, but I feel it probably gets the attention that it warrants. That is, if it gets little attention, then it's probably doing its job pretty well. The key condition, to me, is that the code is _there_, available for review when necessary. When some situation arises that triggers an widespread audit, then a rapid period of bug squashing ensues. Having open code helps assure that the number of bugs steadily approaches zero over time. The time scale may be hours, days, or years, but I find it reassuring to know that it's headed in the right direction. Compare this to the situation with closed code. Here, you don't have any assurance that anybody is doing anything, at least if you are not a part of the organization that owns the code. Look at how the immortal DOS and Windows bugs remain a part of the landscape forever, even though they are widely known to have caused all sorts of problems for people. Charles Hethcoat Oceaneering Space Systems | ||
From: Mike Coleman <mkc@mathdogs.com> To: letters@lwn.net Subject: Re: The Boundaries of GPL Date: Thu, 31 May 2001 23:29:14 -0500 (CDT) Cc: "Chad C. Walstrom" <chewie@wookimus.net> Chad C. Walstrom's suggestion that the Linux kernel licensing issues could be solved by "unifying" the copyrights of code contributed to the kernel, transferring "copyright control" to the FSF or a newly created non-profit organization, begs the question. The problem itself is that it is not feasible to get all of the past contributors to agree to anything, including any such transfer. (Many would see this as good fortune rather than a problem, in any case.) I believe Mr. Walstrom's characterization of RMS and the FSF as "Marxist-like" is a baseless attack. If he feels that they are a bit too left-leaning for his tastes, though, then he must be absolutely howling with rage at those corporations and individuals who (pounding their shoes on the podium) insist that those of us who GPL our software are obliged to instead give our work away without compensation (i.e., by switching to a non-GPL license). Marxist indeed! -- Mike Coleman, mkc@mathdogs.com http://www.mathdogs.com -- problem solving, expert software development | ||
From: Fred Mobach <fred@mobach.nl> To: Linux Weekly News <lwn@lwn.net> Subject: Re: The Boundaries of GPL Date: Sat, 02 Jun 2001 23:03:13 +0200 "Chad C. Walstrom" <chewie@wookimus.net> wrote : I highly doubt that all the Linux kernel developers could be convinced to sign over copyright control to their contributions to the FSF, as not too many people buy in to the Marxist-like views of RMS and the FSF. It is still every time very offending to read about the "Marxist-like" views of Richard Stallman. Mr. Walstrom should _prove_ why he states this or he should shut up. A little bit of study on marxism and the FSF might help him, although I'm not sure ;-). Regards, Fred -- Fred Mobach - fred@mobach.nl - postmaster@mobach.nl Systemhouse Mobach bv - The Netherlands - since 1976 The Free Transaction Processing Monitor project : http://www.ftpm.org/ | ||
From: "Chad C. Walstrom" <chewie@wookimus.net> To: Mike Coleman <mkc@mathdogs.com> Subject: Re: The Boundaries of GPL Date: Fri, 01 Jun 2001 02:51:51 -0500 Cc: letters@lwn.net To Mr. Mike Coleman: Howling? Baseless attack? You misinterpret me quite wildly, and base some far fetched assumptions about my character from that misinterpretation. My classification of FSF policies as Marxists is not an attack at all. To refute this classification, however, is in most cases an amusing knee-jerk reaction to a "bad word". I do not place a value upon the policies the Free Software Foundation or of Marxism in general, I simply pointed out a commonly accepted observation that the FSF exemplifies many of the same principles. The question about my personal position has no bearing on the conversation. What we do agree on, to some extent, is that it may be difficult to "sign over" control of the Linux kernel from each of its contributors to the FSF or any other centralized foundation. Organizing such a move is no small task. Regardless, these logistics are somewhat off-topic in reference to the original article, which addressed the relationship between a GPL software product and proprietary modules that interface with that product. It is a topic that relates to any similarily licensed products, and one that needs further legal clarification. -- Chad Walstrom <chewie@wookimus.net> | a.k.a. ^chewie http://www.wookimus.net/ | s.k.a. gunnarr Key fingerprint = B4AB D627 9CBD 687E 7A31 1950 0CC7 0B18 206C 5AFD | ||
From: Tres Melton <class5@pacbell.net> To: letters@lwn.net, djb@cr.yp.to, rms@stallman.org, class5@pacbell.net Subject: License trouble everywhere. Date: Sat, 02 Jun 2001 02:41:57 -0600 Dear Editor, I realize that I'm a little late in addressing this issue as you wrote about it in the 24 May 2001 issue. But after reading Richard M Stallman's speech and various other tidbits regarding the licensing of ip_filter and tcp_wrappers (http://bsdtoday.com/2001/June/Features496.html) I thought that this issue might need to be re-examined. Particularly in light of the other article that you wrote regarding djbdns. You mentioned the license as not being free to modify and redistribute djbdns (qmail, and ucspi-tcp). The reasons for this are Mr. Bernstein's and are related to security. It seems that he doesn't want to have modified versions that might have security problems running around the Internet for people to download thinking that he has given them his blessing. I have been a programmer for many years but security is not my forte. I have audited his code (to the best of my abilities) and am reasonably sure of its security; enough to be running his software on my machines. I find his code to be exceptionally clean and well thought out. This is in stark contrast to some of the other servers (sendmail, bind, etc.) that are distributed with the various GNU/Linux distributions. These programs seem to focus on features to the detriment of security. Was it not a security flaw in sendmail that brought the Internet to its knees in the 80's? I believe the first time the major news outlets covered the Internet was to say that it was being devasted by an unkown problem and most of the major sites were pulling the plug to The 'Net until they could fix it. Although that was a bit before my time I'm currently very aware of the various bugs that have been exploited recently in multiple BIND vulnerabilities to create a multitude of migrains for various system administrators throughout the world. A great deal of software that I use that is considered free and/or open and I enjoy tinkering with it. I also enjoy the new features that come out on a regular basis. Unfortunatly some of these features come out without serious thought put into their security. When it comes to running these programs on my desktop, behind my firewall, with limited local access, I can easily tolerate these mistakes in the name of progress. When it comes to a corporate server that is exposed to the Wild, Wild, 'Net that is a different story. In that case I'm very thankful that programs written by Mr. Berstein have his seal of approval; not to mention having survived the security bounty that he has placed on these programs: http://cr.yp.to/djbdns/guarantee.html "I offer $500 to the first person to publicly report a verifiable security hole in the latest version of djbdns" I believe that qmail had a similair bounty for awhile too. I realize the difference between DJB's programs and ipfilter is that ipfilter is embedded within an OS with its own license and not running ontop of it as a service. And I'm not sure how to address a license that is a small part of a whole product with a different license, as in the case of BSD and ipfilter. I do know that I'm willing to accept things like: http://cr.yp.to/qmail/dist.html If you want to distribute modified versions of qmail (including ports, no matter how minor the changes are) you'll have to get my approval. This does not mean approval of your distribution method, your intentions, your e-mail address, your haircut, or any other irrelevant information. It means a detailed review of the exact package that you want to distribute. if it means that I can be assured that the code has undergone a thorough security audit by the author and has his/her seal of approval. I know that Linus keeps a tight leash on 'his' kernel: as distributed by kernel.org but that it doesn't always get the review that it might need. The various forks of Linux are even more murky. I would be in favor of the firewalling code and other security portions of the kernel either not being modified or having the modifications approved by the authors. I know that RMS might not agree but he has the expertise to verify his own code. Some of us do not. The freedoms granted by the GPL are very important to me but so is secure code. There are certain circumstances in which I would be willing to forgo the third freedom of the FSF as RMS put it: http://www.gnu.org/events/rms-nyu-2001-transcript.txt (aprox 1/3 of the way down) And Freedom Three is the freedom to help build your community by publishing an improved version so others can get the benefit of your work. The only places that I would forgo this freedom is in the area of security. Perhaps the solution is to change the license to include an author's seal of approval and allow modification provided that the seal of approval is removed. Afterall what would happend to qmail if DJB got hit by a truck and later a bug was discovered. Could it never be fixed? Would the software fade away? What if he gets hit before he migrates djbdns to IPv6? What would happen to these quality pieces of software? Tres Melton class5@pacbell.net | ||
From: Richard Stallman <rms@gnu.org> To: class5@pacbell.net Subject: Re: License trouble everywhere. Date: Sat, 2 Jun 2001 14:48:49 -0600 (MDT) Cc: letters@lwn.net, djb@cr.yp.to, class5@pacbell.net It is clear that your goals and values are very different from mine. I don't think technical merit can make up for a lack of freedom to distribute modified versions, any more than a capable despot who makes the trains run on time can make up for a lack of democracy. | ||