Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise
news for all interests
Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters
Other LWN stuff:
Archives/search
Recent features: Here is the permanent site for this page. See also: last week's LWN.
|
Leading items and editorialsThis issue of LWN is dedicated to Scott Murray, a co-founder of the Linux Professional Institute and a vital force in its early success. Scott died as a result of illness about two weeks ago, though the word is just getting out now. You will be missed, Scott. gnucash 1.6 and the dependency nightmare. The release of gnucash 1.6 was announced on June 11. gnucash is an important application - it is the only free package which provides comprehensive personal and business finance functionality. Your editor has been using it for over a year, and has been anxiously waiting for it to catch up to what the commercial finance packages can do. From the release notes, the 1.6 release has gotten much closer to that goal; unfortunately, LWN is not, as yet, able to say more than that. You see, we have not yet been able to make it work on any of our systems. gnucash is perhaps the prime example of shared library dependency hell. The executable requires no less than 60 different shared libraries, all, of course, with the right version. Upgrading to GNOME 1.4 addresses many of those dependencies, but not all of them. Dealing with the rest has proved tricky, even for people who are accustomed to this sort of problem. There is no criticism of gnucash intended here. The gnucash developers are trying to produce the best package they can by taking full advantage of the work that has been done by others. That is how component-oriented software development is supposed to work, after all. And gnucash is certainly not the only application that presents this sort of dependency issue. But there is an important point that is worth raising here. A program that needs 60 different libraries is depending on a very complicated software environment to support it. As of this writing, there is probably not a single distribution which, out of the box, provides that environment. Upgrading to that environment is helped by the various update services and tools that an increasing number of distributions are providing. It is worth asking, however, just how many of you would proceed with such an upgrade in confidence that it would work, and that nothing else would break? As the Linux software environment becomes more complex and powerful, it also risks becoming more brittle. The desktop will not be won as long as users must upgrade dozens of libraries, with a good possibility of breaking their systems, to get a new personal finance application. The desktop developers have a serious challenge ahead of them here: make the environment robust and easy to upgrade, or see the users wander away in frustration. (As an addendum, it's worth noting that the gnucash developers have plans to offer a CD with the application and all required libraries shortly). Linus is not accountable? We got a pointer this week to a white paper published by Microsoft entitled "Linux in Retail & Hospitality: What Every Retailer Should Know." It is available from the Microsoft web site, but only in Word format. It contains a pretty serious copyright notice that prevents us from putting up a decrypted version, unfortunately. It is a worthwhile read. While the company's executives make people laugh by calling Linux "a cancer," this document dedicates a dozen pages to flat out Fear, Uncertainty, and Doubt. It even cites LWN editor Liz Coolbaugh as an expert on the number of distributions available, which, of course, is presented as a problem: Imagine how confusing it would be if Microsoft released 188 versions of Windows and multiple versions of the GUI, each with a slightly different functionality? Wouldn't that be confusing? Wouldn't it be extremely difficult to run an enterprise solution with confidence about your future and return on investment in Microsoft products? That is the exact scenario that Linux is presently in by having so many distributions. You read it here: choice is bad. Rather than get into a point-by-point rebuttal, however, we would like to focus on one issue in particular: With everything being in Torvalds' hands, he is in total control over where the future of Linux goes. If he doesn't want a new retail feature to be included in the core operating system, it will not be included. Additionally, he doesn't have any accountability to the industry when the releases are delayed, if they do not work well, etc.
One could have a lot of fun examining the degree of "accountability" shown by Microsoft when its releases are delayed, when they did not work well, etc. But that misses the point. The important thing to point out here is that Linus has, simultaneously, less control and more accountability than Microsoft would like its readers to believe. On the issue of control, it suffices to say that Linus' domain does not extend beyond the kernel. Most of what users see as "Linux" has very little to do with Linus; it is, instead, the responsibility of thousands of developers worldwide. In particular, almost anything seen as a "retail feature" is unlikely to involve him. Linus has a level of accountability that far surpasses anything Microsoft can claim: he can only lead where users and developers will follow. There is no structure that requires anybody to run or develop for his standard kernels; if he mismanages development, he may well find himself in charge of an obscure fork while the real activity goes elsewhere. For an example of how this can work, see the the coverage of the device number debate in the May 17 LWN Kernel Page. When Linus made an unpopular decision, Alan Cox refused to follow him. As a result, many prominent distributions will probably include kernels that implement a policy different from that decreed by Linus. In fact, most of the major distributors employ high-profile kernel hackers, and almost all of them distribute kernels which have been modified in some way. They have, in other words, declined to follow Linus in situations where they feel that their users' needs call for something different. Thus, for example, SuSE users have had ReiserFS for some time, and Red Hat users had the current RAID implementation, even though the standard 2.2 kernel did not. This is one of the great powers that free software gives to its users: nobody can prevent them from incorporating whatever functionality or changes suit their needs. And it is the core of Linus' accountability. If he tries to take the kernel in the wrong direction, his user community will simply go around him. Proprietary software vendors generally lack that accountability, and their users suffer for it. The survey results are in. Thanks again to everybody who took the time to fill in the form. Here, for those who are interested, is a set of highlights from the results. There was much there that was interesting to us.
We're still digesting the results of the survey; there is a lot of information there. We would like to thank you all, one more time, for giving us a bit of your time. It will help us to create a better LWN for everybody. New LWN.net events calendar. The LWN.net Linux Events Calendar has seen a much-needed, much-delayed major upgrade. The new, Zope-based calendar provides a more flexible interface, and the ability to filter events by type. And finally we've done something with that linuxcalendar.com domain name... Have a look, we hope you like it. Inside this week's Linux Weekly News:
This Week's LWN was brought to you by:
|
June 14, 2001
|
Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Security page. |
SecurityNews and EditorialsNon-executable stack and heap for Linux. Discussion regarding the security value and cost of implementing non-executable stack and heap for Linux was revived this week with the announcement of RSC, a non-executable stack and heap kernel module for Linux by author Paul Starzetz. Other projects with similar goals were discussed, such as PAX, announced back in October. Non-executable data areas, of course, are interesting to some because they can block certain types of buffer overflow attacks.
During the discussion, Crispin Cowan posted
this message
which provides links to prior discussions on this topic, related
papers and more. We recommend perusing it if you are interested
in the topic.
He summed up the argument for non-executable heap and stack fairly
succintly, presuming, of course, that the implementation costs
are not too high. Crispin writes:
That is, of course, not the end of the conversation - not everybody thinks that the "security through obscurity" approach of non-executable data segments is worth the trouble. Open source to the rescue (ZDNet UK). This article in ZDNet UK looks at the European Parliament's stand on open source. "I thought this particularly interesting since it was among the resolutions voted for by the European Parliament, and must surely be the first time any parliament has come out and said that open source software is intrinsically more secure than closed source software. Microsoft take note. More interesting still was the European Parliament's resolution to urge member states to devise ''measures to promote, develop and manufacture European encryption technology and software and, above all, to support projects aimed at developing user-friendly open-source encryption software.''" Pittsburgh Company Helps Write Code for European Privacy Standards on Web (Pittsburgh Post-Gazette). Bright Plaza, Inc., a Pittsburgh, USA based technology firm, will be working with the European Commission as they look at developing a prototype for new software to protect privacy on the Web. "The EC initiative is driven by a widespread European belief that life in the Information Age makes personal information far too accessible, said [Carnegie Mellon University scientist Robert] Thibadeau. 'The Europeans are ahead of the U.S.,' he said. 'They regard privacy as if it's part of you as a human being. And they say the state has an obligation to protect your privacy, just as it has an obligation to protect your life'". Fluffy Bunny speaks on IRC. The cracker behind the SourceForge, Themes.org and Apache break-ins has apparently done an IRC interview, the summary of which has been posted to SecurityFocus. "The cracker also explained how all the recent compromises were related. The common link: a packet sniffer Fluffy Bunny put in place on Exodus. "There was a sniffer on exodus yes, but there are sniffers everywhere," Bunny wrote." The identity of the interviewee has not been confirmed, however. (Thanks to Joe Barr) Security ReportsLPRng supplemental group membership vulnerability. LPRng fails to drop membership in supplemental groups at the same time it drops setuid and setgid privileges. As a result, such supplemental groups may provide access to enhanced privileges. This bug was not referenced on the LPRng home page, but Red Hat has issued updated packages with a fix for the problem. This is also covered in BugTraq ID 2865.XFree86 X font server (xfs) denial-of-service vulnerability. The X font server xfs, part of XFree86, has been reported to contain a denial-of-service vulnerability. When connected to "numerous" times and given random data, xfs may crash, which can, in turn, cause the X server to crash as well. This is only applicable to font servers that are listening to TCP/IP, which is likely only the case for a machine that is serving X terminals. No workaround or fix for the problem has been reported so far.gdm cookie vulnerability. gdm 2.2.2.1 has been released and, according to the changelog, contains a fix for a security problem under which an attacker could log in, save his cookie and then have that cookie used by the next person to log in.
xinetd buffer overflow. A buffer overflow has been reported in xinetd which may be exploitable either to gain elevated privileges or to cause a denial-of-service. The buffer overflow is in the ident logging portion of xinetd, so one workaround to the problem is to disable ident logging.Linux FPF kernel module denial of service vulnerability. FPF is a Linux kernel module which can be used to alter the Linux TCP/IP stack in order to emulate other operating systems when the system is probed by tools such as nmap or Queso. With the patch applied, it is possible to cause the kernel to panic by sending it multiple fragmented packets. A fix for the problem has been released. Nonetheless, the authors still state that the module has some problems and they recommend against using it on servers.exim format string vulnerability. A locally-exploitable format string vulnerability has been reported in exim, a GPL-d Mail Transfer Agent. Root access may be gained if the 'syntax checking' mode is turned on (not the default). Workarounds and an unofficial patch are available. The patch will be rolled into exim 3.30, which is expected to be released "soon".man-db nested calls vulnerability. The man-db vulnerability of the week involves the manner in which calls to drop_effective_privs and regain_effective_privs are handled. Nested versions of such calls can be used to cause man-db to regain privileges too early, which could result in a user being able to create files as user man.su-wrapper buffer overflow. su-wrapper is used to execute processes under different uids. A buffer overflow has been reported in su-wrapper 1.1.1. No official patch or upgrade has been released, but an unofficial, untested patch has been posted.Fcron symbolic link vulnerability. fcron is a periodic command scheduler which implements the functionality of vixie cron but does not assume that your system runs all the time or regularly. A symbolic link vulnerability has been reported in fcron 1.0. Versions 1.0.1, 1.0.2 and 1.0.3 have been reported not vulnerable, so presumably an upgrade to one of these versions will resolve the problem. No information on whether or not the latest development version, 1.1.0, is affected has been posted.TIAtunnel remote access vulnerability. TIAtunnel is a simple IRC bouncer, released under the GPL. A vulnerability has been reported in TIAtunnel that can be exploited by a remote attacker to gain a local shell under the TIAtunnel account. This was found in PKCrew TIAtunnel 0.9alpha2 and has been fixed in TIAtunnel 0.9alpha3. Note that a stable version of the software has not yet been released.Proprietary products. The following proprietary products were reported to contain vulnerabilities:
Updatesispell symbolic link vulnerabilities. Check the June 7th LWN Security Summary for the original report.This week's updates:
xinetd default umask vulnerability. Check the June 7th LWN Security Summary for the original report. Fixing the problem simply requires that the default umask for xinetd be set to 022 instead of 000. This is also covered in BugTraq ID 2826.This week's updates: Previous updates:
gnupg format string vulnerability. Check the May 31st LWN Security Summary for the initial report. gnupg 1.0.5 and earlier are vulnerable; gnupg 1.0.6 contains a fix for this problem and an upgrade is recommended. Werner Koch also sent out a note warning of minor build problems with gnupg 1.0.6 when compiled without gcc.This week's updates:
multiple imapd buffer overflows. Check the March 15th LWN Security Summary for the original report. This is also covered in BugTraq ID 2856.This week's updates: Previous updates:GTK+ module use in setgid/setuid programs. Check the January 4th, 2001 Security Summary for the original discussion of this issue. The official position of the GTK+ team is that setuid and setgid programs are a bad idea for GUI toolkits and are not supported by the GTK+ toolkit.This week's advisories:
Multiple buffer overflows in tcpdump. Multiple buffer overflows in tcpdump were reported in our November 2nd, 2000 edition. Check also BugTraq ID 1870This week's updates: Previous updates:
ResourcesIBM Whitepaper: The Linux Security 'State of the Union'. Dated May 11, 2001, nonetheless it was this week that this IBM whitepaper first came our way. It contains a nice description of Linux security efforts, such as LIDS, Snort, RSBAC, NSA Security Enhanced Linux, StackGuard, packet filtering, LOMAC, PortSentry and TCS. New Security Portal moderated security discussion list. SecurityPortal has started a new, moderated discussion list for security issues, seeded with a few SecurityPortal people to make sure that an effort is made to answer questions posed to the list. EventsUpcoming Security Events.
For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net. Section Editor: Liz Coolbaugh |
June 14, 2001
LWN Resources | |||||||||||||||||||||||||||||||||
Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Kernel page. |
Kernel developmentThe current kernel release is still 2.4.5. Linus released 2.4.6pre3 on June 13. It includes a relatively large set of fixes and updates, including the long-awaited fix that allows ReiserFS filesystems to be exported by NFS; a number of virtual memory updates; a bunch of virtual filesystem cleanups by Alexander Viro; and many other fixes. Linus didn't see fit to mention it, but, as of pre2, the kernel also contains a Bluetooth protocol implementation. The VM changes include work from a number of developers. After some rigorous testing here at LWN Labs (i.e. "run it on your desktop and see what happens"), we conclude that a number of the VM issues have, in fact, been addressed. It is not perfect, yet, but progress is being made. It's nice to have a system that doesn't seem to be running out of swap all the time. On the other hand, there have been reports of compile-time warnings due, as it turns out, to a change in the PCI bus API. One might object that this is supposed to be a stable kernel series; evidently the kernel developers concluded that there were few users of this particular interface and a change would not cause problems. Some people disagree, however. The 32-bit DMA zone patch, covered last week, is still not present in the 2.4.6 prepatch. Linus likes the idea, but wants some changes which create a new interface for setting up memory zones in a more flexible manner. Alan Cox's latest is 2.4.5ac13. Alan is evidently doing jury duty, and has thus been relatively quiet. A new networking patch pushes the limits of what modules can do. La Monte Yarroll is working on the Linux Kernel SCTP project, which is producing a Stream Control Transmission Protocol implementation for Linux. The SCTP folks have found that it is hard to just plug a new networking protocol into the kernel - the interfaces are just not set up for that. So Mr. Yarroll has posted a patch which creates a new registration interface. The current static tables are replaced with a dynamic structure, and a set of functions has been provided which allows a module to add its new protocol to the system. It seems like a useful patch, which should not be overly controversial. Until, that is, somebody asked if this interface could be used to replace the TCP implementation in the kernel. The answer was "yes," though any hopes of having the new implementation pick up existing connections should be forgotten. Here's David Miller's take on the idea of plugging in new TCP implementations: I will never in my lifetime allow such a facility to be added to the Linux kernel.
One might safely conclude that he does not like the idea. The problem is that David does not want to open the door for people to plug proprietary TCP implementations into the kernel. Linus has, of course, said that non-free kernel modules are OK, as long as they stick to the published module interface. That interface currently does not allow the replacement of network protocol stacks, so the only way to do so would be to link the new implementation directly. Doing so with a proprietary implementation would clearly violate the GPL. Mr. Miller (and many others) are happy with that state of affairs. This approach is not particularly new or surprising - Linus does not allow modules to add new system calls for the same reason. Binary-only kernel modules are tolerated, grudgingly, but only for certain tasks, such as driving devices. "Embracing and extending" the kernel by replacing whole subsystems goes a little too far. Of course, as was covered on the LWN front page two weeks ago, some people think that even Linus's interpretation is too liberal. So the registration patch will probably see some minor reworking so that it does not allow the replacement of existing network protocols. But the issue of binary modules is likely to return, soon. There may yet come a point where they are no longer allowed. The kernel and data formats. Another area of ongoing discussion has to do with how the kernel returns data to user space. Last week's Kernel Page mentioned the discussion of temperature formats; this discussion is worth revisiting (along with one other) because they illustrate how some kernel interface decisions are made. Last week we reported that kelvins were the likely choice of units for temperatures reported by CPU monitors and such. In fact, a number of people have been advocating for temperatures to be reported in tenths of kelvins, or even hundredths. The stated advantages of this format are that the numbers will always be non-negative, and that a very wide range of temperatures can be represented with 16 bits - a wider range, certainly, than most computers will endure and be expected to still function. Or so it seems. The assertion that kelvins can not be negative was quickly refuted, but the argument is mostly of interest to pedantic quantum physics enthusiasts. Once again, this is not within the normal operating specifications of current commodity hardware. Using anything other than straight kelvins has also been controversial. The point being made is that returning a value in hundredths of kelvins might fool people into believing that the temperature measurements are actually that accurate. One degree of precision is more than adequate for modern CPU temperature sensors, and a more precise measurement would be useless even if it were accurate. Nonetheless, there are people who would like the more precise format, for the simple reason that it may be needed in the future, and these interfaces are hard to change once they are in use. A final resolution has not happened, but a likely format will be tenths of kelvins, since ACPI already uses the format. Some people have argued for a system configuration option which would allow selection of whatever temperature unit pleases the user best. That didn't get very far, though. There is a near consensus that the kernel should export a single, well-defined format, and leave conversions to user space. The same idea, however, created a bit more fuss at the end of May, when a new version of the Phillips web camera driver was merged with its color conversion routines stripped out. As a result, applications using that camera see only one format, and many of them apparently do not understand it. The pwc driver author has summarized his position, along with much of the discussion, on his web page. The argument here is the same: the kernel should export a single data format, and leave conversions to user space. In the case of web cameras, the kernel hackers would much rather see a single, user-space conversion library, rather than a whole set of duplicated conversion routines in each driver. Driver writers, who want to make their devices easily usable, may disagree, however. The kernel hackers say what goes in, though, so this policy is likely to remain.
Other patches and updates released this week include:
Section Editor: Jonathan Corbet |
June 14, 2001 For other kernel news, see: Other resources: |
Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Distributions page.
Lists of Distributions |
DistributionsPlease note that security updates from the various distributions are covered in the security section. News and Editorials217 Distributions and Counting. Since we are being so widely-quoted these days in reference to the number of Linux distributions (see today's Front Page), it seems about time to update some of our statistics about the number of Linux distributions. To review past statistics, here are some general numbers that we've quoted in talks over the past year or so and to which we've added our current total. After all, if we're going to be quoted in the wider media and even as a reference in Microsoft materials, we need to keep our data up-to-date.
Simultaneously, however, we've stuck out our neck far enough to lightly reorganize our distributions list yet again. This time, we've done some small changes to the right-hand column. At the top, in alphabetical order, we've placed the seven general-purpose distributions that we have consistently found used by audience members when we've talked at various Linux conferences and user group meetings. After that, we've listed seven more general-purpose distributions that, while their audience segment is still unknown, have had a high presence from a news perspective in these pages over the past couple of years. These two lists are intended to represent the Linux distributions most likely to be considered for usage on a general-purpose server or workstation. Comments and suggestions are, as always, welcome. Compare the number of distributions on these lists (14) with the overall total (217). This illustrates one of the points of the full talk on Linux distributions that Liz Coolbaugh updates and gives to various conferences and LUGs on an infrequent basis: although there are a multitude of Linux distributions, most of those are very specific, highly tailored tools. Only a fraction of them are competing for space on retail shelves or for the mindshare of Linux users. Only a small fraction need to be considered and compared before choosing a Linux distribution with which to work. The Linux distributions space is haunted, in general, by an absence of absolute statistics. Witness, as a result, this week's battle between Gartner and IDC about how many Linux server systems there really are. We would guess this is why the statistics from Liz's talk ended up first within a TechWeb article in January and now within Microsoft's own documents. Numbers aren't biased inherently; the conclusions drawn from them will always be biased in some manner or another. New DistributionsLinux/MNIS. Linux/MNIS is a distribution out of France with a bit of a split personality. It could also be considered two separate distributions, but since only one name is given to describe both of them, we'll keep them together. The two variants of Linux/MNIS come based on either Slackware or Debian. The website comments that both were chosen for their stability and their ease of administration, while Debian was also chosen for the large amount of software provided with it. Intel, Alpha, Sparc and Motorola platforms are supported. MNIS appears to be a French-based technical support company, among other pursuits. They provide technical support for Solaris, SunOS, Linux, BSD, HP-UX, AIX, SCO-UNIX, and OSF-1. The Linux/MNIS distributions, therefore, are created primarily for their customers and to attract new customers that want local (to France) support available. [Thanks to Fred Mobach]. Distribution NewsRed Hat News. The Linux 2.4.x kernel series is a bit stricter than earlier versions of the kernel in the manner in which vfat (Windows) partitions are handled. As a result, applications happily using files on a vfat partition under earlier versions of the kernel may fail under Red Hat 7.1. This unfortunately includes StarOffice 5.2. The actual bug is in the application, but getting a correction into StarOffice 5.2 is not likely to happen any time soon, if ever. All the end user can do is remember transfer files off a vfat partition to another partition before attempting to edit them with StarOffice 5.2. Red Hat released updated ypbind packages this week to fix an error where an NIS client fails to bind to an NIS server at boot time, but reports success. Caldera Previews 64-bit Linux for Itanium. Caldera has announced the availability of a preview version of OpenLinux for the Itanium processor. Linux-Mandrake News. MandrakeSoft has released the first beta of Mandrake Linux PPC which is based on Linux-Mandrake 8.0. Some of the current problems, screenshots and other user comments can be found on MandrakeForum. Dual-processor AMD systems have been tested with Linux-Mandrake. They are working well and are expected to be added to the supported hardware database soon. Solutions for some CUPS printing problems are now available. And a Spanish version of the Linux-Mandrake Demo & Tutorial Center is now online, thanks to volunteers from the Grupo de Usuarios Linux de Jaén. Note that this is still a work-in-progress; not all chapters have been translated. Debian News. The latest issue of the Debian Weekly News (text version) has been published. Discussions include the recent downtime for master.debian.org and the 100,000th bug to pass through Debian's bug tracking system. Note also that .debs for Mozilla 0.9.1 became available this week. From the Hurd side of Debian, the Kernel Cousin Debian Hurd reports problems with autoconf 2.50 (apparently also impacting general Debian GNU/Linux development), Slackware News. Activity in preparation for the upcoming release has been heavy under the Intel port. Updated versions of svgalib, ispell, epic, isdn4k-utils, screen, automake, binutils and more were installed. Major updates include mozilla-0.9.1 (reported to contain nice improvements and no visible new bugs), galeon 0.11.0 and mysql-3.23.39. gdm was upgraded to 2.2.2.1, which was marked as a security fix. So the Slackware changelogs provided us with information about a security problem that hadn't shown up in the security mailing lists yet. Also on the security front, sudo was updated to 1.6.3p7 (which had not hit freshmeat yet, when we checked), because it was rumored to fix a security problem, though the sudo Changelog gives no description of the changes in sudo 1.6.3p7. Slackware had already upgraded to 1.6.3p6 to fix a buffer overflow problem reported in early March. Distribution ReviewsRed Hat Linux 7.1 Deluxe Workstation (ZDNet). ZDNet says that this edition of Red Hat Linux carries superb installation help but complex partitioning and modem setup remain difficult. "The installation procedure remains difficult for beginners and even mid-level Windows users, but Red Hat helps considerably by including well-written and highly informative explanations in the onscreen windows during the many steps of the installation wizard." Minor Distribution updates
Editor's noteLiz Coolbaugh's favorite forum for giving her talk on "Linux Distributions, why are there so many and what are they?" is at local Linux User Group meetings or other informal venues. If your group is interested in hearing her speak and can provide basic travel costs and a place to stay, drop her a note.Section Editor: Liz Coolbaugh |
June 14, 2001
Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.
| ||||||||||
Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters See also: last week's On the Desktop page.
|
On The DesktopUsability testing. In the May 3rd edition of the On the Desktop page here at LWN.net there was a note about some usability testing that was done for the GNOME project. Telsa Gwynn wrote in with some additional information on this testing. The talk was given by Calum Benson of Sun at GUADEC 2001. I went to it and wrote a very brief write-up which includes the how, when and why. Another talk at the same conference about usability was by Darin Adler [formerly] of Eazel and included "user testing on the cheap": two webcams and a checklist works even if you can't afford a UI lab with bells and whistles. And some test results from MIT assessing GNOME usability were posted to nautilus-list@eazel.com before GUADEC II.
According to Telsa, the handouts from Calum's talk explained a little of how the tests were performed: "Here's a desktop. Look at it. Don't move the mouse. What do you think the icons represent? Why? Okay, now you can move the mouse and get tooltips. Now what do you think the icons represent? Okay, now try to ... (and so forth)". After the questions were answered a number of tasks had to be performed. LWN.net interviewed Calum Benson, a Usability Engineer at Sun Microsystems in Dublin, Ireland about these tests with GNOME users. He says that usability isn't just about ease of use: A less formal definition would be that a usable product is easy to learn and remember how to use, and helps you do your job quickly and enjoyably without making mistakes. Of course, each of those factors is more or less important depending on the product and the environment in which it will be used-- with an air traffic control system, for example, it's less important to be fun to use or easy to learn, and more important that it prevents you from making mistakes.
The key message is really "we are not our users". The GNOME desktop will become much more mainstream over the next couple of years, especially once companies like Sun and HP start rolling it out, and that opens it up to a whole new audience-- mechanical engineers, web designers, financial analysts and the like, not the developers who currently make up the largest part of the user base. It is important for developers to understand that users don't have to know about every way of doing a task. They only need one, at least initially. It's important that the key features on a desktop are well signposted, especially if you're new to that particular environment. But while more advanced features or quicker ways of doing the same thing may not become apparent until you reach a higher level of competence and start experimenting and exploring, they still need to be designed to be as easy to use as possible.
Sun's participation in this sort of testing may be just what the doctor ordered now that Eazel is gone. While Ximian could do the testing, that might be considered akin to the fox guarding the hens. And open source alone may not have the resources to do this testing properly (but read on for KDE's plans for an alternative view there).
The first group to do UI testing with KDE was Corel. They had a dedicated team working on UI issues and they uncovered quite a bit. They never released their results in the form of reports, though. What they did was have their lead UI guy subscribe to our kde-look mailing list. This list had been formulated for the express purpose of discussing and solving KDE UI issues. During the course of discussing various issues, many of the areas that Corel had investigated came up and were incorporated into the discussion. Granroth added that anyone interested in additional information should visit the KDE Usability Study web site. GNUStep: Adam Fedor talks with LWN.net. Dennis Leeuw provided us with an article on GNUStep for non-technical users to give them an idea of what GNUStep is and why they might like to get involved. We decided to follow that up with an interview of the GNUStep project lead, Adam Fedor. "In fact, GNUStep is actually the same API as Mac's OS X. A program written for OS X would require only a few changes to run with GNUStep. While no OS X applications have been ported that he knows of, older NeXT applications have. One example is the MusicKit/SoundKit for building music, sound, signal processing, and MIDI applications." AbiWord and KWord unite on Word filters. AbiWord and KWord developers have united to assist each other in developing better MSWord import filters. A call for cooperation from Dom Lachowicz, lead developer of AbiWord and wvWare, was cross posted to the KOffice mailing list (originally via Dom's message after the KOffice 1.1 Beta 1 announcement) and participants chimed in almost immediately. A new version of the wvWare library (previously named mswordview) is now in the works. Pilot support update. David Desrosiers wrote in with additional information regarding the pilot-link (which he noted is not spelled "Pilot Link") software. The first thing to note is that development on this project is anything but dead. "A lot of good code has been put into the new codebase, and when 0.9.5 is released, it will be a revolutionary change from the 0.9.3 release (the last "official" release of pilot-link)." Most of the information he provided was in the form of links to various mailing list archives. The main web site, where current updates are to be made available, will be moving soon from its current location to pilot-link.org, which at the time of this writing was not yet a registered domain. Rick Moen also wrote in to let us know he maintains a large collection of open source binaries and source programs for the PalmOS (meaning not just the Pilot but pretty much anything that runs PalmOS). The web site is just a directly listing currently, but an index file exists explaining most of the applications you will find there. Desktop EnvironmentsCatching up with KDE (Linux Journal). Linux Journal reviews KDE 2.1.1 and finds it provides a rich set of tools. "The Kompany has been turning out an amazing number of much-needed Linux applications. IBM has been working with Trolltech on integration of their ViaVoice software into QT to provide speech recognition to Linux users. " KDE 2.2Beta Freeze. Waldo bastian posted a note reminding developers that the KDE 2.2 Beta 1 releases should be frozen in CVS now, meaning, among other things, that no new features are to be added to CVS until after Beta 1 hits the street. Linux gladiators duel for desktop crown (ADTMag.com). The issues between KDE and GNOME run from philosophical to technological, as this article explains in detail, and IT decision makers are looking for a long term choice. "This UI piece doesn't really make any difference, short term. But long term, it becomes an issue. If you're betting on one horse or the other for your company, this decision matters." Office ApplicationsInfusion: an Evolution for KDE. Navin Umanee noted on the KDE Promotions mailing list that there is a new QT/KDE based competitor for Evolution: Infusion. It runs through the Citadel/UX server for individual and community based messaging. GNOME Summary for Jun 03 - June 09, 2001. The weekly summary of the GNOME world is out. Highlights include the release of a new developers version of the GStreamer multimedia framework and discussion on the initial python bindings for Bonobo being entered into the GNOME CVS tree. AbiWord Weekly News #47. The AbiWord Weekly News #47 is now available. The most interesting bit of news was the discussion thread on the release schedule. Kernel Cousin KDE #13 Released. This week's KDE Kernel Cousin includes summaries of discussions on Avery Label templates for KWord, KOffice file extensions and mimetypes and Flash support for Konqueror/Embedded. Desktop ApplicationsNetscape set to unleash 6.1 beta (ZDNet). ZDNet reports on the upcoming Netscape 6.1 beta release. "Sources familiar with the 6.1 release said it would be faster and more stable than its predecessor. Other changes include a new cache for storing frequently accessed files, an upgraded mail program, new search functionality, and--borrowing a page from competitor Microsoft's Internet Explorer browser--drop-down auto-complete for Web page forms." Gideon Development Update. This Gideon Development Update is brought to you by the dot (dot.kde.org). Gideon is the codename for the next generation version of KDevelop. Open-Source Gaming for Linux (Linux Journal). This Linux Journal article looks at some open source gaming options. "One of the many neat ClanLib games, Trophy is basically an auto racing game with some Mad Max flair; you get to shoot at your competitors and toss bombs at them." Pan 0.9.7 Released. The first stable release in two months has been made for Pan, a GNOME news reader. It includes better startup performance, sports a smaller memory footprint, and more accurately decodes binary attachments. Galeon 0.11.0 Released. A new release of the Galeon web browser is also available. This release brings Galeon in line with the Mozilla 0.9.1 release. Pyrite & Palm (IBM developerWorks). IBM developerWorks is carrying an article on using Pyrite, a set of Python tools designed to communicate with PalmOS devices. "A limitation of Pyrite Publisher is that it doesn't directly convert PDF or Postscript files to pdb files. Luckily, there is a simple workaround for this. The utility pstotext can transform a Postscript file into a text file. To generate a pdb file, first transform the ps file into a text file, and then use Pyrite Publisher to convert the text file into a pdb file." And in other news...Xft font management. Keith Packard posted an interesting tip to the KDE Core mailing list this past week regarding font management with the Xft : Xft also supports per-user font directories and a per-user ~/.xftconfig file -- that will allow non-root users to install and use their own fonts without changing the global configuration.
Talking with Jim Gettys (LinuxPower). LinuxPower interviews the father of the X Windows System, Jim Gettys. "I believe very strongly that either GTK+fb or QtE are dead ends. Our experience in the market (beyond the hacker community) is that the major attraction is the ability to share with little or no hassle applications written for the desktop: while the applications may need reworking to deal with the screen size and touchscreen, there are many applications not written for GNOME (or KDE)." The Agenda VR3: A Linux Orbit first look (LinuxOrbit). This review thinks the Agenga VR3 is, to put it plainly, "wow". "Originally, (with the first OS release) I experienced a slight delay when loading multiple applications. Thanks to the eXecute In Place (XIP) features, the PDA is much more responsive, especially when loading many applications at once (how many PDAs can do that?). The buzzer sound is very audible for the Scheduling application and the Contacts program is extremely quick. The FLTK apps for the Agenda have a similar style to their interface. Most of them contain a button labeled "Done" in the bottom left for exiting the application when finished using it. This makes the VR3 have a consistent feel. You don't have to re-learn an interface to use another application. The network application is a GUI based interface configuration program. Configuring it was a snap." Section Editor: Michael J. Hammel |
June 14, 2001
| ||
Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Development page. |
Development projectsNews and EditorialsThe GStreamer Streaming Media Framework.A new release of the GStreamer streaming-media framework, dubbed "Critical Mass", version 0.2.0 has been announced. "This release features a completely new scheduler, updated capabilities and autoplugging subsystems, a large number of new plugins, and a bunch of bug fixes." GStreamer appears to be a very ambitious project, providing a broad framework for the development of many types of multimedia applications. Numerous flavors of Linux are currently supported along with FreeBSD. GStreamer is already being ported to several commercial Unix flavors, and more Unix versions are in the works. There are plans to make GStreamer work under MacOS X and Windows. The upcoming move from GTK+ to Glib 2.0 will allow for independence from a single windowing environment. With the concept of generic audio and video sources and sinks, as well as the ability to route streams through filters, many types of multimedia functions can be implemented. GStreamer can be used to make mp3 players, DVD players, audio and video editors, mixing boards, and browser plugins, to mention a few possibilities. To get an idea of the breadth of this project, take a look at the GStreamer Status Tables. The latest source code tar balls and RPMs are available from the GStreamer download page, Debian packages are being assembled. Those who are interested in contributing to the GStreamer project should look at the developer information for a list of items that need attention. GStreamer is licensed under the LGPL and its plugins are typically released with GPL or BSD licenses. It will be interesting to watch the development of GStreamer and its associated applications as they mature. If enough interest is generated, this critical mass may yet provide the focus for an explosion of new, cool applications on Linux and elsewhere. BrowsersMozilla 0.9.1. The latest version of Mozilla, version 0.9.1, has been released for testing. Updates include much better stability, an updated status bar that merges the old status and task bars, and improved LDAP support for Mozilla Mail. ClustersSandia supercomputer program released to public. Sandia National Laboratories has released its Cplant (Computational Plant) system software for Linux machines. "A computer program that enables a collection of off-the-shelf desktop computers to rank among the world's fastest supercomputers has been released to the public by Sandia National Laboratories. The program, called Cplant[tm] system software, dramatically extends the capability of researchers to modularly assemble large blocks of off-the-shelf computer components." Cplant is being released with a GPL license. DocumentationLDP weekly updates. This week's updates to the Linux Documentation Project have been posted. A new Initialization for IA-32 HOWTO is available and updates have been posted to the HOWTOs for modems, serial i/o, and text terminals. EducationLinux in education report #46. This week's Linux in Education report discusses software for tracking exchange students, introductory Linux courses for colleges, and Avanti, a project for a platform independent automated library system. Embedded SystemsEmbedded Linux Newsletter for June 7, 2001 (LinuxDevices). The weekly Embedded Linux Newsletter has been released for this week. Top stories include coverage of Ripley, a wearable computer and the Sharp Zaurus move to Linux. Network ManagementGanymede 1.0 released. After years of development, version 1.0 of the Ganymede network directory system has been released. "Ganymede allows large groups of administrators to share administrative control over designated portions of a master network directory database, and provides transactional reliability and intelligent constraint management to keep network directories consistent." Your Network's Secret Life, Part 2 (Linux Journal). This article from Linux Journal reviews EtherApe as a tool in watching local networks. "EtherApe is a graphical network monitor that lets you see the action taking place over your network connection. EtherApe displays live connections in a manner that lets you visualize which connections are busier than others. The nodes appear bigger as larger amounts of traffic go across your network." ScienceFreeGIS CD version 1.1.0. A new release of the FreeGIS software CD is now available. This CD contains various software to analyse and visualise spatial data to make maps, including GRASS, MapIT! and gpsman as well as other software. Software DevelopmentRelease 1.2.0 of the GNU Visual Debugger. A new release of the Gnu Visual Debugger has been announced. Release 1.2.0 contains numerous new features including an enhanced breakpoint editor, a data window with zoom capabilities , a break on exceptions feature, and more. GVD supports the C, C++, and Ada languages. Web-site DevelopmentmnoGoSearch 3.1.5 and 3.1.6 released. Versions 3.1.5 and 3.1.6 of the mnoGoSearch web search engine have been released. The project history details the changes, which include bug fixes and support for the DMALLOC memory debugger under version 3.1.5. Version 3.1.6 includes fixes for potential cgi exploits in search.cgi and bugs when using lower case flags. Mod_python 2.7.5 released. Version 2.7.5 of the mod_python Apache/Python integration software has been released. This version adds support for Python 2.1. AxKit v1.4 released (use Perl). A new release of AxKit, the XML/XSL application server for mod_perl and Apache has been released. The new release contains a large number of changes since the last version. Zope Weekly News for June 9, 2001. The June 9, 2001 edition of the Zope Weekly News features the latest developments in the Zope world. An announcement has been posted for the first European Zope conference, a new beta release of CMF1.1 is out, revisions proposals are discussed, and new Zope T-shirts are available. MiscellaneousAttorney Dan Ravicher on Open Source Legal Issues (Slashdot). Slashdot has posted an FAQ on Open Source and Free Software licensing issues written by attourney Dan Ravicher. Software developers might want to take a look. Section Editor: Forrest Cook |
June 14, 2001
|
|
Programming LanguagesAdaGtkAda 1.2.12 release. A new version of GtkAda, the Ada95 graphical toolkit based on Gtk+ has been announced. This version supports GVD 1.2.0 (see above), and features numerous updates and improved documentation. APLSharp APL for Linux. Sharp has introduced a free verson of APL for Linux. Those familiar with APL know that it uses non standard glyphs instead of regular ASCII characters. To make life easier for the APL programmer, one company offers special APL keyboard decals. that stick onto a PC keyboard. (thanks to John McKown) CamlCaml Weekly News for June 6 through 12, 2001. The June 6 through 12, 2001 edition of the CAML Weekly News is out. Topics include the O'Caml Runtime Environment, a tutorial and survey on type theory, and a discussion on the lack of let mutable in O'caml. ErlangErlang R7B-3 released. The R7B-3 release of Erlang has been announced. This release contains mostly bug fixes. JavaTake control of the DOM, Part 2 (IBM developerWorks). Gary Cole and William F. Phillips discuss the writing of Java weblets in part 2 of a 3 part IBM developerWorks article. Part 1 in the series discusses the use of the Document Object Model (DOM). LispRecent additions to CLOCC. A number of recent additions have been added to the Common Lisp Open Code Collection (CLOCC) site. Included are a Lisp chess game, a graphical interface design tool, a unit testing environment, a library installation tool, and more. PerlDamian Opens YAPC with Perl 6 Overview (use Perl). Taking Larry Wall's place, Damian Conway opened the YAPC conference with an introduction to Perl 6. The design phase of Perl 6 is supposed to be completed by the end of 2001 and the software is scheduled to be released sometime in mid 2002. CPAN updates (use Perl). The CPAN scripts index is working (again). Also there is now a CPAN update mailing list to keep you informed of new uploads to CPAN. Perl 5 and 6 Porters for June 12, 2001. The June 12, 2001 issue of the Perl 5 Porters digest is out. Topics include removing dependence on strtol, regex negation, and a discussion on the need for more Perl committers. The June 12, 2001 edition of the Perl 6 Porters digest is also available, with discussions on unicode, properties and use strict, regular expressions, and more. PHPPHP Weekly Summary for June 11, 2001. The June 11, 2001 edition of the PHP Weekly Summary is available. Topics include a new PHP release candidate: PHP 4.0.6 RC 3, and bugs involving PHP and the alpha version of Apache 2. PythonDr. Dobb's Python-URL! for June 11th, 2001. The Dr. Dobb's Python URL for June 11, 2001 has been published.. Discussions this past week ran from calls for more contributions to the Cookbook, to intelligent agents and the release of MapIt 1.0, a web based raster map navigator. Python-dev summary. This week's Python-dev summary is out, with coverage of the demise of the strop module, dictionary performance improvements, and more. Sketch 0.6.11, a vector drawing program. Sketch version 0.6.11 has been released. "Sketch is a vector drawing program for Linux and other unices. It's intended to be a flexible and powerful tool for illustrations, diagrams and other purposes. It has advanced features like gradients, text along a path and clip masks and is fully scriptable due to its implementation in a combination of Python and C." This version features bug fixes and an updated Spanish translation. Tcl/TkDr. Dobb's Tcl-URL! for June 11th. This week's summary of the Tcl discussion groups is available from Dr. Dobb's. This past week saw some connectivity problems that prevented some postings to reach Google, but the information is available from alternative archives. Topics include a summary of the second European Tcl Users Meeting, Tcl and unicode, working with Roman numerals, Tk in embedded Linux, tclperl 2.3, and gnocl 0.0.3. Section Editor: Forrest Cook |
Language Links Caml Caml Hump Tiny COBOL Erlang g95 Fortran Gnu Compiler Collection (GCC) Gnu Compiler for the Java Language (GCJ) Guile Haskell IBM Java Zone Jython Free the X3J Thirteen (Lisp) Use Perl O'Reilly's perl.com Dr. Dobbs' Perl PHP PHP Weekly Summary Daily Python-URL Python.org Python.faqts Python Eggs Ruby Ruby Garden MIT Scheme Schemers Squeak Smalltalk Why Smalltalk Tcl Developer Xchange Tcl-tk.net O'Reilly's XML.com Regular Expressions |
Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Commerce page. |
Linux and BusinessIndustry Leaders Form TV Linux Alliance. Whether or not Linux is ready for the Desktop, Linux is ready for the TV set-top box. Two dozen companies have joined the TV Linux Alliance to define a standards-based Linux environment for the digital set-top box market by defining a standard application programming interface (API). Alliance members comprise hardware and software oriented companies, many of which already have considerable set-top technology. The alliance will use that existing technology when creating the API. Having a standard API for all Linux based set-top boxes benefits everyone, from the broadband providers, to the authors of device drivers, and of course the end user. TV watchers everywhere should take note. If the alliance is successful in its efforts, the set-top boxes of the near future will be better and cheaper, with better compatibility between boxes from different manufacturers. The TV Linux Alliance press release contains additional information as does this article from LinuxDevices. Lineo also sent us a copy of the release. Non-allied set-top news. Century Embedded Technologies announced it would act as Technical Partner for open-source software technologies for the National(R) Geode(tm) SP1SC10 set-top box reference platform. "Century has developed WebMedia, a plugin-based application framework that includes an integrated web browser, HTML-based menu system, application manager, and a variety of plugins used to control all facets of the set-top box. WebMedia, when combined with open-source drivers from National, form a complete top-to-bottom Linux software solution for next-generation set-top boxes." 'LPI Certification in a Nutshell' from O'Reilly. O'Reilly has announced the release of LPI Certification In a Nutshell by Jeffrey Dean. This book should be of interest to anyone looking at Linux Professional Institute certification, particularly those who are preparing for the exams. LPI plans to update certification Level 1. LPI announced plans to review and update its first certification. Some level 2 tasks will likely be moved into level 1, also obsolete references will be deleted or modified. Sounds like the book will need a revision soon. CollabNet Selected by HP for Its Collaborative Development Program. CollabNet announced that it is providing the infrastructure and consulting services for Hewlett-Packard's Collaborative Development Program (CDP). The CDP allows HP employees to collaborate on projects internally and with external business partners. Winnebago and NHL.com go with Linux. Linux powers a large variety of businesses. The numbers grow daily. In this IBM announcement, we see that Winnebago Industries, Inc. runs Linux on an IBM eServer mainframe. Winnebago will be implementing the Bynari Insight Server for its messaging and collaboration needs. This IBM press release claims the NHL has gone to the penguins. "The site was recently enhanced using IBM Linux systems running Red Hat Linux version 7.0. The Linux system was easily integrated with existing IBM database servers running AIX, providing the necessary functionality to handle the large flow of data across all of NHL.com's servers. The systems installed by NHL.com will include a Linux-cluster consisting of five IBM Intel-based servers functioning as the Web server." Linux Stock Index for June 07 to June 13, 2001.
LSI at closing on June 07, 2001 ... 32.81
The high for the week was 32.81
Press Releases:Open source products
Distributions and bundled products
Proprietary Products for Linux
Hardware and bundled products
Products and Services Using Linux
Products With Linux Versions
Java Products
Books & Training
Partnerships
Personnel & New Offices
Linux At Work
Other
Section Editor: Rebecca Sobol. |
June 14, 2001
|
Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Linux in the news page. |
Linux in the newsRecommended ReadingTrinity drinks deeply at learning's open source (IT News). This article shows how an Australian college dumped its WindowsNT environment in favor of a thin client based Linux/GNOME/Python solution for its students. "Although the lab uses Debian with the GNOME desktop environment, Trinity was stuck with its Windows 2000 desktop licences. They sit, unused and unopened, in a cupboard. After being assured the HP clients would run Linux, "we couldn't get through to anyone who could give us boxes without Windows," says Wraith." Code-Breakers Go to Court (Wired). Wired News reports on the lawsuit filed by Prof. Edward Felten and associates against the SDMI, the RIAA, and others. They hope to get a judgment ensuring their right to publish the details of their attack against the SDMI watermarking technology this summer. "'Studying digital access technologies and publishing the research for our colleagues are both fundamental to the progress of science and academic freedom,' said Felten, an associate professor of computer science. 'The recording industry's interpretation of the DMCA would make scientific progress on this important topic illegal.'" Gartner: 8.6%, Miller: no way, UK Gov't: We'll try. (The Register). A trio of stories came to us from the Register. The first is another account of the recent Microsoft-sponsored Gartner group data showing only 8.6% of the servers in the US run Linux. These numbers are refuted by Robin Miller of Newsforge, who says units shipped hardly reveals units in use for open source operating systems. Finally, the UK Government's e-Envory portal designer has gotten religion and is adding open source connectivity to phase 2 of that project. (Thanks to Dave Killick for all three stories) Battle brews over Linux server share(ZDNet). Gartner says Linux accounts for only 9% of server sales, but IDC says preinstalled systems are only a small part of the total Linux server usage. The Gartner number would be "quite reasonable" if it simply surveyed those new servers that came with Linux preinstalled, [IDC analyst Dan] Kusnetzky said. "But our research is that this is not how most users get their Linux," he said. "We found that just 10 to 15 percent of Linux adoption comes from preinstalled machines. It's a very small part of the market. For every paid copy of Linux, there is a free copy that can be replicated 15 times." CompaniesHP expands deal with programming site (News.com). CollabNet's expansion into proprietary software for distributed development brings HP in deeper to their business. "HP will pay CollabNet for use of Internet tools that enable worldwide programming efforts, with features such as tracking changes to software and permitting authorized business partners to contribute." Novell tows VMware into education market (News.com). VMWare is looking to expand its academic distributions, starting with a deal with Novell. "The most complex Novell course requires a student to use four operating systems, said Aaron Osmond, director of business development for Novell's education program. Novell has made VMware-based education kits for four courses and has five more of these Quick Classroom products under development." Sun woos fans for open-source Jxta (ZDNet). Sun tries to entice open source developers to the JXTA way, but research shows the convert count is small so far. "In an effort to whip up enthusiasm and win new disciples, the tousle-haired Joy spent much of his time sketching out a new vision of the Internet's evolution, a world where cell phones, handheld devices and ordinary PCs would wield the same power as massive Web servers." Caldera loss exceeds estimate (News.com). C|Net's News.com summarizes Caldera's recent earnings report. "Like other Linux companies, Caldera has faced an increasingly difficult challenge as investors have left their initial giddiness for Linux behind. The company went public in March 2000 at $14 a share and recently has been trading below $2." BusinessInvestor rage gets ugly (Red Herring). The Red Herring reports on "investor rage," which comes from having lost large amounts of money on dotcom stocks. "'My kids' ages are off limits, because of security. We get death threats at work from dissatisfied shareholders,' says Matthew Szulik, CEO of Red Hat, whose stock plummeted from a high of $143 in December 1999 to a low of $5 a year later, erasing $23 billion worth of market capitalization. 'People bought in when the stock was hot and the movement was hot,' Mr. Szulik groans, 'and now they're pissed.'" Microsoft, Red Hat set open-source debate (News.com). C|Net reports on the upcoming Microsoft vs open source debate that will take place at the O'Reilly Open Source Convention in San Diego in late July. "Mundie is expected to explain why Microsoft's vision of "shared source" software, where the software giant makes the source code of some of its products available to customers and partners while still maintaining the intellectual property rights, is better than open source. Michael Tiemann, chief technical officer of Red Hat, will present the case for open source." ReviewsHacking Ellison's NIC for fun and profit (LinuxDevices). Jerry Epplin takes The New Internet Computer Company's Linux-based "NIC" Internet appliance for a spin and reviews his findings in LinuxDevices.com. "From my perspective as an embedded system developer, it wouldn't have killed them to provide a serial port on the unit -- although such an interface is admittedly unnecessary for the home market to which the NIC is targeted, and minimizing costs was clearly an overriding concern." Volution Product Review (Linux Journal). Linux Journal reviews Caldera's web based systems management solution, Volution. "Volution is a systems-management product. It is not an operating system management product. The distinction between the two is gray and Volution crosses the line on both sides. For example, I can have the machine alert me if I have more than 15 users logged in, but Volution in its current state will not let me add or delete users. " InterviewsLinux Device Drivers Update (O'Reilly Network). The O'Reilly Network talks with LWN editor Jonathan Corbet about Linux device drivers (and, of course, about the upcoming second edition of the Linux Device Drivers book). "In this interview, Jonathan discusses the changes in the device driver world since version 2.0, takes an educated guess or two at what's coming down the pike, and provides a few insights into the actual development process for these very important tools." MiscellaneousWant Linux on your desktop? Nine reasons to forget about it (ZDNet). AnchorDesk's David Coursey gives 9 reasons why he thinks Linux won't make it as a desktop. "Linux will never become common as a desktop operating system, and no amount of believing will change that. It only makes adherents look stupid. Why? Because Linux is too complex, and there isn't enough money to make it worth someone's time to build a really great environment for desktop apps." In a debate often ripe with opinion and little fact, Coursey is no different. While he is entitled to his opinion, he doesn't back it up with any research. Linux Myths and Mythconceptions 101 (AboutLinux). AboutLinux responds to the ZDNet "Linux Desktop is Dead" article and picks apart the arguments presented in that opinion piece one by one to dispell this myth. "I will freely admit that David raises some valid concerns, however I have to point out that most of his "reasons" have absolutely nothing to do with Linux on the desktop; and calling them reasons for forgetting Linux on the desktop is ... interesting." Is BSD getting lost amid the open source salvos? (ZDNet). ZDNet wonders whether BSD's silence over the Microsoft attacks is because they view the GPL the same way Redmond does. "The ambivalence of the BSD crowd to Microsoft's attacks is due, I think, to the fact that while they may be put off by the overall attack, they agree with Microsoft's complaints about the GPL. The fact that it is so difficult to build a business plan around GPL code--a key point of the Microsoft platform--is a point BSDers have been making for a long time." Section Editor: Forrest Cook |
June 14, 2001 |
Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Announcements page. |
AnnouncementsResourcesLinuxUser issue 10. LinuxUser has made issue 10 available in PDF format. Stories include DNS administration, Apache testbeds and Bruce Perens. Moving to Linux (AboutLinux). Bill Henning provides this series of summaries as he moves his web publishing business to the Linux Desktop. "I am really getting used to the X cut/paste - just select some text, and click the middle button where you want it inserted. Much faster than MS style Copy/Paste; and seems to work great for Netscape & Gnome Terminal. Saves me time. As a matter of fact, I now tend to be annoyed at apps on Linux that don't support the standard X cut/paste methodology." How Stuff Works: open source, Linux, and Linus. How Stuff Works is a site that helps answer general questions in relatively short but detailed ways. Questions have been posted there relating to open source, Linux, and Linus Torvalds. The first two are questions and the answers provided are actually fairly accurate and succinct. The last item is an editorial piece about Linus. Tip Of The Week: Sum it up. LinuxLookup takes a look at the md5sum command, to get a checksum on a file. EventsFastTango Linux Clustering Technology Demo. Network Appliance will demonstrate its Network Appliance(TM) filers running Oracle9i Real Application Clusters (RAC) on FastTango Linux Clustering Technology at Oracle OpenWorld, Berlin, June 18 - June 21, 2001. LSNet to Host Third Annual Linuxfest. LSNet, a local Internet Service Provider in Galax, Virginia, will host the third annual Linuxfest on July 14, 2001. YAPC registration opens. YAPC (Yet Another Perl Conference) Europe registration is now open. YAPC runs August 2 - 4, 2001, in Hogeschool Holland Amsterdam, Netherlands. Events: June 14 - August 9, 2001.
Additional events can be found in the LWN Event Calendar. Event submissions should be sent to lwn@lwn.net in a plain text format. Web sitesNetLinOS Web Portal launched to foster development of Linux-based Network Appliances. The NetLinOS Web Portal, a central location in the Internet to consolidate the efforts and initiatives related to Linux-based network connectivity, has been released. The Web Portal is part of the NetLinOS initiative, created by Cyclades Corporation to foster the improvement and consolidation of network connectivity in Linux and the development of Linux-based network appliances. User Group NewsLinuxFund.org launches LUG outreach program. LinuxFund.org is currently launching a unique Linux User Group (LUG) outreach program in an attempt to provide some source of financial support for the LUGs. ALUG 2001.4 (End Of The Academic Year!). The next ALUG meeting will be at the UEA Norwich venue as a guest of tsw.org.uk (the student web) on Sunday 17th June 2001 2:00pm - 6:00pm. The Linux Users' Group of Davis and the UC Davis Computer Club hold another free 'Linux Installfest' workshop. The Installfest will be held at Z-World in Davis on June 17, 2001. The regular meeting on the 18th will include a presentation by Gabriel Rosa on '3D Programming Basics with OpenGL'. Greater London Linux User Group. The next GLLUG meeting will be at the (FrameStore) CFC Preview Theatre, 19-23 Wells St., London W1, on 23/06/01 Starting at 1pm and ending at 6pm. LUG Events: June 14 - June 28, 2001.
Additional events can be found in the LWN Event Calendar. Event submissions should be sent to lwn@lwn.net in a plain text format. |
June 14, 2001 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Software AnnouncementsHere are this week's Freshmeat software announcements. Freshmeat now offers the announcements sorted in two different ways: The Alphabetical List and Sorted by license |
Our software announcements are provided courtesy of FreshMeat
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Linux History page. |
This week in Linux historyFive years ago: Bruce Perens announced the release of Debian 1.1. The distribution was produced by "100 unpaid volunteers," and contained all of 474 packages. Also announced was the very first version of rsync, written by Andrew Tridgell and Paul Mackerras. Three years ago (June 18, 1998 LWN) The LWN crew took a much needed break this week, putting out a very light edition. The obvious conclusion, of course, is that very little happened. Eric Raymond announced the Trove project, which sought to change the way software archives were organized. I'm aiming high. I want the maintainers of the major existing archives to buy in early, so that by year-end the present creaking infrastructure can be replaced with something better. Trove has not caught on in the way Eric might have liked, with one big exception: SourceForge uses it. Two years ago (June 17, 1999 LWN): The "Open Source" trademark officially died, after the OSI concluded that it would never be able to get an official U.S. trademark registration. They promised an "OSI Certified" trademark instead, but that never materialized. Two years later, we seem to be doing OK without anybody's official stamp of approval. It is hard to imagine anybody trying to create such a stamp at this point. Guylhem Aznar took over leadership of the Linux Documentation Project. Jon "Maddog" Hall went to work for VA Linux Systems, where he remains employed. (Update: we've since been informed that Mr. Hall has left VA's employ - we were a bit behind the times there...). The current development kernel release, 2.3.6, was fairly stable. However the 2.3.7 patch was classified as "dangerous", with 2.3.7 pre1 causing filesystem corruption in some cases. Unfriendly certainly, but only dangerous for those who don't believe in backups. Applix announced the creation of a new Linux division within the company. The division was to concentrate on selling products to Linux users; it was also supposed to operate a web site that ...will provide an on-line knowledge base for users to search for information associated with Linux and Open Source Software vendors The web site exists at VistaSource, however Applix no longer has much to do with it. Applix' Linux division became VistaSource in April 2000. Applix then sold VistaSource to Parallax Capital Partners, LLC last March.
One year ago (June 15, 2000 LWN) SCO announced it would launch its own Linux distribution. LWN wrote: If you accept the idea that UnixWare shops are going to want to migrate toward Linux, the next question that comes to mind is "which distribution will they pick?" SCO's distribution was abruptly cancelled shortly thereafter, as the company made an announcement that answered the above question: its merger with Caldera. OpenSSH 2.1.1 was released. Exile III: Ruined World for Linux was released. Dave Winer says the Web is real, but open source is not in The Sixth Sense. Thankfully the open source rage is on its last legs. If you're honest and made a bet on open source, and want to get help from the press and investors, here's some open source (free) advice. Play it down. "Oh that's an open source play" they will say, shaking their heads as they look for something else to hype. Like B2C and B2B, it's last year's trend. Avoid those trends like the plague. Maybe so, but those "last legs" are looking fairly strong...
|
June 14, 2001
LWN Linux Timelines |
Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Letters page. |
Letters to the editorLetters to the editor should be sent to letters@lwn.net. Preference will be given to letters which are short, to the point, and well written. If you want your email address "anti-spammed" in some way please be sure to let us know. We do not have a policy against anonymous letters, but we will be reluctant to include them. |
June 14, 2001 |
From: kevin lyda <kevin@suberic.net> To: letters@lwn.net Subject: linux is a virgo... Date: Thu, 7 Jun 2001 10:50:49 -0400 on the whole i think ballmer's comments - and any other comments by ms on free software - should be ignored. obviously facts should be stated where lies have been offered, but that should be enough. however, one fact has not been corrected in most accounts i've read: linux is not a cancer, it's a virgo. linux was released on august the 25th, 1991. personally i would love to hear of the following exchange: reporter: mr. ballmer, were you aware linux was released on the 25th of august, 1991? mr. ballmer: yes. ok. whenever. reporter: then why did you say it was a cancer? mr. ballmer: er... reporter: do you use astrology a lot in your business decision making? kevin | ||
From: tet@accucard.com To: Tres Melton <class5@pacbell.net> Subject: Re: License trouble everywhere. Date: Thu, 07 Jun 2001 12:24:56 +0100 Cc: letters@lwn.net Tres Metlon writes: > The only places that I would forgo this freedom is in the area of > security. This is the one place, above all others, where it's absolutely *essentail* to have that freedom. Not doing so places you at the mercy of the vendor, whether that be Dan Bernstein, Linux Torvalds, or some nameless corporation. If a security flaw is found, you need the right to modify the code and distribute the changes to guard against a lack of responsiveness from your vendor. And sisnce you have the source, you can always audit the changes yourself, or if you lack the skill or desire, pay a third party to do the audit for you. Tet | ||
From: Tres Melton <class5@pacbell.net> To: tet@accucard.com Subject: Re: License trouble everywhere. Date: Thu, 07 Jun 2001 16:38:14 -0600 Cc: letters@lwn.net, djb@cr.yp.to tet@accucard.com wrote: > This is the one place, above all others, where it's absolutely > *essentail* to have that freedom. Not doing so places you at the > mercy of the vendor, whether that be Dan Bernstein, Linux Torvalds, > or some nameless corporation. If a security flaw is found, you need > the right to modify the code and distribute the changes to guard > against a lack of responsiveness from your vendor. And sisnce you have > the source, you can always audit the changes yourself, or if you lack > the skill or desire, pay a third party to do the audit for you. > > Tet I understand your point of view, completely. I think it has more relevence to Microsoft products than to others that come with source. DJB's programs come with source, come with a license provision that allows changes to be made and allows those changes to be distributed in 'patch' form. If you look at the history of his programs security, to my knowledge, has never been compromised. If you look at his WWW page for qmail he lists several patches that are available to filter spam and add extra functionality but since he has not thoroughly audited the code, and more importantly they provide functions that are not within the scope of the relevent RFC's, he has limited their distribution to patches against his original source. As far as vendor responsiveness is concerned, I suggest that you first find a security flaw and then see how responsive he is. Tres | ||
From: "David A. Wheeler" <dwheeler@dwheeler.com> To: letters@lwn.net Subject: Re: License trouble everywhere. Date: Thu, 7 Jun 2001 11:03:40 -0400 Mr. Bernstein and some others have stated that they don't want modified versions of their programs being distributed on the Internet without their blessing. However, by prohibiting free redistribution, their code is no longer open source nor free software. Thankfully, there are at least two simple, well-established legal tools that can be used to meet both needs: trademarks and certification marks. To use a trademark, just trademark the name of the program, and state that modified redistributions may not use the name without permission (without permission, they'll have to use a different name). For example, Red Hat (http://www.redhat.com/about/corporate/trademark) and Abiword (http://www.abiword.org/tm_guide.phtml) do this, and the open source definition (point 4) _explicitly_ permits this. To use a certification mark, create a certification mark and attach it only to "blessed" programs. Certification marks let unblessed modified programs use the same name, but users then have to look for the certification mark if they want a "blessed" version. So that people can follow the rules, make sure you put information about this in the program documentation (and, if you're using a trademark, suggest types of names that are preferred for unblessed versions). You don't need to change the license -- in fact, changing the GPL or LGPL license would make the code incompatible with other LGPL/GPL software. Instead, you just have to note the existence of the trademark/certification mark and explain what that means. You can also include prohibiting the use of certain names in the license itself. Apache does this (http://www.apache.org/LICENSE-1.1), but according to some this creates an incompatibility with other software. Of course, a cracker can ignore the legalese and distribute an unmarked infected program.. but they can do that with licenses that prohibit modification, too. This way, developers can make sure that users know what they're getting, while the program remains open source/free software. A caveat: I'm not a lawyer. But the use of trademarks in particular is well-established practice, by organizations who DO have lawyers. | ||
From: dps@io.stargate.co.uk To: letters@lwn.net Subject: Non-modification licences and security Date: Fri, 8 Jun 2001 00:03:41 +0100 If one claims that modification restrictions are required for security, I think they are missing the point. What is required is control over the "official" version and people not being able to prevent trojanised versions as the original or mainstream versions. My checkps package is obviously in need of this control becuse it runs as root and when it reacts your system has been cracked. Obviously trusting almost anything is presumably a bug... in fact I hope that smart admins will spot nything I missed. Source control is easy---my official versions have seperate PGP signatures and I keep the keys required to generate an official signture to myself. (If I m unable to distingish between insecure and secure patches then you would be well advised to avoid my security software. I like to imgine checkps is paranoid enough to scupper all attempts to exxploit it. Being open source the curious can examine the code to gauge the reliability of my assertion...) | ||
From: Chris Lawrence <chris@lordsutch.com> To: Tres Melton <class5@pacbell.net>, letters@lwn.net, djb@cr.yp.to, rms@stallman.org Subject: Licensing (from LWN) Date: Thu, 7 Jun 2001 20:52:37 -0500 I think the central goal of assuring end-users that they have the "real McCoy" version of free/nearly-free software, that has been audited by the author or some other source, can be accomplished a number of ways: - Licensing: Only permit limited redistribution. DJB and Pine take this approach. - Trademarks: The AbiWord developers only permit releases of their GPLed software that they build to carry the AbiWord name and certain proprietary logos. Ximian may fall into this camp too, but their policy is more ambiguous, I think. - Digital Signatures: The builder/distributor can sign the archived software in some way (usually with GnuPG/PGP). Ximian does this too; many providers of RPMs sign packages; Debian signs release information and is going to start signing packages too. If the signature isn't from the distributor, or there is no signature, you don't trust it. None of these approaches will stop a determined person from distributing non-real-McCoy software; I could put build binaries from modified versions of DJB's sources and stick them in Freenet, and probably live to tell about it, and at least one person has modified Pine sources and binaries packaged for Debian on a website. The trademark approach is also problematic; people will often just misappropriate trademarks (www.helixcode.co.uk to name one example). Signatures have the best chance of working, but only if end-users or adminstrators care who built the package (presumably they do if they are security-conscious). The latter two approaches do have the advantage (or disadvantage, if you're the Pine folks or DJB) of allowing scrupulous distributors to distribute the software, albeit in modified form. I think the real question is whether people benefit more from limited distribution with no changes or unlimited distribution with possible deviations from the initial author's intent (including possibly the always-dreaded fork). As a Debian developer (not speaking for the project), I tend to think that the latter is preferable to the former. There are reasonable licensing restrictions that can be made to alleviate upstream concerns about frivolous support problems caused by the distributor (forced renaming of modified versions; requiring modified versions to include distributor support information instead of upstream's, etc.) without foreclosing all modification. Similarly, concerns about package layout on different systems can be alleviated through symbolic links. I think we all benefit when more people can hack on and use software, and truly free (open source) licenses help ensure this freedom. Chris -- Chris Lawrence <chris@lordsutch.com> - http://www.lordsutch.com/chris/ | ||
From: andrew@pimlott.ne.mediaone.net (Andrew Pimlott) To: Charles Hethcoat <CHETHCOA@oss.oceaneering.com> Subject: Re: On the auditing of free software Date: Thu, 7 Jun 2001 12:30:08 -0400 Cc: letters@lwn.net Charles Hethcoat wrote: > I think your outlook on auditing of code is a tad pessimistic. It's hard to observe the state of computer security without becoming pessimistic. > Sure, code may sit there for years, but I feel it probably gets > the attention that it warrants. That is, if it gets little > attention, then it's probably doing its job pretty well. This is a dangerous fallacy, if you're talking about security auditing. "Doing its job" usually means that the common codepaths work with common inputs. Security holes typically involve uncommon codepaths and unusual inputs. We should have learned this lesson: many free software packages have "done the job" for years, all the while sporting serious vulnerabilities. Open code may encourage auditing, but you're under illusions if you think that more than a small fraction of security-relevant free software has received the equivalent of a thorough audit. > Having open code helps assure that the number of bugs steadily > approaches zero over time. This is a risible assertion--see http://bugs.debian.org/ (down right now--due to hardware failure, not bugs!) for starters. The only method I know for achieving this is to have Donald Knuth write the software. > Look at how the immortal DOS and Windows bugs remain a part of the > landscape forever, even though they are widely known to have > caused all sorts of problems for people. You have highly selective vision. Read the SANS Top Ten (http://www.sans.org/topten.htm) and cry. Andrew | ||
From: Steve Jorgensen <stevej@intertecservices.com> To: "'letters@lwn.net'" <letters@lwn.net> Subject: Comment in response to "Linux gladiators duel for desktop crown (ADTMag.com)" Date: Fri, 8 Jun 2001 11:36:36 -0700 Following your link to "Linux gladiators duel for desktop crown (ADTMag.com)" and seeing that they have no kind of "talk back" feature, I thought I would post a reponse to you instead. One thing that was left out of the comparison between GNOME and KDE is that there still is a Qt licensing issue with KDE, and it is of more than simple philosophical consequence. I am working with a team desiring to produce a powerful, general-purpose, GPL-licensed database front end program that will run on both Linux and Windows. The X version of Qt is free software, but the Windows UI version is not, so using KDE as a framework will not be an option for us. We have, thus, had no choice but to use GNOME instead. I think others wanting to develop GPL-licensed, cross-platform software will be coming to the same conclusion. Note that I am not a rabid idealist, and I like KDE. I just can't use it for what I'm trying to do because of the remaining Qt license conflicts. | ||
From: Marcin Krol <mark@btweng.krakow.pl> To: letters@lwn.net Subject: Open source and common mistake of naive economics Date: Mon, 11 Jun 2001 12:10:04 +0200 Hello LWN, I wanted to point to a problem related to open source and its economics that is frequently misunderstood and important at the same time. In June 7th edition of LWN in Security section you quote (I believe) Kaladix developer: "I am aware that it is not possible to relicense GPL licensed software. Taking into respect that I do not like companies that make money from my work, I thought of licensing Kaladix Linux free for non-commercial use according to the following assumption: [...]" The above line of reasoning is oft-repeated fallacy. Anybody who sells proprietary, closed-source modified version B of program A is only able to sell it for the sake of modifications made; otherwise there's no point in buying/using B at all, since A is available for $0, with source code. Typically, nobody moves A out of reach of public by modifying A to B and selling B (note: it doesn't even matter whether modified source code is available or not). If so, the only thing that this company or person makes money on is his own added value. Regards, Marcin Krol | ||
From: Joe Klemmer <klemmerj@webtrek.com> To: <letters@lwn.net> Subject: Linux Handhelds Date: Thu, 7 Jun 2001 16:19:04 -0400 (EDT) I just wanted to write a little about the Agenda VR3 that just arrived in my hot-little-hands a couple of days ago. This shouldn't be considered a review, per se, but more of one man's experience. The VR3 is one cute little thing and it really is fun watching X boot up on it. The GUI isn't bad at all, FLTK is a nice and crisp toolkit for X and it is small. Having an xterm is definitely very cool. The next thing to do is to try and run an app off of the VR3 on my linux desktop. :-) The only major down side to the thing is that Agenda should have picked a much heftier processor for it. The 66 MHz chip in there is darn right pokey. Think of running X on a 386 with 16 meg RAM (for those of you old enough to have actually done this with Linux). The handwriting recognition doesn't work the way the manual says but it does work, though I found it faster to use the on screen keyboard for most of the stuff. I haven't tried the sound part of things but I'm an aboration, it seems, in that I don't care for MP3 players or any of that stuff. Having seen PocketLinux running at last years ALS and seeing the VR3 now I do think that the future for Linux PDA's is bright. I don't know if they will replace PalmOS PDA's anytime soon, though, but it looks like they're off to a decent start. --- If I actually _could_ spell I'd have spelled it right in the first place. | ||
From: Dominic Mitchell <dom@semantico.com> To: letters@lwn.net Subject: Linux and the Palm Pilot Date: Thu, 7 Jun 2001 10:13:25 +0100 I'd like to point out that you missed one useful tool for connecting your palm pilot: coldsync <URL:http://www.ooblick.com/software/coldsync/>. This is a command line tool, but it is very handy for quick backups as well as syncing. It's more of a "bare-bones" tool, you may have to write your own scripts to get things done the way you want, but it's very flexible and independent of pilot-link. It also supports the Visor USB connection (but not, alas my new CLIE :-( ). -Dom -- | Semantico: creators of major online resources | | URL: http://www.semantico.com/ | | Tel: +44 (1273) 722222 | | Address: 33 Bond St., Brighton, Sussex, BN1 1RD, UK. | | ||
From: Phil Cameron <pcameron@crescentnetworks.com> To: letters@lwn.net Subject: Kpilot Visor Mandreake 8.0 Date: Fri, 08 Jun 2001 09:42:58 -0400 Kpilot supports the Visor in Mandrake 8.0. I have been using it for a couple of weeks now. I performed a backup and several syncs. You have to start kpilot and hit the sync button at the same time for it to work. Otherwise it just hangs. phil | ||
From: "Bryan O'Sullivan" <bos@serpentine.com> To: letters@lwn.net Subject: GTK+ text anti-aliasing support Date: Thu, 7 Jun 2001 14:07:54 -0700 As a footnote to your article this week, it's worth pointing out that both Jacob Berkman and I released patches to support Xft text anti-aliasing under GTK+ 1.2 at the beginning of this year. The initial work is easy (obviously, since there are at least three separate, independent patches out there); fixing broken GTK+ applications that do their own text rendering is a pain. With GNOME 2.0 slouching towards Bethlehem, the level of motivation needed to really tidy up and polish these patches into a coherent whole is higher than any of us seems able to muster, alas. <b | ||
From: Matt Dillon <dillon@earth.backplane.com> To: letters@lwn.net Subject: For Letters to the editor, re: "Is BSD getting lost amid the open source salvos?" Date: Tue, 12 Jun 2001 18:10:36 -0700 (PDT) I feel compelled to comment on this ZDNet piece which showed up on LWN's Daily Updates page, because I think it approaches the issue of BSD, GPL and Microsoft from a fundamentally flawed direction... it considers them in opposition but I have only seen this from the fringe community. I have never seen any such manifestation in the vast majority of programmers (except may you know who) who work on GPLd and BSD projects. The copyright an author puts on his own work is simply a personal preference, nothing more. I have never once seen the type of copyright prevent an open source author from contributing to a project he has an interest in. Many linux authors contribute to the FreeBSD kernel and many FreeBSD authors help support the linux kernel. There is far more collaboration between the alleged 'camps' then is implied by press accounts, perhaps because those of us who do a lot of programming also tend to do less talking. Or we try, anyway. It is lost on many people that a huge portion of what makes up a BSD system is GPLd, just not certain core pieces. A good 20 or 30% of the utilities and probably 80% (my guess) of the largest utilities are GNU and other vendor imports into our CVS tree. Over 13MB of the source code in our tree is gnu alone, and another 130MB is contributory (mostly GPLd, like GCC). The rest is BSD. Whoopie, big deal. In terms of BSD being more commercial friendly then GNU... well, that is certainly true on a relative scale. I even argue the point myself sometimes... but we are in total agreement that GPL does not particularly handcuff commercial interests. Most commercial interests can use GPL'd code just as easily as they can use BSD code without having to worry about the copyright. In regards to forcing more open standards, my opinion... and keep in mind that this is just my opinion, is that a BSD style license has as great an impact on pushing commercial interests to use open standards as the GPL does, it just goes about it in a different way. You have to ask the question: Why would a company use open source in the first place verses building it themselves? The answer is usually because they don't want to spend the resources building it themselves. Well, just because a company can hide modified BSD code does not mean they are now suddenly willing to spend an enormous amount of resources making fundamental changes to aid code when they weren't willing to write the program from scratch in the first place! The same reasoning applies, which is why you see a company like Microsoft 'steal' Kerberos but then use it almost verbatim, despite having tens of billions of dollars of cash lying around that could easily fund a complete replacement (hmmm... of course, finding sufficient talent might not be so easy even with billions of dollars, eh?). Kerberos forced MS to go 95% of the way to an open-source solution, which is better then the 0% we would have gotten if Kerberos had been GPL'd. And now that MS has done it, they have to support it. Look at TCP/IP - Microsoft is being forced to essentially throw away a decades worth of proprietary networking protocols and use an open standard, and the GPL has nothing to do with the reason why. LDAP, DBMS, etc etc etc... they all have similar effects and as much as MS tries to proprietize them, the simple truth is that they fail much more often then they succeed. Even when they succeed it is usually by playing dirty tricks (like intentionally degrading MP3 audio in their player to force people to use their own formats) and has little to do with copyrights. My personal favorite is BSD, for the reasons above and because I don't really care if someone makes money off my code -- I am under no illusion that I can stop people from abusing my code no matter the copyright so I might as well not worry about it. More power to them I say! I get what I want, they get what they want. Everyone is happy. But, hey, that's just my personal preference and it certainly does not prevent me from pushing into conversations on linux-mm and other linux groups from time to time, nor does it prevent me from using or contributing to GPL'd code, or writing it (I wrote one of the original replacements for Vixie cron under Linux, called dcron!). I like Linux too, but there are only 24 hours in the day and I need at least a few to sleep! Those of us associated with the BSD project know that Linux pushes our cause as much as it pushes its own. Open source is open source, after all, and Linux is essentially UNIX no matter what the fringe elements say - open source projects compile up (natively) on FreeBSD as easily as it does on linux and we have our linux emulation for binary-only distributions! KDE?, GNome?, Samba? yup... got all that, and a spiffy cool ports system that makes them easy to build and install too! Linux has the moment, and the momentum in the press, but it certainly isn't pulling developers away from the other BSD projects. Everything is growing together in the open-source movement. I see no reason to try to split the world's attention and neither do most other BSD focused developers. We all win either way and that, perhaps, is one reason why we don't speak up as much as we could. Linus speaks for us too! -Matt | ||
From: deivu@tomigaya.shibuya.tokyo.jp (David Moles) To: letters@lwn.net Subject: Nine reasons Date: Thu, 14 Jun 2001 04:47:15 +0900 (JST) Cc: bhenning@aboutlinux.com, david_coursey@zdnet.com Dear editors: David Coursey set a trap ('Want Linux on your desktop? Nine reasons to forget about it' http://www.zdnet.com/anchordesk/stories/story/0,10738,2773365,00.html) and I'm afraid Bill Henning fell right into it ('Linux Myths and Mythconceptions 101' http://aboutlinux.com/art_linmyth101_a.html). We in the Linux community have still not learned to separate advocacy from observation and accuracy from wishful thinking. Mr Coursey's article is not always a model of clear reasoning, but Mr Henning's response will do little more than to strengthen Mr Coursey's opinions on Linux 'zealotry'. The first point Mr Coursey makes in his editorial is a bit convoluted but comes down to saying that Linux is not ready for the desktop and until it is ready for the desktop there'll be no financial incentive for companies to *make* it ready for the desktop. Mr Henning's response is to say that Linux *is* ready for the desktop, and this demonstrates that financial incentive isn't necessary to make it so. While I think in the long run Mr Henning's second assertion -- that good software can be developed outside of corporate labs -- will prove to be correct, I have to disagree with his first. Not so much because Gnome and KDE aren't good user environments -- they are, or at least can be configured to be (see the Sun usability tests at http://developer.gnome.org/projects/gup/usabilitytests.html ) -- but because Mr Coursey is dead right about the applications. The examples Mr Henning cites are telling: WordPerfect Office, StarOffice, Kylix. (I confess to being unsure which AppGen he's talking about.) Every one of those came out of a corporate lab; and Kylix is a developer's tool, not a desktop application. WordPerfect Office and StarOffice are both missing crucial features for hard-core office users (MS Word's outline mode is the one that's kept me tied to MS for ten years now) and have compatibility and ease-of-use issues (font handling and printing, for instance) as well. 'Almost-as-good-as-MS' is not going to put Linux on the desktop of anyone but us 'zealots'. (That said, I have high hopes for StarOffice's GPLed successor OpenOffice -- by some time in 2003 or 2004 it might be quite nice.) Mr Coursey also makes the point that if Linux is enough of a threat to MS that it will spur MS to try harder to make their customers happy, making it even more difficult for Linux to catch up. Mr Henning's response is to claim that MS is more likely to make their customers even unhappier than to make them happy. I think this is going to turn out to be wishful thinking. I don't like the idea of software rental, closed audio standards, hardware-locked licenses, or appropriation of my email copyright any more than Mr Henning does. However, with the exception of the last -- which, as Mr Henning admits, MS has already given up on -- I don't think the average desktop user claims about the first three at all. Hardware-locked licenses aren't a problem to someone (be they an individual or a company) who replaces machines every three years and buys a complete new set of software with each new machine. Closed audio standards aren't a problem if you're only sharing audio with other MS users. And software rental is not that far from the situation MS users are already in -- paying $200 every 18 months for a basically unavoidable MS Office upgrade. Many of Mr Coursey's other points are, as Mr Henning says, not really relevant. Mr Coursey's point about the threat of Linux becoming Balkanized, however, is something the Linux community is going to have to work hard to avoid. We'd better hope that the major Linux vendors (and other interested parties such as Ximian) take Mr Henning's 'Solution #3' -- the Linux Standards Base -- seriously. His other solutions are not promising. RPMs still can't always be relied on cross-distribution without the occasional '--nodeps' or '--replacefiles' ('cross your fingers and hope it doesn't break anything'), and './make; ./configure; ./install' is hardly worth laughing at. This is the *desktop market* we're talking about. Which comes back around to Mr Coursey's main point -- that Linux is not, so far, ready for the desktop. It is still too complex for anyone but a power user -- and a power user who's willing to take the time to learn its ins and outs. (I know professional programmers with years not only of Windows background but Solaris as well who have given up on getting Linux to work with their hardware.) The desktop applications are not up to snuff and not well integrated with the desktop environments. And we have yet to see whether the free software model (or open-source model if you prefer) can produce complex applications that address all the needs of non-technical users. I still have hope that some day Linux will get to that point, but it isn't there yet. --David Moles P.S. I suppose there is one rather depressing 'bright side' for Linux -- which is that Windows, with a consistently inferior user experience, has nonetheless been able to stay far ahead of the Macintosh among desktop users. Perhaps the Linux community can learn something from Windows' 'success'. | ||