Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise
news for all interests
Sections: Main page Linux in the news Security Kernel Distributions Development Commerce Announcements Back page
Other stuff:
Recent features: Here is the permanent site for this page.
|
Leading itemsThe Linux Weekly News is one year old! Our first announced issue was January 29, 1998. It has been a great year, though it is probably good that we didn't know what we were getting into ahead of time. Many thanks to our readers who have made this exercise so rewarding. We intend to be here for you for many more years. We thought about trying to interview Linus for the first anniversary issue, but he's a busy guy and that has already been done. So, instead, please have a look at this week's feature article: an interview with kernel hacker Alan Cox. We're pleased with the result, and hope you will be too. Kernel 2.2.0, the first major stable release in two years, hit the net on Monday, January 25. No formal announcement has yet been made; the best to be found currently is this file in the distribution directory; it can not be accused of excess verbosity. Much has been said about this kernel in LWN over the previous months; there is little to add at this point. Except, of course, that congratulations are due to everybody who had a part in getting this release out the door. It has been a long job, well done. Congratulations are also in order for Ian Hay, winner of the Tummy.com kernel pool. He managed, back last fall, to peg the release time of 2.2.0 within 45 minutes. Not bad. Hewlett-Packard and Silicon Graphics, Inc. will begin supporting Linux on their hardware. The news was initially broken in this Wall Street Journal article (reprinted also in MSNBC). HP has since confirmed the news with a press release describing their plans. Initially the "NetServer LPr" will be available with Red Hat Linux installed; other NetServer systems - including, eventually, Merced-based systems - will be made available in the future. Silicon Graphics will apparently make the details of their plans available on Thursday, after LWN has gone to press. Please see our daily updates page for information from SGI as it becomes available. The word is that SGI will support their own version of Linux, rather than go with an existing distribution. The importance of these moves can not be overestimated. There are certainly no plans to mothball HPUX or IRIX anytime soon, but the writing is appearing on the wall. Proprietary Unix systems are increasingly an anachronism, and will find it ever hard to compete. (The same can be said of other proprietary operating systems, of course, eventually). It is going to be an interesting ride. (See also: articles in ComputerWorld, InfoWorld, Reuters, and Wired News). The news that the TCP Wrapper source code was temporarily replaced with a version containing a backdoor burst upon the Security community on January 21st, with this note from Wietse. TCP Wrappers is a widely-used security tool used to protect systems from unauthorized access to specific system processes. The incident generated this CERT advisory. Tcp wrappers was not the only program doctored on this site. Just as serious, util-linux2.9g (not associated with Wietse) on the same site was also modified. Util-linux contains a large variety of low-level system utilities necessary for a functional Linux system, including fdisk and login. Code in login.c, for example, was modified to generate a message with information about the affected host and mail it to an account on Hotmail. Although the correct util-util2.9g has been restored, all files on ftp.win.tue.nl must be considered suspect for now. The story gathered a lot of media attention, with the normal SlashDot coverage as well more mainstream articles in MSNBC (duplicated on Zdnet) and the San Jose Mercury News. What was important about this incident? There are a few points we'd like to make. The first is the need for individuals to use the security mechanisms that are provided to determine whether or not a file is authentic. This point was hammered home in Bruce Peren's November article in the Linux Weekly News, The Trojan Horse. This incident is exactly what Bruce predicted. Sites will be broken into, files will be modified, but we can protect ourselves by verifying the software we download before we use it. However, the fact that people are not using the tools that have been provided is also an indication that the tools may not be sufficient. More automated, easy-to-use tools that are built into the Linux distributions would help make sure that newcomers learn how to download software safely. They would also help those of us with heavy work loads and severe time crunches (anyone not fit that category?). The second point, and the good news, is that the modified files were caught very quickly. This incident was an excellent demonstration that open source software allows for the quick detection of security problems and their swift resolution. This is only the beginning of the story. This problem was found quickly and resolved, but this style of attack is going to continue. Be careful, everyone! The Windows refund movement is snowballing. The "refund day" plans have gotten a lot of press and interest; it is certain to be an interesting event. We have little to add beyond what other web sites are providing in the way of information. The closest thing to an "official" windows refund site is this one hosted by LinuxMall. Bay Area folks can check out the Bay Area refund page. And the definitive set of windows refund web links (including press coverage) can be found on The Open Directory Project windows refund page. One interesting windows refund story comes from "Donna.", who managed to get a refund back in the good old days of 1997. See the story for the details. In all cases, persistence and time seem to be required. Of course, the amount of the refund is so small that many people choose not to spend the time, a fact on which Microsoft is likely counting. That makes the grass-roots effort to demand the refunds more important, to increase the number of refunds requested and hopefully received as well as to draw media attention to the effect Microsoft's policies have on the average person. |
January 28, 1999
|
Sections: Main page Linux in the news Security Kernel Distributions Development Commerce Announcements Back page See also: last week's Security page. |
SecurityNewsDoes building a serial number into each computer processor improve security? Intel argues that it does in this article on the upcoming Pentium III chip. However, Bruce Schneier, author of Applied Cryptography argues differently in his article. In fact, he predicts that "patches that randomize the ID number will be available on hacker Web sites within days of the new chips hitting the streets." He gives a persuasive case that the only real use for the CPU serial number will be to discourage theft and depress the market for stolen processors. [Found in ISN]Security ReportsThe incidents this week where source for TCP Wrappers and other software packages was modified on ftp.win.tue.nl is covered this week on our Front Page. One detail not mentioned there was that the original CERT advisory contained an error and a revised edition was posted as a result. Also note that no advisory was posted for the modifications to util-linux package. Again, please use these incidents, which are not going to be the last, to justify the time and effort required to check the signatures on packages before you install them.As a following note, Trevor Johnson has released util-linux-2.9h. His posting indicates that the new version is available on both sunsite and tsx-11. And, of course, check the checksum if you choose to download it!
A long thread on Bugtraq discussed problems with ssh, specifically
situations where people with expired accounts were still allowed to access a
system through ssh. To fix, both ssh 1.2.26 and 2.0.11
can be recompiled with the -DHAVE_STRUCT_SPWD_EXPIRE configuration
parameter, as explained in this note from Raymond T Sundland. The thread also contained a
lot more discussion of the authorization process. Aleph One summed
up the situation best in one of his administrative notes:
Leif Sawyer reported a Quake 2 Server Crashed, apparently caused by a buffer overflow. The matter has been reported. Signal 11 confirmed a similar problem in Quakeworld, which was resolved some time ago. Additional information and confirmation that at least one of these overflows is now being actively exploited, was found in this note, forwarded to Bugtraq by Patrick Oonk. Fixes for the problems are in the works, but not yet available. John Stanley reported reported a security problem with the WebRamp M3, a small SOHO router, where turning off "visible computer" is much less effective than one would hope. Technical support at WebRamp is apparently not much interested in the report, and possibly not in James Engelhof's note, containing well-known, default passwords for the WebRamp. None of this speaks well for security at this company. Hopefully they will wake up and address the problems soon. Spikeman reported a bug in Mirc 5.5's newly introduced dcc server. Sandro Jurado followed up with a few more details. UpdatesLast week, we mentioned reports from Michal Zalewski regarding bugs in the latest version of sendmail, version 8.9.2. This week, this post from Gregory Shapiro states that, working with Michal, they have concluded that the first reported "bug" is, in fact, a configuration error. He recommends that people upgrading to 8.9.2 be sure to upgrade their sendmail.cf as well.As for the "Headers Prescan" Denial-of-Service vulnerability that Michal mentioned, the posting above indicates that they verified Michal's patch, improved it and the fixes will be incorporated into sendmail-8.9.2. The latest patch and instructions are in the posting for those who want to fix their sendmail immediately. Note, there is a minor error in the posting, pointed out by Phil Stracchino. ResourcesHERT (Hacker Emergency Response Team) has released auditd 1.10 for Linux. Auditd is part of the linux kernel auditing toolkit.Bryan Andregg posted a note to remind or inform people that the domains example.com and example.net have been reserved for use in documentation, examples and talks, to prevent real domains from being passed around and therefore abused. EventsThe Call-For-Papers for the New Security Paradigms Workshop 1999, to be held September 22nd through the 24th in Caledon Hills, Ontario, Canada, has been released. |
January 28, 1999 |
Sections: Main page Linux in the news Security Kernel Distributions Development Commerce Announcements Back page See also: last week's Kernel page. |
Kernel developmentThe current development kernel version is ... actually, there is no development kernel currently. The current kernel is, of course, 2.2.0. People are starting to pound on the kernel in a serious way, and development is in the "further stabilize the stable kernel" mode. In fact, Linus announced that he had no plans to release even a 2.2.1 kernel for "several weeks." Alas, he said that just before reading this note announcing the discovery of the "ldd core" bug. Essentially, if you run "ldd core" on a stock 2.2.0 kernel, you will find yourself in "fsck the disks" mode in a hurry. The response to this bug was a classic example of Linux parallel debugging. Reports flew back and forth as people closed in on the problem; the culmination was this patch from Ingo Molnar which closes up the hole. (Ingo also posted a minimal exploit program showing the operation that actually caused the crash). The total elapsed time was about nine hours. No proprietary system can ever match that sort of bugfix performance. As a result of all this, a 2.2.1 release is quite likely within the next few days. Alan Cox announced that the "-ac" patch series is done for now, then promptly put out 2.2.0ac1, which contains a number of fixes that didn't squeak into the 2.2.0 release, then 2.2.0ac2 with more fixes, including the "ldd core" crash fix. Some resources for people upgrading to 2.2, since there have been reports of problems. You need current versions of a number of utilities, including networking and PPP. The changes file on LinuxHQ gives a list of the various software versions you need to have to run 2.2 successfully. Do give it a look before upgrading, and certainly before complaining about something that does not work. See also Alan Cox's 'Clue-point-two' document for answers to some frequently asked questions. Finally, Joseph Pranevich has put out the "absolutely final version" of his Wonderful World of Linux 2.2 document, which is a great overview of the changes in 2.2. If you want to build 2.2.0 on a Sparc system, you should obtain and apply the Sparc patch posted by David Miller. The memory management issue refuses to go away even though 2.2.0 is now out. There are some grumblings within the ranks of kernel developers. Some of the outstanding issues include:
Numerous people hunted a problem with the Netscape browser, wherein it would freeze at inopportune times. Many suspected a kernel bug, but the problem turns out to be in Netscape's court. If you're having these sorts of difficulties, consider using this hackposted by Stanislav Meduna. The code has its own problems (see this note from the author), so it should not be used without need. But people with browser difficulties may find some relief here. Linux-kernel mail on vger backed up yet again, leading to another disabling of anonymous CVS access on that system. "Fear not," says David Miller; another system is coming in to host the anonymous CVS function. More resource limitations: the bandwidth upgrade for kernel.org has been delayed again, for at least a couple more months. As a result, kernel.org will remain difficult to get into for a while; people looking for kernels should just use the mirror sites. Version 5.0.1 of the Coda filesystem has been released, see the announcement for more. This is a bugfix release. The "Kernel Traffic" site has moved and adopted a new format as well. Check them out at the new site. Another four-letter word in the kernel. Some of you may remember the article in our October 15 kernel section, wherein somebody had grepped through the kernel source for their favorite vulgar word and found many matches. It's hard not to draw a parallel between that exercise and this message from Dave Jones. Dave went looking for a different offensive word, and was "shocked" to find almost 1,000 goto's in the kernel source. Certainly this code is insufficiently structured for sophisticated company! "The use of constructs such as goto are outdated crutches used by people too lazy to write a more structured solution." As may be expected, a bit of discussion resulted from this posting, mostly defending the use of goto in particular situations. In any case, the odds of Linus accepting a large un-gotoing patch are probably small... |
January 28, 1999
Since we're a weekly publication, chances are we'll be behind a rev or two on the kernel release by the time you read this page. Up-to-the-second information can always be found at LinuxHQ. |
Sections: Main page Linux in the news Security Kernel Distributions Development Commerce Announcements Back page See also: last week's Distributions page. |
DistributionsCalderaWant to install Linux 2.2.0 on Caldera OpenLinux 1.3? Check this upgrade list from Erik Ratcliffe. It lists packages he had to upgrade in order to install 2.2 and the level of the package required, along with a great deal of other useful tips on changes in 2.2 that may affect you.Troy Will is starting to create an OpenLinux Printer Support Page at this address. He has invited people to send problem reports to him. He'll try to help and will log his efforts on the support page. Last, some minor hassles with the Caldera mail archives have cropped up. As a result, the mail archives will be re-done on February 1st. DebianThis week's Debian Weekly News is the first to become an official part of the Debian web-site. Many of the following items were gleaned from the Debian Weekly News.Volunteers are needed to help man the Debian booth at the upcoming LinuxWorld conference. The booth was donated by Linux Central. For more information, check this Debian page. Brian White has cautiously agreed to allow a source package for the Linux 2.2.0 kernel to ship with Debian 2.1. This is good news for anyone who wants to be able to easily use the new kernel with the latest version of Debian. A draft version of a document on the Great X Reorganization was posted by Branden Robinson this week. It explains the package naming changes in the Debian X package structure that are part of the Debian 2.1 release. Here is a recent summary of the status of the Debian Sparc version of slink. It talks about boot floppies, X and kernel issues, among other ongoing concerns. For those of you that like the gory details, here is the list of release-critical bugs still remaining to be fixed before Debian 2.1 is released. MandrakeThe Linux Mandrake News for January 27th is available. It covers MandrakeSoft's plans for the upcoming IT COMDEX in Paris, France. Also mentioned was the City of Garden Grove, CA, choice to use the Mandrake distribution for most of their production servers and all of their systems analysts.Production on the Linux-Mandrake PowerPack has started and it is expected to be available "very soon". They tell us to expect some good surprises next week. MkLinuxMichael Santos has released a New Kensington test kernel, a new version of the modified Generic #6 kernel which should restore support for older devices.Red HatThe Red Hat XFree86 updates on update.redhat.com were upgraded to XFree86 3.3.3.1 on January 22nd. The latest version incorporates bug fixes and drivers for some new hardware, including full support for the Matrox G100/G200 PCI cards. For more information, see http://www.xfree86.org/#news.The Rawhide site was "knackered" this week, meaning that many important packages are missing. This note from Bill Nottingham indicates that Red Hat is aware of the problem and it will hopefully be fixed with this week's release of Raw Hide. SlackwareA Slackware Message Board has been created, to help handle the many technical questions that started rolling in after the Slackware.com web-site came on-line. Check it out at http://www.slackware.com/forum.S.u.S.E.The non-natives are getting restless ... , that is, the non-German SuSE users are asking when SuSE 6.0 will be out. Frequently. Again and again. The answer still seems to "end of January" and the end of the month is not quite here yet ...And yes, SuSE 6.0 is Linux kernel 2.2 ready, so people who prefer the latest kernel should be able to drop it into 6.0 without a problem. TrinuxThe Trinux Web Mail List Index has been taken down due to problems with glimpse. |
January 28, 1999
Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed. |
Sections: Main page Linux in the news Security Kernel Distributions Development Commerce Announcements Back page See also: last week's Development page. |
Development toolsJavaThere is no new information on the Java 1.2 port to Linux this week. This status report from last week explains the situation. Don't expect anything to change soon. As always, the place to check for the announcement when the 1.2 port is ready is http://www.blackdown.org/java-linux/ports.html#jdk1.2. We're confident the developers will get an announcement up incredibly fast once the port is ready, if only to stop the flood of requests for information that still fill the java-linux mailing list.This week, we ran across a reference to Enhydra, an Open Source Java application server and development environment. "Enhydra.org's goal is to evolve an Open Source Java application server in the spirit of the Apache Project. " Dustin Lang happily reported that the jdk 1.1.6 and the linux 2.2.0 kernel are happily co-existing. PerlThe latest information on Perl is generally available on the Perl Institute's News page. The site currently lists 9 new Perl Monger's groups that have been formed and announced this week, from Switzerland through Singapore. Over 40 new modules have been announced, so rather than duplicate the list here, we strongly suggest you check this page instead. It is updated on a daily basis.Maintenance Trial 4 for perl5.005_03 is available in Graham Barr's CPAN directory and a final release may be out early next week. CPAN has been ported to MacPerl. cpan-mac-0.21 is the name of the latest version of the package. PythonThis week's Python-URL! was published Wednesday, January 27th. Several of the following items were gleaned from this issue.Instant Python, a 6-page tutorial on Python, created by Magnus Lie Hetland, is now available and offers a crash course in Python. A tutorial on sockets, GUIs, graphs/paths/nodes, prototyping, and analyzing C code is available and contains Python examples. PySol 2.02, a new version of the solaritaire game, is now available. The O'Reilly Python Conference will be held as part of their Open Source Conference, August 21-24, 1999 in Monterey, California. Here is their Call-For-Papers, which has a submission deadline of February 15th. SmalltalkPeter Hatch wrote us a note to let us know that the official release for the Linux version of VisualWorks is scheduled for the first week in March, as part of the LinuxWorld Expo. They'll have a couple of booths there as well.A Smalltalk community is being formed on Excite.com. Reports are that about 50 people have signed up so far, though several people had trouble logging on over the weekend, due to problems with the Excite servers. Helge Horch posted a long note on Design by Interface in Squeak, which responds to Robb Shecter's article in Doctor's Dobb's entitled "Design by Interface" and the question of how well the principles in his article applied to Smalltalk. Tcl/tkThe 7th USENIX Tcl/Tk Conference will be held February 14-18, 2000 in Austin, Texas, USA. Here is more information for those that are interested.Andrew Friedl is looking for people wishing to continue support and development of the TclOCx/AxTcl COM wrapper for Tcl. See his posting for more details. Otherwise, support for this site will be terminated February 1st. This week's TCL-URL! is available and contains Scriptics business news as well as links to several useful postings. Bras, a program that implements rule-based command execution using Tcl, now has a new version available. Scriptics has announced the first beta release of TclPro 1.2 The new release contains support for two powerful extensions, Expect 5.28 and TclX 8.0.5. EiffelOur attention was called to the Eiffel Liberty news page, where one can catch up on all the current happenings in the Eiffel world. |
January 28, 1999 |
|
Development projectsCOASThe February 1999 issue of the Linux Journal has an article on COAS. An on-line version is not yet available. Author Olaf Kirch discusses why they chose Python to develop the user interaction code.GNOMEThe gnome-network package has been released. It includes both a talk program and gnome-sync.GnobotsII has been added to the CVS gnome-games module. See Mark Rae's announcement for more details. Alfredo Kojima has merged his official libPropList with the Gnome version and provided a tarball of the results. Miguel and the rest of the GNOME team sent their thanks. HarmonyThe Harmony project, whose goal was to create an LGPL version of the Qt library, is dead. Its final whimper came in the form of this note to the freeqt mailing list stating that the project is closed, and that the CVS archive is no longer accepting updates to the modules (which were not being updated by anybody anyway).The release of Qt under a less restrictive license (expected to soon be blessed as Open Source(tm)/DFSG-compliant) apparently made the project unnecessary in the eyes of the former Harmony developers. KDEKDE Beta 1.1 beta has been announced. Barring any major bug reports, this is the version that will become KDE 1.1. [Reported to us by LinuxToday].Reviews of the new product are now available, including this one in The Mining Co. There are no earth-shattering changes between KDE 1.0 and the pre-1.1 release. What has been added are those two things so long lacking in the Linux desktop field: polish and maturity. In addition, this Linux Journal review is now out. It reviews KDE 1.0 from the perspective of a new user and contains some good tips on getting things up and running. What about KDE's drawbacks? So far, I haven't found anything with KDE that I don't like or that is ``broken''. It seems to be solidly engineered and stable. I'm keeping it! Martin Konold reported that people should keep automake 1.3 in order to work with KDE-1.1. He promises that KDE will be fixed to work with automake 1.4 after the official release of KDE 1.1, coming up soon. A bug in the cvsup services has been fixed. Stephan Kulow has invited people to give it another try and mentions that they still need more mirrors. The KDE Bug Tracking System is now on-line, thanks to the efforts of Stephan Kulow and others. It is available at http://bugs.kde.org. Robert Williams took a moment to report that KDE is functioning well, without problems, on sites using the new Linux 2.2.0 kernel. New KDE packages (besides KDE 1.1) released this week:
IcecastIcecast 0.8.2 is now out! Jack Moffitt tells us that it contains mostly bug fixes. However, the Icecast team is very excited that Alexander Havang, author of shout, has come on-board. Iceplay has been replaced with his code as a result. Check the Icecast home page for more details.Mozilla/NetscapeAs always, check MozillaZine.org for the latest information on the Mozilla and Netscape projects. This week, they have some excellent references to the progress of the NGLayout ActiveX Control Operational, Apprunner, New Tree Widgets, and the release of ElectricalFire, a JIT Java Virtual Machine in-progress.Jazille is available on the "Just Java 1.2" CDROM (comes with the book by Peter van der Linden). Here's the plug from the Jazilla group. Jazilla is also experimenting with a new look for their web-site. Barring any loud objections, it should become the official new look soon. WineBertho Stultiens has finished a working version of the preliminary win16 elf-dll interface and made it available. The correct URL for access it is http://www.akhphd.au.dk/~bertho/wine/elfdll.Der Spiegel published an article on Wine on page 166 of their 4/1999 issue. No URL is currently available. Reports are that it is based on the New York Times article. WineHQ is now running CVSup. Here are some brief instructions on how to use it. ZopeThe Zope license has been re-done and is now officially certified Open Source(tm), as demonstrated by this message from Bruce Perens, kindly forwarded to us by Paul Everitt.Amos Latteier was kind enough to write and make sure we had the latest Zope news for the week. He mentioned in particular the alpha release of ZServer, an integration of the Zope application server and the Medusa information server. "It allows Zope to simultaneously use multiple protocols such as HTTP and FTP and lays the ground work for concurrent access in Zope 2." He also mentioned some Zope 1.10 plans. The pre-release of Zope 1.10 is scheduled to occur late next week. Zope 1.10 is the first Zope release containing contributions and patches produced by the Zope community, a direct return from Digital Creation's decision to release all of the source code for Zope. It will include:
Last, Ken Manheimer has joined Digital Creations from CNRI, where he was previously involved in the operation of the PSA and the python.org site. Ken will work on Zope community projects. From another source, we heard that Digital Creations was planning on hiring an additional 9 staff members. Ken Manheimer and Michel Pelletier, also recently hired, are apparently the first two to come on board. We are glad to see Digital Creations doing so well in the wake of their decision to support open source. | |
Sections: Main page Linux in the news Security Kernel Distributions Development Commerce Announcements Back page See also: last week's Commerce page. |
Linux and businessLoki Entertainment Software arrived on the scene recently, proclaiming their intention to port commercial games to Linux. This week they finally answered the obvious question: which ones? The first game they port will be "Civilization: Call to Power" by Activision. Your editor must confess to a certain amount of ignorance of the current gaming scene, having gotten most of that out of his system back when "Adventure" and "Empire" were the height of technology. But the word is that this is a fairly impressive game for them to start with; it could be the one that signals the rise of Linux as a serious gaming platform. The Linux release is supposed to happen at the same time as the Windows version. See also this interview with the principals of Loki Entertainment Software that was done by the folks at LinuxPower. Indelible Blue has announced its entry into the Linux market. Indelible Blue, currently the biggest fish in the OS/2 world, seems to have decided that Linux is a good place for them to be. They will likely prove to be some pretty strong competition for the existing Linux software vendors. "Indelible Blue's rapidly expanding product collection features commercially available Linux hardware and software products, giving the thriving Linux community a one-stop central resource that meets all their hardware, application software, and development tools needs." Pacific HiTech made some moves this week. Perhaps most significant was the release of TurboLinux 3.0.1 in the U.S. Pacific HiTech intends to move out of its Asian stronghold and challenge the established distributions on the other side of the pond. It will be an interesting battle. The U.S., however, is not the only place they are looking. Also announced this week was the opening of an office for Australia and New Zealand, headed by John Terpstra of Samba fame. Hardware Computer Canada believes in Linux according to a message sent out to the "NetWinder/Linux community" by Mac Brown, their CEO. HCC, of course, is the company which is buying the Netwinder division from Corel. The message describes HCC and what they do, and talks about their plans for the Netwinder. "HCC believes in Linux. Our expertise in Unix will assist us in the transition into this marketplace. HCC plans on moving forward with an IPO to further support the development of the NetWinder product line. HCC's goal is to be 'one of the first pure Linux plays on the stock market'." Sybase will ship a Linux version of their "SQL Anywhere Studio," according to this PC Week article. The move is due to "incredible customer demand," according to a Sybase manager. Once again, the database companies are finding that there is a real market for their products on Linux. A new Linux distributor in the U.K. The Linux Source has popped up on the web with Linux distributions, books, etc. More developers than NT. Here's another press release from Microsoft, with, as usual, the "Linux defense." "Linux is rapidly emerging as a major competitor to Windows. Indeed, the number of developers working on improving Linux vastly exceeds the number of Microsoft developers working on Windows NT" Press Releases:
|
January 28, 1999 |
Sections: Main page Linux in the news Security Kernel Distributions Development Commerce Announcements Back page See also: last week's Linux in the news page. |
Linux in the newsAnother busy week for Linux in the press. Actually, every week is busy anymore... We have not included "windows refund" stories in the press page this week. There are far too many of them, and they are mostly all the same. Folks interested in collecting the whole set may want to head over to The Open Directory Project windows refund page, where you can read windows refund stories all day long... For this week's recommended reading:
As is generally the case any more, a great portion of the coverage of Linux had to do with Linux in and around business.
|
January 28, 1999 |
Sections: Main page Linux in the news Security Kernel Distributions Development Commerce Announcements Back page See also: last week's Announcements page. |
AnnouncementsResourcesIt's the Stanford Linux Revolt! David Weekly and friends had some fun at the booth of a large proprietary software company during the Stanford job fair...An Ode to Richard Stallman is a detailed accountof Stephen Adler's experience at the NYSIA/WWWAC Software Summit, where Stallman spoke. EventsLinux at the Westan Millennium Show. A number of Australian Linux supporters held a briefing for "around 500 influential Australian IT-industry movers and shakers" in Melbourne. Check out their report to read about another highly successful Linux advocacy event down under.The Dutch UNIX User Group NLUUG is organizing a conference on UNIX and WINDOWS NT, to be held Wednesday, June 9th. They have issued a Call-For-Papers and have specifically asked for papers on "The Linux smbfs". On the heels of their successful Linux conference last week, the folks at Netproject have announcedOpen Source 1999: Linux - The Way Forward in London on May 11, 1999. This conference will have both technical and management tracks. A good summary of Eric Raymond's talk in London was posted to uk.comp.os.linux. Linus is doing another keynote speech, according to this press release. This talk is a bit different than some: "The Role of Linux in Document and Information Management" at AIIM '99 on April 14. Web sitesThe world's smallest web server is happily serving up this site. It runs Linux, of course.An area which Linux has not much served until now is that of adult games. There have not been too many complaints about that thus far. However, for those who would like to see this shortcoming remedied, there is now the AdultLinux site, complete with blushing penguin. |
January 28, 1999
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Software Announcements
|
Our software announcements are provided courtesy of FreshMeat
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Sections: Main page Linux in the news Security Kernel Distributions Development Commerce Announcements Back page See also: last week's Back page page. |
Linux links of the weekScript-fu.org is a new site dedicated to the scripting language used by the GIMP. Here's all the stuff you need to get started doing magic things with our favorite image editor. Linuxapps.com has been through a major upgrade. It has a new look and a new interface, worth a look. |
January 28, 1999 |
|
Letters to the editorLetters to the editor should be sent to editor@lwn.net. Preference will be given to letters which are short, to the point, and well written. If you want your email address "anti-spammed" in some way please be sure to let us know. We do not have a policy against anonymous letters, but we will be reluctant to include them. | |
Date: Thu, 21 Jan 1999 21:47:49 -0600 To: editor@lwn.net From: James Thompson <jet@avalon.net> Subject: Mac OS X Web pages... Hi Folks, Have you sauntered over to the Apple Website and looked at Mac OS X screenshots lately? The Mac OS makes an impressive front end for Unix. If it runs as good as it looks... If Linux developers could come up with a GUI that makes Unix easy to use, my complaints would melt. Apple has gone a long way towards that. Mac OS X may replace my current Linux DNS server (sniff) for those chores because of it's ease of use. James Thompson NRN Consulting Iowa City IA jet@avalon.net | ||
From: Dick Hein <rwh@lmi.net> To: editor@lwn.net Subject: Re: Discussion on FUD Date: Mon, 25 Jan 1999 00:43:39 -0800 As to what it is, I think this piece - http://www.geocities.com/SiliconValley/Hills/9267/fuddef.html ...pretty well sums it up. Concerning use of the term to describe criticism of Linux - I don't see anything wrong with using it when appropriate. FUD =is= practiced, after all, and is no stranger to the likes of the Redmond crew. Regards, Dick ---------------------------------------------------- Dick Hein / rwh@lmi.net / Mountain View, California. | ||
Date: Sun, 24 Jan 1999 13:54:42 -0000 (GMT) From: Dirk Koopman <djk@tobit.co.uk> To: editor@lwn.net Subject: It's not all good... For my sins I have been running Linux as a programming platform since 0.99.x days and whilst I have seen many things improved, there are others which have not. Recently I was asked to prepare a machine for someone who wanted very cheap internet access and home word processing, he was a newby and happy to try anything. Naturally I thought of Linux, so I installed RedHat 5.2 and Star Office onto a spare 32Mb Cyrix DX2/66 clone together with X and isdn. To cut a long and painful story short, the system was unusable. Star Office took forever to load and then, in a VERY short time of use, proceeded to use all 48Mb of swap space (as well as the available RAM) and ran like a woodlouse (i.e. somewhat slower than a dog). Loading Netscape Communicator wasn't much better, at least it left a (small) bit of RAM, but then started to eat swap as you surfed. What makes this worse is that I remember running a similar configuration (but with an Intel DX2/66) in early 1.0 days with X and Netscape and having program loading competitions with sceptical M$ fans and beating them hands down. In disgust, I loaded Win95 and IE 3.2 and although it can't be said to be a fast machine (in any way) it is at least usable, programs (even Office) load in a tolerable amount of time and the system is stable enough for casual home use. Is this warning for us all? try a loading competition now with Netscape on Linux and IE (or even Netscape) on identical modern specification machines, you may be surprised by the results! Regards Dirk Koopman --- Dirk-Jan Koopman, Tobit Computer Co Ltd At the source of every error which is blamed on the computer you will find at least two human errors, including the error of blaming it on the computer. | ||
Date: Thu, 21 Jan 1999 12:55:17 +0000 From: David Jao <djao@MATH.HARVARD.EDU> To: editor@lwn.net Subject: Misleading report on Sarah Flannery's encryption algorithm ZDNet, BBC News, Slashdot, and now LWN have all published reports on Sarah Flannery's new encryption algorithm which are in some way inaccurate. The discovery of a new direction for exploration, and the coming of age of a new researcher are very deserving of praise, but the possible immediate practical impact of this particular algorithm has been way overblown. Details on the discovery are sketchy at this point. I am basing this letter on the few details of the algorithm that I have been able to pick up from Slashdot posts and the various news sites, so take it with a grain of salt. That said, it seems that no news site has an accurate conception of the proper significance of Sarah's discovery. Sarah has discovered a matrix algorithm which is provably equivalent to RSA in security, uses about 20 times less CPU, and 8 times more memory. This discovery is of great interest to researchers and theorists, but has little practical impact on user level software in the forseeable future. No production program being distributed today uses RSA for bulk encryption of data. Programs like PGP use RSA to encrypt a small session key, which is in turn used with some other cipher (not RSA) for bulk encryption. The practical value of fast RSA encryption is questionable, because RSA is simply not used to encrypt large quantities of data in today's world. Furthermore, there are already enough free (i.e., unpatented) cryptographic algorithms available today that the addition of one more is not too exciting. Today we already have Diffie Hellman, El Gamal, DSA (for signing), Blowfish, and CAST. GNU Privacy Guard has progressed very well using these existing free algorithms. Even RSA itself will fall out of US patent protection in less than two years. The value of one more free algorithm, while positive, is not, as you say, "incalculable." I know you guys are not cryptographers, so I forgive you (and other news sites) for their mistakes. But now you know the truth. By itself, this particular discovery of Sarah's will not make a difference to users in the next 10 years. We all should be most encouraged by the prospect of future research from Sarah and others (possibly based on Sarah's current work) that will dwarf this recent achivement in practical benefit. -David | ||
Date: Thu, 21 Jan 1999 11:31:18 -0800 From: Jay Jakosky <jakosky@usc.edu> To: editor@lwn.net Subject: French vs. US cryptographic restriction. "The biggest news of this week in security has been the about-face of the French government policy on encryption. Part 1 and Part 2 of the government documents in French describe a "project" (essentially, a proposed new law) which promises, eventually, complete freedom of the use of cryptography within France. In the meantime, until the law is enacted, the maximum allowable keysize for cryptography has been increased from 40 bits to 128 bits, certainly trumping the U.S. Government's recent increase in allowable keysize to 56 bits. Exportation of cryptography is still controlled by virtue of existing agreements with other countries." You are neither the first nor the last to refer to 56 bits as the limit of the strength of U.S. domestic cryptography. Strength of cryptography EXPORTED from the U.S. is now limited to 56 bits. France in no way trumped the U.S. since they still have a limit on domestic cryptographic strength. I'm sure you know this but your statement (quaoted above) portrays a different message about the comparative freedom of France and the U.S. | ||