Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise
news for all interests
Sections: Main page Linux in the news Security Kernel Distributions Development Commerce Announcements Back page All in one big page
Other stuff:
Recent features: Here is the permanent site for this page.
|
Leading itemsWas the Windows refund day a success? By one set of metrics, the answer would have to be "no." The turnout for the event was tiny, and, as expected, no refunds were issued. It is difficult to avoid thinking that a more concerted effort to get people out into the streets might have paid off handsomely. Perhaps publications like this one should have been a much bigger part of such an effort. But that would be a short-sighted view, in any case. The Windows refund effort has succeeded in creating a much broader understanding of the nature of the "Microsoft tax." News reports all over the planet presented a sympathetic picture of computer users who simply wish to not be forced to pay for software that they do not use. Awareness of the problem - and of the fact that many of us have found an alternative preferable to Windows - is now much higher. The Windows refund people have done very good work, and deserve the strongest of congratulations. It's Time to Talk about Free Software Again says Bruce Perens in this editorial sent to LWN. "I fear that the Open Source Initiative is drifting away from the Free Sofware values with which we originally created it. It's ironic, but I've found myself again siding with Software in the Public Interest and the Free Software Foundation, much as I did in 1995." How Linux handles security problems, part II. As might be expected, last week's somewhat ill-tempered editorial on security drew quite a few responses. We would like to follow up in a couple of areas. First, with regard to how the various distributions responded the the FTP vulnerability:
So, while we are far from perfection, it would appear that the response of most of the Linux distributions to this security problem was reasonably prompt - certainly far better than is seen with proprietary software. The problem, thus, lies not with producing patches that close security holes, but in getting those patches into the hands of users and system administrators everywhere. There are two separate aspects to this problem: communications and infrastructure. Communications has to do with letting people know that patches are needed and available, and with telling them where to find these patches. We repeat our call from last week for each distribution to make security information available from its front page (in each language that they support). When people are looking for a patch (now!), it is too late to tell them they should be on some mailing list. Putting out patches is of limited use, however, if said patches are inaccessible. As the popularity of Linux grows, servers used by distributions will become ever more susceptible overwhelming surges in traffic. We were taken to task by some readers who thought we were expecting Red Hat to have the bandwidth to handle such surges. We were not suggesting that; as users and their available bandwidth grows it will probably prove not to be possible, much less economical to put in such fat pipes. Setting up that amount of bandwidth is also unnecessary. All that is really needed is a mirror system that actually works. The Linux kernel archive mirror system, set up by H. Peter Anvin, is a great example of how to do things right. Access to the main site is controlled so that the mirrors are always able to update themselves. DNS is set up properly so that one need not actually know the name of a mirror site. It all just simply works. Companies like Red Hat already have the most important piece for a good mirror system: a large set of willing mirror sites. A bit of organizational work should be all that's needed to make the mirror system function well. Free software pioneers. The EFF is seeking nominations for their 1999 Pioneer awards. It would be nice to have some good nominations from the free software world (but remember that Linus Torvalds and Richard Stallman won last year). |
February 18, 1999
|