Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise
news for all interests
Sections: Main page Linux in the news Security Kernel Distributions Development Commerce Announcements Back page
Other stuff:
Here is the permanent site for this page.
|
Leading itemsThe importance of freedom. One of the longest-resonating echoes from this month's LinuxWorld Conference and Expo was almost certainly a surprise to the event's organizers. The last-minute panel that was held Wednesday afternoon, and which featured Eric Raymond, Richard Stallman, Linus Torvalds, Guido Van Rossum and Larry Wall was intended to discuss "continuing the revolution" - how to carry forward and maintain Linux's momentum through the rest of the year. What came out, instead, is that not everybody is happy with the state of affairs thus far. For those who have not yet seen it, a perusal of Liz's transcript of the panel is worthwhile. The disagreement, which has since been reported widely as a "rift" in the free software world, has to do with just what the community's goals are. Perhaps the most succinct characterization of the debate would be the following: Eric: I want to live in a world where software doesn't suck.One group sees free software as a means to an end; the other sees freedom as the end in itself. And a third group - perhaps the majority - would like to drink its beer in peace and wishes the whole debate would go away. One would think that, since everybody is in favor of free software, there should not be much of a basis for argument here. The problem, of course, comes in when proprietary software is thrown into the mix. Free software purists do not welcome proprietary vendors; indeed, they seek to not even recognize their presence. "Open source" folks are more tolerant, seeing even proprietary systems as an endorsement of the Linux platform that will help to carry things forward in the long run. This disagreement, at times, gets loud. It creates divisions between people who really do share many goals. And it reflects poorly on the Linux community; it makes it all too easy for those who would characterize us as "17-year-old surfers" or whatever it is this week. LWN would like to make a few suggestions. We'll not get too far in calming down the debate, but it should at least help us to get lots of material for the letters to the editor column...
And we're winning. Free software to the rescue in Italy. Italy's National Research Council (CNR) held a meeting in late February to evaluate free software's potential to reinvigorate Italy's engineering industries and reduce software imports. Here's a writeup of the event (in Italian and translated to English). It may well be that free software will take over in places like Europe before it does in the United States; this document gives a glimpse into how that could happen. (Thanks to Gabriele Paciucci who wrote the original document, Ricardo Russo for doing the translation, and Paolo Didonè who sent it all to us). There is also an article (in Italian) in Il Sole 24 Ore about this gathering. Babelfish chokes on it, unfortunately, so no translation for the moment. The 1999 Atlanta Linux Showcase has been announced. It will be three tracks of events over three days this year. See you there!
This Week's LWN was brought to you by:
|
March 11, 1999
|
Sections: Main page Linux in the news Security Kernel Distributions Development Commerce Announcements Back page See also: last week's Security page. |
SecurityNewsRemember, our security coverage last week was spotty, due to our attendance and involvement in the LinuxWorld Expo. Therefore, some of the reports below are older than this week. We've tried to group information together, old and new, to make it more understandable. As a result, some information may be repeated.Several ISPs were recently impacted by a program called GeoList Professional, from earthonline.com. This program scans a list of over 4000 domains for possible user names based on a dictionary-lookup scheme. The way that the scan is done results essentially in a Denial-of-Service style attack on impacted machines. Earthonline's response has been to pull the product. To see if you are in a domain that was affected by the attack, you can check this list of domain names hardcoded into the program. In the meantime, the report generated a great deal of mail on the Bugtraq list addressing how to properly configure your Mail Transfer Agent (MTA) to handle attacks of this sort. No one solution was agreed to be the best, but the discussion was interesting and enlightening ... On the Cryptography Front, this Wired News article describes the return of the Cryptography bill to Congress. That sounds like good news, until you get to the comments that the bill was not written to benefit the individual, only industry. You can judge for yourself by going to the Thomas site and searching for "Security and Privacy Through Encryption Act" (note that the bill number in the Wired article is wrong). From a brief scan, it appears to exclude free software from export restrictions. Security ReportsA new buffer overflow in Super was reported one day and fixed the day before. Now, that's service! Take a closer look at the URL for the fix. It is a note from the author of Super, William Deich. Because of the two problem reports for super coming so close together, he did a comprehensive audit of the code this time and has integrated four new changes to overall improve security weaknesses that he found. As Ryan Russell on Bugtraq commented, this was an exemplary way to handle the problem.Mutt version 0.95.4 was released in order to fix some problems with mutt's temporary file name generator and some inconsistent library call handling. These problems did open up potentially serious security problems, so it is recommended that you update your mutt packages. Unfortunately, no vendor reports have yet come out, although a conversation at LinuxWorld indicated that the Debian 2.1 release was held up, in part, in order to fix this problem. The March 8th Debian changes log for Intel indicates that an updated package for mutt was uploaded to fix security problems, package mutt-0.95.3-0.2. Gnuplot version 3.5 reportedly has a serious root compromise hole. Of course, 3.5 is a old version. The problem was fixed before the release of Gnuplot 3.7. If you are running SuSE, you may want to check for the installation of this program and remove the suid bit immediately. For even better security, SuSE users should take a look at /etc/rc.config and consider setting PERMISSION_SECURITY="secure". Security problems with Linux kernel 2.0.35 and earlier are described in this advisory from Network Associates, Inc. The fact that earlier versions of the 2.0 kernel series are vulnerable has been already reported. However, if you've been putting off upgrading your kernel, this report should encourage you to increase the priority of that task. Fixes for bugs in HP network-connected printers are now available. This includes a fix for the infamous nestea2 and other TCP/IP exploits. This note describes the problems and the firmware upgrades that contain the fixes in more details. As he mentions, getting these firmware upgrades should be considered mandatory for anyone running HP network-connected printers if they are exposed to any untrusted traffic. UpdatesDebian's report on a fix for the lsof problem reported in the February 25th Security Section came out on February 26th. The problem can be fixed by upgrading to the debian package lsof-4.37-3 (or presumably later).EventsShadowCon October 1999 has issued their Call for Papers and preliminary announcement for the event, which will be held October 26th and 27th, 1999, at the Naval Surface Warfare Center in Dahlgren, Virginia. The event is free.The Black Hat Briefings '99 is a computer security conference to be held July 7th and 8th in Las Vegas, Nevada, USA. This year, they've added a "white hats track" for CEOs and CIOs. One wonders if they object to segregation ... Here is the official announcement. The CQRE [Secure] Congress & Exhibition has released its Call-For-Papers for its 1999 conference. CQRE will be held November 30th through December 2nd, 1999, in Duesseldorf, Germany. Section Editor: Liz Coolbaugh |
March 11, 1999 |
Sections: Main page Linux in the news Security Kernel Distributions Development Commerce Announcements Back page See also: last week's Kernel page. |
Kernel developmentThe current kernel release is 2.2.3. There was no official announcement for this release; the best that's out there is Linus's announcement for 2.2.3pre3. This release contains a number of fixes, with NFS and elsewhere, all aimed, of course, at further stabilizing this stable release. And that is a good thing. A certain amount of grumbling about the stability of 2.2.2 has been heard in recent times; some have compared it to a development release. A lot of the problems seem to be with NFS, which could be a source of complaints for a while yet. NFS was orphaned for too long in the 2.1 cycle, it has some catching up to do. The Alpha compilation problems didn't help either. Nonetheless, 2.2.2 has worked quite well for most people who have used it, and 2.2.3 should be even better. The 2.2 series is a quality release. Alan Cox, of course, has jumped out ahead with 2.2.3ac1. It contains quite a few fixes, including more NFS stuff. What byte ordering will the Merced port use? This discussion - perhaps a bit premature - has been based on the assumption that Merced, like a number of other modern processor chips, will be able to operate in both big-endian and little-endian modes. A certain vocal contingent thinks that big-endian ordering should be used. Arguments for this approach cite compatibility with the (big-endian) TCP/IP protocols, as well as some things about making hex dumps easier to read. Linus's answer to big-endian proponents is quite simple: "Not a chance in hell". His reasons are (1) a claim that there is never any reason to prefer one byte ordering over another, and (2) the x86 emulation mode will require little-endian ordering. Different orderings for the x86 and IA-64 native modes is not open for discussion - nobody has been pushing for that. So the question is pretty well resolved. As an interesting aside, Linus posted this note on why he thinks that old x86 binaries running in emulation mode will actually execute faster than native IA-64 binaries. It mostly has to do with the huge expected size of the Merced binaries. He leaves us with this chilling thought... "For example, have people realized just how large something like KDE+StarOffice is? Imagine blowing that up by a factor of three or so." Lots of patches and packages were announced:
"Why debate changes on linux-kernel? After all, Linus makes all the decisions in the end anyway." After hearing this point of view one time too many, Larry McVoy responded with not just one but two separate, well-written messages on why development issues need to be debated. Relying on Linus is not only a cop-out, but it's guaranteed to bring on more "Linus burnout" episodes in the future. Rather than send everything up to Linus for judgement, the onus should be on developers to insure that almost everything that gets to Linus will be judged favorably. Implicit in all this, of course, is the question of how things will work when Linus is not there any more. Linus may have no immediate plans to move on to other things, but he served some notice at his LinuxWorld keynote: "Basically, I'm a very selfish person and I really don't care about all of you. I care about doing what I enjoy." If Linus wakes up one day and decides he's no longer enjoying himself, he may well be gone. And remember that he has been doing this for almost ten years. That day could come sooner than many people expect. The point of all this, of course, is that the kernel development community needs to be able to function well in Linus's absence. The better we all do at getting the important decisions made before they ever reach him, the better prepared we will be for that day when he is no longer around. Linus's departure - hopefully a long way off - will not be the end of Linux. With a proper development discipline in place, it need not even be all that traumatic. Another article describing the new features of the 2.2 kernel can be found on the openresources.com site. Section Editor: Jonathan Corbet |
March 11, 1999
For other kernel news, see: |
Sections: Main page Linux in the news Security Kernel Distributions Development Commerce Announcements Back page See also: last week's Distributions page. |
DistributionsIt's been a long time since we mentioned Independence. The Independence project was started in 1998 with the goal of producing a free and truly user-friendly distribution, for people without a background knowledge of Unix, etc. This is not an uncommon goal, nowadays, but they've been working on it for a while now. Their announcement of the release of the new distribution provides some details of what they've done to make this distribution different from others. Like Mandrake, it is based on Red Hat 5.2. However, they've worked on making printing easier for the novice, replaced the ordinary cron with one that doesn't need the machine up 24 hours a day, optimized dial-up support, put in enhancements to LILO to get people up and running without having to read the manual first -- difficult to do if the computer is not yet up --, and added KDE (of course) and lots of applications to provide people with alternatives for the software they are accustomed to running on Windows operating systems. We haven't had a chance to take it for a spin, but we've followed the project and its aims. Anyone who does get a chance to try it out, please let us know what you think! Good ideas and hard work are always welcome. DebianDebian 2.1 made the March 9th release date. Many sighs of relief and happiness were heard, we're sure. If you're interested in the details, you can check out the official announcement. We hear the mirrors are running a bit slow right now, but CDs are available for those of you who are impatient.The Debian Event Pages, now available, contain a list of upcoming Linux-related events and Debian's plans for them. A new mailing list, debian-commercial has been created. It is a moderated list for publishing vendor and distributor Debian-related materials. The Debian Weekly News for last week and this week are available. A new Package Manager for Debian? Swim was announced today by Jonathan Rosenbaum. It will be interesting to see what the reactions to the announcement are. Joseph Carter's LinuxWorld report is now available. LinuxPPCLinuxPPC Live from MacWorld. LinuxPPC Live has been included on the CDROM insert in the April Issue of MacWorld.Civilization: A Call to Power will be available for the LinuxPPC in the near future. This MacCentral article notes that it will probably be available sooner than the version for the MacOS. Of course, once the game is running on Linux/Intel, moving it to the PPC should hopefully be trivial ... In amongst all of the IBM press releases, it was easy to miss their declaration of support for Linux on the PowerPC (this editor did). Thanks to Jason Haas for providing us with LinuxPPC news this week ... MandrakeLinux-Mandrake PowerPack Edition, which comes with CDs, installation guide and 100 days of support, is now available in the U.S. and Canada.The latest edition of the Mandrake-News is available. It includes lots of good news about how well Mandrake is doing, plus a note about rpms for Linux kernel 2.2.2 which they have made available. Red HatRed Hat re-vamped their web site last week. If you haven't had a chance yet, you may want to check out the new site. Be sure and send them your feedback; it sounds like they are listening and modifying the site in response to comments they've received so far.Check out the commerce section for news on some additional big-name investors that have lined up to put money into Red Hat. SlackwareThe Slackware booth at the LinuxWorld Expo did brisk business. It was large, professional and usually very busy. Check out the Slackware.com site for links to pictures and information on how to pick up one of their T-shirts, if you missed them at the show.No updates to Slackware have been posted since February 24th. SuSEArs Technica reviewed SuSe 6.0 and are obviously highly impressed. The article is relatively in-depth, with sections on Yast, X installation, and KDE.Some plans for improving SuSE's security were informally posted to Bugtraq. The note indicates that security-specific mailing lists for SuSE should be announced some time soon as well the introduction of OpenBSD-like security checks that run on a regular basis. This is welcome news. Section Editor: Liz Coolbaugh |
March 11, 1999
Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed. |
Sections: Main page Linux in the news Security Kernel Distributions Development Commerce Announcements Back page See also: last week's Development page. |
Development toolsJavaThe first public pre-release of the JDK1.2 for Linux was announced on Thursday, March 4th. The release notes comment in big, black letters that this release is only for the very brave. It is good, though, that they've gotten far enough to allow the rest of the community to help out with finding and dispatching the remaining bugs. Now all of those of you who have been bugging them to do a pre-release, so you could help, need to step up and match your words.From the JDK 1.2 Status Page, it appears the only hold-up left on the Intel platform is caused by a bug in the 2.0.3X kernel series. The PowerPC platform is coming along, as well. No information is yet available for the other ports. From this note, it appears that the problem is fixed as of kernel 2.2.1. It may be up to Sun to decide whether this constitutes "passing behavior". In addition, Alan Cox's release notes for Linux kernel 2.0.37pre8 indicate that he's included the fix for that problem, specifically to support the JDK 1.2 porting team. 2.0.37 is due out by the end of the month, barring any major disasters. Some initial impressions of Java 2 (a.k.a. JDK 1.2) were posted by Russ Pridemore. The JDK 1.2 pre-release for the PowerPC platform was announced on Monday. PerlPerl, the first postmodern computer language was the topic of Larry Wall's talk at LinuxWorld. It is now also available on-line, for those of us that missed it. Warning: the talk was long. However, it makes Larry Wall's comments in the panel with Linus, Richard, Guido and Eric a lot more understandable ...A demo of PerlPoint, Tom Christiansen's perl-based (of course) presentation software, was announced on March 9th, with the goal of reducing the number of people making presentations with PowerPoint. The Maintenance Trial 6 for 5.005_03 has been made available in Graham Barr's CPAN directory. Python"Instant Hacking" is the title of Magnus L. Hetland's small programming tutorial which uses Python for its examples. It is available from his web site and considered a Work-In-Progress.SmallTalkGemstone is rumored to have a non-commercial Linux version of its flagship Smalltalk client AND server. Check out this note from Joseph Bacanskas for a few more details.Tcl/tkOur normal pointer to TCL-URL! did not make it in last week. As a result, here is last week's edition and this week's edition.A HOWTO for writing multi-threaded extensions for Tcl was announced by David Gravereaux. Section Editor: Liz Coolbaugh |
March 11, 1999 |
|
Development projectsKDELinux-Magazin wrote an article on K-Office, the text of which has been made available in German, thanks to the efforts of Tom Schwaller. They are looking for people willing to translate the article into other languages, particularly French and English. Contact Martin Konold if you are interested in helping out. If you are looking for books on KDE, you'll want to check out Robert Williams' web-site on the topic. The first release of KCdCD, a simple CD player, was announced by Roberto Alsina. Over thirty different updates to various KDE utilities and programs came out over the past two weeks, so we won't attempt to list them all here. Check out the kde-announce list for all the announcements. Linux GamesThe Crystal Space 3D engine is a "work-in-progress" with a goal of developing a good, general 3D game engine. They announced their latest version last week, version 0.12, describing the features they have so far, warning of potential bugs, and providing pointers to more information.Hopkins FBI is the name of a commercial game which will be released for Linux on March 29th. A downloadable demo is already available and patches for some known problems should be out in a couple of days. For more information, check out the Hopkins FBI site, complete with screen shots [tip courtesy of Wari Wahab]. Linux Wordprocessors, etc.The LyX Development Team proudly announced Lyx 1.0.1 on March 4th. They refute the contention that there is no open source word processor for Linux. Originally conceived of as a "GUI front-end" to LaTeX (Lyx still produces LaTeX files for its output format), they state that it now has a phenomenal math editor, figures, tables and more, with support for over a dozen languages. LaTeX (and its predecessor, TeX) has long been a favorite in scientific communities and LyX has many devoted users.Mozilla/NetscapeNetscape Communicator 4.51 is reportedly available on the Netscape FTP site.WineThe First World Wine Developer's Conference? That's what Doug Ridgway's report from LinuxWorld dubbed the event. This is recommended reading for anyone interested in Wine ... it is chock full of information, excitement and more.Codeweaver's plans to merge TWIN and WINE into "TWINE" are mentioned in the report, but were covered in more detail on Slashdot on Monday. It is good news to see efforts in the two development areas coming closer together. The different licenses of the two efforts (LGPL for TWIN, BSD for WINE) mean that a lot of tip-toeing will be going on, trying to keep the work and the cooperation going, but both sides seem to have a very good attitude about it. CodeWeavers, from their web site, appears to have gone out of their way to anticipate possible problems and avoid them. ZopeThis week's Zope news (courtesy of Amos Latteier) includes a pointer to an article on Zope by Web Review. The article itself is introductory, and contains material with which most LWN readers should be familiar. However, at the bottom of the article, they include pointers to pages with more details on the Web Object system and more, making it an excellent technical introduction to Zope as well.The Zope Documentation Project now has its mailing list up and running and is actively maintaining the Zope FAQ. Section Editor: Liz Coolbaugh | |
Sections: Main page Linux in the news Security Kernel Distributions Development Commerce Announcements Back page See also: last week's Commerce page. |
Linux and businessHere's the big corporate deployment story of the week: according to ComputerWorld Cendent will be deploying Linux systems into 4,000 of its hotels. "The rollout is proceeding on schedule, but Covey said the company has learned that working with Linux can sometimes be difficult. After IBM switched the video card in its PC300GL line of PCs, for example, Cendant couldn't find a Linux driver that would make the display work properly." Red Hat picks up more big-name investors. Here is the press release announcing the minority investments Red Hat has obtained from Compaq, IBM, Novell, and Oracle. Thus, Red Hat continues on its path of accumulating both big-business backing and (presumably) a sizeable chunk of cash. Perhaps the most interesting investor in the above list is Novell. Novell, of course, has been a long time Caldera backer, so it is a bit surprising to see them pumping money into Red Hat. Perhaps their purpose is to see more widespread support for Netware in some of the other distributions. How that would work with Red Hat's latter-day push toward a completely free distribution remains to be seen. Here is an announcement for what appears to be another attempt at a Linux certification program, this one by a company called No Wonder.. "Applicants will be evaluated over the course of three months, during which time they will be responding to the questions submitted to No Wonder's personal support forum via the web. Certifications will be awarded to those who show proficiency in all areas of this process, which include: technical knowledge, problem solving, researching and follow-up skills, and personal communication ability." Ricoh has announcedthe open source release of their PIA (Platform for Information Applications) system. It appears to be a document-processing platform based on XML. They have also set up RiSource.org as a site dedicated to their present (and, presumably, future) open source releases. The folks at IBM's AlphaWorks wrote in to ask us to spread the word about their new, redesigned web site. AlphaWorks, ("IBM's Silicon Valley Start-Up") is, of course, the source of a number of free software goodies. They have a number of new software releases out there as well; check out their pages for details. Siemens is going Linux. Here is an announcement (in German) stating that they will be putting Linux on their PRIMERGY servers to run as SAP R/3 platforms. (Babelfish translation available here). (Thanks to Frank Paehlke). Folks wanting faster math functions on the Alpha may want to check out the Compaq Portable Math Library for Alpha Linux. It claims to be a drop-in replacement for the standard Alpha math library, but with much better performance. It appears to be a binary-only beta release, with registration required to actually get the code. Intelogis has announced an open source licensing scheme for its network adaptor drivers and administration software. They are clearly hoping to get a free Linux port out of the deal, and likely will. There's another entry in the anti-virus programs for Linux arena - this one is called AVP, from the Kaspersky Lab in Moscow. See their announcement for more. Version 1.0 of the Qt Public License (QPL)has been announced. It still requires distribution of modifications in a separate form (patches, or managed patches via CVS, etc). Linux has picked up a new game. This one is "Hopkins FBI." The official release is evidently at the end of this month, but a demo download is available now. See their Linux page for more information. (Thanks to Wari Wahab). Press Releases:
Section Editor: Jon Corbet. |
March 11, 1999 |
Sections: Main page Linux in the news Security Kernel Distributions Development Commerce Announcements Back page See also: last week's Linux in the news page. |
Linux in the newsAs might be expected, much of this week's Linux press is about the LinuxWorld conference. Much that wasn't directly about the show was inspired by it - we do not usually see groups of articles about the Linux Standard Base or the role of Richard Stallman, for example. Look down below for our gathering of LinuxWorld articles. There was also a distinct pickup in the amount of negative press. The "who do you sue?" theme is back with a vengence. One wonders just how many of these nervous corporations have ever sued (insert name of large proprietary software vendor here) successfully. Oh well. Meanwhile, here's this week's recommended reading:
Let's take that last article as a good lead-in to the negative press. It's worth reading this stuff - how else can one be prepared to refute it? Or even, in the case of legitimate criticism, to make things better?
Red Hat's new investors were the subject of a few articles. Not very many. To see how times have changed, it can be amusing to go back to our October 1 issue covering Intel's Red Hat investment. Now it's just another day's event...
The tension between "free" and "open source," and the role of Richard Stallman drew some interest this week. Let's aim toward the LinuxWorld articles by starting with these:
OK, time to hit the rest of the LinuxWorld articles.
Finishing out the LinuxWorld department: here are a few pieces that seem to have been inspired by the conference, even if they don't cover it directly.
A few introductory pieces:
Various other business-oriented articles from this week:
Finally, a few articles which were hard to categorize elsewhere:
Section Editor: Jon Corbet |
March 11, 1999 |
Sections: Main page Linux in the news Security Kernel Distributions Development Commerce Announcements Back page See also: last week's Announcements page. |
AnnouncementsResourcesThe Penguin, the Press, and the Marketplace is a paper written about the marketing of Linux. "Linux companies using professional PR firms inevitably slide towards the business/financial/hype angles, since the flacks can't understand the technology. Overall this is OK, since that is what most of the stories are about. However, the mindset will kill numerous technical articles, as frustrated Q&A columnists and (real) technical writers, seeing deadline approach, wander off to more easily written stories."Dan Kaminsky has written a paper on why open source software is "the optimum economic paradigm for software." He's seeking feedback for the next revision. A new version of the Linux/Alpha FAQ is out. It should eventually find its way onto alphalinux.org; meanwhile it's available on the author's site. A new list for Linux and aviation applications has been announced. See the announcement for more information and signup details. A review of "Internet Complete", a Sybex book, has been made available by Rob Slade, the reviewer. The summary judgment seems to be negative, due to poor materials in some sections of the book. He offers "Zen and the Art of the Internet" or "The Internet Book" as other books with similar themes but overall better quality. The Linux Newbie Administrator Guide has been updated, contents are roughly doubled since the last release. Have a look and see what they have been up to. A site called "B.AZAR" has put up a lengthy study (in French) on network data processing solutions. It includes an extensive section on Linux with reviews of distributions, office suites, and "groupware." It can be read in English via Babelfish. (Found in NNL). EventsIDG has put out a summary press release about last week's LinuxWorld conference. They now claim over 12,000 attendees, which seems high, but they should know. Next conferences are scheduled for August 9-12 in San Jose (note that they moved the dates and no longer step on the O'Reilly conferences) and January 10-13, 2000, in Washington DC.Sean Reifschneider, from tummy.com, has made available his reports for the second, third and fourth days at LinuxWorld, along with more pictures: (For those who missed it last week, Sean's report from the first day is also available).More LinuxWorld Pictures. The folks from AbiSource have put up a LinuxWorld photo page. It suffers from excessive volume and little organization, but still has some good stuff. Windows refund activities have not stopped altogether. Here's a page put together by "Just Jeff" which advocates taking things to a new level: PC manufacturers who refuse to abide by the EULA and give refunds are to be taken to small claims court. (This site is hosted on Tripod, so don't be surprised by obnoxious popup ads...) Web sitesThe Linux Forum promises an easy-to-use, BBS-style forum for people in the Linux community. Here is their announcement.User Group NewsThe SSLUG Windows Refund Day appears to have gone off very well. The group offered a free Linux installation as an alternative, 250-300 people showed up and over 50 machines got make-overs. Here's the note we got from Peter Toft with a few more details. Pictures and Real Video coverage are also available.A new user group is forming in the Red Deer, Alberta, Canada area. See the announcement if you would like to participate. There is interest in starting a user group in the Burlington, Vermont area. Please see the announcement and get in touch with the instigator if you're interested. A new user group is also being formed in Hampton Roads, Virginia. See the announcement for details. Help wantedThe Free Software Foundation has issued a request for a couple of people to serve as volunteer coordinators. The work is 2-3 hours per week, and they are looking for people who can stick with it for a long time.The folks at Linuxpower.org are looking for people to help them out in expanding their site. In particular, they are looking for writers to submit material. If you think you can help them out, check out their announcement and drop them a note. |
March 11, 1999
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Software Announcements
|
Our software announcements are provided courtesy of FreshMeat
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Sections: Main page Linux in the news Security Kernel Distributions Development Commerce Announcements Back page See also: last week's Back page page. |
Linux links of the weekJoseph Pranevich, author of some good Linux documents, is also the host of the Linux club on Lycos. He claims this club is the largest one hosted by Lycos, if those devoted to adult topics are not considered. The MetaChart is an accumulation of comparison information between Linux and Windows NT. Not perhaps the most fun everyday reading, but it can be a good source for advocacy material. Section Editor: Jon Corbet |
March 11, 1999 |
|
Letters to the editorLetters to the editor should be sent to editor@lwn.net. Preference will be given to letters which are short, to the point, and well written. If you want your email address "anti-spammed" in some way please be sure to let us know. We do not have a policy against anonymous letters, but we will be reluctant to include them. | |
To: editor@lwn.net Subject: Distribution Inconsistencies FUD Date: Thu, 04 Mar 99 18:12:59 -0800 From: Dan Benson <bensond@ssds.ucdavis.edu> I am going to have to disgree with Conrad Sanderson's letter to the editor in regards to inconsistencies between GNU/Linux distributions. This is indeed a very serious problem. The LSB wouldn't have formed if it were not a problem. I think it is an even more serious issue now than ever before. Let's face it commercialism in the GNU/Linux community is here. Companies have and will port to GNU/Linux. In fact, many companies have annouced the various distributions they will be supporting. This has created a whole new problem. If the LSB and it's participants are not successful then other "not so big" distributions will most likely have to conform to the distributions that these companies are supporting. In my mind this takes away a very large chunk of free out of freeware. Sometimes (actually, most of the time) I think Richard Stallman has it all together and the rest of us are nuts. Plus, libraries are not the only issue here. For example, some distributions choose to use sysV startup scripts whereas others prefer bsd based scripts. This minor detail is not a problem for more UNIX types but for a company to support both cannot be expected. A good solution to this would be the way FreeBSD handles it, but this is just my opinon. Obviously, the LSB isn't the best solution. The little guy who wants to be different is always going to get screwed. But, I will say this, I would much rather prefer the LSB making the decisions than the most popular GNU/Linux distribution. In affect, the Linux community has created not just a single UNIX based operating system, but rather several of them. Even worse I can't even do something like 'uname -a' to find out what is being run on a particular machine. I use GNU/Linux religously, but I am also not blind to the sort of problems it faces. -Dan | ||
Date: Sat, 27 Feb 1999 14:19:42 +0000 From: Thomas Hudson <thudson@cygnus.com> To: lwn@lwn.net Subject: Kudos to Trident I'm writing you to let you know of a recent hardware company's exceptional support to the GNU/Linux community. Trident Microsystems (http://www.tridentmicro.com) recently contacted the ALSA developer mailing list to announce that they had written ALSA compatible drivers for their 4D Wave PCI sound card chipset. Trident has offered the source for these drivers, as well as complete technical documentation for the chipset. All of this material has been provided voluntarily, without external pressure, and will be licensed under the GPL and incorporated into the ALSA driver suite. See http://hyppo.screwdriver.net/show.phtml?id=102919 for the original announcement. The Advanced Linux Sound Architecture (ALSA) project (http://alsa.jcu.cz) is a project designed to build an architecture for pro-quality sound and MIDI applications, from low-level drivers for sound and MIDI hardware to high level libraries and sequencers. The project is committed to releasing all work under the GPL. The 4D Wave chipset is used in the following products: Company Product Name ======================================= Addonics SoundVision (model SV 750) AzTech PCI 64-Q3D Best Union Miss Melody 4DWave PCI CHIC True Sound 4Dwave HIS 4DWave PCI Jaton SonicWave 4D Paradise WaveAudio Interactive (Model AWT4DX) Promedia Opera CyberPCI-64 Shark Predator4D-PCI Stark PCI Warpspeed ONSpeed 4DWave PCI You can read more about ALSA and the call to sound card manufacturers at http://alsa.jcu.cz/call.html Thanks, Thomas Hudson Cygnus Solutions | ||
From: kentdaniels@webtv.net (kent w daniels) Date: Fri, 5 Mar 1999 14:37:35 -0500 (EST) To: editor@lwn.net Subject: Platform support GIven that Linux is platform-neutral, it is my great hope that as many Linux users as possible will consider non-Wintel plaftorms in their purchases. I think supporting the opposition (AMD, PowerPC, etc.) can strengthen Linux's market as it can deter the monopolistic business practices of Microsoft and Intel. I myself am a Mac user, but also think Linux very much represents the future. Apple is likewise releasing a Unix-based operating system later this year. This raises the possibility that these two such operating systems can coexist in way that could strengthen each other. I also believe that Linux just may be the best thing to happen to the Mac plaform, as now consumers will begin to see Unix in a new light. | ||
Date: Wed, 10 Mar 1999 14:44:58 -0500 From: John Kodis <kodis@jagunet.com> To: editor@lwn.net Subject: Editorial on FUD [ Dear Editor, Following are some comments on the spate of "Who do you sue?" articles you've cited recently. Please feel free to use this in your editorial column. Thanks, and keep up the good work. ] The Linux FUD meme seems to have shifted recently. In months past, authors looking for a weak spot in which to jab Linux would bring the "there's no support" idea to bear. This theme seems to be dying -- perhaps due to effective refutation, perhaps just due to lack of novelty. However, recent weeks have seen a new type of misinformation rising to the surface. The current FUD-of-the-week seems to be the "who do you sue" theme, as typified by the articles you cited from _CIO Magazine_ and _Internet Week_ (Mar 9). This concept boggles my mind. Has there ever been a CIO who approached his board of directors with an IT business plan along the lines of: "To improve our productivity, we'll standardize on software that's known to be unreliable; To insure our long-term viability, we'll stick to software that's only available as a binary, so that we're completely at the mercy of our software vendors. "This way, if anything goes wrong, we can simply cease operations and sit back while our team of lawyers find a way around the "We're not responsible" clauses in all our shrink-wrapped software, and proceed to sue several of the largest, richest, and most litigious corporations in the world for damages." I wish that authors would learn that writing FUD is like writing any other form of fiction -- the premise has to be plausible for the story to be entertaining. -- John Kodis. | ||
Date: Thu, 04 Mar 1999 22:43:01 -0300 From: Leandro =?iso-8859-1?Q?Guimar=E3es?= Faria Corcete Dutra To: editor@lwn.net Subject: XFree and free riders. I wonder if it is Richard M Stallman's (RMS) strong ideas -- and even perhaps sometimes unreasonableness, but I suspect he's right more often than wrong even about technical issues like EMACS vs XEmacs and gcc vs egcs -- that generates such hate against the GNU General Public License (GPL). When I read "Liz's XFree86 4.0 session notes" at http://lwn.net./1999/0304/a/xfree.html, the following glared thru the text: > The development of X is running into finance difficulties. > There are very big companies interested in keeping up X, but they are > annoyed with the "free riders", that so many companies benefit and yet > don't share in the costs. I am optimistic that it will continue. If > the X effort fails, we'll continue and take over. The sad thing is that the free rider problem has largely been solved by the GNU GPL, and some people refuse to use it because it's too free or because it's too restrictive. Even if XFree has pragmatical reasons for not using GPL, as they need to collaborate with some stubborn video equipment vendors, the solution has been offered of GPL'ing everything -- and if the proposal was originally Stallman's, The Open Group (TOG) had accepted it in principle. But the XFree refusal prevented this solution. GPL'ing the X Window System would sense because then Sun, IBM, HP, SCO, Compaq and any other vendors, including the free riders, would have to face a choice of releasing their source code, falling behind the latest and greatest releases, or entering into commercial licensing agreements with TOG, what would very probably supply the funds necessary for continuing development. But it seems that people would rather risk ruining their life's efforts than saying "I was wrong, perhaps that long-haired fat RMS guy was right!" If such stubbornness persists, there are many GPL'd projects like Y or Berlin which would gladly step into XFree's place, including backwards compatibility! The same solution would apply to TrollTech and its Qt product, which could be superseded by Gtk. -- Leandro Guimar„es Faria Corcete Dutra Brasil | ||
Date: Sat, 06 Mar 1999 16:47:19 -0800 To: editor@lwn.net From: Matt & Kim <patawi@polarcom.com> Subject: Linux doesn't need Corporations, Corporations need Linux. Now that all the big companies are (apparently) jumping on the bandwagon it seems like a good time to say something I've been thinking about for awhile: Linux doesn't need Corporations, Corporations need Linux. Think about it. In less than a decade, Linux grew from an academic curiosity to a world class operating system with some 7 (8,9,10?) million users. This happened without major corporate involvement. Sure RedHat has had a significant impact and many good things are coming out of their involvement RHLabs. But RedHat is a small corporation relative to the likes of IBM and Compaq. Why is there such intense capital 'C' Corporate interest in Linux now? Because they _need_ Linux, or something like it. Computer software is now so large and so complex it is impossible for any single company to develop, and debug, and market, and support. For that matter, it's probably impossible for a group of companies to do. They are effectively at war with each other and (long term) cooperation is against their nature. Because _they_ need Linux. Billy Borg is assimulating everything in sight. At the moment, Linux is the only way out. Linux is 'safe'. It is not owned by any competitors. It is cheap, both in aquisition and in total cost of ownerhsip. It has a well established and communicative network of developers, debuggers, and supporters (as in assistance) with an impressive track record. It is global and multilingual -- for both humans and computers. But doesn't Linux 'need' corporations: to become more than hacker's tool? to get on the desktop? to become mainstream? to achieve world domination? Short answer: No. Linux is already more than a hacker's tool. I'm not a hacker, I don't program, I don't run a webserver, or do many other things a "traditional" Linux user might. Linux is already making inroads on the desktop. Look at Gnome and KDE. Sure we're not there yet, but I don't have any doubts we won't make it, and not too far in the future either. Mainstream? World Domination? From where I sit, it's _inevitable_. Linux is, or is fast becoming, technically superior to the alternatives. The Linux development model is the only one which _can_ effectively tie the world's computer system together. Corporate involvement could potentially make all these things happen more quickly. I think it more likely they will slow it down as they apply different strategies to attempt to own or dominate the biggest piece of the Linux pie. Just look at the browser wars, MSN, and Java for prime examples. Coming soon to a theater near you. If Linux really wants a big boost, it should go after Governments first. Nothing in this document is orignal. It has all already been said at one time or another by various people. I think (obviously) it bears repeating. A note on 'Linux'. Throughout this document when I use 'Linux' I really mean the whole community of people and organizations who are working on and using GNU Utilities, FreeBSD, XFree86, OpenSource and all the other libertarian development efforts. Linux currently has the highest profile and has become, to my mind, the flagship. That's all, <a href="mailto:matt.wilkie@gov.yk.ca">-matt</a> | ||
Date: 6 Mar 1999 02:02:12 -0000 From: Eric Smith <eric@brouhaha.com> To: editor@lwn.net Subject: Cobalt web server security hole In your 4-MAR-1999 issue, you quoted a Wired News article: "Vivek Mehra, vice president of product development at Cobalt, said the hole, which could give a hacker access to a history file documenting a user's activities, wasn't specific to their appliance, but to the Linux operating system." This statement is very inaccurate, and this is not your error or Wired's, but rather shows that Mr. Mehra is not well versed in how his product compares to other real-world Linux systems. In point of fact, this weakness *IS* specific to their appliance. Most Linux-based web servers use the Apache web server. By default, they do not serve the user's home directory, so this weakness will not be available for exploitation. A sysadmin would have to explicity change the "UserDir" directive in the Apache configuration file to make this happen. If Cobalt's product serves up user home directories by default, that is a brain-damaged decision on their part, not a weakness of Linux or Apache. And this weakness of the Cobalt's default configuration doesn't only compromise the "root" user; it could be used to attack any user's account. The default configuration of Apache (not that of the Cobalt product) is generally quite good, however, there are optional modules that can improve on it. For example, on my server I run a module called "disallow_id", which I have used to prevent Apache from *ever* serving files owned by root. Eric Smith http://www.brouhaha.com/~eric/ | ||
Date: Tue, 09 Mar 1999 11:31:51 -0600 From: Craig Goodrich <craig@airnet.net> To: Ellis Booker <ebooker@cmp.com> Subject: Vendor Interests are Driving Linux... [ref http://www.internetwk.com/columns/pers030899.htm ] ... is an excellent column; it should be required reading for everyone in this crazy biz. Thanks. I do have one minor quibble, though: > But will Linux find its way into the enterprise and (gasp) the > corporate desktop? Don't bet on it. Commercial firms are > risk-averse by nature. They are more than willing to pay an OS > license for the right to sue somebody if things go wrong. Well, OK, that's a good restatement of the conventional wisdom, and it's hard to argue with it. I've been hearing it for over a year now, and Lord knows our society isn't getting any less litigious. On the other hand, though, Microsoft has [whatever -- 85%? 90%? 112%?] of the desktop OS market, with products that are by near-universal agreement buggy and crash-prone. Simply running Word 6 for an hour on a moderately complex document would lock up the machine and mulch the doc file back in 1993, and the newer versions are not a whole lot better, modulo the more complex documents they're supposed to handle. Windows NT4, Microsoft's paradigm for the enterprise, literally leaves a Navy ship dead in the water. Microsoft announces the availability of a fix for a bug that's been in Win95 since it was Chicago. The bug crashes the OS when the 32-bit millisecond uptime counter rolls over at 49.7 days; nobody had noticed it in five years because nobody _even at Microsoft_ had ever managed to keep Win95 up that long in the first place. And yet -- when was the last time you heard of some corporation suing Microsoft for lost time and productivity? Maybe it's happened, but in over a decade I've never heard of it. The corporations have simply learned to accept bugs and crashes and lost work the way they've learned to accept theft of paper clips and legal pads. And Microsoft's reputation for support is hardly anything to brag about.... Now, the PC revolution of the '80s involved a corporate culture shift in the way computing was perceived. I can still remember columns pointing out that when all was said and done, corporations would never entrust their mission-critical data to desktop toys. (Many of them did -- possibly most of them -- and it may have been a mistake, but that's beside the point.) Embracing Linux at the server level, then sneaking it into engineering departments, may lead to yet another culture shift. There are some fairly serious but not insuperable problems remaining for Linux on the average corporate desktop -- installation is infinitely easier now than it was when I started using Linux a few short years ago, but it's still 'way over the head of users who have never installed _anything_; office automation tools are few -- though Applix, Star Office, and Corel's forthcoming Word Perfect Suite (not to mention whatever Lotus does) will make the effective range of choice wider for Linux than it is for Windows, where MS Office so dominates the market that it might as well be the _only_ choice. And then of course there's the longstanding problem of X configuration and (still!) printing. But all of this stuff is being worked on, and at a frenetic pace. KDE is already a polished product; Gnome is coming along quite nicely (in fits and starts, like everything else in the open source field); the various distributions are competing with each other in painlessness and elegance of installation, and the Big Boys are starting to throw their weight (and their software engineers) around. So I dunno. Looking back over twenty years as a techie, the only dependable truths I'm left with are a) it'll always be cheaper and faster next year, unless it's from Microsoft, and b) all predictions about what'll happen next in this silly business are very likely to be wrong. Thanks again for the column, keep up the good work -- Craig ============================= Craig Goodrich Rural Village Systems somewhere in the woods near Huntsville, Alabama Politics for the Thinking Redneck -- http://airnet.net/craig/g4c Linux miscellany -- http://airnet.net/craig/linux | ||