Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise
news for all interests
Sections: Main page Linux in the news Security Kernel Distributions Development Commerce Announcements Back page
Other stuff:
Here is the permanent site for this page.
|
Leading itemsMozilla Development in the News. This week has seen a lot of press on the Mozilla front, not, perhaps, unexpected, considering the one-year anniversary of the release of the Netscape source code, but with some unexpected twists. It began with Netscape's press release about the anniversary. Like most press releases, it is full of good news and excellent quotes, like "In a year's time, mozilla.org has gone from being a beautiful idea to a beautiful reality", a comment from Michael Leventhal of CiTEC Information, developers of DocZilla. However, it was fairly swiftly followed by Jamie Zawinski's resignation, both from Netscape and from the Mozilla project. For Jamie, the fact that Netscape 5.0 has not yet shipped after an entire year meant that the project had failed. "For me, shipping is the thing." Jamie's letter is really not all gloom and doom, though a lot of that is in there. Carefully separated out, the real failure he sees was Netscape's failure to live up to the promise of its early years. Concentrate on Mozilla and you'll find a list of successes, including the release of ancillary tools, such as their bug system, source-control interface, and build tools. The open-source development model also brought valuable feedback about the direction the Netscape source was originally going. "Though we didn't get a whole lot of participation in the form of source code, we did get a lot of feedback about the directions the software was going. And the right feedback at the right time can easily be far more valuable than source code. By doing development out in the open, and ``living in a fishbowl,'' I believe that Netscape made better decisions about the directions of development than would have been made otherwise." That valuable feedback was part of what slowed down the first real shipment. The delay, according to all sources we've heard, harbinges a better quality product as a result. Mozilla is not the first open source project to slip on its deadlines. For example, releases of the Debian distribution have also been known to slip. The Linux 2.2 kernel series had lengthy delays this year as well. The primary reasons for these delays were the same: the tenet that the product should not ship until it is ready, that hard choices should be made if they are "the right thing to do", even if that holds back the release of the product. One of the good points of the open source model is that releases are controlled by the judgments of the developers, not by marketing pressures. In addition, some tremendous new features have been added to Mozilla by developers outside of Netscape, such as the expat XML parser and the Mozilla ActiveX control. Most importantly, it brought attention and peer review, a critical contribution. As commented by Frank Hecker in his Mozilla-At-One article, "... many of the world's leading experts on Web standards (HTML 4.0, CSS, XML, etc.) have contributed valuable advice and feedback on the implementation of those standards in Mozilla; their help is a key reason why even in its current immature state the Mozilla code is more standards-compliant than any other browser available today." So what is the final verdict? Is Jamie Zawinski's departure (along with John Giannandrea, another Netscape engineer) a signal that the open source development model has failed? Not in the least. Although his comment, "Open source does work, but it is most definitely not a panacea", is likely to become a much-repeated classic, a review of the current status of Mozilla indicates that the open source development model very much is working. Much good has already come from the development process, in the form of source code reuseable for other open source and commercial projects. Although delayed, Mozilla is currently meeting its projected milestones, the latest of which, Milestone 4, is currently being collected and should be announced within a few days. Unlike a closed source project that fails to meet its deadlines, the whole world can find out how the Mozilla project is doing. The reports on the unfinished browser are highly promising. This comment from Robin Johansson sums it up well. "People, just keep on making Mozilla and make it as well as you can. Money isn't important. Deadlines are not important. Beating IE is not important. Just good quality is." Other links to information on this topic:
Dell has bought a piece of Red Hat; they are joining what is becoming a rather crowded club. Information on Dell's Linux moves came in the form of one Reuters article and two press releases; all of them are interesting:
Dell also claimed to be "the first major systems vendor to offer Web ordering of systems with Red Hat Linux already installed." The folks at Penguin Computingtook exception to that claim, and, in typical in-your-face manner, put out a press release of their own disputing it. The Burlington Coat Factory news is perhaps the most interesting part of the whole thing. Here we have another high-profile deployment in a decidedly non-geek, mission-critical situation. Those who say that Linux is not ready for prime time will have a hard time writing off this one. Another interesting fact, not pointed out in the press releases, is that all Linux systems sold by Dell come with support by LinuxCare bundled in. This addition is likely to greatly increase the perceived value of these systems among those who are not confident of their ability to deal with Linux - a large percentage of the people who are getting into Linux now. It has the look of a good arrangement for both Dell and LinuxCare. A lukewarm appraisal by the analysts. D. H. Brown has announcedthe release of their study on Linux. "The study shows that Linux provides a credible solution for four specific application areas - file- and print-sharing or Web server applications; appliance-class systems; Internet Service Providers; and compute nodes in technical computing clusters. Linux also minimizes price and avoids vendor lock-in." Beyond that they were short of positive words; their conclusion is that Linux is not really ready for most enterprise functions. Al Gore's presidential campaign web site is open source, or so it claims toward the bottom of the front page. He is inviting contributions to the site. It's hard to know whether to be impressed that "open source" is seen to be important at such levels, or whether to just be amused. One wonders if the Open Source Initiative has approved this use of their trademark... This Week's LWN was brought to you by:
|
April 8, 1999
|
Sections: Main page Linux in the news Security Kernel Distributions Development Commerce Announcements Back page See also: last week's Security page. |
SecurityNewsPrivacy issues on the Internet took the spotlight again as IBM declared its intent to pull advertising from sites without clearly cited privacy polcies. This is probably one of the best ways to encourage commercial sites to take privacy issues seriously, by grabbing their wallets and squeezing hard.Good news for encryption politics? This news.com article talks about another U.S. politician that has changed his tune about encryption issues. Unfortunately, he's introducing alternate legislation that would ease controls, but not fully until 2002. The Security and Freedom through Encryption Act remains the better bill. However, the latest move is another indication that support for the current White House policy on encryption is dwindling. Security problems with insmod were the topic of this long message from Brian Szymanski. Insmod is a command that can be used to install a loadable kernel module. However, Brian's note mentions that the modprobe command is actually the recommended tool to use for this task. In addition, insmod has some security weaknesses that are potentially exploitable. As a result, version 2.2.2-pre6 of modutils, the package that contains insmod, has been produced. Any version of insmod prior to 2.2.2-pre6 will be vulnerable. Denial of service attacks and sendmail were the topic of one thread on Bugtraq this week. In particular, this discussed attacks launched from a local user account which resulted in filling up a file system and therefore halting the mail server. The summary from the thread indicated that this was not a sendmail or MTA problem per se, but a general problem of how to prevent resource starvation caused by the actions of someone with access to an account on your system. Generally, such attacks are dealt with by finding the culprit and dealing directly with them. It is an example, however, of why even basic user accounts need good password security and protection, since even the compromise of a non-privileged account can leave you vulnerable to this type of attack. Security Reportsrsync 2.3.1 has been released in order to fix a security hole discovered in 2.3. Here is the announcement, along with links to the source. The bug reported is serious, so anyone using rsync should upgrade as soon as possible.Debian has released a new procmail package with fixes for multiple buffer overflows. Upgrading to this package is highly recommended. Philip Guenther, the gentleman that fixed most of these overflows, posted this note with information on the problems found and pointers to the source code for people interested in his modifications. No word from other distributions so far. Philip later announced procmail 3.13.1, with a couple more buffer overflows repaired. The Xylan OmniSwitch has an interesting lack of security features, as described in two email messages posted to Bugtraq: message 1 and message 2. If you have one of these, you may want to check out the postings, confirm the reported problems and talk to your vendor. However, the problem reported has only been confirmed with the 3.1.8 and 3.1.9 versions of the code, so if you are running a newer version, you may not be impacted. ICQ-Webserver users need to check out this security report from Jan Vogelgesang. If confirmed, it indicates a severe enough security problem with ICQ-Webserver that you will probably not want to continue using the software until it has been repaired. UpdatesProcmail can also be used against Melissa, et al. John D. Hardin dropped us a line to point out that the same CERT advisory that describes how sendmail can be used to filter mail containing the Melissa virus also contained a link to a web page containing information on how to use procmail to search for Melissa as well. The site actually includes a variety of email security notes and the procmail filter continues to be developed and improved.ResourcesFor your amusement, if any of you have managed not to see the Tuxissa Virus Report, it is worth a chuckle or two.Rob Slade's review of "Hacker Proof", a book by Lars Klander, is now available [Source: ISN mailing list] The alpha2 release of the Nessus security scanner has been released. It is claimed to be stable and usable by all, despite its "alpha" designation. Section Editor: Liz Coolbaugh |
April 8, 1999 |
Sections: Main page Linux in the news Security Kernel Distributions Development Commerce Announcements Back page See also: last week's Kernel page. |
Kernel developmentThe current kernel release remains 2.2.5, as expected, given that Linus Torvalds is on vacation. Alan Cox has pushed his "ac" series up to 2.2.5ac6 for those who want to stay on the edge. It contains a fairly substantial list of updates and fixes at this point. Discussion in general was slow in linux-kernel this week; the stable kernel seems to be really stabilizing and there's less to talk about. The GNU/Linux debate filled in a lot of volume without adding much in the way of new understanding or new code. Gluttons for punishment can check out Stallman's it can ruin your whole decade note, Jim Gettys' response, and Stallman's response to the response which spells out his view on how we came to have a free operating system. Newsflash! The Kernel Newsflash Page is maintained by Richard Gooch in an attempt to cut down on some of the traffic in linux-kernel. That page is kept current with known problems with the current release; the idea is that people should check there before asking about a problem on the mailing list. (Thanks to Horst von Brand). Journaling is coming. Stephen Tweedie let slip that he expects to have his journaling file system code ready for testing in about four weeks. How best to represent capabilities for executables? Capabilities are the Linux implementation of the old "privileges" concept first used by other operating systems many years ago. The idea is to replace the current privilege scheme - where, if you are root, you can do anything - with a more fine-grained scheme. Thus, for example, a network daemon which needs to be able to bind to a low-numbered socket would be given a capability to do just that, and no more. If somebody finds a way to compromise that daemon, they have gained very little in the way of additional access to the system. It was mentioned this week that work is proceeding on integrating capability masks into the upcoming ext3 file system. The file system would thus support extending the setuid scheme to a "setcapability" mechanism, allowing trusted executables to be installed with the needed capabilities. This seems like a logical extension of how things have been done in the Unix world for years. But is it? A vocal group of dissidents, with Albert Cahalan as its most visible member, is pushing a different scheme. Why not embed a "capability header" into the executable itself? The kernel would read capabilities from that header before running the program, but only if it is installed setuid root. There are a number of advantages that proponents of this scheme can point to. Hacking filesystems is always a bit scary, and this approach eliminates the need for filesystem changes. Capability headers will be automatically backed up and restored by programs like dump and tar without modification. If the system is booted with an older, pre-capability kernel, the setuid binaries should still be able to function in the old mode. This method will work over NFS. And so on. Arguments in the other direction tend to be more vague. There is a certain sort of "bolt-on kludge" nature to the capability headers that some don't like. And there is some discomfort with the idea of an executable telling the system what its capabilities should be, even if it appears that this could be done safely. In the end, of course, this is a 2.3 issue. Even though 2.2 has some basic capability support, the needed changes to the filesystem and/or the executable loader are more than are likely to be accepted into a stable kernel series. (See also: John Wojtowicz's description of how capabilities work). A new version of the Framebuffer HOWTO has been released by Alex Buell. Section Editor: Jon Corbet |
April 8, 1999
For other kernel news, see: |
Sections: Main page Linux in the news Security Kernel Distributions Development Commerce Announcements Back page See also: last week's Distributions page. |
DistributionsCalderaThe latest Hackpak contains the Linux 2.2.5 kernel. Check out the announcement for location and details.DebianProblems with Debian 2.1 installations from CDs were reported by Ian Smith. From the conversational thread that follows, it appears that apt's support for multiple CDs is just not there. Several workarounds were mentioned, from running apt multiple times to using dpkg-multicd. Still, it is apparent that Debian's support for installation from a large number of CDs still needs work. Since Debian continues to grow in size, they are likely to get the practice they need to smoothe out the problems.Andrei D. Caraman has an issue with the Debian Apache configuration. In his posting to Bugtraq, he points out that the default Apache setup makes the /usr/doc directory available via http, which can allow anyone on the Internet to see the exact packages installed on your machine. This type of information is very useful to a hacker looking for a vulnerability to exploit. Andrei has notified Johnie Ingram, the Debian package maintainer for Apache, who replied that the problem was already logged to the Debian Bug Tracking System, along with a suggested workaround. A repaired package is reported to have been uploaded. Stephen Gregory noted that the Boa package, a light-weight web server, has the same problem. Updated packages for XFree86 will be made available shortly, even though apparently Debian is also not susceptible to recently reported race conditions reported in this package. MandrakeThose of you with access to the alt.* newsgroup hierarchy may want to take a look at alt.os.linux.mandrake. We haven't been able to check it out personally, but Tom Berger dropped us a note to mention its creation.A call for developers for the next version of Mandrake has been put out. If you are interested, you'll want to subscribe to the devel@linux-mandrake.com mailing list. Red HatXFree86 3.3.3.1 RPMS with TrueType support, mentioned for Caldera last week, are also available for Red Hat, as noted in this message from Jon Sundquist.SlackwareThe TOSHIBA Satellite Pro 490CDT is the topic of this website, which contains information on how the author got his Toshiba up and running with slackware 3.5, Linux kernel 2.2.5 and the XFree86 3.3.3.1 SVGA server. Declan Malone dropped us a note to tell us about the site and mention that he found it quite helpful for non-Slackware installs as well; he's using Debian 2.1.SuSESection Editor: Liz Coolbaugh |
April 8, 1999
Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed. |
Sections: Main page Linux in the news Security Kernel Distributions Development Commerce Announcements Back page See also: last week's Development page. |
Development toolsJavaCygnus announced an open source Java compiler, complete with a set of class libraries. Looks like good stuff.A security hole in the JDK 1.1.X and 1.2 (Java 2) has been reported by Gary McGraw and Edward W. Felten. "The flaw is in the "byte code verifier" component of the JVM. Under some circumstances the verifier fails to check all of the code that is loaded into the JVM." Sun issued a press release in response, indicating that they have created and tested a fix for the bug, which should be released in April with the JDK 1.1.8 and Java 2 version 1.2.1. The JDK 1.2 Status Page has not changed in the past week, so there is no new news on the project. PerlThe Perl Institute has been dissolved. The Board of Directors for the Perl Institute voted unanimously on March 1st to disband the Perl Institute. All assets of the Perl Institute, including domainnames, etc., are to be given to Perl Mongers, the organization that supports the perl user groups. The transition leaves many questions up in the air. No official press release is available, but comments from the Perl News Page indicate that it was felt the Perl Institute was an ineffective effort at "top-down" management, while the perl community worked best in a "bottom-up" development mode.No mention of the dissolution has been seen on the newsgroups, indicating either that the word has been slow to get out out or that people are not concerned about it. The latter seems likely and would mirror the reasons given for dissolving it. A Perl Inference Engine version 0.02 is now available. Perl 5.005_03 was released on March 29th. This description of the new release was posted to the Perl News Page: "Included in the fixes for this release are many multithreading fixes and security fixes relating to running setuid scripts running on mounted nosuid filesystems and a buffer overflow in POSIX::strftime. Included amongst the updated documentation and modules are a new standard module (Dumpvar) and three new manpages (perlreftut, perlopentut, and perlthrtut). " PythonCurrent rumor pegs the 1.5.2 release of Python around mid-April. This was mentioned by Guido in a noteabout a Tkinter bug in Misc.tkraise and Canvas.tkraise.Tcl/tkTcl-URL! for this week is now available.Section Editor: Liz Coolbaugh |
April 8, 1999 |
|
Development projectsFIGFor those interested in licenses: the FIG license is a new attempt at a free license which appears to be a combination of a license for written works and a general philosophy of life. The license is still under development, and the author claims that it will not go out as version 1.0 until Richard Stallman endorses it. Judging from this note we got from RMS, that endorsement is still a little ways away.GNOMEThe GNOME FAQ has been updated. The latest version is 1.0.5a.Control-Center version 1.0.5 has been released. GTransferManager 0.3.0 is out! The author, Bruno Pires Marinho, promises it is "almost a new program because of the new features" in his his announcement. A pile of cool features are promised in this latest release of gnumeric, version 0.23. MozillaTwo new Mozilla mailing lists have been announced, including netscape.public.mozilla.small-devices and netscape.public.mozilla.crash-data.WineThis InfoWorld story was linked to the front page of Wine headquarters soon after its release. It claims that Microsoft is considering opening up the source to Windows. Such a move, though still highly unlikely and more potentially just another ploy in Microsoft's normal games, would obviously be of great interest to the Wine crowd. Some might claim that Wine would no longer be needed. However, most likely, the benefits of having access to Microsoft's code would show up in faster development and progress for Wine, if the current painstaking reverse-engineering was no longer necessary.ZopeThe Zope Weekly News for this week provides a pointer to an article entitled "Zope Builds on its Success" by Cameron Laird and Kathryn Soraiz.Paul Everitt will be giving a talk on "Open Source and Venture Capital" at the upcoming LinuxExpo and hopes to be showing off Zope 2.0 beta 1. Section Editor: Liz Coolbaugh | |
Sections: Main page Linux in the news Security Kernel Distributions Development Commerce Announcements Back page See also: last week's Commerce page. |
Linux and businessAnother Linux VAR opens shop. CPU MicroMart has launched TheLinuxStore.com as another source of pre-installed Linux systems. Their site is a little dense and hard to work through, it appears that they are aiming at the low end of the spectrum - their bottom end system starts at $649. See also their press release. Salon Magazine has reworked itself as Salon.com, and has put out a special press release to announce that their new setup is running on Linux. "...Linux will provide a solid technical backbone to support Salon's move from a magazine-based model to a network of web sites. The site redesign needs the versatility and power of Linux to keep pace with its growing business and e-commerce needs." System administrator survey announced. The Linux Professional Institute has announced that they are running a survey of Linux system administrators. The results are intended to help them in the creation of their certification program. Free support in India. Hughes Software Support has announced a 24x7 support offering for Linux in India. According to the announcement, this support will be available free of charge. In the area of commercial Linux support, the folks at Linux Support Services have launched a commercial support offering. Both phone and net-based support are available at this time. The Linux Mall has announced its new associate program. The basic idea is that you link to their site from yours, and they give you a percentage of everything they sell via that link. There is also a multi-level marketing-like aspect, where you get a percentage of sales brought in by people you bring into the system. See their announcement for more. Linuxapps.com has been acquired by 32BitsOnline. 32Bits thus continues its push to establish itself in the Linux world. One assumes, from this move, that their cooperation with FreshMeat didnt' work out. See their press release for more. Compaq is pushing Alpha as a Linux platform. Here's their press release about their new Alpha-based servers. "...Compaq offers Tru64 UNIX on AlphaServers as its scalable, robust enterprise platform and will establish Alpha systems as the high performance leaders for Linux operating systems." Cool new Linux product of the week. Nbase-Xyplex has announced a high-end router product based on Linux. This looks like a nice box, with a claimed maximum throughput of 26 million packets per second. They stress that basing the system on Linux gives their customers access to the low-level functions of the router when needed for specific applications development.
Press Releases:
Section Editor: Jon Corbet. |
April 8, 1999 |
Sections: Main page Linux in the news Security Kernel Distributions Development Commerce Announcements Back page See also: last week's Linux in the news page. |
Linux in the newsOK, here's this week's recommended reading:
Let's get the Dell articles over with now. There were quite a few, and, almost without exception, they didn't really go beyond the press release.
Events at Netscape drew a few articles:
Lots of business-oriented pieces:
And, to finish out, here's the rest of the stuff we were able to find: intro pieces, FUD, and miscellaneous articles.
Section Editor: Jonathan Corbet |
April 8, 1999 |
Sections: Main page Linux in the news Security Kernel Distributions Development Commerce Announcements Back page See also: last week's Announcements page. |
AnnouncementsResourcesThe Dilbert/Linux cartoons from March 29th and March 30th are now available on-line, for any of you who missed them, or want to print them out for posteriy. The April issue of Ext2 is available. It includes an interview with Eric Raymond and a bunch of other good stuff. EventsOpen Networks 99 is a three-day conference being held in Copenhagen, Denmark on April 30th, May 1st and May 2nd. It is sponsored by the Danish UNIX User Group and SSLUG.dk. KDE and GNOME will both get good coverage, since the keynotes include speakers Kalle Dallheimer of the KDE project and Miguel de Icaza of the GNOME project. Other high-quality speakers are promised as well. For more information, check out http://www.on99.dk.For folks in the Benelux region: the Linux and Open Source Congress and Trade Fair has been announced for June 29 and 30 in Brussels, Belgium. They also, finally, have their web site up and running. Ready for prime time? The AIIM '99 conference will host a panel entitled Is Linux ready for prime time?. Panelists will be Linus Torvalds, Jon Hall, Jim Ewel of Microsoft, and Tony Iams of D. H. Brown and Associates. This event will happen from 9:00 to 10:00 AM on April 14, in Atlanta, Georgia. Web sitesA web site for people new to Linux has been created by Michael Burns and can be found at http://home.earthlink.net/~michaelburns. "It'ss an easy-to-follow site which discusses installation, configuring Xwindows, common commands, connecting to the internet and firewalls with ip masquerading."Discussion and Information Forums have been added to LinuxStart.com according to this announcement. Job OpeningsLinux, Linux internals and device driver development experience, plus GNU tools and more, are part of the requirements for this job posting for a company in San Jose, CA, which is apparently working on Giga ethernet switching. |
April 8, 1999
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Software Announcements
|
Our software announcements are provided courtesy of FreshMeat
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Sections: Main page Linux in the news Security Kernel Distributions Development Commerce Announcements Back page See also: last week's Back page page. |
Linux links of the weekMore "Linux portal site" attempts are showing up on the net. One wonders at which point the market will get oversaturated and some of these sites start to drop out. Maybe we can get out of producing LWN soon..:-) Anyway, a couple of new ones worth checking out include Opensource IT which includes news and discussion areas, and JustLinux, which includes a hierarchical set of Linux links, news, etc. The Question Exchange is an interesting attempt to create a market for Linux-related questions and solutions. A person with a question can post it, along with the amount they are willing to pay for an answer; somebody with the proper answer can - once certified by the exchange, post the answer and claim (most of) the reward. Section Editor: Jon Corbet |
April 8, 1999 |
|
Letters to the editorLetters to the editor should be sent to editor@lwn.net. Preference will be given to letters which are short, to the point, and well written. If you want your email address "anti-spammed" in some way please be sure to let us know. We do not have a policy against anonymous letters, but we will be reluctant to include them. | |
To: editor@lwn.net, malda@slashdot.org Subject: An open letter to the free software community From: Gordon Matzigkeit <gord@trick.fig.org> Date: 04 Apr 1999 00:49:59 -0600 I am writing in response to Eric S. Raymond's essay ``Take My Job, Please!'' in which he explained why he feels trapped in his career as de facto free software spokesperson (http://www.netaxs.com/~esr/writings/take-my-job-please.html). I'll take Eric's job, if he and the community will let me, but not without first making something explicit. Eric has never been a ``leader,'' merely a delegate. Eric has never ``rallied the troops,'' only helped people to begin seeing eye-to-eye. As I said to him privately, I respect Eric's work, and recognize that he was the catalyst for many great things. His passion and energy were necessary to get things started, but now they are hurting him because he throws too much of himself into the fray. It's getting too personal, and he deserves a holiday. What is necessary now are delegates with the patience to talk about the things that they love over and over and over again to people who want to understand, but not bother with the people who want only to drag them down. I am one of those people, and I'm stepping forward, whether anybody else comes with me or not. [BTW, I will not live out of a backpack, because I care too much about my family, and I love my home. If people want to talk with me, they can send me e-mail. If somebody wants a face-to-face interview, they can fly out to Regina and meet me for coffee. The Canadian prairies are unspeakably beautiful in the summertime, and more people should be forced to enjoy them. ;)] I truly enjoy being a delegate. I'm a hard-core but peace-loving free software advocate who also happens to be friends with a lot of people who make their living exclusively from non-free software. I have no bones to pick: not with the cathedral, not with the bazaar, not with Microsoft, not with Linux, and definitely not with GNU. Allow me to speak to the outside world, and I promise you I'll never speak for you, only for myself. I'll never tell you what programming language you should use, only what I use, and why I use it. I'll never tell you what thoughts to think, only what I think, and why I think those thoughts. But *far* more importantly, if you listen to me, I'll listen to you. I'll start by giving you the benefit of the doubt, then we will begin the dance of a dynamic relationship. If you are pushy, then I will push back. If you are gentle, then I will be gentle. If I ever hurt you, I expect you to say `ouch', and I will apologize, because I don't want to hurt anybody. I will say `ouch' if you hurt me, because I refuse to live in silent resentment. When we move past this, we will discover new ways of relationship. Since the masses listen to the media, I need their help to contact you. So, I have sent this message to the Linux Weekly News and Slashdot. I recognize that we are a meritocracy. I need to prove to you that I'm capable. I've already committed six years of my life to free software, but that isn't as important as my work-in-progress, the FIG License: http://www.fig.org/fig/FIG The language is scary if you take it too seriously, so don't. Some of you like allegory, others like essays, and still others like legalese. I've tried to appeal to all audiences. The FIG License (aka. _FIGL_, pronounced like the English word _wiggle_) will change a lot over the next few months as you engage in dialogue with me. I'm releasing early and often so that you can help me work on it. What is the FIGL, and why does it matter? The FIGL is the first serious attempt to unify copyright and copyleft. Copyright's strength is that it gives Creators complete control over both the Information they create, and the Products of that information. Copyleft's strength is that it prevents everybody from asserting control over either the Information or the Products. The FIGL will guarantee that Information is never controlled, but control over the Products is left to the discretion of the Information's Creator. The FIGL allows Creators to relinquish some of their control over the Products, but they are not allowed to increase their control over the Information. I like to call this `copy-centeredness'. The FIGL matters because when it is finished, there will be no reason why we, the free software *authors* (not just distributors or consultants) cannot make a lot of money. There will also be no reason why megalithic software companies cannot release *truly* free software (not just Open Source(tm)), that we can use for your own benefit. I am serving you with this work because it scratches my own itch. I want to thrive as a free software author, and I hope that you can do the same. I'm sick of sitting by and watching people argue about how everybody else is wrong. It's about time somebody stepped forward and patiently helped show people how it is that all anybody on the planet wants is fulfillment, and so we might as well start cooperating. I'm doing that with this e-mail. Do I have your support? -- Gordon Matzigkeit <gord@fig.org> //\ I'm a FIG (http://www.fig.org/) Committed to freedom and diversity \// I use GNU (http://www.gnu.org/) | ||
Date: Tue, 06 Apr 1999 13:27:17 +0100 From: Derek <derek at fortstar dot demon dot co dot uk> To: editor@lwn.net Subject: The GNOME disaster? I've just spent the long Easter weekend installing and trying out GNOME-1.0, and I suppose my findings are pretty much the same as most other people's. I won't go over what I achieved and the hassles it took to get there, but basically, it's a bitch to install, it falls over a lot and it uses huge amounts of memory and resources. It may look pretty, and it may be based on sound technical underpinnings, but on the stability issue alone, this code has no business being called Version 1.0. Linux advocates have recently been telling people that Linux is no more difficult to install than the likes of NT, but any average user (or writer) who tries to install GNOME will come away with a very bitter taste in their mouth. We've also been saying that Linux has such low resource overheads it can revitalise old hardware. This is no longer true with a desktop that requires a top end Pentium and at least 64MB to get going. Above all, we have a proud boast that Linux runs for months without stopping. With GNOME on top, my experience is that Linux is much less stable than Windows '95, and no one will be impressed when we tell them that it's only the windowing system that's gone down. The release of GNOME-1.0 seems to have been motivated by all the things which motivate companies like Microsoft, and the result has been more of the same: buggy, bloated software, which will hopefully get better as new versions roll out. GNOME was undoubtedly feeling the pressure from KDE, but trying to steal users with a premature V1.0 just devalues the whole effort. A high profile trade show may have been a very tempting launch vehicle, but not for something that wasn't ready. The spotlight is an embarrassing place if you're ugly. GNOME-1.0 has the potential to do untold damage to Linux. I know users don't have to use it, but many of them don't know that. For good or bad, Red Hat is the usable face of Linux, and GNOME will be the usable face of Red Hat. While I understand the political position, Linux has undoubtedly suffered over the last year due to Red Hat's refusal to use KDE as it's default GUI. New users and reviewers think we are still in the GUI dark ages, which is not true. After seeing GNOME-1.0 they will think we're not up to writing a stable GUI, which is not true either. I will continue to use KDE on my Linux desktop, and like most KDE users, I have no axe to grind with GNOME. I want the choice of desktops, and the GNOME development team is clearly doing a superb job. This letter has not been a FUD mission; it's been a call to be realistic before serious damage is done. Steps need to be taken to somehow withdraw the V1.0 status from GNOME, and to push Red Hat and the other distributors towards offering KDE by default until GNOME is a desktop capable of world domination. Derek Fountain Southampton, England. | ||
Date: Sun, 4 Apr 1999 17:40:07 -0500 (CDT) From: Dave Finton <surazal@nerp.net> To: editor@lwn.net Subject: ESR and JWZ (long) In the past couple of weeks we saw something rather unsettling. Two prominent open source figures have either quit their jobs or expressed their desire to pass on the buck. The more paranoid (or righteously indignant) among us might conclude that open source in of itself isn't self-sustainable. People are dropping out of the movement like flies! This is, obviously, the wrong way to look at things. Open source has moved beyond its roots. In fact it had done so quite some time ago, but only now are we seeing the ramifications. ESR and JWZ are moving on because they are burnt out. They can't carry the torch any longer because <I>Open Source has moved beyond what any one person can carry him- or herself</I>. Look at these factors: 1) The Linux community has exploded and fragmented. So many people use the software now it's impossible to gain a consensus on any issue. People will agree with you. Others will disagree with you. And yet others will curse your name from here until infinity because you dare express an opinion they don't agree with. A simple read-through on Slashdot will show all three (and other) segments fighting with each other on a daily basis. There is no longer a singular Linux (or open source) community. There are now several, or even dozens. And none of them seem to like each other very much. 2) Linus Torvalds was right when he said that any revolution that goes on for too long is by definition a failure (I believe he said that at the LinuxWorld Expo). Revolutions need their George Washingtons and Thomas Jeffersons to succeed. But after the American Revolution even George Washington needed to get back to his regular life after serving 8 years in office. ESR needs to move on, and so does JWZ. That doesn't mean that Open Source will die; The United States didn't die after Washington and Jefferson retired. All it shows is that the revolution is over, and it's time to get down to business in making this thing work. 3) Some people think that Mozilla was the litmus test for commercial open software development. Maybe so, but Mozilla's "failure" is hardly a beacon proclaiming the failure of open source in general. There are too many other success stories out there proving otherwise. Take, for example, Red Hat, Cygnus, O'Rielly, Caldera, Suse, and so on. Mozilla's difficulties stem from the fact that a commercial software company (Netscape) tried to move to a new development model in the hopes that they don't become another Atari or Amiga or Apple. Their relative failure in doing so only illustrates the fact that <I>commercial software companies' days are numbered</I> if open source proves to be the paradigm shift it hopes to be (and that looks more and more likely every day). If a relatively young and nimble company like Netscape couldn't cope with the new paradigm, how can the Adobe's and the Microsoft's in the world ever going to survive in the next 10 years? Of all the opinions on the possible ramifications of these recent developments, I think that Bruce Perens is pretty much the only one who got it right. The "one charismatic leader" idea only works for so long. After that, the bazaar takes over. Smaller leaders (Richard Stallman, Mark Ewing, Tim O'Rielly) are going to take up the torch. In addition to those, smaller companies and organizations will do their own bits to evangelize themselves (and by extension Open Source). Things are moving quickly now, and they will only snowball into something so huge that nobody, not Microsoft, Eric Raymond, nor Richard Stallman, will know the true final outcome of this. - Dave Finton --------------------------------------------------------- | If an infinite number of monkeys typed randomly at | | an infinite number of typewriters for an infinite | | amount of time, they would eventually type out | | this sentencdfjg sd84wUUlksaWQE~kd ::. | | ----------------------------------------------------- | | Name: Dave Finton | | E-mail: surazal@nerp.net | | Web Page: http://surazal.nerp.net/ | --------------------------------------------------------- | ||
Date: Sun, 04 Apr 1999 17:03:24 +0200 From: Arnaud LAPREVOTE <laprevoa@easynet.fr> To: lwn@lwn.net Subject: Eric Raymond support. Dear Sir, I suppose that M. Raymond will be burried under encouragements of all sorts, so I do not forward him directly this mail. Instead I answer to your editorial concerning his possible resignation of the "virtual" PR jobs he holds for the free software community. I fully agree with your article. M.Raymond will NEVER pleases everybody in the community. And in my case, all people that are orbiting around the free software movement do not please me. But most do. The very first thing about M.Raymond, is his "Cathedral and bazar" article. I understood a lot reading it. It is just an excellent article and it provided me a lot of arguments to explain why "free software" just work and why closed sources software meet so much problem. I think that the high profile that he choses to have to represent free software effectively helped a lot. After all he was instrumental in the move of Netscape toward free software and this move was the very first coming from big actors in the software area. Last (well in fact first), he wrote fetchmail, and we rely on this software to get our mail every days as well as some of our customers. These 3 achievements are enough to qualify M. Raymond to his role. I hope that he will continue to clarify the free software movement for the mass. Please, if you have some occasions to express him support, let him know that he has a lot of support in the community. Friendly yours, Arnaud LAPREVOTE -- Arnaud LAPREVOTE Free&ALter Soft - Free software support for all unix. 77, rue de Pont-à-Mousson 57950 MONTIGNY-LES-METZ tel : 03 87 50 83 01 - 06 11 36 15 30 E-mail : laprevoa@easynet.fr Web : www.freealter.com | ||
Date: Tue, 1 Apr 1997 18:11:45 +0200 From: Raphael Hertzog <rhertzog@hrnet.fr> To: editor@lwn.net Subject: Registry and configuration management Hello, I've just read many mails about the configuration database that may be very useful for Linux systems. I'd like to say that this is certainly a good idea and that Debian has already (many months ago) started to write specs for such a configuration system. It's currently beeing discussed by gnome developers too so that it may be used by a large set of applications. You can take a look at http://www.debian.org/~wakkerma/config6/ and if you're willing to participate/comment, you should subscribe to debian-admintool which is the list where it has been discussed. A new list may be created one day so that the project won't suffer from the Debian-specific aspect. There are still many issues to be discussed though. Cheers, -- Raphaël Hertzog >> 0C4CABF1 >> http://prope.insa-lyon.fr/~rhertzog/ | ||
Date: Thu, 01 Apr 1999 21:32:30 +0200 To: editor@lwn.net From: Andrew McGill <NOJUNKesauwood@geocities.com> Subject: The windows registry is (just) a file system Thinking about the windows registry as a file system puts things in perspective (IMHO). The windows registry supports directories ("keys"), and files ("values") which contain data (binary, string or 4 byte words and other types...). It has features found in competing operating systems, such as mount points (with fixed names) (e.g. "HKEY_CLASSES_ROOT"), although these have fixed names, and some kind of hard and soft linking. And it comes with a cute regedit program, which has a dialog box (sub) grep interface. It has some features which are 'unique' - "strict" typing for files (although whether this is necessary is not entirely clear). And as a quirk, each directory contains at least one file, called "(Default)", which is usually empty. The thing that totally kills the registry concept (for MS, at least) is that programs don't access the registry with standard file API calls. There are 25 different function calls that are *dedicated* to using the registry. Why would ANYONE want to get past this learning curve if the configuration information can be stored in a file, with a well known, simpler set of functions to access it? MS would have done a lot better to have made it a pluggable file system, except that would not be original. I say it's a a case of those who don't understand unix are condemned to reinvent it - badly. And whoever suggested a name like HKEY_LOCAL_MACHINE in preference to /etc should be dragged out into the street and shot. Something which *is* (I think) remarkable about the windows registry, is that it is a file system which does not have a fixed size. I would like this for ext2fs ... :) ... please can someone tell me it's already been done? Here's what I thing linux could make do with: * A file system for small files with big names (I think ext2fs is okay) (but can it resize?) * Some way to mount the win95/95/NT registry as a file system -- just for kicks * I really want some way to scribble notes about, and descriptions of file system objects. But it mustn't be hard :) (and it has nothing to do with the rest of this e-mail) &:-) ---- esau wood saw a wood-saw saw wood as no wood-saw wood saw saw wood would saw wood - of all wood-saws wood saw saw wood, no wood-saw wood saw saw wood would saw wood like the wood-saw wood saw saw wood would ps. Flames to esauwood@ | ||
From: schwarzma@mschwarz@ANTIsherbSPAMtel.net (Michael Schwarz) Subject: Registry To: editor@lwn.net Date: Thu, 1 Apr 1999 12:56:39 -0600 (CST) Perhaps this point has beaten as long as LWN might want to beat it, but I have one and only criticism of the registry idea: It creates a meta-filesystem that is (as I have seen it implemented) interdependent with the real filesystem and yet is updated *idependently* of the file system. Basically, the registry can associate the name and LOCATION of a file with a keyed tag. The file may then be moved, deleted, or renamed. Unless the registry is *automatically* kept in synch with such changes, I would argue the registry is useless. Try moving a folder that contains a program from one drive to another in Windows. The file manager lets you do this, but the program will never work again. Also, since applications do not usualy bother to document ANYTHING they put in the registry, you don't know until you try it that you are going to destroy the installation. I'm not saying that separate config files do not have a similar problem, but that is the fault and responsibility of the application developer/maintainer/documentor. I would hate to see such chaos made a part of the system. Michael Schwarz mschwarz@ANTIsherbSPAMtel.net | ||