Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise
news for all interests
Sections: Main page Linux in the news Security Kernel Distributions Development Commerce Announcements Back page
Other stuff:
Recent features: Here is the permanent site for this page.
|
Leading itemsRed Hat and LASER5 part ways in Japan. LASER5, owned by the Itsutsubashi Research Company of Japan, was until recently the group that was producing a Japanese version of Red Hat's distribution for sale in that country. They were adding Japanese input, translating the documentation, and doing all of the usual work required for a localized version of the distribution. The result was to be an official product called "Japanese Red Hat Linux 6.0." On August 24, however, Red Hat informed Itsutsubashi that the deal was over. Red Hat plans to greatly expand its activities in Japan, and will be opening up its own offices there. Thus, they have no further need of their association with LASER5/Itsutsubashi, and have shut it down. Itsutsubashi is on its own. Itsutsubashi is not taking this lying down. Their press release on the subject is to the point: they are not entirely pleased with the way Red Hat does business, and they feel they are better off on their own. They have some choice words about Red Hat's management, and claim that Red Hat's new status as a public company has cost it its competitiveness. The product that was to be "Japanese Red Hat Linux 6.0" is now, thanks to the wonders of the GPL, instantly renamed "LASER5 Linux 6.0." They will finish out the work they have been doing, and the product hits the shelves on September 17. They even already have an agreement with LinuxCare so that LinuxCare will provide support for the new distribution. Essentially, LASER5 wants to follow in the footsteps of Linux-Mandrake and cash in on a value-added version of Red Hat's distribution. They clearly see the local, value-added approach as the future of Linux distributions; the press release describes Red Hat as "a local brand in the US only." They point to Linux-Mandrake, Connectiva, and SuSE as examples. Notably absent from their list is TurboLinux, which just might give them a little competition on their home ground. Is Red Hat truly a "local brand"? Certainly companies have a certain home turf advantage in their own country. Their understanding of the language, culture, and distribution channels is better. And people in many countries prefer to buy local products when they can. Local companies can take advantage of Red Hat's investment in the base distribution, allowing them to concentrate their energy on the localization efforts. Maybe they really do have an edge. But one would be ill-advised to forget that Red Hat now has a nice, big pot of money. Some of that money is earmarked for its international expansion efforts. With sufficient funds, local help should be readily available. It seems unlikely that Red Hat will allow itself to be relegated to "local brand" status without a substantial and well-funded fight. It should be interesting to watch. Sun's purchase of StarDivision was made official this week. As expected, they are taking the StarOffice suite and making it part of their product line. They even have the obligatory agreement with LinuxCare so that the support base is covered. StarOffice - including on the Linux platform - is now a proper Sun product. Perhaps more surprising were Sun's other decisions: the source for StarOffice will be made available under Sun's "Community Source License," and Sun will be heavily pushing "StarPortal," a Java-based version of StarOffice intended to be run via a web browser. See Sun's announcement for details. The availability of source will be nice. Your editor, having coped with too many StarOffice bugs over the last year, may well dive in and try to fix some things himself. Source is almost always good; the quality of the software should benefit from this release. But Sun's Community Source License remains problematic. Many blame it for the delays in getting the latest Java Development Kit out for Linux. It will be hard, if not impossible, for useful pieces of StarOffice to be reused in other open source office suite projects. And, as pointed out by Derek Glidden in this week's letters column, if Sun ever decides to drop StarOffice (i.e. if its strategy fails), there is no ability to continue the development of StarOffice independently. Betting your business on StarOffice as an open source product could be risky. And what about StarPortal? Exporting an office suite to browsers via Java is not exactly a new idea. The people at Corel must be smiling to themselves, glad they don't have to go through that one again. Customers thus far simply have not gone for that mode of operation, despite a number of advantages. It is slow, and web browsers tend not to be the most stable platform on which to run mission-critical applications. While Sun's move puts the company more firmly in the Linux world, it is not really a Linux-oriented manouver. It appears, instead, to be all about creating work for high-end servers in the future. Sun's success is far from assured, and, if it fails, it could drag down StarOffice in the process. It bears careful watching. Red Hat and trademarks. The following is the best we have been able to piece together from a number of communications over the last few hours. Verification is hard, unfortunately. [Update: after publication we received this message from Bob Young at Red Hat stating their position on the issue, and clearing up some of the facts involved. Recommended reading]. Apparently (we have not been able to confirm this) Amazon.com was given a verbal "cease and desist" order by David Shumannfang, Red Hat's attorney, requiring them to stop selling products with the term "Red Hat" in the title. Numerous vendors apparently sell "Red Hat GPL" knock-offs via the Amazon auctions, and these had drawn Red Hat's attention. Amazon turned around and told a number of its auction vendorsto stop using "Red Hat" in their products. We have had more than one vendor confirm this for us. One of these vendors, Robb Sands, after pursuing the issue for a while, sent out this note in an attempt to publicise the situation. Mr. Sands claims to have discussed the problem with Red Hat's legal department; Red Hat has denied, in a communication to LWN, that this discussion took place. However, Mr. Sands is quite specific with regard to exactly who he talked to and when. It seems probable that some sort of conversation happened. Amazon has apparently stopped telling vendors to avoid the "Red Hat" term, pending some sort of written notification from Red Hat. That may not happen anytime soon, since David Shumannfang is apparently now on vacation and unavailable. In Mr. Shumannfang's absence, a coherent response from Red Hat seems to be hard to come by. They will not confirm that they are cracking down on trademark usage. Whether or not such a crackdown is happening now, it seems realistic to expect it to happen at some point. Red Hat does have a brand name to protect, and a risk of losing its brand if it fails. Additionally, it would only take one "Red Hat Linux" disk with a trojan horse or other nastiness to create massive trouble for Red Hat and its customers both. Facing the risks of having its brand declared to be in the public domain, or of simply seeing its value destroyed, Red Hat will almost certainly be forced to act sooner or later. The ideal thing might be for Red Hat to suggest a suitable name for copies of its distribution. In the absence of such a suggestion, the community should come up with a well-recognized name of its own. We suggest "Pink Shorts" in the hopes that somebody else will come up with something better. If you have an idea, please send it to lwn-names@lwn.net; we'll publish the best. (Please tell us if you do not want your name published with your suggestion). A word from our sponsor: just a few seats remain in the Linux System Administration course being offered September 13-17 by (LWN producer) Eklektix, Inc. in Boulder, CO. Here is your chance to learn all about how to make Linux systems run in the Rocky Mountains during one of the nicest times of the year. This Week's LWN was brought to you by:
|
September 2, 1999
|
Sections: Main page Linux in the news Security Kernel Distributions Development Commerce Announcements Back page See also: last week's Security page. |
SecurityNewsLots of security problems turned up this week, just in case anybody had thought that all the worst buffer overflows had been found. Details can be found below. But there is one aspect of this week's problems that is deserving of a closer look.When the cron problem was announced, notes were posted from both Caldera and Debianclaiming that they had found and fixed the problem "years ago." Why did other distributions, like Red Hat, remain vulnerable for so long? How could it be that they were surprised by such an old bug? It turns out that there is no maintainer for the vixie-cron package used by most distributions. Cron is an old, boring package which has not really needed to change for years. So nobody looks after it. The distributions are usually more than diligent about reporting fixes - especially security fixes - to the ultimate maintainer of a program. But if said maintainer does not exist, there is nobody to send patches to. There are certainly other parts of the Linux core which are similarly unmaintained. Some of them must contain security problems. Perhaps known problems that some distributions have fixed, and others have never heard of. There is a bit of a time bomb here. How long until some clever cracker attempts a form of patch arbitrage by comparing source from different distributions looking for this sort of problem? It is probably in the interest of the Linux distributors to work toward common maintenance of the core utilities that currently lack maintainers. Perhaps they could fund this maintenance via the SourceXchange or Cosource? Funding this maintenance certainly would have to be cheaper than dealing with the packages in-house and duplicating effort, which is what is happening now. Security ReportsThe cron vulnerability is worse than had been originally thought; it seems that a clever user can also convince sendmail to run commands (as root). Note that all distributions - even those which claimed invulnerability to the original cron problem - are vulnerable to this one. (One exception is Slackware, which uses a different cron daemon). Details and the patch can be found in this postingfrom Martin Schulze.Linux kernel 2.0.38 was released, much to the surprise of many, who had not been expecting another 2.0 release soon, if ever. It turns out that there is a complicated, difficult to exploit bug in the TCP stack that needed fixing. There are currently no known exploits out there, and the bug may be impossible to exploit without local (or near-local) network access. 2.2 and later kernels are not vulnerable. See the announcement for more. Commercial software vulnerabilities: ISS has issued advisories detailing vulnerabilities in Oracle8 (see also this additional Oracle advisory), Netscape's Enterprise and FastTrack Web servers, and Lotus Notes Domino Server 4.6. INN 2.2 and earlier have a buffer overflow problem as well. INN 2.2.1 has been released as a result; upgrades are advised. Details in the announcement. UpdatesUpdates for the cron vulnerability are available from:Various FTP daemon updates are available:
The AMD automounter has a problem which is being "actively exploited" on the net. Available updates include: An update for epic4 has been released by Debian; details in the announcement. A buffer overflow in man was fixed by this update from Caldera. SuSE's security updates page lags. In last week's Security Summary, we mentioned that no security updates had come out from SuSE since June 30th. This was based on the information on their Security Announcements page. Unfortunately, apparently this page is again not being updated regularly. Martin Treusch von Buttlar pointed out that the SuSE Linux 6.2: Patches, Updates, Bugfixes page lists six security-related updates to 6.2 that are already available, released since August 10th. Updates for nkitb, termcap, xmonisdn, and trn are included. Solar Designer has put out a 2.2.12 security patch which fixes some worrisome things and includes his other goodies. There is a test version available now, with a final release sometime next week. See the announcement for details. Second try for Slackware elflibs update. For those of you who applied the original Slackware "elflibs" update to fix the termcap vulnerability: that update did not work, and your systems are still vulnerable. A new version of the elflibs package has been announced which truly fixes the problem. EventsThe Internet Security Conference will be held in Boston, MA on October 11-15. More information can be found on the web site, or in their announcement.Section Editor: Liz Coolbaugh |
September 2, 1999
|
Sections: Main page Linux in the news Security Kernel Distributions Development Commerce Announcements Back page See also: last week's Kernel page. |
Kernel developmentThe current development kernel release is 2.3.16. This is another big patch, weighing in at over 4MB and touching over 1200 files. The bulk of the changes are in architecture-specific code and device drivers; there are some new RAID drivers in the system and Ted T'so's new serial driver has been integrated as well. We have seen rumors that the 2.3 feature freeze will happen on Friday, September 3. Whether it hits on that exact day or not, it is clearly close. Then all that's left is the long slog toward a stable 2.4 release... The current stable kernel release is 2.2.12, finally. Release notes for this version can be found on Alan Cox's web site. There is already a 2.2.13 pre patchout there with the next set of fixes to go in. It appears that 2.2.12 contains an unpleasant kernel memory leak bug that could accelerate the release of the next version as well. Reiserfs is getting closer. Reiserfs is a longstanding project by Hans Reiser to produce a much more efficient filesystem for Linux, especially where small files are involved. Other nice features, like journaling, are also part of the plan. They claim better performance than ext2 - at least for some tasks. Reiserfs came up this week when the development team stumbled across the (extensive) changes in the virtual file system layer in 2.3 - some things broke badly. They have been working through the difficulties, and expect to have something ready to integrate into 2.3 shortly. For more information, a look at the Reiserfs web pages is worthwhile. There is a great deal of discussion of the motivation behind the project. And, of course, the ability to download the code. A petition to get LVM into the kernel is being "circulated" at this web site. It currently boasts almost 200 signatures. The Logical Volume Manager, of course, is a management layer for disk subsystems which eases a lot of space management concerns. An expression of opinion is, of course, a good thing. But Linus is just as likely, when presented with this sort of pressure, to dig in his heels as to include the code. The conditions for inclusion have always been a good implementation (as defined by Linus) and a clear need to have the code in the kernel. Attempting to replace those criteria with "special interest group" pressure is not the way to get a better kernel. Hopefully those wanting LVM in the kernel can discuss the matter with Linus and find out what, if anything, is blocking that inclusion. Other updates and patches released this week include:
Section Editor: Jon Corbet |
September 2, 1999
For other kernel news, see: |
Sections: Main page Linux in the news Security Kernel Distributions Development Commerce Announcements Back page See also: last week's Distributions page. |
DistributionsPlease note that all distributions have issued a number of security updates in the last week. Details can be found in the security section. CalderaWhere is OpenLinux 2.3? Anticipation is rising as the evident release date approaches. The "beta testing" period (done under nondisclosure with selected users) is said to be finished, and 2.3 is showing up in more catalogs. About the most substantive comment we have seen about the new version is "not a drastic change, but very nice." Watch this space for updates.Nobody in the Caldera user community seems to question the practice of beta testing new releases under nondisclosure. Other distributions (Debian, Linux-Mandrake, Red Hat) develop their new releases out in the open, and actively seek the input of the community as a whole. Caldera, instead, takes a very secretive approach. One wonders what they really gain by doing things this way. The legality of providing a disk full of GPL software under nondisclosure is also an interesting question... DebianA new Debian security policy was proposed by Martin Schulze this week. It tries to establish the process by which Debian responds to security incidents - no doubt spurred on by the large number of such incidents over the last week. It codifies the usual Debian standards of fast response and full disclosure.Martin is also working on a Debian 2.1r3 release which would contain only security-related and other highly important updates; details in the announcement. Debian has announced its new logo, see the announcement for more. The timing of the new announcement is a little curious, seeing as the choice was made back in June and covered in the June 10 LWN... Linux-MandrakeA pre-release of Linux-Mandrake 6.1. Linux-Mandrake 6.1pre is available for download. This is a pre-release, obviously intended to help them shake out the remaining bugs before the real 6.1 version goes out. They are ambitious, however: 6.1 is supposed to be released next week...Red HatRed Hat's SEC-mandated quiet period ends September 6. It would not be surprising to see a number of new announcements and initiatives come out shortly after that time.Red Hat and group ID's over 100 were the topic of a brief note last week. In response, we got this note from Preston Brown at Red Hat explaining their view of the situation. Essentially, Red Hat's scheme has been to not create user accounts with a group (or user) ID of less than 500 for some time. That all works well, of course, in an environment where Red Hat's tools are being used to create the accounts. In larger networks, where a Linux box is not the center of the world, Red Hat's policies do not necessarily hold much sway. Of course, in such an environment, there will be no safe way to "allocate" new user or group ID's when they are needed. ROCK LinuxVersion 1.3.0 of ROCK Linux - a distribution aimed at experienced users that explicitly excludes configuration tools - has been announced. As if to show how serious they are about the "experienced" part, they have based it on the 2.3.15 kernel...SlackwareA glibc-based Slackware is coming at last. A new FTP directory has appeared with a warning not to install the packages found therein on current Slackware systems. No word as yet on when a real release will happen.Slackware has also set up some new mailing lists - the (long needed) slackware-announce and slackware-security lists. Subscription information can be found on the slackware.com site. (Thanks to Joe Orton). SuSEImpressions of SuSE 6.2 are rolling in. So far, it's not clear how much real work is being done...the first comments are more about peripheral items. Those who had expected the new, reworked manual in 6.2 have been disappointed; it hasn't really changed yet. The other comment has to do with the new cardboard CD packages - some hate them others (the majority, seemingly) prefer them...Wanting to run SuSE on the new AMD Athlon processor? It can be done, but you need a new boot disk to make it happen. Pick up a copy on SuSE's FTP site. Section Editor: Liz Coolbaugh |
September 2, 1999
Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.
Lists of Distributions |
Sections: Main page Linux in the news Security Kernel Distributions Development Commerce Announcements Back page See also: last week's Development page. |
Development toolsPerlLarry Wall on chemistry. The text (and pictures) from Larry Wall's "State of the Onion" talk at the O'Reilly conferences is now available on the web. It's a suitably weird talk, certainly worth a read.Upgrading a Perl installation can be a bit of a pain, since it's hard to know when some obscure script somewhere will break. In an attempt to make things easier, David Muir Sharnoff has announced the "find_used_modules" script. Find_used_modules will search out Perl scripts on the system to be upgraded, and make a list of all the modules used by those scripts. The output is a program which can check over a new installation and make sure that the needed modules will still be available. PythonHere is this week's Python-URL, including some "highly biased highlights" from the O'Reilly conferences.Tcl/tkJacl and Tcl Blend 1.2.4 has been announced. Jacl is an implementation of Tcl 8 in Java, and Tcl Blend is a Tcl extension which allows access to the Java virtual machine from Tcl programs.Here is this week's Tcl-URL. Section Editor: Liz Coolbaugh |
September 2, 1999 |
|
Development projectsGanymedeVersion 0.99.6 of the Ganymede network directory management system has been released. This is a mostly bugfix release as they head toward 1.0. Ganymede is written in Java, and is available under the GPL.GnomeHere is This week's GNOME summary by Havoc Pennington.JessieSGI has released Jessie, a graphical development environment, under the "Jessie Public License". Details and screenshots can be found on the Jessie web site. Jessie, written in Java, currently provides a graphical debugger and performance analysis tool. They also claim support for multi-threaded applications. A big point for them is Jessie's support for work on very large programs - "scalability." It has the look of a very nice tool.They make it very clear that Jessie is not named after Jesse Ventura, governor of Minnesota... KDEHeading toward the KDE 1.1.2 release...things have been delayed for another week as the KDE team waits for the new set of icons to be done. Details in this announcement. They now expect to get the source out on September 6, with binaries to follow a week later.Navindra Umanee's KDE report will not be appearing this week; look for a double report next week. MidgardHere is this week's Midgard news, thanks to Henri Bergius. It looks like a busy time for the Midgard web application server: a new stable release is imminent, a Midgard workshop is in the works, and Linux-Mandrake will be shipping Midgard (and Midgard's customized PHP module) with their 6.1 release.ThorWhat is Thor? Thor is a new development project announced by the Timpanogas Research Group - the folks who donated the "Fenris" Netware filesystem earlier this year. Now they are out to create a free implementation of Novell's Network Directory Service (NDS), and they expect to have it done sometime in the first quarter of 2000. If they are successful, they will have added another "enterprise tool" to Linux's kit that many will find worthwhile.ZopeZope 2.0 has been released at last. A quick list of new features can be found in the announcement. Congratulations to the Zope folks for getting this big release out the door.ZCommerce! The ZCommerce mailing list has been created for those who want to use Zope in electronic commerce situations. See the announcement for signup information. The new Storm Linux web site is Zope powered, check it out at www.stormlinux.com. Here is this week's Zope news; this week's author is Christopher Petrilli. Section Editor: Liz Coolbaugh | |
Sections: Main page Linux in the news Security Kernel Distributions Development Commerce Announcements Back page See also: last week's Commerce page. |
Linux and businessLinux stocks on a roll. Sometime around the end of last week, investors went out looking for Linux stocks beyond Red Hat. They settled quickly on companies like Applix and Corel. Shares in Applix more than doubled over the course of two days; on Friday almost 27 million shares changed hands. That is a pretty impressive total considering that there are less than 9 million shares total on the market. Both Applix and Corel have since dropped back down somewhat, as reality began to set in. Both remain well above their previous values, though. Interestingly, some of the press coverage pointed at Sun's acquisition of StarDivision as the reason for the retreat. If that is true, it undermines the whole notion of efficient markets - Sun's plans have been known for some time. It seems much more likely that people began to think that things had gone too far and it was time to take some profits. Expect to see more of this kind of activity, at least as long as the stock markets remain "exuberant" and Linux continues to grow. The masses have discovered Linux, and the consequences are just beginning to unfold. Watch the game on LWN's Linux Stocks Page, which has just been upgraded to the beta test version. Sun has been added to the list, and a couple other stocks have been bumped up into the first tier. The Linux Stock Index has been reworked to use a better algorithm. The index is also now available via a "back end" interface for those who would like to display it on their own web pages. We are still looking for feedback on how to improve this page; please have a look and let us know how we can make it better.
Version 1.0 of the Uniform Driver Interface (UDI) has been announced. UDI, remember, is the standard that is supposed to make it possible to write device drivers which are portable across a wide range of systems. The backers of UDI have, in the past, expressed hopes that the Linux community would produce a pile of UDI drivers which would then work on other systems as well. Enthusiasm among Linux developers has been relatively low, strangely enough. It will be interesting to see if they renew the push now that they have their full specification out there. New e-smith release. e-smith has announced Version 3.0 of their e-smith server and gateway software product/distribution. Now based on Red Hat Linux 6.0, they've added support for DHCP, Dynamic DNS, LDAP and a new feature they call "Information bays" or "Ibays". "Ibays are easy-to-create, distinct sites on the e-smith hard disk that allow your e-smith server and gateway to host such things as an intranet, customer-specific web site, file download site or company shared file directory." Press Releases:
Section Editor: Jon Corbet. |
September 2, 1999
|
Sections: Main page Linux in the news Security Kernel Distributions Development Commerce Announcements Back page See also: last week's Linux in the news page. |
Linux in the newsRecommending reading: Here's a lengthy profile of Linus Torvalds in the San Jose Mercury News. "Linus seems less like a reindeer caught in the global headlights than a delightful alien dropped down from another planet--possibly to show us all the madness of our ways. Nobody has ever accused Silicon Valley of having a conscience, but it looks as if this bespectacled Finn might be the closest thing." Is Linux falling apart? asks Sm@rt Reseller. The answer is an emphatic negative - nice to see in the mainstream press. "Don't get me wrong; there will be nasty wars between the Linux vendors. With money talking, the warm 'we brave band of brothers' feeling of the early days of Linux is going to erode. But, the cold legal facts of Linux's foundations will keep Linux from ever shattering into incompatible versions that made Unix application reselling such a pain in the neck." Sun's acquisition of Star Division (in roughly chronological order): OSO kicks in with a favorable view of Sun's purchase of Star Division, to balance out other reactions. "All successful platforms are defined by their applications. The desktop is defined by office products and convenient Internet access. The JavaStation, coupled with Star Office, delivers both in a zero (or near zero) administrative bonus. " Here's a Reuters article on Sun's plans with Star Division and StarPortal. "'When I am on the road, I access my corporate desktop from a Web browser,' Sun Chairman and Chief Executive Scott McNealy told Reuters in a telephone interview. 'I don't like to carry my laptop around ... I want everything I have residing somewhere on the network on a server, as opposed to something bundled in a personal mainframe under my arm.'" See also: this News.com article on the acquisition. "Tomorrow, when Sun officially announces the Star Division acquisition in New York, the company will demonstrate the use of StarPortal on a Java-enabled PalmPilot, which is connected to a server." The LA Times had this rticle about it. "Star has about 4 million users, Sun said, including 30% of those who use the Linux operating system instead of Windows." Computer Reseller News ran this article about Sun's StarDivision purchase. "Sun made no bones about using Star suite as an aggerssive play in the Linux market. Among those at the New York briefing today was Roland Dyroff, chief executive of Suse Linux, AG.. who said his company has already bundled 500,000 copies of the suite with its' Linux operating system." Here's another Reuters article about Sun and StarOffice. "Analysts said Sun's move could trigger a sea change in the software industry, with more applications and data being based on the Internet, and managed by Internet service providers, or ISPs -- much like electronic mail is now handled." TechWeb also has its take on Sun and StarDivision. "The acquisition gives Sun an office suite deployable across diverse clients, with the current release running on Windows, OS/2, Solaris, and Linux, in addition to a network computer-oriented Java release and the technology to build a portal-based productivity application service." The Red Herring covers Sun's acquisition of StarDivision. "Tom Dwyer, the Aberdeen Group's research director for enterprise Java, says that StarOffice's availability on Linux is a key factor in this new initiative. The combination of the office suite with Linux may prove an attractive front-end alternative to the Windows/Microsoft Office combination, he said." Resulting fluctuations in the stock of other "Linux" firms: This News.com article says that Sun's acquisition of StarDivision caused the fall in Corel's and Applix's stock prices. "Sun Microsystems' adoption of a new office software suite might be a good thing for Linux users, but it hasn't been so good for the makers of competing products." Business Week looks at Corel's stock price. "Investors will need to figure if Linux could a bigger plus for Corel than Sun's StarOffice/StarPortal could be a negative. If the latter scenario prevails, the rocket that was lit under Corel's stock recently could just as quickly burn out." Here's an August 31st look from Reuters on Corel's stock price. "The Linux updraft that carried Corel Corp. to gains of 44 percent over the last two days of trade was stilled on Tuesday." The Ottawa Citizen reports on Corel's stock price. "Indeed, in the past three months Corel has enjoyed the unusual distinction of making the Toronto Stock Exchange's weekly list of performance stocks five times --three times on the weekly list of five top gainers and twice on the list of five worst losers." Here's an article in the Arizona Republic about the increase in Corel's and Applix's share prices. "Investor enthusiasm for Linux-related companies has increased since the initial sale of shares by software maker Red Hat Inc., which has surged more than fivefold in two weeks." Other stock articles include this one in CBS Marketwatch ("Trading was extremely heavy with more than 26.8 million shares changing hands in the session. Applix has only 8.8 million shares available for trading.") and this one in The Red Herring ("With no real support from Wall Street's analytic community, the question becomes, What is the source of the wind in this company's sails? Perhaps the answer is cyberspace scuttlebutt in chat rooms, where messages about the company have increased since the Red Hat initial public offering on August 11."). News.com reports on the rise in Corel's and Applix's stock prices. "Two software companies with fledgling initiatives for the open-source operating system saw their shares soar today for a second day in a row, despite little in the way of shipping products." (Thanks to Cesar A. K. Grossmann). CBS Marketwatch looks at the runup in Applix's share price. "'Investors took a look at Red Hat with a $5 billion market cap and us at $100 million and saw a compelling value,' Chief Financial Officer Ed Terino said in an interview." Here's a Reuters article about Corel's stock price, which has also started to climb as people begin to recognize it as a "Linux stock." "Corel stock had languished for many sessions following Red Hat's debut but found new life last week after investors woke up." Here's a brief Reuters article about Applix's stock price - which has doubled since late last week. Seems that people suddenly think it's a Linux stock... Operating Systems and other Software: Byte's Jon Udell has a look at Zope. "Last, but not least, is the fascinating story of how Zope came to be an open source project. As Jeffrey reported in our newsgroups last year, it was Digital Creations' venture capitalist who convinced the company this would be a smart move. Toto, I don't think we're in Kansas anymore." CPU Review has a look at Debian 2.1. "The documentation, while somewhat terse, is actually pretty good. The biggest mistake they made was not to include a piece of paper (or print on the CD) a single line, which said 'See install/index.html for documentation on how to install Debian.'" Compaq will be contributing to the development of Red Flag Linux - a Chinese distribution - according to this Computer Currents article. "Compaq China has contributed its Linux knowledge and an AlphaServer DS20 system to the partnership..." Here's a San Jose Mercury article about Tribeworks - which is developing an open source multimedia development platform. "We're stealing a play from the Linux world. It's been amazing to us that the graphics industry has not embraced the community-based model. The advantages are the same as they are for Linux." A review of AbiWord is now available at LinuxPower.org. "Overall, AbiWord shows a lot of promise. Though currently in a pre-release form, I feel that it could be used for minor projects as long as you do not need spell checking or very extensive layout capabilities. " Nicholas Petreley reports on what he saw at LinuxWorld in this InfoWorld column. "But the news from LinuxWorld that will most likely have a significant impact is the imminent release of Hewlett-Packard's OpenMail for Linux." This Detroit News article speculates that Windows 2000 may be adopted more quickly than a lot of people think, and stresses heavily the competition between that system and Linux. "'If they (Microsoft) don't ship a stable, reliable operating system by the end of this year, they're going to see Windows servers eroded by Linux,' said Peter Auditore, vice president of World Research Inc." IT-Director.com has a look at the confusion of Windows 2000 versions - they predict nine different versions in the first year. "...the Linux community which quite rightly sees Microsoft as its obstacle to world domination will probably be pleased with the news. Linux is Linux is Linux. It comes in two basic versions 32 bit and 64 bit and after that you can specialise if you need to. The core is more coherent than that of Windows." (Found in NNL). Hardware: E-Commerce Times looks at E-Smith's new Linux-based server system. "Simplifying the process of adopting the Linux operating system (OS) is central to the e-smith corporate mission, as well as making it accessible for small and mid-sized businesses. According to the company, the product -- which combines e-mail, file sharing, routing and security capabilities -- can even convert a retired 60Mhz Pentium computer into an Internet server for a sizable office." Compaq's dump of NT on Alpha may help Linux says InfoWorld. "Companies that have invested in the future of the Alpha platform -- such as Alpha Processor, in Concord, Mass. -- have quickly changed their tune and are now whistling Linux." The Boston Globe reports on the future of the Alpha processor now that Windows NT will not be part of it. "[Alpha Processor VP] Borkowski figures that about 300,000 Linux servers will be sold worldwide next year. He says that if Alpha Processor can get a quarter of that - 75,000 servers - they'll do fine." Open Source IT looks at Beowulf clusters. "The Boeing Co.'s Applied Research and Technology group, in Seattle, for example, is experimenting with a 16-cpu Beowulf cluster for designing new airplanes. Pharmaceutical company Bristol Myers Squibb has been running a 20-node cluster since February 1999. Proctor & Gamble has a 32-node system running in a research facility near Cincinnati." (Found in NNL). This News.com article is about HP's new Linux-powered thin client system. The Dual Millenium from Future Power offers two Celeron processors and promises to "match similar, single processor Pentium III machines in performance." The high-tower model comes with Linux installed by default for a very nice price. Controversy follows, though, since Future Power is being sued by Apple Computer, Ltd., for alleged infringements upon the iMac design. In addition, Intel has been quick to state that use of multiple Celerons on a single board, or overclocking of the processor, will void the warranty. Business: Here's an E-Commerce Times article about the Linux-based network testing setup created by Neal Nelson and Associates. "A joint statement disclosed that Cabletron Systems (NYSE: CS), Xylan an Alcatel Company (NYSE: ALA) and FORE Systems are utilizing Nelson's test labs to 'evaluate new products using the most extreme, real-world network traffic patterns.'" (Thanks to Sean O'Riordain). Sm@rt Reseller ran this article about SCO's getting into the Linux consulting business. "SCO claims it has the largest staff of open-source experts of any commercial software vendor. The company's newly formed Linux and Open Source Professional Services team will span about 40 core staffers, and will provide Linux audit- and deployment-planning services." E-Commerce Times ran this article about the investment in MandrakeSoft by AXA Placement Innovation. "Commenting on 'the post-IPO Red Hat period,' Francis Gaskins of Ziff Davis Inter@ctive noted that there are some '30 of Red Hat's competitors that should be of considerable interest to both investors and technologists.' With a host of accolades pouring in, MandrakeSoft appears to be working its way to the top of the list." Here's a News.com article about Benchmark Capital's decision to invest in the SourceXchange. "While much skepticism exists about the business opportunity from software that must be available for free under the terms of its license, i.e open-source software, Benchmark is a convert." The Red Herring ran this article about Red Hat's Bob Young and Marc Ewing - who were named to Red Herring's "Top Ten Entrepreneurs for 1999" list. "Under their stewardship, the company's principal product, a software operating system called Red Hat Linux, is now so attractive to corporate America that it poses a formidable threat to Microsoft's operating system monopoly." New Scientist looks at the Red Hat community offering. "Sadly, having thrown their egalitarian principles to the wind and raided their piggybanks for the initial $1000, many were turned away. They were deemed ineligible by E*TRADE's online questionnaire, which was not tailored for postgraduates with little to invest and no experience of buying shares." This Reuters article looks at how the Red Hat IPO has spawned more interest in Linux. "Venture capitalists intrigued by the red hot stock market debut of Linux distributor Red Hat Inc. are placing bets on new start-up open source companies built around software that is given away." Red Herring looks at SGI's reinvention of itself. "Current efforts to move the Linux operating system to SGI, [Greg Weiss, an analyst at D.H. Brown Associates] believes, could pay off in the long run." News.com reports on the Linux Fund credit card which was first unveiled at LinuxWorld. "If [Linux fund founder Benjamin Cox] can sign up 100,000 people, that would provide an estimated $2 million a year to fund development projects and scholarships, he said." Also in News.com: this article about the possible sale of the linux.org web site. Other items: Time Magazine's Josh Quittner says that Linux still isn't for the masses. "Linux and the open-source movement that spawned it are among the most exciting and important things going on in the software world today. But the setup is just too complex for the average person." Is the Linux revolution over? asks PC Week. It seems that Linus Torvalds is getting harder to reach directly, and this reporter was disappointed. "...maybe it's a good thing that Linus doesn't answer his phone anymore. Still, we'll miss the candor and self-deprecation of Torvalds, which came across so genuinely to reporters used to burning their throats on the dry, pressurized airplane air marketing being blown by most companies." Dave Winer has put up an "installation nightmare" story - fairly normal, except that it's a Windows NT box that he bought preinstalled. "I have some advice for Microsoft. Every executive should buy a machine for themselves, from one of the clone vendors, and struggle thru the process their customers have to go thru. They're horribly vulnerable. Compared to this process, setting up Linux was a breeze." (Thanks to Bernhard Reiter). NTKnow covers the O'Reilly conferences in classic form. "...who invited Dave Winer? Proprietary Dave set upon the free software like Carlos the Jackal at a World Trade Organisation shin-dig." "In the grand tradition of the numerous pro-Linux, sarcastically anti-MS pieces circulating around the Web", OSO presents an article that is sarcastically anti-Linux instead: Top 10 Reasons Why Linux Will Become a Smash Desktop Success. Taken in the spirit of pure amusement, it can be enjoyed anyway. After all, we've always said that a sense of humor is a critical, innate part of the Linux community ...
Section Editor: Rebecca Sobol |
September 2, 1999 |
Sections: Main page Linux in the news Security Kernel Distributions Development Commerce Announcements Back page See also: last week's Announcements page. |
AnnouncementsResourcesVersion 1.6 of the Linux Laptop HOWTO is available, though the latest version is not currently on the LDP pages. See the announcement for information and location.Recovering a deleted mail spool is the subject of this column on LinuxCare's site. Have a look, and hope you never find yourself in the same situation... A Linux and C programming mailing list has been created, see the announcement for details. It is intended to be a forum for people seeking (or providing!) help around C programming on Linux systems. Gimp book reviewed. There is a review of the book "The Artists' Guide to the Gimp" by Michael J. Hammel at AboutLinux. A new email book. O'Reilly has announced "Programming Internet Email," by David Wood. EventsThe Bazaar, now scheduled for December 14-16, 1999 in New York, has issued a Call For Participation. The submission deadline is September 17.The call for papers for the 2000 Usenix technical conference has gone out; submissions are due by November 19. Incorporating Linux into your business strategy is a two-day conference consisting of "Compelling Case-Studies Demonstrating Why Linux Should be on Your Radar Screen." It will be held in Washington, DC on November 1 and 2. See the announcement for more. Web sitesThe GNOME-es (Spanish GNOME document translation) project web pages have moved, check them out at the new site. |
September 2, 1999
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Software Announcements
|
Our software announcements are provided courtesy of FreshMeat
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Sections: Main page Linux in the news Security Kernel Distributions Development Commerce Announcements Back page See also: last week's Back page page. |
Linux links of the weekThe Linux Music Station is another site dedicated to Linux and musical applications, with an emphasis on MP3 and recorded music. Looking for a Linux presentation? LinuxSlides.com contains pointers to all of the online presentations about Linux they are able to find. Talks are available in both English and French (with one each in Spanish and Japanese as well). Section Editor: Jon Corbet |
September 2, 1999 |
|
Letters to the editorLetters to the editor should be sent to letters@lwn.net. Preference will be given to letters which are short, to the point, and well written. If you want your email address "anti-spammed" in some way please be sure to let us know. We do not have a policy against anonymous letters, but we will be reluctant to include them. | |
Date: Wed, 1 Sep 1999 12:33:05 -0400 (EDT) From: Derek Glidden <dglidden@illusionary.com> To: <letters@lwn.net> Subject: "Star Office Portal" is a bad idea At first I was worried that Sun's acquisition of StarOffice would be a bad thing for the Linux community. Sun doesn't have the best track record at being supportive of Linux. (Witness the difficulties the Blackdown team have had dealing with the JDK port, at least partially because of the restrictiveness of Sun's "Community Source License"; the announcement that the previously forthcoming support for Linux for Netscape servers was no more.) The fact that Sun has decided to release the source for StarOffice via the SCSL alleviates some of my fears, but only some, and raised new ones because I think their "Star Office Portal" idea is a huge mistake that may cost the application entirely. Let's face it, Larry Ellison has been predicting the imminent death of the PC and the rise and domination of server-driven "Network Computers" and "Internet Terminal" devices for years, and it just hasn't happened. Java is proving itself in behind-the-scenes server-side application progarmming, but it's still slow for full-function interactive user applications. People still for the most part have 28.8K, 33.6K or 56K modems at home and are not going to want to have to wait for their computer to connect to their ISP and then still have to wait for a couple megs of Java code to come down the pipe just so they can type a letter to Mom. There are all sorts of technical *and* social problems trying to work with a system that keeps your important personal documents on someone else's server and not on your local workstation where you have instant, easy access to them. (The recent Hotmail security fiasco is probably going to only highlight these problems.) And probably the most important reason (IMO) that this "Star Office Portal" is a bad idea is because it's not Microsoft Office. "Everyone uses Office" is still the way the world works and as long as it works that way, it will be a constant uphill battle just to _keep up_ with the changes Microsoft make in the way Office files are saved so you can read those documents from work. In a recent online article about the "Star Office Portal" idea, [can't find the URL anymore...] Sun's Scott McNealy's made the comment that, no matter where he goes, he never brings his desktop software with him -- it always stays conveniently on some server someplace where it can be easily accessed through his browser. I think this just shows how out of touch with the real world he is. That may work for Scott, but the vast majority of the "real" computer world have no idea what he's talking about. All they know is they click this icon and their word processor pops up and now they can load that file from the floppy disk where they've saved it. Keeping Scott connected to the internet is probably not a problem, but as a consultant, I need to be very mobile and I still encounter meeting rooms, offices and cubicles that are not wired, or use a different networking topology than I have or are stuck behind a firewall, any of which problems, if I were relying on my ISP or a server back at my office for access to my word processor and documents, would cut me off at the knees and leave me non-functional. Technically, the idea of a platform-independent, run-anywhere, works-the-same-anywhere, follow-me-around-the-world desktop complete with applications is a good idea. Practically, we've seen the industry attempt it half a dozen times and fail. (Anyone remember Netscape's "Atlas" universal desktop?) It's hard to get people to change a fundamental mode of working such as moving from a locally-stored application/data model to a server-stored application/data model. (It's even harder to get Microsoft to "allow" the industry to move in that direction.) There are people who argue this is just a return to mainframe life, only with smarter dumb terminals. I don't think it matters what the change is to or from, people just plain don't like changing the way they work. So, how does this relate to Linux, and not just leaving Sun and Scott with egg on their faces? Well, it sounds like Sun is putting a *lot* of resources into trying to make this "star Office Portal" thing work, and if it fails, as I think it will, that's going to make the whole Star Division acquisition look pretty bad and Sun is a commercial operation out to make money. Currently, StarOffice is only one of a small handful of complete office suites available for Linux and is only one of two or three with any sort of version history on the platform. If Sun decides that it's a bigger drain on their resources than it is worth and dumps the whole thing, Linux could lose it. Because of the restrictions of the SCSL, this doesn't mean some other group can pick up the code and fork it into their own version the way the GPL or a BSD license would allow - it means if Sun says bye-bye, it's gone. Sure, there are other office suites under development (KOffice, Corel Office for Linux, to name just a couple) that could conceivably replace it, but losing Star Office on Linux would make the Linux and Open Source community look bad ("See, another 'open source' project that failed, just like Mozilla!" is what you'll hear.) and, personally, I would rather rely on the software I have now, that works now, than have to bet my productivity on something that may be available and functional "in a few months." | ||
Date: Wed, 01 Sep 1999 23:56:27 -0400 From: "Jay R. Ashworth" <use-reply-to-address@gte.net> To: ewt@redhat.com CC: letters@lwn.net Subject: A rock and a hard place Just another penguin head, weighing in... I gather there's a fuss over the trademark. Lawyers can be such a pain, can't they? My opinion (backed by that of Mark McCormick, see _What_They_Didn't_Teach_Me_at_Yale_Law_School) is that you need to be very cautious of letting the lawyers run the company. It's not their job. Yes, you have a duty to protect your trademarks. Waiting to act until you have had time to make sure that your reaction will not impair your _primary reason_ for your current market cap -- that is: the goodwill of the community -- would _not_ have killed you. Legally, I mean. Next time, ask the lawyer who's rousing the rabble what, exactly, he thinks it _is_ that makes RHAT worth 5.3 _billion_ dollars. And see if he read the parable about golden eggs when he was a kid. _If_ he was a kid. :-) Tread lightly, guys; we love you, and there hasn't ever been a company whose 'goodwill' item carried more weight on the balance sheet. Cheers, -- jra | ||
Date: Sun, 29 Aug 1999 10:14:43 +0900 (JST) From: David Moles <deivu@tomigaya.shibuya.tokyo.jp> To: letters@lwn.net Subject: LASER5's divorce from RedHat One of the reasons cited in LASER5's press release is the high cost of license fees paid to RedHat. I wonder if that means that now they'll be charging a more reasonable price for their distribution? I was in a shop in Akihabara (Tokyo's main hardware, software, and electronic goodies area) and saw that LASER5's "RedHat Linux v6.0J Server" priced at about 45,000 yen -- which is to say about $400. (Yes, you read that right.) As far as I could tell the only thing it offered to distinguish itself from their stock version (8100 yen, or about $70) was SSH. I'm not really sure what's up with these Japanese distributions -- TurboLinux "Pro" was going for 24,000 yen (about $200), while the non- pro edition was about the same as the stock LASER5. It's not support -- LASER5's $400 gets you just three incidents, within the first 180 days. I suppose they might be paying license fees for commercial Japanese input methods -- certainly the free ones out there are kind of lame, though I don't expect that to last -- but if so, why is it the server edition that needs the fancy input? But then again, as a friend of mine pointed out, this is a country where people will pay $15 to see a movie, and then come out saying they would have paid $30 if they had to. :) --D | ||
To: letters@lwn.net Subject: Emacs vulnerability to macro viruses. From: Alan Shutko <ashutko@itms.com> Date: 26 Aug 1999 10:39:33 -0400 Although Emacs can evaluate arbitrary lisp code upon loading a file, there are significant differences between MS Word's and Emacs' openness to viruses. * Only variable setting is enabled by default. By default, attempting to evaluate lisp causes Emacs to query you whether to evaluate the given lisp. Word, OTOH, defaults to vulnerability. * Emacs lisp is human-readable. When Emacs asks whether to evaluate embedded lisp, it will show the lisp to you, so that the user can decide whether it's safe. MS Word will simply ask whether you want to run unspecified macros. MS considers it a feature that embedded code can be non-readable. * Embedded Emacs lisp is visible. You can see it at the bottom of the file, so it is less likely that a virus could exist unseen. So, while Emacs _could_ be vulnerable to viruses, it would take conscious effort on the part of a user to make it so. -- Alan Shutko <ashutko@itms.com> | ||