Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise
news for all interests
Sections: Main page Linux in the news Security Kernel Distributions Development Commerce Announcements Back page
Other stuff:
Recent features: Here is the permanent site for this page.
|
Leading items and editorialsHow free is BIND 8.2? It seems that the developers at Debian have reviewed the license restrictions in the BIND 8.2 release and found that the code implementing the RSA algorithm included from RSADSI (now Security Dynamics), known as DNSsafe, results in BIND no longer being compliant with the Debian Free Software Guidelines (DFSG). After an email discussion with David Conrad, Executive Director of the Internet Software Consortium which maintains BIND, we found that the DNSsafe license addition was not expected to be a significant problem. They had it reviewed by their lawyers and, because the RSA addition is used solely for authentication, the software is still freely exportable. However, freely distributable and exportable is not necessarily the same as DFSG-compliant. Debian developers found several sections of the DNSsafe license restrictions that violated the DFSG. In particular: The DNSsafe software cannot be used or distributed separately from the BIND software. You only have the right to use it or distribute it as a bundled, integrated product.which violates several points of the DFSG, in that it restricts distribution of the software; The DNSsafe software can ONLY be used to provide authentication for resource records in the Domain Name System, as specified in RFC 2065 and successors. You cannot modify the BIND software to use the DNSsafe software for other purposes, or to make its cryptographic functions available to end-users for other uses.which violates the DFSG's "use" provisions; and If you modify the DNSsafe software itself, you cannot modify its documented API, and you must grant RSA Data Security the right to use, modify, and distribute your modifications, including the right to use any patents or other intellectual property that your modifications depend upon.which has several potential problems. Essentially, though, the wording of the license is not the issue. As opposed to the rest of BIND, the DNSsafe code itself is simply not free software. Due to the US patent held by RSADSI (now Security Dynamics), any implementation of the RSA algorithm used in the US is subject to RSADSI's patent claim. The license makes it useable and redistributable for both commercial and non-commercial activities, but not part of the wealth of truly free software. How should this be handled? Well, Debian developers apparently initially contacted ISC and got the impression that nothing could be done about the issue. However, when we passed on David Conrad's comments that creating a branch of BIND that did not contain the RSA code might still be an alternative, they were very interested. This sounds like the best possible solution to the problem, since Debian developers are willing to lose some functionality to keep the software they use totally free. Now we have to wait to see if such a code branch is technically feasible for ISC to create and maintain. It is in all of our interests to have BIND, which is such an important piece of software for Linux within the Internet, remain both well-maintained and free, at least in some incarnation, without having to wait more than a year for the RSA patent to expire. SCO strikes again. SCO may have been making friendly noises regarding Linux recently, but, according to this page on X/OS, they are up to the same old stuff in Europe. Here, X/OS dissects a bulletin sent out by SCO in Belgium, the Netherlands, and Luxemburg which attacks Linux in many ways. An interesting read. For example:
Red Hat's SEC-mandated silent period is now over. They immediately came out with a set of announcements, which are covered within this issue of LWN on the Distributions and Commerce pages. LWN was able to get an interview with Red Hat's Donnie Barnes. The discussion wandered over such topics as what will be done with Red Hat's pot of money, how they view "value-added" derivative distributions like Linux-Mandrake, the community stock offering, and more. Is Sun/StarOffice good for Linux? Bruce Perens raises concerns about StarOffice in this editorial. "Could Sun be building ammunition for its next war? StarOffice may also be an attempt to gain long-term control over the Linux desktop market. By releasing an almost-Open-Source office suite, Sun may be attempting to reduce the demand for an entirely-Open-Source office product." This Week's LWN was brought to you by:
|
September 9, 1999
|
Sections: Main page Linux in the news Security Kernel Distributions Development Commerce Announcements Back page See also: last week's Security page. |
SecurityNewsOpen Source is Critical to Security. We've made that statement, so have many others and we realize that we are preaching to the choir when we repeat it here. However, if you've been having difficulties convincing people around you, try using this week's discovery of a second encryption key in many versions of Microsoft Windows, named "_NSAKey". It was a hot topic in the press, which you can check out in these articles and commentaries: Real, technical details can be found on the Cryptonym site, where Andrew Fernandes first posted his discovery. Microsoft has issued a flat denial, which calls the second key a "backup" key, to be used in case the first key was no longer available.For a relatively balanced reaction, check out this editorial from NTBugTraq editor Russ Cooper. While willing to accept Microsoft's response, he points out that the fact that the second key exists makes the system highly insecure. In theory, you create your own CSP to replace Microsoft's supplied CSP (implementing whatever you wanted in it, say boosting 40-bit to 128-bit), modify the second key to one of your own, install your CSP over Microsoft's, and fire up any application that uses CryptoAPI. The signature will fail Microsoft's verification, pass yours, and everything should work as if you had a U.S./Canadian version.Security through obscurity fails again. In an open-source model, the reasons for introducing a second key would be well-known and people would have pointed out the pitfalls in advance. From the information available, it seems likely that an unwise name was chosen for this particular key, causing a large furor. The end result, though, is that you will never be guaranteed that the software does not have a backdoor, using this mechanism or some other, without access to the source. Lest open source be considered a panacea for all security problems, though, remember both the number of security bugs that continue to be found and fixed in open source software, such as those reported this week. It is good to have the source, it is good to find and fix bugs, but that is not always enough. For another take on the issue of trust, check out this article by Ken Thompson in 1995 [Thanks to Dave Stevens]. On the side of the conspiracy theorists, it is interesting to link up this week's disclosure with this Wired News article, first mentioned in our May 20th Security Summary, where a report to the European Parliament's Science and Technology Options Assessment Panel (STOA) mentions a possible backdoor in Lotus Notes and other software, introduced in cooperation with the NSA. Whether or not you believe the rumors of backdoors in commercial software, it appears that high level officials in Europe are certainly willing to give them credence. Security Portal featured an article on Secure Linux Distributions this week. They give brief summaries of the work currently going on with kha0S, Secure Linux and Bastille Linux, talk about the differing goals of the distributions and happily mention that Secure Linux, based on Debian, and Bastille Linux, based on Red Hat, will be coordinating with each other. Security ReportsProFTPD. We mentioned last week that LinuxPPC, Red Hat and Yellow Dog Linux had released updates to ProFTPD. Those updates were prior to this week's announcement of ProFTPD 1.2.0pre5, which followed closely on the heels of 1.2.0pre4. Neither 2.1.0pre4, nor the patches posted to Bugtraq, fixed all of the recently reported security problems, so upgrading to 2.1.0pre5 is recommended. Expect to see yet another round of updates from distributors over the next week.For the longer term, it seems the ProFTPD may have a rocky future. It has a new maintainer, which is fine, but there are apparently some concerns that the design of ProFTPD is such that securing it is not going to be an easy task. ProFTPD has such a rich feature set, though, that people are likely to take on the task anyway. RH 6.0 shadow passwords. Under Red Hat 6.0, locking and then unlocking an account with the "passwd -l user" and "passwd -u user" commands can result in the addition of a control character to the end of the password field in the shadow password file. Red Hat has acknowledged the bug and Mihai Ibanescu has posted a patch for it. Dynamic DNS is vulnerable. Although a note to this effect was posted this week to Bugtraq, it should be noted that Dynamic DNS is known to be inherently insecure and always has been. Solutions are underway, but not yet available. If you are concerned about security, avoid Dynamic DNS for the present. Commercial software vulnerabilities. A problem was reported with the WatchGuard Firewall default configuration. UpdatesUpdates for the INN vulnerability reported in last week's security section are available for: An additional update for the cron vulnerability reported in last week's security section, in addition to the ones we mentioned from Caldera, Debian, Red Hat and SuSE, came this week from Linux-Mandrake.They also provided an update for the vulnerability in amd. See last week's issues for details on that. Red Hat has announced an updated set of XFree86 packages for the 4.*, 5.* and 6.0 distributions. This update includes some security fixes, and should probably be applied. ResourcesTesting of Cisco's VLAN implementation was done by Dave Taylor and Steve Schupp, who made their findings available. Some comments on the findings may also be of interest.Section Editor: Liz Coolbaugh |
September 9, 1999
|
Sections: Main page Linux in the news Security Kernel Distributions Development Commerce Announcements Back page See also: last week's Kernel page. |
Kernel developmentThe current development kernel release is 2.3.17. Once again, this is a very large patch. There are a lot of driver changes, and one can see the first results of Alan Cox's attempts to clean up the SCSI code and make it somewhat more readable. Note that this isn't the long-awaited rewrite of the SCSI layer; it's just some cleaning up so that he can get on with trying to find some other problems... The current stable kernel release is still 2.2.12. Some problems are still being reported with this kernel - in particular, there still appears to be a memory leak problem that tends to turn up on systems running inn. As of this writing, the developers are still trying to chase that one down. Trouble with 2.2 - sort of. In the August 19 issue of LWN we reported that RAID 0.90 was being folded into the 2.2.12 kernel. A week later we had to update that report and note that the RAID patches had been pulled back out. Why? Too many people objected to such a large change - which requires new user tools - going into a stable kernel minor release. Now it appears that the NFS server patches will suffer a similar fate. These patches, developed by H.J. Lu and others, are absolutely necessary for sites doing serious NFS service with Linux systems. Heterogeneous environments, in particular, frequently turn up problems with the stock 2.2 NFS server. The patches add no new functionality, they just make the server actually work. But they require recent versions of the user space tools. Serious users of both RAID and NFS have been applying these patches by hand for as long as they have been using the 2.2 kernel. A number of distributions also ship versions of the kernel with the patches applied. The natives on linux-kernel are starting to get restless. These patches are considered necessary by many just to get a working system. Why do they not find their way into the mainstream kernel? There seem to be a few problems here:
It thus seems that stable kernels, increasingly, will have to remain truly stable. Even important changes get blocked out at minor release time. So how does the kernel make progress in this environment? The recipe would seem to be more frequent major releases, each of which contains a rather smaller set of changes. If stable kernels are truly stable at (or shortly after) their release, and a new release is not more than two years away, people can calmly wait for larger changes to be integrated. The 2.3 feature freeze, first promised for almost a month ago, still has not been announced. If a 2.4 release - which can contain working RAID and NFS implementations - is to happen before the end of the year, this freeze needs to happen soon. If it's not already too late. Big memory and Raw I/O. LWN first reported on the "big memory patch," which allows Intel-based Linux systems to address up to 4GB of memory, back in the August 19 issue. This week Siemens and SuSE, the sponsors of that development, issued a press release announcing the patch and pointing out that it got included into 2.3.15. There is a remaining loose end or two, however, with the big memory patch. In particular, it breaks Stephen Tweedie's raw I/O patch, which was also recently added to the development series. The raw I/O patch allows data to be transferred directly between user-space buffers and a device. There is an obvious performance gain in some situations, since a copy through the kernel's buffer cache can be avoided. Just as important, however, is simply avoiding the cache altogether. Caching some kinds of data is wasteful, since there will not be another need for it. Rather than improving performance, caching of such transient data has only the effect of forcing out everything else, leading to a sluggish system. Anybody who has had to wait for the window system to respond after a large program build or file copy has seen this mechanism in action. Caching can also be a problem when disks are shared between more than one system. Why is there trouble with raw I/O in particular? It seems that quite a few devices out there are unable to address high memory - memory above 2GB. Attempts to tell such devices to move data to or from high memory can result in total failure at best, and a corrupted system is a distinct possibility. The kernel is careful to keep its own buffers in lower memory so that this sort of problem does not arise. But raw I/O uses user-space buffers, which can end up anywhere. For this reason, the big memory patch currently disallows any sort of raw I/O to high memory. The solution in this case appears to be "bounce buffers." A bounce buffer is a kernel-space buffer which lives in low memory. When I/O is requested to a high memory page, and the device can not handle it, an intermediate copy is made via the bounce buffer. This technique defeats the "zero copy" aspect of raw I/O, but preserves the other advantages. It can also be implemented so that bounce buffers are only used when they are truly needed. A proper implementation with bounce buffers should not only solve the raw I/O problem, but it should also allow the page cache to exist in high memory. Finally, when the day arrives that more than 4GB of memory can be supported, bounce buffers will become even more necessary. A lot of PCI devices out there do not handle 64-bit addressing and will need help at that point, even if they currently work with high memory. (Thanks to Stephen Tweedie, whose linux-kernel messages were ruthlessly plundered for this article). A few other patches and updates released this week:
Section Editor: Jon Corbet |
September 9, 1999
For other kernel news, see: |
Sections: Main page Linux in the news Security Kernel Distributions Development Commerce Announcements Back page See also: last week's Distributions page. |
DistributionsPlease note that security updates from the various distributions are covered in the security section. CalderaCaldera OpenLinux 2.3 is now available. There is also an upgrade version for those who bought earlier versions of the distribution. Those interested in what is new with this release may want to look at Caldera's 2.2 and 2.3 comparison page.As might be expected, since the Lizard installation program was first introduced with 2.2, a lot of improvements to it come with 2.3. They promise auto-detection of almost every video card and many sound cards as well. Untended installations are also now supported. RAID support and Wine, for running Windows binaries, have been added to the base system. The Lizard installer is now available for download, according to this announcement. Interestingly, they have chosen Troll Tech's QPL as the license for this software. DebianBill Henning has added Debian 2.1 to his distribution comparison article at CPUReview.What needs doing before the freeze for Debian 2.2? Chris Lawrence, with some assistance from Martin "Joey" Schulze, discusses the major issues, outlining 10 goals for the latest release at the same time. His outlook is optimistic: "We're not in anywhere near as bad shape as when slink froze... we have working CD scripts, boot-floppies that sorta-work. We even have console-apt for the people who hate dselect. What's not to love? :-)" GnuPG is coming. GnuPG is a free implementation of the OpenPG standard. Now that GnuPG 1.0 has been released, expect Debian to move quickly to using it for handling developer signatures. The use of PGP, non-free software, for this purpose has been a problem for developers outside the United States. In addition, of course, it has been irritating to Debian developers to have to use non-free software for such a critical function ... A volunteer is needed to put together the release notes for the next version of Debian. Bob Hilliard posted a note indicating that he won't be able to do them this time around and asking for help. For more Debian News, check out the Debian Weekly News for September 7th. MandrakeMandrakeSoft announces the opening of two Chinese offices, in Shanghai and Beijing. These offices, and some associated partnerships, will work toward the creation and distribution of a Chinese version of the Linux-Mandrake distribution. "MandrakeSoft's strategy offers multi-lingual Linux-Mandrake and positions it to become the global Linux company."Red HatAnnouncing...Lorax. Lorax is the latest beta release out of Red Hat, that which will, presumably, become 6.1. Included is a bunch of stuff, including their new installer, a 2.2.12 kernel, LDAP authentication, and lots of other stuff. The announcement is full of warnings about its beta nature, so don't throw it on your critical servers right away...LWN labs tried to install Lorax on one of our sacrificial machines. The following should be regarded as a set of first impressions rather than a proper review...
We would love to talk about how the system worked after installation. Alas, the install process put up a Python error about halfway through the package installation and quit. As, perhaps, a bit of deliberate whimsy, it printed "It is now safe to turn off your computer" on its way down. Our summary: Lorax appears to be a minor upgrade to the 6.0 release; there is little in the way of breathtaking new features. Which is proper, after all, for a minor release. Once the rough edges are smoothed down, it should be a suitable successor to 6.0. SlackwareProgress is continuing on the next version of Slackware, based on the now available Changelog. Conversion of software to handle the Linux 2.2.12 kernel seems to be the primary focus this week. Note, in the trivia area, that although the current version of Slackware is 4.0, the next release will be numbered 6.X. In fact, 6.1 beta was released on Monday. Version 5.0 was apparently a development version that will never be released.SuSEThe ftp version of SuSE 6.2 has been announced. Mirror sites for downloading the distribution are also listed, though a quick check of the mirror sites indicates that the listing is not entirely up-to-date and 6.2 is not yet available on all the mirror sites. Yellow DogYellow Dog Linux has released an update to PAM and passwd which fix a problem with MD5 passwords. This problem apparently only affects big-endian systems (and thus not Intel systems), and is not a security problem.Section Editor: Liz Coolbaugh |
September 9, 1999
Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.
Lists of Distributions |
Sections: Main page Linux in the news Security Kernel Distributions Development Commerce Announcements Back page See also: last week's Development page. |
Development toolsGuileThe homepage for Guile has moved to http://www.gnu.org/software/guile/guile.html. Guile 1.3 is still the most recent version, with 1.3.2 due out "soon" (but the page hasn't been updated since July). A lot of work is apparently currently going into the Guile documentation.JavaCarefully scanning of the blackdown.org pages indicated that the Java 2: JCK status page was updated yesterday. Determining how it changed was harder, though it appears that they marked at least one change in red. Previous, the JCK tests were being run only on green threads with the JIT turned off. Now they are being run on both green and native threads, still with the JIT turned off. that indicates a lot more than it seems. Some very good progress with threads under Java 2 must have been made over the past couple of months.In fact, the Java 2: Port Status page confirms this. Big news! We've made significant progress with the problems plaguing the native threads implementation. Some core parts of the native threads library have been reimplemented to better utilize Linux threads. We also believe we have discovered why interrupts were being "lost", and understand how to work around the problems.Perhaps, with a bit of luck, this was the logjam that was holding up the project and we'll start to see more results in the near future. Java Advanged Imaging for Linux moved forward a step. The Blackdown team has been licensed for access to the source code and a first pass at the port has been done. It will be made available for downloading as soon as it validates properly. A Native-Code JDK1.2 Profiler has been announced. PerlCoy - like Carp, only Prettier was the title of Damian Conway's talk on his coy.pm module at the Perl conference. He's made his talk available for review. It's definitely worth reviewing, even for people uninterested in perl!Perl.com is requesting Monterey trip reports, to add to those they already have. They also ran a story on the conference, by Brent Michalski. PythonThis week's Python-URL!, from David Ascher, takes a look at XML issues, Turing completeness and other light topics.The Front Range Pythoneers is a new Python User Group starting up in Northern Colorado. Check out their announcement for directions to the first meeting. A Python class for dealing with RPM files was announced by Morten Kjeldgaard. It should be useful for any of a number of system administration tasks. Tcl/tkTcl URL! for September 6th contains a pointer to a long thread on Tcl and Perl, which it mentions was both informative and constructive, which was nice to hear. Also included are pointers to the Tcl conference keynote, a comparison of Python and Tcl and a pointer to the 7th USENIX Tcl/Tk Conference, which will be held in February of 2000, in Austin, Texas.Section Editor: Liz Coolbaugh |
September 9, 1999 |
|
Development projectsGnuPGGnuPG 1.0 has finally been released. GnuPG is a GPL implementation of the OpenPG standard. Most importantly, its release provides a free alternative to commercial PGP software.GnomeThis week's Gnome Summary mentions that the new Gnome News Site has made his weekly summary almost superfluous. However, many people will still appreciate getting a "Week at a Glance" type view of the Gnome development, in addition to the minute-by-minute updates provided on the news site.In particular, this week's issue talks a bit about the Sawmill window manager, a candidate for "coolest" Bonobo component, along with the weekly wrapup on commits and software releases. GNOME Configuration Files is the title of a new whitepaper in development by Miguel de Icaza. It talks about the configuration files behind Gnome, where to find them and what to do with them. HarmonyHarmony lives! Harmony, remember, was the effort to build a replacement for the Qt libraries under the GPL; it essentially faded away when Troll Tech changed the Qt license. But Adam Richter still hasn't given up; here's an update he just posted to the Harmony list regarding a new snapshot that has been made available. People are still developing on this code; it may yet achieve its goal.High AvailabilityPacket authentication for heartbeat was a topic discussed off-list by several people, with the results summarized by Alan Robertson back to the linux-ha list. It drew some discussion, but the overall reactions seems to be favorable.Also popping up this week was the issue of FHS compatibility for the heartbeat code. Alan has outlined plans for bringing the software into compliance and asked for comments. ht://DigGeoff Hutchison wrote in with a development update for ht://Dig, the web indexing and search system. With several outstanding bugfixes, there will be a 3.1.3 release for all production servers in the next few days. In the meantime, work is reaching completion on the first beta release of 3.2.0. In the last two weeks, the database formats have stabilized, and full phrase searching is supported in the latest snapshot. At this point, the last major hurdle to the 3.2.0b1 release is a cleanup of the connection and transport code.On a related topic, Geoff also talked a bit about plans for adding support for multibyte characters. Check out his message for more details. KDEHere's this week's KDE summary by Navindra Umanee.MidgardVersion 1.2.1 of the Midgard web application platform has been released.This week's Midgard Weekly Summary covers a lot of future development plans for Midgard. MozillaThe current development snapshot of Mozilla is M9, which was released on August 26th. Although originally it was hoped that there would only be 9 or 10 snapshots before their first beta, browsing through the Mozilla.org status and newsbot pages indicates that probably M13 will be the last snapshot before the beta is released. Chris Hofmann commented several times in his posting, "The key thing to do for beta is make the bug system reflect reality, and then drive the bug list to zero."WineThe Wine Weekly News for September 7th is out.ZopeAmos Latteier is back and his Zope Weekly News focuses this week on how to understand and put to use all the cool new stuff in Zope 2. Remember, Zope is a free, Open Source application server and portal toolkit used for building high-performance, dynamic web sites.Section Editor: Liz Coolbaugh |
Project Links Gnome High Availability ht://Dig KDE MagicPoint Midgard Mozilla PHP Wine Zope More Information Freshmeat LinuxDev |
Sections: Main page Linux in the news Security Kernel Distributions Development Commerce Announcements Back page See also: last week's Commerce page. |
Linux and businessWhat is Red Hat up to now that their silent period is over? Here's a few of the things they tossed out this week for starters:
Red Hat's stock price promptly headed for the sky, peaking at over $135 per share on Wednesday, September 8 before falling back somewhat. Investors clearly think Red Hat is going somewhere. Red Hat also announced "Lorax," a beta version of the 6.1 release. Lorax is covered on the Distributions page. Cosource.com racks up first success. Cosource.com has announced the completion of its first sponsored open source development project - an enhancement to the XFCE desktop environment. The work is done, the developer has been paid, and Cosource has a proof - even if small - of its business concept. Press Releases:
Section Editor: Jon Corbet. |
September 9, 1999
|
Sections: Main page Linux in the news Security Kernel Distributions Development Commerce Announcements Back page See also: last week's Linux in the news page. |
Linux in the newsRecommended Reading: PC World has run a lengthy article about PC operating systems; included therein is a substantial section on Linux. It has problems in spots (it says, for example, that you essentially can not order a computer with Linux installed), but covers a lot of ground. "As Windows users, we were dumbstruck by OpenLinux's reliability: In a month of use, we experienced only two application crashes, neither of which brought the operating system down. In fact, we never had to reboot the OS." Robert X. Cringely rides again with Why Microsoft and Intel both lost ground this week to the open source movement. The article, examines the acquisition of StarDivision and the end of Windows NT on the Alpha processor. "Compaq will still be using the chips in their Tandem Himalaya servers. Samsung is also designing Alpha motherboards that fit PC models. What's more, the AMD Athlon chip runs on the Alpha EV6 processor bus, allowing the potential reappearance of Alphas in mass-market CPU boards. But what operating system will nearly all of these Compaq and third party machines be running? Thanks to Microsoft this week, nearly all of them will run Linux." (Thanks to Larry Davison). Sun and StarOffice: The Economist covers Sun's plans with StarDivision. "By acquiring Star Division, founded in 1985 by Marco Borries, then aged 16, Sun is taking direct aim at Microsoft's Office, which includes word processors and spreadsheets. This cash cow, which generates about 40% of Microsoft's revenues, is now threatened by Sun's promise to give away Star Division's much-admired competing product, StarOffice, which can work alongside Microsoft applications and also runs on Linux and Sun's own Solaris operating system." Nicholas Petreley looks at Sun and StarOffice in this InfoWorld editorial. "But I am actually quite ambivalent about the possibility that Sun could cause irreparable damage to Microsoft Office as a product. I happen to prefer StarOffice 5.1 to Microsoft Office 2000, but I don't want to see innovation in the office-suite market grind to a halt the way it did in the browser market. Notice how Netscape's browser has stagnated ever since it stopped making the company any real money. Microsoft hasn't done much with IE, either, at least not since it came close to feature parity with Netscape Communicator." allNetDevices sees big things in Sun's plans for StarOffice. "Our prediction: StarOffice will spur growth of handhelds and thin clients and will become the leading application suite for those devices. That, in turn, will lead to erosion of Microsoft Office's market share on the desktop." (Found in OS News). Red Hat: Here's a Reuters article about the latest craziness with Red Hat's stock price. "In addition, influential Wall Street brokerage Goldman Sachs initiated coverage of Red Hat with a market outperformer rating, saying it was well-positioned as Linux open source software becomes mainstream, and that its share price wasbenefiting from a scarcity of opportunities to otherwise invest in Linux." News.com reports on the billionaires of Red Hat. "Red Hat founder and chief technical officer Marc Ewing, age 30, owns 9.088 million shares in the company, while CEO Robert Young owns 9.081 million shares. At $108 per share, Ewing holds Red Hat stock worth $981 million while Young holds a stake worth approximately $980 million. Should the stock hit $110.11, both will be billionaires." AsiaBizTech reports on Red Hat's Japanese office. "The company is proceeding with the work of converting the latest version of Red Hat Linux6.0 into Japanese, and is expected to put it on the market in October 1999, at the latest. It says that it will provide a free-of-charge upgrade service to the Japanese version of Red Hat Linux6.0 for users of the Japanese version of redhat Linux5.2, which has been available from Itsutsubashi Research Co., Ltd." News.com interviews Red Hat's Marc Ewing. "Any time you're sort of slacking off or saying you're thinking of taking a day off our president says, 'You know, I'll bet Bill Gates is working today.'" (Thanks to Alberto Schiavon). Also in News.com: this article about the deal with Gateway and the new Japanese office. "Red Hat's decision to set up its own international office is a change of direction for the company, which previously had partnered with Itsutsubshi Research to develop and market Red Hat Linux for Japan. 'They had asked for more money than we wanted to pay,' said Red Hat spokeswoman Melissa London. 'We wanted to work together but realized wasn't going to work out. They wanted huge amounts of money.'" (See also last week's LWN for more info on the Japan office and Itsutsubshi Research). TechWeb covers Bob Young's talk to the New York Linux Users Group. "'We feel sympathy for Microsoft.... Because of our visibility, the volume of support requests are going up.'" Sm@rt Reseller ran this article about the Red Hat trademark blowup. "While new gray-market distributors of commercial Linux binaries can be expected to complain loudly about this re-enforcement of Red Hat's trademark and products, the development is music to the ears of official Linux resellers." Joe Brockmeier of the Linux Mall sounds off on the coverage of the Red Hat trademark issue. "I don't think that the press has really been reporting the truth, here. Red Hat's policy isn't new, but every story makes out like it has only been this way since Red Hat went public." Hardware: EE Times looks at Nokia's new mobile TV/Internet product. "Nokia's MediaScreen, with an embedded computer running the Linux operating system and a GSM phone used as a return channel, was shown in action as both a portable device within a booth and as a mobile unit installed in a car that could be seen cruising the IFA exhibition halls." Some motherboard manufacturers are considering more direct support for Linux, according to this Computer Reseller News article. "Elitegroup Computer Systems Inc., Fremont, Calif., plans this summer to unveil a low-cost Linux PC system featuring a motherboard integrated with software and hardware specifically for use with Linux." Other Business: General Motors is considering putting Linux into 7,500 dealerships, according to this ComputerWorld article. "David E. Hutka, operations manager of GM Access, the dealership network, told Computerworld senior writer David Orenstein that the automaker is considering a move from Windows to Linux only because of how much the Microsoft Corp. operating system taxes server hardware." Linux in a three-piece suit is a lengthy set of business case studies in ComputerWorld. "Like any integrated oil company, Amerada Hess Corp. lives and dies by the quality of its seismographic analysis. Its proprietary 3-D analysis software used to run on expensive AIX-based, IBM RS/6000 SP2 computers in the company's Houston offices. Now it runs on Linux, installed on 96 network-clustered Dell Computer Corp. workstation Model 410 machines." This brief IT-Director.com article suggests that HP may be about to drop HPUX and fully adopt Linux. "The proposition is simply this: at the moment Linux lacks a number of scalability functions. It scales in the sense that it has been implemented on configurations with 32 nodes and more, but such implementations are far from fully tailored and tuned. The question then is; who is going to step forward and try and fill this gap and, more importantly, will it be Hewlett-Packard?" (Found in NNL). Linux makes inroads into Windows/Unix territory says the Australian Financial Review. "Office products supplier Corporate Express, for instance, uses Linux for its e-commerce and EDI operations, while TAB Queensland runs Linux on 1,000 computers for branch communications and in its phone-betting call centres." Linuxcare isn't in a hurry to do its IPO, according to this News.com article. "Instead, [CEO] Sarrat is busy signing Linux-support contracts so the company has a solid revenue stream before launching an IPO. Linuxcare, which provides technical support and training for Linux, is raising enough in corporate investments 'to have enough flexibility to pick our IPO time whenever we want next year,' he said. What's going on here--sober, rational thought in the midst the hype that surrounds Linux?" Here's a Reuters article (in TechWeb) about Corel's stock price (yet again). "Owned largely by retail investors, the stock can rise or fall based on gossip circulating in chat rooms. Interest in Linux will continue to have an impact as investors learn more about the technology's market potential." Will Linux replace Windows? asks the Philidelphia Inquirer in this introductory article. "For some area companies, it already has." (Thanks to Dave Lugo). Reviews and Comparisons: Here's a News.com article comparing Caldera Systems and Red Hat. "Caldera and Red Hat may be similar in some ways, but their product focus is different. Where Caldera has chosen to focus on relatively unsophisticated users, Red Hat sees big opportunity in expanding into ever more powerful servers. That could change in coming months, with the release of a new version of Caldera Systems' Linux aimed specifically at servers." Salon Magazine looks at the pains of installing Linux on laptop systems. "It's just no fun to buy a new IBM Thinkpad and then discover that no matter how good a hacker you are, you simply can't get the built-in modem to work with Linux." PC World provides a set of second steps with Red Hat Linux - things to do after the installation. "Unlike a certain operating system out of Redmond, Washington, Linux offers a remarkably stable and secure platform. Unfortunately, any computer connected to the Internet will--at some point--attract trespassers. And a standard Red Hat installation provides online thugs with plenty of ways to hack into your system." AboutLinux looks at the effects of optimization settings on AMD Athlon performance. "...by following the optimization settings shown in the article, you can get up to 73% improvement on some types of code." OS Opinion Editorials:
Finally: Here's a CNN article remarking on the lack of glitz at Linus Torvalds' LinuxWorld keynote. "The truth is, of course, that the Silicon Valley style wouldn't suit Linux any more than a tie-dye T-shirt would suit Oracle style magnate Larry Ellison. In fact, such glitzy launches and buzzword-infested speeches are the antithesis of everything Linux has come to represent -- namely, grassroots software developers making products for the community, not profit." The Boston Globe casts doubt on the future of Linux by comparing it to Java and quoting a lot of Microsoft executives. "Plainly there's no need to mourn for Java's fate. But its success as a sort of welding tool for computer networks is a long way from the early visions of Java partisans. Talk to Microsoft executives and they'll tell you that a similar fate awaits Linux. Charles Fitzgerald, director of business development in Microsoft's software development unit, says the Linux hype has already peaked." (Found in Slashdot).
Section Editor: Rebecca Sobol |
September 9, 1999 |
Sections: Main page Linux in the news Security Kernel Distributions Development Commerce Announcements Back page See also: last week's Announcements page. |
AnnouncementsResourcesThe September Linux Gazette is out. It contains, among many other interesting articles, Mike Orr's first Linux Humor column. Although the two jokes there have been floating around for a while, it is nice to have them properly recorded for posterity. If you have more material in that vein, consider sending it his way.EventsThe 1999 Pluto Meeting will be September 24-25, in Padova, Italy. Kernel Hacker Andrea Arcangeli will be speaking. Pluto is one of the older Linux user groups, dating back to 1992. Please see the announcement (in both Italian and English) for details.OSDI 2000, the fourth Symposium on Operating System Design and Implementation, will be held in October of 2000 in San Diego. Miranda Page Tiemann, daughter of Cygnus founder Michael Tiemann, was born on August 29. Congratulations! User Group NewsHey Luggers! Linux.com is looking for you! The LUG project at Linux.com is looking for able bodies to perform various tasks for the LUG community. Linux.com is looking for LUG representatives reponsible for representing all LUGs in a state, area, or country. They also have positions available to volunteer time to support LUG resources, projects, and more. For more information, visit their website or email Kara Pritchard.
USCLUG Fall Semester InstallFest Details: |
September 9, 1999
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Software Announcements
|
Our software announcements are provided courtesy of FreshMeat
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Sections: Main page Linux in the news Security Kernel Distributions Development Commerce Announcements Back page See also: last week's Back page page. |
Linux links of the weekOpenH323.org is the home of the OpenH332 project, which is producing a free implementation of the H.323 protocol stack. H.323 is an audio/video conferencing protocol, used by such proprietary applications as NetMeeting. Soon, there will be no need to use non-free software to take part in these gatherings. An extensive collection of system administration material (tutorials, resources, etc) can be found at sysads.com.ph. Section Editor: Jon Corbet |
September 9, 1999 |
|
Letters to the editorLetters to the editor should be sent to letters@lwn.net. Preference will be given to letters which are short, to the point, and well written. If you want your email address "anti-spammed" in some way please be sure to let us know. We do not have a policy against anonymous letters, but we will be reluctant to include them. | |
From: Mike Richardson <mike@quaking.demon.co.uk> To: letters@lwn.net Subject: Exporting Office Suites to Browsers Date: Thu, 2 Sep 1999 13:35:46 +0100 Ah! So, exporting software to users' machines has popped up again. Personally, I rather think that it will submerge once again. Desktop machines a pretty cheap, management like to have 'their' machine with 'their' software and 'their' data, its more sexy, etc., etc. But, maybe there is something here that can benefit the Linux (and Unix in general) community at the expence of M$oft and Windoze. I think we should distinguish two cases. First, there are the "home" users who are distinguished by virtue of having relatively slow, typically dialup, access to the InterNet. Exporting software is a dead duck in this case - too slow and/or too expensive (either due to connection times or pay-per-use). The second case, though, is the "corporate" user. In this case there is a high-speed permanant connection to the company servers. In this case the incremental cost of using the exported software is essentially zero; the company pays for it up-front and network usage has little cost. But! There is still the question of whether web browsers are stable enough to trust with this sort of activity - and the answer is, they probably are not. But! But! In the Linux/Unix world, we don't have to worry about needing a web browser as the front end, we have a perfectly good system already, viz X11. So, my point is this. A lot of effort is going into KDE and Gnome at the moment, and some truly excellent applications are appearing or are in the pipeline. But, the packaging for them is essentially single- machine. Maybe what we need here is some _explicitly_ client/server based packaging ...... Just my two'n'sixpence worth Mike Richardson | ||
From: Greg Owen <gowen@SoftLock.com> To: "'letters@lwn.net'" <letters@lwn.net> Subject: Security page and kernel modules Date: Thu, 2 Sep 1999 10:56:45 -0400 I was a bit suprised to see no mention of the recent code postings which allow intruders to use loadable kernel modules to hide their control and presence in this weeks security page. I learned about it this week using Kernel Traffic item http://www.kt.opensrc.org/kt19990830_32.html#13. It seems to me there is a quick and dirty lesson here - if you have a machine you want secured, use a static kernel and disable module loading. I've done this in the past, but didn't know there was such a good reason! As always, thanks for the otherwise impeccable newsletter. -- gowen -- Greg Owen -- gowen@softlock.com | ||
Date: Fri, 03 Sep 1999 01:56:07 -0400 From: Joe Drew <hoserhead@bigfoot.com> To: editor@lwn.net Subject: Caldera 2.3 under NDA It sounds bad, but after I'd thought about it a bit it seems like it's alright. Ok, the GPL and other assorted Free Software licenses say "You've got these rights, and you have to do these things in order to keep them." But along comes Caldera, with its new packaging and distribution of these pieces of Free Software. Caldera says "Ok, if you want to get your hands on this CD you've got to sign this piece of paper which says that you have decided to not exercise your rights under the GPL, and if you do we can sue you into the ground and back." Seems ok to me. -- Joe Drew http://www.woot.net "Larry Flynt is right!" | ||
Date: Thu, 2 Sep 1999 16:32:49 +0200 From: Luca Berra <bluca@comedia.it> To: letters@lwn.net Cc: linux-lvm@msede.com Subject: A petition to get LVM into the kernel Good morining, In the kernel page of issue 9902 concerning the linux-lvm petition Jon Corbet states: '... Attempting to replace those criteria with "special interest group" pressure is not the way to get a better kernel. Hopefully those wanting LVM in the kernel can discuss the matter with Linus and find out what, if anything, is blocking that inclusion.' Actually before deciding to make a petition we did. in fact you'll find LVM in some of -ac patches. The idea of the petition came when someone reported to Heinz Mauelshagen the linux-lvm mantainer "that Linus wants to wait before putting LVM into the stock kernel to see if enough people are interested to have this." We decided that having a document that summarizes the reasons why we feel that LVM is needed in the stock kernel, and have it subscribed by anyone who is interested was the best way to let him know. Regards, Luca -- Luca Berra -- bluca@comedia.it Communications Media & Services S.r.l. | ||