Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise
news for all interests
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page
Other stuff:
Contact us
Recent features: Here is the permanent site for this page.
|
Leading items and editorialsLWN reviews two Linux firewalling books. In the latest addition to the LWN Book Reviews Page, we look at two books on building firewalls with Linux: Linux Firewalls by Robert L. Ziegler and Building Linux and OpenBSD Firewalls by Wes Sonnenreich and Tom Yates. Our reviewer liked the latter rather more than the former... There is one point from the review that is worth repeating here: both of the books reviewed will shortly be obsolete. The 2.3 kernel development series has replaced the ipchains mechanism with the new "netfilter" package, which is better in all respects. While much of the information contained in the firewalling books will remain valid; the actual discussion of how to set up firewall rules will show its age as soon as the first 2.4-based distribution hits the shelves. Obsolescence is, of course, the fate of much Linux documentation. A great deal is happening with Linux, and keeping up with the changes is difficult. However, if there were a book on Linux firewalling available under an open content license, chances are somebody would already be at work updating it for the new kernel. It would actually have a chance of being current when the new kernel comes out. This may be the point that eventually pushes publishers toward more open licensing of their books. Closed, proprietary, paper-only books simply are too hard to keep current in the fast-moving open source world. A cooperative group has been formed to develop open source customer relationship management (CRM) applications. This group (OpenSourceCRM.org), which announced its existence this week, is sponsored by a handful of companies, including VA Linux Systems. OpenSourceCRM's first product is not necessarily something to cheer about: it's an "outbound email promotions system." If it becomes a delivery mechanism for spam people will not like it, whether it is open source or not. The interesting thing about this announcement, however, is what it suggests for the future. Much open source software has been developed by individuals by companies, each pursuing their own interests. Consortiums of companies, thus far, have taken a lower profile in open source development. This is likely to change as the next wave of companies jumps into open source. There are numerous industries that could be well served by suites of open source, industry-specific software. Think of hotel management, restaurants, broadcasting, etc. If the software is sufficiently well done, it would be a win for the industry as a whole. It seems almost inevitable. Some steps in this direction can be seen now. The OpenSourceCRM group is one such. There are the Free Practice Management and FreeMed initiatives in the medical industry. But this is just a tiny beginning. There is probably a good living to be made for a company that can establish itself as a coordinator for this type of project. Amazon.com does it again: the web retailer has been awarded yet another patent. This time around, it claims patent rights for its affiliate program - which is much like many other such programs on the net. Advanced technology like "referral links" is now proprietary. Given Amazon's record so far, it is to be expected that other web-based retailers will start getting friendly letters from Amazon's lawyers. Tim O'Reilly has come out strongly against the Amazon patents. He argues the points well; there is not a whole lot we can add. The O'Reilly Network has also created a software patents page with resources and news on this subject. LWN, meanwhile, has decided to withdraw from the Amazon.com affiliate program. We'll be looking at ways of replacing it in the near future; in the meantime the Amazon links on our book reviews page will be going away shortly. (See also: News.com's article on the affiliate network patent). Colorado Linux Info Quest update. The speaker line-up for the Colorado Linux Info Quest is now complete. The latest announcement is the addition of Scott Draeker, CEO of Loki Software. He'll be talking on "Free Software, Beer and Games". Keep an eye out ... we have five additional speakers that we'll be highlighting in the next week or two. Inside this week's Linux Weekly News:
This Week's LWN was brought to you by:
|
March 2, 2000
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Security page. |
SecurityNews and editorialsLicensing issues on "open source" security software. It appears that the argument that security software must be provided along with the source code is starting to be more widely accepted. We are seeing more security software produced by commercial organizations released as "open source software" (as opposed to tools developed by individuals or volunteer groups, which are frequently released under open source or free software licenses). We listed the announcement of one such tool last week, ITS4.One of our readers, Alexandre Dulaunoy, pointed out that the license for ITS4 is not compatible with the Open Source definition from OSI because it explicitly restricts the use of the software for revenue generation. "Use by individuals and non-profit organizations is always allowed. Companies are permitted to use this program as long as it is not used for revenue-generating purposes." Clearly RST chose to release the source code for ITS4 in order to show their confidence in their own code, to facilitate bug fixes and maybe even to accept improvements from others, but not in order to help produce a world where all software is free. This is their right. However, they should be strongly encouraged to call their software "source-code-provided", not "open source", or the value of that term will be diluted. Another example of this comes with the announcement of the "open-sourcing of the Linux Tripwire product". The question of whether or not the product will truly be "open source" is unanswered. The product itself will not be released until Q3 2000 and no licensing information for it is yet available. One reader expressed a concern that Tripwire, Inc. may not understand the implication of releasing the source code for the Linux Tripwire product under an open source license. If the source code truly becomes open source, there will be nothing to prevent anyone from porting it to other operating systems, including, for example, NT, where Tripwire, Inc, currently generates revenue from selling its commercial, closed source version. It is early days to point fingers. Tripwire is an excellent product and we hope to see it released under an actual open source/free software license, especially given the current backing of Caldera/Red Hat/SGI/VA Linux for this project. Having this type of integrity-validation tool as part of a base Linux distribution will be a "very good thing". The point is that calling a product "open source" should not be done until the license for it is available for scrutiny, and then only if it meets the Debian Free Software Guidelines or the Open Source Definition. For more information on the Tripwire announcement, check http://www.tripwire.org or this ZDnet article on the announcement. This week's discussion topics. SSH security was a major topic on BugTraq this week, particularly in reference to combining SSH with X forwarding and agent forwarding. The issue is that, in cases where you are using an SSH client to connect to an untrusted server, or to a server that may have been compromised, the X forwarding feature of SSH will make you much more vulnerable. OpenSSH has now disabled X forwarding by default. You can do the same by using "ssh -x". It is probably a good idea to always run without X forwarding enabled unless you know you need it. For more SSH information, you might want to check out SecurityPortal's second SSH article. This one focuses on OpenSSH. (Thanks to John Villalovos.) Security ReportsApache 1.3.12 released. Apache 1.3.12 was released on February 25th. It contains fixes for the `cross site scripting'' security alerts described in advisories from CERT and Apache.org. An upgrade to this version is highly recommended. Security hole in ht://Dig. The ht://Dig search engine has a security hole which can allow a remote intruder to read files on your system that you did not wish to export. Version 3.1.5, just released, closes this hole; an upgrade is recommended. See the alert for details. A full security audit of ht://Dig is now being started. Anyone who wishes to help with them can contact them at htdig3-dev@htdig.org. Distribution updates for ht://Dig: Please note that our mention of the Debian update on the daily page this week contained an incorrect URL, pointing to an earlier Debian update to htdig from last December. Our apologies. If you checked the update via the daily page, you may wish to double-check it here. Remote vulnerability in nmh. Versions of nmh prior to 1.0.3 can be made to execute arbitrary commands via the mhshow command. Check this note for more details. Buffer overflow in dump. The dump command contains a buffer overflow, according to Yong-jun, Kim. Another MySQL update. The latest version of MySQL contains fixes for the remote access vulnerability, discussed in the February 10 LWN security page. Distribution updates for MySQL have been released from: ResourcesSun releases host vulnerability scanner. Sun has released an early version of its Sun Enterprise Network Security Service (SENSS) security scanner system. It's written in Java, and supports Linux as a tier-1 platform. The licensing is the usual SCSL, which is not optimal, but it does get the system out there where people can work with and use it.ITS4 1.0.1 released. Here is the announcement for ITS4 1.0.1. Nessus version 0.99.6. A new development version of Nessus, a remote security scanner, has been announced. Upgrades are recommended for anyone using an older version of Nessus. Saint 2.0 beta 1. Speaking of security scanners, a new beta release of Saint has been announced. Secure-Linux patch. 2.2.14 version 2 is a new version of the Secure-Linux patch, updated for the 2.2.14 kernel. EventsSANE 2000. A reminder about SANE 2000, an international conference on System Administration and Networking, coming up in the Netherlands this May ...Section Editor: Liz Coolbaugh |
March 2, 2000
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Kernel page. |
Kernel developmentThe current development kernel release is 2.3.48. This large (4.5MB) patch is mostly dedicated to a major merge of MIPS and MIPS64 support; it now can run on a wide series of SGI systems, MIPS-based DECstations, and even a Russian embedded system called the "Baget." It also has an experimental 3ware hardware ATA RAID driver, PS/2 ESDI disk support, Matrox I2C support, a driver for FORE Systems 200E ATM adapters, and a rework of the Tulip ethernet driver. There is a 2.3.49 pre-patch available. It includes more work on interrupt handling; a new bonded network driver; USB enhancements for IBM cameras, Pegasus ethernet, and Wacom tablets; a rework of the Reva frame buffer driver; and a new "big reader" spinlock mechanism. Those interested in the interrupt work may want to look at this rather technical message from Ingo Molnar on what has been done. Essentially, the work is aimed at increased performance and scalability, especially on multiprocessor systems. The current stable kernel release is still 2.2.14. The 2.2.15 pre-patch is up to version 2.2.15pre12. This version of the patch is intended to lead to the final cleanup; Alan intends a pre13 toward the end of the week, and the real 2.2.15 kernel sometime next week, "if things go OK." Announcing: the Linux Console Project. James Simmons sent out this announcement for a new project which seeks "to design a new multihead console system for linux." There had been some discussion in linux-kernel about the status of the current console driver (which appears to be unmaintained) and the desirability of some new features - like different video modes for each virtual terminal. The project already has a shiny new SourceForge page; Mr. Simmons would like to have something ready to merge into the 2.5 development series at an early date. Devfs, /proc, and magic files. Back in 2.3.46, a new driver (by Tigran Aivazian) showed up which provides the (somewhat scary) ability to rewrite the microcode in Intel P6 processors. If you want to mess with the internal wiring of your processor, just load the appropriate module (wiring this driver into a monolithic kernel would be a risky thing to do) and shovel your new microcode into /proc/driver/microcode. All there is to it. This driver drew a number of immediate complaints. The ability to hose your processor doesn't seem to bother people; the real sticking point is the creation of another magic file in /proc. What is coming out is that quite a few people really do not like the proc filesystem at all, and do not wish to see more capabilities added to it. What are the problems with /proc? Common gripes include: it has gone past its initial scope of providing process information; it is bloated and slow; the files and their formats are not standardized and subject to frequent change; the internal API is convoluted; the use of ASCII strings requires applications to do too much parsing; changes to permissions on /proc entries are not persistent; and so on. /proc's detractors are especially annoyed that it is increasingly hard to run a system without /proc. Once upon a time, /proc was supposed to be an optional feature. One suggestion that has been made is that the microcode update driver should move to devfs instead, now that devfs is in the kernel. At that point, it would be necessary to use devfs to make use of this driver. That has upset a number of people; you see, devfs is supposed to be an entirely optional feature. Devfs author Richard Gooch has always stepped very carefully around that issue until now; his more recent words on the subject have drawn some criticism. This issue will be difficult to resolve in a way that satisfies everybody. Anything that makes devfs mandatory for system operation will draw fierce opposition. While /proc is a bit messier than it should be, changing it will prove difficult - many applications depend on its current form. Nonetheless, some sort of more coherent approach to the "magic files" interface to the kernel will become necessary at some point. That sort of interface is just to convenient to get rid of. Expect to see this fight come back again. Other patches and updates released this week include:
Section Editor: Jonathan Corbet |
March 2, 2000
For other kernel news, see: Other resources: |
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Distributions page. |
DistributionsPlease note that security updates from the various distributions are covered in the security section. Pick a distro (ZDNet). ZDNet's Evan Leibovitch looks at the increasing variety of Linux distributions and likes what he sees. "What all this leads to is what appears to be a contradictory conclusion: the increasing variety of Linux distributions actually simplifies your choices. Instead of expecting a single distribution to do everything and understand your field of speciality, chances are you'll be able to find a company or group that understands what you want out of your OS and that has a Linux package tweaked in your direction." We agree with Evan whole-heartedly and will continue to celebrate the strength that lies in the diversity of Linux distributions. cLIeNUX. Challenging and stretching the definition of a Linux distribution, cLIeNUX is a distribution which has chosen to release software developed specifically for cLIeNUX under a licenses that restricts its redistribution: "The current 'cLIeNUX Core' is intended to serve as the basis for a membership model of open source software compensation, and as a basis for a member-built unbounded Linux/GNU/unix." That is just the beginning, though. cLIeNUX, whose name is meant to imply "client-use Linux", has explicitly chosen to break with the Linux Standards Base, instituting its own file system standard and then providing scripts to theoretically make it possible to install LSB-compatible binaries on cLIeNUX. Next, they also choose to redefine specific Linux/Unix commands, or to provide non-standard aliases for them: "'cat' has been renamed to 'get'. Relax. 'cat' is in your PATH in /command/unix. There's about 50 like that. This makes things harder for old hands and easier for newbies. cLIeNUX is like that." They've made some interesting choices about what software to include as well. "cLIeNUX has ed and Pico, but not vi." They have not done this in total isolation. Their documents speak of conversations with Richard Stallman, for example, who, of course, was not supportive of their planned licensing. Why, then, are they doing all of this? Using information from their distribution, the idea seems to be to support a model for compensating authors of open source software. Reading this description, it seems a bit like shareware -- membership is voluntary but people who are both members and developers get a proportionate share of 20% of the membership revenue, presuming there is any. We've reviewed their materials and hope to keep an open mind. There is nothing to suggest that they are not well intentioned. However, there is also not a lot here that looks particularly appealing to us. Nothing in the description of the distribution offers enough of value to warrant their choices to purposefully break compatibility with other Linux distributions. However, in the name of diversity, they have their opportunity to prove us wrong, by attracting sufficient developers and users to prove their model viable. Two years ago, prior to the availability of good jobs for open source programmers at companies that are becoming aware of the value of open source, we would have been more supportive of the planned revenue model, at least as an experiment. Even then, though, we were unlikely to be impressed by the methods they've chosen. SPIRO-Linux founder departs. Rick Collette, creator of the SPIRO-Linux distribution, has announced his departure from the company. This is one example of a developer joining with a commercial company which did not work out well and gives a warning to other developers to be careful. "I'm a programmer, not an attourney. My nature is to trust people. When Inventive Communications offered me the contract, I glanced over it and it looked good to me, so I signed it." Be careful out there, everyone. We wish Rick the best in his future endeavours. German-localized distributions. Halloween Linux is a distribution based on Red Hat and localized for German users. The web site is sparse, so checking this separate description is recommended. (Both sites are in German). Red Linux is also a German-localized version of the freely distributable portions of Red Hat. Thanks to Fred Mobach for pointing out these distributions. Note that he also mentioned they have been receiving some good reports in the German press. Caldera OpenLinuxCaldera Lizard bug. Caldera's Lizard installer has a bug in it that, in cases where a DNS server is not found promptly, causes the installer to scan an entire class C network. Richard Johnson posted this description of the problem and Olaf Kirch responded, explaining the source of the problem. Caldera are working on a resolution.Debian GNU/LinuxDebian-Hurd Kernel Cousin. This week's Debian-hurd Kernel Cousin is available for an update on this project.LoopLinuxLoopLinux 9, a new version of this tiny distribution, has been announced.Yellow Dog LinuxYellow Dog Champion Server 1.2 released. Terra Soft Solutions has announced the release of Yellow Dog Champion Server 1.2.Section Editor: Liz Coolbaugh |
March 2, 2000
Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Development page. |
Development projectsBrowsersM14 is out ... but you might want to skip it. Mozilla M14 showed up on the download sites without fanfare and still is not mentioned on the front page of Mozilla.org. Meanwhile, commentary on M14 over at MozillaZine indicates that this is one development release you might want to skip. It is certainly not a beta release yet.DatabasesCommercial software generating free software. Oracle Object Manager 1.0 is a program to allow viewing, creating, altering, and dropping of most Oracle objects which has been released under the GPL.GamingThe Chopping Block. Worldforge's e-zine, The Chopping Block, has returned with more news on this system for massively multiplayer online roleplaying games, including the release of the "Worldforge Plan".EducationLinux in Education Report #9. Report #9 covers a lot of ground, including progress on Grader, a consolidated gradebook program, effort to get more binary packages for both Debian and rpm-based systems out, and a couple of Zope-related items. Bruno Vernier has assembled a set of Debian packages containing Zope products he feels are useful for education and Zschool.org has been announced, a project dedicated to Zope in Education. An update on the multimedia program produced at Escuela Normal Manuel Avila Camacho in Mexico is also included.InteroperabilityWine 20000227. The latest version of Wine is now 20000227. Meanwhile, the Wine Weekly News is reporting progress on the port of Wine to Solaris.Office ApplicationsLyX Development News (Mar 1). The LyX Development News for March 1st is now available. This is the second issue of what is planned to be a fortnightly feature (twice a month as opposed to bi-weekly). One feature, among many, that was good to see -- a Hebrew patch has gone in, the beginning of what is hoped to be general support for right-to-left languages. The AbiWord Weekly News (Feb 23). Last week's AbiWord Weekly News mentions that they've got Tinderbox up and running, continuously recompiling the code on various platforms. Meanwhile, the code base has been transitioned to using IETF style language codes, a major change, and support for Polish has been added, bringing the language support count up to 15. The AbiWord Weekly News (Mar 1). This week's edition covers topics including the word count dialog, UI design, bug status, list support, a project of the week report and a very nice wrap-up for the month of February. GnuCash 1.3.0. A new version of GnuCash has been announced. This release marks "the switch from Motif to Gnome [sic] for the GUI toolkit", plus additional features. PostgreSQL v7.0 Beta. The beta version of PostgreSQL 7.0 is now available for download. Features in the new version include the implementation of foreign keys (except for partial match foreign keys), an overhaul of the optimizer and an updated version of psql, their interactive terminal monitor. "This release shows the continued growth of PostgreSQL. There are more updated items in 7.0 than in any previous release." (Thanks to Vincent Lin.) On the DesktopGNOME Master Plan. A GNOME master plan has been posted on the GNOME site. It gives an overview of what GNOME plans to accomplish over the rest of the year, and how they plan to get there. Worth a read if you're interested in GNOME at all. (Thanks to Anand Rangarajan).This week's GNOME summary. Here is this week's GNOME summary by Havoc Pennington. Among the topics covered are the new GNOME master plan and the latest word from Eazel. Announcing KDevelop version 1.1final. The 1.1final version of KDevelop has been announced. This version contains several new features and many bugfixes. It is intended to be the last release for KDE 1.1.2. Then the effort will go into KDevelop 2.x (which will work on KDE 2.x). ScienceFreeGIS. Bernhard Reiter dropped us some updated news about the FreeGIS project this week. Their CD, containing a variety of GIS and geodata-related free software, is up to version 1.0.2 and now includes a ready-to-run on-line mapping demo with mapserver. A North American distributor for their CD has also been found.
Last, but not least, "The FreeGIS Team is proud about the fact that the
venerable Frank Warmerdam Website DevelopmentZope Weekly News (Mar 1). This week's Zope Weekly News contains article pointers, product updates, and pointers to new documentation. Note that Amos Latteier is looking for feedback on his Zope Documentation Plan.Section Editor: Liz Coolbaugh |
March 2, 2000
|
|
Development toolsC++ answers from Bjarne Stroustrup (Slashdot). Worth a read: this Slashdot interview with C++ creator Bjarne Stroustrup. "Naturally, you can write poor programs in any language. C++ is a powerful tool and in the wrong hands it can generate code that is *obviously* contorted and bloated. That may be preferable to the traditional spaghetti that poor programmers produce in C. Note that someone who is a good C programmer isn't automatically a good C++ programmer. Many problems have been caused by good C programmers assuming that they could adopt a semi-random collection of C++ language features and then magically become a good C++ programmer in a week." The March 2000 edition of the Linux Gazette. According to the announcement for the latest version of the Linux Gazette, the new edition contains articles on GIMP-Perl, Smalltalk on Linux and process cloning in C, which you may find of interest. JavaKITTEN JavaScript Validation Library 1.0. The KITTEN JavaScript Validation Library was announced this week. The license for the library is marked as "freeware", an ambiguous term. OpenMap 3.4. A new version of OpenMap, a "JavaBeans based toolkit for building applications and applets needing geographic information", has been announced. Perlperl 5.5.660 beta 2 has been released.PHPPHP 3.0.15. A new version of PHP has been announced. This release contains some security fixes; if you are using PHP's safe mode, an upgrade is urged.PythonThis week's Python-URL. Here is this week's Dr. Dobb's Python-URL, with the latest in Python development news.Tcl/tkThis week's edition of Dr. Dobb's Tcl-URL is available.Section Editor: Liz Coolbaugh |
Language Links Guile Blackdown.org IBM Java Zone Perl News PHP Daily Python-URL Python.org JPython Smalltalk |
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Commerce page. |
Linux and businessLeading up to the IPO. Caldera Systems and Linuxcare, both of which are in the IPO process, have submitted new S-1 registrations this week. The amended registrations are a normal part of the process; they provide some additional and updated information on the company and its offering.
The actual IPO dates will not be known for a while yet; the offerings are likely to take place sometime in April. Are Linux stocks good buys? As the next round of Linux IPOs nears, investors must surely be wondering about the quality of the investments they represent. Consider: Red Hat has fallen to just over a third of its peak value (in January), and VA Linux Systems is only worth a third of the value it hit on its first day. Some of the sparkle has clearly gone out of these stocks. Of course, these things are all relative. Both companies still have quite high valuations for their size and revenues. If Linux Mania hadn't happened, and both stocks had reached their current valuations from below, few people would probably be disappointed. As things are, however, anybody who bought VA on its first day - or almost any time thereafter, for that matter - is not likely to be happy about the investment. Investors looking at the upcoming IPOs would do well to keep that in mind. Linux stocks are not necessarily a good buy at any price, be careful out there. Ericsson's cordless screen phone. Ericsson has announced its "Screen Phone HS210" product - a Linux-based telephone with a touchscreen that can be used for email, web browsing, etc. TurboLinux made a number of announcements this week, including:
Procom to release NetBEUI stack to Linux Community. Procom Technology has announced that it will release its NetBEUI implementation under an open source license. "The NetBEUI stack comprises a significant body of code and several man-years of effort, and will be posted with the instructions and tools necessary for integration with Samba.... 'This is our way of giving back to the community whose technology serves as the foundation for our NAS technology,' said Alex Razmjoo, Procom's President and CEO." VA Linux Systems reports second quarter revenue. VA Linux Systems has reported that its revenues for the last quarter were $20.2 million, "up 537% from the same quarter last year." $300,000 of that was professional services revenue; they turned in a total loss of $8.4 million. See also the transcript of VA's analyst conference call on the results. Among other things, VA claims that SourceForge now hosts one third of all known free software development projects. Section Editor: Jon Corbet.
Press Releases:
Section Editor: Rebecca Sobol. |
March 2, 2000
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Linux in the news page. |
Linux in the newsRecommended Reading: The San Jose Mercury has put up this look at Linus Torvalds. "'Without rivalry -- at least the potential for rivalry -- you don't get anything done,' Torvalds says. `So we've often had cases where there's been two people maintaining very similar kinds of things, and what ends up happening is that I often accept both of them . . . and see which one ends up getting used.'" Eazel: Here's an article in MacUser about Eazel. "When not one, but four, key members of the key team that helped create the original Macintosh operating system regroup in a company dedicated to a new user interface, it's worth taking notice. When the four declare that their aim is to produce a GUI for Linux that will be easier to use than either Windows or even the Mac OS, it's definitely worth finding out more." (Found in Portalux News). Eazel continues to make headlines this week. In Prettying Up Linux, Wired reports that although the progress on a more user-friendly interface for Linux is very promising, it may take some time to get there. "Eazel's president and CEO Boich readily acknowledged a lot of the hurdles, estimating it will be between 12 and 18 months before all the pieces of a Linux consumer-friendly system fall into place." Salon's take on Eazel is complete with a picture and has poked for the business model planned behind Eazel's involvement with free software. "Eazel has a two-pronged plan that includes not only providing a friendly interface for mainstream computer users, but also making a business out of facilitating easy software installation and automatic updates of the rapidly evolving operating system and the applications that run on it. Its business model is to offer these services on a subscription basis, says Christensen, general manager of online services. " On the other end, they got a few more examples of what Eazel would like to bring to the end-user: "'Right now if I want to install a given package, it has to ask me lots of technical questions,' says Hertzfeld. 'Instead, it should be asking you these kinds of questions: What are your interests? What is your career? -- "I'm a math teacher," not "I'm a user of GLib 1.3.7,"' he adds." VA Linux: News.com reports on VA Linux Systems' quarterly results. "Analysts expressed concern over the company's plan to acquire Andover.Net, a Linux and programmer information site, for approximately $1 billion. 'It's a company with very, very small revenues, and you put a lot of money into it,' Lehman Brothers analyst George Elling told VA during the conference call." Also from News.com: this look at the disappointing performance of VA Linux Systems' stock after its high-profile IPO. "The turn of events can be seen as both a possible harbinger of circumspection about the future of the Linux operating system among investors, as well a cautionary example of market excess. All initial public offerings with the best first day gain have largely tanked since 1994, according to Richard Peterson, an IPO analyst with Thomson Financial Securities Data." The Motley Fool ran this column about VA Linux Systems' first earnings announcement. "If you questioned the company's valuation, however, this result validates the notion that their business model doesn't have sufficient income-producing potential to justify the $4.5 billion market cap, especially with the Linux market as crowded as it is. At about 225 times sales and 30 times book value, this baby's still got plenty of room to fall." Other Companies: The Kansas City Star reports on the investments in Atipa. "[Atipa CEO Jason] Talley said the $30 million investment would allow the company to go into a 'hypergrowth' mode and hire top industry professionals. In addition, 'strategic acquisitions are very important to us, and this will allow us to pay in cash if we have to,' he said." News.com also looks at the $30 million investment in Atipa. "But perhaps the most important new support site will be in Silicon Valley, an office that will be run by Marc Torres, formerly head of SuSE's North American operations. In the next three to six months, Atipa hopes to have 20 people in the Silicon Valley office." Here's a ZDNet article on the opening up of Tripwire. "The three Linux powerhouses [Caldera, Red Hat, and SGI] are partnering with TripWire to incorporate tightly the open-source TripWire into their server Linux operating-system lines. Expect to see TripWire security in each company's fall Linux release." PC Week looks at Novell's upcoming announcements. "After nearly two years of talk, the Provo, Utah, company plans to pull the trigger on a broad Linux strategy at its BrainShare user conference in Salt Lake City next month. The centerpiece will be Novell's release of NDS (Novell Directory Services) eDirectory for Linux. The company plans to open some of that code base for the Linux community under its own open-source license, according to sources familiar with the plans." Here's an article in the Arizona Republic about Red Hat; it's a fairly general piece. "The Red Hat name is now among the most recognized in the world of Internet software. Meanwhile, other companies, from giants like IBM to struggling start-ups, have discovered 'the Red Hat effect': Merely mentioning the North Carolina company's name in a press release can turn investors' heads and boost your stock price." Upside looks at Cobalt Networks and the network appliance market in general. "Although industry analysts have long pegged appliance servers -- low-cost, single-purpose devices such as Web servers, file servers and database servers -- as the most natural growth area for the Linux operating system, [Cobalt CEO Steve] DeWitt is the rare businessman willing to bet his entire company on that premise." Tucked away in this article in The Register about Corel, was this interesting tidbit: "Ventura Publisher - the grandpa of desktop publishing packages - was acquired by Corel in 1993 and has languished somewhat, although it still has its devotees and particular strength for handling large documents. It has not been a great money spinner in its own right, and was first tucked away as a module in Corel Draw, although a stand-alone version was subsequently produced. Cowpland said it has now been decided to release a Linux version, which could bring it to greater prominence." Other Business: Here's a column by Lawrence Lessig in The Industry Standard about Jack Valenti, the MPAA person behind much of the DVD mess, among other things. "Courts seem eager to grant the entertainment industry perfect control, quick to deny any space for fair use. It is apparently irrelevant that Linux users will lose access to DVD movies that they have lawfully purchased, or that Canadians will lose access to broadcasts to which their law grants them a right." This Andover.Net column looks at the future of Linux in the light of the Windows 2000 release. "Increasingly, that high valuation will subject these firms to intense pressure to perform miracles. CEOs at these firms will be forced to try and grow at rates few firms have ever managed even in the most expansionary economic periods in history. Add to this the unique demands of the open source community and the stridency of many of that movement's advocates, and you have an almost unprecedented management problem. Few of the present pioneers look to have the kind of skills needed to handle a challenge of this scope." (Thanks to Cesar A. K. Grossmann). MSNBC ran this introductory article which is surprisingly positive (if perhaps overly focused on the "free beer" aspect of Linux). "Windows 2000 has all the press, but the free operating system may be better for you." MacDiscussion.com ran one of those columns criticizing Linus Torvalds for working at Transmeta. "Oh, did I just use the word 'capitalist' and 'Linux' in the same sentence? Apparently our good comrade, Linus Torvolds, decided that proprietary work is not such a bad thing after all. He may even make a little money. So we have the man in one hand shoving Linux code in your face, and in the other hand, which he holds tight to his chest, the blueprints of Crusoe. Is the man wrong or did he just discover what capitalism is all about?" Interviews: LinuxSecurity.com has interviewed David A. Wheeler, author of the Secure Programming for Linux HOWTO. "As far as development goes, currently one of the biggest security problems are buffer overflows. Thus, from a security point of view I'd suggest using a programming language that prevents buffer overflows; Python, Perl, Java, Ada, Eiffel, LISP, and lots of others fit that bill. [Otherwise] be sure to use libraries that defend you against buffer overflows and be especially careful with every line of code." The O'Reilly Network interviews Matt Welsh. "I mean when I started writing documentation there was some pretty inconsistent documentation out there already, some Read Me's and FAQ's -- one of the most famous early documents was somebody had printed out a whole directory listing of every file on a working Linux system. He said, 'Well, I finally Linux to work, so here's the listing of where every file is on the system,' and it printed out to like 40 pages, right, of listings of just where the files were." Upside has this interview with Steve DeWitt. "We think Linux is great. It's incredibly reliable. It's been an enormous enabler for us, but our vision for open source is much bigger than any particular operating system. We might see in the near future one of the major operating systems that is currently proprietary going open source. We think that would be a great thing." Reviews: Linuxcare has put up this article on the SuSE 6.3 upgrade. "It's fairly stylish, but for the life of me, I can not understand this fetish for graphical installation programs. Installing operating systems from scratch isn't trivial. Making it look easy, doesn't make it easy. This is why almost no computer users install from scratch... If Linux was being installed by mainstream computer factories, maybe we wouldn't need our installation programs to be all dolled up like a street walker on a Saturday night." LinuxPower reviews TurboLinux 6.0 Workstation. "TurboLinux has ditched their old AfterStep based Turbodesk solution and adopted GNOME with Enlightenment 0.16 as their default desktop instead. This I think is a wise choice, since TurboDesk was beginning to show its age. I do think however that TurboLinux should have included the latest Gnome-compliant release of AfterStep in order for people who used TurboDesk under earlier releases to be able to keep the windowmanager they had gotten used to." The O'Reilly Net has put up this review of Red Hat's 'Certified Engineer' course and exam. "Overall, I see the RHCE program as thorough, detailed, and concise, but not overly difficult. To their credit, Red Hat doesn't use tricks to mislead students, even on the debugging portion of the exam where subtle problems could have been inserted. The exam ensures that RHCEs are competent, informed, and thoughtful system administrators. As a hiring manager (which I've been) I would look on the RHCE certificate as a significant positive indicator of performance ability." Linuxcare has inaugurated an application of the week column; the first one looks at Pan 0.7.6. "Pan is an open source, graphical newsgroup client for Linux. It is loosely modeled after Agent, a comparable application for Microsoft Windows." ZDNet at CeBIT: ZDNet UK has put up a series of articles inspired by events at CeBIT. They include:
How-to: Freshmeat is carrying an editorial on how to report bugs by Simon Tatham. "Users like this are like a mongoose backed into a corner: with its back to the wall and seeing certain death staring it in the face, it attacks frantically, because doing something has to be better than doing nothing. This is not well adapted to the type of problems computers produce. Instead of being a mongoose, be an antelope. When an antelope is confronted with something unexpected or frightening, it freezes." This week's Dear Lina from Linuxcare looks at managing accounts with ssh. MS Office for Linux?: MS Office for Linux is not likely according to this ZDNet article. Rumors had been circulating at CeBIT that such a move was being planned. "But a company spokeswoman today poured cold water over the idea. 'Developing Linux for Office is still not in our plans,' she said. 'Linux is still not viable and robust enough for what users need.'" This osOpinion piece takes exception to the idea that Microsoft might release Office for Linux. "Perhaps more than anything else is the fact that if Microsoft made a Linux version of Office, they'd have to eat their own words. For quite a while, Microsoft has said that Linux isn't robust enough to replace Windows. If Linux could run Microsoft Office, that would be considered plenty robust for most people." Section Editor: Rebecca Sobol |
March 2, 2000 |
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Announcements page. |
AnnouncementsResourcesA new site called Linux UK has just launched. It appears to be a Slashdot-style news site oriented around Linux topics.EMUmail, creators of the EMU webmail engine, announced a program that would wave the setup fee for Linux based domain names added to its outsourced email system. ibooks.com, publisher of online reference books, announced an integrated service for evaluating, purchasing and using digital reference books. ibooks.com has over 1,500 IT titles under license from industry leading publishers such as O'Reilly and John Wiley and Que. They also offers a number of free titles, including the full Linux Documentation Project (LDP). The March 2000 Linux Gazette is out. EventsIlliad, the User Friendly guy, has put up a page of pictures from CeBIT. (Thanks to Lenz Grimmer).The folks at SuSE have posted some pictures from their CeBIT booth. We received this report from Bang!inux, the Linux Developer's conference being held in Bangalore, India. The report paints a picture of a conference with some interesting events, but marred by extensive use of Windows machines for presentations. The Netproject folks have sent us this announcement of a set of upcoming seminars, some of which are oriented toward the use of Linux in desktop and mobile environments. These seminars generally take place in London.
The first-ever Geek Pride
Festival has been announced. It will take place on April 1, 2000 at
The Castle in Boston. The event will include speakers, a Quake
tournament, a Stump the Geek trivia contest, and a Linux
installfest. The Conference Announcement and Call-for-Papers for the Atlanta Linux Showcase 2000 has been released. Submissions for the Extreme Linux track are due April 17th, 2000, with other deadlines following. ALS 2000 will be held October 10th through the 14th, 2000, in Atlanta, Georgia, USA. Web sitesiChargeit, Inc. d.b.a. Shoppingplanet.com announced the beginning of a marketing campaign to brand the redesigned www.shoppingplanet.com site as well as the other iChargeit sites. Shoppingplanet.com will offer a $399 Linux PC Computer and a $499 Dual Boot Windows/Linux PC Computer through the wholly owned subsidiary Bay Micro Computers. |
March 2, 2000
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Software Announcements
|
Our software announcements are provided courtesy of FreshMeat
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Back page page. |
Linux links of the weekFreeNet is an attempt to create an information publication system similar in scope to the world wide web, but which is much more strongly oriented toward freedom of information and lack of control. It's a highly decentralized system, with anonymous reading and posting, and where it can be hard to tell where information is really stored. FreeNet would make tasks like distributing the DeCSS code much easier. One of the more interesting weblog sites out there is Hack the Planet by Wesley Felter. Section Editor: Jon Corbet |
March 2, 2000 |
|
Letters to the editorLetters to the editor should be sent to letters@lwn.net. Preference will be given to letters which are short, to the point, and well written. If you want your email address "anti-spammed" in some way please be sure to let us know. We do not have a policy against anonymous letters, but we will be reluctant to include them. | |
Date: Thu, 24 Feb 2000 09:39:35 -0700 From: Bruce Ide <nride@uswest.net> To: editor@lwn.net Subject: UCITA Woes Unlike the majority of the readership, I _LIKE_ UCITA. Before you ask me if I'm on crack, let me explain why. UCITA will kill proprietary software dead. It gets rid of the "Who do you sue" FUD that is one of the last remaining bastions of the MS FUD slingers -- every shrinkwrap license I've ever read denies that the software manufacturer is responsible for damages more than $5. The warranty laws in some states have forbidden this in some cases but with a newly implemented UCITA to back up the shrink wrapped, those warranty laws may end up playing second fiddle (IANAL but I play one on TV.) No businessman in his right mind would allow the various licenseing agreements into his business. Especially in the software industry, where Microsoft might decide one day that Borland is violating some little clause in their license and recall their software (for example.) When your company competes against everyone and also provides the majority of the software required to run a computer, it's like shooting fish in a barrel. Twice. In the head. With an elephant gun. I predict that within 5 years of widespread acceptance of UCITA, proprietary software and licenses will be dead (Or at least coughing up blood.) Businessmen will insist on the GPL and openly documented file formats and they won't play unless they get them. This is a good thing (And I'll finally stop getting those !%!@#$ Word attachments in E-Mail.) At the same time, developers will still be in demand. The software world won't stop just because propretary software does. We'll still be able to make a good living doing custom software, software to sell hardware, etc. I can only hope that proprietary software companies don't realize the potential consequences of pushing this software until it's too late and they're all closing their doors. ----- Bruce Ide nride@uswest.net SOMEONE had to put all that chaos there! | ||
Date: Tue, 29 Feb 2000 18:28:21 -0800 From: Rick Moen <rick@linuxmafia.com> To: letters@lwn.net Subject: Tripwire: Open Source? Dear Ms. Coolbaugh and Mr. Corbet: I note with interest your 2000-02-29 news item, "Tripwire goes Open Source". The company press release in question -- and their FAQ at http://www.tripwire.org/faq.html -- claims an "open-source" version will be available in Q3 2000, but conspicuously fails to state under what licence. I hope they will clarify their intentions, and have written them to inquire. The history of Tripwire is interesting. Contrary to the lwn.net story's claim, Tripwire did _not_ originate under an open source model: It was written by Gene Kim and Gene Spafford at Purdue's COAST Lab, with copyright held by Purdue Research Foundation, and was among the many proprietary security packages widely _assumed_ (in error) to be free software (like SSH after v. 1.2.12, COPS, SATAN, and PGP), because of source-code availability. But, like the others, it had permitted-usage, USA-export, and patent restrictions. Kim and Spafford then developed the code through v. 1.2 at COAST, at which time the project stagnated -- perhaps because of its restrictive licencing. In 1997, Purdue Reseach Foundation (the code's owner) licenced exclusive commercial rights to Gene Kim's new company, initially named Visual Computing Corporation, then Tripwire Security Systems, Inc., and finally Tripwire, Inc. That company has released versions 1.3 through 2.2.1 as proprietary, binary-only software (while furnishing source in an "Academic Source Release" (ASR) variant subject to certain proprietary restrictions). The point is that Tripwire, Inc. may still be unclear on open-source licencing -- as Tripwire has never used it, over its entire eight-year history. E.g, wording like the FAQ's statement that "There are currently no plans to make open source any of the other UNIX versions..." makes one wonder if the company is aware that OSD-compliant licences (http://www.opensource.org/osd.html) permit anyone to freely port the code to additional platforms. Additionally, one wonders what latitude Tripwire, Inc. will have in deciding its licence -- since to my knowledge Purdue Research Foundation still owns the underlying copyright, and has _not_ open-sourced its property. Meanwhile, the leading GPLed replacement for the proprietary Tripwire package, Rami Lehti's AIDE (Advanced Intrusion Detection Environment, at http://www.cs.tut.fi/~rammer/aide.html) has already advanced to exceed Tripwire ASR's capabilities, and of course benefits from the accelerated development cycle characteristic of genuine open-source licencing. In that sense, it would make sense for Tripwire, Inc. to genuinely open-source its product, as that might help it to compete. -- Cheers, My pid is Inigo Montoya. You kill -9 Rick Moen my parent process. Prepare to vi. rick (at) linuxmafia.com | ||
Date: Fri, 25 Feb 2000 07:32:13 +1100 From: Matthew Geier <matthew@arts.usyd.edu.au> To: letters@lwn.net Subject: Linux on the IA64 Linux of course has a 5 year head start on being '64bit clean' due to the efforts of Digital Equipment Corp. and the Alpha Chip. It must be 5 years ago now since I first booted Linux on my 21066 based 'noname' and thus joined the 64bit world. (That system is still running...) I've joined in the mailing lists since the early days when most of the device drivers in the linux kernel would not work on the Alpha due to the different native word size, I've first hand seen the effects of sloppy programming that assumes sizeof(int) == sizeof(*int) and the like. UltraLinux bought the 64bit environment to the SunSPARC architecture quite some time ahead of Solaris being able to do so. The Trillian project has the advantage over the others by 'standing on the shoulders of giants'. In particular many of the problems with applications not being 64bit clean in the open source world have been cleaned up over the years as people tried to run the applications on their 64bit platforms (Digital Unix at first, then Linux/AXP, Linux/Usparc), patched the source and submitted the changes to the developers who in most cases don't have 64bit platforms. The commercial closed source world is going to have to find these problems on their own. We can't examine their source code. It is probably a bad sign for 64bit IA64 Windows NT that over 5 or more years of Windows NT being supported on DEC Alpha platforms, it never operated in 64bit mode, but remained a 32bit environment, while both Linux and Digital Unix on the same platform ran in 64bit mode. (And while DEC built different systems for NT and Digital Unix, Linux is more at home on the systems that were built for NT, than the higher end machines intended for DU, which your average Linux hacker couldn't afford!). | ||
Date: Tue, 29 Feb 2000 13:29:55 -0800 From: Dan Kegel <dank@alumni.caltech.edu> To: humbubba@smart.net, letters@lwn.net Subject: cLINeUXn: ignores the LSB? Just read LWN's mention of cLINeUXn, and ftp://linux01.gwdg.de/pub/cLIeNUX/A____start_here which states "cLIeNUX has a very non-standard filename hierarchy." This would seem to make it incompatible with the LSB, which means it won't be able to use software packaged in the future LSB binary package format, and may suffer from other subtle portability problems, since a fair amount of software assumes that files are as specified by the LSB. Perhaps I misread the announcement, but given that 'cat' lives in /command/unix in your distribution, I don't have much hope of that. Am I the only one worried by this? - Dan | ||