Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise
news for all interests
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page
Other LWN stuff:
Archives/search
Recent features: Here is the permanent site for this page.
|
Leading items and editorialsFree software and embedded systems. "Free," as in "liberty," is an important aspect of free software, as Richard Stallman and others often remind us. In a world where our lives are increasingly shaped by the code we use, it is important to have access to that code. Our security, freedom to do what we want with our computers, as well as simple convenience depend on this access. In that light, it is interesting to consider this quote from the same Richard Stallman, from this GnuLinux.com interview: I'm less concerned with what happens with embedded systems than I am with real computers. The real reason for this is the moral issues about software freedom are much more significant for computers that users see as a computer. And so I'm not really concerned with what's running inside my microwave oven. "Real computers" are clearly a more interesting topic at the moment, but it is worth thinking a bit more about embedded systems. All of the pundits tell us that "real computers" will slowly be marginalized in favor of "appliance" systems which serve specific purposes. Consider the new, Linux-based "household appliance" system announced by Gateway as a step in that direction. The Linux-powered TiVo box is another. If we accept that, in the future, we are going to be surrounded by more of these boxes, it may be time to worry about our access to what goes inside them. There is no end of freedom-related issues which can come up in the embedded context:
So freedom is an issue with embedded systems. Not only should source be available for the devices that shape our lives, but there needs to be a way to make "derived products" download new code as well. The alternative is to grant a lot of power to the manufacturers of these devices (and to groups like the DVDCCA which control the manufacturers through licensing contracts). The Linux-powered network camera. Speaking of Linux-powered devices, the folks at Axis Communications lent us one of their Axis 2100 network cameras. The 2100 is a webcam-like device with an interesting twist - it's running Linux inside. In this LWN feature article we describe our experiences with the camera, and discuss a bit what's to be found inside the box. It's an interesting application of embedded Linux, not to mention a fun toy. Language wars. Free software developers are rarely accused of lacking opinions or the willingness to express them. The heat that is generated on development lists can be truly amazing at times - especially when you consider that the people involved manage to remain friends and work well together. At least most of the time. It's surprising, then, that there have not been more language-related battles in the Linux world. Languages can be a religious issue for many, and others are more than happy to jump in for the sake of a good fight. Part of the reason may be that there simply have not been that many languages that have been seen as interesting for Linux development. C remains the language of choice for many, if not most, projects. When developers move beyond C, they usually take the relatively short step of going to C++. Very few large projects have been done in any other language. Things are starting to change, however. C is unparalleled for the degree of control and performance that it gives programmers, and will not be displaced soon. But C also brings with it a legacy of memory leaks, buffer overruns, and lack of expressive power. Increasingly, programmers are looking to other languages which make things easier. And, increasingly, there is not another default language to move to, setting the stage for some serious disagreements. Consider these two developments:
As developers look around for the best tools for the job, we are likely to see more of this sort of fight. Debate over tools can be healthy, but so is a diversity of tools. We are better off if we can work together and promote our favorite tools in their merits, rather than opposing and trying to exclude others. LWN info. We are experimenting with a new "this week in history" section on the LWN back page this week. Drawing on over two years of LWN archives, we look back in the past at events which still have significance today. If people like it, we'll keep on doing it in the future. It's also past time for our occasional reminder of our LWN notification mailing list. We send out a brief note each week once the weekly issue of LWN is published. See our Contact page for details if you would like to sign up. Inside this week's Linux Weekly News:
This Week's LWN was brought to you by:
|
June 1, 2000
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Security page. |
SecurityNews and EditorialsNetscape SSL authentication vulnerability (again). The possibility that an attacker could use a previously authenticated SSL certificate to fool your Netscape session into accepting transactions from a redirected site was first reported in the May 18th LWN Security Summary. Last week, we heard that the problem was fixed in Netscape 4.73. This week, the report is that Netscape 4.73 is still vulnerableto a similar problem, if a user ignores a received warning message, unless the iPlanet Personal Security Manager (PSM) has also been installed. CERT has also issued an updated advisory for the problem. From the paragraph above, the options for person using Netscape seem simple: install the Personal Security Manager. Well, the issue is not quite so simple. If you go to the download site listed above and check their installation instructions for "Unix", it states, "Before you install Personal Security Manager on Unix, you must be logged in as the same Unix user you will be logged in as when you run Communicator. For the Unix installation to succeed, you must have write privileges for both the directory where the Netscape executable resides and the directory where the installation script creates the directory containing the Personal Security Manager files." For an average system, the only user that owns the directory in which the Netscape executable resides is "root". We stepped through the installation and verified that only Netscape running as "root" has access to the Personal Security Manager after its installation. In fact, any attempt to click on the "dead-bolt" security icon by a user other than root will lock Netscape 4.73. This means that you will have to install a private copy of Netscape for each non-root user on your system, and then install a matching copy of the Personal Security Manager. That would be a pretty tall order for a University system with, say, several thousand accounts. Even for a non-technical user with their own PC, this is an unexpected burden. PSM is essentially a broken product within a multi-user Unix environment and needs to be fixed. Security ReportsMajordomo wrapper vulnerability. A problem has been reported with majordomo, in which the majordomo wrapper script can be used to gain access to and run commands under the uid and gid of the login id that owns the majordomo binary. A patch for majordomo is included. xlockmore overflow. COVERT Labs has reported an overflow in xlockmore which can allow an attacker access to password hashes for other users. An upgrade to xlockmore-4.16.1 will fix the problem. Information on updates from Debian, FreeBSD, NetBSD, OpenBSD, SCO and TurboLinux is included in the advisory.IP Filter 3.3.15 vulnerability. IP Filter, a TCP/IP packet filter shipped with FreeBSD, NetBSD and OpenBSD, has been reported to contain a weakness which, via a flawed configuration, can allow a firewall penetration. Patch/workaround and vendor information for the three BSD platforms are included in the advisory. FreeBSD and OpenBSD: incorrectly exported system call. FreeBSD has issued an advisory reporting an undocumented system call that is incorrectly exported. As a result, an unprivileged user can block all processes from exiting properly. New stable versions of FreeBSD dated after May 1st are no longer vulnerable. NetBSD and OpenBSD are impacted, but only in rare cases and with less severe symptoms. Recent OpenBSD 2.7-beta snapshots and the upcoming OpenBSD 2.7 release have been fixed. NetBSD has put out an update as well. NetBSD security updates. NetBSD issued two additional security advisories this week for problems specific to NetBSD: Cobalt FrontPage. As we mentioned in last week's Security Summary, the installation of FrontPage on the Cobalt RaQ2/RaQ3 contains a permissions problem that could allow files on the system to be improperly changed, overwritten or deleted. Cobalt has issued an advisory confirming the problem and making available updated packages to resolve the problem. Commercial products. The following commercial products were reported to contain vulnerabilities:
Updatesdump. Security-related buffer overflows in dump were reported originally in the March 2nd, 2000 LWN Security Summary. For more details, check BugTraq ID 1020.
fdmount. An exploitable buffer overflow was reported in fdmount. For more information, check last week's Security Summary.
gdm. A buffer overflow vulnerability was reported in gdm, the Gnome display manager. An upgrade to gdm 2.0beta4-25 is recommended. kdm. In a related item, kdm, the KDE display manager, also contains a buffer overflow (though not the same one). It has not been demonstrated that this overflow is actually exploitable, but an upgrade is still recommended. gnapster/knapster. For more information, check out the security report in the May 18th LWN Security Summary. gpm improper permissions handling. Improper permissions handling in gpm, the virtual console cut and paste utility and mouse server, was discussed in the March 30th LWN Security Summary.This week's updates: Previous updates:
kscd. kscd, the CD player provided with the KDE multimedia package, can be easily exploited to gain root privileges, if it is installed setgid to "disk". Removal of the setgid bit should fix the problem. This was first mentioned in the May 18th Security Summary.
kdesud. A DISPLAY environment variable overflow can give an attacker access to gid 0. Check BugTraq ID 1274 for more details. Kerberos. Check last week's Security Summary for details. lynx. After a series of reported security problems with the lynx text-based web browser dating back to September of 1999, the code has at last undergone a thorough audit. The latest version, lynx-2.8.3pre.5, is believed to close all major holes. (From last week's Security Summary). mailman. Additional details about the mailman mailing list manager security problems we reported in last week's Security Summary can be found in this Debian bug report log. An upgrade to mailman-2.0beta2 is recommended to close these holes.
openldap tmplink vulnerability. A tmplink vulnerability was reported in openldap. Check the April 27th LWN Security Summary or Red Hat Bugzilla ID 10714 for more details.This week's reports: Previous reports:
Qpopper. Check last week's Security Summary for more details. Qpopper 3.0.2 or later should fix this problem. xemacs. Check last week's Security Summary for details.
EventsJune/July security events. June 12-14, 2000. NetSec 2000, San Francisco, California, USA. June 19-23, 2000. 12th Annual Canadian Information Technology Security Symposium, Ottawa, Ontario, Canada. June 25-30, 2000. 12th Annual First Conference, Chicago, Illinois, USA. June 26-28, 2000. SSS2000 Strategic Security Summit, Helsinki, Finland. June 27-28, 2000. CSCoRE 2000, "Computer Security in a Collaborative Research Environment", Long Island, New York, USA. July 3-5, 2000. 13th IEEE Computer Security Foundations Workshop, Cambridge, England. July 10-12, 2000. Fifth Australasian Conference on Information Security and Privacy (ACISP 2000), Brisbane, Australia. July 14-16, 2000. H2K / HOPE 2000, New York, New York, USA. July 26-27, 2000. The Black Hat Briefings, Las Vegas, Nevada, USA. July 28-30, 2000. DEF CON VIII, Las Vegas, Nevada, USA. Section Editor: Liz Coolbaugh |
June 1, 2000
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Kernel page. |
Kernel developmentThe current development kernel release is 2.4.0-test1. Prior to taking a three-week break, Linus announced the release of a new development kernel series: 2.4.0-test1. This kernel is essentially 2.3.99-pre10 with a couple of additional tweaks; see last week's LWN kernel page for a description of the new features. Now that Linus is gone for a while, there won't be any official development kernel releases. So Alan Cox has taken up the mantle and has started putting out "ac" releases with no end of new stuff. The current version, as of this writing, is 2.4.0-test1-ac7. This release isn't really meant for general consumption; there are several problems that the kernel hackers are trying to track down. The current stable kernel release is 2.2.15. The 2.2.16 prepatch is up to 2.2.16pre7, which is a release candidate version. No NFS update in 2.2.16? The 2.2.16 prepatch contains a number of worthwhile fixes, but is missing any sort of NFS update. The 2.2.15 kernel is running an older version of NFS with a number of problems; it's not doing anything to help Linux's reputation for having a second-rate NFS implementation. Some kernel developers have expressed disappointment that the NFS updates have not gotten into 2.2.16. The story seems to be this: the NFS fixes appear to be stable and well tested. But there are a few remaining questions, including whether their inclusion would require users to upgrade their userland utilities. Meanwhile there is pressure to get 2.2.16 out quickly - 2.2.15 has a number of problems, especially the memory management issues that have been discussed in this space over the last few weeks. So 2.2.16 ships without NFS updates. Maybe in 2.2.17... ReiserFS in 2.4? Hans Reiser has submitted the ReiserFS filesystem for inclusion into 2.4, finally. Of course, he did so just as Linus left town, so no decisions are going to get made on that for a while. But the ReiserFS developers think they are ready, which is a step in the right direction. Trouble with timers. Programming SMP systems can be a tricky business. See, for example, this posting from Andrew Morton regarding kernel timer races. Here is a bit of unpleasantness that, thankfully, was found before 2.4.0 came out. Fixing it is going to require some core API changes, though - not something one wants to do while trying to stabilize a new major release. Kernel timers are simple in concept. When some part of the kernel wants to have something done at a specific point in the future, it sets up a timer. Once the timer expires, a handler function is called to take care of whatever needed to be done. There are all kinds of uses for timers - handling the timing aspects of network protocols, making sure a driver does not hang if a device fails to respond, etc. The <linux/timer.h> include file is invoked by over 400 source files in recent kernels. The real purpose of a kernel timer, much of the time, is to put a bound on the time that the kernel will spend waiting for a specific event. Normally, that event happens before the timer expires; at that point the timer is no longer needed and can be deleted. And that's where the problem comes in: what if the timer expires - and the handler function is called - just before it is deleted? When that happens, there is a timer function running that the main thread of control does not expect to be there. That thread and the timer function may well then conflict with each other. In the best case, this sort of race condition could produce erratic device behavior; in the worst it can corrupt and crash the kernel. The result is an obscure, "once in a million times" bug that is extremely difficult to track down. The simple fix would seem to be to have the function which deletes kernel timers - del_timer() - simply wait until there are no handlers running for that timer. In fact, that's how things worked in the 2.1 days. But this "synchronous" behavior has its own problem: it can easily lead to kernel deadlocks if the routine deleting the timer holds locks that the handler needs. This problem was severe enough that the synchronous behavior was removed before 2.2.0 came out. The real solution is going to require some changes to timer semantics and a detailed auditing of the almost 700 del_timer() calls. Mr. Morton has put together a plan and a patch which gets the process going. In the end, the del_timer() function will go away, having been replaced by a synchronous version (to be called only when deadlocks can't happen) and an asynchronous version (which requires that other arrangements be made to avoid race conditions). The work, hopefully, will be done by 2.4.0, though some residual problems may well remain in the more obscure drivers. Other patches and updates released this week include:
Section Editor: Jonathan Corbet |
June 1, 2000
For other kernel news, see: Other resources: |
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Distributions page. |
DistributionsPlease note that security updates from the various distributions are covered in the security section. News and EditorialsLinux for the Timid, Part 2 (Linux Journal). Linux Journal takes a look at DragonLinux, one of the Linux distributions that can be installed under Windows without requiring disk repartitioning. "Tell me how this sounds. A full-featured, no-commitment Linux OS with networking, K Desktop Environment (KDE), 2.2.6 kernel (so you've got great support for modern hardware), a bevy of tools, network applications (e-mail, PPP), games, you name it, weighing in at a mere 150MB (44MB download size). No need to create a new Windows partition, and perfectly easy to remove if you decide this was a bad idea (you won't). " [From Linux Power]. New DistributionsASP-Linux, Inc. announces a distribution. A company called ASPLinux has announced its plans to launch a new distribution - said to be the first created in Singapore - at the end of June. The list of advanced features it will provide is "true 32 bit processing, multitasking, virtual memory, shared libraries, proper memory management and TCP/IP networking" - these folks are on the bleeding edge. The distribution is apparently aimed at application service providers, and will also include some clustering options. Build Your Linux Disk 1.0alpha1. The alpha release of BYLD (Build Your Linux Disk), a package to help you build your own Linux floppy-based distribution, has been announced. CDROM and even EEPROM support is talked of in the future. spyLinux 1.0.15. spyLinux, an acronym for "(s)mall (py)thon (Linux)", is a single-floppy-based distribution that supports basic utilities, networking and a Python interpreter. The initial release of spyLinux was announced Tuesday, May 30th. The author, Jeff Clement, explains his reasons for creating spyLinux on his web-site: "I create spyLinux because I have a pile of old 486 machines and to make them do something useful. I don't have any extra HDDs so that's out. I figured a machine with a Python interpreter can be almost anything. I can offload scripts to be run onto the machines, I can run web servers, chat servers, network monitoring, etc. This is why I created spyLinux to have a single disk distro which I could use for almost anything." Caldera OpenLinuxCaldera - New FAQs. Caldera has released a list of new FAQs made available in the past week. 14 new FAQs were announced, with subjects including video-related problems, printcaps, Webadmin, burning cdroms and more. ConectivaReview: Conectiva Linux 5.0 (Linux in Brazil). Linux in Brazil reviews (in Portuguese) Conectiva Linux 5.0. They like it - especially for beginning users. English text is available via Babelfish. Debian GNU/LinuxDebian Weekly News (May 30th). This week's Debian Weekly News indicates that the second Debian test cycle has begun. At this point, the attitude toward the remaining 80 or so release critical bugs is getting fairly pragmatic. Richard Braakman commented, "I hope that we can simply ignore most of them. At this point I don't mind releasing potato with a handful of broken packages, if they are not overly popular ones. The test period will show which of the bugs are truly critical." Although security fixes for Debian continue to go in at a rapid pace, information on packages that have been fixed is hard to find; it is certainly missing from the Debian Security Page. Joey Hess talks about the cause of the problem in this week's DWN. They need more help on their security team, but new members need to be people that are already well-known and trusted. Debian GNU/HurdKernel Cousin Debian Hurd (May 24). For those of you interested in tracking the on-going development of the Debian GNU/Hurd project, another Kernel Cousin Debian Hurd is available. Linux-MandrakeLinux-Mandrake 7.1beta (The Duke of URL). Patrick Mullen has put out an in-depth review of Linux-Mandrake 7.1beta, the latest version of Linux-Mandrake which he comments is just about ready to roll out the door. "The product in the limelight here is XFree86 4.0. XFree86 4.0 implements something Windows users have been enjoying for years. Direct hardware access. This will no doubt help the push for more 3D drivers, as we have seen at least nVidia step forward and pump out XF86-4.0 compatible drivers almost immediately after its release." LinuxPPCLinuxPPC. If you're interesting in playing MPEG movies on your LinuxPPC machine, you'll want to check out the new instructions for doing just that. Rock LinuxRock Linux BOF at SANE.
The Rock
Linux BOF at SANE 2000
in Maastricht, The Netherlands apparently took the prize for
longest BOF, running from 4 PM Wednesday to noon on Thursday.
It sounds like Rock was pretty popular:
Slackware LinuxThis week's updates. Not a lot of changes went into the current tree this week. A security fix for fdmount was put out; check the Security Summary for details. A new xlock package was created. It includes xlockmore-4.16.1 without calling it a security fix, but older versions of xlockmore do contain an exploitable buffer overflow, so upgrading to this newer version is recommended. TimeSys Linux/RTTimeSys has put out a press release highlighting the real-time features in their TimeSys Linux/RT distribution.Section Editor: Liz Coolbaugh |
June 1, 2000
Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Development page. |
Development projectsFeature: a look at xcircuit. Xcircuit is a handy program for drawing electronic schematics. It is also useful for creating diagrams that are built from sets of graphical symbols. LWN's Forrest Cook has spent some time playing with this application and has written up a feature article on how it works. Have a look for an introduction to circuit design and hardware hacking with Linux. Python development moves to BeOpen. Guido van Rossum has posted a letter to the Python community describing his move from CNRI to BeOpen.com. "What will change, and what will stay the same? First of all, Python will remain Open Source. In fact, everything we produce at PythonLabs will be released with an Open Source license. And we'll continue to maintain www.python.org. What changes is how much time we have for Python. Previously, Python was a hobby or side project, which had to compete with our day jobs; at BeOpen.com we will be focused full time on Python development!" And, as if Guido hadn't stirred things up enough yet: "Oh, and to top it all off, I'm going on vacation. I'm getting married and will be relaxing on my honeymoon." Congratulations to Guido on all counts! Guido isn't the only one moving to BeOpen.com. BeOpen PythonLabs will be staffed by Guido, Tim Peters, Barry Warsaw, Fred Drake and Jeremy Hylton, according to the Team page, a hefty list of Python hard-hitters. And they are still looking to hire more! We wish them the best of luck in this new collaboration between free software and free enterprise. BrowsersMozilla Status Update (May 25). A new Mozilla Status Update is now available, with reports from all the various Mozilla development groups. It includes the first status report from the newly formed Architecture group. Chatzilla Report. From MozillaZine, we hear that Chatzilla, which adds IRC chat to the Mozilla Tasks menu, has been pre-installed in Mozilla as of the 2000052508 build and appears to be working quite well. Browser Wars: The Future Belongs to the Dinosaurs (ZDNet). This ZDNet column predicts victory for Mozilla. "So far, the GPL and other xPLs have been more social than legal contracts, but if it comes down to it Netscape's parent (AOL/Time Warner) probably has better copyright lawyers than anyone. That should keep people honest and put Mozilla on a path to perfection." GamesNew Linux Game. Burn Baby Burn is a new Linux game that takes a look at the post-apocalyptic world (post-Microsoft court case, to be precise). No licensing information is attached, but the source code is freely provided. It is based on GTK/GDK and requires Glade builder. Quake III arena editor for Linux. Loki has announced the release of the Quake III Arena editor for Linux. It's an "early test" beta version, available for free download. InteroperabilityCorel to host WineHQ. WineHQ, the information point for people interested in Wine, will soon be hosted by Corel. Wine 20000526 released. A new version of Wine has been released. This release includes lots of bug fixes, a new C pre-preprocessor for the resource compiler, and OpenGL support. Network ManagementOpenNMS Update 1.10. This week's Open Network Management System information updatehas been released. Office ApplicationsGnucash heads toward a stable release. The gnucash team has announced a plan to release gnucash-1.4, the first GNOME-based stable release of this financial management package. The schedule they have adopted is aggressive, with a feature freeze happening on June 4 and the actual 1.4 release coming out on June 18. Gnucash is coming along nicely, and this release heralds the beginning of its widespread adoption. AbiWord Weekly News (May 25). This week's AbiWord Weekly News is now available. Check it out to find out who won this week's $299 Patch Prize. The Gimp version 1.1.23 has been released. A new version of the Gimp has been released. This is a bug-fix release that is a step towards the next stable version (1.2) of the program. On the DesktopGNOME 1.2 released. GNOME 1.2 ("Bongo GNOME") has been released - check out the press release for details. In addition, LinuxPower took a look at what's new in GNOME 1.2. Developing GNOME Applications with Gnome-Python (LinuxDev.Net). LinuxDev.Net has run a tutorial article on writing GNOME applications in Python. KDE's Konqueror (LinuxPlanet). This article on "Konquering the Web" discusses the KDE2 Konqueror web browser. Konqueror performs efficiently as a web browser, an FTP client, a file manager, and an application launcher. "It's so powerful that it would be a thick book that documented it fully--but nobody would need the book, because controlling it is so obvious." Keystone VNC system for KDE. Keystone is a KDE tool that acts as a VNC client for remote access to various cross-platform VNC servers. This allows you to control a remote machine as if you were on the local console. GTK+ and GLib 1.2.8 Released. Version 1.2.8 of GTK+ and GLib have been announced. The updates primarily include improved documentation and bug fixes. Web-site DevelopmentPerl to be supported in Zope. Digital Creations has sent around a pre-announcement that they will be working with ActiveState to support Perl scripting in the Zope system. Code is expected to be released at the O'Reilly conference in July. For commentary on this announcement, check this week's Front Page. If you'd like some more detailed information on this decision, you might be interested in checking out this IRC chat session, including Digital Creation's Jim Fulton and Paul Everitt answering questions about Perl, methods and other miscellaneous items. PHP, for example, was also mentioned briefly... A condensed version of the IRC chat is also available on the Zope.org site, for those who don't want to plow through the whole thing. There is evidently some interest at Digital Creations in making these chats into a semi-regular event. This week's Midgard summary. Here is the Midgard Weekly Summary for May 31. It includes a article on how the French business Aurora has expressed interest in contributing to the Midgard project and more. Section Editor: Liz Coolbaugh |
June 1, 2000
|
|
Development toolsC/C++Latest Version of Open-Source Cynlib. CynApps.com has announced a new release of its open-source cynlib C++ EDA hardware design class library. "This version contains a number of enhancements that make it richer, easier to use, and easier to integrate with other EDA tools." SourceForge provides access to Itanium systems. SourceForge has announced that it is providing access to prototype Itanium systems for developers to port their code. They have also set up a IA-64 development portal to go along with the prototype systems. JavaJavaOne.Computer Reseller News reports on Sun Microsystems Inc's hosting of it's fifth annual JavaOne conference in San Francisco, CA. "'Java will play an important role in smaller and smaller devices,' said Reed Hornberger, senior director of horizontal technologies market development for computer systems at Sun, based here. 'While Sun still derives revenue from selling its Java developer tools, it also is working to embrace the open-source community', he said." Websprocket Offers Open-Source Java. A new Java language implementation, JEMINI, is being offered by Websprocket for use on embedded systems. "JEMINI includes a vast array of foundation libraries found in commercial Java distribution. JEMINI also includes a host of libraries suitable for device drivers, embedded file systems, embedded system design, and embedded system design automation." PerlThis week on perl5-porters (22--28 May 2000). The latest report from the perl5-porters mailing list has a heavy section on regex engine enhancements, containing some good background material on the topic. Perl Whirl reports. Reports from Perl Whirl 2000, the Alaska cruise full of Perl geeks, are being made available on use Perl;. So far, no technical tidbits ... don't tell us the scenery really made them speechless! use Perl;. Speaking of which use Perl; is a new companion site to Perl News based on the Slash code. Check their announcement for more details. PHPAre You Being Served? An Introduction to PHP (ZDNet).
Here's an
introduction to PHP in ZDNet. We think they liked it.
PythonThis week's Python-URL. Here is this week's Python-URL. It covers a number of Python-related items, but appears to have come out a bit early to catch Guido's move to BeOpen.com. Introduction to Python (Geeks404.com). If you are interested in learning python, check out this article for a quick introduction to the language. The article provides basic information on the language and is a good starting point for those already familiar with programming. Qt 2.x and Python 1.6 bind together well (SunWorld). Here's a SunWorld tutorial on using the Qt GUI toolkit with Python 1.6. "Most GUI toolkits for Unix are presented through their C programming interfaces or, occasionally, with Java. But the number of toolkits available to Python programmers is remarkable, which is one of the reasons we believe Python is a far better vehicle for exposition and most development. One of the most interesting of these toolkits, PyQt, has just become even more interesting." Section Editor: Liz Coolbaugh |
Language Links Guile Haskell Blackdown.org IBM Java Zone Perl News PHP Daily Python-URL Python.org JPython Smalltalk |
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Commerce page. |
Linux and businessGateway, AOL, and Transmeta collaborate on Internet Appliances. Gateway and America OnLine (AOL) have teamed up to bring a family of new Internet Appliances (IA) to market. This announcement, dated May 30, says the new appliances will be powered by Transmeta's Crusoe Processor running Mobile Linux. Mobile Linux is one of the projects that have been keeping Linus Torvalds busy at the formerly-oh-so-secretive Transmeta. There are three different devices in the works, which will all use the Netscape Gecko browser, described in this press release dated April 5, 2000. "These next-generation appliances will utilize the Netscape Gecko browser technology. Gecko, Netscape's smaller, faster and more potent browser engine technology, is a key component of the AOL Anywhere strategy and is designed to power Internet devices across a range of platforms and enable Web developers to create more compelling Internet-based content and applications. All of these devices will utilize the LINUX operating system." No mention is made of Transmeta or the Crusoe processor in the April 5 announcement, but, later in April, Gateway and AOL are separately listed among several investors who collectively poured $88 million into Transmeta Corporation. The three designs vary in size and functionality, from a wireless Web pad to a countertop appliance, and up to a desktop appliance. The latter will be both smaller and cheaper than a PC, but it will have keyboard, mouse and screen. Users will be able to get to AOL and the Internet and send and receive e-mail. The wireless Web pad connects (wirelessly) to a base station to offer portability with a limited range. It can be used with either a touch pad screen, or a wireless keyboard. Naturally all of these devices come with AOL Internet service. Corel is still in the news. As discussed in the May 18th edition of LWN, Corel is reeling from the cancellation of its deal with Inprise/Borland. It probably didn't help much that shortly after that two senior managers resigned from the company. However, Corel has been working hard to stay in the game. Newsalert carried the initial press release announcing a "bought deal" between Corel and Canaccord Capital Corporation, involving between $15 million to $30 million Canadian. Some additional details are present in this Reuters article. Both press releases heavily emphasize the next step, which will be implementing a "cost-savings plan". While we might expect reports of heavy lay-offs next, what we have seen this week are some alliances designed to keep Corel Linux and Linux products around. Other initiatives announced by Corel this week include:
Announcements from Red Hat. Red Hat has filed its 2000 annual report. Check it out for a complete description of where the company is at. They are up to 435 employees now. Announcements such as this one from Gothic Corp. which says they will sell 269,511 shares of Red Hat stock have not seemed to have fazed Red Hat very much. Red Hat went on to announce the completion of its acquisition of Bluecurve, Inc., and there's this announcement telling us that the Google search engine runs on Red Hat. "Google, one of the fastest growing search engines on the Web, operates its search engine and all of its computing functions on a cluster of more than 4,000 PCs running Red Hat." SourceXchange, FreeAgent.com to join up. Opus360 and Collab.Net have announced a deal where Collab.Net will be sponsoring an open source development section on Opus360's FreeAgent.com site. IBM S/390 RedBook. IBM has posted a "RedBook" for Linux on the S/390. RedBooks are detailed documents aimed at IBM's serious customers - this one is 424 pages long. (Thanks to Alexandre Dulaunoy). Network Appliance, Oracle, VA Linux build NetLedger Data Center. Network Appliance has announced that it is working with Oracle and VA Linux Systems to build the data center for NetLedger; this center involves "several hundred VA Linux servers." Linuxcare joins the IA-64 Linux project. Linuxcare has announced that it has joined the IA-64 Linux (don't call it "Trillian" anymore) project. Press Releases:
License will be mentioned if known.
Section Editor: Rebecca Sobol. |
June 1, 2000
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Linux in the news page. |
Linux in the newsRecommended Reading. Multimedium has run this lengthy article (in French) arguing for the use of Linux in Quebec schools. It argues several points, from the purely financial to the issue of getting control of school computers out of the hands of private companies. English text is available via Babelfish. (Found in Portalux News). Gateway Internet Appliance. ZDNet ran this column on how the new Gateway "home appliance" shows that Transmeta is a threat to Microsoft. "Pay attention: This is the first time that a Top 5 PC maker has stepped out like this, flipping a middle finger in Redmond's direction. (Note that Gateway and AOL, among others, were part of the group providing Transmeta with about $88 million in funding.)" The New York Times ran this AP article on the new Linux-based "home appliance" system from Gateway. "A Transmeta-Linux combination offers consumers an alternative to the combination of computers with Intel processors running on Microsoft's Windows operating system, analysts said." Note that the New York Times is a registration-required site. (Thanks to Paul Hewitt). Reuters looks at the Gateway home appliance. "Analyst Gwennap added that: 'It may be a little bit harder for Microsoft than Intel because Linux definitely has some attractive features. First of all, it's free and, second, the vendors can access the source code and make whatever alterations they need to suit their needs.'" According to this Reuters article, Gateway and AOL will be announcing an "Internet home appliance" system that will be based on the Transmeta Crusoe processor and Linux. Corel. Federal Computer Week looks at WordPerfect for Linux. "WordPerfect Office for Linux represents a significant milestone for the Linux desktop movement in that it is the first commercially established productivity suite to be ported to Linux. As such it brings the same level of functionality and features that have come to be expected from most Windows-based products." This ZDNet column laments the failure of the Corel/Inprise merger. "A Corel/Inprise pairing might have given desktop and personal Linux systems the same synergy that worked so well for Windows. We might have seen Corel's consumer-friendly platform (at least compared with many other Linux distributions) with the company's capable suite of mass-market applications, augmented by the robust Borland tools for writers of more exotic software: tools that could have been sold on a break-even basis, or even as loss leaders, instead of needing to pay their own way." CNet was quick to follow up on Corel's announcement of a deal with Canaccord with their own article, but provided few additional details from the press release. "Corel did not disclose its cash reserves because it is in a quiet period in advance of its quarter closing on May 31, but insisted it can meet its financial obligations." The Ottawa Citizen reports on Corel's falling stock. "The stock fell more than twice as far as anticipated after Corel announced it will sell up to $30 million in stock through Cannacord Capital. " News.com reports on morale at Corel. "Morale took another hit last week when Corel employees traveling for trade shows were forced to pay hotel bills with their own credit cards after learning the company's credit cards had been cancelled." Red Hat. ZDNet interviews Red Hat CTO Michael Tiemann. "In Hitchhiker's Guide to the Galaxy, one of the paradoxes presented is that if people had proof of God, their belief would be fact-based instead of faith-based, and the loss of faith would cause God to cease to exist. The way Linux standards work, you've got to believe. If people believe, then standards are widely accepted. If people don't believe, then everyone's off doing their own thing. In the LSB, there's kind of a schizophrenia." Internet Week reports on Google's use of Linux. "Support was another factor in choosing Linux, Google said. The company has Linux expertise in-house, and values the ability to look at the source code to correct problems, rather than having to rely on a vendor. And where the in-house expertise fails, Google has found the Linux community responsive with fixes." BSD. The San Francisco Chronicle looks at the history of BSD. "The group evolved formal procedures for incorporating improvements made by others into the core system, and thousands of programmers worldwide eventually made contributions to the effort. In effect, the BSD project defined the model later followed -- with variations -- by other open-source development projects, most notably Linux." Also in the Chronicle: this article about FreeBSD in particular. "On the other hand, by next fall, the companies Infonetics surveyed expect to have Linux on 18 percent of their servers and Solaris on 47 percent; FreeBSD's share is projected to drop to 13 percent." IBM. UpsideToday takes a look at how and why IBM has been so fast to pick up and deploy Linux. "'We learned a lot from the Internet,' says Frye. 'Most importantly, we learned about the value of open standards, how you can make a lot of money owning a piece of an open standard as opposed to a little bit of money owning the entire thing.'" Tom Nadeau speculates on IBM's possible plans for OS/2 Warp, in a world where they continue, slowly, to move towards using open source in more areas of their business. "IBM has rewritten the Warp 4 kernel in the latest Fixpack 13 as well as the upcoming Convenience Packs. What if the cumulative rewrites over the past four years have finally eliminated the co-owned code? Then Microsoft would have to keep its mouth shut and watch IBM open a "second front" in the war on Windows." Computer Reseller takes a look at IBM's new hardware and their plans for Linux. "While IBM's server lines currently support Linux, the company plans to utilize some of the NUMA-Q capabilities to push the upstart operating system into the enterprise, said Fry. 'Linux is typically deployed in smaller machines,' Fry said. 'Our goal is to drive Linux to mission-critical applications.'" Other Companies. Computer Reseller News reports that Compaq may open-source parts of Tru64. "During a news conference on the company's new AlphaServers, Compaq Chief Executive Michael Capellas was hesitant when asked if the company had a place for Linux in its high-end hardware offerings. Capellas said he saw Linux as an operating system that could reach 'edge of network' solutions such as Web servers or departmental servers, leaving Tru64 and proprietary Unix to deliver where high-octane computing was needed." ActiveState uses Mozilla in its new IDE, code-named "Komodo". This Upside article takes a look. "No, it isn't the latest Japanese monster film remake. On Wednesday, Activestate, a Vancouver, Canada, company specializing in Perl-based software development, announced that it will use the open source Mozilla browser as a framework for building its new Perl- and Python-integrated development environment, or IDE. " This News.com article looks at the merger of LinuxMall.com and EBIZ. "Though unfavorable market conditions contributed to LinuxMall's decision to derail the IPO, that consideration was secondary in the merger, [LinuxMall CEO Dave] Shaw said." Here's an Interactive Week column about Scriptic's name change. "The company produces a Tcl Pro toolkit as well as continues development of the open source code Tcl scripting language, Ousterhout said. " News.com covers the release of AllCommerce by OpenSales. "OpenSales, a 45-person company based in San Mateo, Calif., filled out its management roster and won $10 million in venture capital earlier this month. With its e-commerce software, the company hopes to reproduce the success of open-source software such as Linux, Sendmail and Apache, which have established solid followings against competition from companies such as Sun Microsystems and Microsoft." LinuxMall.com takes a look at QNX, a company working with embedded systems in an "Open-Source like" development model. "Paul Leroux of QNX's corporate communications division discussed QNX's partially Open Source developmental model. 'A very small percentage of developers would understand the microkernel well enough anyway,' he stated. 'It is not of benefit to provide that code.'" News.com has posted this article about the VA Linux Itanium compile farm. "To get access to the system, people must sign a nondisclosure agreement that requires them not to release information about how fast the systems perform..." Other Business. Evan Leibovitch's latest editorial speculates on potential Linux mergers that could produce some strong competition for the Linux market, now that the IPO route is seen as less dependable. "So... how might things shape up? Here are some match-ups that could be interesting, if they ever were to happen:" A brief, introductory article on Beowulf comments, "Linux clustering means cheap supercomputing". To be more specific, "...a large Beowulf cluster should cost from one-third to one-tenth the price of a commercial parallel supercomputer. Even so, this really is a technology for organizations, not home hobbyists." News.com looks at the new budget Beowulf cluster in Kentucky. "AMD's 3DNow technology was designed to improve the 3D graphics of games. But the feature can also be used to speed up mathematical calculations, said Hank Dietz, a professor at the University of Kentucky and the architect of a new 64-processor Linux supercomputer built out of 700-MHz AMD Athlon microprocessors." Here's a ZDNet article on the decline of Linux stocks. The author thinks things have maybe gone too far. "We're not going to tell you it's time to buy Linux stocks, but there's a serious disconnect between Linux reality and Wall Street." Amongst a list of computer tidbits, ComputerUser comments on the Linux growth curve. "Evans Marketing Services claims that the number of large corporations running Linux increased by 95 percent in the last half of 1999. That's a big jump, and it shows the continued trend toward Linux growth. Evans Marketing's survey also showed that the number of companies running Linux on more than 25 percent of their servers jumped from less than 2 percent in May 1999 to nearly 13 percent in December 1999. Running Linux on more than one-fourth of their servers is a big commitment for companies to make, and this shows quite startling growth in just six months." Here's an article in The Times (London) blaming proprietary software for the recent virus problems. It gets perhaps a bit ahead of the truth, however, in looking at the alternatives. "PCs must be secure and immune to the threat from unauthorised programs. Their reliability has to be improved to that of all other products that have embedded software, such as televisions, mobile phones and cars. In this respect Linux is now ready for deployment on the desktop. Software exists that enables all existing Windows applications to run on Linux without any changes, allowing compatibility to be maintained and ensuring that user skills are not made obsolete." The View, a BeOpen commentary, looks for Open Source Winners. "The potential winners of a MSFT break-up may not be the Operating System vendors, but rather the Open Source Application developers, most of which are still private." Open-source becomes a model for e-governance in this article from The Hindu. "The Panchayat Level Information Network Project progressing in three grama panchayats -- Asamannur, Chottanikkara and Kunnathunad -- is using Linux as the basic operating system (OS). Linux has already attracted notice worldwide from the way it has made even Microsoft look up." Based on the experience of deploying Linux in a Guatemalan Hospital, LinuxMedNews takes a look at the performance of Linux and Windows under pressure. "The central question: How did it [Linux] fare against Windows? Two thumbs up, it worked very well. But the reality is that it has to work with Windows for now. Even in Guatemala they had two Windows machines already in place and running, although not networked." ZDNet has run this lengthy article on running a business without Microsoft products. "Although Linuxcare as a company uses Linux on every desktop, [CTO Dave] Sifry conceded, 'We have not been able to run a 100 percent Microsoft-free environment yet. Any company that is 100 percent Microsoft-free is either too small or not facing up to certain issues.'" (Thanks to David Emile Lamy). Business Week proposes a remedy for the Microsoft antitrust case. "While Judge Jackson probably won't take this advice, here's another way -- and the best way -- to rein in Microsoft: Just "open-source" the Windows code. If done right, this simple move would foster competition, reduce prices for consumers, and increase the quality of the software. It might also be the smartest move Microsoft could make to ensure its future survival." Interviews. Interactive Week talks with VA Linux CEO Larry Augustin. "We're the people that want to work on Linux and open source, we're where they want to work, ok? We've had a great time going out and finding those people who are really Linux and open source developers, and being able to offer them positions here at VA, and essentially do what they love." BeOpen interviews VA Linux CEO Larry Augustin and Samba's Jeremy Allison. "As a native of Sheffield, England -- a traditional hotbed of left-leaning UK politics -- Jeremy Allison has understandable reservations when it comes to wearing the "benevolent dictator" mantle so-often applied to open source software project leaders." Feed Magazine interviews Martin Garbus, the EFF's lawyer in the DVD case. "Take the matter of operating systems -- there's another and very separate issue that you have with the Linux operating system. One of the reasons that there's so much interest in the DeCSS is that DVDs are not yet licensed to play on the Linux operating system. Now, to bring us back to the Betamax case, is Linux like a VCR? Can the motion-picture industry control distribution from the very beginning to the very end?" Finally. This Andover.Net article points out that Bill Gates and Richard Stallman will both be visiting South Korea on the same day. "Though Gates and Stallman have no plans to meet, both are slated to hold talks with government officials here during their visit and may run into each other." (Thanks to Cesar Augusto Kant Grossmann). Section Editor: Rebecca Sobol |
June 1, 2000 |
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Announcements page. |
AnnouncementsResourcesLinux Gazette. Linux Gazette issue #54, June 2000, is out. EventsTulipomania DotCom. For a different view of the "Internet Economy," which seems to include Linux these days, consider attending Tulipomania DotCom, which will be held, fittingly, in Amsterdam on June 2 and 3 (and in Frankfurt the following day). "The aim of the conference is to raise the level of economic competence of the cultural and social sector, and simultaneously inject economic analysis with a sensitivity to on- and offline cultures, as well as a hands-on understanding of the new communication spaces." Linux@Work: Full Report, Photos and more. A full report, complete with photos, is available from the series of Linux@Work seminars held across Europe this past month. As a result of the success of these seminars, three additional ones have been scheduled in November, to be held in Vienna, Rome and Madrid. User Group NewsThe Linux Users' Group of Davis. LUGOD will hold its next meeting on Tuesday, June 6, 2000 at 6:30pm. The topic will be on "OpenMerchant," presented by Rob Ferber, founder of Open Sales, Inc. CLUE holds Mad Skillz Day. CLUE (Colorado Linux Users and Enthusiasts) is having a Mad Skillz Day on June 17th from 11 AM to 4 PM EmploymentThree Axis Interactive in Colorado Springs. Three Axis Interactive in Colorado Springs, CO needs two programmers. |
June 1, 2000
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Software Announcements
|
Our software announcements are provided courtesy of FreshMeat
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Back page page. |
Linux links of the weekLinux and Me is the title of a book in progress by Barry Kauler. It's an introductory work, with current chapters covering installation, X server setup, and the Linux command line. More is to come. Alpha users may want to have a look at AlphaNews.net, which covers current happenings with the Alpha processor. Section Editor: Jon Corbet |
June 1, 2000 |
|
This week in historyTwo years ago this week, as covered in the May 28 LWN, LWN got its own domain at LWN.net. A proposal went out for a thing called the "Linux Standard Base;" it was signed by numerous Linux luminaries. Two years later the LSB has made progress, but many of its goals remain unfulfilled. ZDNet chimed in this week with a delightful piece: But Linux is a communist operating system in a capitalist society. Its popularity is going to lead toward its fragmentation. [...] The above was written by a guy named John Taschek, who apparently hasn't learned a whole lot since... The development kernel release was 2.1.103; work was in progress toward the 2.0.34 stable release. Red Hat 5.1 was unleashed upon the world, as was Debian 1.3.1 r8. One year ago (the May 27 LWN), the Linux world was dealing with the first Mindcraft report. Pacific HiTech changed its name to TurboLinux. The development kernel was 2.3.3; the stable release was 2.2.9. Kernel hacker Ted Ts'o announced his move to VA Linux Systems. SGI announced that its XFS journaling filesystem would be released for Linux. Slackware 4.0 was released. Linuxcare got slapped down by Red Hat for its "Simply Supported" poster. Also, this week in 1998 and 1999 both were marked by the Linux Expo, held in North Carolina. Linux Expo isn't happening this year, it's a victim of the Linux trade show glut. It is missed. See our coverage from 1998 and 1999 to get an idea of what went on. | |
|
Letters to the editorLetters to the editor should be sent to letters@lwn.net. Preference will be given to letters which are short, to the point, and well written. If you want your email address "anti-spammed" in some way please be sure to let us know. We do not have a policy against anonymous letters, but we will be reluctant to include them. | |
Date: Thu, 25 May 2000 10:30:58 -0500 From: Andy Johnson <ajohnson@stens.com> To: letters@lwn.net Subject: Apache != GPL I take issue with the following statement from the front page of the Linux Weekly News May 25, 2000 edition: >Lineo goes on to state that it does not see a number of types of code - such as kernel or Apache modules - >as "derivative works" that are covered under the GPL. Apache is not distributed under the GNU GPL or any other Free Software Foundation license. The Apache license is much more permissive; Lineo has every right to make "derivative works" of Apache and resell them as long as the comply with Apache's license. The Apache license is mainly concerned with keeping Apache's copyrights intact, and making sure the customer knows Apache technology was used to create the product. Several companies have used Apache and its liberal licensing terms to create successful business models, and there is no reason Lineo should not be able to, either. Of course, several third-party Apache modules have been released under the terms of the GNU GPL, and Lineo could have licensing issues with them. However, Apache itself is not licensed under the GNU GPL. Whether this statement originated with Linux Weekly News or Lineo, I felt it needed to be pointed out. | ||
Date: Tue, 30 May 2000 10:39:42 +0100 To: letters@lwn.net From: Nick Huxley <bootsy@liverpool.ac.uk> Subject: Debian not including KDE In response to the letter in the LWN edition on 25th May on Debian not including KDE officially and for that matter the letter regarding the "opening up" of motif, efforts are being made to deal with both these problems they are the Harmony/FreeQT project and lesstif project. Yes Harmony is still going and to my knowledge it is the only place where you can get LGPLed template datatypes like Arrays, Lists etc. The project has completed a sizable amount of work and still needs more help so if anyone feels strongly about it then help us code. A site exists on http://www.yggdrasil.com/~harmony/source.html with the latest version of the code. Regards Nick | ||
Date: Thu, 25 May 2000 12:19:05 +0200 From: J.H.M. Dassen (Ray) <jdassen@cistron.nl> To: "Alan W. Irwin" <irwin@beluga.phys.uvic.ca> Cc: letters@lwn.net, debian-legal@lists.debian.org Subject: Re: When will KDE and Debian get together? In a letter to LWN you write: >As far as I know this is the only major open-source package that is not >officially supported by Debian. I suspect this bad situation is a leftover >from the old flame wars that used to erupt between GNOME and KDE >supporters. It was alleged at the time of those flamewares that although >KDE itself was GPLed, the package could not really be considered free since >it depended on the Qt-1 library which was not. This is a common misunderstanding. "Debian's stance on KDE copyright and licensing issues" (http://www.debian.org/News/1998/19981008) gives an extensive analysis of the KDE issue. The issue is /not/ KDE's dependence on a non-free library, but the incompatibility between KDE's licensing terms and the licensing terms on the Qt library it depends on. >What is ironic about the exclustion of KDE from Debian now, is that the >Qt-1 library is actually officially supported by Debian! It is not. The "non-free" section of Debian mirrors (from which qt1 .debs are available) is /not/ an official part of Debian GNU/Linux and is e.g. not included on the official Debian CD images (http://cdimage.debian.org). >I personally think this whole situation is rather petty, but I was willing >to give Debian some slack so they could gracefully back down from their >impossible position especially now that both Qt-2 and KDE-2 are coming out >under free licenses. While Qt2 is under a free license (after a drafing process in which Debian's Joseph Carter provided extensive feedback), this license, the QPL, is unfortunately not compatible with the GPL. This has been pointed out to Troll Tech, but has not resulted in changes in the QPL. >But in the interests of fairness, I don't see why this official Debian >discrimination against KDE continues. Because there have been no fundamental changes in the situation. After analysis of KDE's and Qt's licensing terms (both the non-free Qt1 licensing terms and the free QPL), the Debian project has concluded it cannot legally distribute KDE binaries. For the Debian project to be able to legally distribute KDE binaries, KDE's and Qt's licensing terms would have to be made compatible. This could be done in many ways, the most relevant of which are: - license KDE under the GPL plus an explicit exception granting the right to (re)distribute binaries linked against Qt - license KDE under a different free license like the Artistic License or - release Qt under a BSD-style license; see http://qt-interest.trolltech.com/auo1.html Many people within Debian have lobbied with both the KDE project and Troll Tech for one of these changes to be made. Regrettably, so far this has not resulted in a change that would allow the Debian project to legally distribute KDE binaries. HTH, Ray -- Pinky, Are You Pondering What I'm Pondering? I think so, Brain, but "Snowball for Windows"? Pinky and the Brain in "Snowball" | ||
Date: Thu, 25 May 2000 09:31:54 -0500 From: Mike Renfro <renfro@tntech.edu> To: letters@lwn.net Subject: Re: When will KDE and Debian get together? Note: I don't speak for Debian, my employer, or anyone else. > As far as I know this is the only major open-source package that is > not officially supported by Debian. I suspect this bad situation is > a leftover from the old flame wars that used to erupt between GNOME > and KDE supporters. It was alleged at the time of those flamewares > that although KDE itself was GPLed, the package could not really be > considered free since it depended on the Qt-1 library which was not. Unless you consider the conslusions reached by several people who have extensively read both the GPL and the QPL invalid, this is more than a mere allegation -- it's a fact. > What is ironic about the exclustion of KDE from Debian now, is that > the Qt-1 library is actually officially supported by Debian! The qt1g package is in the non-free area, which is where all software packaged for use on a Debian system, but *not* conforming to the Debian Free Software Guidelines is held. licq, an otherwise free program with strong, if not unbreakable ties to the Qt toolkit, is held in the contrib area. The licensing difficulties with GPL'd programs using Qt1 (and maybe even Qt2) can be seen at: http://cgi.debian.org/cgi-bin/get-copyright?package=licq What it boils down to is that programs released under an unmodified GPL cannot be linked against non-free libraries, *except* when those libraries are distributed as a standard part of the system. And that exception applies primarily, and perhaps exclusively to proprietary operating systems. GPL'd programs could be linked against Solaris' libc, Motif, or ncurses, or to Microsoft's MFC. But the odds of Qt falling into that category is minimal. My understanding is that if the KDE people add a clause in their licensing that explicitly allows linking with Qt and QPL-licensed programs, that everything is cleared up. As not every application in KDE is solely authored by KDE developers (KDE interfaces wrapped around other GPL'd programs, for example), this might become difficult to achieve on every program. Point 5 of the Debian Social Contract (http://www.debian.org/social_contract) gives more detail on the situation of contrib and non-free software packages in Debian. Point 4 somewhat explains why the software is packaged and archived (top priority is the needs of the users) but why they're relegated to a separate area (the goal of providing am integrated system of 100% free software, with no restrictions preventing value-added development or commercial software running on Debian). > I personally think this whole situation is rather petty, but I was > willing to give Debian some slack so they could gracefully back down > from their impossible position especially now that both Qt-2 and > KDE-2 are coming out under free licenses. Thus, I was very > disappointed by the interview with Martin Schulze pointed to in your > 18 May issue which in Babelfish translation seemed to indicate that > KDE-2 would not be officially supported under potato, but it might > be under woody. The reasons might be legitimate ones but they were > obscured in translation. I would appreciate LWN looking further > into this mess to see if reason will prevail. Potato went into code freeze in mid-January (http://www.debian.org/News/2000/20000116). Qt2 was available at that time, and is currently included in the main (DFSG-compliant) area of the potato archives. KDE2 is *still* not released; if it is released before woody goes into code freeze, and if it is free enough to distribute in the main archive area, then I can only assume it will go in. KDE2's exclusion from potato is therefore a completely technical issue, not a licensing issue. Links to recent threads exhaustively discussing this issue include: http://www.debian.org/Lists-Archives/debian-devel-0001/msg01030.html http://www.debian.org/Lists-Archives/debian-legal-0001/msg00081.html http://www.debian.org/Lists-Archives/debian-legal-0001/msg00109.html -- Mike Renfro / Instructor, Basic Engineering Program 931 372-3601 / renfro@tntech.edu | ||
Date: Thu, 25 May 2000 05:10:38 -0700 From: Joseph Carter <knghtbrd@debian.org> To: jhm@cistron.nl Cc: "Alan W. Irwin" <irwin@beluga.phys.uvic.ca>, letters@lwn.net, Subject: Re: When will KDE and Debian get together? On Thu, May 25, 2000 at 12:19:05PM +0200, J . H . M . Dassen wrote: > While Qt2 is under a free license (after a drafing process in which Debian's > Joseph Carter provided extensive feedback), this license, the QPL, is > unfortunately not compatible with the GPL. This has been pointed out to > Troll Tech, but has not resulted in changes in the QPL. Much of it ignored. Or at least, tentatively agreement and acceptance with last-minute rewriting. Bottom line: There's an underlying problem with KDE. GPL software and Qt (any version released so far) have incompatible licenses. KDE knows this, but they don't wish to be burdoned by the touchy legal situation admitting this problem would create for them, so they openly attack the GPL or outright ignore the problem. Troll Tech is in an ideal position to solve this problem, but isn't really willing to do so out of spite for the GPL, for Richard Stallman, and for the "Free Software community" (or much more accurately, the Slashdot community, most of whom are just trolls and bandwagon-hoppers) who flamed them for encouraging people to violate the GPL by claiming it was legal to use Qt with GPL'd applications. All that is required by a GPL'd application to be linked with Qt is a specific exemption for Qt from being considered part of the software. A few authors are unwilling to provide that (I'm not, but so far none of my code is used within KDE to my knowledge..) but the vast majority of people I've talked to say they would if asked. The KDE people seem to believe that those who object will find out their code is being used and make sure to tell them to stop using it. Forgiveness is easier to get than permission it seems. There are a few people out there genuinely hostile to KDE because of their clear belief they can do what they want because it's not like anyone is going to sue them for it. Nobody really wants to talk about this sort of problem in KDE. Companies such as Red Hat simply ask their lawyers if using KDE will get them sued and their lawyers answer that nobody is going to sue them over KDE, so it gets included. Someone needs to talk about it. Allowing this to continue jepardizes the GPL, setting clear precedent for how this untested license will be interpretted if ever people wind up going to court with it - I've already been witness to projects which have openly defied the GPL. The QuakeLives project, a project based on Id Software's QuakeWorld source code released under the GPL last summer, is a prime example. First they tried to release source code for most of their QuakeWorld-based project, but leaving out a few key files necessary to compile or use it. Then they released a new version under the GPL's terms lacking the features they left code out of their last release for. That point on, they have refused to provide ANY source for ANY release, attempting such things as "closed" beta testing (if you got the client and asked for source, you weren't an official beta tester and therefore your GPL'd binary was "warez" so they didn't have to give you anything) to binary patches for their precompiled binary to moving all of their code into a DLL without which the binary would not run to a click-through agreement in which you "gave up your right" to source to be allowed access to binaries! Their excuses in all these cases are very similar to the excuses KDE has given people about their own legalities. Which is exactly the point: KDE is actively working to tear down the GPL simply so they can do something they know (and many of them even admit) they shouldn't be doing because it's too late to change now. It's not like they'll be sued for it, right? -- Joseph Carter <knghtbrd@debian.org> GnuPG key 1024D/DCF9DAB3 Debian GNU/Linux (http://www.debian.org/) 20F6 2261 F185 7A3E 79FC The QuakeForge Project (http://quakeforge.net/) 44F9 8FF7 D7A3 DCF9 DAB3 <JHM> Being overloaded is the sign of a true Debian maintainer. | ||