Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise
news for all interests
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page
Other LWN stuff:
Archives/search
Recent features: Here is the permanent site for this page. See also: last week's LWN.
|
Leading items and editorialsWhere is the Linux community? Two years ago, now, came the announcements that both Oracle and Infoseek would port their database products to Linux. Such announcements are an hourly event now, so those who weren't into Linux at that time perhaps do not have a feel for what an impact those announcements made. For many, the availability of Oracle was the one indicator that would show that Linux was for real. In the light of those announcements, LWN (in the July 30, 1998 issue) worried about the future of the Linux community. So what happens when Linux really explodes, as seems (to some) inevitable? Just how weird is it going to get? Will we look back with nostalgia to 1994, when nobody knew what we were talking about? Will we want our old Linux back? For now this is still our revolution, and we can maybe shape its future. Before long, that may no longer be true. Two years later, it is perhaps worthwhile to evaluate the situation and see where things stand. The Linux development community may never have been healthier. Once upon a time, it took years to get an X-enabled version of the emacs editor - one of the prominent free software projects of that era. Now projects like GNOME, KDE, Mozilla, and many, many others can aspire to build systems of far greater size and complexity. The free software development process is strong, and knows it. But what about the community? Once the Linux development community was at the core of Linux. Now it is probable that a great many Linux users could not name more than one or two people who developed the software they are using. The old Linux community is simply not present for much of the system's user base. This community may have been pushed to the side, but some time spent on the mailing lists or at events like the Ottawa Linux Symposium (see below) will show quickly that this community is as strong as ever. Its members have, to a great extent, left their university and "day job" positions for jobs with competing Linux companies, but the way they work together has been little changed by all that. The joy of hacking, the emphasis on producing the best code, and the enjoyment of working together all remain. When you're immersed in the development community, it's almost like the good old days - except that far more is going on. The popularity and commercialization of Linux have raised many fears. Would the developers who built the system take offense at others profiting from their work and leave? Will commercial pressures tear the development community apart? Or maybe the developers will take off looking for the next cool thing, now that Linux is mainstream. All of those things could yet happen, but, thus far, they have not. Things look good for Linux development. The Ottawa Linux Symposium was a good place to find the Linux development community. With a program dominated by Linux developers, lots of time set aside for people to talk, access to good beer, and no exhibit floor it was truly a hacker's event. Have a look at LWN's OLS coverage for reports and pictures from the event. The Linux community needs events of this kind. It is this sort of gathering that lets Linux hackers concentrate on the code and each other without distractions. OLS sold out well before the event began; one presumes this means that the conference was successful financially. We're looking forward to the next one. For a different sort of event, consider the LinuxWorld Conference and Expo, to be held in San Jose on August 14 to 17. It will be much that OLS was not: garish exhibits, rock bands, suits and ties, and lots of exhibit hall swag to haul home. An example of the style of this conference can be found in this press release, which raises the hype level to new highs: In San Jose, California, a new space race has captured the hearts and minds of geeks and nerds the world over. Would-be exhibitors at the LinuxWorld Conference & Expo are at wits' end trying to stake a claim to even the tiniest square foot of carpeting, with varying degrees of success.
Somehow one must doubt the extent to which the "hearts and minds of geeks and nerds the world over" are really "captured" by the woes of frustrated LinuxWorld exhibitors. But then, it's a strange world. Of course, the PR also puts the first release of Linux in 1994, and claims that the LinuxWorld exhibit floor has sold out for four years in a row - despite the fact that the first one was in March of 1999... Cheap shots aside, the LinuxWorld conference is also an important event, and LWN's editors not only plan to be there, but will be giving a talk and a tutorial as well. While OLS caters to Linux hackers, LinuxWorld reaches out to Linux users, current and future. It also gives an unparalleled view of the state of the business of Linux. This, too, is the Linux community, in a different form. Some updates from the DVD front. The 2600 case (wherein 2600 Magazine is being sued by the MPAA in the form of Universal City Studios for having mirrored the DeCSS code) has concluded testimony in New York. Some of the final developments in the trial include:
The judge responded very well to Mr. Touretzky's testimony, saying things like "I was hoping we were going to hear something like this through the whole trial." and "I think one thing probably has changed with respect to the constitutional analysis, and that is that subject to thinking about it some more, I really find what Professor Touretzky had to say today extremely persuasive and educational about computer code." Much of the effort in the courtroom seems intended to demonstrate that the intent of those working on the DeCSS software was not to pirate movies. In this way, they hope to get around the provisions in the Digital Millennium Copyright Act against the possession of tools for the circumvention of copy protection mechanisms. DeCSS is, they say, not a circumvention tool; it's simply a way for people to make use of the DVDs they have purchased. Thus, there are two rights being argued here. One is that of reverse engineering - we have the right to look at things we own and figure out how they work. We even have the right to make other things that work in the same way. The other is that code is speech, that there is no way to distinguish between the two. In the U.S., of course, equating code and speech is important, because protections on speech are (still, so far) relatively strong. If code is speech, then we are in our rights to post it. If these rights are lost, free software is in deep trouble. The free software development process works well, but that buys little if it is illegal to develop code that does interesting things, or to distribute that code. The DVD case is about fundamental freedom; let us hope that it goes well. (See also: This Salon article about Goldstein's testimony, this Newsbytes article about Johansen's appearance, and the EFF DVD case archive which contains, among other things, full transcripts of the testimony in the case.) Inside this week's Linux Weekly News:
This Week's LWN was brought to you by:
|
July 27, 2000
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Security page. |
News and EditorialsLinux Distribution Security Report. SecurityPortal's Kurt Seifried released his Linux Distribution Security Report this week. In it, he analyzes security information released from Red Hat, SuSE, TurboLinux and Caldera, including a look at the number of security reports for each release, the time between a vulnerability report and the release of a fix and a brief comparison of the overall efforts of each distribution. Even though he initially decides to throw Slackware and Debian out of his calculations because of their "ridiculously slow release schedules", he later includes them in his conclusion and commentary -- an unfair treatment that, not unexpectedly, produced a response. Jeffrey Baker pointed out on Slashdot that Slackware releases just as often as Red Hat does. Joey Hess responded for Debian. He also pointed out that Debian's minor releases, which are put out just for the purpose of providing an easy mechanism for installing an already patched system, were not counted. It appears that Patrick Volkerding was correct in inflating the version number for Slackware from 4.0 to 7.0 to prevent the misapprehension that Slackware was any further "behind" other distributions. Those problems aside, Kurt's analysis is still very useful and interesting. He ends with a detailed checklist of what a distribution ought to do to make it easier for its customers to stay secure. It is an excellent and useful list. Most of the items on it are one's that we'd like to see done for every distribution out there, not just the major distributions that normally issue security advisories. Here are a few of our favorite suggestions, paraphrased:
The management of the various distributions has started to recognize both the PR value and landmines inherent in the security field. Do the job well and you have an excuse to get your name out there constantly, reminding people of your distribution without paying for expensive press releases. Do the job poorly and you'll provide good fodder for a journalist looking for a reason to rant and rave. In the end, their ability to hire good people, treat them well and keep them, will determine the quality of their security services. ACLU asks for FBI source code. Open source code entered the legal arena from a different avenue this week when the ACLU sent a Freedom of Information Act (FOIA) request to the FBI, asking for details on the "cybersnoop" programs, Carnivore, Omnivore and Etherpeek. The details they requested included the source code to the programs, something the FBI has denied previously on the basis of both security and the rights of the commercial software developers who produced parts of these programs.
To the ACLU's knowledge, the request for program source code is the first of its kind. But Steinhardt said that two federal appeals court rulings that computer code is a form of speech, no different from any other written document, support the ACLU's demand under the the Freedom of Information Act. The Act gives Americans broad rights to obtain written information held by the federal government.
Openhack results. The Openhack contest ended this week when the Openhack database was successfully cracked. The winner? "The crack was performed by none other than Spanish security consultant Lluis Mora, the same person who felled eWEEK Labs' previous security test site." Three new vulnerabilities in MiniVend were found, along with a vulnerability in a Solaris add-on. Details are not being published until the vendors have an opportunity to provide fixes. The contest ended with a report on the Openhack hardening techniques used to secure their server. Note, though, that it is hardest to protect from simple errors; the latest hack was partially made possible when a simple step in the hardening process was accidentally skipped and a vendor default password was left unchanged. That gives a good example of why vendor software should not be shipped enabled with a default password. Vulnerability Reporting Assistance. Due to recent record-levels of vulnerability reports, and the erratic quality of some of them, the folks at SecurityFocus are now offering vulnerability reporting assistance. Free of charge, and, they promise, no-strings-attached, they'll offer assistance in preparing advisories, finding vendors to contact prior to posting and more. "This is not a pay service in any way shape or form. It's actually being performed by the staff here outside of our regular work and on a volunteer basis." An improvement in the quality of advisories and better coordination with vendors should be helpful to everyone who believes in responsible, full disclosure reporting of security problems. GSA Rethinks FIDNet solution (FCW.com). The government will reissue their RFP for a Federal Intrusion Detection Network (FIDNet), according to this article. The new RFP will be restricted to systems staffed and monitored by the vendor. We certainly hope one or more of our open-source-community security vendors takes a crack at this offering ... Another brick in the wall (IBM developerWorks). Subtitled "Fighting a losing battle on the front lines of security", this IBM developerWorks article addresses the basic need to build security into a network from the ground up. "It's a given that your network/security administrators are fighting a losing battle. They probably don't have the time, training, or resources to adequately secure your corporate network. I know this, because I spent the last five years being that outside consultant, working on networks like your own. For administrators, the hardest part of all this, usually, is getting management to allot you the time and resources to develop a plan. " For your amusement. Segfault.org has issued RFC 31337, the initial draft of a new standard. "Unified Backdoor Protocol Specification. This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited." Mail server filters. Because Linux or *BSD is frequently used for mail servers at sites containing desktop systems running other operating systems that are vulnerable to a variety of e-mail based attacks, it is not uncommon to see a virus alert followed by suggestions for improved mail filters for the mail server to filter out such attacks. The following filters were posted to BugTraq in response to one of the most recent Outlook-based attacks: Security ReportsNetscape JPEG COM marker processing vulnerability. Netscape 4.73 and earlier and Mozilla M15 and earlier can be, under limited circumstances, used to execute arbitrary assembly code due to the manner in which they process JPEG COM markers. Solar Designer's detailed announcement of this vulnerability provides a wealth of evidence and detailed information. In the meantime, an immediate upgrade to Netscape 4.74 or Mozilla M16 is highly recommended. Distribution updates for Netscape 4.74 are likely to start rolling in very soon.Red Hat security update to PAM. Red Hat has put out a security update to PAM fixing a problem in that module. If you are running a display manager and XDMCP has been enabled, unprivileged users can fake a console login and shut down the machine. Multiple gpm vulnerabilities. New problems with gpm have been reported, including the ability for a local user to execute arbitrary commands with elevated group privileges and a local denial-of-service attack. Check BugTraq ID1512 for more details.This week's updates: Roxen Webserver. The Roxen webserver is a GPL'd webserver that is shipped with Debian, SuSE, Linux-Mandrake and FreeBSD. On July 21st, a report to BugTraq indicated that Roxen 2.0.46 contained a couple of vulnerabilities that could allow information such as the site administrator's encrypted password to be obtained. Subsequent tests confirmed the problems. An official advisory has also been released, recommending an upgrade to Roxen 2.0.69 (or 1.3.122) to fix these problems. Cgi-bin/Servlet vulnerabilities.
UpdatesUpdates to updates were popular this week...the rpc.statd, openldap and inn entries below are included again primarily due to updated advisories from at least one vendor.NFS/rpc.statd . Check last week's Security Summary for more details.
dhcp. A second set of problems with the ISC dhcp client was reported in last week's Security Summary. New updates to dhcp-3.0b1pl17 (instead of pl12) are now coming out. inn verifycancels vulnerability. Check the July 13th Security Summary for details. ISC released inn 2.2.3 this week, with an official fix.
wu-ftpd. Check the June 15th Security Summary for more details. wu-ftpd 2.6.1 contains fixes for this problem.
openldap tmplink vulnerability. A tmplink vulnerability was reported in openldap. Check the April 27th LWN Security Summary or Red Hat Bugzilla ID 10714 for more details.This week's updates:
ResourcesNew open source tools released by Razor. Just in time for the Black Hat conference, Bindview's RAZOR team announces the release of two new software tools, VLAD the scanner and Despoof, a spoofed-packet checker. A brief review of the license under which the tools are released reveals a probably-Open-Source license, at least in this editor's opinion. LinuxSecurity.com weekly newsletter. For those of you who still haven't gotten enough, here is LinuxSecurity.com's weekly security newsletter. EventsCall for Papers: Computer Security 2000 and International Computer Security Day. The Call For Papers for both Computer Security 2000 and International Computer Security Day (DISC 2000) has been released. Submissions are due by September 22nd, 2000. The two events will be held together from November 26th to December 1st, 2000, in Mexico City, Mexico. Computer Security 2000 is an annual ACM (Association For Computing Machinery) event. July/August security events.
Section Editor: Liz Coolbaugh |
July 27, 2000
| ||||||||||||||||||||||||
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Kernel page. |
Kernel developmentThe current development kernel release is 2.4.0-test4. The -test5 prepatch is in its fifth revision as of this writing. It contains a great many NLS/codepage updates (improving Chinese support among other things), an update to the direct rendering infrastructure driver, a number of ARM architecture tweaks adding support for new systems, an IA-64 update, some md (RAID) updates, a bttv driver update and reorganization, a new SCM Microsystems USB-ATAPI driver, and a tremendous number of little fixes. The current stable kernel release is still 2.2.16. No new 2.2.17 prepatches have come out in the last week - Alan was too busy drinking beer in Ottawa. Alan Cox is pulling out of 2.4 work, at least for now. He apparently just does not have the time to put into it. He made that clear with his posting of the latest 2.4 status page - "Dont mail me updates, find someone else to maintain it." This is a problem. Alan has been a crucial part of the release process for a long time. Somehow he has managed to keep on top of the vast majority of the issues out there. His ability to track problems and to understand what is really important is perhaps unparalleled. His absence is guaranteed to make it harder to put out a stable 2.4 in a short time period. Linus has recognized this problem in his call for a new status list maintainer. In short: it's important. And it's something that Alan did for both 2.0 and 2.2. Nobody can quite live up to "being Alan", but hey, if you don't like long beards you may be just as heppy knowing that. Thankfully, a candidate has actually been crazy enough to step forward and volunteer for this job - it's Ted Ts'o. Ted is an accomplished kernel hacker, but he also has a balanced and calm approach to issues and commands a good deal of respect. This issue was still developing as this page was written, and it was not yet clear that Ted would end up performing this function. But it looks like a good resolution to the problem. Turning disks to bricks with Linux. Andre Hedrick is the maintainer of the Linux IDE/ATA subsystem; as such, he works with a piece of code that is critical to the vast majority of Linux users. He also sits on the ATA standards committee, and understands well the ups and downs of how the protocol works. He recently discovered a significant "down." It seems that there are certain ATA commands that can be sent to a drive which will cause it to destroy itself. Andre posted a thing he called disk-destroyer.c which will use an IDE command to trash the partition table on a disk, thus rendering all data inaccessible. Apparently, however, there are other variants possible which will cause the drive to wipe out its firmware, thus turning it into a true brick. Now, a Linux system is not normally programmed to do such things. But a malicious user program using the ioctl system call is able to bring about this sort of result. Andre saw this as a serious problem, and responded with a major patch to the IDE subsystem; essentially he put in a protocol verification layer which filters out everything that doesn't look like a proper command. The response to the patch was largely negative. Quite a few objections were raised, including:
Let's take a hypothetial example (you judge on just _how_ hypothetical it actually is): imagine that you have a drive that can be made to refuse to read certain removable media based on where the drive was purchased. Imagine that this was actually done in firmware, and that there was a way of overriding it. Imagine further that you moved, and you wanted to make the drive read certain removable media in the new location, using undocumented commands.. Given that the example is in no way hypothetical, this is a point that should be kept in mind. Andre did not, shall we say, take this rejection well. The exchange was long and heated, and is not worth reproducing here. While it is a stretch to say that a consensus was reached, most people seem to have concluded that the drive manufacturers have erred by implementing destructive commands with no sort of protection (a physical jumper, cryptographic verification or both). Andre has now sent a proposed standard change to address the issue. The problem is now back in the court of the drive manufacturers. But then, according to Andre's alleged final post on the issue the standards committee is not particularly concerned by the problem. It may take a "disk2brick" virus to get their attention. A new Linux NFS FAQ is up on nfs.sourceforge.net. It covers a number of issues regarding the current status of Linux NFS. Ironically, it was unavailable for a while due to, well, NFS problems on SourceForge... Other patches and updates released this week include:
Section Editor: Jonathan Corbet |
July 27, 2000 For other kernel news, see: Other resources: |
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Distributions page.
Lists of Distributions |
DistributionsPlease note that security updates from the various distributions are covered in the security section. News and EditorialsIn retrospect. Exactly two years ago, two new distributions were turned loose. One was "maXimum CDE/OS" put out by Xi Graphics - it integrated the AccelleratedX server and Motif/CDE, was aimed at corporate clients, and was expensive. The other announcement was for a thing called Linux-Mandrake - then a version of Red Hat 5.1 with KDE integrated. Two years later, one of those distributions is doing rather better than the other... Debian 2.0 was also released. The Debian Project also made a last minute decision to include KDE in the release and worry about the license problems later. Finally, SuSE 5.3 also was released this week two years ago, as was LinuxPPC release 4. Caldera OpenLinuxCaldera Ships developer preview version. Caldera Systems, once thought of as being one of the more conservative distributors with regard to new software, has announced the availability of a "2.4 technology developer release preview" distribution. This version includes a 2.4.0-test kernel, a Java beta, a KDE 2.0 snapshot, and so on. Don't use this one on your production systems... ConectivaArticle on Connectiva Linux 5.0 (in Spanish). Planetalinux has run this article (in Spanish) on Connectiva Linux version 5.0. English text is available via Babelfish. (Thanks to Arnaldo Carvalho de Melo). DebianDebian Weekly News. This week's Debian Weekly News reports that Test Cycle 3 is underway. It will end on or around August 9th. Confidence is running high that they'll be able to announce Debian 2.2 at LinuxWorld. Debian 2.2 will also have a special dedication, to developer Joel 'Espy' Klecker, who died unexpectedly at age 21. "Almost 200 Debian developers have signed the dedication. We'll miss you Joel." They also report that Progeny, Ian Murdock's Debian-based company, is hiring Debian developers and giving them an opportunity to work on Debian full-time. "A quick look at their staff page turns up some familiar names, including John Goerzen and Branden Robinson. Debian Weekly News has learned that other developers may be joining them soon.." Kondara MNU/LinuxNetLOCK Technologies partners with Kondara. NetLOCK Technologies has announced a partnership with Digital Factory, the people beyond the Japanese Kondara MNU/Linux distribution. NetLOCK's security software will be integrated into future Kondara releases. DemoLinuxDemoLinux 2.0 has been announced. For more information, check the DemoLinux home page. This latest version includes, via the magic of data-compression, more than 1GB of applications (on a 650MB CD).DemoLinux 1.0 was based on Linux-Mandrake. The new version, 2.0, is based on Debian instead. If you try it out, like it and want to install it on your harddriver, they've now made that possible with a Linux-MandrakeThe folks at Linux-Mandrake are building a database of ISP information to support their automated tools. They are looking for your help; check out submission form to add information about your ISP to their database. Hopefully they'll also freely share that information once collected.LinuxPPCThe folks at LinuxPPC have been undergoing a bit of network renovation. They've donated the linuxppc.org domain to a non-corporate entity and it is now the new home of the PowerPC Linux project, the native port of Linux to the PowerPC processor. There have been few minor difficulties as a result of the shuffle of IP addresses. If you are having problems with ftp or with installing Linux on the Blue & White G3, check this note from Jason Haas. It may have the information you need to get the problem straightened out.Max OSMax OS, a Linux distribution from Alta Terra Ventures Corp, should start shipping within four weeks. Their announcement includes a list of industry partnerships, licensing agreements, and a MaxOS certification program. Alta Terra is a publicly-traded Canadian company.SuSEXFree86 support for IBM Netfinity servers enhanced by SuSE. SuSE proudly reported enhanced XFree86 support for the IBM Netfinity server line as the result of the work of SuSE developer Harald Koenig. "'This is just another component of the very successful cooperation between SuSE and IBM', said Dirk Hohndel, CTO of SuSE Linux AG. 'We view full Linux support for all the hardware platforms that IBM has to offer as an important part of our strategy, and IBM has been very active in working with SuSE to achieve this goal. This cooperation spans from driver development for XFree86 to the recently announced version of SuSE Linux for the IBM S/390.'" ErsterTest: SuSE Linux 6.4 PowerPC Edition (MacUp). MacUp reviews (in German) the PowerPC version of SuSE 6.4. They liked it. English text is available via Babelfish. TurboLinuxTurboLinux launches Alpha version. TurboLinux has announced the availability of a version of its distribution for the Alpha processor. TurboLinux's TurboCluster server powers Bikestore.com. TurboLinux has announced that BikeStore.com ("the bicycle portal super-site") is running off a TurboCluster server system. Yellow DogYellow Dog Linux Gone Home beta release. The beta released of Yellow Dog Linux Gone Home, a version of Yellow Dog Linux specifically for home users, was announced at MacWorld this week. "'Written from the ground up almost entirely in [the programming language] Python, our installer features auto-probing of the keyboard, mouse, CD, and hard drives, and contains a new partitioner. I have been demo'ng on an iBook ... the feedback is already helpful and the enthusiasm is amazing. There is a lot of interest in Linux at this show,' states Charles Stevenson, Software Engineer for Terra Soft Solutions." Section Editor: Liz Coolbaugh |
July 27, 2000
Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Development page. |
Development projectsNews and EditorialsIs Mozilla a success or a failure?In a recent osOpinion piece, some of Mozilla's mistakes were pointed out:It seems obvious that the Mozilla crew bit off far more than they could chew, but I think a deeper problem is that the development team reached too far. They are trying to re-invent an entire *platform* when all most people want is a good browser that doesn't crash.
On the other hand, another osOpinion piece comes to the defense of Mozilla: Critics complain that the browser is not in release form yet, but want it to be released now. Let the project run its course, let it become the best browser on the market, then it will be released. When it is done, and not before.
What is the real story? The Mozilla project marked the first time that such a large software product was moved from a closed-source to an open-source model. It is not suprising that a few mistakes and some important lessons were learned in the process. People are concerned that the Mozilla project is running late on delivering a reliable browser. Other complaints are that the project is producing bloatware, not sleekware. The priorities for an open source development are more geared towards producing something that works over shipping on a deadline. Combining that with a large and complex collection of programs almost guarantees a long development period. Mozilla is trying to replace other bloated browsers; perhaps that's just asking for the same problems instead of coming up with a better way. There are complaints about the reorganization of Mozilla into components, but that may, in fact, be the one change that causes the project to produce some useful code. If the component tools that make up Mozilla prove to be easily split off into other successful projects, such as the Galeon browser, then one could say that the project has been worthwhile.
BrowsersMozilla Status Report for July 21. The July 21 Mozilla Status Report is out. Work continues on the repair of numerous bugs. Mozilla Party Europe. A Mozilla Party Europe is being organized, time and location are to be determined. DatabasesBorland releases InterBase 6.0 source code. Borland has announced its release of the InterBase 6.0 database source code. "InterBase 6.0 has been released under a variant on the Mozilla Public License (MPL) V1.1. Developers using InterBase under this license can modify the code or develop applications without being required to open source them. The open source license applies to all platforms." Embedded LinuxRTAI 24.1.0 adds PPC and 2.4 kernel support (Linux Devices). The Real Time Application Interface (RTAI) development team has announced a new beta release of RTAI. Version 24.1.0 of the RTAI development platform has support for the Linux kernel version 2.4 and adds Power PC support. RTAI is licensed under the LGPL. Looking at Microwindows (All Linux Devices). Michael Hall of All Linux Devices has written this article on the Microwindows window system and the FreePad wireless web pad. "If you're curious about the building blocks of an embedded Linux device, or just want a peek at how one works underneath the friendly interface, Microwindows is as good a place to start as any." InteroperabilityWine Weekly News for July 24, 2000. This week's Wine Weekly News is out. The Winsock implementation, CD-ROM label information, link files, and registry implementation are discussed. Introduction to Samba, Part 3 (IBM). Daniel Robbins has written the third article of the series on an introduction to Samba. This article wraps up the series by discussing the configuration of Samba for sharing directories and printers. For those who haven't seen them, here are the first and second articles in the series. Network ManagementOpenNMS Update Vol 1 Issue 18. The latest OpenNMS Update has been published. News includes a new web site, a recap of the O'Reilly Open Source Conference, JSDT, the Event Subsystem, and capsd. Office ApplicationsAbiWord Weekly News (Jul 20). This week's AbiWord Weekly News is now available. Smart quote support won the patch award this week, but the addition of automatic backup on crashes under Unix may win more fans ... GNOME Office, how far along are we? (Linux Orbit). Linux Orbit's John Gowin compares the Gnome Office tools to Microsoft's desktop applications in this article. "To compare Microsoft Word to Abiword is a little like comparing David to Goliath in a pre-fight analysis. Sure, you have to pick Goliath, he's just so big. Which really is a good analogy. Word has become a monster on the the Windows platform. The proverbial 400 lb gorilla. But like some people, I'm not always fond of the "bigger is better" philosophy." Eazel does it (Salon.com). Salon.com's Andrew Leonard has reviewed Eazel's Nautilus file manager. "Nautilus, which runs on top of the GNOME GUI and eventually will be part of the default Red Hat Linux distribution, is the first piece of software I've seen that has a credible chance of luring in the masses of computer users who might be interested in Linux but don't have the time to hack text files from a command line any time they want to get some serious work done." July LyX development news. The LyX Development News for July is out. It covers the beginning of the GTK-- port, and many other topics. Gphoto's Scott Fritzinger (Linux.com). Linux.com has interviewed Scott Fritzinger, founder of the gPhoto digital camera download software project. The interview touches on Gphoto development, USB ports, and reverse engineering digital camera serial data streams. On the DesktopGnome summary for May 30 - July 21, 2000. The latest Gnome summary is out after a long absence; news includes: StarOffice joining Gnome, an Evolution preview release, and an Inti preview release. KDE News. The latest news for KDE includes support for GTK themes, and a feature freeze for the upcoming KDE 1.9.2 release. There is also a pre-2.0 KDE progress report. It gives a good overview of where things stand, and has a lot of nice pictures showing the slick things that will be available in the 2.0 release. Worth a look. ScienceMedical Projects at O'Reilly Open Source Convention (Linux Med News). Linux Med News has published this feature article on the medical projects that were discussed at the recent O'Reilly Open Source convention. Clinic related database software and security of patient data are discussed. Web-site DevelopmentzCommerce first public release. The first public release of zCommerce - a shopping cart and order processing engine for Zope, has been announced. Border Aware Images 0.4 released for Zope 2.2.0. A new version of the Zope add-on known as "Border Aware Images" is now available. This replaces the Zope built-in-image object. Section Editor: Forrest Cook |
July 27, 2000
|
|
Development toolsC/C++Red Hat GPLs Source-Navigator IDE (Linux Devices). Red Hat, Inc announced the the release of Source Navigator under the GPL license. "Source-Navigator, along with Insight, the graphical debugger based on gdb, and gcc, the Open Source compiler, forms a fully functional graphical integrated development environment that is used by developers to edit their source code and compile, link, and debug their applications." PerlWhite Camel 2000 Recipients. The Perl mongers White Camel Awards were announced at the recent Perl conference. Congratulations go to Chris Nandor (Perl advocacy), Elaine Ashton (user groups) , and Nat Torkington (community). yapc::Europe registration. There will be a Yet Another Perl Conference::Europe happening from September 22 through 24, 2000 at the Institute for Contemporary Arts in London, England. Registration is now open. PythonPython-dev newsletter. Here is the first Python-dev newsletter by Andrew Kuchling. Python-dev is a hacker-oriented, detailed summary of Python development activity; if all goes well, Andrew will start writing them every two weeks. Python-URL for July 16. Here is Dr. Dobb's Python-URL for July 26; as always, check it out for the latest in python development news. Pikipiki cooperative web authorizing system. Pikipiki is a cooperative web authoring tool that is written in Python. Pikipiki is licensed under the GPL license. Essential Resources for the Python Professional(InformIT). Inform IT's Boudewijn Rempt has written an article on Essential Resources for the Python Professional. The article includes an extensive list of links to all things Python related and gives an overview of the langage. Python hackers should find lots of useful pointers here. Note that the previous/next page buttons in this article are somewhat finicky, but they can be made to work. Python Enhancement Proposals. The first set of Python PEP's are out, this is a new system that formalizes the process of development on the Python language. Section Editor: Forrest Cook |
Language Links Erlang Guile Haskell Blackdown.org IBM Java Zone Perl News PHP Daily Python-URL Python.org JPython Smalltalk |
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Commerce page. |
Linux and BusinessIDC predictions on server operating systems. IDC has issued this press release with its latest pronouncements on the server OS market. Shipments are expected to increase, but revenues will not follow suit. " Linux revenues will also grow faster than the rest of the market, increasing at a CAGR of over 23%. However, even with this high growth, Linux server operating environment revenues will barely exceed $85 million in 2004, and total Linux server shipments will remain second to Microsoft's Windows Server product family." Ups and downs for Red Hat. Red Hat has put out a press release proclaiming the results of two recent surveys. The latest Netcraft web server survey shows that 72% of the Linux servers out there are running Red Hat, and a Sky Events survey of "Chinese IT professionals" shows that 56% of them call Red Hat the best distribution out there. Also this week: Red Hat has released the source code for its Source-Navigator integrated development environment. "In addition to being a powerful tool used by developers to compile, edit and debug source code for their applications, Source-Navigator has many browsing capabilities that enable developers to do things like display class hierarchies and cross-reference relationships." Red Hat might be riding a bit higher on all that news if it weren't for a couple of other things that have come along. For starters, Novell plans to sell 100,000 shares of Red Hat stock. The shares have an estimated value of $2.4 million. Every such sale can be expected to make another little dent in Red Hat's stock price. The harder news, though, is the resignation of the company's chief financial officer, Harold Covert. Mr. Covert is moving on to a new job as CFO at SGI after less than five months in this position at Red Hat (his appointment as CFO was announced on March 6). It hasn't been all that long since the company lost its chief marketing officer; getting the high-level people to stick around is proving hard for Red Hat. (See also: Red Hat's announcement of Mr. Covert's resignation). Go.com Open Sources web development tools. Go.com has released several of their development tools under an Open Source license, similar to the Apache license. Some reports (including Slashdot) have implied that the Go.com search engine has been Open Sourced. This is not correct. The tools now available include the Tea template language, TeaServlet template engine, Kettle IDE and the Trove library (which has been Open Source for a while). The tools are Java-oriented and some, like the Kettle IDE, currently run only under Windows. This announcement is likely to primarily be of interest to web developers on very large sites who are dealing with the issue of getting up timely content while dealing with a large pool of technical and non-technical staff. One person on Slashdot commented that the documentation alone was worthwhile, because of the information and suggestions it provides for such large sites. Why Open Source? These tools are part of a larger commercial package, so Open Sourcing the entry-level tools can bring in potential commercial customers. The technology is over three years old, so the benefit of holding onto it is minimal. Of course, the desire to pick up some extra, low-cost publicity ... InterBase source now available. Inprise/Borland has announced that the source for InterBase 6.0 is now, finally, available for download. The code is covered under "a variant of the MPL." Head over to the InterBase web site to grab your copy. European Commission call for proposals. This page on Bernard Lang's site describes a call for proposals from the European Commission's Information Society Technologies program; it is looking to fund projects in the area of "distributed development of software and systems." The IST program is already known to be friendly to free software, and the topic obviously fits well with free software development methods. It may be a good opportunity for funding for some enterprising European free software businesses. The page also describes another call that will go out in September addressing the initiation of free software projects. Big Blue Signs Billion Dollar Deal With German Firm. IBM has struck a deal with the German technology group Metall Gesellschaft (mg) Technologies. IBM will service the internetworking needs of MG Technologies across Europe. The European program involves IBM opening seven Linux development centers in Europe, as well as working with many third-party Linux companies to establish the firm as a major Linux vendor. IBM said it has employed the services of around 600 specialized Linux experts to assist it in the task. Also see this related article from cnet News.com. ELC welcomes EMBLIX initiative. The Embedded Linux Consortium has issued an official welcome to EMBLIX, the new Japanese consortium for embedded Linux vendors. "EMBLIX's 24 members at launch and the ELC's 91 members send a powerful message to the global embedded computing community, demonstrating the unquestionable momentum and the long-term viability of the Linux operating system for embedded applications." Also hinted in the welcome was the ELC's preference that EMBLIX actually become part of the ELC; meanwhile, they recognized EMBLIX as their "sister organization" and EMBLIX promised "cooperation" with the ELC. (Check the Distributions Page for the EMBLIX announcement). Zero Knowledge releases Freedom source. Zero Knowledge Systems has announced the release of the source for its "Freedom" kernel interface. This interface allows for the interception of data flowing into or out of a system, thus allowing the application of encryption or other privacy-enhancing techniques. Collab.Net sets up jobs site for the Oracle Technology Network. Collab.Net is moving away from just handling software development activies; it has now announced that it is adding a jobs section to the Oracle Technology Network. The source isn't entirely absent, though - there will also be an "examples" area for Oracle-based systems. O'Reilly Convention Surmounts Expectations (O'Reilly). Carmel Noah from O'Reilly has sent this summary of the just-finished O'Reilly Open Source Convention and Perl Conference. ""What was unique about this conference is that we bring together a wide spectrum of those in the open source community, and as a result unexpected, fortuitous opportunities for new developments seem to happen." It was all about "people meeting, disputing, poring over problems together," noted CEO Tim O'Reilly." 'Building Linux Clusters' from O'Reilly. O'Reilly and Associates has announced the publication of Building Linux Clusters by David HM Spector. Flatland announces the open source release of 3DML. Flatland has announced the release of its "3DML" 3D web publishing platform under the "Flatland Public License," a variant of the Mozilla license. Axis Communications releases embedded Linux developer board. Axis Communications has announced the release of the "Axis Developer Board." This board contains the Axis ETRAX 100 processor and an embedded version of Linux. Press Releases:Open Source Products.
Commercial Products for Linux.
Products Using Linux.
Products with Linux Versions.
Training.
Partnerships.
Investments and Acquisitions.
Financial Results.
Personnel.
Other.
Section Editor: Rebecca Sobol. |
July 27, 2000
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Linux in the news page. |
Linux in the NewsRecommended Reading. Here's a one-year retrospective on Linux IPOs in Upside. "Add the numbers together, and you quickly get the sense that last year's IPO frenzy, while disappointing from an investment perspective, has served its ultimate purpose. By giving early front-runners a chance to separate themselves from the rest of the pack, the stock market has effectively narrowed the future commercial Linux market down to four main runners..." Coverage on the DVD/DeCSS trial continues, with this Newsbytes report that is following the current arguments. "Stevenson, who was a subscriber to a mailing list supporting the development of the LiViD open-source DVD player for Linux, said he was interested in finding out if there was a way to access the encrypted movies without already knowing one of the player "keys" used by licensed DVD technology to unlock CSS. ... He said the CSS security wasn't hard to figure out. 'It took me three days, and I expect that a person more capable than I am would possibly be able to do it in a shorter amount of time'". Companies. Upside reports on the departure of Hal Covert, Red Hat's chief financial officer. "This is the second major executive departure in four months for the open source software company that champions the Linux operating system." Evan Leibovitch comments on the StarOffice source release in this ZDNet column. "In all -- again -- it appears we shall have some interesting times ahead. It's still a bit of a shock to see Sun boldly quote on its web site, 'If you love something, set it free...' (I wonder how much Sun loves Java anymore?)" This brief ZDNet article looks at startup Moonlight Systems. "One product set will upgrade software on large Linux server farms and will support Linux, Solaris and Windows NT. The other product set will offer back-end software. The first offering is hostable e-mail that will compete against open-source offerings like Sendmail. Moonlight will follow an open-source development model where possible, using an open-source code base to develop applications and encouraging customers and partners to contribute to Moonlight's code." Salon looks at Eazel and its "Nautilus" system. "Nautilus, which runs on top of the GNOME GUI and eventually will be part of the default Red Hat Linux distribution, is the first piece of software I've seen that has a credible chance of luring in the masses of computer users who might be interested in Linux but don't have the time to hack text files from a command line any time they want to get some serious work done." The Red Herring has posted this article about Eazel. "As Eazel's story unfolds, its future as an independent business is open to speculation. So far, Eazel has garnered a healthy amount of attention based on the merits of its existence and its founding employees. Andy Hertzfeld and Bud Tribble, included among the founding employees, are known for their work on the original Macintosh interface. Even with its technical prowess, Eazel's changes might work better as part of a larger firm." Intel has introduced its Dot.station web appliance , which runs the Linux operating system. The device includes a built-in telephone and will allow users to surf the web and access email. The new device will most likely be offered by ISPs as part of an overall service package. Upside reports on the StarOffice code release. "However, whether or not the new StarOffice license is the first sign of a companywide policy of software glasnost remains to be seen." Business. ZDNet looks at the history of Unix, with an eye towards Caldera's rumored acquisition of SCO. "Linux, thanks to its broad open-source underpinnings, has overcome the interoperability troubles that bedeviled SCO Unix and its competitors. And, more than just that, it showed that an open-source, open-standard approach was much more successful than the proprietary ones of the older Unix vendors. So it is that Caldera, a newish Linux firm, is now taking over SCO's far older Unix business." Here's a News.com article about the latest IDC report. "In fact, shipments of server operating systems will grow at a compound annual rate of 17 percent from 1999 to 2004, IDC said. However, revenue growth will increase at an anemic 1 percent during the same time period. That discrepancy is explained by the ascendance of low-cost Linux, according to IDC." Forbes asks where the money is in the business of Linux. "It's a strange paradox. Shipments of the Linux operating system have already surpassed Novell's venerable NetWare. And at a projected growth rate of 17%, Linux will outpace all other server operating systems through 2004. But revenue growth will be barely noticeable at only 1%, compounded annually." Here's The Register's take on the latest IDC server numbers. "But again, you could see the dynamics of this changing - .NET is essentially the future of the Internet translated into Microsoftspeak. If Microsoft hadn't invented it (which it didn't) it would still happen anyway. You can expect rival services based on Linux and Unix servers to compete here, and given that the services will be Web-based, where Linux and Unix are the servers of choice, you can see Microsoft having a tough time of it, and again coming under price pressure." (Thanks to James Cownie). Open Game Source takes a look at Battalion, a source-available (but somewhat restricted) game. Battalion dates back to 1995 and has some crufty code to support the SGI workstations of that era. Dennis Payne takes the opportunity to use Battalion as an example of how to recode the sound system for a game using the Open Source SDL library. "Coding the SDL implementation was relatively simple and straight forward. I mainly copied the Linux SoundIt implementation and modified the functions to use the SDL_mixer equivalent." He has, of course, made his patch for the game available. This week's edition of LinuxDevices's Embedded Linux Newsletter is now available. Check it out for a round-up of this week's Embedded Linux news. Resources. Here's an osOpinion piece pointing out Mozilla's mistakes. "It seems obvious that the Mozilla crew bit off far more than they could chew, but I think a deeper problem is that the development team reached too far. They are trying to re-invent an entire *platform* when all most people want is a good browser that doesn't crash." This osOpinion piece comes to the defense of Mozilla. "Critics complain that the browser is not in release form yet, but want it to be released now. Let the project run its course, let it become the best browser on the market, then it will be released. When it is done, and not before." Linux Orbit's John Gowin has published a feature article on GNOME Office. "Like many (or few, depending on who you ask) I believe that Linux can compete in the desktop computing marketplace. To see how far the Linux community has come in this space over the past 12 months is truly remarkable. As both GNOME and KDE move toward their version 2 releases, the importance of an office-like suite of applications can't be over emphasized." Linux Devices is running an Ongoing Poll that asks "What do you value most about open source?" "The picture is now starting to come into focus -- and the results are surprisingly different from what many have probably assumed." Interviews. News.com talks with SuSE CTO Dirk Hohndel. "We (were) profitable in 1998. We started very aggressive growth in late 1998. Aggressive growth obviously means that your revenues are somewhat behind your growth on your cost side. We currently are not profitable, but we are optimistic to become so again. Our revenue was $23 million euros ($21.4 million) in 1999." Finally. Here's a Wired News article about the EuroLinux Alliance and its fight against software patents in Europe. "Jürgen Siepman, attorney and legal adviser of Linux-Verband, a German association that represents numerous Linux companies, is accusing the European Patent Office of inventing its own rules in order to grant more software-related patents. Siepman points out that more than 75 percent of the approved patents were filed by non-European companies." (Thanks to Cesar A. K. Grossmann). CNN has run this IDG article about the O'Reilly open source convention. "The O'Reilly Open Source Software Convention here has become the meeting place between the informality of geek culture and the buttoned-down business world. For example, at last week's event, information technology vendors and user companies came to learn how to develop open-source projects without incurring the ire of the community. At the same time, open-source guru Eric Raymond explained how to talk about the free source-code market to business executives." Upside reports on the O'Reilly Open Source convention. "If the bloom is off the open source rose, somebody forgot to tell the attendees at the O'Reilly Open Source Convention in Monterey this week. With no Red Hat (RHAT) IPO to elevate the media buzz and no bandwagon-jumping venture capitalists looking to be parted from their money, this year's conference still managed to outdraw last year's event." AboutLinux.com, which may have run more reviews than any other site, has put up this article on how there has been no pressure to write only good things about the distributions it reviews. "If I encounter a problem during one of my reviews you can be sure I will report it - but don't be surprised if I mention liking or disliking certain features or utilities! Don't be surprised if I don't find some problems you may have run into - you have to remember that I probably have a different hardware setup, and may not have tried to use the program you have a problem with. I can only report on problems I experience." CNN.com's Joe Barr looks at various game programs under Linux. "This week's column is all about having fun with your Linux desktop. I promise nothing more serious than tips on finding and installing fun new games. The only bad news is that my quest for fun turned up a few potential time sinks you might want to avoid, at least if you're the productive type."
Section Editor: Rebecca Sobol |
July 27, 2000 |
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Announcements page. |
AnnouncementsResourcesFighting Font Frustration. Steve Coile finally got fed up with font problems using Netscape and other tools on his Red Hat Linux System. "If you use Netscape for Red Hat Linux to visit as many Web sites as I do in a day, you've probably found yourself frequently frustrated with how Netscape renders many of them. In some cases, sites are almost unusable because of the horrible appearance and size of fonts. Well, I delved into the matter last weekend and managed to find solutions to most of these problems." Here is the extremely valuable result of his efforts. Most of the information in his three-part article is fairly portable between distributions. Dual Booting (DukeOfURL). There is a tutorial on setting up dual-boot systems on the DukeOfURL site. "When dealing with Windows, there's always one thing that must be followed. Install Windows first." EventsRegistration open for yapc::Europe. Registration has opened for yapc::Europe, a "Yet Another Perl Conference" being held in London on September 22 to 24, 2000. The call for participation is also still out there, with abstracts being due on August 11. The Linux Business Solutions Demo Day Event. The Cerritos Linux Users Group (CLUG) has announced the Linux Business Solutions Demo Day Event, to be held Sunday, August 27th, 2000, in Los Alamitos, CA, USA. "Following up on our successful Linux Demo Day I, Cerritos LUG will be holding a Linux Business Solutions Demo Day for Professional Services to include real estate professionals, attorneys, dentists, doctors, accountants, small to medium sized companies interested in harnessing the power of Linux and learning what the Linux buzz is all about!" Major Events, July/August.
Web sitesKuro5hin off the net. The news site Kuro5hin, which had been attracting an increasing number of readers with its user-selected news stream, has been forced off the net by a sustained series of denial of service attacks. Kuro5hin was an interesting place, LWN is sad to see it go. We encourage Rusty and the others to make another shot at it, and not let this sort of vandalism succeed. You are missed. (Thanks to Lenz Grimmer). |
July 27, 2000 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Software Announcements
|
Our software announcements are provided courtesy of FreshMeat
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Back page page. |
Linux Links of the WeekLinuxAtHome.org is an Advogato-like site oriented toward home users of our favorite system.
WeWantHackers.com. A new job site is up: WeWantHackers.com. They are looking for high-quality developers, and have included a simple "hacking" test in the resume submission process to perform the first level of filtering. This site is run by Bruce Perens and the Linux Capital Group, so the jobs behind it could be interesting. Section Editor: Jon Corbet |
July 27, 2000 |
|
This week in historyTwo years ago (July 30, 1998 LWN): we fretted about the future of the Linux community, as mentioned on this week's front page. Linus Torvalds made the front cover of Forbes - an unheard-of level of recognition at that time. A guy named Dave Whitinger announced the expansion of his "Threepoint Linux News" service. It would take a few more months yet for that service to evolve into LinuxToday. The development kernel was 2.1.112 - and alleged to be in deep feature freeze. The 2.0.36 stable kernel release was in the prepatch stage. The beer-drinking penguin logo in the development series came under criticism - some people thought it would cause Linux to be taken less seriously. It eventually came out. This was also a big week for Linux distributors; see this week's distributions page for a recap. One year ago (July 29, 1999 LWN): The Netscape/Sun alliance backtracked and said that the Netscape Application Server would not be made available for Linux. Both IBM and VA Linux Systems announced plans to get into the Linux support business. Rumors went around that the (rumored) Transmeta processor would be used in the (rumored) new Amiga. Life got difficult for those trying to participate in Red Hat's community stock offering, as the E*Trade system told them they were not eligible. Red Hat was breaking much new ground with this offering, and the financial system was having a hard time adapting. No kernel releases happened this week; the stable kernel remained at 2.2.10 and development at 2.3.11. Stephen Tweedie's raw I/O patch was accepted, however, providing a long-missing functionality to the system. Both the sourceXchange and CoSource.com started ramping up their operations this week. Bruce Perens' Technocrat also launched this week. | |
|
Letters to the editorLetters to the editor should be sent to letters@lwn.net. Preference will be given to letters which are short, to the point, and well written. If you want your email address "anti-spammed" in some way please be sure to let us know. We do not have a policy against anonymous letters, but we will be reluctant to include them. | |
From: "Aaron J. Seigo" <aseigo@mountlinux.com> To: letters@lwn.net Subject: Miguel de Icaza: Unix and policy Date: Thu, 20 Jul 2000 09:25:28 -0600 Hi. The more I watch Helix Code step into the lime light under the reigns of Miguel de Icaza the more I scratch my head. Does this man actually Get It(tm)? The reason Unix does not enforce policy on the system level is because policy belongs at the application level. Why? Well, look at BeOS/Mac/Windows. They each enforce policies on programmers and users at the system level, but because of that they are each cordonned off into their own space of the computing arena. Unix is a substrate that strives to be flexible enough for _any_ policy. The idea is to OFFER choice, not limit them. As soon as one sets policy of any sort of strictness, you immediately lose a good portion of your usability (by definition). By keeping such policy decisions at the application level, you can have the proper set of policies in force at the proper times and in the proper places. To say that a lack of policy creates a "defense system for hackers" is to slap the Open Source community's reputation down and is just plain wrong. Look at the amount of responsibility many open source programmers in the UNIX/Linux world take upon themselves when it comes to security, performance and feature set. In fact, this sounds more like a Redmond compaign than a pro-Open Source developer's words. I point to Icaza's own project Gnome as an example that he is (to quoth him) "smoking crack" when spouting these arguments. Gnome sets policy, and in the right place, too: on the application level. In fact, it is only because of the gift of choice Unix brings that Gnome is possible; it is only because of the gift of grace (aka "defense system for hackers") that Gnome was allowed to stick around for as long as it did despite being as horrible as it was to come to point where it has the opportunity to actually mature. So I sit here and scratch my head. And ask: would I entrust my desktop to a project whose leading visionary is so out into left field? Then I remember: Unix doesn't force policy on me and limit my choices: I can use KDE, or Blackbox, or CDE, or the command line, or.... and suddenly Icaza's rantings seem distant and irrelevant. Which they are. ______________ Aaron J. Seigo Mount Linux | ||
Date: Thu, 20 Jul 2000 14:24:26 -0500 From: "Stoner, David M." <dmstoner@utmb.edu> Subject: re: Unix sucks To: "'letters@lwn.net'" <letters@lwn.net> The editors: Miguel is kidding, right? If he really liked the Microsoft way so much, presumably he would be working for Microsoft. Here are what I hope are obvious retorts to his points as summarized in your article: >Unix is stagnant. As a programmer, what I want above all else is an operating system that never changes, or at least the API never changes. I don't need a system that keeps shifting underneath me and breaking my code. >Unix's problems stem from ... not deciding policy. The user/administrator decides policy. Isn't that what we want? >High level components Fine if you want a bloated operating system which is much more than an operating system; if you control the OS and mean to control everything else and squash anyone who threatens you; if you assume that no one beyond your control will ever write an application. Yet there are high-level components for Unix, the use of which is fortunately still optional. For example, there is CPAN. And there are "glue" languages such as Tcl and its extensions. Miguel is welcome to develop high-level components if he wishes, but I hope he doesn't think they should be part of the operating system and everyone should be forced to use them. David Stoner dms@atlantis.utmb.edu | ||
Date: Thu, 20 Jul 2000 18:22:47 +0200 From: Martin Cracauer <cracauer@BIK-GmbH.DE> To: letters@lwn.net Subject: Staroffice GPL Most people cheering after the annoucement overlook that they won't give us the source for the currently working product. They give us the source for some future experimental stuff. That will be the same situation as with Netscape/Mozilla. We aren't allowed to fix our lovely Navigator-3.x (which is what most people I know would prefer), we have to hack on some Uebercode that in any case is slow and probably won't lead anywhere in the foreseable future. In no way I can share LWN's editor's opinion that Sun tries to avoid Netscape's mistakes. They do exactly the same thing, the delay between annoucement and release (why not next weekend?), the refusal to give out the working cod and even the XML-based components approach. Not a problem for Sun, of course, it will be "OpenSource" that has failed. -- %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% Martin Cracauer <cracauer@bik-gmbh.de> http://www.bik-gmbh.de/~cracauer/ BIK - Aschpurwis + Behrens GmbH, Hamburg/Germany Tel.: +49 40 414787 -12, Fax. +49 40 414787 -15 | ||
Date: Thu, 20 Jul 2000 20:56:46 +0300 (EETDST) From: Tuomas Lukka <lukka@math.jyu.fi> To: letters@lwn.net Subject: GPL StarOffice Let's not forget for a moment that there's only one reason for Sun to release StarOffice under GPL: they want to hit Microsoft where it really hurts. And I believe that it will; this is what is needed to topple their empire. Say in about a year it will be possible to provide a cheap, reliable, care-free distro that can do all the things that business users want and is completely open-source. Microsoft does NOT want to see that day. So while the announcement is great news, don't make the mistake of trusting Sun any more because of this. We have a common enemy but once Microsoft crumbles, I don't expect any more such actions from Sun. Which is all right: GPL will stay GPL, and companies need to compete. But just remember: even though it isn't really said publicly anywhere (the FAQ has some wording which alludes this but Microsoft is not mentioned), this move takes direct aim at Microsoft. Nothing more, nothing less. Tuomas | ||
Date: Thu, 20 Jul 2000 11:17:28 -0700 (PDT) From: "Robert A. Knop Jr." <rknop@lilys.lbl.gov> To: letters@lwn.net Subject: The source of animated images on web pages I am finding myself increasingly annoyed by animated GIFs on web pages. I think this is a result of the fact that more and more of the pages one visit have banner adds, or sidebar ads. As much as I hate to say it, the site that inspired this letter was LWN.net itself. On LWN, as with many other sites, I find it hard to read the text (i.e. the whole reason I went to the web page in the first place) when, at the corner of my eye, there are these things flashing and drawing my attention away. Advertisers will be very pleased to hear this, but I find it irritating and annoying. Obviously, one will say that I should just hit ESC or the "Stop Animations" menu item. Unfortuantely, in Netscape (the only option for a Linux web browser at the moment, if you care about things like https and Java/JavaScript), ESC is also the "stop loading" key. I want is to stop the animated GIFs from flashing, I don't want to stop anything on the page from loading. It seems impossible to stop the images from flashing until everything on the page has loaded. Netscape 4.73 doesn't even seem to be entirely consistent about when the "Stop Animations" menu item is available (via the right mouse button). Especially if the page has borderless frames, sometimes it seems to be nearly impossible without a lot of work to get the animated images to stop. This does not make for a pleasing web browsing experience. The ideal solution would be an international agreement for everyone to stop using animated images on web pages. This is, of course, completely unrealistic, and I don't even expect LWN.net to do it. But, for future developers of web browsers, I would ask that you have a key or icon that will stop all animations on the current page, even if that page isn't fully loaded yet. What's more, a preferences option to disable animated gifs altogheter (with perhaps an override key to start the animations again) would be really nice. (This is analogous to the option many browsers have of just not loading the images unless you push the "images" button.) If Netscape already has an option like this, somebody please let me know. I haven't been able to find it. -Rob Knop rknop@lbl.gov | ||
Date: Thu, 20 Jul 2000 16:54:03 -0700 To: letters@lwn.net Subject: RSA Patent Expiration From: Rick Moen <rick@linuxmafia.com> Dear Mr. Corbet and Ms. Coolbaugh: You may be amused to hear that the data and time the (USA) patent on RSA expires may be literally indeterminate! The RSA algorithm is covered by US patent #4,405,829, which was issued September 20, 1983 (and thus is a 17-year patent) to Ronald Rivest, Avi Shamir, and Leonard Adleman. Everyone says it therefore expires this September 20. Here in the Bay Area, we have tentative plans for a celebration party and informational event concerning RSA and other crypto software, when the patent expires. But, the question is, when exactly? 5 PM Washington DC time on the 20th? 8 AM Washington DC time on the 21st? Hoping to find out when exactly the algorithm can be freely used in the USA without royalties or infringement, we posed that question to some friendly and knowledgeable patent attorneys at the firm Bever, Hoffman, and Harms, LLC (http://www.beverlaw.com/), in San Jose. Partner Julie Stephenson kindly responded, with an e-mail from that firm (which presumably should not be considered legal advice): ---<snip>--- I researched the question right after we spoke. Unfortunately, the answer is that there is no answer. According to Chisum (a premiere researcher in the field), the caselaw on the subject is in conflict. Thus, if a patent has a date of June 28, 1983, and the term of the patent is 17 years, then the last day of coverage of the patent has been interpreted to be both June 27, 2000, and June 28, 2000, in different cases. I looked around a little further, and found no information relating to the time of expiration of a patent. Because the caselaw is still in conflict on the date of expiration, I can't imagine a situation where the *time* on the date of expiration (much less the time zone of the time on the date of expiration) would have been litigated without clarifying that whole date of expiration mess. So I can give you no direction as to *when* you should begin partying. What does this mean for you? Well, you can either party on September 20, 2000, and be prepared to change the name of your party from "the first day of no coverage by the RSA patent" to "the last day of oppression by the RSA patent" while knowing that anyone partying from 11:55 pm to 12:05 am will have actually partied on the right day (ignoring that whole time zone thing) OR you can party on September 21, 2000, and be assured that you are partying on a no-patent coverage day. However, in the minds of some people, you would be partying on the day after the day the patent expires. :) If it helps a all, it appears that generic drug manufacturers would begin selling their drugs on (in the example above) June 29, 2000. (Note that this ignores the issue of then manufacturing the drugs prior to the expiration of the patent, which was one of the bases for litigation in one of the conflicting cases mentioned above.) Sorry I couldn't be more clear - that is the pitfall of working in the law.... There is often no right answer, only opinions and arguments. On the bright side, you can choose a reasonable time and date of expiration (say, 11:59 pm EST on September 20, 2000), and have some caselaw basis for choosing that date. If you think of it, please let me know what you decide. I'll have a drink at that time in celebration. :) Have fun, Julie ---<snip>--- Happily, after one notices that the 20th is a Thursday, the alternative of skirting all these issues by holding the party on Saturday the 23rd, instead, became (er...) patently obvious. -- Cheers, "Open your present...." Rick Moen "No, you open your present...." rick (at) linuxmafia.com Kaczinski Christmas. -- Unabomber Haiku Contest, CyberLaw mailing list | ||