[LWN Logo]
[LWN.net]

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Back page
All in one big page

See also: last week's Back page page.

Linux Links of the Week


GigaLaw is a site dedicated to legal issues on the Internet. Like it or not, such issues are increasingly pushing their way into the free software world. Here's a site which can help interested people to stay on top of the situation. A discussion list has just been added as well.

It may well be that not too many Linux people care about this, but spare a moment for us older folks... September 30 is the last day to order a VAX system. There was a (long!) period where an 11/780 running BSD was the computing platform of choice; it was the system that brought Unix into the virtual memory era. A moment of silence for a system that served us well...

And for a dignified retirement for an 11/780, it's hard to beat the VAXbar.

Section Editor: Jon Corbet


August 17, 2000

   

 

This week in history


Two years ago (August 20, 1998 LWN): It appeared the Linux Standards Base might be in more trouble, as Bruce Perens' departure from the project was quickly followed by the announcement of two competing efforts. The Linux Compatibility Standards Project was announced as a collaboration between Debian and Red Hat to build a written specification on the "right way" to build a proper Linux system. It was designed to complement the LSB and guide application developers on how to build their applications for compatibility with multiple Linux distributions. Only the timing made this look like a competitor to the LSB, though. It was designed to be complementary and was eventually folded into the LSB.

Not so innocuous was the announcement of the Linux Standards Association. As opposed to the community-based LSB, the LSA was designed more like traditional commercial standards organization; members were corporations that paid money. The content was not to be made available for free, founding members would have veto privileges and the initial website was created with Frontpage. The announcement was greeted with outrage on Slashdot and indifference from the community.

Nowadays, we've proven that Open Source is a better way to produce cooperation between companies than membership fees. The LSA is gone and the http:www.linuxstandards.org/ site contains a letter indicating that the site will be redesigned to serve as a clearinghouse for information on standards relevant to Linux.

More recently, the Linux Development Platform Specification version 1.0-beta (LDPS) was released by the Free Standards Project, the umbrella organization that now encompasses the LSB, the LDPS and the LI18NUX Project (Linux Internationalization Initiative). It is still hoped that a final draft of the Linux Standards Base will be available by the end of year; certainly effort in this area is alive and well.

Red Hat announced its "Rawhide" distribution - Red Hat's development version.

One year ago (August 19, 1999 LWN): Red Hat shares jumped from an initial (split-adjusted) high of $26 after their IPO to a new level, $40 per share. Predicting many more public Linux companies to come, LWN announced its Linux Stocks Page and the LWN Linux Stock Index to track the performance of this sector as a whole. Also announced that week was the Red Hat Wealth Monitor, which tracks the value of the Red Hat stock distributed to the Linux community. Two years ago, it was worth $60 million. Even though Red Hat stock is back down to around $25 per share, the Linux Community stock is still worth around $39 million.

For the umpteenth time, someone paved paradise, put up a parking lot. For the thousands of Linux coders who've build the utopian open-source movement - offering free help to create a free operating system - the IPO of Red Hat Software was a sure sign of Wall Street cutting the ribbon on the new Linux mall.
-- The Industry Standard, August 12, 1999.

A Debian "potato" freeze was proposed for November 1.

The Internet Auditing Project released the results of a year-long scan of the Internet. This ad-hoc project searched for sites with previously announced and fixable security vulnerabilities. For example, out of a list of 10 well known vulnerabilities, between 1 to 26 percent of the sites with the given service installed were running a vulnerable version. They likened these vulnerable systems to "wounds" in the Internet, indicating wide-spread illness.

Certainly their findings predicted the potential for the distributed denial-of-service attacks that later took advantage of the proliferation of vulnerable systems to launch broad-scale attacks on well-known websites later that year.

The project recommended the creation of an "International Digital Defense Network" to pro-actively search for vulnerable sites and work to get them to close their vulnerabilities. Discussion on the topic did not seem to take off and there have been no efforts in that area, to our knowledge.

Meanwhile, Magic Software took some real grief for the two live penguins it brought to the LinuxWorld show floor. It seems the animal rights activists weren't too pleased with the idea...

 
   

 

Letters to the editor


Letters to the editor should be sent to letters@lwn.net. Preference will be given to letters which are short, to the point, and well written. If you want your email address "anti-spammed" in some way please be sure to let us know. We do not have a policy against anonymous letters, but we will be reluctant to include them.
 
   
Date: Thu, 10 Aug 2000 10:50:27 -0400
From: "Eric S. Raymond" <esr@snark.thyrsus.com>
To: lwn@lwn.net
Subject: OSI "mostly dormant"?  Not hardly!

Anybody who thinks the Open Source Initiative is "mostly dormant",
as claimed in the 10 Aug LWN, hasn't been paying attention.

We continue to work hard -- and successfully -- at what have always
been our primary missions.  We help develop and certify OSD-conformant
licenses; we act as a trusted channel between the hacker community and
the corporate world; and we occasionally speak out on issues affecting
the entire open-source community. Just recently, for example, we played
an important role in negotiating the new Python license with CNRI
and BeOpen.

We may not be making the visible splash some other organizations are,
but we're listened to where it counts -- by Fortune 500 executives 
and heavy Wall Street investor types on the one hand, and by leaders
in the open source community on the other.   

As for the lack of "what's new" updates -- anybody want to volunteer 
to be our webmaster?  Otherwise, I have to do it...and on my travel
and work schedule, that's not going to happen really often.
-- 
		<a href="http://www.tuxedo.org/~esr">Eric S. Raymond</a>

Hoplophobia (n.): The irrational fear of weapons, correctly described by 
Freud as "a sign of emotional and sexual immaturity".  Hoplophobia, like
homophobia, is a displacement symptom; hoplophobes fear their own
"forbidden" feelings and urges to commit violence.  This would be
harmless, except that they project these feelings onto others.  The
sequelae of this neurosis include irrational and dangerous behaviors
such as passing "gun-control" laws and trashing the Constitution.
   
Date: Thu, 10 Aug 2000 19:40:08 -0400
From: Ian Danby <atdanby.KILLSPAM@mediaone.net>
To: lwn@lwn.net
Subject: Re:3D windows.

I really like the idea of a 3D desktop system. I believe that 3D done at
the GNOME/KDE level makes a lot of sense, and will be necessary for 3D
window managers to be written effectively while maintaining
compatibility. While the following is a long way off, I have a vision of
the future: 'Q3AFM'

'Q3AFM' will be a filemanager that looks like Quake3 Arena, whereby
other users are running around the file system at the same time.
Directory permissions will appear as rooms that only some users could
enter, with the door lock displaying the permissions. Other users can
pick up 'invisible' objects that you can't see. Deleting files is a lot
more fun! (Rocket Launcher ;)

Seriously though, this is a big step in office productivity, whereby an
office file server appears as an arena extension to the local users
arena, collaborative files appear as objects in that arena that can be
picked up and edited or moved to another location. (Of course, some
ojects are 'glued' in place as they are read-only, although you can take
a clone of the object.)
 
Traversing the directory tree downward involves moving down a slope to
the next room. Symlinked directories appear as portals to other areas.
Symlinked files have a shimmering blue appearance to them. RCS locked
files are in a cage. Executable objects appear as sleeping animals (/bin
is an ark maybe??). Lib files will appear as encyclopedias in an ornate
wooden library. Document objects are 'projected' onto walls for viewing.
('Conference' areas will be set up with a with lots of wall space, and a
umask that allows all documents in the room to be viewed by the
participants.) 'Copy and paste' becomes 'clone and drop'. 'Cut' becomes
'pick up'. File modification timestamps are visualized by organic growth
around the base of the object. Directory and file sizes are readily
apparant from the size of the room or object. Superusers appear as God,
and can make objects and users disappear. Users logging off collapse
before your eyes. 'du' sends you sprinting around the filesystem looking
at all the objects. Your $PATH is visualised as a series of viewports to
other rooms.

Personal arenas are set up according to the user's tastes, with weird
and wonderful textures to be found on on the walls, floors and ceilings.



Of course the reality will be:

Corporate arenas will probably all end up being dull gray corridors,
that fade over time and end up getting 'refreshed' only when user
'painter' logs on again in 2 years time.
An NT lava pit will have replaced that arena that held that really
important document that you needed.
Everyone would always be running through the hallways because they're
late for their 'chat' meeting or conference.
Monsters will start appearing in any arena that wasn't hidden behind a
wall of fire...The 3l33t r00t k1t monster looks really nasty.


Unfortunately, I don't have the coding skills necessary to do this. Any
takers??
   
Date: Thu, 10 Aug 2000 23:17:32 -0600
From: Bruce Ide <nride@uswest.net>
To: lwn@lwn.net
Subject: 3D Interfaces

I have considered 3D interfaces. The first thing that jumps to mind
(What you describe in the August 10 issue) buys you nothing over a 2D
environment and adds a lot of expensive computation. It may be cute but
it's not the Interface of the future.

I suspect augmented reality will be the next big step, and it's already
available in the Airline industry if I recall correctly. Almost all the
current market for wearibles is for airline mechanics who want to be
able to see schematics overlaid on top of their current working
environment. A lot of the uses are promising -- the MIT Remembrance
agent, the facial recognition stuff the wearible guys were doing,
attaching data to environments, and having the computer seamlessly
integrate into your environment without forcing you to shift modes to
use it... THAT will almost certainly be the next big interface step.

I see a 3D interface evolving from that. Once you have the augmented
reality, there will be times when people want to interface with the
computer. Programmers will need to do it a lot. Chances are the 3D
interface will have the user IN the environment. Turning ones head will
cause the data to shift. Reaching out and grabbing or touching an object
will operate on it. No need for a mouse -- the computer will be able to
track your hand. Chances are by the time we get there, there will also
be very smooth voice commands and the computer should be able to
understand medium-complex commands. Moreover I foresee the concept of
the rembrance agent becoming much more complex, such that when I'm
working on spreadsheet data for the 2000 budget figures, a remembrance
agent would make available to me an E-Mail thread about the 1999 budget
figures (Perhaps popping up a 3D object on the edge of my vision?)
Implementing rembrance APIs in Gnome/CORBA would be relatively straight
forward.

The hardware to implement most of this already exists. 3D is easy when
you're using a headset. The amount of hardware you can fit into the
space the size of a cigarette pack is enough to give you the basics of
the Interface now. Much of the software already exists and only needs to
be glued together. Expect to start seeing movement in this direction
within the next two to three years.

- -- 
Bruce Ide                   greyfox@paratheoanametamystikhood.net
http://www.paratheoanametamystikhood.net
   
Date: Thu, 10 Aug 2000 13:10:40 -0500
From: "John J. Adelsberger III" <jja@wallace.lusArs.net>
To: letters@lwn.net
Subject: FreeS/WAN and Linux

No US crypto law has changed.  An executive order was signed, and that is
all.  Constitutional protection against ex post facto does not apply to 
executive orders, which are basically nothing more than "current" 
interpretations of laws.  They are not the legally binding interpretations,
which are set by court rulings, but rather are the interpretations the
executive branch uses to decide what to prosecute and what not to.  Nothing
which was legal before is illegal now, and vice versa.

Think about what would happen if, at some future time, a US president
signed a new executive order requiring the prosecution of everyone who
exported any strong crypto code, retroactive to the day the previous
order was signed.  Contrary to "common sense," this would be legal and
quite effective.  Canadians might well then be prohibited from exporting
their own code on account of the actions of the leader of a nation they
don't even live in.  Moreover, many foriegn governments would happily
prosecute people who "illegally" imported sources, although this is not
an issue in Canada.

(I'm not a conspiracy theorist, and I try not to ascribe any malicious
motives to my government(I live in the US.)  However, if the giant
crushes you, you will be no less dead on account of his having been
ignorant and/or stupid rather than vicious.  Do not trust government, 
for it is big, stupid, and far more careless than anyone wants to 
believe.)

-- 
John J. Adelsberger III				ETAONRISHDLFCMUGPYWBVKXJQZ
jja@lusars.net
   
Date: Mon, 14 Aug 2000 14:54:19 -0400
From: "Jay R. Ashworth" <jra@baylink.com>
To: letters@lwn.net
CC: timreason@cfopub.com
Subject: CFONet's "Don't use Linux" report, LWN Daily, 14 Aug

In his CFONet piece, Tim Reason tackles the (no longer especially)
tough topic of server uptime.  Modulo a couple of missing lines in the
copy -- which make us wonder if *CFONet's* servers might be having
uptime problems, it's a pretty decent piece, delving into the topic in
more depth than the typical "number-of-9's" approach, and, indeed,
pointing out why that's not the best way to evaluate reliability in
the first place.

How much money you spend is not nearly as important, as the piece
noted, as what you spend it on. He goes on to note, and quote (Meta
Group's Peter Burris), that Total Cost of Ownership is a much larger
item than the cost of the box -- or, by implication, the operating
system.

In a sidebar ("The Cost Of Cool"), Reason quotes Meta Group analyst
Peter Firstbrook as saying "Linux should be shunned.  It should not be
a part of the business process."  He has two reasons, both of which
display, in my perception, a fundamental misunderstanding of the topic
at hand; I'll take them one at a time.

"It's free.  So what."

Ok, so what?  The *monetary cost* of Linux is not now, nor has it ever
been, the major issue... except, of course, that Linux' market
penetration is *substantially* wider due to it's low cost than it
might otherwise be.  We won't go into the fact that this is a major
contributing factor to the current success -- and quality -- of Linux.

At the enterprise level, though, while purchase price of the OS is
indeed only a part of TCO, I don't believe it's even reasonable here
to say that it's so low a percentage as to be negligible. I'm sure
that the difference between $1,600 per machine and $69 per machine was
*not* unimportant to Jay Jacobs, who bought ~250 copies, nor the 1200
stores Burlington had to equip, and it damned well mattered to
Cendant, who are buying 4000 copies.  And if you can download the free
version of RedHat and use that, well, 4000*$69 wouldn't be a bad bonus
on my salary this year, either.

Now, in these cases, admittedly, the amount of system adminstration
labor is not likely to be much different in cost than it would have
otherwise been: I'm pretty sure the competition was SCO Unix, et al.

But Firstbrook's other assertion is that the McGuffin here is that the
admin crew can modify the OS, and that this is a bad thing both for
traceability and in the amount of time spent just doing it, and I
think that this is pretty short-sighted for two reasons.

First, it is similarly untraceable when Microsoft or SCO make small
changes to *their* operating systems which might have a large effect
on your operations -- but at least with Linux, *you* have control over
whether such changes are made at all, and you can *impose* tracking.
(And, of course, saying "Well, I won't upgrade" isn't practical, due
to vendor support requirements.)

If you *can't* successfully impose such restrictions in a Linux
environment... well, that's not *Linux's* fault, now, is it?

Secondly, the very fact that you can modify the OS when necessary
isn't a bug, it's a feature (:-).  I suspect almost everyone reading
this, if they have not been bitten already by the slow response of OS
vendors to security holes needing patching, has been at risk.

Stipulated: not everyone *does* keep up with such things, but isn't it
nice, from the viewpoint of a 4000-installation company, to know that
you *can*?  If I was that big, I'm sure I'd have an employee tasked to
be all over that topic like a bad smell.

> Linux is out there and people are using it, but it is mostly because
> of the cool factor," he says. "Having somebody who can screw around
> with my operating system would make me very, very nervous," he says.

I hate to tell him this, but people can screw around with his
operating system, no matter what it is.  Much of Linux's competition
in this space does not now, nor will it ever, give him the tools to
*prevent* it.  As far as I can see, the ability to *audit* the OS to
make sure you know what it's doing is much pricier.

"...mostly because of the cool factor"?

Pshaw.

People are using it because, in general, to quote Tom Peters, "It
works, and it never breaks."

Cheers,
-- jra
-- 
Jay R. Ashworth                                                jra@baylink.com
Member of the Technical Staff     
The Suncoast Freenet
Tampa Bay, Florida     http://baylink.pitas.com                +1 727 804 5015


   
Date: Mon, 14 Aug 2000 01:23:00 +0200
To: letters@lwn.net
From: Hanno Mueller <kontakt@hanno.de>
Subject: How ridicilous political discussions on Linux are

Hello,


I find the current discussion on LWN about the correct description of Open
Source politics extremely irritating, if not ridicilous.

Does the open source community have a shared political goal? One that fits
in one of those already existing, neat little boxes labeled communism,
socialism, anarchism?

Almost every time this topic comes up, individuals try hard to back their
personal views by referencing the "community". But good grief, have I heard
lots of differing political views justified that way, sometimes by
celebrities of the movement, and despite being a part of "us" as a
long-time user, I hardly ever shared any of these opinions. And still use
the software, even while I strongly disagree with ESR's views on gun
control or RMS's ideas about the evils of closed-source.

Last time I checked, the Kernel didn't come with a copy of the Communist
Manifesto, there was no anti gun-control declaration included with
Fetchmail, there was no una-bomber mode in Emacs and Apache didn't include
transcripts of Great Chairman Mao's best speeches.

There is a reason why this software is being used: It's useful and it
works. There is a reason why people contribute: They can, it helps
themselves and others and contributing gives them something back. But
that's about it folks agree upon.

"We" hardly ever agree on anything, the standard mode of software
development in the open source world is the flame war. We can't even agree
on the topic of the "best" open source software license. So how could we
agree on a common political goal?

I'd welcome a *serious* study about the politics in open source, but could
people please stop claiming that they know what everybody else in the
community thinks?

Does open source have a political impact? Yes, of course. But is this
really the prime reason why the developers are doing it?


Greetings,

Hanno
Long-time & happy user of Linux in corporate settings. (Gasp! Evil
commercial conglomerates!)

--=20
Hanno Müller, +49-40-5603170, http://www.hanno.de
Meet the digital politician: http://www.phrasemonger.org

"Scientific, but true."

   
From: "The Phantom" <thephantom@psn.net>
To: <letters@lwn.net>
Subject: Napster, DVDCCA and Freeware
Date: Sat, 12 Aug 2000 00:32:33 -0500

Gentlemen,

Steve Ballmer's claims that Linux is a communist phenomenon are hilarious!
Your editorial puts him in his proper place, but even you missed something
pretty fundamental.

The Linux kernel is a gift from Linus Torvalds.  Yes indeed, a gift.  He
wrote it, (or parts of it anyway) it is his PERSONAL PROPERTY just like a
car or a toothbrush, and he gives it away.  He's a cool guy, and a smart
one.
 
He is smart because he knows "Freeware" isn't free.  The people who work on
it don't get paid money for the most part, but they do get cool points in
the computer industry.  Cool points are definitely worth money in a job
interview. Linus gets mega cool points AND the world's best resume.  Hell,
it may even get him a frigging Green Card. Worthwhile return on time
invested?  Oh yeah.  Capitalism at it's finest, I'd say.

Napster on the other hand is organized crime, as Eric Raymond so ably said
last week.  When you buy a CD with Linux on it, you can post it to the web
and broadcast a billion copies if you want because Linus said it was OK.
Madonna did NOT say it was ok to do that with her CD.  So if you give away
a billion MP3s of her stuff, you are STEALING.  Morally, even if there is
some weasel way the lawyers can wiggle out.

I think something like Napster would be great if record companies put their
whole back list on there and charged admission.  Five bucks for all the
obscure dreck you can download.  THAT would be cool, because then you could
find all those obscure one hit wonders out there, make your own CD's, and
what have you without ripping off the owners.

If bands want to do an end run around the established companies, release
free samples, publish on the web etc, far out.  Napster is a great place
for that too.  Give away MP3s for free, sell CDs for cheap.  Even starving
students can pony up a buck or two for a CD, which is what they would sell
for if you took Columbia and RCA out of the loop.

The DVDCCA lawsuit is in a third category.  This is clearly somebody trying
to make balky hardware work with their Linux box, not a nefarious scheme to
rip off the DVD decoding secrets from the manufacturers.  I'm coming down
on the side of the defendants for the following reasons.
 
First, DeCCS is not a work of art, it is worthless without the associated
hardware, and sold AS PART OF the hardware.  The kids bought the hardware
AND the software and are now the owners of their copy.  They are not
licensees or renters or any other such thing because they did not agree to
any such contract when they bought the DVD drive.  If a guy sells a book
with a secret message in it, does he have any right to be upset if you
decode the message ?  I think not.  He sold the message to you with the
book.

Second, the manufacturer looses NOTHING if some teenagers make a device
driver to run the DVD hardware under Linux.  No loss, therefore no harm,
therefore no foul.

Third, If you buy a Chevy does GM still own the software that runs the
engine management computer?  Doubt it!  You bought it fair and square, it's
yours.  If you hack the computer and develop a gizmo to tweak your spark
curve or fuel injectors are you stealing?  Nope.  What if you show your
tweaker gizmo to other people, maybe even sell it?  Nope.  If you copy the
computer in the car and sell it or give it away, THEN it's stealing.  Same
as a fake Swiss Army watch.  However the law may differ on this point, I am
not sure.  Laws seldom follow morality, except by accident.

So there you go.  Nice news magazine you have here too.  Keep up the good
work.

The Phantom http://www.neptune.psn.net/~thephantom/



 

 

 
Eklektix, Inc. Linux powered! Copyright © 2000 Eklektix, Inc., all rights reserved
Linux ® is a registered trademark of Linus Torvalds