Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise
news for all interests
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page
Other LWN stuff:
Archives/search
Recent features: Here is the permanent site for this page. See also: last week's LWN.
|
Leading items and editorialsLike standards, software licenses have a nice feature: there's an awful lot of them to choose between. Of course, the feature is not all that nice in either case, especially not with software licenses. Unlike standards, software is often combined in interesting ways. As the amount of free software grows, the interest in building on what has already been grows with it. The proliferation of licenses is increasingly an obstacle to the free use of free software. Consider some examples:
There has been a surge of interest recently in component architectures and massive code reuse. Much work has gone into providing the infrastructure that makes this reuse possible and easy. But the flood of incompatible licenses threatens to bury the entire effort. What use is interoperable code if it can not be legally linked together? The release of code from companies is to be applauded. But code that comes out under a unique, overly restrictive license is an island; it can not live up to its potential as part of the free code base. It is heartening to see some high profile companies begin to use the well known, established free software licenses on at least some of their releases. Along these lines, the relicensing of Mozilla, where parts will also be covered by the GPL, is an encouraging development. Let us hope this trend continues.
LWN Feature: Interview with Eazel's Bud Tribble. LWN editor Liz Coolbaugh sat down at LinuxWorld for a chat with Bud Tribble, Vice President of Engineering for Eazel. Here is that interview, for your enjoyment. The focus of the interview is on Eazel's experiences over the past six months, Nautilus and GNOME's future. Taking a ride on the Galeon. Many LWN readers will likely have heard of the Galeon project by now. Galeon, of course, is a relatively new web browser built around Mozilla's Gecko rendering engine. Unlike Mozilla, however, Galeon restricts itself to just web browsing. Other tasks, such as news reading, email, and HTML editing are left to other applications. Galeon should thus be of interest to anybody who has been dismayed by the sheer bulk and bugginess of Mozilla (and its commercial cousin Netscape 6). After all, many of us have already found ways of dealing with email and such, and simply want to look at web pages. Your editor, being one of those people who could never really relate to the Mozilla milestone releases, decided to pull down Galeon 0.7.3 and give it a try. The executive summary is this: Galeon is 90% of the way there. It can be used for extensive web browsing without driving the user nuts. It's reasonably quick, and rendered almost every page correctly. Your editor was able to make Galeon crash, but not easily. Now all that's left is "the other 90%." Galeon may beat Mozilla, but with a 30MB virtual address size, it's not exactly lightweight. And it grows, though more slowly than Netscape does. Pages requiring authentication simply render blank, and it won't even try SSL ("https") connections. Many of Netscape's useful keyboard operations are missing - scrolling a page, for example, can only be done with the mouse. Buttons for basic operations ("back", "reload", "stop") are missing; a pulldown menu must be used. There is no control over cookies - it appears Galeon does not implement cookies at all. There is a nice option to only load images that come from the same site as the page they are in, but no way to get it to fill in the images on a specific page. There is no equivalent to Netscape's essential "open frame in window" operation. And so on. While Galeon's list of shortcomings is longer than one might like, there is little there that appears insolvable. Galeon is at that point where people can use it for many things, and the remaining problems are likely to go away fairly quickly. Netscape's days on a lot of desktops are likely to be numbered. It may well be that relatively few Linux users will ever end up using Mozilla directly. Galeon has taken what is arguably the best of Mozilla's work - Gecko - and built it into a tool that better fits the Unix philosophy: do one thing very well. In the process, Galeon has highlighted one of the real benefits of free software: if the people building a tool are not doing it the right way, those who think they have a better idea can implement it using the best of what is available. Inside this week's Linux Weekly News:
This Week's LWN was brought to you by:
|
August 31, 2000
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Security page. |
News and EditorialsPGP meets ADK. PGP (Pretty Good Privacy) has been around for a long time. It is a public-key encryption technique, developed by scientist Phil Zimmerman, that was, and is, a very commonly used public-key encryption system. It is not free, however, though PGP Security makes freeware versions available for Unix/Linux, in addition to their commercial offerings. Over the past week, though, reports have come in about security problems with PGP. What is going on? Well, recent versions of PGP have introduced the concept of Additional Decryption Keys (ADKs). This allows a public certificate to contain multiple decryption keys. What is the purpose of an ADK? CERT comments, tactfully, "This configuration might be used, for example, in environments where data encrypted with an individual's key also needs to be available to their employer." It can also be used by governments that wish to require key escrow systems, whereby a third party can use an ADK to read an encrypted communication (if, for example, a police investigation gets a court order for the release of the secondary key). Unfortunately, the newly introduced ADKs brought with them some improprieties. For example, PGP clients have not been checking to make sure that an ADK was signed by the owner of the public key. That allows another entity to submit a modified public key to a public key authority, including an additional ADK that will allow them to get access to the contents of encrypted code, if the sender of the encrypted code uses the corrupted public key. What needs to be done? The problem has to be fixed in more than one place. PGP-based software needs to check to make sure that ADKs are authorized, and warn senders of ADKs in the public key even if they appear to be authorized. That means you need to make sure the PGP client you use has been fixed. Public key authorities need to reject the submission of altered public keys that contain unsigned ADKs. In amongst this, there is some confusion as to whether this entire issue impacts Unix/Linux machines or only Windows machines. The CERT summary, mentioned above, is silent on this point. This ZDNet article states that only Windows clients are impacted. PGP Security has released updates for all platforms, including their freeware version of PGP for Unix/Linux. This BugTraq post from Howard Lowndes states that PGP-6.5.1i for Unix is vulnerable, which would explain the release of PGP-6.5.2 for Unix. If you are using PGP, upgrading to the latest version is a good idea. Alternately, for those that prefer their software free, the GNU Privacy Guard (GnuPG) provides a completely free alternative that is highly recommended. Note that the CERT advisory and several other sources detail how GnuPG can be used to detect the addition of an authorized ADK to a public certificate. Meanwhile, the whole issue has focused attention on the use of public key encryption. PGP and GnuPG together are possibly the most common/popular public key encryption system under Linux. PGP has always been somewhat arcane, resulting in only a minority of people using it. These new issues are not likely to encourage more people to try it out. Here are some additional resources for people who want to delve more deeply into this issue:
OpenBSD's Good Example (RootPrompt). Here's an article on RootPrompt.org about the lessons Linux could learn from OpenBSD. "Why do we in the Linux community produce distributions that require the user to be a security expert? Why don't we at least add a 'Secure by Default mode' to our distributions?" Quarterly CERT summary. Here is the latest quarterly CERT summary detailing the most active, ongoing security issues. Security Reportsmgetty temporary link vulnerability. Stan Bubrouski reported a vulnerability in mgetty this week, triggered by the use of a temporary file in a world-writable directory by faxrunqd, a daemon normally run as root which is used to send fax jobs spooled by faxpool. As a result, any file on the system can be overwritten. mgetty 1.2.21 and all prior version are reported to be affected. An upgrade to mgetty 1.2.22 should fix the problem. Check BugTraq ID 1612 for more details.This week's updates: glibc vulnerability in ld.so. Caldera Systems appears to be the originator for the report of a vulnerability in ld.so, part of glibc, in which environment variables are not properly removed in all cases before a setuid program is run. As a result, a local root compromise is possible (though no exploit has been reported as of yet. This week's updates:Linux-Mandrake security update to xpdf. MandrakeSoft has issued a security update to xpdf which fixes a symlink race condition. No other information on this problem has been spotted as of yet.Commercial products. The following commercial products were reported to contain vulnerabilities:
Updatesxlockmore. Check last week's Security Summary for details. An update to xlockmore 4.17.1 is recommended. This week's updates: Older updates:xchat URL handler bug. Versions of xchat from 1.3.9 through and including 1.4.2 can allow commands to be passed from IRC to a shell. Check BugTraq ID 1601 for more details. This week's updates:
dhcp. A second set of problems with the ISC dhcp client was reported in the July 20th Security Summary.This week's updates: Older updates:
ntop. Check last week's Security Summary for more details. This week's updates: Older updates:
Netscape 'Brown Orifice' vulnerability.Check the August 10th Security Summary for more details. This week's updates:
Jukka Lahtinen minicom. Check last week's Security Summary for details. No official updates have been seen as of yet. Unofficial reports indicate that Red Hat 6.1 and 6.2 and Slackware 7.0 are vulnerable and that SuSE, Linux-Mandrake, FreeBSD and now Debian are not vulnerable.usermode. Check the August 17th Security Summary for details on the most recent problem with usermode. This week's updates:
ResourcesComplete Reference Guide to Creating a Remote Log Server (LinuxSecurity.com). LinuxSecurity.com has put out a Reference Guide for the process of creating a remote log server. "A remote log server is nothing more then a system preconfigured at install-time to provide hard drive space for other systems to log to. This system must be completely secured and locked down. No unencrypted remote access should be allowed, all RPC Daemons and other misc. services should be turned off as well. The only data allowed to the machine should be UDP/Port 514." EventsSeptember security events.
Section Editor: Liz Coolbaugh |
August 31, 2000
| ||||||||||||||||||
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Kernel page. |
Kernel developmentThe current development kernel release is still 2.4.0-test7. Linus released the 2.4.0-test8-pre1 prepatch on August 29. It contains a first shot at a thread groups implementation (see below), and a number of fixes. The current stable kernel release is still 2.2.16. The current 2.2.17 prepatch is 2.2.17pre20, which has gone to Linus and is awaiting his official blessing (otherwise known as "holy penguin pee") as the 2.2.17 release. The Tux2 filesystem saw its first release this week. Tux2 resembles the journaling filesystem efforts in that it seeks to produce a crash-proof system. Instead of journaling, however, Tux2 uses a technique called a "phase tree." A phase tree filesystem structures everything as a tree - including all of the metadata. By observing strict requirements on the ordering of writes, updates can be made to the filesystem by working up the tree, then "committing" the entire set of changes by writing a new root block. Journaling filesystems can limit performance due to their need to write things twice - once to the journal, and once to the real location on the disk. By avoiding the duplicated write, the phase tree approach should yield better performance; initial tests would appear to confirm that this is the case. Tux2 is the work of Daniel Phillips; it was sponsored by innominate AG. The current implementation works with the 2.2.13 kernel; a 2.4 version will be available this fall. More information may be found in the announcement. The end of the big kernel lock? In the 2.0 kernel, the "big kernel lock" was used to keep more than one processor from executing kernel code at any given time. This lock facilitated the implementation of SMP support for Linux, but protecting the entire kernel with a single lock leads to suboptimal performance, even on systems with just two processors. Thus, much of the scalability work since 2.0 has introduced more fine-grained locking; a relatively small portion of the 2.4.0-test kernel is covered by the big kernel lock. Now kernel hacker Ingo Molnar has posted a patch which eliminates this lock altogether. It is replaced with a semaphore, which is a more efficient way of performing mutual exclusion for the remaining bits of code that need the big kernel lock - as long as no interrupt handling code needs it. This change is a sign that the multithreading of the Linux kernel is just about complete. It is also quite a deep change to apply to a kernel that is supposed to be in feature freeze, preparing for a major release. Thus, it is not clear that it will actually make it into 2.4.0; Linus has yet to express an opinion on it. Troubles with threads. A long discussion about support for threads in Linux wandered into the area of POSIX threads. There is a bit of an "impedance mismatch" between Linux and POSIX threads which makes the latter hard to support completely. It is widely believed that Linux threads are better, but POSIX is what a lot of people use. A lot of the trouble comes from the fact that POSIX threads were designed to be implementable entirely in user space. Linux, however, provides kernel threads which look an awful lot like processes; they provide a lot of features which POSIX did not anticipate. They also make some of the POSIX semantics hard to implement. Examples:
The 2.4.0-test8-pre1 patch contains a first shot at a thread group implementation. Linus has laid down a challenge to the POSIX threads implementers to work with this new code and see if it makes things easier; otherwise he'll take it out. Meanwhile there was some fun discussion of things that could be done with the native Linux thread model. These include an unshare() system call which a thread could use to detach itself - partially or completely - from its thread group. Linux could well be the platform that launches a more interesting approach to threads - but not until 2.5... For Linus's (rather uncomplimentary) view of POSIX threads, have a look at this posting. IBM announced the release of the Andrew Filesystem (AFS) this week; details may be found in the press release. Word of the AFS release has been around since LinuxWorld; IBM has just now gotten around to telling the world formally about it. AFS, of course, is the large-scale distributed filesystem favored by a number of large companies and universities. It has a number of advantages over NFS, including better security, location transparency, and disconnected operation. AFS has been available for Linux for some time, but only as a commercial product implemented by binary kernel modules; it has thus been expensive and prone to break when the kernel is upgraded. The release of a free version will certainly be welcomed by many people. IBM is taking a bit of an interesting approach with this release, however. The use of the IBM public License has already been commented on in this week's front page; that will keep AFS out of the kernel proper. IBM is also forking AFS to make this release. It is not clear that all of the AFS code will be released, and IBM will continue to develop and support the commercial version. The FAQ talks about moving features from the open version to the proprietary one, but is mum about movement in the other direction. Without more information on how much development effort IBM plans to put into the open AFS implementation, the cynical among us might well conclude that IBM is hoping to tap the free software community for help in improving its proprietary product. The truth there will come out eventually; until then, the donation of AFS is welcome. It gives the free software world something it didn't have before. Other patches and updates released this week include:
Section Editor: Jonathan Corbet |
August 31, 2000 For other kernel news, see: Other resources: |
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Distributions page.
Lists of Distributions |
DistributionsPlease note that security updates from the various distributions are covered in the security section. News and EditorialsAs you'll notice below, news from the various distributions was hard to come by this week. As a result, we took the time to search the Freshmeat appindex for some of the distributions there that were not yet on our list. Enjoy!Debian 2.2 (Kurt's Closet). Kurt Seifried at SecurityPortal.com took a look at Debian 2.2 this week and wasn't very happy with what he found, from a security perspective. Some of his concerns hinged on finding older versions of packages that, he presumed, still contained security holes. Kurt was unaware that Debian will frequently backport security patches to older versions of software, rather than automatically upgrade to a new version, in order to avoid unrelated bugs that may have been introduced in the latest version. This policy surprised him, but it is not unique to Debian. Earlier this year, when a security bug was found in the latest kernel (at that time), Linux 2.2.16, a patch was immediately released against 2.2.16. Some distributions immediately released updated 2.2.16 packages (including Red Hat). Others, including SuSE and Caldera, chose to backport and test the patches against older versions of the 2.2.X series. Their reasoning? The 2.2.16 kernel had just been released and they were not comfortable enough that it was well-tested and stable to wish to recommend it to their customers. Yet, they knew a fix for the security problem needed to be made available as soon as possible. Debian's choice is, therefore, common among distributions that prefer a more conservative approach to new packages. On the other hand, it is understandably confusing to people unaccustomed to it. How can you easily tell whether or not a distribution has been patched to fix a given problem? Apparently, the answer is "you can't", at least not easily. Security resources such as SecurityPortal, SecurityFocus, LinuxSecurity.com and our own LWN Security Summary exist partially to try and make that difficult process a little easier. New Distributionsminilinux. Not new, but new to our list, minilinux is a small, special purpose Linux distribution aimed at Ham Radio/Packet Radio enthusiasts. (Thanks to Michael Derek Barnett). Laonux. Also in the special purpose category, Laonux is a small distribution aimed at hobbyists, providing a small core from which to build a personalized distribution. [From Freshmeat]. Leetnux - the 'elite' Linux distribution.
With a very similar purpose, Leetnux is perhaps
best described using the author's own words:
The name "Leetnux" derives from the two words "elite" and
"Linux". "elite" is often written as eleet, in the script kiddy scene
also forms like leet, 31337 or 1337 are common. I mixed the two words
"leet" and "Linux" to get the word "Leetnux", an "Elite Linux". :-)
Linux/Coldfire. Linux/Coldfire is dedicated to supporting the port of uCLinux to the Motorola Coldfire processor. "The whole environment, kernel and applications, seems very stable. Networking (Ethernet, PPP, etc) is working really well, and appears to be stable and reliable. Things like IP-masquerading and Dial-on-demand work. There is also a port of the FreeS/WAN IPsec implementation to uClinux/ColdFire now!" [From Freshmeat]. Rabid Squirrel Linux. Continuing the theme, which seems to be popular among Console/OS additions to Freshmeat, Rabid Squirrel Linux is aimed at "power users and administrators" who want to do things the "old-fashioned" way, that is, through compiling source rather than through any new-fangled software tool. In addition, Rabid Squirrel is particularly aimed at server systems. Distribution ReviewsDukeOfURL reviews Storm Linux 2000. Stormix Technologies' Debian-based Storm Linux 2000 is reviewed by the DukeOfURL. "That's right, Storm is setting out to make Debian better! In fact, in many ways Storm has improved Debian, but has also commercialized it simultaneously... " Review: Abit Gentus Linux 3.0a (DukeOfUrl). The Duke of Url reviews Abit Gentus Linux 3.0a. "Due to big problems with Gentus and the GPL, Abit removed PerMon from their suite of tools included. It's sad to see PerMon go, but thankfully, Abit CC has replaced it, and now works on all Linux distributions that run on the Red Hat code base. I wonder if the source is available? I doubt it, since this piece of work is a valuable commodity in the Linux community." General Purpose DistributionsDebian Weekly News. This week's Debian Weekly News reports a glitch that may prevent the implementation of the new testing tree, at least in the short term. Other stories include naming problems with the Debian Helix Gnome packages, problems with the Debian bug tracking website and the role of Debian in the return of a stolen laptop. Please note that our Debian coverage in last week's Distributions Summary contained an error. It implied that the new Debian testing tree was already in existence, while, instead, it is only in the process of being discussed and coded. In a related topic, IndyBox announced the availability of Debian GNU/Linux on its RS2200 server line. Red Hat Wins Industry Awards. Red Hat proudly announced that Red Hat Linux 6.2 was named "Editor's Choice - First Place" for server distribution in the September 2000 issue of Linux Magazine and "Best Distribution" for the third straight year at the recent LinuxWorld Conference & Expo in San Jose, CA, USA. Section Editor: Liz Coolbaugh |
August 31, 2000
Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Development page. |
Development projectsNews and EditorialsDoes the world really need a web browser on a cell phone? There has been a lot of press in recent weeks concerning the porting of web browsers onto various hand held devices. While it is an interesting idea, one has to question the real value of such an effort.
Pros
Cons With most new technologies, previously unheard of applications come about as soon as the base technology is made available. It is unlikely that web browsers with tiny screens will be able to displace full screen browsers, but the portability aspect could bring about many interesting capabilities. It will be interesting to watch this technology evolve and mature. BrowsersGaleon: The Little Browser That Could (Linux Today. Linux Today has reviewed the Galeon browser. "Galeon is at version 0.7.3, and while it is still a bare bones browser similar to KFM in KDE 1.1.2, the fact that Galeon uses the Mozilla rendering engine gives it a whole degree of complexity that similar small, fast browsers do not attempt to have." Mozilla Theme Builder. Alphanumerica Inc has released a beta version of the Theme Builder for Mozilla. "This beta version of the tool gives users the ability to apply new graphic designs to the browser without changing its functionality. Individuals can use the tool to create their own personal themes while companies can "brand" the browser with their company colors and logo." Theme Builder has been released under the MPL license. DatabasesBerkeleyDB 2.9.1 released. A new version of the BerkeleyDB Python module has been released. Numerous bug fixes have been added as well as a new test suite. EducationSEUL/edu Linux in Education Report. The SEUL/edu Linux in Education Report for August 28 is available; it covers the Math Teachers Guide, a new Authenticated User Community release, thoughts on cafeteria management software, and more. InteroperabilityWine Weekly News for August 28, 2000. The August 28, 2000 edition of the Wine Weekly News is out. This week's WWN includes a report from the recent LinuxWorld conference. Network ManagementOpenNMS update. The latest OpenNMS update is available, with coverage of what has been going on with the Open Network Management Software project. Don't miss the link at the bottom to the Britney Spears guide to semiconductor physics. Office ApplicationsXEmacs/GTK released. Those of you waiting for a themeable, GTK-based XEmacs need wait no further: William M. Perry has completed his project (sponsored by BeOpen) to bring XEmacs into the GNOME world. It is downloadable now, and there are some screenshots available. On the DesktopX11R6.5.1 available for download. X11R6.5.1, the latest X release from the Open Group, was announced on August 15. It is now available for download, one day ahead of the original schedule. The return of the GNOME Summary. Here, after a prolonged absence, is the GNOME Summary for July 21 to August 28. It covers, of course, the GNOME Foundation announcement; there is also information on the 1.4 release process. ScienceIST Funds Many Health Related Projects (Linux Med News). Linux Med News has run an article on the European Information Society Technology's funding of health care software projects. "It seems as though the Europeans continue to be out in front of the US in adopting open source in healthcare: Information Society Technology (IST) is an executive organization consisting of 15 European countries that among other things funds healthcare technology projects, part of which are required to be in the public domain." Web-site DevelopmentZope 2.2.1 released. Digital Creations has announced the release of Zope 2.2.1. This is a bugfix release; among other things it includes the fixes to the security problems that have come out in the last couple weeks. ZCVSMixin, Zope meets CVS. ZCVSMixin 0.1.4 has been released. ZCVSMixin allows management of Zope objects with CVS. ZCVSMixin has been released under the ZPL license. Midgard Weekly Summary. Here is the Midgard Weekly Summary for August 24. It contains an interview with Ron Parker, who is working on documentation, and other Midgard development news. Section Editor: Forrest Cook |
August 31, 2000
|
|
Programming LanguagesJavaSwank 0.6 Java GUI toolkit released. Version 0.6 of SWANK has been released Swank is a GUI toolkit written in Java that is similar to TK. PerlDamian Conway Talks Shop (O'Reilly). O'Reilly's Joe Johnson has interviewed Dr. Damian Conway, author of Object Oriented Perl. ".Programming is a Dark Art, and it will always be. The programmer is fighting against the two most destructive forces in the universe: entropy and human stupidity. They're not things you can always overcome with a "methodology" or on a schedule." Perl6 mailing lists (Perl News). Perl News has published a list of current Perl 6 mailing lists with subscription information and list archives. PHPPHP 4.0.2 released. PHP 4.0.2 has been released. "The new version features new functions, many bug fixes, and increased performance." PythonThis week's Python-url. Here is Dr. Dobb's Python-URL for August 28. It covers the latest in Python development news, including the new Python license FAQ. comp.language.python.announce resurrected (Deja.com). Deja.com reports that the comp.language.python.announce newsgroup is being resurrected. The newsgroup is also being made available as a mailing list. decompyle gets a new home. Decompyle, a python byte-code to source code decompiler is being maintained by a new volunteer, Hartmut Goebel. The current version of decompyle is pre-alpha 0.4. Programming with Python Part 1: Baby Steps. Linux.com has put up the first in a series of Python tutorials. As can be inferred from the title, the first installment is of a highly introductory nature. Among other things, it contains a number of comparisons with Perl syntax. Tcl/tkThis week's Tcl-URL. Here is Dr. Dobb's Tcl-URL for August 27. It leads off this week with the selection of the Tcl Core Team, which contains many familiar names. TLS 1.4 SSL extension for TCL announced. A new version of TLS has been announced. TLS provides Secure Socket Layer support for TCL programs. Version 1.4 has a more robust test suite and bug fixes. Section Editor: Forrest Cook |
Language Links Erlang Guile Haskell Blackdown.org IBM Java Zone Perl News PHP Daily Python-URL Python.org JPython Smalltalk Tcl Developer Xchange Tcltk.com |
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Commerce page. |
Linux and BusinessThe Open Source Development Lab. "Enable Open Source developers to build data center and telco class capability into Linux, accelerating its growth into enterprise e-Business deployment and development.", reads the mission statement of the newly created Open Source Development Lab. The OSDL is a collaboration between HP, IBM, Intel and NEC, with additional support from Caldera, Dell, Linuxcare, LynuxWorks, Red Hat, SGI, SuSE, TurboLinux, and VA Linux Systems. This combination of companies should ensure that the lab will be well-funded and have plenty of technical expertise on hand. OSDL will be a non-profit development group that will support high end projects by providing access to high-end hardware. The lab, expected to open at the end of the year according to this announcement, will provide open source developers with a centralized enterprise development environment for sharing development ideas and innovations. It will be based near Portland, Ore. Only Open Source projects using accepted Open Source licenses such as those defined by www.OpenSource.org will be supported by OSDL. OSDL will not create new projects, instead it will help accelerate existing or new projects developed by the open source community. Open Source Initiative rejects defamation by DVDCCA. The Open Source Initiative has issued a release taking exception to the DVDCCA's statements about the open source movement ("...dedicated to the proposition that material, copyrighted or not, should be made available over the Internet for free.") in its trial brief. "We in the open source movement respect copyright; in fact, we use copyright law to underpin the licenses that define the social contract of our community." The DeCSS art contest. An announcement has gone out for the DeCSS art contest. Prizes will be awarded for the best artistic submissions involving DeCSS; co-author Jon Johansen will be one of the judges. Two German Linux service firms get venture capital. ID-PRO AG has announced the receipt of "between 7 and 10 million euros" in venture financing. The firm innominate AG has announced the receipt of DM 16.2 million in venture capital. LinuxWorld award winners. Atipa has put out a press release expressing its pleasure at having won three "Show Favorite" awards at LinuxWorld. They were chosen in the Servers, Hardware, and Software Utilities categories. Here's an announcement from Loki Software, winner of the "Best of Show" award at LinuxWorld. Briefly mentioned in the press release is the PC-based motion simulator that probably had a lot to do with this win. This motion simulator was a prototype designed by independent inventor Ray Woodworth, utilizing a patented valve he developed. Conoco Builds Next-Generation Geophysical Supercomputer. Conoco has announced the deployment of a large, Linux-based cluster to be used for seismic processing. There are few details, other than that the cluster provides 0.5 teraflops of processing power, and has 10 terabytes of disk storage. Lineo and Opersys release real time Linux Trace Toolkit. Lineo and Opersys have announced the release of the Linux Trace Toolkit, a powerful debugging tool, for real time Linux. Sun releases internationalization framework. Sun has announced the release of its "operating environment internationalization framework" under the X11 license. This code is intended to make life easier for programmers trying to support multiple languages in graphical applications. Corel's Linux plans from the new CEO. Corel has posted a message from Derek Burney, Corel's interim CEO, on what's going on with the company. "Next year, we intend to release a server edition of Corel LINUX OS, followed by an enterprise edition. The enterprise edition will combine our Linux front-end with Rebel.com's OfficeServer software and GraphOn Bridges[tm] and GO-Between[tm] solutions to allow small to medium-sized enterprises to deploy Linux, Windows and UNIX®-based applications throughout their organizations with ease." (Thanks to John Alexander Yorke). Press Releases:Commercial Products for Linux.
Products Using Linux.
Products with Linux Versions.
Java Products.
Books & Training.
Partnerships & Mergers.
Investments and Acquisitions.
Personnel.
Linux At Work.
Other.
Section Editor: Rebecca Sobol. |
August 31, 2000
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Linux in the news page. |
Linux in the NewsOpen Source. News.com reports on the forming of the Open Source Development Lab. "Linux grew up on single-processor computers, mostly those based on Intel chips--not coincidentally, the types of computers that are easy to come by. But finding machines with two processors, much less 32, has been a lot harder for the volunteer crowd of programmers that has built Linux from scratch. As a result, Linux has shown more promise than performance in these powerful and expensive machines." The New York Times covers the announcement of the Open Source Development Lab. " The companies were vague on details, like the size of the lab, how much it would cost and how much the project's backers would invest. The backers said the lab would be run by an independent director who would essentially choose which projects would be emphasized and which software would be tested, although they suggested that the laboratories would be accessible to Linux developers at large." The NY Times is a registration-required site. Here's a ZDNet column about the GPL and Sun's recent adoption of it. "The GPL guarantees that IT has the ability to view, modify and redistribute source code for vital software infrastructure components. It gives IT the ability to set its own agenda independently of the schedule or plans of software vendors, and it provides a common set of resources upon which IT or third parties can build new components." And here's another ZDNet GPL column on corporate adoption of free software. "Although the GPL model has proved it can produce robust software, it hasn't proved that it can produce large quantities of everyday applications." The New York Times has put up a lengthy article on the adoption of open source software. It's mostly, though not entirely positive. "The two marketplace triumphs of open source, after all, are derivative rather than truly innovative. Linux is a version of the Unix operating system, and the Apache Web server was derived from software developed at the Illinois supercomputing center." The New York Times is a registration-required site. (Thanks to Jim Turley, Paul Hewitt, and Kenneth Tanzer). LinuxMall.com has put up a conversation with Frank Hecker about the relicensing of the Mozilla code under the GPL. "Hecker believes these incompatible licenses have been holding up important progress. 'mozilla.org believed that these licensing issues were to some extent hindering the development of useful Mozilla-based applications, and so we believed it was appropriate to try and resolve the issues.'" Andover News ran this article about OpenCOLA; it talks little about the project (which is another distributed search sort of thing) and much about its "open soft drink" promotion. "Indeed, it all started with a couple of guys from openCOLA sitting around a local Toronto pub wondering what 'the most closed source application in the world' is. Everybody started throwing out suggestions until a voice from the back called out 'it's the recipe for Coke!'" (Thanks to César A. K. Grossmann). Companies. ZDNet is impressed by VA Linux Systems' latest results, but still sees difficulties in the company's future. "Given that equation, it's really hard to see VA Linux remaining as an independent company down the line. HP, IBM and Dell could all be acquirers of VA Linux -- assuming it keeps on executing. Another wild card would be Compaq (NYSE: CPQ), which needs the server help." The Boston Globe talks with Helix Code's Nat Friedman. "A quarter-million people have already downloaded Helix Gnome from the company Web site since it was released in March. Among the small but influential clique who run Linux software on their personal computers, Helix Gnome is on its way to being the gold standard." Upside looks at the Linux Capital Group. "Instead of incubating a whole henhouse worth of startups, the LCG basket currently contains only two eggs: Progeny Linux Systems Inc., a network computing startup headed by Debian co-founder Ian Murdock; and KnownSafe, a professional security consulting company." LinuxDevices.com gets a preview of the Screen Media FreePad, a Linux-based, wireless web browsing and telephone system. "Although the FreePad's operating system is a standard, open platform, Screen Media does not particularly want users to download 'uncertified' software into the FreePad. Instead, to facilitate FreePad upgrades and enhancements, the company plans to create 'FreePad Software Central', a website where FreePad users can obtain the latest certified software upgrades and enhancements." News.com reports on SGI CEO Bob Bishop's first year on the job. "The company's decision to offer Linux on Intel processors also smacks against SGI's core group of customers, although Bishop made it clear the company's MIPS-Irix strategy is separate from anything it does with Linux. 'We're not putting Linux on MIPS,' he said." Robin Miller criticizes Corel's Linux strategy in this osOpinion piece. "Linux offered a fine opportunity for Corel to capture a new set of users for its office and graphics software. Porting WordPerfect and CorelDraw to Linux was a good decision. But the idea of making a Corel Linux distribution was so bad that it overwhelmed all the company's Linux potential and has gotten it into trouble with everyone from hard-core Open Source activists to casual desktop Linux users." Upside looks at Indrema. "Staking its life on the belief that current software development and hardware trends sweeping the embedded systems market will continue to sweep their way into the realm of gaming consoles, the company has been showing off its L600 Entertainment system, essentially a Linux-driven set-top box with a 600 MHz processor and the potential for 100 Mbs worth of broadband connectivity." Business. ZDNet's Jesse Berst is concerned about the DVD ruling. "Despite freedom of speech, you still can't shout 'FIRE' in a crowded theater. Now you can't even point to the person shouting." Upside reports on Time Warner, a plaintiff in the DVD case, which linked (via CNN, which it owns) to a DeCSS mirror site. "The case is the latest example of a large media company contradicting its legal arguments with its own actions." ZDNet ran this column worrying about the DVD case. "My biggest concern is the contention that the act prevents even the discussion of how to decrypt the code. Excuse me? That seems like a huge infringement on our First Amendment rights." ZDNet looks at the challenges faced by Caldera in making the SCO acquisition work. "Caldera also must navigate the tricky terrain between its newly acquired proprietary UnixWare software and its open-source Linux offerings. While it won't immediately uncork the UnixWare recipe to developers, Caldera must quickly move the product in that direction to keep from alienating the open-source faithful." News.com reports on the good news with Linux stock prices. "Analysts said the companies' stock surge in recent weeks may not be a temporary blip but a potential indicator of longer-term gains for the volatile sector." Here's an editorial in Computer Weekly predicting a bright future for Linux. "Open source software - together with the open standards demanded by Internet-based computing - can shift the balance between IT suppliers and users. It can force suppliers to seek profits in the real added-value areas of services and solutions rather than in a proprietory monopoly over everyday desktop tools." (Thanks to Alan J. Wylie). An Andover.Net columnist did a survey of web servers used in the B2B market to see what they were running. "Of the 63 retail B2B websites I examined, nearly half were running an IIS server over an MS Windows platform; a third were running Solaris, usually with either Apache or a Netscape Enterprise Server. Seven firms were using Linux. Four were using BSD." (Thanks to César A. K. Grossmann). Here's a ZDNet column looking at Linux on the desktop. "Linux may serve countless pages, but the number it renders could probably be totted up on the back of a bus ticket. Like it or loathe it, Microsoft's Internet Explorer is the browser to have, and you might have thought that there was zero chance of it running natively on Linux. But two weeks ago Windows source-code licensee Mainsoft announced that it had secured rights to port IE to a variety of Unix platforms, including Linux. So that's one void that will soon be filled." Computer Sweden/Åsikt has posted this column (in Swedish) on the success of Linux. "In Friday's issue we reported on Gnome, the new standardized user interface that will give Linux a more human face, which is an interesting project. But that which really make us give in for Linux is the the recognition it has gotten from many big companies." (Thanks to Daniel Petzen for the pointer and translation). Dave Winer complains about the difficulties of being a commercial software vendor in the open source age. "So don't say Stallman created this mess. No one would have cared if Microsoft hadn't forced a decision. If they had been more relaxed about the Web, let Netscape drift, and stay on the side of developers, Microsoft would have cleaned up and we wouldn't be talking about Stallman or open source now. My opinion of course." Here's a bizarre ZDNet column full of one-paragraph pot-shots seemingly designed to annoy just about everybody. One in particular is relevant: "Now that the KDE-Gnome rift in the Linux community is in the open, certain spinmeisters are doing their damnedest to paper over the differences and suggest it's all one big happy family. Wishful thinking. One side is going to win and there's bound to be raw hurt among the losers -- especially if they believe they backed the superior approach." The competition between the two projects was such a secret before... (Thanks to Dylan Griffiths). News.com ponders the "Office on Linux" rumors. "Though Linux poses no immediate threat to Windows, two scenarios could change Microsoft's position regarding Office: the government succeeding in breaking up Microsoft or China moving to Linux, as it has threatened to do." Resources. The LinuxDevices.com Embedded Linux Weekly Newsletter for August 24 is out; as always, it contains a comprehensive summary of happenings in the embedded Linux world. The third English issue of Linux NetMag is out; it contains articles on MP3 utilities, Wine installation, Lightspeed - a program for simulating relativistic effects, and more. LinuxOrbit has put up this column by a recovering Windows user. "Kicking the Windows habit isn't nearly as hard as I thought it would be. The application-gap isn't nearly as wide as it once was, and the gap is closing every day. Even entertainment software on Linux is gaining fast, most notably in the sound category" Reviews. Signal Ground has put up a review of Running Linux 3rd Edition. "The value of 'Running Linux' is tremendous if you don't know much about Linux and want a quick but thorough overview. But even if you're extremely knowledgable about Linux, this book would make a handy reference to refresh your memory about a variety of topics." LinuxDevices.com looks at the XScale CPU core from Intel. "Like the existing StrongARM processors, the new XScale core based processors will be supported by multiple suppliers of Embedded Linux. Specifically, Intel says the Intel XScale microarchitecture development platforms will contain the GNU toolchains from Red Hat, including compiler, assembler, linker, debugger, and monitor software. Additionally, according to Intel, Embedded Linux implementations optimized for XScale will be available from both LinuxWorks and MontaVista." Interviews. O Linux interviews Alan Cox. "Having seen Linux from its early days as a fun toy through to the latest figures on its usage the one thing I have learned is that predicting the future in computing is not very practical." Finally. The Boston Globe covers the most recent Geeks With Guns event. "Call them Linux Libertarians. This subculture of hackerdom is less about guns than it is about an elaborate philosophy of a faction of freedom-loving geeks with an acute distrust for authority. To understand them is to understand the popularity of Linux, an operating system that spawned out of the insurgent 'free software' movement." Section Editor: Rebecca Sobol |
August 31, 2000 |
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Announcements page. |
AnnouncementsSebastien Huet announced that he is no longer able to maintain the site http://linux-embedded.com. As a result he is looking for a purchaser for the domian name. The money will be returned to the embedded development community. Please email Sebastien Huet for more information. ResourcesHow to create a secure install (LinuxNewbie). LinuxNewbie.org has posted a document on installing secure Linux systems. "Package installation is the next area where you can really impact the future security level of your Linux box. It's very important that you choose to select packages individually, as every distribution I've seen installs a lot of software by default that you won't use." Getting and Installing Command Line PGP (LinuxNewbie). LinuxNewbie.org has put up a new help file on installing PGP on Linux. Check it out for pointers on how to use this notoriously difficult utility. Setting up multiple users in Kmail (LinuxNewbie). LinuxNewbie.org has put up a new help file on using Kmail to share a mail account between multiple users. EventsUniversity of Michigan Symposium on Technology and Society. The University of Michigan has announced the John Seely Brown Symposium on Technology and Society, which will be held September 8-9; the keynote speaker will be Lawrence Lessig. There will also be a panel on "the implications of open source software." Technical Meeting Week in Burlingame, CA. The Object Management Group has published this press release about its Technical Meeting Week in Burlingame, CA, USA, September 11-15, 2000. Guest speakers include Miguel de Icaza, project leader for the Linux desktop GNOME who will present GNOME's CORBA-based interoperability architecture. Embedded Linux Expo & Conference speakers announced. LinuxDevices.com is carrying this announcement of the speakers at the second Embedded Linux Expo & Conference, to be held on October 27 in Westborough, MA. The event is headed up by Alex Morrow, leader of IBM's Linux wrist watch project. First Annual Linux Users' Training Conference. The First Annual Linux Users' Training Conference and Awards Presentation has been announced for October 30, 2000 in Washington, DC. This event is very strongly oriented toward the U.S. federal government. Alan Cox, David Miller to speak at Australian Linux Conference. The Australian Linux Conference, which will be happening in Sydney on January 18-20, 2001, has announced that Alan Cox and David Miller will be speaking. The conferences call for participation is open through the end of September, should others be interested in presenting there. Marc Merlin's report from LinuxWorld. Marc Merlin has put up a report from LinuxWorld. As is usual for his conference writeups, the report is comprehensive and full of photos; worth a look. LinuxWorld sets records for attendance. More than 20,000 attendees and 200 exhibitors turned out for LinuxWorld Conference & Expo. A report from Geeks With Guns at LinuxWorld. We have one last LinuxWorld report that has rolled in. Eric Raymond's Geeks With Guns event was held, as usual, at LinuxWorld earlier this month. Dennis Tenney attended, and wrote up his impressions of the event. If you're not offended by the nature of this gathering, have a look to see what went on. September events.
Additional events can be found in the LWN Event Calendar. Event submissions should be sent to lwn@lwn.net. Web sitesPenguin Computing Unveils New Web Site. Penguin Computing Inc. announced its commitment to customer service with its new Web site. The site features the RAPTOR (Rapid configure-TO-ordeR) system, which allows purchasers to specify the comprehensive hardware, software and storage configurations. Linux Technical Support Website. CTitek has developed a new technical support website at www.fixmylinux.com. User Group NewsLUG Events: August 31 - September 14, 2000.
Additional events can be found in the LWN Event Calendar. Event submissions should be sent to lwn@lwn.net. |
August 31, 2000 | ||||||||||||||||||||||||||||||||||||
|
Software AnnouncementsDue to circumstances beyond our control, Software Announcements were unavailable this week. We apologize for the inconvenience. |
Our software announcements are provided courtesy of FreshMeat
| ||||||||||||||||||||||||||||||||||||
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Back page page. |
Linux Links of the WeekNo household should be without the After Y2K Geek Action Figures. Run right out and collect the whole set. Tigris is an ambitious project to create a new set of collaborative development tools. It almost looks like they are building the structure to make the next generation of SourceForge-like sites. Projects that are well underway include a bug tracking system, an access control package, a UML editor, and more. Section Editor: Jon Corbet |
August 31, 2000 |
|
This week in historyTwo years ago (September 3, 1998 LWN): The world was trying to figure out what to make of Corel's jump into Linux. "I expect Corel to making tens of millions of dollars in the Linux space within the next 12 months," says Robert Young, president of North Carolina-based Red Hat Software Inc., a leading distributor of Linux software. "It's got some very well known software brands and there is a lot of demand among Linux users for more advanced software," he adds.
Oh well. Salon Magazine, meanwhile, talked with Richard Stallman: Never mind that Stallman started the free software movement, or that thousands of lines of code that he personally authored are an integral part of what most people today call "Linux." To the new generation, Stallman is an embarrassment and a hindrance who must, at all costs, be trundled into a back room before he scares off the investors.
The kernel developers were working on 2.1.120 and the 2.0.36 stable kernel prepatches. Multistream files were a topic of hot debate - something that has changed little in the intervening years. The Debian Project released "Hamm-JP", its first shot at a Japanese version of its distribution. Caldera split into two companies: Caldera Systems and a thing called Caldera Thin Clients, which handled the DR-DOS/embedded systems business. Caldera Thin Clients would eventually rename itself Lineo. But the big news, of course, is the LWN adopted a new, multi-page format, leaving behind the "one big page" except for the hard core that refused to do without it.... One year ago (September 2, 1999 LWN): Red Hat parted ways with a company called LASER5, which had been doing all of Red Hat's localization work in Japan. LASER5 stated its intent to go into the business on its own and dominate the Japanese Linux market. A year later the company is still around, but is not quite the market force it had hoped to be. Sun's purchase of StarDivision was made official. Sun also announced plans to release StarOffice under the Sun Community Source License, which did not raise a great deal of enthusiasm. A year later the SCSL is (almost) history, and one doesn't hear much about the "StarPortal" plans... The development kernel was at 2.3.16; there were rumors that a 2.3 feature freeze was imminent. The stable kernel release was 2.2.12, which turned out to be a little less stable than some might have hoped. | |
|
Letters to the editorLetters to the editor should be sent to letters@lwn.net. Preference will be given to letters which are short, to the point, and well written. If you want your email address "anti-spammed" in some way please be sure to let us know. We do not have a policy against anonymous letters, but we will be reluctant to include them. | |
Date: Fri, 25 Aug 2000 21:21:57 -0400 From: "Eric S. Raymond" <esr@snark.thyrsus.com> To: Tom Cowell <tcowell@terma.com> You wrote: > ESR should not abuse = > his position as a celebrity among users of the Linux kernel by = > publicising his views on other issues. FYI, I fully intend to `abuse' my position in this manner as often as the demands of effective publicity will allow. There are two reasons for this: (1) Tactical. Yanking peoples' chains just a little is an excellent way to get their attention. And authenticity is terrific PR <evil grin>. (2) Principled. You fight for freedom in your way, I'll do it in mine. -- <a href="http://www.tuxedo.org/~esr/">Eric S. Raymond</a> The prestige of government has undoubtedly been lowered considerably by the Prohibition law. For nothing is more destructive of respect for the government and the law of the land than passing laws which cannot be enforced. It is an open secret that the dangerous increase of crime in this country is closely connected with this. -- Albert Einstein, "My First Impression of the U.S.A.", 1921 | ||
Date: Sun, 27 Aug 2000 08:31:53 -0500 From: [withheld by request] To: lwn@lwn.net Subject: Geeks with Guns Concerning "Geeks with Guns" you write: "If you're not offended by the nature of this gathering, have a look to see what went on." Actually I am offended by the nature of this event, but more importantly I think this event has a lot to do with guns, a little to do with geeks, and nothing to do with Linux. Associating Linux with an extremely controversial minority political group does a great disservice to the Linux community. I am a regular LWN reader, and a fan, but this was a very poor editorial choice. | ||
To: letters@lwn.net Date: Thu, 24 Aug 2000 08:04:27 -0700 From: " " <lkollar@my-Deja.com> Subject: Re: "Let's move towards easier software installations" A *very* timely piece. I had this very thing hit me in the face earlier this week, when I managed to install Gnucash 1.4.4 from a source RPM onto my PPC Linux system. What a hassle! I had trouble from the very beginning. While Gnucash does not require Gnome, the developers sure don't make it easy on those of us who prefer something else. I had to install several packages on my system, some of which conflicted with other packages, before I could even start compiling. Then I had to get a tarball of g-wrap and compile that. While none of this was particularly difficult, it was much more tedious than it had to be. Testosterone get the better of me and I fought on until I got it installed -- but a less technical user would have simply given up. Aside from my belief that an important user app like Gnucash should be WM-agnostic anyway, I got a fresh look at what Linux must be like to new users. Before I continue, I have to say the Gnucash developers don't deserve all, or even most, of the blame. LinuxPPC has some serious problems with their package organization (which may in turn have been inherited from RedHat). Maybe Debian's package system would have made things easier. And perhaps if I'd used the binary RPM at linuxppc.org, I'd have had a better time of it. Or maybe I expect too much. But non-technical users expect even more, and most of them just want to get something done with their computers that doesn't involve low-level administration. A good package design should eliminate file conflicts. A good package manager should at least look for (and install?) packages needed but not installed. And if you release a source package, make sure you have packages for everything it depends on. A little effort goes a long way toward making users happy. -- Larry "Dirt Road" Kollar | ||
Date: Thu, 24 Aug 2000 13:35:15 -0400 (EDT) From: Joseph J Klemmer <klemmerj@webtrek.com> To: letters@lwn.net Subject: FUD response -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Your comments about responding to FUD are right on target. For the last few years I have been responding to FUD with the complete contempt of silence. It has become obvious, especially in the last few years, that Linux and Open Source Software are winning (just like you mentioned). The only reason articles like Mr. Moody's are published are to attempt to provoke a backlash from the "Linux Zealots". I now simply ignore the articles and use calm, real-world examples when anyone asks me about Linux or comments on the article. Flaming Mr. Moody does no good. Helping the people who don't know understand the facts about Linux, what it can and especially what it can't do, does more to offset the FUD in the long run. Yours, Joe - --- Don't ask me, I took the blue pill. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1 (GNU/Linux) Comment: pgpenvelope 2.8.9 - http://pgpenvelope.sourceforge.net/ iD8DBQE5pVzyHeWRPx8OIHARAo82AJ9ZH3JPA9ltm7NwXNzeQKVebv2MJQCgnTPY XPnn1eh67+F20L80gWLSINg= =BAXf -----END PGP SIGNATURE----- | ||
Date: Thu, 24 Aug 2000 08:18:17 -0600 From: Bruce Ide <nride@uswest.net> To: lwn@lwn.net Subject: Lunatic Fringe zealots who would start flaming at the slightest provication (In the form of a negative article or posting on a message board.) These people were the reason IBM kept Team OS/2 at such a distance. They represented probably around 1 percent of the OS/2 using community but the press and flame mongers in the forums took no end of delight in baiting them and then trotting their messages out as a sample of the "scary" OS/2 community. If I recall correctly, there was a similar group associated with the Amiga and you probably wouldn't have to go too far to find one associated with Windows, too. Well things never change and the Linux Community has its own Lunatic Fringe, which writers like Fred Moody are tapping in to. There's not a lot you can do about the Lunatic Fringe. Fortunately the writers who like to go kicking up ant hills when they've nothing better to do quickly show the quality of their work and most people discount what they have to say anyway. The Linux press and the OS/2 press before it seemed to be more responsible than to go looking for the Lunatic Fringe of the competition. I suspect that the relatively low distribution of reporters for those OSes has something to do with it. As more writers join the Linux press, the quality of articles will no doubt go down. Not much you can do about that either. My advice is to ignore both parties and get on with writing better software and better articles. -- Bruce Ide greyfox@paratheoanametamystikhood.net http://www.paratheoanametamystikhood.net | ||
Date: Sat, 26 Aug 2000 08:47:03 -0700 From: Tim Jones <tjones@914fan.net> To: letters@lwn.net Subject: LinuxWorld Expo Awards .... What Do They Mean? I was witness to a most amazing thing at LWCE in San Jose -- a backup utility manufacturer won an award for best development tool. In fact, when I voted, I discovered that I could vote for every vendor in every category. Imagine, I could award Loki with "Best of Show," but I could also award them with "Best Database," or "Best Office Suite." This lack of categorization lessens the impact of the awards that do fit. Since any vendor could win any award, do the awards mean anything outside of a few users' (the number of actual votes weren't released, but I wasn't witness to any huge crowds trying to vote....) having fun with the voting software? While I enjoy the opportunity to impart awards upon deserving companies, I find the lack of logistical planning on the part of the voting software designers to be unbelievable. Awarding a company in an environment that they are not part of is absolutely worthless. When Lonestar/Cactus won "Best Development Utility," the assemblage didn't applaud, they laughed nervously. I'm certain the Lonetar authors found that to be most rewarding. The user awards are important; they allow plain folks to say thank you to Linux vendors for dedication and support. But, let's be a bit more careful in future voting to ensure that the awards are actually something that apply, rather than another geek floor event to see how ludicrous we can be as users. In New York, let's assign categories to each vendor's true offerings so that things like this don't happen again. Congratulations to the real award winners like Loki and Sun. Thanks for helping make Linux a great place to be! Tim Jones tjones@914fan.net | ||
From: Aaron King <AaronK@4-Serv.com> To: "'letters@lwn.net'" <letters@lwn.net> Subject: "The first round of the DVD case is over" Date: Sat, 26 Aug 2000 11:46:22 -0400 I wasn't around in the 60's so I have never had anything to really fight for! I'm 18 and I think this is something worth fighting for. We are talking about rights for ourselves AND the rights which will passed down to our children. We should be doing something, not merely reading the news and sending angry email. WE SHOULD get out there and protest! Why does no one push for that type of movement here? If we leave technology decisions up to judges who use computers to browse the "interweb" then we will never win in a fight like this. These judges see "Windows" as "a computer". They don't understand how computers work, how closed source and patents HURT technology development. So far no one has said, "Hey, computers are NOT like the rest of the American Industry". WHY? Something needs to be done and I want to help. What do you think? Please send reply to islandblend@home.com, this is my work email. Aaron King 4th Generation Services 248-680-9400 x 112 aaronk@4-serv.com | ||
Date: Sun, 27 Aug 2000 17:53:43 -0700 (MST) From: "M. Leo Cooper" <grendel@theriver.com> To: letters@lwn.net Subject: Libelous statement in DeCSS case Dear LWN editor, I'm sure you are already aware of attorney Jonathan Shapiro's libelous statement in a legal brief against the Open Source movement. It was, after all, discussed at length on Slashdot. ...the so-called "open source" movement, which is a dedicated to the proposition that material, copyrighted or not, should be made available over the Internet for free... The full text of the brief is available on-line at http://cryptome.org/dvd-v-521-opq.htm. I have been pondering appropriate responses to this. After all, most Open Source developers, such as myself, depend on a trust relationship with employers or clients for a livelihood and this could actually cause us financial damage. I probably don't have the resources to actually file a libel suit in a local court, but others might. What I suggest is sending reasonably polite and literate letters to the law offices of Weil, Gotshal & Manges L.L.P., 767 Fifth Avenue, New York, NY 10153, complaining about Shapiro's conduct. Likewise, e-mails to the New York State Bar Association Ethics committee, ethics@nysba.org, might do some good. I'm hoping Red Hat, VA Linux, Caldera, and all the rest do not let this go unchallenged. After all, they were libeled, too. Mendel Cooper thegrendel@theriver.com | ||
Date: Sat, 26 Aug 2000 12:13:14 -0700 From: Seth David Schoen <schoen@loyalty.org> To: dave@userland.com Subject: Base-64 code (is code with no license open source?) Dave, The copyright law is clear that works of authorship are copyrighted by default upon creation -- with or without a copyright notice -- and that making copies legally requires the permission of the copyright holder in most circumstances. Cf. Brad Templeton's copyright FAQs, where this point is covered in detail. If you publish an article of your own -- with no copyright notice, and no license -- bearing perhaps your name and the date, put it up on your web site, and somebody reprints it without asking you, or puts it on a different web site: - You can send a cease and desist letter. - You can then sue, and win (if the letter is ignored), and perhaps recover profits. The situation is exactly the same with a piece of software. That's why the Debian Free Software Guidelines and the derived Open Source Definition refer to "the license" and why the OSD had to make a specific exception for source code "explicityly placed in the public domain". You see, I raised the question a while back of why public domain source code should be excluded by the phrasing of the OSD; the conclusion is that we'd definitely still need an explicit statement _proving_ that the code is in the public domain. Many people do not understand this, but some day somebody will be sued for including a random source code fragment found on a web site in a GPLed package, and then people will get the idea. Already the OSI is quite clear that "open source doesn't just mean access to the source code" (but must also include clear legal authority to use, modify, and redistribute it in compliance with the OSD, etc.), and the Free Software Foundation, even mindful of software copyright law even in the face of its opposition to most of that law, requires clear and explicit statements about copyright permissions from prospective contributors of code to the FSF's free software projects. I don't want to disparage Tim O'Reilly's answer to the question. Here is the basic problem: Tim is 100% right about the tradition that publishing code means it's OK to re-use it. This is true since before I was born, and no doubt Tim, like the guy in the epigram, knew that before I was born. And open source _should_ be about attitudes and community expectations. The problem is that, in the mad state of copyright law, when we rely on attitudes, traditions, and community expectations, we get sued, and judges laugh at us, and we lose. No? Thus the disagreement between programmers and lawyers which you mention. Many software authors who publish code without a copyright notice do intend for it to be in the public domain. Oops! It's definitely not, unless they have explicitly said so. I could sue people for re-using the little Python number-theory experiments on my web site in a book about combinatorics, because I've granted no license -- so I'm guilty of the same mistake. Or maybe the copyright law is guilty of ballooning wildly so that everyone's intuitions about what is reasonable are eventually overthrown... but I was going to try not to get too partisan here. :-) -- Seth David Schoen <schoen@loyalty.org> | And do not say, I will study when I Temp. http://www.loyalty.org/~schoen/ | have leisure; for perhaps you will down: http://www.loyalty.org/ (CAF) | not have leisure. -- Pirke Avot 2:5 | ||