Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise
news for all interests
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page
Other LWN stuff:
Archives/search
Recent features: Here is the permanent site for this page. See also: last week's LWN.
|
Leading items and editorialsQt is to be released under the GPL. Trolltech has thrown in the towel and announced that the Qt toolkit, as of the upcoming 2.2 release, will carry a dual license. For those who prefer it, the QPL may still be used. But for the rest, Qt 2.2 may be used under the terms of the GNU General Public License. This move will bring an end to more than two years of controversy centered around the Qt license. Qt's initial license was in no way free, and caused much concern among free software users. Trolltech eventually responded with the QPL which was, grudgingly, acknowledged to be a free license. The QPL remained incompatible with the GPL, however, leading many to conclude that linking the (GPL licensed) KDE code with Qt was not legal. For this reason, the Debian distribution still does not include KDE. Now that everything is covered under the GPL, this trouble should go away (but see the next article, below). KDE is indisputably free software. Will this change bring about the end of the "KDE vs. GNOME" rivalry? Most certainly not. But GNOME has lost whatever high moral ground it may once have had. The competition will continue, but it will, hopefully, be in a much more interesting vein. The two projects, deprived of the licensing issue, will have to compete on two factors:
The end result seems reasonably predictable, really. It's already common to see systems with both KDE and GNOME installed. Users may "run" either KDE or GNOME, but they will pick and choose their applications individually, depending on which they like best. In the end, letting users decide what is best for them is what Linux is all about. (See also: KDE's response to Richard Stallman's editorial, and this additional response from some KDE developers). Must KDE ask forgiveness for its sins? One would hope that the KDE licensing wars would be truly over. This note from Richard Stallman, however, makes it clear that the hangover may be with us for a little bit yet. Those who violate the GPL lose the right to use the code covered by that license; according to the letter of the law, people who linked GPL code with Qt can no longer use that code without forgiveness from its copyright holders. Nobody has ever been held to that standard before, but RMS seems to think that things should be done differently this time. Mr. Stallman claims that KDE has made use of (unspecified) GPL-licensed code from other projects. One could conceivably create trouble with this charge - assuming that specifics of the alleged improprieties were to be made public. But what is the point? RMS has generously offered forgiveness for all software under the FSF copyright, and has called on others to do the same. If one absolutely must make an issue of alleged past violations, this is the only way to do it. KDE's only crime is to try to make the best free Linux desktop it could; to tell them they need to beg forgiveness is insulting at best. It's time to put the whole KDE licensing issue behind us and move on. :CluelessCat? Thanks to a (previously) little-known company called "Digital Convergence," we now have our latest attack on the right to program. Digital Convergence came up with an interesting idea. They give away a cheap barcode reader (called the ":CueCat") and some (Windows) software. People plug the reader into their computer, then use it to read a special code printed with advertisements and such. The browser running on the computer will then be directed to a specific web page just waiting to take a credit card number. For added fun, the device can also pick up coded audio signals from a television. If you put an interesting device out there, some Linux hacker somewhere will try to make it work. If the device is free, and relatively simple as well, quite a few hackers will jump in. And, sure enough, :CueCat drivers started appearing on the net. Digital Convergence, as it turns out, didn't like that; it called in its lawyers and set about shutting down sites hosting :CueCat drivers. It seems that such a driver violates the company's "intellectual property," though exactly what that property is has not yet been specified. See, for example, copies of the lawyer letter posted on the FBM Terrorist Conspiracy From Hell, Inc page. The case appears weak, but the company has managed to get the :CueCat drivers pulled down - for now. Why would Digital Convergence do such a thing? While many Linux users may not use their readers to go to advertisers' web pages, some certainly will. So companies that are paying Digital Convergence for the :CueCat referrals should be happy; happy customers are generally good for business. One part of the answer can, perhaps, be found in this issue of Lauren Weinstein's Privacy Digest. Use of the :CueCat, it seems, requires sending in some personal information, along with the serial number of the device. Every code you scan gets tied together with your information, building a nice little profile. According to the Privacy Digest, Digital Convergence is aware of and responsive to privacy issues, which is encouraging. But the commercial value of the data collected by the :CueCat system is obvious. And that is why Digital Convergence doesn't like the Linux driver, and why it is so important that the driver exist. When source is available, users of the device who are concerned about their privacy can do something about it. They need not depend on the promises of a company whose commercial interests clearly lie in the collection and sale of personal information. This is a classic example of what the "free" in free software really means. If we can not write software to work with the things we own, we have lost an important freedom. This case is important, even for those who lack the desire for quicker access to commercial web pages facilitated by a feline-shaped scanner device. (See also: this Slashdot topic with an unhelpful response from Digital Convergence and 901 (as of this writing) comments). One last word on Geeks With Guns. Our publication of the Geeks With Guns report has inspired a fair amount of mail. Not everyone is pleased that we ran the article; others feel that we did not run it prominently enough. We covered it as an event involving Linux personalities at a Linux conference, and still feel it was appropriate. On the other hand, the letters to the editor on the subject have been squelched with a firm hand. Our thanks to all of you who wrote to us - pro or con - but the discussion is heading rapidly into areas beyond LWN's scope. As always, letters to the editor should be sent to letters@lwn.net. Minor change to the software announcements. Thanks to changes put in by Scoop over at Freshmeat, the software announcements this week have been broken apart by major category, to make them easier to scan. Several people have asked for this; we expect it to be popular. We will probably also make an alternate version of the software announcements available next week, one that breaks up the announcements by license type instead of by category. Your feedback to these changes is always appreciated. We've also left in place a minor change which causes an individual software announcement to pop up in an external window if you click on it. This is against our normal policy (we generally hate popup windows) and it can certainly be argued that it should be removed, allowing you to choose to drag and drop a link if you want to see it in an external window. What we want to know is your preference. Please send your comments to lwn@lwn.net. Inside this week's Linux Weekly News:
This Week's LWN was brought to you by:
|
September 7, 2000
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Security page. |
News and EditorialsFast response versus vendor coordination. Leading the new security reports section, you'll see a complex report on glibc problems and updates this week and last. One of the problems in glibc that was reported and fixed was a format string vulnerability in locale. This was demonstrably locally exploitable to gain root access. From a Linux-centric perspective, the process for fixing this moved forward in a fast and straightforward manner. However, there was another side to the story. Simultaneous to the glibc locale discovery, CORE SDI discovered and reported a format string vulnerability in the Unix locale subsystem. They reported the discovery to SecurityFocus' vulnhelp forum, a forum set up to provide access to expert assistance in both verifying problems and in contacting vendors in advance, so that fixes for the problem could be readied. Particularly in this case, the problem affected so many different Unix and Linux operating systems, and no good workaround was available, so it was felt to be essential to work with the vendors. CORE SDI and SecurityFocus contacted a long list of vendors, including the many various Linux distributions. They were surprised, and strongly displeased, when several of the distributions did not respond to them, yet chose to publish the vulnerability, with updates, even though other vendors had not had the opportunity to develop fixes for the problem. This issue is not new. CERT has long been known for the effort it puts into coordinating with vendors before releasing advisories. Correspondingly, they are also famous for advisories that come out months after the initial report of a problem, frequently after the problem has been widely exploited. Some vendors, for some problems, will be able to get fixes out very quickly. Other vendors, or other problems, may be more difficult to get out. Experience has shown that nothing irritates a vendor more, or motivates them more, than publicity, particularly publicity showing faster response from another vendor. Contacting other vendors that are potentially impacted before publication is a "good thing". Deciding how long to wait, if at all, before publishing your own fixes is a tougher decision. Were the Linux distribution vendors at fault in their release of their updates? There will never be a unified opinion on that. Obviously, CORE SDI and SecurityFocus feel that they should have held their updates back. If they had done so, though, they would certainly have come under fire from others for slow response to a known, potentially severe security vulnerability. After beating on Linux distributors to get fixes out in a timely manner many times in this forum, for example, we are hard put to say that they made the wrong choice. However, by operating in a very Linux-centric manner, and particularly by not communicating back with CORE SDI and SecurityFocus in a timely manner, they were certainly impolite. Such impoliteness can undermine potential future cooperation and should definitely be avoided. Even if they chose to go ahead with their advisories and updates, working with and notifying other interested parties in advance is a worthwhile choice. In some respects, we may be viewing the effects of a lingering Unix vs Linux split. Many people in the Linux felt (and were) ignored by the Unix community in the early years of Linux (1993-1998). As a result, a habit of non-communication has grown up. If this is indeed part of the root of the problem, its eradication will come from the efforts of individuals on both sides to become more aware of the concerns and work of their counterparts. Where security is concerned, we all have the same goals, Linux, *BSD and commercial Unix vendors and users alike. Working together, wherever possible, is the right choice to make. Falling Apart at the Seams (SecurityFocus). Here's an article on SecurityFocus which looks at complex security problems and their avoidance. "This new class of holes is different: a programmer doesn't understand what somebody else was thinking or expecting, and fails to make a smooth transition between the two pieces of code. Sometimes the transition appears smooth, but the underlying complexity scuttles system security in the end.The key to solving this problem is the open source movement, and its propensity for keeping code development simple and ego-free." Open Sources: Wild ICAT adventure (cont.) (ZDNet). ZDNet reports on the ICAT project. "The idea: to make it possible to search for specific security vulnerabilities in computer systems and locate appropriate databases, fixes and patches". Via the offices of Alan Paler (SANS Institute), it appears that the National Institute for Standards and Technology (NIST) may pick up the tab for an expanded ICAT program in the future. Security Reportsglibc vulnerabilities. This week has been full of advisories from various Linux distributions regarding two severe problems with glibc. Confusing the issue, more than one vulnerability is involved and they were reported at different times. That means that some of the updates only fixed the first reported problem, while others fixed both problems. We'll try to sort out the confusion.
ld.so environment variable vulnerability. Advisories for this problem showed up last week before we even found this report on BugTraq, from Solar Designer, about the problem. The following updates, which came out last week, address just this problem: format string vulnerability in locale. The locale subsystem in glibc is used to provide internationalization support. A format string vulnerability in locale can be locally exploited to gain root access (or in some cases, remotely exploited). Note that this problem is not specific to Linux; it has also been reported to affect several Unix operating systems, though FreeBSD and OpenBSD are apparently not impacted. The following updates address both the environment variable vulnerability and the locale vulnerability: PHP upload vulnerability. A PHP vulnerability was reported based on the manner in which PHP handles file uploads. Rasmus Lerdorf acknowledged the problem, provided a patch and indicated that the PHP CVS archives now also include this patch. Also of interest may be this post from Signal 11, which includes a user code snippet for detecting and preventing an exploit based on this vulnerability.Star Office phones home. Last week, there was a large hullabaloo about the discovery that the Microsoft Office file formats allowed embedded HTML to be executed by a user without their knowledge. This was referenced as a document format being able to "phone home". Although the capability is potentially useful, there was strong agreement that an application should warn the user first, to prevent this capability from being exploited for malicious or anti-privacy purposes. This week, Kurt Seifried pointed out that Star Office also 'phones home'. He verified that StarWriter, StarCalc and StarImpress all use file formats in which embedded HTML text is automatically executed, without any warning to the user. No response from Sun about this problem has been seen as of yet. Helix go-gnome script. In addition to their binary installer, Helix Gnome also offers an installation script, "go-gnome". Another BugTraq posting has reported that this script suffers from the same problems previously reported in their binary Installer. The vulnerability can be used to overwrite any file on the system Both a workaround and a patch for go-gnome are provided in the original report. In addition, Helix Gnome has issued an official update to go-gnome. Helix continues to take criticism for their responsiveness to security problems, since the initial posting was sent a week before to Helix without receiving a response. In addition, the original bug report and this followup both pointed out additional security issues to which Helix has not responded. Further postings indicate that the problem has been reported, in multiple forums for over a month and a half. screen setuid root vulnerability. A vulnerability in screen 3.9.5 and earlier that can be exploited by a local user to gain root was recently reported. Note that screen must be installed setuid root in order to be exploited.
Remotely exploitable mopd vulnerabilities. FreeBSD issued an advisory warning of several vulnerabilities in mopd that are remotely exploitable. No specific details are provided, but people using MOPD (an older protocol used for booting older DEC machines such as VAXen and DECstations across the network) are encouraged to either remove the mopd port or upgrade their mopd packages.FreeBSD's Linux binary compatibility mode. A potential kernel stack overflow in FreeBSD's Linux binary compatibility mode can lead to a system compromise, reports FreeBSD. An upgrade to the latest FreeBSD 3.5-STABLE, 4.1-STABLE or 5.0-CURRENT should fix the problem. This problem should be limited to FreeBSD. FreeBSD ELF lockup. Also specific to FreeBSD, a system lockup can be triggered by a problem with the ELF binary format. This leaves the system vulnerable to a local denial-of-service attack, since a 15 minute hang can be triggered by an unprivileged user. A kernel patch is provided, or the system can be upgraded. brouted gid kmem vulnerability. FreeBSD issue an advisory warning that the brouted dynamic routing daemon is erroneously installed setgid kmem. As a result, it can be locally exploited to gain root access. Removing the setgid bit should fix the problem. Updated packages have also been made available. This vulnerability could impact other operating systems that include the brouted daemon. GNOME esound file permissions problem. FreeBSD has reported a file permissions problem in esound, the GNOME desktop component responsible for multiplexing access to audio devices. esound uses a world-writable directory in /tmp for the storage of a Unix domain socket. A race condition allows this to be exploited to compromise the esound user's account (or root, if root runs esound). FreeBSD has made updated packages available and contacted other vendors about the problem.Commercial products. The following commercial products were reported to contain vulnerabilities: UpdatesPGP ADK-related security problem. In last week's Security Summary, we mentioned that the information available was unclear as to whether the freeware version of PGP for Unix/Linux was affected. Greg Louis dropped us a note to point out that the available information was updated soon after publication. On this website, a clear statement is made that the freeware version of PGP for Unix/Linux version 6.0-6.5.2 are vulnerable. An upgrade to PGP 6.5.8 is recommended. Happily, that version is now available for download. Zope 'mutable object' vulnerability. Check the August 24th Security Summary for details. Two fixes have been released for this problem; only the most recent one fixes all issues. The updates below are ones that contain the second fix. Check the August 17th Security Summary for additional distribution updates that include the first fix only. This week's updates: Older updates:
mgetty temporary link vulnerability. Check last week's Security Summary for details. An upgrade to mgetty 1.2.22 should fix the problem. This week's updates: Older updates:Netscape 'Brown Orifice' vulnerability.Check the August 10th Security Summary for more details. This week's updates: Older updates:
perl/mailx. Check the August 10th Security Summary for details. This week's updates: Previous updates:
xlockmore. Check the August 24th Security Summary for details. An update to xlockmore 4.17.1 is recommended.This week's updates: Older updates:
xchat URL handler bug. Versions of xchat from 1.3.9 through and including 1.4.2 can allow commands to be passed from IRC to a shell. Check BugTraq ID 1601 for more details. This week's updates: Older updates:
ResourcesPortable OpenSSH 2.2.0p1. Version 2.2.0p1 of portable OpenSSH was announced this week. The new version now includes DSA key support, Random Early Drop connection rate limiting, and improved interoperability with SSH.COM's ssh 2.3.0. ICMP Usage In Scanning v2.0 - Research Paper. Ofir Arkin has issued an updated version of his research paper on the use of ICMP in scanning the Internet for host detection, operating system fingerprinting and more. Jukka Lahtinen minicom. Check last week's Security Summary for details. No official updates have been seen as of yet. Unofficial reports indicate that Red Hat 6.1 and 6.2 and Slackware 7.0 are vulnerable and that SuSE, Linux-Mandrake, FreeBSD, Debian and (reported this week) Conectiva are not vulnerable.EventsSeptember/October security events.
Section Editor: Liz Coolbaugh |
September 7, 2000
| ||||||||||||||||||||||||||||||||||||
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Kernel page. |
Kernel developmentThe current development kernel release remains 2.4.0-test7. No new development kernel has come out since August 23. In the testing area, however, things are active with the latest prepatch being 2.4.0-test8-pre6. Those wanting to try the testing releases should approach with caution, however; the releases through -pre5 have had some serious file corruption problems. The debugging effort took some time, and was not helped by the simultaneous emergence of a corruption bug in the pine mailer which was, ironically, triggered by a particular message on the BUGTRAQ list. The bug (the kernel bug, that is) turns out to have been introduced in 2.3.7, over a year ago. Recent changes have brought it out, however. Once it was found, a couple of fixes of the "brown paper bag" variety went in, until Linus finally tracked it down. As he put it: Thanks, and THIS time it really is fixed. I mean, how many times can we get it wrong? At some point, we just have to run out of really bad ideas.. As always with development kernels, be careful out there... especially given that the -pre6 patch announcement from Linus expresses a rather lower level of confidence. Meanwhile, Daniel Stone has been working on a press release for the 2.4 kernel, whenever it should come out. (The release is optimistically dated September...) The current stable kernel release is 2.2.17 - finally. The 2.2.17 release was officially blessed and announced on September 4. Work on 2.2.18 had actually begun before 2.2.17 came out; the latest announced prepatch is 2.2.18pre2; there is actually an unannounced "pre3" patch out there as well. The 2.2.18 series has started off with a number of "higher risk" updates - things which Alan Cox did not want to put into 2.2.17. Perhaps most significantly, the USB backport from 2.4 is there; most vendors were already shipping kernels with 2.4 USB anyway, so putting it into the official version won't change much. The ritual call to see the updated NFS code in 2.2.18 has gone out. Alan is, so far, resisting. The new NFS code fixes a lot of problems (and adds NFSv3), but it's still a big change for a stable kernel series. The current ancient kernel prepatch is 2.0.39pre7, which was announced on September 2. Unless something changes, this will be the last of a very long-running prepatch series, and the 2.0.39 stable kernel release will happen at some point relatively soon. TUX is loose. Ingo Molnar got the Linux world's attention last June, when his "TUX" subsystem established the world SPECweb record for web page serving. Since then, however, things have been quiet on the TUX front; in particular, no source has been forthcoming. That changed on September 1 when Ingo announced the first Alpha source code release. TUX is now loose. Of course, this code is not something you would want to put on your main corporate server at this point. It was bleeding edge when it ran the SPECweb test, and has seen a fair amount of development since then. There are no guarantees with this release, except that, as stated in the announcement, "if it breaks you get to keep both pieces." It is, nonetheless, interesting to see what has been done to create such nice results. TUX is, as stated, a kernel-based HTTP server which is oriented toward static content. Even highly dynamic sites can have a lot of static content - images, for example. TUX gets that content out quickly by avoiding a lot of the overhead involved in a user-space web server. In addition, a number of tricks can be employed when you are running within the kernel. For example, TUX not only caches the busiest files, it also caches the computed TCP checksums to avoid having to do that work over and over again. TUX can also work with high-performance network cards to avoid copying file data within the kernel. Also part of TUX is an exported hook which can facilitate the caching of dynamic content. Often dynamically-produced pages are always the same for the same URL "input," and the work of generating them can be avoided through proper caching. Making use of this capability requires changes to the (user space) code which generates the dynamic content. TUX will never be able to handle the entire job for many sites, however. Thus, it relies on a user space web server daemon; whenever TUX encounters something it can't deal with, it just passes it on to the (presumably smarter) user space server. The TUX developers are aiming at a stable release of the code sometime in September. Thereafter, don't be surprised if it starts showing up on web sites worldwide. (For more information, see the TUX README file that comes with the distribution). Is zero-copy TCP worthwhile? A certain Jeff Merkey of the Timpanogas Research Group spent quite a bit of time criticizing the Linux kernel for copying network data too many times. After all, says Jeff, both NetWare and his own MANOS (NetWare replacement) system do zero-copy TCP, and thus must be better. Is Linux really that poorly implemented? The answer turns out to be "no", for a couple of independent reasons. On the purely technical side, the standard output path for TCP data only copies that data once - and that happens as part of moving the data into kernel space and computing the TCP checksum. So it would prove hard to improve much on that code. The other interesting point of view, however, came from Linus, who points out that zero copy is often not the performance win that people think it is. By the time you have done all the overhead required to do a zero-copy operation (pinning the user page in memory, setting up the scatter/gather DMA operation, etc., and cleaning up afterward), you might as well just have copied the data. Zero copy is a nice idea that often is not so practical in the real world. That notwithstanding, Ingo Molnar pointed out that the TUX webserver implementation includes a zero-copy scheme. No NDS for Linux - to spite Microsoft?. The Timpanogas Research Group, headed up by Jeff Merkey, has announced the withdrawal of its promise to provide an open source Network Directory Services (NDS) implementation for Linux. Instead, TRG will concentrate its efforts on its own (open source) "MANOS" operating system. The press release included this interesting comment: It is not our desire at this time to hand Microsoft or anyone else an open source 'scythe' they can use to harvest the NetWare(TM) installed base until a competitive Open Source NetWare NOS is available for Novell's customers to consider.
It is an interesting view - somehow providing an open source implementation will allow Microsoft to snap up all the Novell users who are, presumably, looking for a new vendor. Mr. Merkey reiterates this claim in another post where he states: "If we post it, Microsoft will grab it and it will be in NT within 48 hours of them downloading it from our site." This sort of thing, of course, is what the GPL is for. It is a sad world indeed if contributions to Linux are pulled out of fear that Microsoft might use them. If Microsoft picks up some Linux code and uses it in accord with the terms of the GPL, then there is nothing for anybody to complain about. After all, one of the criteria for free software is that it cannot discriminate against users. If the GPL is not respected, it's time to call out the lawyers. Fear of Microsoft is no reason to withdraw kernel contributions; one suspects that a more complicated agenda is at work here. Why is there no Linux kernel debugger? A certain Jeff Merkey posted a message to linux-kernel giving a different reason for the withdrawal of the Linux NDS effort. It seems that the real problem is that the kernel debugging facilities for Linux are inadequate. The lack of a Kernel Debugger and other basic kernel level facilities on Linux make TRG's job about 20 times harder on Linux and take almost 10 times as long as is possible on NT, NetWare, or MANOS to develop software as a result of this.
Mr. Merkey has found himself to be rather less alone with this one - numerous people wonder just why a kernel debugger is not part of the mainline kernel itself. See, for example, this poston the absence of kdb. The reason there is no debugger in the Linux kernel is, of course, because Linus does not want it there. This time, though, it was David Miller who came to the defense of this policy. The basic idea, which mirrors things Linus has said over the years, is that having an interactive debugger causes developers to focus on symptoms, rather than on what is really going on. According to David, some elbow grease invested in tracking down problems the hard way pays off in both a higher quality fix and a deeper understanding of how the kernel actually works. The whole debate is long (and ongoing). For those interested in the soundbite version: "Hard work now leads to less work later."Linus's views on the subject are well known, and he has the last word on such topics. So there will be no debugger distributed with the kernel source. A number of such tools do exist, of course; they just have to be downloaded separately. Other patches and updates released this week include:
Section Editor: Jonathan Corbet |
September 7, 2000 For other kernel news, see: Other resources: |
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Distributions page.
Lists of Distributions |
DistributionsPlease note that security updates from the various distributions are covered in the security section. News and EditorialsRed Hat claims huge Linux lead, rivals growing (News.com). News.com reports on the latest IDC study which shows Red Hat having the bulk of the Linux market. "Linux companies argue there is more competition between Linux and other operating systems than there is among versions of Linux itself. But Red Hat's aggressive push to have its brand name associated as closely as possible with Linux reflects the land grab under way as companies seek to establish as much dominance as possible of the up-and-coming operating system." Distribution ReviewsSlackware Linux 7.1 (Duke of URL). The Duke of URL has put out a review of Slackware Linux 7.1. "Slackware is one of the best distributions around in the currency of its applications. In fact, I've never seen a more current distribution in all my years of using Linux. They're really raised the bar with KDE 1.91 and XFree86 4.0, and kernel 2.2.16, and proves that Slackware has more priorities than just staying close to UNIX. Thanks to Slackware, Linux never looked so good." New DistributionsFTOSX. FTOSX is a new distribution from Future Technologies. They promise support for all the latest Linux technologies. Interestingly enough, this not only includes the Linux 2.4 kernel, but also the Linux 3.0 kernel ... which, of course, does not yet even have a development tree. They also plan to have their own desktop environment, FTKDE, based on KDE 2.0 and FTX, which is called "a [sic] X Window porting based on 4.0". Their primary filesytem will apparently be ReiserFS. All of this is just a plan, though. The first FTOSX beta is not due out until October sometime. "We promise something new and more easy than actual Linux distributions.". [Thanks to Nicolas Verite]. MageNet Linux Server. The MageNet Linux Server distribution is based on Red Hat, but tailored to add or replace services according to their own preferences. For example, they have chosen to replace wu-ftpd with proftpd, ircII 4.x with ircII EPIC, and more. Their goal is a distribution with better security and more features than Red Hat 6.2. [From Freshmeat]. Scrudgeware. "A totally free operating system" is the goal of Scrudgeware. To that end, they have pledged to include only "GNU/GNOME/GPL" software. They are also designing the sytem to eliminate redundancies, so rather than include, for example, both KDE and GNOME, they have chosen to focus on GNOME and provide that exclusively. Of course, the licensing issues that might have influenced their decision originally have changed with his week's announcement that Trolltech is also licensing the latest Qt library under the GPL. However, we'll hazard a guess that they won't change their choice as a result. [From Freshmeat]. General Purpose DistributionsLinux-Mandrake News. Ulysses, Linux-Mandrake's first beta for their 7.2 release, has been announced. It includes KDE2 beta 4, enhanced installation and administration tools, XFree86 4.01, and CUPS as the default print system, among many other changes. "Please keep in mind that Ulysses is an experimental Operating System, it's not for daily use! The goal of beta testing is to help debug it and Ulysses is sure to contain things that are broken. Use with care!" Joining a number of other distributors, MandrakeSoft has announced that it is publishing an enterprise version of its distribution. Linux-Mandrake Corporate Server 1.0 will include things like ReiserFS, an automated installation tool, and something referred to as "the amelioration of multiprocessor treatments." It will be available in Intel and Sparc versions. MandrakeSoft also announced that, according to PC Data, Linux-Mandrake sold the most units of any distribution in the U.S., with 31.5% of the market. They are also pleased to have received the "Editor's Choice" award from Linux Magazine. SOT launches BestLinux developer site. SOT has announced the launch of its BestLinux.org developers' site. SOT is based in Finland and their Best Linux distribution supports Finnish, Swedish and English. Debian GNU/Hurd. A new issue of the Kernel Cousin Debian Hurd is available. If it is accurate, then there were only been two posts to the debian-hurd mailing list during the last two weeks of August -- possibly a sign of the start of the new college semester. Slackware News. A new development tree for Slackware was made available this past week. The "current" tree already includes Netscape 4.75, XFree86 4.0.1, inn-2.3.0 and several glibc security fixes (check the Security Summary for more details). Embedded DistributionsPeeWeeLinux 0.5.1. A new, minor update to PeeWeeLinux has been announced, PeeWeeLinux 0.5.1. "A command-line driven interactive script to load target devices has been added. Supported devices are any hard drive, including Compact Flash devices and floppy disks." The new script is called rd_dialog and loading of compressed RAMdisks for FAT and ext2 partitions is supported, among others. Special Purpose/Mini DistributionsBYLD 1.0. The first stable release of Build Your Linux Disk (BYLD) was announced with minimal fanfare. Changes from the previous beta release are minor. BYLD is a mini-distribution primarily intended as starting place for people who want to "roll their own" distribution. It installs onto a single floppy disk and is sometimes used to build rescue disks or portable network clients. Redmond Linux Beta1 Refresh. Redmond Linux is a relatively new distribution that caters to the non-technical end-user. It is based on Caldera OpenLinux. Their beta1 refresh version was announced last week and includes the 2.4.0-test3 kernel, KDE2 beta 4, an updated installer, and more. Section Editor: Liz Coolbaugh |
September 7, 2000
Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Development page. |
Development projectsBrowsersMozilla-Europe 2000. The Mozilla-Europe 2000 meeting has been announced. The conference will be held near Frankfurt Germany on September 23 and 24, 2000. InteroperabilityInstalling & Using WINE (LinuxNewbie.org). LinuxNewbie.org has put up a help file on installing and using WINE. "...the best way to find out if a program will run under WINE, is to just try it. Sometimes compatible programs won't run, sometimes programs thought not to be compatible, will run. Just try it. You won't break anything. :)" Wine Weekly News for September 4, 2000. The Wine Weekly News #59 for September 4, 2000 has been published. Take a look for the latest Wine development news. Network ManagementOpenNMS update. Here's the OpenNMS update for September 5, covering the latest happenings in the quest to create an open network management system. Among other things, the project is looking to hire developers... Moodss-11.10 announced. Version 11.10 of moodss has been announced. Moodss, the Modular Object Oriented Dynamic SpreadSheet is a tool that is used for dynamically monitoring changing system information with a graphical or tabular display. Office ApplicationsAbiWord Weekly News. The AbiWord Weekly News for August 31, which actually covers two weeks, is out. Eye of Gnome 0.5 released. The Eye of Gnome version 0.5 image viewer has been released. This is the last release of EOG before some major reworking commences. On the DesktopKDE 2.0 release schedule. A new KDE 2.0 release schedule has been posted. It calls for the first release candidate on Thursday, September 14, and the official 2.0 release on October 16. Qt 2.2 and Qt Designer released. Trolltech has announced the release of Qt 2.2. Many new features are included, including the new "Qt Designer" GUI builder. The announcement does not mention it, but this is the version which is covered by the GPL. KDE Licensing Information. Rik Hemsley and Matthias Elter have put together an extensive list that details all of the licenses that are used in the base KDE source code tree. GNOMEnclature: Handling multiple documents (DeveloperWorks). IBM's DeveloperWorks site has put up a lengthy, technical article on using the GNOME MDI class. "In this installment, George Lebl turns away from widgets to look at GnomeMDI, the Multiple Documents Interface from gnome-libs. GnomeMDI makes it easier to handle a variety of different documents at the same time in one program." ScienceFreeGIS CD v1.0.4 available. The latest packaging of the FreeGIS tools has been announced. An update on FreeGIS in general can also be found in the announcement - it looks like the pace of this project, which is putting together a collection of free Geographical Information System tools, is picking up. Open Source Medical Project. Linux Med News has updated its Open Source Medical Project list recently. Numerous new additions have been added to bring the total to 29 applications. Web-site DevelopmentMidgard Weekly Summary. Here is the Midgard Weekly Summary for August 31. It covers the release of Midgard 1.4b5, and various other topics. Zope Weekly News for September 6. The September 6 edition of the Zope weekly news is out. News includes a zope.org mirror site, a new Zope security document, and skins for Zope. Section Editor: Forrest Cook |
September 7, 2000
|
|
Programming LanguagesErlangErlang 5.0 beta released. A new beta release of Erlang 5.0, known as release R7A has been announced. See the R7A release highlights for a preview of the changes and new features. PerlPerl 5.7.0 released (use Perl). Use Perl has posted this announcement about the release of Perl 5.7.0. "As promised when 5.6.0 came out, Perl 5 has now been clearly separated into stable maintenance releases and unstable development releases. Releases with even version numbers (6, 8) will be maintenance releases and odd version numbers (7) will be development releases." Review of Programming Perl, Third Edition (DeveloperWorks). IBM's Developer Works has run a review of the third edition of the book Programming Perl. "The third edition of Programming Perl is impressive from the start. It has almost double the page count of the second edition. The cover is the same, except for the discreet banner in the top right corner, the TMTOWTDI ("There's More Than One Way To Do It") slogan at the top, and the list of authors. The similarity is only skin deep, however, as a look at the table of contents will quickly dispel any illusions that this book is only a revision." Perldoc website announced. A new web site, perldoc.com, has been announced. This site is being maintained by Carlos Ramirez and offers a searchable html version of the Perl 5.6 documentation. A useful entry for the perl programmer's bookmarks file. The site also contains an archive of CPAN, the Comprehensive Perl Archive Network. German Perl Workshop 3.0. The third German Perl Workshop is being held February 28 through March 2, 2001 near Bonn, Germany. Abstract submissions should be sent in until October 23, 2000. University of Perl 2000 (O'Reilly). O'Reilly has announced the University of Perl 2000, a traveling Perl boot camp to be held in Seattle, Los Angeles, Atlanta, and New York City during October. FreeWRL 0.26 released. A new release of FreeWRL has been announced. FreeWRL is a Perl based open source VRML browser for Linux. FreeWRL is licensed under the GPL license. PythonPython releases. Python 1.6, the last in the 1.* series, has been released. Meanwhile, for the more bleeding-edge oriented, the first beta of Python 2.0 has also been released. (Thanks to Kalle Svensson). Also see the announcements for Python 1.6 and Python 2.0b1 from Guido van Rossum. Linux.com interviews Guido van Rossum. Linux.com has interviewed Guido van Rossum, creator of the Python language. "2.0 will have several syntax extensions over 1.6, e.g. augmented assignment, list comprehensions, and an extension to the print statement. It will also have lots of XML support (mostly integrating the good work done by the XML-sig) and a new garbage collection feature, which will collect cyclical garbage for the first time in Python's life." Python-dev summary for August 16-31. Here is A.M. Kuchling's Python-dev summary for August 16 to 31. It covers the "any day now" first beta release of Python 2.0 and many other topics in the Python development arena. This week's Python-URL. Here is Dr. Dobb's Python-URL for September 5 with the latest in Python development news. XML Processing With Python(Themestream). Themestream has run this article by Steven Vore on processing XML with Python. "This is not a normal book review. In fact, I'm leery of calling it a review at all. In reality, these are my notes taken while reading & working through examples in XML Processing With Python By Sean McGrath." Tcl/tkThis week's Tcl-URL. Here is Dr. Dobb's Tcl-URL for September 4 with the latest in Tcl development news. Software Development ToolsSection Editor: Forrest Cook |
Language Links Erlang Guile Haskell Blackdown.org IBM Java Zone Perl News PHP Daily Python-URL Python.org JPython Smalltalk Tcl Developer Xchange Tcltk.com |
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Commerce page. |
Linux and BusinessTime for a fun Linux toy. A company called "iRobot" has put out an announcement for its new product: the "iRobot-LE." It's a Linux-powered robot aimed at household use; it can be monitored and controlled from anywhere on the net via a web browser. It can climb stairs, and has sonar and infrared systems for avoiding obstacles. Suggested uses include monitoring the babysitter, home security, and even communication with people in the house - though the legacy "telephone" technology still tends to work well in application as well. All for a mere $4,995. iRobot's technical specifications page talks a bit about what's inside; it's running a 450 MHz AMD K6 processor, 64MB memory, and a 6GB disk. It has USB and wireless ethernet connections, a video camera, and a temperature sensor. They don't say whose distribution it is running, but the reference to "Linux 6.2" on the FAQ page gives a clue. It's running a version of Apache with SSL enabled. An obvious concern with a system of this type is going to be security. After all, some care should be taken before placing a web-controllable, mobile device with audio and video capabilities at large on one's house. iRobot's security seems to be based mainly on SSL security and passwords; as long as you keep a handle on your password, the thing should be reasonably safe. That assumes, of course, that nobody turns up a bad Apache bug, that there are no Apache configuration mistakes on the device, and that the robot is not running any other services which could be compromised. Experience says that the software on this system is likely to need an update sooner or later; one hopes that the iRobot folks have a mechanism in place to deal with the likely trouble. A related issue of concern: a device with a name like "iRobot" should certainly come with a statement of compliance with the Three Laws of Robotics, but none such appears on the web pages... The IBM Asia Pacific Linux Initiative. IBM's Linux support moves into the Asia Pacific region with its Asia Pacific Linux Initiative. According to this announcement IBM will be spending more than $200 million over the next 4 years. The company already has "Solution Partnership Centres" in Tokyo, Shanghai, Sydney, Seoul and Bangalore. These provide a single point of contact for Linux developers to access the systems, software and technical skills of the online IBM resources. In addition, several "Linux Competency Centers" will be funded throughout the area, setting up alliances, deploying consultants, and more. The DeveloperWorks site will appear in Japanese and Chinese versions. IBM is partnering with TurboLinux for some of this work. RSA patent released into public domain. RSA Security Inc. has announced that the RSA public key encryption patent has been released into the public domain. The act would have been rather more generous a few years ago - this patent is, after all, set to expire in two weeks. It is still something to celebrate, however; one of the fundamental cryptographic algorithms is finally free. M-Systems and LynuxWorks announce DiskOnChip support for BlueCat Linux. M-Systems has announced that LynuxWorks will be including DiskOnChip flash memory support in BlueCat Linux. Press Releases:Open Source Products.
Commercial Products for Linux.
Products with Linux Versions.
Java Products.
Books & Training.
Partnerships.
Personnel.
Linux At Work.
Other.
Section Editor: Rebecca Sobol. |
September 7, 2000
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Linux in the news page. |
Linux in the NewsKDE, Qt, and GNOMEGood news for KDE:Trolltech adds GPL option to Qt (ZDNet). A report on the Qt licensing change. "One happy beneficiary of Qt's new GPL license is KDE, the most popular Linux desktop environment, which is currently vying with GNOME to be the preferred environment for mainstream Linux developments. KDE, an open source project itself, has occasionally been shunned by open source advocates due to its dependence on the non-GPL Qt."
Barrier lowered between Linux interfaces (News.com). Another report on the Qt license change: "The change means the KDE user interface, which is based on Trolltech's Qt, will now compete on a more equal technical basis with the Gnome user interface, which is based on the GTK+ library. In a series of flame wars in recent years, debaters have often focused on the legal underpinnings of the two user interfaces."
.comment: Peace in Our Time? (LinuxPlanet). LinuxPlanet talks with Nat Friedman and Miguel de Icaza about the Qt license change. "I don't think it changes things, because people who actually care about licenses are a minority of the software world. That's why KDE got so much popularity independent of whether it had license problems or not. But it's going to help a lot of people who finally can have a free desktop, and that's good." It's the apps, stupid (ZDNet). Here's a column on GNOME and KDE. "To their credit open source developers, by and large, have ignored the battle analyses and just kept coding -- and that's good news for all of us. For as Linux gets better, as GNOME and KDE keep pushing each other, as open source desktops continue to increase in popularity and attract more applications, we all win and nobody loses." CompaniesOpen Source NetWare Thorn To Novell? (ZDNet). ZDNet looks at the Timpanogas Research Group and its plan to produce an open source NetWare clone. "Now, TRG is free of a two-year court order preventing it from writing any code, according to Merkey, the company's CEO. TRG expects to deliver its open source Metropolitan Area Network Operating System in the second half of 2001. The OS will run a 'NetWare-like SMP kernel' and will support NetWare directory, file and print protocols, Merkey says. In addition, MANOS will be able to run Linux applications, and will be released under the Gnu Public License, which lets users freely distribute, copy and modify the source code."
Transmeta's Stock Offering May Buck a Cooling Trend (NY Times). The New York Times covers Transmeta's IPO filing. "Despite Mr. Torvalds's presence, Transmeta is not a company whose business is based around the Linux operating system; it is a semiconductor company that plans to use Linux in conjunction with some of its chip designs. Nonetheless, some analysts and money managers raise the specter of slumping Linux-related stocks when talking about Transmeta." BusinessConoco hopes to hit oil with slick supercomputer (News.com). News.com looks at Conoco's new cluster. "The computer uses dozens of single- and dual-processor Intel-based computers connected by a 10-mbps network, 10 terabytes of hard disk storage and a tape library. The company declined to provide further details on the hardware."
Four industry giants back new lab for Linux R&D (Computerworld). Here's an article about the Open Source Development Lab. "Dan Kusnetzky, an analyst at International Data Corp. in Framingham, Mass., agreed, saying that the only way Linux will be ported to large-scale hardware will be through the creation of such a lab, where independent developers will have hands-on access to leading-edge machines."
Will Linux Group Burn Sun? (ZDNet). Here's an article that sees the Open Source Development Lab as a potential anti-Sun conspiracy. "Publicly, the new Open Source Development Lab (OSDL) hopes to promote Linux in the enterprise. But privately, the OSDL-funded by HP, IBM, Intel and NEC USA-may be plotting against Sun Microsystems."
Sun helps Linux go global (News.com). News.com has put up this article on Sun's release of its internationalization software. "The software is a layer that makes it easier to write software onto which any number of languages can be grafted. A program written to use the layer can be more easily shifted so Japanese as well as French people can use a program. Currently, Linux software is typically rewritten for each new language." (Thanks to César A. K. Grossmann). ResourcesLinuxDevices.com Embedded Linux Weekly Newsletter. The LinuxDevices.com Embedded Linux Weekly Newsletter for August 31 is out. As always, it contains a comprehensive summary of happenings in the embedded Linux world.
MP3 on Linux HOWTO (DukeOfUrl). The DukeOfUrl site has put up an article on working with the MP3 audio format with Linux systems. "In fact, odds are if you have a Linux machine, you already have all the tools you'll need to create and MP3, you just might need some command-line advice."
Linux Hardware Support Survey Part 1: Motherboards (Signal Ground. This article takes a look at how well various motherboard manufacturers support Linux. The research was done by looking at each manufacturer's web site and looking for Linux references. "What we found surprised us and even made us laugh out loud at times. Sadly, the hardware world is still overwhelmingly Windows-centric. But there were some glimmers of enlightenment in this sea of companies, and we'll recommend companies to deal with if you're a penguin at heart."
Poll: most important software tools (LinuxDevices.com). LinuxDevices.com is running a poll of embedded Linux developers in an attempt to find out which are the most important software tools in that arena. If you have opinions on the matter, you might want to head on over and share them.
Linux Buyer's Guide IV (DukeOfUrl). The DukeOfUrl has released its latest Linux Buyer's Guide. "AMD is back in the lead and with authority. Once again, I do not choose an SMP setup here because many applications are just not multi-threaded yet. Our goal here is to put together a realistic dream machine, not a wasteful one." ReviewsFrom Old PC To Powerful Server (ZDNet). ZDNet reviews Cybernet's NetMAX Professional Suite. "Installation isn't pretty during the first section, consisting of bewildering Linux text messages scrolling up the screen. Linux-phobes aren't asked to do anything even resembling a command, however; the program just answers a few quick questions and continues to the browser-based installation screens, which are clean and attractive." (Thanks to Louie L. Lindenmayer III). InterviewsInterview: Quentin Cregan (O Linux). O Linux interviews SourceForge developer Quentin Cregan. "SourceForge's role in Open Source appears to be becoming (hopefully) the base carrier of content. Geocities for Open Source, if you like =) We think it's great that so many developers can come to one place, and find so much freely downloadable and modifiable software." FinallyA lab of one's own (Upside). This column covers the Open Source Development Lab, the upcoming MacOS X release, and a sighting from LinuxWorld: "Recent attendees of the LinuxWorld Convention and Expo may have spotted the offending T-shirt: A cartoon image of the BSD 'daemon' mascot and Tux, the Linux penguin mascot, er, re-enacting the famous love scene from 'Deliverance.' The caption: 'Plugging Linux Security Holes since 1994.'"
Hypocrisy: An Open Source Closed Community (LinuxPower). Here's a column from somebody who had a bad day at LinuxWorld. "The slashdot camp expects to be treated like kings, with the open source community as their court. Perhaps they have forgotten that one of the wonderful things about the open source community is that we're all equals." (Thanks to Charles Chapman). Section Editor: Rebecca Sobol |
September 7, 2000 |
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Announcements page. |
AnnouncementsFree Software Job Website. Lolix.org is a job site for the Free Software community. Employers may post job descriptions and potential employees may post resumes. The original site is for France, a United States version is being beta tested. ResourcesTop Ten Tips for Linux. O'Reilly presents some useful tips for Linux users. "These tips may seem simple, but I've found it's often the simple tricks that are the most useful in day-to-day work." Linux Gazette #57 released. The September 2000 issue of the Linux Gazette is out. LinuxFocus for September. LinuxFocus Magazine has released the September 2000 issue. EventsPanel on the Open Source Movement at ESC. This year's Embedded Systems Conference will feature a debate on the topic: "The Open-Source Movement: Boon or Bane for Embedded Systems Developers?". The debate is scheduled for Monday, September 25 at 6:00 p.m. September events.
Additional events can be found in the LWN Event Calendar. Event submissions should be sent to lwn@lwn.net. Web sitesOpen Source Website. Planet Source Code has announced that its authors have made over a million lines of Open Source code available on the site to the computer programming public. The launch of Linux2order.com. Linux2order.com, a Web-based company, announced the launch of its website, offering software applications and utilities for the Linux operating system, User Group NewsLUG Events: September 7 - September 21, 2000.
Additional events can be found in the LWN Event Calendar. Event submissions should be sent to lwn@lwn.net. |
September 7, 2000 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Software Announcements
|
Our software announcements are provided courtesy of FreshMeat
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Back page page. |
Linux Links of the WeekThe OpenAL project has set itself the task of creating a new library for handling high-quality sound; it sees itself as the analog of the OpenGL graphics library. The effort is supported by Loki and other vendors. Doc Searls' weblog is usually a source of something interesting - and often even Linux-related as well. Section Editor: Jon Corbet |
September 7, 2000 |
|
This week in historyTwo years ago (September 10, 1998 LWN): industry journalists complained in a big way about being flamed by Linux Zealots - something that has changed little since. Prediction of the week: Linux will never go mainstream. But it will have a powerful influence nonetheless. Perhaps it depends on your definition of "mainstream"... The development kernel was 2.1.121. A fair amount of controversy surrounded the addition of the QNX filesystem, since the kernel was alleged to be in a feature freeze at the time. Oracle announced its first set of marketing partnerships, with Red Hat, VA Research (now VA Linux), Pacific HiTech (now TurboLinux) and S.u.S.E. (now SuSE). Dell, it was revealed, had been selling Linux-installed systems to a few big customers for a year, despite its public denials that there was even interest in such systems. An interesting press release came out. Here's a quote from LWN's coverage: Seems that the "Timpanogas Research Group, Inc." is looking for investors so that they can "complete development and product launch for its VNDI (Virtual Network Disk Interface) Technology," which will be available under Linux. They had $2M in initial capital, but blew $1.4M of it in litigation against Novell. All is not bad, however: "On the positive side, due to the litigation costs, TRG posted a tax credit of $1.6 million dollars for FY97 returns that the company can carry forward and credit against future sales of its products." They're looking for another $2M... A look at this week's kernel page will show where TRG has gotten in the intervening two years... One year ago (September 9, 1999 LWN): Licensing problems turned up with some of the code distributed with Bind 8.2, a crucial piece of network infrastructure. In the end, all was worked out, but it showed the kind of difficulties that licensing conflicts can cause. SCO distributed a brochure in northern Europe: Linux at this moment can be considered more a play thing for IT students rather than a serious operating system in which to place the functioning, security and future of a business. Because Linux is basically a free-for-all it means that no individual person/company is accountable should anything go wrong, plus there is no way to predict which way Linux will evolve They certainly failed to predict how things would evolve... Quote of the week: Any time you're sort of slacking off or saying you're thinking of taking a day off our president says, 'You know, I'll bet Bill Gates is working today.'
The latest, greatest NFS patches were withheld from the 2.2.12 (and later) stable kernel release, due to fears that they would destabilize things. Caldera 2.3 was launched this week. MandrakeSoft announced the opening of its Chinese offices, in cooperation with a little-known company called LinuxOne. Red Hat, meanwhile, announced "Lorax", the beta version of its 6.1 release. | |
|
Letters to the editorLetters to the editor should be sent to letters@lwn.net. Preference will be given to letters which are short, to the point, and well written. If you want your email address "anti-spammed" in some way please be sure to let us know. We do not have a policy against anonymous letters, but we will be reluctant to include them. | |
From: Robert Graham Merkel <rgmerk@mira.net> Date: Thu, 31 Aug 2000 17:01:45 +1100 To: letters@lwn.net Subject: Re: "Let's move towards easier software installations" In LWN 31/8/2000, Larry Kollar wrote a letter his experiences installing GnuCash on LinuxPPC. It's unfortunate that he found installing gnucash tedious. The GnuCash developers (of whom I am one) are trying to make the installation from source easier, even though, as Mr Kollar pointed out, installing from the binary RPM would have been much easier. However, the statement ". . .that an important user app like Gnucash should be WM-agnostic anyway" suffers under the misconception that GNOME (and KDE, for that matter) is a window manager. While GNOME works best with window managers that support its extensions, GNOME is far, far more than the set of panel applets and file manager most people associate with it. In GnuCash, the GNOME canvas is used to render the account register. The new gtkhtml widget is used to display (and print) reports. gnome-print is used directly to print checks. Preferences dialogs could not be effectively presented without the extra widgets that the gnome libraries provide. Using the gnome libraries gave us all of those capabilities with far less programming effort than they would have taken otherwise. Indeed, I personally expect that as time goes on GnuCash's user interface will take more and more advantage of the gnome libraries, and I am convinced that this is an entirely sensible decision. Installing the gnome libraries does *not* require users to stop using KDE, or any other window manager they choose to use. GnuCash will run fine on any Linux desktop, and we fully intend things to stay that way. Installing the libraries is just a matter of running rpm or dselect, or even using Helix's excellent gnome installer. The amount of disc space used is negligible. About the only problem is that running gnome apps and KDE apps at the same time might chew up RAM, but these days video cards come with 1000 times the memory than my first computer ever had. Of course, anybody who really wants to write a GNOME-free GnuCash (or any other example of the new generation of applications dependent on GNOME or KDE) is more than welcome to try. See you in a couple of years when you end up reimplementing a large proportion of the libraries you were trying to remove in the first place . . . ------------------------------------------------------------ Robert Merkel rgmerk@mira.net ------------------------------------------------------------ | ||
Date: Thu, 31 Aug 2000 16:04:21 +0200 From: Martin Cracauer <cracauer@BIK-GmbH.DE> To: letters@lwn.net Subject: Your GPL comments I think that LWN has an overly narrow view on the license problems mentioned at the beginning of issue August 31, 2000. The GPL is the only major license that narrows linking with other licenses. Your text implies that mixing licenses in general is bad; this is not the case, i.e. shipping BSD kernel with AFS would be no problem. I don't say that each clause in the "custom" licenses is good or acceptable, but that has to be decided by the individual user/binary-builder for the individual purpose. The real problem - as LWN rightly points out - is that linking may not be allowed even when all licenses of the parts are acceptable. However, this is just the GPL's fault. The GPL tries to eleminate all software that is not GPLed or can be made so. That is a problem for people like me who use much software under different licenses where none of the clauses is a problem for me (i.e. the formerly BSD advertising clause and many university licenses). Martin -- %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% Martin Cracauer <cracauer@bik-gmbh.de> http://www.bik-gmbh.de/~cracauer/ BIK - Aschpurwis + Behrens GmbH, Hamburg/Germany Tel.: +49 40 414787 -12, Fax. +49 40 414787 -15 | ||
Date: Wed, 6 Sep 2000 13:40:02 +0200 From: Davide Barbieri <paci@linuxcare.com> To: letters@lwn.net Subject: No open source company profitable? Hello, I read your comment about LINEO S1-filing and found a phrase that states: The combined open source/proprietary software business model is unproven. "We know of no company that has built a profitable business based on open source software." I can give you a very little example. In 1998 me and some friends founded Prosa, an italian company, which were forced to base its business only on open-source software (which means use, modify, develop, sell, etc. only free software). After one year of activity, Prosa has been acquired by Linuxcare Inc.. However, in its year of activity Prosa had a revenue of about 200.000US$, with a profit of about 10.000US$, after we payed taxes and our little salaries. These are not big numbers, but they were pretty good for a little company in its first year, which grew without any investment from VCs. And moreover, proved that a *pure* open source company, can be profitable. ciao -- Davide Barbieri, Direttore Generale, Linuxcare Italia, SpA. +39.049.80.43.411 tel, +39.049.80.43.412 fax paci@linuxcare.com, http://www.linuxcare.com/ Linuxcare. Support for the revolution. | ||