[LWN Logo]

 Main page
 Linux in the news
 Back page
All in one big page

See also: last week's Back page page.

Linux Links of the Week

If you've not yet had enough real-time Linux for the week, the Real-Time Linux HOWTO should be able to fill in the gap. It is a comprehensive resource covering everything in the real-time area.

Tired of bloated executables? Have a look at A Whirlwind Tutorial on Creating Really Teensy ELF Executables for Linux on the MuppetLabs site. If you're determined, you can make them really small... (Thanks to Nicolas Pitre).

Section Editor: Jon Corbet

September 14, 2000



This week in history

Two years ago (September 17, 1998 LWN): Some people began to question the role that Richard Stallman was playing in the Linux world. An LWN article on the subject drew more hostile mail than anything else we have ever written. RMS is as uncompromising as ever, but somehow he seems less controversial these days (KDE "forgiveness" editorials notwithstanding). To an extent, that may be because his points on freedom have sunk in.

The development kernel was 2.1.112; it was in the 2.2 feature freeze. 2.0.36 was in the prepatch stage; people were complaining because Alan Cox would not include patches to make gcc 2.8 and egcs compile it correctly (due to stability concerns).

Shipments of the international version of SuSE 5.3 were halted due to an unpleasant installation problem.

One year ago (September 16, 1999 LWN): a company called "Channel One Gmbh" registered the "Linux" trademark in Germany. Whatever their plans were, they didn't last long. Under great pressure, they caved in and signed the trademark over.

IBM's first "Red Hat Certified" laptop turned out to not run Linux very easily or well; see the lengthy instructions on how to make it go.

The development kernel was 2.3.18; this kernel saw the long-awaited integration of PCMCIA support into the mainline source tree. Linus also announced a feature freeze:

The feature freeze should be turning into a code freeze in another two months or so, and a release by the end of the year. And as everybody knows, our targets never slip.

It is, of course, one year (and quite a few new features) later...

Caldera 2.3 was released that week, as were LinuxPPC 1999 Q3 and Yellow Dog Champion Server 1.1. Corel put out its first call for beta testers for its upcoming distribution. And SuSE 6.2 got a review:

My view is that, if you study SuSE Linux, you'll see a revolution in the making that will devastate current hi-tech business models, causing a fundamental shift in the computing world. I found that Linux was the Aladdin's Cave of computing.
-- The Guardian.

Cobalt Networks surprised people by becoming the second Linux company to file for an IPO.



Letters to the editor

Letters to the editor should be sent to letters@lwn.net. Preference will be given to letters which are short, to the point, and well written. If you want your email address "anti-spammed" in some way please be sure to let us know. We do not have a policy against anonymous letters, but we will be reluctant to include them.
Date: Thu, 07 Sep 2000 11:09:02 +0200
From: Fred Mobach <fred@mobach.nl>
To: letters@lwn.net
Subject: Cuecat drivers


In LWN of September 7 you noticed that

"The case appears weak, but the company has managed to get the :CueCat
drivers pulled down - for now".

But on Linux Today I found a talkback at
http://linuxtoday.com/news_story.php3?ltsn=2000-09-01-012-06-NW-CY where
is stated :

"Still available in Europe

You can find it here :








Fred Mobach

From: "Lindenmayer, Louie L" <Louie.Lindenmayer@PSS.Boeing.com>
To: "'letters@lwn.net'" <letters@lwn.net>
Subject: Digital Convergence vs. FooCat
Date: Thu, 7 Sep 2000 11:02:57 -0700 

If a Linux driver is developed indepedently and released GPL'd because
the original developer was Windows-centric, then the original
developer threatens litigation against the Linux developers, will the
original developers be able to make a Linux driver that won't infringe
on the GPL'd code and would they have to prove it?

Could the original developer invalidate and usurp the GPL'd code on
the basis of 'illegal reverse-engineering'?

Louie L. Lindenmayer III
NEW --> (425) 266-8290 <-- NEW

Date: Fri, 08 Sep 2000 10:52:36 -0500
From: Pete Flugstad <pete_flugstad@icon-labs.com>
To: stephens@cnet.com, letters@lwn.net
Subject: Re: Unix, Linux computers vulnerable to damaging new attacks

Mr Shankland,

  You missed a couple of points in your article:

  One, this particular bug is, to be blunt, "nothing new".  Anyone who
has spent ANY time at all programming in C is going to run into it or
something like it.  Since just about every major OS out there, including 
Linux, all Unix varieties, ALL MS Windows varieties, and just about every
RTOS (VxWorks, pSOS, etc), use C as the basic language, they are ALL 
vulnerable to this type of attack.  That's right, MS Windows, including 
NT & 2000, are vulnerable to this type of thing.

  The bug fundamentally stems from the nature of C programming, and the
printf (and related) library functions, used for printing out messages. 
Just about every program/OS out there uses a form of printf, EXTENSIVELY.
Just about all the text you see on your screen right now, window titles,
icon labels, menu entries, was created with printf at one level or another.
So, the fact that we haven't seen similar attacks on Windows is just because
no one has really tried... yet.

  Second, you miss the point of the Linux's open source license.  Since
it is open, and we have the source code, we CAN go through and audit the
code for this type of thing.  That is precisely what is happening here,
and it's why these are popping up now.  Previously, Unix/Linux was not a
large enough installed base for anyone to bother auditing the source, as
the number of targets for these types of attacks was not worth it for a
Cracker to bother with.  Now, as Linux and Unix are gaining popularity
because of their stability and usefulness as web/internet servers, it's
becoming important to do this type of security audit.

  Go ask MS if you can audit the 40+ million lines of Windows 2000 source 
code for bugs like this.  Don't blame me when they laugh you out of the 
building.  And don't believe them when they say they've done this already.
If Sun/IBM/HP have not yet done it with all the years they've had their
respective versions of Unix, there is no way MS has done in in the small
amount of time they've been shipping Win2k, with its millions of lines
of new code in the last 4 years.

Pete Flugstad
Sr. Software Consultant
Icon Labs
Date: Mon, 11 Sep 2000 13:22:30 -0400
From: David Wittenberg <dkw@cs.brandeis.edu>
To: letters@lwn.net
Subject: Profitable Open Source company

Cygnus support was created almost 10 years ago to provide support for
open source products.  John Gilmore told me that they were quite
profitable their first year, and I expect most years after that.  They
have since been bought by RedHat.

--David Wittenberg
Date: Sun, 10 Sep 2000 04:58:25 -0600
From: Dylan Griffiths <Dylan_G@bigfoot.com>
To: letters@lwn.net
Subject: Confused about GPL comments.

	I was reading the 7th of September, 2000 LWN when I happened upon this
piece from Martin Cracauer <cracauer@BIK-GmbH.DE>:

"The GPL tries to eleminate (sic) all software that is not GPLed or can be
made so.  That is a problem for people like me who use much software
under different licenses where none of the clauses is a problem for
me (i.e. the formerly BSD advertising clause and many university

And I'd just like to say: the author of the code decides on the licence. 
They take the time to look, examine, and evaluate the licences.  The GPL
itself is not a sentient entity, nor is it a living entity.  It is not a
virus.  It is not anything organic.  It is simple a licence written by a
man, RMS, who wants to ensure that if you make big changes and distribute
them -- that you include the source so that you pass on the freedom to
modify you used in the first place.

Now, this may sound like I'm a GPL lover.  I'm not.  I just can't stand to
see licence bigotry by people who think that licences are living entities
which seek to 'infect' other programs.  That's just ludicrous.  If you don't
agree with that part of the GPL -- don't use the GPL.  And if you want to
link with a GPLed program, get one side to grant an exclusion for the other
side.  Instant legality without the "viral" nature.

    www.kuro5hin.org -- technology and culture, from the trenches.


Eklektix, Inc. Linux powered! Copyright © 2000 Eklektix, Inc., all rights reserved
Linux ® is a registered trademark of Linus Torvalds