See also: last week's Back page page.

Linux Links of the Week

Tired of bloated executables? Have a look at A Whirlwind Tutorial on Creating Really Teensy ELF Executables for Linux on the MuppetLabs site. If you're determined, you can make them really small... (Thanks to Nicolas Pitre).

Section Editor: Jon Corbet

This week in history

The development kernel was 2.1.112; it was in the 2.2 feature freeze. 2.0.36 was in the prepatch stage; people were complaining because Alan Cox would not include patches to make gcc 2.8 and egcs compile it correctly (due to stability concerns).

Shipments of the international version of SuSE 5.3 were halted due to an unpleasant installation problem.

One year ago (September 16, 1999 LWN): a company called "Channel One Gmbh" registered the "Linux" trademark in Germany. Whatever their plans were, they didn't last long. Under great pressure, they caved in and signed the trademark over.

IBM's first "Red Hat Certified" laptop turned out to not run Linux very easily or well; see the lengthy instructions on how to make it go.

The development kernel was 2.3.18; this kernel saw the long-awaited integration of PCMCIA support into the mainline source tree. Linus also announced a feature freeze:

The feature freeze should be turning into a code freeze in another two months or so, and a release by the end of the year. And as everybody knows, our targets never slip.

It is, of course, one year (and quite a few new features) later...

Caldera 2.3 was released that week, as were LinuxPPC 1999 Q3 and Yellow Dog Champion Server 1.1. Corel put out its first call for beta testers for its upcoming distribution. And SuSE 6.2 got a review:

My view is that, if you study SuSE Linux, you'll see a revolution in the making that will devastate current hi-tech business models, causing a fundamental shift in the computing world. I found that Linux was the Aladdin's Cave of computing.
-- The Guardian.

Cobalt Networks surprised people by becoming the second Linux company to file for an IPO.

Letters to the editor

Date: Thu, 07 Sep 2000 11:09:02 +0200
From: Fred Mobach <fred@mobach.nl>
To: letters@lwn.net
Subject: Cuecat drivers

Hello,

In LWN of September 7 you noticed that

"The case appears weak, but the company has managed to get the :CueCat
drivers pulled down - for now".

But on Linux Today I found a talkback at
http://linuxtoday.com/news_story.php3?ltsn=2000-09-01-012-06-NW-CY where
is stated :

"Still available in Europe

You can find it here :

ftp://ftp.flashnet.it/mirror/8/linuxberg/files/console/network/cuecat-0.0.5.tar.gz

ftp://ftp.tuniv.szczecin.pl/dsk4/Linuxberg/files/console/network/cuecat-0.0.5.tar.gz

ftp://ftp.uakom.sk/pub/linuxberg/files/console/network/cuecat-0.0.5.tar.gz

ftp://ftp.datacomm.ch/.3/linuxberg/files/console/network/cuecat-0.0.5.tar.gz

ftp://ftp.sektornet.dk/mirrors/mirror.linuxberg.com/files/console/network/cuecat-0.0.5.tar.gz

ftp://ftp.uni-c.dk/mirrors/mirror.linuxberg.com/files/console/network/cuecat-0.0.5.tar.gz"

Regards,

Fred Mobach
fred@mobach.nl

From: "Lindenmayer, Louie L" <Louie.Lindenmayer@PSS.Boeing.com>
To: "'letters@lwn.net'" <letters@lwn.net>
Subject: Digital Convergence vs. FooCat
Date: Thu, 7 Sep 2000 11:02:57 -0700 

If a Linux driver is developed indepedently and released GPL'd because
the original developer was Windows-centric, then the original
developer threatens litigation against the Linux developers, will the
original developers be able to make a Linux driver that won't infringe
on the GPL'd code and would they have to prove it?

Could the original developer invalidate and usurp the GPL'd code on
the basis of 'illegal reverse-engineering'?

***************************************************
Louie L. Lindenmayer III
E/E WIRS SUPPORT - North
NEW --> (425) 266-8290 <-- NEW
http://wirs.ca.boeing.com

Date: Fri, 08 Sep 2000 10:52:36 -0500
From: Pete Flugstad <pete_flugstad@icon-labs.com>
To: stephens@cnet.com, letters@lwn.net
Subject: Re: Unix, Linux computers vulnerable to damaging new attacks

Mr Shankland,

  You missed a couple of points in your article:

  One, this particular bug is, to be blunt, "nothing new".  Anyone who
has spent ANY time at all programming in C is going to run into it or
something like it.  Since just about every major OS out there, including 
Linux, all Unix varieties, ALL MS Windows varieties, and just about every
RTOS (VxWorks, pSOS, etc), use C as the basic language, they are ALL 
vulnerable to this type of attack.  That's right, MS Windows, including 
NT & 2000, are vulnerable to this type of thing.

  The bug fundamentally stems from the nature of C programming, and the
printf (and related) library functions, used for printing out messages. 
Just about every program/OS out there uses a form of printf, EXTENSIVELY.
Just about all the text you see on your screen right now, window titles,
icon labels, menu entries, was created with printf at one level or another.
So, the fact that we haven't seen similar attacks on Windows is just because
no one has really tried... yet.

  Second, you miss the point of the Linux's open source license.  Since
it is open, and we have the source code, we CAN go through and audit the
code for this type of thing.  That is precisely what is happening here,
and it's why these are popping up now.  Previously, Unix/Linux was not a
large enough installed base for anyone to bother auditing the source, as
the number of targets for these types of attacks was not worth it for a
Cracker to bother with.  Now, as Linux and Unix are gaining popularity
because of their stability and usefulness as web/internet servers, it's
becoming important to do this type of security audit.

  Go ask MS if you can audit the 40+ million lines of Windows 2000 source 
code for bugs like this.  Don't blame me when they laugh you out of the 
building.  And don't believe them when they say they've done this already.
If Sun/IBM/HP have not yet done it with all the years they've had their
respective versions of Unix, there is no way MS has done in in the small
amount of time they've been shipping Win2k, with its millions of lines
of new code in the last 4 years.

Pete Flugstad
Sr. Software Consultant
Icon Labs

Date: Mon, 11 Sep 2000 13:22:30 -0400
From: David Wittenberg <dkw@cs.brandeis.edu>
To: letters@lwn.net
Subject: Profitable Open Source company

Cygnus support was created almost 10 years ago to provide support for
open source products.  John Gilmore told me that they were quite
profitable their first year, and I expect most years after that.  They
have since been bought by RedHat.

-- 
--David Wittenberg
dkw@cs.brandeis.edu

Date: Sun, 10 Sep 2000 04:58:25 -0600
From: Dylan Griffiths <Dylan_G@bigfoot.com>
To: letters@lwn.net
Subject: Confused about GPL comments.

	I was reading the 7th of September, 2000 LWN when I happened upon this
piece from Martin Cracauer <cracauer@BIK-GmbH.DE>:

"The GPL tries to eleminate (sic) all software that is not GPLed or can be
made so.  That is a problem for people like me who use much software
under different licenses where none of the clauses is a problem for
me (i.e. the formerly BSD advertising clause and many university
licenses)."

And I'd just like to say: the author of the code decides on the licence. 
They take the time to look, examine, and evaluate the licences.  The GPL
itself is not a sentient entity, nor is it a living entity.  It is not a
virus.  It is not anything organic.  It is simple a licence written by a
man, RMS, who wants to ensure that if you make big changes and distribute
them -- that you include the source so that you pass on the freedom to
modify you used in the first place.

Now, this may sound like I'm a GPL lover.  I'm not.  I just can't stand to
see licence bigotry by people who think that licences are living entities
which seek to 'infect' other programs.  That's just ludicrous.  If you don't
agree with that part of the GPL -- don't use the GPL.  And if you want to
link with a GPLed program, get one side to grant an exclusion for the other
side.  Instant legality without the "viral" nature.

-- 
    www.kuro5hin.org -- technology and culture, from the trenches.