See also: last week's Back page page.

Linux Links of the Week

Have you ever come up with a good idea, but lacked the time to develop it? If so, check out ShouldExist, the page of Good ideas that are free for all. Read about using paper as a data storage medium and writing a markup language that encodes speech.

Section Editor: Jon Corbet

This week in history

One year ago The LWN staff was taking another much needed week off for vacation.

This year we decided to work a little harder, that way we won't have so many press releases to deal with next week.

Letters to the editor

From: Marko Samastur <markos@vidra.net>
Date: Thu, 16 Nov 2000 12:20:31 +0100
To: letters@lwn.net
Subject: KDE League

Hi,

I just wanted to make few remarks about KDE League. In editorial you 
wrote:

"That intent is clearly sincere, and no doubt the KDE developers are 
determined to make things turn out that way. But in a world where many 
of those developers are employed by League members, what is going to 
happen when the League starts to claim that its PR and marketing goals 
would be helped if certain development directions were taken? One can 
see a distinct potential for conflict."

No, one can not, if this one actually reads bylaws of KDE League. Board 
of directors, that will lead the whole thing, will have three kind of 
members. Companies can be either CE or CA members (depending on how 
much they pay) and there's also a developer community (KD). So, what do 
bylaws say about this board?

In section 4.1:
"...No person shall be qualified to become a director if such person is 
employed by or affiliated with any company or corporation which has 
appointed another director of the League."

This means that respresentatives of KDE community will REALLY be that, 
since they are not allowed to work for or be paid by companies that are 
part of KDE League.

In section 4.2:
"The directors shall have voting power on all matters to be voted on by 
the Board as follows. Each CE Director shall have five (5) votes. Each 
CA Director shall have one (1) vote. The KD Directors shall have an 
aggregate number of votes equal to the sum of (i) five (5) times the 
number of CE Members, plus (ii) the number of CA Members, such votes to 
be divided as nearly as practicable among them, with any remaining 
votes being conferred on the KD Directors in the order appointed by the 
KD Member."

This means, KD (KDE developers) will have exactly the same number of 
directors as companies. Together with 4.1 this makes them equal 
partners.

And then there's section 4.7:
"At all meetings of the Board of Directors one-half of the entire Board 
(rounding upwards in case of an odd number of directors) shall 
constitute a quorum for the transaction of business. The vote of 
two-thirds (rounding downwards in case the number of directors is not 
evenly divisible by three) of the votes of the directors present at a 
meeting at which a quorum is present shall be the act of the Board 
unless the Certificate of Incorporation or these Bylaws shall require a 
vote of a greater number...."

This effectively means that no half of directors could simply out-vote 
the other half, because every action needs at least 2/3 majority vote.

I think it's clear that your fears are not justified.  

Kind regards,

	Marko

Date: Thu, 16 Nov 2000 13:18:06 +0100
From: fermigier <sf@fermigier.com>
To: lwn@lwn.net
Subject: KDE League vs Gnome Foundation.

Hi,

For the first time in 2 1/2 years, I do not agree with one of your analyses
when you say " Not stated, but clearly implicit, is that each is promoting
its system in competition with the other. The KDE League is not (at this
point) promoting KDE over Windows, and it is not (they say) influencing
development. Its target, for now at least, is GNOME." I haven't seen
this message in the announcement of the KDE league. The Gnome foundation,
when it announced its existence last summer, has probably been a little
too far, and the media has pushed the story even farther. I don't
think the Gnome Foundation will play that angle ever again, since this
was certainly not well perceved but the community (cf.
http://www.linux-mandrake.com/en/pr-kgwar.php3).

And by the way, I fully support the 6 companies who chose to belong to both
organisations (of course, there a companies like Troll Tech or Helix who
have no interest in the other toolkit, so I can't blame them), and I hope
that they will be able to prevent last August's PR mess from happening
again.

Cheers,

	S.

-- 
Stéfane Fermigier, Tel: 06 63 04 12 77 (mobile).
Portalux.com: le portail Linux.
"How will Microsoft develop Windows 2015? Hire 1 million programmers and
2 million code scrubbers?" Business Week

Date: Fri, 17 Nov 2000 11:41:42 -0500
From: andrew@pimlott.ne.mediaone.net
To: lwn@lwn.net
Subject: Trouble with modutils

LWN wrote:
> The problem is interesting to look at, since it shows how hard it can
> be to get things right. 

It's only "hard to get right" if you adopt the Unix attitude that even
critical facilities should be half-ass designed, underspecified, and
poorly documented.

Consider the following, each a shortcoming on its own, and a horror in
combination (for modprobe, I am refering to versions prior to this
incident):

- There is no consistent policy for whether a non-privileged user should
  be able to cause modules to be loaded, and if so which modules.
  modprobe does not permit non-privileged users do anything, while the
  kernel thinks they should be able to load any module.
- The kernel does not pass enough information to modprobe for modprobe
  to know which user caused the request, why the request was made, or
  whether the request is "tainted".
- modprobe does not offer any facilities for controlling what modules
  may be autoloaded (as opposed to explicitly loaded).
- The kernel fails to use the standard GNU getopt end-of-arguments flag
  "--".
- modprobe offers no way to disable pattern expansion

Probably the safest policy would be "no autoloading, period".  This is
in fact a quite workable policy for most systems.  Needed modules could
be added to a list by installers, by configurators, or by hand.  PCMCIA
and hotplug daemons would explicitly load drivers for detected devices.

Another reasonable policy would require autoloadable modules to be
listed in modules.conf.  Another would be that only "well-known" modules
(and module aliases) could be autoloaded, where well-known is a boolean
argument passed from the kernel to modprobe.  Standard modules like
"sunrpc" would be "well-known", but module names coming directly from
non-privileged users would obviously not be.

> The sad truth is that validating user input is hard

This is a meaningless sentence in this context.  There is no such thing
as validating when ther is no agreement about what should be allowed.
Given such an agreement, validation should not be hard at all.

Andrew

Date: Tue, 21 Nov 2000 23:17:35 +0100
From: "Michael Thayer" <thayer@web.de>
To: letters@lwn.net
Subject: Modular kernel

Hello,

This is a slightly late letter about your discussion a month ago of the
possibility of modularising the kernel.  You said that the main argument
against was that too much compatibility code would get left in the kernel.
However, I don't quite follow the problem - I think that interfaces would
be expected to remain stable within stable kernel versions, but I'm sure
that no one would expect the same interface to remain from say 2.6 to 2.8.
Most free programs compile on about twenty different operating systems - is
it too much to ask for kernel componants to compile for two or three
different kernel versions?

Regards,

Michael Thayer
_______________________________________________________________________
1.000.000 DM gewinnen - kostenlos tippen - http://millionenklick.web.de
IhrName@web.de, 8MB Speicher, Verschluesselung - http://freemail.web.de

Date: Fri, 17 Nov 2000 21:04:51 GMT
From: Duncan Simpson <dps@io.stargate.co.uk>
To: letters@lwn.net
Subject: "Designed" software vs. grown software

You fail to point out that a lot of software which grows organically
sometimes gets a clean design during upgrade. In particular the
maintaner decides that some hack is one feature too far for the
present design and cleans up the code before adding the feature. (IN
particular in development versions, which are not nescarily visible,
for example I know of a clean version of word2x (which is on my box
right now)).

Of course, some software just gets featuritis and dies when the design
proves insufficient. I perosnally think that open source software is
more likely to get the proper redesign by someone than commercial software
The fetaure the marketing department wants gets there faster by
going via the dirty and bug producing route. Experience has thaught me
than an imposed external design can be a big mistake... shall I say that
it is the difference between ~50K overhead and working programs (what I
have now) with a lot more overhead and dud programs (what the previous
design got to, before it died).

I could cire other example, for example the move in checkps from hairy
toilet roll section to a nicer version with that code moved into a
library. I am sure plenty of other programs could tell a similar tale.

Duncan (-:

Date: Thu, 16 Nov 2000 20:30:58 +0530
From: Ramakrishnan M <rkrishnan@ti.com>
To: letters@lwn.net
Subject: Netscape 6...it's not for me.

Hello
      I had been following the development of Mozilla, and had been using it
from M6 onwards. I have also tried using the infamous PR releases of Netscape.
As the several postings at different places showed, people are not happy with
the new installation style of Netscape 6. I had never succeeded in installing
the PR releases as well as the final release of Netscape 6. Though there are
proxy settings, it simply does not work for me.(I do not know why). There may
definitely be work arounds. But it was annoying for me, and after several
unsuccessful attempts, I aborted the mission. As a loyal Netscape user, I am
still using 4.5 version(under Windows NT 4.0), and obviously am not happy with
it. I feel GNU/Linux still lacks a best-in-class browser. Netscape fonts sucks,
and the brand new Mozilla renders things too slowly, and also crashes too
often. We need a better solution to progress. It's a shame if the Free Software
community did not come up with a better solution, and show the world once
again, that they can outperform the best!

cheers
--                    
Ramakrishnan.M           | Voice over Packet Group
Software Design Engineer | Texas Instruments, India

Date: Thu, 16 Nov 2000 09:38:12 -0800 (PST)
From: "Robert A. Knop Jr." <rknop@pobox.com>
To: letters@lwn.net
Subject: I'm alarmed about LinDVD

   [Note: this is longer than most letters to the editor on the back
   page, but it is something that I believe needs to be pointed out as
   often as possible.  If this is too long for the Back Page, and if you
   have a place for "Op Ed" pieces, please consider this as a submission
   for that forum.]

I alarmed about LinDVD-- not its existence, which many celebrate, but
rather what it represents as the latest development in a larger alarming
situation.  The article which LWN Daily pointed to on November 16 itself
was alarming in its assumed attitudes about commercial and open source
software.  I was surprised that there were no editorial comments in the
LWN Daily link; I can't wait to see what is said about it in the next
full release of LWN.

In the "good old days," some pieces of hardware were not supported by
Linux because the companies who produced the hardware refused to release
information necessary to write drivers for them without an NDA that
would permit distribution of those drivers.  Eventually the company
might come to its senses, or some open-source hacker might
reverse-engineer the thing well enough to release a driver that would
work pretty well.  By and large, though, Linux users learned to avoid
hardware from clueless companies, and to buy hardware from companies
that released the information Linux hackers needed to write drivers for
their hardware.  Although this would often limit options, there were
other products available to solve the same problem.  For instance, there
was a period when many new laptops were using the neoMagic graphic
chipset, but the information necessary for an XFree86 driver wasn't
available.  But even then, there were other laptops availble to Linux
users.

Even today, when many commercial interests consider Linux support a
worthwhile investment, a dichotomy exists.  Consider, for instance, 3d
video cards.  You can get what are reported to be very good Linux
drivers for NVidia cards-- but they're proprietary drivers, available
(if I'm not mistaken) in binary form from the vendors.  This leads
"Linux Journal" in a recent article to recommend a lower-performing
Matrox or 3dfx card over the NVidia card. Matrox and 3dfx have a clue
and give out the information necessary to develop truly open source and
free drivers for their cards (LJ, November 2000, p. 82).

In industries where you have a choice between different pieces of
hardware, or different solutions to the same problem, this is fine.
Many Linux users are happy to sacrifice a bit of performance, which in
many cases they won't even notice, for better (or even philosophically
preferable) support of their hardware.  With DVD, we've got a whole new
ugly trend arising.  Now, it's not individual hardware manufacturers who
are refusing to play nice: it's the very format!  LinDVD is trumpeted as
a "legal" DVD player.  But it's not free, it's not open source.  You
can't look at the source code, and it's not going to go into a lot of
distributions.  I don't know if it will even be free in the "free beer"
sense of the word.  When there is an open source effort to play DVDs on
Linux, its writers and distributors face legal penalties; the article
linked to by LWN about LinDVD labels them as "Unibomber" types.

This is where laws such as the DMCA have taken us.  The very act of
trying to create an open source driver for a whole class of increasingly
popular devices is now compared to a terrorist act-- and, alarmingly, a
lot of public opinion (or at least media spin opinion) seems to be
agreeing with this patently ridiculous idea.  This should scare open
source advocates much more than Microsoft's latest overt maneuverings,
and much more than incompatabilities and advertising sidebars in
Netscape 6.  DVDs are hugely popular, but it looks like Linux will
always and forever more be beholden to commercial software vendors to
play them-- not for technical reasons, but for legal reasons!

If the stupid laws like the DMCA are going to stand despite how contrary
they are to the concepts of freedom on which the USA was putatively
founded, Linux users really have only two choices.  Admit defeat and
surrender to the proprietary commercial forces that many in the
community have been resisting for so long, or boycott DVDs altogether.
The latter will be difficult, because the format is the only game out
there in its performance class, and because DVDs are becoming hugely
popular.  But the MPAA stranglehold on the *format*, which seems to
prevent even the possibility of free drivers, is unacceptable.

Alas, if only the freedom of Linux were receiving as much press as the
"Microsoft alternative" aspects of Linux.  If it were, then it might
conceivably be practical for a company or consortium to develop a viable
alternative to DVD with equivalent convenience and performance
characteristics.  This new format could have its formats and standards
released openly.  Linux *could* support that, and so could Windows, and
so could stand-alone players.  With a lot of luck, that format might
take off; the shortsighted over-legalistic power-grabbing policies of
the folks behind DVD would send it spiraling the way of DIVX.

I realize, of course, that I am dreaming.  If only the popular media and
the population at large understood the issues of freedom that were truly
at stake, and if only they understood the difference between software
pirates (who want to steal others' work) and open source developers (who
merely want the ability to choose how they play and use the DVDs that
they already leagally own).  Never mind understanding the difference
between open source developers and mail bombing terrorists!

In the real world, DVDs almost certainly represent a turning point for
Linux.  In the past, there were only technical reasons for our not
having a fully functional Linux desktop (e.g. because nobody had written
a full featured open source WYSIWYG word processor).  Technical reasons
could in principle be overcome, and it's clear that most of the
technical reasons that used to beset Linux are currently being overcome.
However, henceforth it is going to be illegal in the USA to have a fully
functional Linux desktop, because nobody will be ALLOWED to legally
write an open source DVD reader.  What else is going to fall into this
category after the DVD?  How many open source devlopers are going to go
to jail under the DMCA and similar government-supplied blunt instruments
for big business before we all give up and admit defeat?

This is highly tragic.

-Rob Knop
rknop@pobox.com