Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise
news for all interests
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page
Other LWN stuff:
Archives/search
Recent features: Here is the permanent site for this page. See also: last week's LWN.
|
Leading items and editorialsThis week's LWN is a little earlier and lighter than usual due to the Thanksgiving holiday in the U.S. We'll be back at the regular time next week. On legal DVD players for Linux. This week CNN ran an article (from IDG) entitled "Legal Linux DVD player on the horizon". We got some grief from our readers for passing through that headline unchallenged. At the time we were just pointing out the article for those who might like to see it. But, in fact, it contains a number of interesting assumptions that should be looked at. The first, of course, is that of "legality." The LinDVD player from Intervideo mentioned in the article is certainly a legal good; it also happens to be licensed to decrypt DVDs. The problematic claim is that it is the first legal DVD player for Linux. The illegality of DeCSS (and players built using it) has not really been established even in the U.S., much less in the rest of the world. Assuming that the courts will eventually see reason, calling DeCSS illegal is, at best, a misunderstanding of the situation. The article also suggests that, had LinDVD been available earlier, DeCSS might never have been developed. That could only be true if LinDVD were released as free software, which is certainly not the case. It is not sufficient to have a proprietary DVD player available; such a player lacks the freedom component. Why should Linux users accept a player that, in all likelihood, enforces the region code system, does not allow excerpting of films onto disk, and so on? Free software is about freedom from restrictions on what we can do with our own computers. It is also hard to imagine a Linux DVD player that would not get reverse engineered in detail in a very short period of time. A little time spent with gdb would extract most of the secrets there were to find. The availability of a proprietary Linux DVD player may have, indeed, hastened the development of DeCSS, rather than hindered it. The lesson from all this is that the free software community still has some educating to do. As long as the trade press can put out articles like this one without a second thought, we have not gotten our point across widely enough. Of course, examining one last statement from the article shows that things are even worse than that: Though Intervideo is "trying to be the good guys" when it comes to copyright protection, [Intervideo VP Joe Monastiero] said that DeCSS was probably an inevitable development because of the "Unabomber types" who exist at the fringe of the computer world. Mr. Monastiero, who would like to sell proprietary software to the Linux community, has chosen to do so by comparing Linux hackers to a technophobic nutcase who pursued his agenda by mailing letter bombs to college professors. That is, one might say, a little discourteous. But the fact that he could get a quote like that printed unchallenged in a major news outlet shows that much of the world still has not figured out what free software means. But there will come a time when the true fringe will belong to proprietary software vendors who express public contempt for their users. LWN Comdex coverage. LWN folks Forrest Cook and Rebecca Sobol attended the Linux Business Expo and have written up their experience in detail. Check out the report for an interview with Caldera Systems CEO Ransom Love, a meeting with the iRobot, a look at the Linux-powered plotter made out of Lego blocks, and more. Corel may be leaving the Linux business. Much press has resulted from Corel CEO Derek Burney's offhand comment that Corel may sell its Linux operation to some other company. In fact, very little is known about what Corel might really do, and a number of other alternatives are apparently under consideration. We will have to wait to see what Corel ends up really doing. Nonetheless, it's interesting to look at this situation. Corel's move into Linux was widely considered to be a good thing for the company and for Linux both. Corel would get to ride the growing Linux wave and would have a new weapon in its continual fight with Microsoft. The Linux world would get a well-known corporate name, development support, and a distribution that would put Linux on the corporate desktop. So what went wrong? Corel, certainly, was over-optimistic in its projections of how quickly users would adopt desktop Linux. What Corel was offering was not what many customers wanted. Yet another easy installer is a nice thing, but there are plenty of those. Selling desktop systems required providing a set of solid, well-integrated applications. Corel had hoped to fill that role with its proprietary programs, but they increasingly look like too little, too late. Corel also set its hopes on software sales, which is an increasingly hard revenue model in the Linux world. Almost every other company operating in the Linux arena is looking for revenue sources that do not involve straight sales of software. Corel may be the real proof that the era of software as a product is coming to an end. Linux will find its way onto the mainstream desktop, and sooner than a lot of people expect. But it is looking like Corel will not be the agent that brings it there. Celeste Amanda Torvalds was born Monday evening - congratulations to Linus and Tove! Inside this week's Linux Weekly News:
This Week's LWN was brought to you by:
|
November 23, 2000
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Security page. |
SecurityNews and EditorialsWhy Cover BSD?. One question that has been asked of us a few times is why we cover BSD security reports in LWN, including FreeBSD, NetBSD and OpenBSD. After all, LWN is dedicated to the Linux community, right? Well, in many ways, our community is the Free Software and Open Source community, to which the BSD operating systems definitely belong. So reporting on BSD is not totally outside our mandate. On the other hand, it could be quickly pointed out that other Free Software operating systems exist that we don't cover. So why BSD? Well, aside from the kernel of the operating system, there is a tremendous overlap in applications between BSD and Linux. The shared Unix legacy guarantees that will continue. That means that a reported problem under OpenBSD or FreeBSD may very well impact one or more Linux distributions, if not all of them. So reporting BSD problems can give a heads-up of potential Linux problems. Of course, there are Free Software applications that overlap with other operating systems, both Free and commercial. Yet we don't cover those. So why BSD? We've made no secret of our respect for the security work done by the OpenBSD team and their aggressive, pro-active stance on fixing bugs. We've encouraged Linux developers to review and learn from that work. We like the work that FreeBSD has done to improve its own security, including producing good quality advisories, with well-organized information. Yet that alone would not necessarily justify covering all BSD alerts. In the end, it is the sum of those qualities above that has inspired our choice to include BSD. It is part of our goal to encourage cooperation and collaboration between Free operating systems based on the Unix model. BSD reports are sometimes the first report of a problem that we see, which may well impact Linux systems. Once we've covered some BSD reports, it seems best to provide consistent coverage, to allow people in the BSD community to benefit from the synthesis as well and to encourage free sharing of information between Linux and BSD security experts. Most importantly, we don't want Linux to fall behind (or stay behind, depending on your perspective) the BSD operating systems when it comes to security. A healthy competition will hopefully inspire and produce better security for both Linux and BSD. So for now, we'll continue to intermix BSD reports with the Linux reports. Whether you agree or disagree, you're always welcome to drop us a note to let us know what you think. Forget your password -- fingerprint scans more and more common (Techserver.com). Biometric scanners are the subject of this Techserver.com article, which speaks of their growing use. "I think people are a little bit suspicious that there will be some national database that will be put together and people will be tracked. I think that's a false fear," said James L. Wayman, an engineering professor at San Jose State University and former director of the U.S. National Biometric Test Center.
November CRYPTO-GRAM newsletter. Bruce Schneier's Crypto-Gram for November is out. It covers digital signatures, the cracking of Microsoft, and various other security-related topics. Wietse Venema receives NLUUG award. The board of the Netherlands Unix User Group NLUUG has chosen Wietse Venema as the recipient of their NLUUG 2000 award. "Wietse Venema receives this award as a token of appreciation for his many contributions to the community of Unix and open systems. Wietse's best known work has been targeted at improving the security of Unix systems in an internet environment. Amongst other things, he is the co-author of the security analysis tool "Satan". He is also the main author of "Postfix", a replacement for the notorious (security-wise) "Sendmail" program. His most recent work encompasses a toolkit for analyzing system status after an intrusion." New Zealand Anti-Hacking Bill Faces Select Committee (Newsbytes). Those of you interested in security-related legislation outside of the U.S. or Europe may want to check out this Newsbytes article on proposed legislation in New Zealand. "A planned amendment to New Zealand's crime bill that would outlaw malicious hacking for the first time - while also controversially allowing security services the freedom to hack into citizens' computers and intercept e-mail and faxes - has passed through to the Government's Law and Order Select Committee". Security Reportscups. Two problems were reported with CUPS, the Common Unix Printing System. The first problem allowed printers served by CUPS to be accessible from anywhere on the Internet. A second bug caused CUPS to broadcast to everywhere, keeping open dial-on-demand lines. The Linux-Mandrake advisory below was our first sighting of the problem, but does not indicate whether or not this was discovered internally or reported externally.This week's updates: Vixie cron problems. Systems using vixie cron where the /var/spool/cron directory is given permissions 755 are vulnerable to a symlink attack that can be exploited to allow the execution of arbitrary commands. Check Michal Zalewski's original post or BugTraq ID 1960 for more details.Debian systems and systems where vixie cron has been installed manually appear to be the most likely to be vulnerable. A workaround is to reset the permissions on /var/spool/cron to 700. This week's updates:
joe symlink vulnerability. A symlink vulnerability in the joe editor was reported this week (and a slight correction to the original report as well).This week's updates: ethereal buffer overflow. A buffer overflow in the ethereal network protocol analyzer was reported this week. The buffer overflow is very similar to the recently reported buffer overflow in tcpdump. ethereal 0.8.14 was released this week with a fix for the problem.This week's updates: gnomehack buffer overflow. An exploit for gnomehack was published this week. It uses a buffer overflow in gnomehack to gain egid games (presuming gnomehack is setgid games). It was commented that this same vulnerability likely exists in nethack as well. Check the SecurityPortal Linux Security List for the published exploit.FreeBSD deny_incoming problem. FreeBSD reported a problem with ppp under FreeBSD only, where the behavior of the ppp code is inconsistent with its documentation. In particular, the use of deny_incoming is likely to produce unexpected, and potentially unfortunate, results. A patch to correct the problem is provided, though it is also recommended that a true packet filter be used instead.cgi-bin scripts. The following cgi-bin scripts were reported to contain vulnerabilities:
Commercial products. The following commercial products were reported to contain vulnerabilities:
UpdatesLocal root exploit problem in modutils. Check last week's Security Summary and Kernel Page for the original report and details.Modutils 2.3.20 was released this week. This version fixes the various local root compromise vulnerabilities found in all recent versions of modutils; an upgrade is recommended - even if you just upgraded to 2.3.19, which only fixed some of the problems. Expect the distributors to come out with packaged versions shortly. This week's updates:
Hostile server vulnerability in OpenSSH. Check the November 16th LWN Security Summary for details. Upgrading to 2.3.0 is recommended.This week's updates: Previous updates:
BIND 8.2.2-P5 denial-of-service. A denial-of-service vulnerability was reported in BIND 8.2.2-P5. Check the November 9th LWN Security Summary for the initial report. BIND 8.2.2-P7 was released last week with a fix for the problem.This week's updates: Previous updates:
Netscape 4.75 buffer overflow. First spotted via this FreeBSD advisory and reported on November 9th, a buffer overflow in Netscape 4.75 enables a client-side exploit. Check the November 9th LWN Security Summary for our original report. Netscape 4.76, which was released on October 24th, fixes the problem.This week's updates: Previous updates:
vlock vulnerability. Originally reported in the November 9th LWN Security Summary, vlock, a virtual console locking problem, was reportedly unlockable by an unprivileged user. Wichert Akkerman dropped us a note this week to confirm the problem, but only when pam_pwdb was used. Debian, for example, uses pam_unix and is therefore not vulnerable.This week's updates:
quake server denial-of-service. Check the November 9th LWN Security Summary for the original report (or BugTraq ID 1900). This week, ProQuake 1.02 was released with a fix for this problem.Multiple buffer overflows in tcpdump. Multiple buffer overflows in tcpdump were reported in our November 2nd edition.This week's updates: Previous updates:tcsh symlink vulnerability. A /tmp symbolic link vulnerability was reported in tcsh on October 29th. Check BugTraq ID 1926 for more details.This week's updates: Previous updates:
curl buffer overflow. A buffer overflow in curl, a command-line tool for getting data from a URL, was reported in October.This week's updates: Previous updates:
Format string vulnerabilities in PHP. Check the October 19th LWN Security Summary for the original report. PHP 3.0.17 and 4.0.3 contain the fixes for these problems.This week's updates: Previous updates:
Pine/IMAP buffer overflow vulnerability. Check the October 5th LWN Security Summary for the initial report. Pine 4.30 contains a fix for the problem. Note, some of the updates below contain only pine updates, while others include both pine and imapd updates.This week's updates: Previous updates:
thttpd exposes world readable files. Check the October 5th LWN Security Summary for the original report. This week's updates: mgetty temporary link vulnerability. Check the August 31st Security Summary for details. An upgrade to mgetty 1.2.22 should fix the problem. This week's updates: Older updates:
man/makewhatis vulnerability. A /tmp file vulnerability was reported in makewhatis versions 1.5e and higher. Check the July 6th LWN Security Summary for the original report.This week's updates: Previous updates:
ResourcesCERT Summary. The November 20th CERT Summary has been published. rpc.statd and ftpd lead the list of problems which continue to be actively exploited, while the recent bind problems have been added to the list, even though no reports of their exploitation have been received yet. Weekly Security Tools Digest (SecurityPortal). For updated security tools, a good place to check would be SecurityPortal's Weekly Security Tools Digest. EventsUpcoming security events.
For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net. Section Editor: Liz Coolbaugh |
November 23, 2000
LWN Resources | ||||||||||||||||||||||||
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Kernel page. |
Kernel developmentThe current development kernel release is 2.4.0-test11. The -test11 release was announced on November 19; it contains a great many fixes. Among other things, a longstanding PCMCIA problem has been fixed; with luck, the much-maligned 2.4.0 PCMCIA implementation is finally stabilizing. In general, 2.4.0 is getting closer to a releasable state. There is no 2.4.0-test12 prepatch available as of this writing. Alan Cox has come out with 2.4.0-test11-ac1 which contains a whole set of fixes that, for one reason or another, have not yet made it into the official Linus tree. The current stable kernel release is still 2.2.17. The 2.2.18 prepatch is up to 2.2.18pre22. Some outstanding issues remain, so the 2.2.18 prepatch series is not done yet. Riding the elevator. Discussion of the Linux elevator algorithm resumed this week with this posting complaining about occasional request starvation. That seems like as good a cue as any to look at how the 2.4.0 elevator works, so... The job of the elevator is to sort I/O requests to disk drives for maximum performance. These algorithms have traditionally worked by keeping the disk head moving in the same direction for as long as possible, in a way similar to the way normal building elevators work. Sorting requests in this way, it is hoped, minimizes head movement (which is expensive) and insures that every request will be satisfied within a reasonable time period. The Linux elevator does not currently work quite this way - and it occasionally produces results that are similar to those of the elevators in Les Suites at the Ottawa Linux Symposium. Whether you are a pending disk I/O request or an OLS attendee heading to dinner, starvation is a real possibility. The problem on the Linux side is twofold. The first is that the system currently does not use a pure elevator; it will put requests with a low sector number at the top of the queue regardless of the current head position. Doing things this way was a deliberate design decision. The second problem is one of simple tuning of the code which is intended to prevent starvation. Every request in the queue contains a sequence number; every time that request is passed over (another request is put ahead of it) that sequence number is reduced by one. When the sequence number reaches zero, the request has waited too long and will have no other requests placed in front of it. That should be sufficient to prevent request starvation, except that the default sequence numbers in 2.4.0-test11 are 1,000,000 for read requests, and 2,000,000 for writes. By the time an I/O request is passed over a million times, it will have been waiting for a very long time. Help is available in the form of the elvtune utility, written by Andrea Arcangeli. elvtune was added to the util-linux package in version 2.10h. For now, the only thing you can do with elvtune is query the read and write latencies (default sequence numbers) and set them; Andrea recommends values of 500 and 1000, respectively. The longer-term plan is clearly to make it possible to plug in different elevator algorithms entirely, but that has not been implemented at this point. For most system loads out there, playing with the elevator parameters will not change things much. The system must be generating enough I/O requests to create a reasonably full request queue, and those requests must be spread out over the disk. Big, busy servers may well benefit from elevator tuning; the typical desktop user will be hard put to see a difference. LWN did some highly scientific tests to try to determine the effects of elevator tuning. They were: (1) build the kernel with make -j 10, (2) copy a 1GB file, and (3) compare the 1GB file and its copy. The results were as follows:
The results, clearly, are mostly in the noise, with one interesting exception. With the latencies set to zero (essentially disabling the elevator) the compare operation went much faster. (Those wanting to install elvtune will likely have to build it by source, since a number of distributions have a version of util-linux which is too old to have it. The source is available from kernel.org. Beware, though, that completely reinstalling util-linux has a high probability of breaking your system if you are not careful; it's probably better to build and install elvtune only).
O'Reilly launches new Linux kernel book. O'Reilly and Associates has announced the availability of Understanding The Linux Kernel, by Daniel P. Bovet and Marco Cesati. A look at CML2. Eric Raymond's CML2 language is intended, by Eric at least, to replace the current kernel configuration and build system in the 2.5 development series. The busy folks down at LWN Labs finally got it together to pull down cml2-0.8.3 from the CML2 site and give it a try. Eric has publicly expressed a desire to see more people playing with the CML2 system. A this stage, however, it isn't really set up for casual experimentation. The CML2 tarball unpacks into a directory full of Python code and a basic README file. People accustomed to kernel add-ons might expect a patch that can be applied to hook CML2 into an existing kernel tree, but no such thing exists. For now, CML2 has to be run separately, with the resulting configuration file being copied into a kernel tree for building. The process starts with a 2800 line kernel-rules.cml file describing all of the various kernel configuration options and how they relate to each other. It's fairly dense stuff, if you dig into it. A brief example: menu eth_3com_drivers # 3Com Ethernet cards EL1? EL2? ELPLUS? EL16? EL3? ISA3C515? ELMC? ELMC_II? VORTEX? APOLLO_ELPLUS?Most people are unlikely to want to venture too far into this file - but then, very few people were interested in messing with the old Config.in files either. The first step is to compile this file into a binary format for the other tools. This process took about 30 seconds on a Pentium 450 system - long enough that some people will certainly complain. Then you can run the cmlconfigure program, which will actually take you through the options and build a kernel configuration. This program supports the customary three modes of configuration - simple TTY mode, curses menu mode, and a graphical, window-oriented mode. It does not appear to have an equivalent of the important "make oldconfig" mode, however. cmlconfigure needs some work. It has 15 options but no documentation of what they do (update: there is a cml2.sgml file with documentation that your inept editor missed the first time through). It complains if you don't specify a "macro file," but it's unclear what such a file would do. The graphical mode continually resizes its window, and requires a lot of "back" navigation. The defaults on many of the options make little sense. And so on - all stuff that can be worked out without too much trouble. It produces a perfectly fine kernel configuration file at the end. CML2 has most of what it needs to become the new kernel configuration scheme once the 2.5 series starts. The main thing remaining at this point is a Makefile patch that will enable prospective users to simply plug it in and type make config. And a bit of user interface work. Once it's easy to play with, people will see that it simply works and the only remaining issue will be whether certain kernel hackers will be able to get over having a Python-based tool in the kernel build process. Other patches and updates released this week include:
Section Editor: Jonathan Corbet |
November 23, 2000 For other kernel news, see: Other resources: | ||||||||||||||||||||||||
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Distributions page.
Lists of Distributions |
DistributionsPlease note that security updates from the various distributions are covered in the security section. New DistributionsBasicLinux. BasicLinux is a multi-purpose mini-Linux that boots from CDrom, hard drive, or floppy (both 3.5" and 5.25"). The 2mb package provides the usual rescue/repair tools, but it can also dial an ISP and browse the net, or act as a router/firewall. BasicLinux provides a lot of functionality in a small footprint, and it would be a good introductory Linux "for a DOS dinosaur". New kid on the embedded Linux block. LinuxDevices covers Esfia, a Taiwan-based embedded Linux software company and its RedBlue Linux operating system. "The Esfia RedBlue Linux operating system is an 'embedded Linux' distribution that will pave the way for future wireless communication solutions. Derived from the pre-release Linux 2.4 kernel, Version 1.0 of RedBlue Linux will include plug-and-play USB support and other features of importance to the rapidly emerging embedded Linux marketplace". General-Purpose DistributionsLinux-Mandrake News. Da Linux French Page (linuxfr.org) has put up an interview (in French) with several folks from MandrakeSoft. The interview is long (some 50 questions) and covers a wide range of topics. A partial English translation is available via Babelfish. SuSE Linux News. SuSE Linux AG announced that SuSE Linux 7.0 Professional Edition has received the "Best Server Solution" award in the 2000 Penguin Playoffs competition hosted by Linux Journal magazine. SuSE Linux 7.0 Professional includes preconfigured installation packages for creating Linux servers for web, print, email, and databases, as well as an extensive set of applications to support networking and Internet functions. ComputerWeek is carrying a German language interview of SuSE CEO Roland Dyroff. It covers mostly business-oriented issues. English text is available via Babelfish. Red Hat News. Compaq Computer Corp. announced the availability of ProLiant servers pre-installed with Red Hat Linux 7.0 on the ultra-thin ProLiant DL360 and the ProLiant ML330 server models. Debian News. Debian was mentioned in a couple of awards this week, including its receipt of the Readers' Choice in the Infrastructure category at the Web Tools 2000 Conference and Exposition. Debian was also mentioned when VA Linux Systems announced they had won the 2000 Linux Journal Editors' Choice award for 'Best Web Server' with its VA Linux 2200 server running Debian GNU/Linux. Debian news tidbits this week include the announcement of the new Debian help site, where you can ask questions and receive answers, and a contest for the best logo for the Debian Jr project. For more Debian news, check out the Kernel Cousin Debian for November 16th and the Kernel Cousin Debian Hurd for November 15th. Due to our early publishing schedule, the Debian Weekly News for this week is not yet available. Slackware News. The Slackware development tree changelog shows a generous helping of library fixes this week, including glibc and ncurses. LibraNet 1.8.1 released. Jon Danzig dropped us a note to let us know that LibraNet 1.8.2 was available and now contains KDE 2.0 and Mozilla M18, among other goodies. LibraNet is based on Debian GNU/Linux. Embedded Linuxe-smith Server and Gateway. e-smith, inc announced that the e-smith Server and Gateway, the company's flagship product, has edged out over 500 applicants to be selected as one of only 60 innovative products to be reviewed at the CRN Test Center at COMDEX Fall 2000 in Las Vegas. The e-smith server is based on a customized version of Linux. Mini/Special Purpose DistributionsCoyote Linux News. Coyote Linux v1.22 has been released and is now available. This is a bug fix release and represents the latest stable release of Coyote. floppyfw News.
We received a note from Thomas Lundquist Linux for Windows. Macmillan USA announced Linux for Windows. Linux for Windows is based on Linux-Mandrake 7.2, and provides users web browsing, email and a full suite of office software with K Office. Section Editor: Liz Coolbaugh |
November 23, 2000
Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Development page. |
Development projectsBrowsersDOM Core Level 2 Conformance Tests. Bob Clary has put together as set of DOM Core Level 2 Conformance Tests which use the JavaScript bc TestFrame class to test browser functionality. DatabasesOraSoft tools to be supported by Advantio (Gnotices). Gnome's Gnotices has noted that a commercial entity known as Advantio has been set up to support Orasoft, the GPL licensed suite of Gtk and GNOME tools that interface to Oracle databases. EducationLinux in Education Report for November 20th. Issue number 33 of the Linux in Education report is now online. Topics in this release include a discussion on the problems with finding true desktop publishing software and links to tools like TypingKoach, a typing tutor; and KQuick, a language translator. Fabula project seeks help (mozDEV.org). Fabula is a Mozilla based program that consists of a reader and a maker. "Fabula is an easy-to-use program which allows children and teachers to create their own bilingual, multimedia storybooks complete with digital photos." Mozilla.org is looking for someone to take over the development and web page maintenance for the Fabula project, see the Fabula Contacts Page for more info. Math War teaches math skills. Now your kids can learn math skills in the context of a Linux game with Math War. "MathWar is more or less like playing with flash cards, with the exception that there is a computer player who can attempt to answer if the human player is too slow. A game of MathWar consists of a set number of rounds. A round consists of two cards and a mathematical operator (add, subtract, or multiplication). The first player to guess an answer for a round gets that rounds point if the guess is correct. Otherwise, the correct answer is displayed, and no points are awarded." ElectronicsNew gEDA PAL software: Icarus PAL (gEDA). The gEDA project has announced a new project, Icarus PAL. Icarus PAL aims to bring PAL software to the open-source world. Currently, it only supports the 22v10 PAL devices and can read JEDEC files. "My plan, as I'm sure you are aware, is to make an Icarus Verilog target module that makes uses this toolkit to generate 22v10 designs. We use a lot of 22v10 parts in my day job, so this is something *I* might even use:-)" Embedded SystemsEmbedded Linux GUI/Windowing Quick Reference Guide (LinuxDevices.com). LinuxDevices.com posted a reference guide for graphical interfaces suitable for use in embedded Linux devices. The guide lists numerous alternatives to the standard X Windows server/Toolkit UI used on desktop Linux systems. Most entries in the guide include typical memory footprints. ThinkNIC modifications online. ThinkNIC, the Internet computer from Larry Ellison, has posted the list of changes and links to updated source for the GPL code in their Linux based system. A link to an ISO image for their 1.2 CD is also provided. While not officially open to resellers due to the low profit margins on the base system, the company apparently is open to the possibility of value added resellers. (Thanks to Jay R. Ashworth.) Network ManagementOpenNMS Volume 1, Issue 35. The November 21, 2000 issue of the OpenNMS Update has been published. Topics include the current code freeze for the upcoming 4.0 release, stress testing, and giving some yearly thanks to those who deserve it. Office ApplicationsEazel Nautilus Preview2 impresses, frustrates (ZDNet). ZDNet takes a look at the 0.5 Preview2 release of the Eazel Nautilus file browser. "In use, Nautilus is flexible and fun. The user can quickly change themes and can further customize appearance by dragging and dropping color swatches and background images onto various Nautilus panes. Dragging two swatches onto opposite sides of the pane results in a gradient fill. The vector-based graphics theme is especially interesting, with its curvy icons." gimpi: Gimp images group formed. An eGroup known as gimpi has been formed recently. The purpose of Gimpi is to exchange images that are created or manipulated with the Gimp. On the DesktopFrom the Desktop: I Stands For Ice, Ice, Baby and Intro spection (LinuxPlanet). IceWM is a GNOME compliant window manager which is now the default for Debian distributions. LinuxPlanet takes a closer look at IceWM. "Some particular strengths of this interface are the taskbar and an easily configurable collection of setting files in ~/.icewm. Using some clearly written documentation available on the IceWm site, I was able to quickly get things set up the way I wanted them." GNOME on the Road; Rolling out the Red Carpet (LinuxPlanet). Linux Planet covers the portable version of GNOME with a discussion of Helix Code's Red Carpet package installer and the basic mail, graphics, and PIM desktop tools that GNOME provides. `Pronto's big strength is filtering. It handles this on a level we don't often see with other mail clients, with support for the normal globbing characters many are used to, or full Perl regular expressions for people looking for fine control. It also features virtual folders, which allow you to search for keywords or expressions and "can" the search into a folder for easy access without having to move mail around between them.' On Writing A Bonobo Control. Dirk-Jan C. Binnema recently posted a tutorial on writing Bonobo Controls. Bonobo is the component model of the GNOME project and Controls are user interface components that are accessed via CORBA. GNOMEnclature: Intro to Bonobo (IBM developerWorks). George Lebl continues his discussion on the Bonobo component architecture for GNOME in his IBM developerWorks column. "Components can also be used for things that have nothing to do with the user interface. A component for editing the password file, for example, can be used in the user administration application. In this case, the password file can be an abstract interface (which you wouldn't have to parse or write)." Pango Status Report. Owen Taylor has posted an update to Pango, the project designed to abstract text rendering and layout issues from widget sets. Pango is an offshoot of GTK+/GNOME, although it is not tied to either project. This update is in association with the recent GTK+/Glib 1.3.2 developer releases. ScienceStallman Replies to VistA Licensing Issues (Linux Med News). Linux Med News has posted a note from Richard Stallman concerning a licensing controversy with the VistA medical source code project. "I am not a lawyer, but I have spoken extensively with lawyers about copyright questions. Presuming that the VistA software is in the public domain, if you combine it with a GPL-covered program you must release the combination *as a whole* under the GPL. Using the VistA code in this way is allowed because public domain status permits practically anything." FreeMed 0.2.0 (Phoenix) Released (Linux Med News). Linux Med news reports on the release of FreeMed 0.2.0. FreeMed is a GPL licensed Medical Record and Practice Management system with a web based interface. Web-site DevelopmentZope Weekly News. Here is the Zope Weekly News for November 16. Documentation issues seem to be at the top of the agenda again. Zope 2.2.3 released. Zope 2.2.3 has been released, see the announcement for details. This is a bugfix release. The 2.2.3 release was quickly followed by Zope 2.2.4 beta 1, which addresses some permission problems in 2.2.3. (Thanks to Paul Hewitt). Section Editor: Forrest Cook |
November 23, 2000
|
|
Programming LanguagesERLANGUpdated XML tools for ERLANG. The ERLANG home page lists updated versions of the ERLANG's XMLtools and the verifying XML parser. JavaConnection Pools (IBM DeveloperWorks). Siva Visveswaran has written an article on Java Based Connection Pools. This technique is used for sharing server resources among clients. Make room for JavaSpaces (IBM DeveloperWorks). Susanne Hupfer writes about distributed data structures in Java. "The design of any space-based application typically revolves around one or more distributed data structures. These are data structures that exist in a space where multiple processes can access and work on them at the same time -- something that is often difficult to achieve in distributed computing models." PerlPerl5 porters for November 13-20, 2000. The Nov 13-20 Perl5 Porters digest is out. Topics covered include fixing the Regexp Engine, UTF8 and Charnames, and PerlIO, among other things. PHPPHP Weekly Summary for November 20, 2000. The November 20, 2000 issue of the PHP Weekly Summary is available. PHP CVS updates are discussed, as are OpenSSL encryption functions, a PHP versioning scheme, and a formal PHP language specification. PythonDr. Dobb's Python-URL! (November 20th). This week's Python-URL! is out. Topics include a comparison of Ruby and Python, and a discussion on turning lists into dictionaries with the tuple package. Python-dev summary. Here is A.M. Kuchling's Python-dev summary for November 15. The Python developers are starting to look forward to the 2.1 release, and this summary covers some of the ideas that they are considering. Programming with Python - Part 3: Extending Python (Linux.com). In this third issue of a continuing series Jason Tackaberry looks at the extensibility and embeddable nature of Python. "When you're programming strictly with Python, you don't have to worry about the particulars of reference counting, except to avoid cyclical references. Programming with Python/C is a different story, however. If you forget to decrement an object's reference, memory will be leaked, destructors won't be called, and the result will be a broken mess." Snack Sound Toolkit 2.0.3 released. Version 2.0.3 of the Snack Sound Toolkit for Python has been released. This version includes bug fixes, better documentation, and an improved test suite. Tcl/tkDr. Dobb's Tcl-URL! (November 20th). This week's Tcl-URL! is out. Topics include a discussion on the signficance of Postscript and another on module packaging alternatives. Section Editor: Forrest Cook |
Language Links Caml Caml Hump Tiny COBOL Erlang g95 Fortran Gnu Compiler Collection (GCC) Gnu Compiler for the Java Language (GCJ) Guile Haskell IBM Java Zone Jython Free the X3J Thirteen (Lisp) Use Perl O'Reilly's perl.com Dr. Dobbs' Perl PHP PHP Weekly Summary Daily Python-URL Python.org Python.faqts Python Eggs Ruby Ruby Garden MIT Scheme Schemers Squeak Smalltalk Why Smalltalk Tcl Developer Xchange Tcl-tk.net O'Reilly's XML.com Regular Expressions |
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Commerce page. |
Linux and BusinessLinux lows are an investment in the future. If, like me, you own stock in one or more Linux companies, this year you've probably considered selling a kidney to break even. Things look bleak when viewed from Wall Street. One the other hand, the dot-coms are probably in worse shape than the Linux stocks. At least none of our better known (re: once high flying) public companies has folded yet. Yet despite the dreary appearance of stocks, there is room for hope. In fact, there is room to be downright giddy. Over on C|Net, J. William Gurley took the wrappings off the silver lining in this bear of a market. In his article A Great Time for Building Great Companies he says: The race we just ended was, in the end, unsustainable. Most investors that had seen a few cycles before likely knew this in the back of their minds, but had no incentive to mention anything. The conservative ones that cried wolf in 1994 and 1995 were run over and left behind. When everyone jumped on the Linux Bandwagon, the euphoria that drove stocks to the unsustainable highs was based on the dot-com boom. As Gurley says, no one wanted to deny the boom - those that did missed the money. But that euphoria had no basis in reality. It was based on perception - the Internet is the next big wave so anyone involved with it must be a big money making machine. Yeah, right. Does making a business off of free software make sense? Ask yourself this - what's more irrational - Drkoop.com paying AOL $89million so AOL could use Drkoop's content or Red Hat building a product and services business on free software? Valuations of dot-coms, and eventually Linux companies, left out the most traditional method of income: product. Dot-coms bet their futures on people paying for information. But information is free (consider those institutions known as "Libraries"). Linux companies can provide product. Not just Linux itself, but value added applications, enhancements, environments, platforms and services. Linux is not dot-com. Later in his article, Gurley says: Truly great companies aren't built by the greedy, but by the passionate. ... Today's market is a great filter for finding passion-driven entrepreneurs. It's really not about the money.
The passion that spurred the rise of Linux initially has never left. It remains in the surge of adrenaline that you see in places like SourceForge. Products arise from the open source world to build new companies on modified business models - models that still rely on product, not just information. But the soul of these new companies isn't in the money, it's in the work. Open source builds product. Dot-coms seldom do. Savvy companies that adapt quickly and conserve capital may find themselves in a position with few to no competitors. Linux companies will survive as long as they conserve capital. With valuations down, the ability to spend based on stock is severely limited - companies need real revenue. Fortunately, most of the bigger names can generate real revenue. And in the end, their stock prices will rise because of that revenue. From the revenue, they will invest in the next big project - perhaps a vector based page layout application. As a writer (and an investor) I can only hope. The European Software Patent Horror Gallery. A group called The Association for the Promotion of a Free Informational Infrastructure has announced the creation of the 'European Software Patent Horror Gallery', a database of software patents which have been granted in Europe. "This database shows that software patents granted by the European Patent Office are even more trivial than software patents granted in the United States." It was unveiled on November 21 in Munich, with Richard Stallman there as a special guest. VA Linux meets lowered earnings estimate (News.com). After warning earlier this month of lowered earnings, news that sunk their stock price to an all time low and carried other Linux stocks with it, VA Linux reported losses in line with revised estimates of 15 cents a share. Red Hat Joins Standard 100. According to a Red Hat press release, the Linux distribution and services company was added on Monday to The Standard 100, a stock index of 100 Internet related firms. EBIZ acquires Jones Business Systems. EBIZ has announced the signing of an agreement to buy Jones Business Systems, a "white box" computer manufacturer. Jones is selling for 8.3 million shares of EBIZ stock, which is worth just over $6 million at current prices. It is claimed that the resulting company will have $50 million in revenue. Meanwhile, EBIZ also released its quarterly report. The company brought in $2.4 million in the quarter ending September 30 - down from $5.6 million in the same quarter last year. The drop is attributed to a new focus on higher-end Linux systems, rather than cheap Windows boxes. And, in fact, the result was a small increase in the company's gross profit. Music software company releases Linux product. MusicMatch, Inc. released a WINE based music jukebox player/recorder for Linux. The package is free for download from their web site. Macmillan USA Announces Release of Linux for Windows. Macmillan USA has released their latest version of Linux for Windows, the Linux-Mandrake based distribution for Windows users. D.H. Brown Rates VA Linux Systems as No. 1 in Linux Strategy and Solutions. VA Linux Systems, Inc. (LNUX) announced that D.H. Brown Associates, Inc. (DHBA), a research and consulting firm, has rated VA as No. 1 in overall Linux strategy in DHBA's recently released multi-client study on "Linux Strategies and Solutions." Press Releases:Open Source ProductsUnless specified, license is unverified.
Commercial Products for Linux
Products and Services Using Linux
Products with Linux Versions
Java Products
Books and Training
Partnerships
Investments and Acquisitions
Financing and Financial Results
Personnel
Other
Section Editor: Michael J. Hammel. |
November 23, 2000
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Linux in the news page. |
Linux in the newsKDE League.comment: Weaseling a Good Idea (LinuxPlanet). Here's an opinion piece on LinuxPlanet on the KDE League. "The fact that many of the backers of the Gnome Foundation are also involved in the KDE League suggests that after their two decades with a Microsoft monopoly they do not wish to be stuck with a single desktop now that they see Linux as the key to the iron-clad-locked chains of Redmond. And it couldn't come at a better time." IBM, KDE Relationship Deepens (LinuxNews). The IBM, KDE and ViaVoice partnership is getting more deeply entwined. LinuxNews interviews Sheila Harnett, the Technical Lead in IBM's Linux Technology Center. "The choice to enter the KDE League and encourage development on that desktop does not indicate exclusivity, Harnett said. 'We are also a part of the GNOME Foundation, and the intent of both of those organizations is to help promote each of those desktops,' she explained." KDE League looks much like Gnome Foundation (Upside). Upside has posted a look at the KDE League. "If imitation is the sincerest form of flattery, Gnome developers must be feeling pretty flattered right now." Open Source ApplicationsFree Radical: Ian Clarke has Big Plans for the Internet (O'Reilly Net). The O'Reilly Network talks with Freenet founder Ian Clarke. "You could look at [Freenet] like an ant colony where instead of food you have pieces of information, and instead of ants you have requests, which travel around this network." The coders' collective (ZDNet). ZDNet comments on FreeDevelopers.net. "It's hard enough to make a buck from Linux and free software the old fashioned way. Yet FreeDevelopers.net seeks to reinvent the way companies produce software, and to bring to development models the same kind of ethical imperatives and innovation that drive the FSF in its efforts to create and advocate its GPL license." Customizing vim (LinuxNewbie). Vim is an updated version of vi, the long time Unix text editor. In this article from LinuxNewbie, configuration options are examined in depth for customizing vim from an experienced users perspective. "First of all, there is one file whose place is not at all optional. This is your .vimrc file. This MUST be in your home directory. This file will also pretty much be the key to all of our customizations." Open source garners WebTechniques WebTools Awards. While the value of awards and honors are best judged by the individual, it is nice to note when open source projects are recognized by the world at large. This time around, WebTecniques magazine presented their Editors' and Readers' Choice awards for 2000. Open source winners included Apache (Editors' Choice, Infrastructure), Debian GNU/Linux (Readers' Choice, Infrastructure), PHP4 (Honorable Mention, Programming) and GIMP (Honorable Mention, Design). BusinessSCO-Caldera deal brings high-end features to Linux (News.com). News.com looks at the Caldera/SCO merger. "SCO's clustering software is a respected package that analysts say is ahead of competing products from established server giants such as Sun Microsystems, and as such, is a considerable boost to efforts to make Linux a more serious operating system. But the high-end Linux situation is complex. For one thing, Caldera Systems and SCO won't bring the full suite of clustering software to Linux, at least initially. For another, Caldera Systems' competitors, such as Red Hat, Turbolinux and Mission Critical Linux, are working on clustering software of their own. And Caldera Systems, with slim revenue and a bruised stock price, has left analysts cautious about its prospects." Linux server maker finds European partner (News.com). News.com covers Penguin Computing's deal with Bull. "The alliance elevates the Linux prospects of two companies striving to deal with larger or better-known competitors. San Francisco-based Penguin Computing plays second fiddle to Linux specialist VA Linux Systems, and Penguin Computing and Bull both face competition from big-name companies such as IBM, Hewlett-Packard, Compaq Computer and Dell Computer." VA Linux vs. the big guys (ZDNet). VA Linux has to move from the dying dot.com world to the enterprise market, a segment dominated by big name harware players like Dell, Compaq, IBM, and HP who have recently begun to entrench their Linux strategies. "But those sales from the business-to-consumer dot-coms aren't coming back. That means VA Linux has to take on the big guys to complement its booming sales to the likes of Akamai." There's Plenty of Life Left in VA Linux (Business Week). Business Week thinks VA Linux Systems has potential despite its ravaged stock price. "But don't toss VA Linux onto the ever-growing trash pile of Net stocks that were once mighty. This company still has a good business plan, an admirable market niche, and a big pile of cash to keep it running until it reaches profitability, which should be sometime before the end of 2001. Despite that first-quarter sales hiccup, this company's revenues are still impressive." Linux at a Crossroads (SmartMoney.com). Smart Money takes a look at the business climate and Linux, likening the market for open source to selling water. "In a nutshell, companies attempting to profit off the Linux operating system are having the same problems as those looking to make a buck off selling water: How do you make money when your product is ubiquitous and free? Furthermore, now that the hype surrounding these stocks has past, investors are paying attention to what they really knew all along - slaying the beast in Redmond will take much more than just angry talk and good intentions." Corel falls as CEO says it may sell Linux business (The Globe and Mail). The Globe and Mail is reporting that Corel's drop in stock price on Monday was directly related to the possible sell off of it's Linux business. "A Corel spokesperson said selling the company's Linux unit is just one of many options. 'This is really nothing new,' said Anne Vis, who pointed to a range of possible examples. 'We could merge with someone.'" (Thanks to Michael Walma) New Members For The Java Community Process (ZDNet). The election of members to the two boards of the Java community process has finally been completed, according to this ZDNet article. "For the Micro Edition Committee, the 10 Sun nominees were also all ratified, in the following order: Motorola and Nokia tied for top vote-getter, each garnering 98 percent. 3Com's Palm unit, maker of the Palm Pilot, was second with 95 percent; Philips, the Dutch electronics maker, was third with 92 percent; IBM was fourth with 90 percent." DVD Piracy Judge Tells All (Wired). Wired News talks with the DVD case judge. "U.S. District Judge Lewis Kaplan doesn't truly dislike hackers and open-source programmers, not exactly. Kaplan, who sided with the motion picture industry in a landmark DVD-descrambling lawsuit this year, simply views them as lawless miscreants." Commercial ProductsDevice profile: Gateway Connected Touch Pad (LinuxDevices.com). LinuxDevices.com profiles the Gateway Connected Touch Pad, which is a Crusoe-based device running Mobile Linux. It doesn't seem aimed at the typical Linux user, though. "The device is preconfigured to offer instant-on access to a suite of AOL services including email, instant messaging, calendar, address book, chat, and full Internet access. The AOL service will also provide easy access to content of particular interest to users in the kitchen or family room -- for example: recipes, grocery and gift ideas, TV and movie listings, online music, etc." Will Cube copy bring Apple's wrath? (ZDNet). A G4 Cube-like Linux server made it's way to Comdex this week. ZDNet wonders whether Apple will let this box play on. "Apple watchers across the Web are speculating whether the latest apparent homage to the Mac maker's industrial design will draw a legal response from Cupertino." Linux in UseNZ Army targets Linux simulation (Stuff). A New Zealand site called "Stuff" has an article about Linux usage down under. "The New Zealand Army is among a growing band turning to open source operating system Linux, using it to stage virtual combats." (Thanks to Ian McDonald). ResourcesFreeware Port Scanners: Plug the Holes (ZDNet). ZDNet describes the use of port scanners for the security conscious. "If a port lets data flow out, it also lets data flow in. A port is essentially an opening into your computer, and it can be hacked. Someone can infect your machine with a Trojan horse in this way, and that's only one of a host of distressing possibilities." ComdexUsers: Interface problems hold back Linux (CNN). CNN covers Linux user interface issues through the eyes of Miguel de Icaza, who gave the keynote at the Linux Business Expo Conference, one of the special programs at Comdex Fall 2000. "de Icaza bemoaned the fact that systems administrators still struggle to install applications on Linux and that antiquated versions of Gnome, a graphical-oriented user interface for the operating system, continue to ship with different distributions of Linux." World Domination? Heh. (Linux Journal). Linux Journal senior editor Doc Searls covers the girth of platforms supporting Linux at the Linux Business Expo during last week's COMDEX. "I stopped [at the Internet Appliance booth] to check the place out because I was sure that anything called a 'server appliance' probably had to run on Linux. And sure 'nuff, it does. So, it seems, does nearly everything else that's called 'thin' or an 'appliance'." (Thanks to Jay Ashworth) Linux inside (MSNBC). MSNBC reports from Comdex. "It was nice to see all the companies that have become well known in the Linux field: Red Hat, SuSE, Corel, Caldera, Slackware, Best, Storm -- you name them, they were there, showing of their wares and telling attendees how their version of the open software operating system was better than all the rest." ReviewsCobalt RaQ 4r Review (LinuxLookup). The Cobalt RaQ 4r is reviewed in depth in this LinuxLookup article. "The Raq4 comes pre-configured with Apache web server, ProFTPd FTP server, Sendmail, DNS, FrontPage 2000 server extensions, Arkeia backup client, 128-bit SSL, web-publishing (ASP, CGI, Perl and PHP) options, Virtual-domain support, and Cobalt's bandwidth management service." InterviewsPeople Behind KDE: Lars Knoll. In its latest interview, the People Behind KDE series talks with Lars Knoll, the author of the HTML rendering widget found in the KDE web browser Konqueror. Section Editor: Rebecca Sobol |
November 23, 2000 |
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Announcements page. |
AnnouncementsResourcesUK's Largest Online Training Directory Reaches 10,000 Courses. Training Pages announced that it had just passed the landmark of ten thousand (10,000) distinct and separate courses. Training Pages runs entirely on open source software, including the Linux operating system, the Apache web server, the MySQL database and the PHP scripting language. EventsLinux.conf.au program posted. linux.conf.au, happening in Sydney on January 17 to 20, 2001, has posted its conference program. Keynote speakers are Alan Cox, David Miller, and Andrew Tridgell. The registration process is also open. LINUX Business Expo Delivers Open Source Alternatives. Key3Media Group, Inc. put out this press release on the growth of the LINUX Business Expo. "LINUX Business Expo debuted in 1999 at COMDEX/Fall. Since its inception, LINUX Business Expo has grown from 17,700 square feet to more than 40,000 square feet. The growth of LINUX Business Expo is a reflection of the tremendous growth within the Linux community, especially in embedded systems." November/December events.
Additional events can be found in the LWN Event Calendar. Event submissions should be sent to lwn@lwn.net in a plain text format. Web sitesUser Group NewsLUG Events: November 22 - December 7, 2000.
Additional events can be found in the LWN Event Calendar. Event submissions should be sent to lwn@lwn.net in a plain text format. |
November 23, 2000 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Software AnnouncementsHere are this week's Freshmeat software announcements. Freshmeat now offers the announcements sorted in two different ways: |
Our software announcements are provided courtesy of FreshMeat
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Back page page. |
Linux Links of the WeekEver wonder what LinuxToday co-founder Dave Whitinger is up to these days? A look at Dave's Garden shows a rather more low-tech approach to life... Have you ever come up with a good idea, but lacked the time to develop it? If so, check out ShouldExist, the page of Good ideas that are free for all. Read about using paper as a data storage medium and writing a markup language that encodes speech. Section Editor: Jon Corbet |
November 23, 2000 |
|
This week in historyTwo years ago The LWN staff was taking a much needed week off for vacation. One year ago The LWN staff was taking another much needed week off for vacation. This year we decided to work a little harder, that way we won't have so many press releases to deal with next week. | |
|
Letters to the editorLetters to the editor should be sent to letters@lwn.net. Preference will be given to letters which are short, to the point, and well written. If you want your email address "anti-spammed" in some way please be sure to let us know. We do not have a policy against anonymous letters, but we will be reluctant to include them. | |
From: Marko Samastur <markos@vidra.net> Date: Thu, 16 Nov 2000 12:20:31 +0100 To: letters@lwn.net Subject: KDE League Hi, I just wanted to make few remarks about KDE League. In editorial you wrote: "That intent is clearly sincere, and no doubt the KDE developers are determined to make things turn out that way. But in a world where many of those developers are employed by League members, what is going to happen when the League starts to claim that its PR and marketing goals would be helped if certain development directions were taken? One can see a distinct potential for conflict." No, one can not, if this one actually reads bylaws of KDE League. Board of directors, that will lead the whole thing, will have three kind of members. Companies can be either CE or CA members (depending on how much they pay) and there's also a developer community (KD). So, what do bylaws say about this board? In section 4.1: "...No person shall be qualified to become a director if such person is employed by or affiliated with any company or corporation which has appointed another director of the League." This means that respresentatives of KDE community will REALLY be that, since they are not allowed to work for or be paid by companies that are part of KDE League. In section 4.2: "The directors shall have voting power on all matters to be voted on by the Board as follows. Each CE Director shall have five (5) votes. Each CA Director shall have one (1) vote. The KD Directors shall have an aggregate number of votes equal to the sum of (i) five (5) times the number of CE Members, plus (ii) the number of CA Members, such votes to be divided as nearly as practicable among them, with any remaining votes being conferred on the KD Directors in the order appointed by the KD Member." This means, KD (KDE developers) will have exactly the same number of directors as companies. Together with 4.1 this makes them equal partners. And then there's section 4.7: "At all meetings of the Board of Directors one-half of the entire Board (rounding upwards in case of an odd number of directors) shall constitute a quorum for the transaction of business. The vote of two-thirds (rounding downwards in case the number of directors is not evenly divisible by three) of the votes of the directors present at a meeting at which a quorum is present shall be the act of the Board unless the Certificate of Incorporation or these Bylaws shall require a vote of a greater number...." This effectively means that no half of directors could simply out-vote the other half, because every action needs at least 2/3 majority vote. I think it's clear that your fears are not justified. Kind regards, Marko | ||
Date: Thu, 16 Nov 2000 13:18:06 +0100 From: fermigier <sf@fermigier.com> To: lwn@lwn.net Subject: KDE League vs Gnome Foundation. Hi, For the first time in 2 1/2 years, I do not agree with one of your analyses when you say " Not stated, but clearly implicit, is that each is promoting its system in competition with the other. The KDE League is not (at this point) promoting KDE over Windows, and it is not (they say) influencing development. Its target, for now at least, is GNOME." I haven't seen this message in the announcement of the KDE league. The Gnome foundation, when it announced its existence last summer, has probably been a little too far, and the media has pushed the story even farther. I don't think the Gnome Foundation will play that angle ever again, since this was certainly not well perceved but the community (cf. http://www.linux-mandrake.com/en/pr-kgwar.php3). And by the way, I fully support the 6 companies who chose to belong to both organisations (of course, there a companies like Troll Tech or Helix who have no interest in the other toolkit, so I can't blame them), and I hope that they will be able to prevent last August's PR mess from happening again. Cheers, S. -- Stéfane Fermigier, Tel: 06 63 04 12 77 (mobile). Portalux.com: le portail Linux. "How will Microsoft develop Windows 2015? Hire 1 million programmers and 2 million code scrubbers?" Business Week | ||
Date: Fri, 17 Nov 2000 11:41:42 -0500 From: andrew@pimlott.ne.mediaone.net To: lwn@lwn.net Subject: Trouble with modutils LWN wrote: > The problem is interesting to look at, since it shows how hard it can > be to get things right. It's only "hard to get right" if you adopt the Unix attitude that even critical facilities should be half-ass designed, underspecified, and poorly documented. Consider the following, each a shortcoming on its own, and a horror in combination (for modprobe, I am refering to versions prior to this incident): - There is no consistent policy for whether a non-privileged user should be able to cause modules to be loaded, and if so which modules. modprobe does not permit non-privileged users do anything, while the kernel thinks they should be able to load any module. - The kernel does not pass enough information to modprobe for modprobe to know which user caused the request, why the request was made, or whether the request is "tainted". - modprobe does not offer any facilities for controlling what modules may be autoloaded (as opposed to explicitly loaded). - The kernel fails to use the standard GNU getopt end-of-arguments flag "--". - modprobe offers no way to disable pattern expansion Probably the safest policy would be "no autoloading, period". This is in fact a quite workable policy for most systems. Needed modules could be added to a list by installers, by configurators, or by hand. PCMCIA and hotplug daemons would explicitly load drivers for detected devices. Another reasonable policy would require autoloadable modules to be listed in modules.conf. Another would be that only "well-known" modules (and module aliases) could be autoloaded, where well-known is a boolean argument passed from the kernel to modprobe. Standard modules like "sunrpc" would be "well-known", but module names coming directly from non-privileged users would obviously not be. > The sad truth is that validating user input is hard This is a meaningless sentence in this context. There is no such thing as validating when ther is no agreement about what should be allowed. Given such an agreement, validation should not be hard at all. Andrew | ||
Date: Tue, 21 Nov 2000 23:17:35 +0100 From: "Michael Thayer" <thayer@web.de> To: letters@lwn.net Subject: Modular kernel Hello, This is a slightly late letter about your discussion a month ago of the possibility of modularising the kernel. You said that the main argument against was that too much compatibility code would get left in the kernel. However, I don't quite follow the problem - I think that interfaces would be expected to remain stable within stable kernel versions, but I'm sure that no one would expect the same interface to remain from say 2.6 to 2.8. Most free programs compile on about twenty different operating systems - is it too much to ask for kernel componants to compile for two or three different kernel versions? Regards, Michael Thayer _______________________________________________________________________ 1.000.000 DM gewinnen - kostenlos tippen - http://millionenklick.web.de IhrName@web.de, 8MB Speicher, Verschluesselung - http://freemail.web.de | ||
Date: Fri, 17 Nov 2000 21:04:51 GMT From: Duncan Simpson <dps@io.stargate.co.uk> To: letters@lwn.net Subject: "Designed" software vs. grown software You fail to point out that a lot of software which grows organically sometimes gets a clean design during upgrade. In particular the maintaner decides that some hack is one feature too far for the present design and cleans up the code before adding the feature. (IN particular in development versions, which are not nescarily visible, for example I know of a clean version of word2x (which is on my box right now)). Of course, some software just gets featuritis and dies when the design proves insufficient. I perosnally think that open source software is more likely to get the proper redesign by someone than commercial software The fetaure the marketing department wants gets there faster by going via the dirty and bug producing route. Experience has thaught me than an imposed external design can be a big mistake... shall I say that it is the difference between ~50K overhead and working programs (what I have now) with a lot more overhead and dud programs (what the previous design got to, before it died). I could cire other example, for example the move in checkps from hairy toilet roll section to a nicer version with that code moved into a library. I am sure plenty of other programs could tell a similar tale. Duncan (-: | ||
Date: Thu, 16 Nov 2000 20:30:58 +0530 From: Ramakrishnan M <rkrishnan@ti.com> To: letters@lwn.net Subject: Netscape 6...it's not for me. Hello I had been following the development of Mozilla, and had been using it from M6 onwards. I have also tried using the infamous PR releases of Netscape. As the several postings at different places showed, people are not happy with the new installation style of Netscape 6. I had never succeeded in installing the PR releases as well as the final release of Netscape 6. Though there are proxy settings, it simply does not work for me.(I do not know why). There may definitely be work arounds. But it was annoying for me, and after several unsuccessful attempts, I aborted the mission. As a loyal Netscape user, I am still using 4.5 version(under Windows NT 4.0), and obviously am not happy with it. I feel GNU/Linux still lacks a best-in-class browser. Netscape fonts sucks, and the brand new Mozilla renders things too slowly, and also crashes too often. We need a better solution to progress. It's a shame if the Free Software community did not come up with a better solution, and show the world once again, that they can outperform the best! cheers -- Ramakrishnan.M | Voice over Packet Group Software Design Engineer | Texas Instruments, India | ||
Date: Thu, 16 Nov 2000 09:38:12 -0800 (PST) From: "Robert A. Knop Jr." <rknop@pobox.com> To: letters@lwn.net Subject: I'm alarmed about LinDVD [Note: this is longer than most letters to the editor on the back page, but it is something that I believe needs to be pointed out as often as possible. If this is too long for the Back Page, and if you have a place for "Op Ed" pieces, please consider this as a submission for that forum.] I alarmed about LinDVD-- not its existence, which many celebrate, but rather what it represents as the latest development in a larger alarming situation. The article which LWN Daily pointed to on November 16 itself was alarming in its assumed attitudes about commercial and open source software. I was surprised that there were no editorial comments in the LWN Daily link; I can't wait to see what is said about it in the next full release of LWN. In the "good old days," some pieces of hardware were not supported by Linux because the companies who produced the hardware refused to release information necessary to write drivers for them without an NDA that would permit distribution of those drivers. Eventually the company might come to its senses, or some open-source hacker might reverse-engineer the thing well enough to release a driver that would work pretty well. By and large, though, Linux users learned to avoid hardware from clueless companies, and to buy hardware from companies that released the information Linux hackers needed to write drivers for their hardware. Although this would often limit options, there were other products available to solve the same problem. For instance, there was a period when many new laptops were using the neoMagic graphic chipset, but the information necessary for an XFree86 driver wasn't available. But even then, there were other laptops availble to Linux users. Even today, when many commercial interests consider Linux support a worthwhile investment, a dichotomy exists. Consider, for instance, 3d video cards. You can get what are reported to be very good Linux drivers for NVidia cards-- but they're proprietary drivers, available (if I'm not mistaken) in binary form from the vendors. This leads "Linux Journal" in a recent article to recommend a lower-performing Matrox or 3dfx card over the NVidia card. Matrox and 3dfx have a clue and give out the information necessary to develop truly open source and free drivers for their cards (LJ, November 2000, p. 82). In industries where you have a choice between different pieces of hardware, or different solutions to the same problem, this is fine. Many Linux users are happy to sacrifice a bit of performance, which in many cases they won't even notice, for better (or even philosophically preferable) support of their hardware. With DVD, we've got a whole new ugly trend arising. Now, it's not individual hardware manufacturers who are refusing to play nice: it's the very format! LinDVD is trumpeted as a "legal" DVD player. But it's not free, it's not open source. You can't look at the source code, and it's not going to go into a lot of distributions. I don't know if it will even be free in the "free beer" sense of the word. When there is an open source effort to play DVDs on Linux, its writers and distributors face legal penalties; the article linked to by LWN about LinDVD labels them as "Unibomber" types. This is where laws such as the DMCA have taken us. The very act of trying to create an open source driver for a whole class of increasingly popular devices is now compared to a terrorist act-- and, alarmingly, a lot of public opinion (or at least media spin opinion) seems to be agreeing with this patently ridiculous idea. This should scare open source advocates much more than Microsoft's latest overt maneuverings, and much more than incompatabilities and advertising sidebars in Netscape 6. DVDs are hugely popular, but it looks like Linux will always and forever more be beholden to commercial software vendors to play them-- not for technical reasons, but for legal reasons! If the stupid laws like the DMCA are going to stand despite how contrary they are to the concepts of freedom on which the USA was putatively founded, Linux users really have only two choices. Admit defeat and surrender to the proprietary commercial forces that many in the community have been resisting for so long, or boycott DVDs altogether. The latter will be difficult, because the format is the only game out there in its performance class, and because DVDs are becoming hugely popular. But the MPAA stranglehold on the *format*, which seems to prevent even the possibility of free drivers, is unacceptable. Alas, if only the freedom of Linux were receiving as much press as the "Microsoft alternative" aspects of Linux. If it were, then it might conceivably be practical for a company or consortium to develop a viable alternative to DVD with equivalent convenience and performance characteristics. This new format could have its formats and standards released openly. Linux *could* support that, and so could Windows, and so could stand-alone players. With a lot of luck, that format might take off; the shortsighted over-legalistic power-grabbing policies of the folks behind DVD would send it spiraling the way of DIVX. I realize, of course, that I am dreaming. If only the popular media and the population at large understood the issues of freedom that were truly at stake, and if only they understood the difference between software pirates (who want to steal others' work) and open source developers (who merely want the ability to choose how they play and use the DVDs that they already leagally own). Never mind understanding the difference between open source developers and mail bombing terrorists! In the real world, DVDs almost certainly represent a turning point for Linux. In the past, there were only technical reasons for our not having a fully functional Linux desktop (e.g. because nobody had written a full featured open source WYSIWYG word processor). Technical reasons could in principle be overcome, and it's clear that most of the technical reasons that used to beset Linux are currently being overcome. However, henceforth it is going to be illegal in the USA to have a fully functional Linux desktop, because nobody will be ALLOWED to legally write an open source DVD reader. What else is going to fall into this category after the DVD? How many open source devlopers are going to go to jail under the DMCA and similar government-supplied blunt instruments for big business before we all give up and admit defeat? This is highly tragic. -Rob Knop rknop@pobox.com | ||