![[LWN Logo]](http://old.lwn.net/images/lcorner.png)
![[LWN.net]](http://old.lwn.net/images/bigpage.png)
|
|
|
Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise
news for all interests
 Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Linux History Letters
Other LWN stuff:
Archives/search
Recent features: Here is the permanent site for this page. See also: last week's LWN.
|
Leading items and editorialsThe case for competition. Those who would criticize free software often pick on competing projects (GNOME and KDE being the classic example) as an example of inefficiency and inability to work together. Many free software supporters take a similar view. According to many, the free software community would be better off if everybody worked on a single project in each area. Think of how much more could be accomplished that way. Recent events, however, have provided us with a counterexample of utmost clarity. The Berkeley Internet Name Domain (BIND) server is one of the classic free software success stories. It is free software, and plays a crucial role in the operation of the Internet. It runs almost every DNS server on the planet; its "market share" makes Sendmail and Apache look like bit players. And therein lies the problem. When a security problem turns up in BIND, the entire net is immediately vulnerable. In this respect, the net is a monoculture. Imagine the damage that could be done by a malign individual who is able to find and exploit a new BIND bug. Given that (1) BIND bugs seem to turn up regularly, and (2) BIND 9 contains a large amount of new code, this scenario is a real possibility. The fact that ISC plans to create a closed forum for the discussion of BIND security issues (see this week's LWN security page) does not add confidence in this area. BIND shares a lot of characteristics with sendmail. It is a piece of near-universal infrastructure which performs a crucial function. It is also too large and complex to ever be audited thoroughly. Sendmail, however, faces viable competitors; those who do not want to run it can do very well with qmail, Postfix, Exim, or others. These mailers handle a small piece of the Internet's mail traffic, but they add a great deal of security and robustness to the system. BIND is not entirely without competition either. Some of the other free (or "almost free") DNS servers out there include:
From the above list, one can conclude that BIND's competitors have some ground to cover yet (though supporters of djbdns disagree). Energetic hackers looking for a project may want to consider the creation of a viable competitor to BIND; the net will be a safer place when we have one. Speaking of the KDE/GNOME competition... if you search for KDE on Google you'll find, among the expected things, a "sponsored link" from Ximian. Not everybody thinks that's quite the form the competition should take... SuSE lays off most of its U.S. staff. We have now received word from several SuSE employees that they have been laid off as part of a general cost-cutting measure. Evidently, almost all of SuSE's U.S. presence will be closed down, leaving "about two dozen" people out of work. The people affected were doing installation support, consulting, and some development work. Some of them have been saying their goodbyes on the SuSE English mailing list; it is clear that they will be missed. We wish the best for all the SuSE folks. If you are not one of the people involved, this step is actually not all that significant. SuSE apparently has no intention of cutting back on its English edition or backing out of the U.S. market - SuSE Linux will be available as always. And, in the end, a couple dozen people out of a worldwide total of around 600 is a pretty small reduction - a number of Linux companies have made much larger cutbacks than that. SuSE remains alive and well. (See also: this Slashdot comment posting from SuSE employee Michael Hasenstein on the layoffs and what they mean for SuSE). Amusingly, SuSE's U.S. PR agency dismissed LWN's initial reporting on the layoff as "totally rubbish". We're waiting for our apology...:) It's time to make a choice about software licensing. At least, that's what we read on the front of a piece of junk mail that Microsoft, in its wisdom, chose to send to the LWN offices. On the back, the choices are clearly spelled out:
You'll be glad to know that the Business Software Alliance has declared a "28-day truce" - for the month of February, it will "hold off on software investigations." Now is the time to go out and be sure you've bought licenses for everything you (and your employees) are using, or "pay the price." Microsoft hopes to simultaneously take advantage of and dissociate itself from this ugly aspect of proprietary software. Come to terms with the Good Cop (Microsoft), and it will protect you from the Bad Cop (the BSA). This brochure, of course, leaves out an important alternative:
Anybody who has administered a network of systems can attest to the hassles of dealing with software licensing. The up-front cost is one thing, but the administrative time involved in managing software licensing is considerable. Tracking software on systems, maintaining a database, running license manager daemons, getting everything working again after a hardware or software upgrade, and so on, takes a great deal of effort. Proprietary software is a costly game to play if you stick to the rules. And if you don't, there's the BSA with its audits and raids and penalties. The BSA has become a sort of software industry police force, with the willingness and ability to go to the courts for the authority to raid companies and "audit" their computers. And this is not just a U.S. phenomenon; the BSA is a worldwide organization. Free software brings freedom, and that includes freedom from threats and raids by BSA bullyboys. How much is that freedom worth to your company? LinuxWorld 2001 New York. If you didn't catch the links to our LinuxWorld coverage on the daily page this past week, here is your chance to check it out. This year's conference was a study in contrasts; the exhibit floor was twice the size of last year, but several vendors canceled their attendance at the show at the last minute. The venture capitalists were no longer circling, but that didn't mean that money wasn't present. This time, it came in the form of a large new presence from the big computer companies, IBM in particular, but also Intel, Dell, Compaq and more. In many ways, there was more money around than ever; IBM's investments were part of that, but also it was clear that the large companies were confident that Linux was moving into the enterprise. Maybe we've only got our toe in the door at the moment, but that is changing quickly. And the enterprise is where customers can and will spend money to get what they need. Overall, the mood was upbeat. While Linux IPOs and other get-rich-quick schemes were definitely in disfavor, the feeling that Linux and Open Source software is an unstoppable movement was still present, possibly bolstered by the preview release of Revolution OS, a documentary about Free Software, Linux and Open Source and its impact on many people's lives. Even if you aren't one of the people in that film (it could only focus on a few), it is an experience to see the world we've lived in portrayed on film. We hope it will do well at its official opening in March and move on to become available for more people to see. Meanwhile, our coverage is not yet complete; interviews and feature articles based on last week's work will be forthcoming in the near future. Inside this week's Linux Weekly News:
This Week's LWN was brought to you by:
|
February 8, 2001
|
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Security page.
|
SecurityNews and EditorialsPrivacy issues with HTML-based email. The Privacy Foundation has issued an advisory regarding potential security problems with HTML-based email containing Javascript code. When read by mail clients such as Netscape 6, Outlook or Outlook Express, javascript code included in a message can be used to silently report back to the original sender information such as to whom the message is forwarded or what additions are made to a forwarded message, potentially revealing sensitive information. This message from the politechbot.com mailing list provides a good summary of the issues involved, as well as links crediting the source of the security report. They sum it up pretty well, "Friends don't send friends HTML email". Note that not all HTML mail readers are affected. Some turn off Javascript by default while others automatically strip Javascript from messages before displaying them. Now is a good time to determine how your mail client handles such messages. ISC to close access to Bind security info?. Last week's reported security vulnerabilities in both bind 4 and bind 8 were followed this week by plans from ISC (the company who has been developing bind 9) to create a new "bind-members" forum for the discussion and dissemination of security information related to bind. Membership in this forum would be strictly limited, a nondisclosure agreement would be required, and a fee would be charged. Theo de Raadt forwarded (to Bugtraq) a copy of an email message from Paul Vixie at ISC that discusses the proposal. As you might expect, a large amount of furor and discussion resulted. Kurt Seifreid at SecurityPortal.com followed up on this issue with ISC and others. His article includes a brief email interview with Paul Vixie, who commented: An important point to make, if you're going to write about this, is that nothing ISC has historically done will stop. The code is still completely redistributable under the Berkeley-style license (which, unlike the GPL, allows vendors to distribute binaries based on modified sources without sharing those source modifications with ISC or anybody else). CERT will still be ISC's channel for announcing security bugs to the community. Patches will still be accepted from the community, and published to the community. The ONLY thing bind-members will do is ADD SOMETHING NEW.
The commentary in the article from Linux-Mandrake, Immunix OS, and others, though, is still uniformly negative towards this move. From our perspective, though we sympathize with ISC's need to develop a revenue stream based on this Open Source product, their suggested model strongly resembles the X Consortium model (which Paul Vixie references). We consider that a failed model. In spite of the inclusion of non-profit members without a fee, the X Consortium eventually bogged down in corporate politics, failing to deliver quality development upgrades and leaving a vacuum that the XFree86 group has happily stepped in to fill. In a similar manner, the bind-members group could result in timely information about potential security problems not getting out, or one vendor's fixes being delayed because fixes from other vendors were not yet available. Given the wide-spread use of bind across the Internet, this is a cause for much concern. If ISC is, indeed, planning on offering services to vendors that are in addition to what it already offers on public mailing lists, they should certainly be able to require a fee for that service. However, the need for a non-disclosure agreement along with that fee has not been demonstrated. For more coverage on this issue, check out our editorial on this week's front page. NSA attempting to design crack-proof computer (ZDNet). ZDNet looks at how VMWare and the National Security Agency have teamed up to make a more secure PC. "Called "NetTop," VMware's answer would turn each computer into a number of virtual PCs running on a Linux computer that would sit on each worker's desk. The security system would erect supposedly impenetrable, but virtual, walls between public data and more sensitive information on the same computer. " Note that VMWare on Linux was considered an avenue for this development while VMWare on Windows NT, etc., was not. Why? Because Linux provides the source code and Windows does not. NSA understands that they need the source code to be available to build a trusted system. NSA is therefore making a strong stand in support of Open Source, but not necessarily in support of Free Software. The article also discusses their plans to use commercial off-the-shelf software. Hopefully, closed source proprietary software will not be used while manipulating secure data ... otherwise, their exclusion of Microsoft's operating system will be meaningless. (Thanks to Richard Storey) Security of the WEP algorithm. Nikita Borisov, Ian Goldberg, and David Wagner have posted a whitepaper describing vulnerabilities they see in the Wired Equivalent Privacy (WEP) algorithm, part of the 802.11 standard. The potential for passive and active attacks to decrypt traffic are described, as well as one to inject new traffic. "Our analysis suggests that all of these attacks are practical to mount using only inexpensive off-the-shelf equipment. We recommend that anyone using an 802.11 wireless network not rely on WEP for security, and employ other security measures to protect their wireless network." Security ReportsSSH1 brute force password vulnerability. A potential vulnerability in SSH1 was reported this week involving the ability to brute force passwords due to the manner in which failed passwords are logged. A patch against ssh-1.2.30 is provided.SSH protocol 1.5 key session recovery vulnerability. A second SSH problem was reported this week, this time with the SSH protocol 1.5. This advisory describes the vulnerability, which can allow the session key for an exchange to be captured and then used to decrypt session packets. ssh-1 "up to" ssh-1.2.31 is reportedly vulnerable, presumably meaning that ssh-1.2.31 is also affected. ssh-2.4.0 and later is not impacted because the server key is regenerated for every connection. SSH.com deprecates the use of SSH1.OpenSSH "up to" 2.3.0 is also vulnerable. A patch has been introduced into the OpenSSH source tree. Updated versions of OpenSSH and portable OpenSSH (for non-OpenBSD systems) have not yet been announced; presumably they'll be made available soon. Linux kernel 2.4.1 denial-of-service vulnerability. A denial-of-service vulnerability has been reported in the Linux 2.4.1 kernel code. A patch for the problem is available and will be merged into the next prepatch for Linux 2.4.2. Distribution updates for the problem are unlikely to be seen, since most distributions have not yet begun shipping the new stable kernel series.XEmacs/gnuserv execution of arbitrary code. gnuserv is a client/server package included with XEmacs, but also available as a standalone package. Via gnuserv's support for MIT-MAGIC-COOKIE authentication, it can be exploited remotely to execute arbitrary code. gnuserv 3.12.1 resolves the problem and is included with XEmacs 21.1.14. Check BugTraq ID 2333 for more details.CUPS denial-of-service vulnerability. This is the second time we've seen reports of security problems in CUPS which appear to originate from Linux-Mandrake (e.g., no previous reports were seen on BugTraq or elsewhere). This time, a denial-of-service problem was reported that can be triggered via an extra-long input line. In addition, however, the Linux-Mandrake update apparently also includes other security-auditing steps, such as the replacement of sprintf calls with snprintf, strcpy with strncpy, etc., to better protect against other potential buffer overflows.
man -l format string vulnerability. A format string vulnerability in the man command was reported in its processing of the "-l" command line option. Note that not all versions of man provide the "-l" option. Only Debian and SuSE are reported to be affected, with varying results, due to varying permissions on the man binary. SuSE has confirmed the problem and promised an update soon. A bug report has been filed with Debian.Multiple vulnerabilities in ProFTPD. Three vulnerabilities in ProFTPD have been reported to BugTraq in the past month, according to this advisory from the ProFTPD development team. The vulnerabilities include a size memory leak, a USER memory link and format string vulnerabilities (links to the original reports are provided through the advisory). ProFTPD 1.2.0rc3 has now been released with fixes for all the above problems.
Sporadic reports of nmap crashing bind 9.1.0. Reports have been posted to BugTraq describing reproducible crashes of bind 9.1.0 caused by nmap. On the other hand, each of those reports has been followed by anecdotal evidence that 9.1.0 does not crash on all platforms and setups. So far, no one has pinpointed the cause of the crash in the 9.1.0 source code, so while there is a potential denial-of-service problem, it has not yet been confirmed.Infobot perl-based IRC bot remote execution of arbitrary command. A security problem has been reported with the Infobot perl-based IRC bot which could be exploited to run arbitrary files under the IRC bot user id. Disabling fortran math in the configuration file and restarting is a workaround for the vulnerability. No patch or update has been reported yet.cgi-bin scripts. The following cgi-bin scripts were reported to contain vulnerabilities:
Commercial products. The following commercial products were reported to contain vulnerabilities:
UpdatesMultiple vulnerabilities in bind 8.2.2 and bind 4. Check the February 1st LWN Security Summary for the initial reports. Bind 8.2.3 contains fixes for the problems with 8.2.2. Bind 4 fixes are also available, but an upgrade to bind 8 or even bind 9 is generally considered a preferable approach.This week's updates:
Previous updates:
MySQL buffer overflow. Check the January 25th LWN Security Summary or BugTraq ID 2262 for the original reports. This can be exploited remotely to gain access to the system under the uid of the mysql server. MySQL 3.23.31 and earlier are affected. MySQL 3.23.32 fixes the problem.This week's updates:
kdesu password sniffing vulnerability. The KDE "kdesu" utility has a vulnerability that can allow a local user to steal passwords; see the January 25 LWN Security Section for the initial report. This week's updates:
Multiple glibc vulnerabilities. Multiple glibc vulnerabilities have been reported in recent weeks in glibc. Since glibc updates generally address all the problems, rather than one specific problem, we are combining the update report for them. For the original reports, check the January 18th, 2001, LWN Security Report under the topics "glibc RESOLV_HOST_CONF preload vulnerability" and "glibc local write/ld.so.cache preload vulnerability". This week's updates: Previous updates:
exmh symlink vulnerability. Check the January 18th LWN Security Summary for the initial report.This week's updates:
ResourcesWilliam Stearns announced the latest version of his ramenfind script, for detecting and removing the Ramen worm.Osvaldo J. Filho posted a small patch to syslog which will log version requests for bind, helpful for noticing probes for the latest bind vulnerabilities. EventsUpcoming security events.
For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net. Section Editor: Liz Coolbaugh |
February 8, 2001
LWN Resources | |||||||||||||||||||||||||||||
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Kernel page. |
Kernel developmentThe current kernel release is still 2.4.1. The two usual prepatch tracks are in full swing. On the Linus side, there is 2.4.2pre1, released just after LinuxWorld. It contains a small set of fixes, and doesn't yet deal with the known 2.4.2 problems (see below). Alan Cox, instead, has released 2.4.1ac5, which contains a much larger set of fixes. On the 2.2 kernel front Alan has released 2.2.19pre8. There are still, apparently, a few things yet to go into this patch, so the real 2.2.19 release is not yet imminent. Some difficulties with 2.4.1. While many (most) users are running 2.4.1 without trouble, there are a couple of issues that have come up which are worth knowing about. They are:
Neither of these issues is all that surprising. Every major stable kernel release seems to have one denial of service bug lurking somewhere; it takes a larger testing community to flush it out. Similarly, ReiserFS is now seeing testing on a far larger scale than it ever has in the past, and a few surprises are certain to show up. This is the late stage of the free software development process in action; fixes are being made quickly, and the end result will be a more stable kernel. ReiserFS can also cause system crashes, but this is not a ReiserFS bug. It seems that some people are building the 2.4.x kernel with Red Hat's "gcc-2.96" compiler that was shipped with Red Hat 7. That compiler has some, um, issues, and it miscompiles some of the ReiserFS code. If you're running a late Red Hat system, be sure to build your kernels with "kgcc," or at least get the latest, patched gcc from Red Hat (which is said to work much better). The great kiobuf debate. Recently, a fairly fierce debate has been filling up mailboxes on the linux-kernel and kiobuf-io-devel mailing lists. It all has to do with the kiobuf data structure, which was, until recently, seen as a generally good addition to the kernel in the 2.3 series. The kiobuf structure was added, initially, to support raw disk I/O; kiobufs and their supporting routines make it easy for kernel code to move data directly between user space and a device, without an intervening copy into kernel space, and without having to worry about the ugly details of memory management. Their use has slowly grown; in the 2.4.1 kernel kiobufs can be found in the generic SCSI (sg) driver and in the logical volume manager code. There is also a patch floating around that uses kiobufs to implement direct, user-to-user pipes. And SGI's XFS patch not only uses kiobufs, but modifies the block I/O subsystem to make them integral to disk I/O. One would think that kiobufs were taking over, except for the little fact that the zero-copy networking patches do not use them. Instead, a new and completely different mechanism for direct userspace access was created. In the discussion that followed, it turned out that quite a few people, including Linus, are not pleased with the kiobuf design. In a (very) simplified way, that design is as follows: a kiobuf, in the end, consists of an array of struct page structures, along with an initial offset and a total length value. By using page structures directly, the kiobuf allows the code using it to avoid dealing with the virtual memory entirely - a struct page refers directly to a physical page. The initial offset tells where, in the first page, the data starts; all the remaining pages are filled with data starting at the beginning. A kiobuf thus describes a single, contiguous area; working with multiple areas requires using a "kiovec" - an array of kiobufs - instead. The objections to this design include:
In the end, the fight seems to boil down to this: should a kiobuf include an array of offset/length pairs for each page within the buffer? With such an array, scatter/gather operations could be described with a single kiobuf, and the kiovec idea could go away. Linus, certainly, takes the position that the offset and length values should be pushed down deep in the structure in this way. Kiobuf designer Stephen Tweedie, however disagrees. Putting the length and offset at that level would make it hard to get the completion status of any individual segment and would tend to split apart large requests which should really stay together. The discussion then wandered into whether the venerable buffer head structure could be made to do what kiobufs do. A number of people seem to think that they could, especially if the block I/O API were modified to make it easy to submit large chains of them as a single operation. But no code for this use of buffer heads has, as yet, been forthcoming. This issue, clearly, goes pretty deeply into how fundamental operations are performed in the kernel. For this reason, the design issues involved seem to touch a number of nerves. It will probably be some time before a real resolution is reached; those who are programming with kiobufs, however, should be prepared to see the interface change... The first public Linux-NTFS release is out, see the announcement for details. This release makes it possible to mount NT filesystems in a writable mode under Linux. It's not yet perfect, however; when it writes to an NTFS partition it leaves a bit of damage behind. For the short term, it was evidently easier to provide a separate utility ("ntfsfix") which fixes things up afterwards. Other patches and updates released this week include:
Section Editor: Jonathan Corbet |
February 8, 2001 For other kernel news, see: Other resources: |
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Distributions page.
Lists of Distributions |
DistributionsPlease note that security updates from the various distributions are covered in the security section. New DistributionsUtuto. Ututo is a Linux distribution designed to be run directly off of a CD. It was developed in Argentina to support solar energy students and allow them to easily use a program called sceptre. Once completed, though, it became a more generally useful tool, for teaching, for disseminating information and more. Security is not a focus of this distribution; from the comments in the distributions survey they were kind enough to fill out for us, "everyone is root" and any hard drives on the system will be mounted and made available.Ututo is derived from both SuSE 6.4 and Debian 2.1. It is available for download, but not yet available for sale (though they are working to make that possible). Spanish is the main language supported, wherever possible. Astaro Security Linux. On the firewall/router front, Astaro Security Linux was added to our list this week. Note that the license for the product is marked on Freshmeat as "free for non-commercial use". We haven't had a chance to investigate that comment; obviously any changes they make to GPL'd software must be made available, since they are distributing them, but they may also be including software developed in-house that is more heavily restricted. Astaro ships with "a specially-hardened Linux 2.4" kernel. Version 1.741 was released last week to include updates to bind 8.2.3. Relax Linux. Relax Linux just announced version 2.5, so we presume they've been around a while, even if we haven't heard of them until their recent posting to Freshmeat. Relax Linux is a small disk Linux distribution (less than 350MB) that can be booted via the loopback device (presumably off a Windows partition) or installed in an ext2 partition. It is aimed at the desktop user. Distribution ReviewsSuSE Professional 7.0 (DukeOfUrl). The DukeOfUrl reviews SuSE Professional 7.0. "SuSE has another distinguishing feature that I wish more distributions would model, and that is their documentation. It rivals many of the third-party manuals Linux users often feel compelled to buy. With SuSE Professional you get four manuals, not one, not one plus a quick start guide, but four full-fledged paperbacks, well, almost." General-Purpose DistributionsASPLinux News. ASPLinux is a "100% Red Hat-compatible" distribution out of Singapore. We've mentioned their distribution plans a couple of times in the past year, including this coverage last September. This week, they announced the pre-production release of their distribution. They are making boxed sets available to people in exchange for feedback and comments. Conectiva News. The folks at Conectiva are looking for mirror sites for the stable and snapshot releases of their distribution. Requirements: between 2.5GB and 10GB of space, depending on how much you are willing to mirror. Debian News. This week's Kernel Cousin Debian has a full report on a range of good discussions that have come up on the Debian developer list recently. Issues with the way in which package maintainers have been using debconf lead the list -- there is concern that Debian is building packages that stomp on manual changes to package files, an example seen in other distributions that Debian does not wish to follow. Other discussions have been heard before and will be again, such as, "Should Debian provide optimized binaries?" and "What about a Debian/BSD?". Not yet covered in the Kernel Cousin Debian are recent package organization changes, notably for XFree86 4. These are apparently causing compatibility problems that are keeping new packages out of testing. Package maintainers should review the suggestions for handling these problems. A few weeks ago, a list of 68 packages that would be removed from Debian if new maintainers did not step forward was posted. This week, the results are in and only five packages will removed. The rest have been adopted by new maintainers, which is very good to hear. For the curious, archie, fvwmconf, gambc, ocamltk and rel are the packages that are being removed from Debian. Meanwhile, there is also progress on the new maintainers front. A new recommendation system has been put in place to try to assure that new maintainers are likely to be qualified before they enter the approval process. It is hoped that will cut down on the number of entries in the process and prevent a backlog from choking the system. Check out the latest Kernel Cousin Debian Hurd for a look at the progress in that counterpart to Debian GNU/Linux. It was interesting to catch comments from Richard Stallman about the Hurd kernel in the documentary Revolution OS, first shown last week at LinuxWorld. He indicated that the model used for the Hurd kernel was "too complicated to be quickly debugged or easily maintained" and actually called Linux "a better kernel". For more information on Revolution OS, check out our LinuxWorld coverage. Linux-Mandrake News. MandrakeSoft has announced the beta release of "Mandrake Security," a firewall and router system built with Linux-Mandrake 7.2.
LinuxPPC News. LinuxPPC has announced, in partnership with Integrated Computer Solutions, that Open Motif will be bundled with its distribution. Slackware News. Slackware's support for the Alpha and Sparc platforms is now truly official; the Changelogs for all three platforms have now been made available. Large file support is going into the Intel and Sparc platforms. Meanwhile, the rate of general package updates has started to escalate for all three platforms.
SuSE News. The magazine GermanHot100 has named (in German) SuSE as its February 'Startup of the month'. The article gives an overview of the company and its near-term plans. An English translation is available via Babelfish. SuSE has announced its entry into the Linux portal business with the "Linux Knowledge Portal." It includes technical tips, news site headlines, and a lot of other stuff, including some original news items. For example, there is an interview with Linus Torvalds where he is asked to predict what will happen in 2001: "'AntiTrust' the movie will be a big hit, and as a result Miguel de Icaza will move to Hollywood to start a career as an actor. However, he hits on some bad times, and ends up being featured only in a few B-class porno flicks." Embedded DistributionsDetails emerge on Transmeta's "Mobile Linux" (LinuxDevices). LinuxDevices.com is carrying an article by Henry Kingman, senior producer of ZDNet's Linux Resource Center. "Buried in one of the technical sessions in the basement at Linuxworld came a low-key pre-announcement of the first public availability of "Mobile Linux," a quasi-distribution and embedded Linux development toolkit that Linus Torvalds and other Transmeta employees have been working on for several years. "It's very close," according to Dan Quinlan, a Linux developer at Transmeta." Section Editor: Liz Coolbaugh |
February 8, 2001
Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.
|
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Development page. |
Development projectsNews and EditorialsO'Reilly.com has started a new site called ONLamp.com. The term LAMP is defined as Linux Apache, MySQL, and [Python,Perl,PHP]. "Several months ago, David Axmark and Monty Widenius of the MySQL team visited us in Sebastopol and they dropped a new term in our laps: LAMP. This term was popular in Germany, they said, to define how MySQL was used in conjunction with Linux, Apache, and either Perl, Python, or PHP. Their explanation of LAMP made a lightbulb go off in my head."The LAMP concept illustrates one of the great strengths of open-source software development, the ability to freely pull together component projects into bigger meta-projects. One can certainly do the same thing with proprietary software, but the potential for licensing pitfalls is enormous, especially when more than two components are used. The area of meta-projects is ripe with opportunities, many interesting projects await those programmers who are clever enough to pull the pieces together. BrowsersMozilla Status Update for January 31, 2001. The latest Mozilla Status Report is available with the development status of various Mozilla components. DocumentationLinux Documentation Project update. Here's an update from the Linux Documentation Project It covers new HOWTOs, spam trouble on the LDP mailing lists, and the open project list. ElectronicsIcarus Verilog 0.4 released. Version 0.4 of the Icarus Verilog compiler has been released. This version contains many bug fixes and improved Verilog language coverage. Xcircuit 2.2.1 beta. A new beta version of xcircuit, an electronic schematic drawing program, has been announced. This version now uses Python for processing startup files. Embedded SystemsEmbedded Linux Newsletter for Feb. 1, 2001. LinuxDevices has released its weekly Embedded Newsletter. This week's issue has features on running Qt on the Compaq iPAQ, the MachZ System on a chip, and much more. InteroperabilityWine Weekly News for February 5, 2001. The February 5, 2001 edition of the Wine Weekly News is available. This issue only contains the wine-devel discussions since the Wine project leader was at the Paris LinuxExpo. Network ManagementOpenNMS Update. The OpenNMS Update for February 6 is out. Topics include the introduction of a new project member, SNMP Data Collection, and more. Office ApplicationsAbiWord Weekly News. After taking a bit of a break, the AbiWord Weekly News is back. Have a look for the latest news in the development of the AbiWord word processing system. On the DesktopBonobo 0.32 released. Bonobo 0.32, the 'Slicker quicker monkey' release, has been announced, Lots of bug fixes are included. Multihead Support for KDE 2.1. Bradley T Hughes has announced a patch for KDE 2.1 that adds support for multiple displays. On a Kollision Kourse (LinuxToday). LinuxToday's Bill Bennett takes a look at KDE 2.1. "It was only at the end of October when I wrote about the launch of KDE 2.0. This was a major step forward for desktop Linux - quite possibly THE major step forward for desktop Linux. With a graphical desktop, fully integrated Internet capability and an unfinished, but nevertheless promising application suite, KDE 2.0 meant Linux users could have most of the functionality of Windows and Office 2000 combined, but at no cost and with full access to source code." Qt 2.2.4 Is Out. Trolltech released Qt 2.2.4. This is a bug fix release. Web-site DevelopmentZODB/ZEO Programming Guide (alpha). Andrew Kuchling has announced the alpha release of his ZODB (Zope Object Database) programming guide. It's well done, and gives a good view of how the ZODB and ZEO (Zope Enterprise Objects - the network-distributed objects system) work. Worth a look even if you never plan to program with it. Midgard 1.4.1-beta1 released. The first beta of Midgard 1.4.1 has been released. This release of the "Midgard Content Management and Application Serving system" includes PHP4 support, enhanced replication support, and more. Mason 1.0 released. Version 1.0 of Mason has been released. "Mason is a powerful Perl-based web site development and delivery engine. With Mason you can embed Perl code in your HTML and construct pages from shared, reusable components." The Perl Journal also published a review of Mason. Section Editor: Forrest Cook |
February 8, 2001
|
|
|
Programming LanguagesWhich language is right for you? (Regular Expressions). Regular Expressions has featured an article that compares various scripting languages. Perl, Python, REBOL, Ruby, and Tcl are compared. "You can largely expect to be able to do the same things with Perl, PHP, Python, Rexx, Scheme, Tcl, and other such languages: script dynamic Webpages, build administrative utilities, prototype graphical user interface applications, glue together legacy data and processes, and so on. " JavaJacks: Java compatibility testing, the open source way (IBM developerWorks). Maya Stodte writes about the use of Jacks an open-source regression testing suite. "The Jacks test suite checks a Java compiler's conformance to the JLS (Java Language Specification). It's made up of a large number of small test cases, with each test focused on a specific section of the JLS. Eric Blake, a principal contributor to the Jacks project, describes the benefits of this type of testing in terms of its detail-oriented scope. 'By generating small test cases with specified compilation behavior, then automating the execution of each of these cases, a compiler writer or debugger can quickly pinpoint problems in the translation of Java source to bytecodes.'" (Thanks to Mo DeJong) Markup LanguagesQuick Start with SOAP (Perl.com). Paul Kulchenko discusses SOAP clients and servers in an article on perl.com. "SOAP specifies a standard way to encode parameters and return values in XML, and standard ways to pass them over some common network protocols like HTTP (web) and SMTP (email). This article, however, is merely intended as a quick guide to writing SOAP servers and clients. " xml-i18n-tools released. The XML internationalization team has released the initial version of xml-i18n-tools. "The module contains some utility scripts and assorted auto* magic for internationalizing various kinds of XML files. This supersedes the earlier scripts that I (Kenneth) distributed to be checked into each module. In addition, it has an additional merging feature, currently only for oaf files." PerlPerl5 Porters for February 6, 2001 . The February 6, 2001 edition of Perl5 Porters is out. Topics include the Perl 5.6.1 release schedule, Test::Harness, CHECK blocks, and more. PythonPython 2.1 alpha 2 released. The second alpha release of Python 2.1 is out. Check out the announcement for a full list of changes and new features. There is also a separate documentation release that covers this alpha release of Python 2.1. The Tkinter 3000 Widget Construction Kit. An alpha version of the Tkinter 3000 Widget Construction Kit is now available. "The Tkinter 3000 Widget Construction Kit library (WCK) provides an extension API that allows you to implement all sorts of custom widgets, in pure Python. The WCK is designed to work with the existing Tkinter library, as well as the new Tkinter 3000 bindings." PyUnit 1.3 released. Version 1.3 of PyUnit has been released. PyUnit is a Python port of the Java JUnit testing framework. Mod Snake 0.5.0 released. Version 0.5.0 of Mod Snake has been released. "Mod Snake is an Apache module written for the purpose to give Python developers the same power that C module writers have. It currently runs in both Apache 1.3 and Apache 2.0, providing access to new functionality such as writing protocol modules and filtering. It includes modules for Python CGI acceleration, embedded Python in HTML, and other example modules." Along those lines, Auth DBAPI 0.10, an authentication plug-in for mod_snake has also been announced. This week's Python-URL. Here is Dr. Dobb's Python-URL for February 6 with the latest from the Python community. RubyRuby talk, CAML consortium. For those of you who are tired of languages that start with "P": Dave Thomas has made available the slides from his presentation on Ruby which give an overview of the language. Daringly, he presented this talk to the Dallas Perl Mongers meeting, and "no fruit was thrown." On the Caml front, we have an announcement for the creation of the Caml Consortium, "whose aim is to federate the design and development efforts around the Caml programming language." Scroll down for the English version of the announcement (Thanks to David Mentrè). Tcl/TkThis week's Tcl-URL. Dr. Dobb's Tcl-URL for February 5 is out with the latest from the Tcl/Tk development community. Software Development ToolsDDD 3.3 Released. Version 3.3 of DDD, the Data Display Debugger, is now available. New to this version are data themes, debugger interaction on running programs, support for JDB 1.2, and bug fixes. XPCOM Part 1: An introduction to XPCOM (IBM developerWorks). Rick Parrish writes about the Mozilla component framework, XPCOM, in an IBM developerWorks article. "What's XPCOM, you ask? XPCOM, which stands for Cross Platform Component Object Model, is a framework for writing cross-platform, modular software. As an application, XPCOM uses a set of core XPCOM libraries to selectively load and manipulate XPCOM components. XPCOM components can be written in C, C++, and JavaScript, and they can be used from C, C++, and JavaScript with extensions for Perl and Python that are under development. Section Editor: Forrest Cook |
Language Links Caml Caml Hump Tiny COBOL Erlang g95 Fortran Gnu Compiler Collection (GCC) Gnu Compiler for the Java Language (GCJ) Guile Haskell IBM Java Zone Jython Free the X3J Thirteen (Lisp) Use Perl O'Reilly's perl.com Dr. Dobbs' Perl PHP PHP Weekly Summary Daily Python-URL Python.org Python.faqts Python Eggs Ruby Ruby Garden MIT Scheme Schemers Squeak Smalltalk Why Smalltalk Tcl Developer Xchange Tcl-tk.net O'Reilly's XML.com Regular Expressions |
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Commerce page. |
Linux and BusinessLinuxWorld wrap-up. LinuxWorld blew in on a blizzard of press releases and went leaving a mound of them left to plow through. Many were covered in last week's LWN on both the front page and on the commerce page. Of the remaining mound, most have been sorted into various categories in the Press Release section below. And here are the Award Winners for this year's LinuxWorld Conference & Expo:
Lineo acquires Embedded Power Corporation. Lineo has announced the acquisition of Embedded Power Corporation, a company which deals in real-time operating systems for digital signal processors. LynuxWorks launches SynergyWorks, gets Bluetooth stack. LynuxWorks has announced the launch of SynergyWorks, its third-party partners program. The company has also announced that Rappore Technologies has ported its Bluetooth wireless networking implementation to BlueCat Linux. Ximian GNOME to be HP standard desktop. HP has announced that it will adapt Ximian (formerly Helix Code) GNOME as its standard HP-UX desktop for the next major release after HP-UX-11i. Ximian will be helping out by porting the whole system to HP-UX on both the PA-RISC and IA-64 architectures. Intel's PR on Will Swope's keynote. Intel has issued a press release on the LinuxWorld keynote given by V.P. Will Swope. "Swope outlined a series of steps that are necessary to move Linux into the mid-tier of data centers, including the establishment of industry-wide development projects that will ultimately enhance the OS with enterprise features. He cited the project to enhance the Linux OS to support 16 64-bit processors with near-linear performance improvement as one such project." The release also announces the "Intel Advanced Network Services" for Linux - a load-balancing and failover system; they claim it's the first such program for Linux, which is pretty clearly not true. See, for example, the Linux Virtual Server Project, which is hardly new. Brian Paul wins the Free Software Foundation Award. Here's the announcement that Brian Paul was awarded the Free Software Foundation Award for his work with the Mesa 3D graphics library. Announcing the 'Whizzbee' web server. We just received an announcement for a new, proprietary web server called "Whizzbee." It is built on top of Apache, and is intended to operate in clustered environments. The web page claims that Whizzbee is "free software," but a quick look at the license agreement makes it clear that they are speaking in the "free beer" sense only. The Apache license, of course, allows the release of proprietary derived products. January Netcraft web server survey. The January Netcraft web server survey is out. Apache has dropped a little, to "only" 59% of the servers on the net. More significant, however, is the constant increase of Microsoft servers handling sites that do SSL encryption. Some serious thought into why Apache is not dominant in that arena would be worth the effort; SSL servers are an important component of World Domination. (Thanks to Mike Prettejohn). Linux Stock Index for February 02 to February 06, 2001:
LSI at closing on February 02, 2001 ... 41.03
The high for the week was 41.68
Press Releases:Open Source ProductsUnless specified, license is unverified.
Proprietary Products for Linux
Products and Services Using Linux
Products with Linux Versions
Java Products
Books and Training
Partnerships
Financial Results
Personnel
Linux At Work
Other
Section Editor: Rebecca Sobol. |
February 8, 2001
|
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Linux in the news page. |
Linux in the newsRecommended ReadingHunting the wild hacker (Salon). Salon's Andrew Leonard looks at the "hacker ethic". "One reason free software is able to flourish is that most hackers are able to earn their livelihood relatively easily, with enough leisure time to hack for the public good. The hours that they do spend working for the Man are well enough compensated to allow them to construct the rest of their lives in whatever fashion they might desire. A McDonald's cashier or a taxi driver is not so lucky. Free software is built on the reality that programmers are an elite class of worker, both indispensable and relatively rare. The hacker ethic, then, is a luxury." XUL: Microsoft's worst nightmare? (ZDNet). ZDNet has posted a lengthy look at what's going on at MozDev.org. "But with browser development in general reaching an advanced stage of maturity and attention turning to Web-based applications, the success of MozDev projects and the acceptance of XUL as the basis for such applications could have the potential to make Mozilla's technologies newly relevant." Worth a look. Momentum builds for open-source processors (EETimes). Open-source processors are the semiconductor equivalent of open-source software movements like Linux, according to this article in EETimes. "A handful of commercial efforts are experimenting with open-source CPU cores. Contract-manufacturing giant Flextronics, for example, is laying plans to tap into open-source hardware for its ASICs. And both Metaflow Technologies Inc. (La Jolla, Calif.) and IROC Technologies SA (Grenoble, France) are building products using the Leon-1, a Sparc-like open-source processor developed at the European Space Agency's Technology Center." (Thanks to Richard Storey) Linux Comes to the Big Screen (Wired). Wired News reports on Revolution O.S., a new film about the rise of free software. "In an attempt to reflect the complicated culture he captured in his project, [producer J.T.S.] Moore bills Revolution O.S. as an 'epic movie,' and said that his one regret was that he didn't have enough money to hire Charlton Heston to narrate the film." LinuxWorld ExpoAround the World of Linux (Wired). Wired News reports from LinuxWorld. "Last year, some Linux-oriented journalists grumbled over the Windows-only computers in the media room. This year, some members of the mainstream press looked puzzled, but determined to be good sports when confronted with machines running Linux." Also in Wired is this report on the Golden Penguin Bowl. "Torvalds, happily displaying his huge Golden Penguin trophy after the contest was over, said that he wasn't really pleased with his performance, and that it was obvious he should watch more 'bad science fiction movies,' something he'd been unable to do during the last hectic months of coding Linux kernel 2.4." LinuxWorld Expo: Desktop Dreams (ABCNews.com). ABC News has gone to LinuxWorld and reported on desktop Linux. "But Dell's situation shows another major problem. With more than 90 percent of the desktop market occupied by Windows, you'd think Linux-leaning companies would approach offices who wanted to convert from Windows to Linux. But like most of the big players, Dell has profitable business deals with Microsoft." 188 Linux Distributions ... And Counting (TechWeb). TechWeb covers LWN editor Liz Coolbaugh's LinuxWorld talk on Linux distributions. "The leading offerings include Red Hat, SuSE, TurboLinux, Caldera, Debian GNU/Linux, Slackware, and Mandrake. Of the 188 offerings, 28 are derived from Red Hat Linux, the most common Linux distribution, Coolbaugh said." Microsoft takes a page from Linux playbook (News.com). News.com talks with Microsoft's Doug Miller at LinuxWorld about how the company is making the Windows source available to "less than 100" of its customers. "Microsoft is not going so far as to allow its customers to tamper with the Windows source, Miller emphasized. By contrast, software that is licensed under the terms of the GNU General Public License may be altered by developers, as long as they agree to publish any changes before publicly distributing the modified source code. 'We don't want to be in the situation that Linux is in, where there are more than 140 different distributions, leading to serious fragmentation,' Miller said." Big Blue eclipsed at LinuxExpo (Register). IBM is not taking over Linux, according to this article in the Register. "We're not sure if IDG has eased the gate pressure, or simply made the floor tax more equitable; but expansive stands from the likes of Zelerate, Blue Cat, Zimian easily outnumbered the traditional corporate big spenders." (Thanks to Richard Storey). IBM exec says Linux is ready (Upside). Upside, too, has reported on Sam Palmisano's LinuxWorld keynote. "IBM may not have backed Linux from day one, Palmisano acknowledged, but after experiencing a companywide turnaround in the wake of the Internet connectivity explosion in the early 1990s, IBM executives weren't about to get caught napping as another explosion rumbled under their feet." IBM Wholeheartedly Embracing Linux (InternetNews). Here's Internet.com's report from Sam Palmisano's LinuxWorld keynote. "One of the factors in Linux's ability to drive standards adoption is its global acceptance. 'It is the first operating system that wasn't developed in the U.S.,' Palmisano said. 'This thing is accepted all over the world. The value proposition is the ability to write an application without having to worry about the plumbing.'" Palmisano Touts Linux For The Real World (TechWeb). TechWeb reports on IBM President Sam Palmisano's LinuxWorld Keynote. "If people still see Linux as a niche player, Palmisano said the open source code operating system is a major presence in telecom and Internet applications as well. 'That's probably 40 percent of our industry and 40 percent of a $1 trillion industry -- that's a niche,' he said. 'that's big enough for IBM to play in, and we need a big sandbox.'" CompaniesSuSE: Startup of the Month (GermanHot100). The magazine GermanHot100 has named (in German) SuSE as its February 'Startup of the month'. The article gives an overview of the company and its near-term plans. An English translation is available via Babelfish. SuSE US Cans Three Quarters of Its Staff (LinuxGram). Here's a grim LinuxGram article on the SuSE layoffs. "[SuSE US President Volker] Wiegand basically said that Linux as a business isn't working out, calling it a victim of hype and irrational expectations. Customers have effectively been duped into believing that they would be getting something for nothing when, in fact, they would just be paying for it differently." Lineo adds Embedded Power to its acquisition portfolio (LinuxDevices). LinuxDevices.com looks at Lineo's acquisition of Embedded Power. "Tom Barrett, CEO and cofounder of Embedded Power, says Lineo's primary objective in acquiring his company was for the addition of DSP software support. However, RTXC also represents a full spectrum "hard real-time" OS for microprocessors -- one that supports over twenty-five 8-bit through 32-bit microprocessors. "Our core competency is operating system environments for hard real time systems -- fast and small," points out Barrett." Caldera deal provides ammunition against Red Hat (News.com). News.com talks with Ransom Love about Caldera's service deal with Acrylis and various other topics. "One difference between the services from Caldera Systems and Red Hat is that Caldera's is designed to be offered as a re-branded product sold by companies that resell Caldera or Santa Cruz Operations software. In other words, Caldera won't be the only one that hopes to profit from the management services." BusinessEnterprise Linux: Where's the beef? (ZDNet). Here's a ZDNet article wondering where the high-profile enterprise Linux deployments are. "If General Motors, Bank of America and Citicorp are making big bets on Linux, they aren't telling a soul outside their corporate borders. Not that such information would naturally be there, but searching 'Linux' on all three sites yielded zero results. You'd think there would be some mention of it." Making a Profit From Free Software (ABCNews.com). Here's a LinuxWorld-inspired article on making money with free software. "Linux software companies think they can master making a profit by selling applications built from free, open-source parts. Three of the most prominent, Eazel, Sun and Corel, have different strategies: one is going with support and services, one is using free software to drive purchases of costly hardware, and the third says, hey, time to pay for your application software." ReviewsNSA attempting to design crack-proof computer (ZDNet). ZDNet looks at how VMWare and the National Security Agency have teamed up to make a more secure PC. "Called "NetTop," VMware's answer would turn each computer into a number of virtual PCs running on a Linux computer that would sit on each worker's desk. The security system would erect supposedly impenetrable, but virtual, walls between public data and more sensitive information on the same computer. " (Thanks to Richard Storey) SuSE Professional 7.0 (DukeOfUrl). The DukeOfUrl reviews SuSE Professional 7.0. "SuSE has another distinguishing feature that I wish more distributions would model, and that is their documentation. It rivals many of the third-party manuals Linux users often feel compelled to buy. With SuSE Professional you get four manuals, not one, not one plus a quick start guide, but four full-fledged paperbacks, well, almost." InterviewsTorvalds on Linux: They aren't laughing now (SearchEnterprise Linux). A site called "SearchEnterpriseLinux" has put up an interview with Linus Torvalds. "I think the desktop is king. It's the harder market to enter, but it's the one that tends to encircle and overtake the business use. Just look at how business people laughed at PC's and DOS 15 years ago. They aren't laughing now. And the desktop is actually how Linux got started - my desktop." Eric Raymond: Market slump means great things for Linux (ZDNet). ZDNet talks with Eric Raymond about Linux stock prices. "'(Open source) looks like a better proposition than ever,' Raymond told ZDNet News at the LinuxWorld show in New York. 'Companies need to save money, so they need to stop writing checks for expensive proprietary software.'" Talking to Red Hat's David Mason about GNOME (LinuxPower). While at LinuxWorld Expo LinuxPower's Christian Schaller interviewed David Mason, Manager for the Red Hat Labs, about GNOME. "Christian: The first step towards getting GNOME 2.0 out the door is GTK+ 2.0 reaching its first stable release. What is the your current educated guess for a release date for GTK+ 2.0? Dave: Ha! I will not fall into that trap! Lets just say soon. Keep in mind that people at Red Hat aren't the only ones working on GTK+, we just have the co-maintainers working here. Because of that we have to make sure that people who contribute in their spare time, as well as other GNOME related companies get their patches, feature requests, and bug reports in before we release the official 2.0." Interview with Jasta (Linux in Brazil). Jasta is the mastermind behind Gnapster, the open source alternative to Napster. You can read the interview in English or in Portuguese. "Do you have a personal view on the copyrights abuse normally associated with Napster? What will the future bring to this matter? My very strong personal opinion on all of that is this: Napster helps starving artists by increasing awareness about the band/group/artist, whereas it takes money away from already overpaid trendy musicians who obviously think they deserve the money they make for their pop crap (sorry to offend anyone who likes pop, but it sucks ;)" Nat Friedman, in his own right (LinuxWorld). LinuxWorld interviews Nat Friedman of Ximian. "Finally, I asked Friedman if -- as the Ximian CEO -- he was worried about the number of open source companies floundering on the bottom line. He told me that what concerned him more than anything was that so many of the companies were 'blind to begin with.'" Red Hat CEO details Linux services push (News.com). News.com talks with Red Hat's Bob Young. "'No one cares about vision,' he said. A year ago, investors 'valued us where we would be 10 years from now. Now the stock market values us at where we'll be in the next year or two.'" Code + Law: An Interview with Lawrence Lessig (O'Reilly Net). The O'Reilly Network interviews Lawrence Lessig. "I certainly think that this is linked in the sense that the Americans have been selling this view around the world: that progress comes from perfect protection of intellectual property. Notwithstanding the fact that the most innovative and progressive space we've seen - the Internet - has been the place where intellectual property has been least respected. You know, facts don't get in the way of this ideology." MiscellaneousFrom FUD to trash talk (ZDNet). Evan Leibovitch looks at the evolution of anti-Linux FUD in this ZDNet column. "Such comments from Microsoft aren't FUD; they're about facets of Linux and open source that most folks consider strengths, but that Microsoft tries to paint as flaws. They'll complain that Linux companies aren't, and will never be, as big as Microsoft. Of course they neglect to tell you the flip side: the reason Linux companies won't ever be as big as Microsoft is because they drain less money from their customers." Section Editor: Forrest Cook |
February 8, 2001 |
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Announcements page. |
AnnouncementsResourcesFreeOS how-to articles. FreeOS has a series of articles for newbies including Starters for Linux - Part 1, Starters for Linux - Part 2 and Sharing, the NFS way. Tip Of The Week: Breaking Up is Easy to Do. This week's tip from LinuxLookup is about the the "split" and "csplit" commands. Help WantedDominet Systems. Located in San Jose, California, Dominet Systems is an early stage startup developing 'Ethernet in the first mile' products. The company is looking for a professional to will help develop the systems software and Linux Kernel for its embedded Ethernet devices. The embedded space is just one more step on the path to Total World Domination! Event ReportsPictures from linux.conf.au. James Bromberger has his pictures from the recent linux.conf.au available here. Notes from Linux Expo Paris. Here are Stéfane Fermigier's notes from the first day of Linux Expo Paris. He covers talks by Dirk Hohndel, Eric Allman, Jean-Paul Smets, Henri Poole, and others. The notes are in a combination of French and English. David Faure's Impressions from Linux Expo Paris and OSDEM Bruxelles. KDE hacker David Faure attended both Linux Expo Paris and the Open Source and Free Software Developer's meeting in Brussels; he has written up his impressions in this article in KDE Dot News. "One thing about presentations: never hack KPresenter the night before a presentation :). When you realize at 2am that you don't have it working, you're in trouble." 25,000 Linux Vendors, Developers and Enthusiasts Pack LinuxWorld Conference & Expo. IDG World Expo, the organizer of LinuxWorld, announced a record-breaking number of attendees and exhibitors at this year's LinuxWorld. Python seminar. A Python seminar was held in Korea recently and was a big success; apparently around 600 people attended it in the end. Upcoming EventsSpeakers at the O'Reilly Peer-to-Peer Conference. O'Reilly & Associates announced that Dr. Andrew Chien, CTO and co-founder of San Diego-based Entropia will speak at the P2P conference. (San Francisco, Feb. 14-16, 2001.) XML DevCon Europe. Camelot Communications has an updated press release with keynote speakers and schedules and such. (London, Feb. 21-23, 2001) Linux convention in Iceland. Eric Raymond and Alan Cox have been announced as speakers for the Linux convention in Iceland, March 15th, 2001. (The site is in Icelandic.) Chairpeople needed for EIC2001. The 2nd annual Embedded Internet Conference is coming up August 14-16, 2001 in Santa Clara, California. Chairpeople are needed, so take a look at the schedule to see if you might be interested in chairing something. Events: February 8 - April 4.
Additional events can be found in the LWN Event Calendar. Event submissions should be sent to lwn@lwn.net in a plain text format. User Group NewsNorthWest Chicagoland Linux User Group. NWCLUG is having an Installfest on March 11, 2001. LUG Events: February 8 - February 22, 2001.
Additional events can be found in the LWN Event Calendar. Event submissions should be sent to lwn@lwn.net in a plain text format. |
February 8, 2001 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
Software AnnouncementsThis week's software announcements from FreshMeat II are available in an Alphabetical listing or Sorted by license. As part of the FreshMeat II site redesign, packages can now be listed in multiple categories. This will substantially change the former "by section" option as multiple packages will be listed multiple times. We hope that in the future the "by section" option, and potentially other options made possible by the new site, will be available to LWN readers.
|
Our software announcements are provided courtesy of FreshMeat
 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Linux History page. |
This week in Linux historyFour years ago: Red Hat 4.1 was released. Inaky Perez Gonzalez announced the beginning of the Linux USB project. This effort was eventually abandoned after Linus created a USB implementation of his own, but not before it had made considerable progress and influenced the ultimate shape of Linux USB support. Three years ago (February 12, 1998 LWN): Eric Raymond published a page entitled Goodbye, "free software"; hello, "open source" to promote his new term: After the Netscape announcement broke in February early 1998 I did a lot of thinking about the next phase -- the serious push to get "free software" accepted in the mainstream corporate world. And I realized we have a serious problem with "free software" itself. Specifically, we have a problem with the term "free software", itself, not the concept. I've become convinced that the term has to go.
While the term "open source" has certainly found acceptance, "free software" has refused to go. Both terms are commonly used, but supporters of "free software" are adamant in their dislike for "open source." Dave Winer, meanwhile, read The Cathedral and the Bazaar: If Kleiner-Perkins starts a Linux Fund, you'll know! If there's money, there may be software. If not, I don't believe there will. Great programmers cost a lot of money. That's pretty hard to work around. I don't think the Linux people really get that yet. To potential investors, in my opinion Linux would be a good bet, but not with the GPL assumption. It will do well if money is available, both from investors and eventually from customers.
Three years later, the "GPL assumption" is stronger than ever. Two years ago (February 11, 1999 LWN): Security bugs in pine, wu-ftpd, and ProFTPd went without updates from most Linux distributors for several days; some vendors had not updated their security pages for months. LWN called for distributors to get security updates out within 24 hours of the announcement of a vulnerability. Two years later, most of them do exactly that. (Exception: we're still waiting for a bind update from Turbolinux...) This situation has certainly improved. Dell announced that it would start selling (a few) systems with Linux installed. From an open source special in Feed: People will note that I do not use the term "open source software" that many others use. I've been using the term "free software" for many years, and I don't think that "open source software" is an improvement. Richard Stallman is nothing if not consistent. Linux-Mandrake 5.3 was released. KDE 1.1 was released, and GNOME moved (temporarily) away from its simian naming scheme with the Skillful and Conspicuous Cow release (0.99.7). One year ago (February 10, 2000 LWN: we reported on our experience at LinuxWorld: With very few exceptions, anybody who has been active in the Linux arena for any period of time is in a good position. If you have code, technology, revenue, or readership, you probably have numerous options to choose from. Almost everybody who wants to cash in is able to do so. A rising tide lifts all boats, and this one is rising in a hurry.
The tide, of course, changed a little over the last year. VA Linux Systems announced an agreement to acquire Andover.net. The deal valued Andover.Net at almost $1 billion - twice what the combined company is worth now. Any unbiased appraisal of this merger, however, will yield one difficult but inescapable truth: The camaraderie and high spirits engendered by Linus and his band of programmers will soon be replaced by the same rancor and factiousness that permeates the rest of the capitalist world. And Slashdot, which is so highly revered by its readers and those who know its mission, will soon lose its trust, reputation, and standing. The deal has dealt the much-heralded geek community and its open-source development model a terrible blow, one from which it may never recover. Atipa announced its acquisition of EST, LinuxMall announced a merger with Frank Kaspar and Associates, and Corel announced a merger with Inprise. That last one, of course, never happened... Speaking of things that never happened, the Linux Fund announced that it would soon file for an initial public offering of stock. The development kernel release was 2.3.42; the results of the (then) Trillian Project - the IA-64 port - were just being merged into 2.3.43. IBM announced that it would contribute its JFS journaling filesystem to the Linux community. The Debian new maintainer process opened up, finally. Red Hat announced the beta version of Red Hat 6.2: This is no ordinary pig! Stand back folks, he's large and live and ready to rumble. This pig is knocking back CPU loads of 99 whilst having tea and crumpets with Pooh Bear. This bad boy eats Lizards for breakfast and spits out kernel patches. Approach with caution, he could be dangerous!
| |
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Letters page. |
Letters to the editorLetters to the editor should be sent to letters@lwn.net. Preference will be given to letters which are short, to the point, and well written. If you want your email address "anti-spammed" in some way please be sure to let us know. We do not have a policy against anonymous letters, but we will be reluctant to include them. |
February 8, 2001 |
From: Mike Traffanstead <traff@roadrash.org> To: "'lwn@lwn.net'" <lwn@lwn.net> Subject: DirectTV and "Black Sunday" Date: Thu, 1 Feb 2001 14:20:11 -0600 In your article you state that DirecTV programmed the receivers to destroy themselves. This not quite the case. DirecTV programmed the access cards to go into an infinite loop, thereby denying access to ill-gotten services. The cards can easily be replaced by setting up a proper account with DirecTV and no damage is done to the actual receiver. The best analogy I can think of is if someone "acquired" an account on the lwn server and you went through and removed it. You didn't actually damage anything, you just correct something that should not have been in the first place. Mike Traffanstead (No relation to DirecTV) | ||
Date: Mon, 05 Feb 2001 22:09:03 -0700 To: lwn@lwn.net From: Maurice Hilarius <maurice@harddata.com> Subject: DirecTV war Hi Liz and friends. Like many Canadians I am a "pirate Satellite Dish" enthusiast. Why? Because it is free? not really. Because our fine government up here imposes Canadian content, so to see the programming from the US we have to go this way. Anyway, back on topic: "Black Sunday" was not that big a deal. really. Why? They managed to destroy the boot portion of the ROM code on the programming cards. Already we have new interfaces that take the programming cards, and have programmable logic on them. Now we can hack the signal even better, and we can now "firewall" our hardware from their signal feed. So, onwards up upwards, better equipped than ever. A buddy in the satellite wars builds the card wedges, and has sold or taken orders for over 8,000 in the last month already. On top of that quite a few people have abandoned the program card route entirely now, and are using pure emulators for their interface/translators. An old PC, some code and 2 serial ports, and that is it! So, as you can see, the game is not over. As a matter of fact it is just getting going.. With our best regards, Maurice W. Hilarius Telephone: 01-780-456-9771 Hard Data Ltd. FAX: 01-780-456-9772 11060 - 166 Avenue mailto:maurice@harddata.com Edmonton, AB, Canada http://www.harddata.com/ T5X 1Y3 | ||
Date: Thu, 01 Feb 2001 16:43:36 +0100 From: Laurent Szyster <l.szyster@ibm.net> To: letters@lwn.net Subject: BIND vulnerablility > Bind vulnerabilities have, in the past, been widely > exploited. It would be nice if it were different this > time. The information and the updates are all available; > the exploits do not yet exist. People who move quickly > need not worry about this problem. People who replaced BIND by djbdns don't have to worry at all about BIND's apparently infinite number or buffer overflow ;-) See: http://cr.yp.to/djbdns.html Laurent Szyster | ||
Copyright © 2001
Eklektix, Inc., all rights reserved