Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise
news for all interests
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Linux History Letters
Other LWN stuff:
Archives/search
Recent features: Here is the permanent site for this page. See also: last week's LWN.
|
Leading items and editorialsThe 2.5 kernel is coming, really, this time. Linus's 2.4.15-pre4 prepatch concluded the process of merging in the "high priority" items from Alan Cox's "ac" kernel series. Among other things, these items include the ext3 journaling filesystem (merged in -pre2). Says Linus: "I'm done with 2.4.x and ready to pass it on to Marcelo [Tosatti]" This pass has not yet occurred, but there is little sign of any problems with the 2.4.15 prepatch that would prevent it from happening. With luck, both 2.4.15 and 2.5.0 will hit the net in the near future. This long-awaited transition is, perhaps, a good time to look back at how 2.4 development has played out. This has been the longest period ever without a development kernel. Here's the history:
The final "days" figure is still growing as of this writing; it's calculated on November 15. The point, anyway, should be clear: this is, by a factor of three, the longest that Linux has ever been without a development kernel. If one counts the freeze prior to the 2.4.0 release, it is now over a year since there was any place for new kernel code to go. Of course, things have not been quite that way: quite a few bleeding edge features have found their way into the kernel in the last year. But the following facts remain:
Clearly, one thing to do would be to get a better handle on the development kernel process. Numerous people have said that the number of changes going into a development kernel should be strictly limited, and that the window for adding changes should be short. It would also help if the feature freezes were real: both the 2.1 and 2.3 kernels saw multiple "freezes," and serious changes were still going into the 2.4.0-test series just days before 2.4.0 came out. Unfortunately, when the 2.5 series starts, there is going to be a major flood of far-reaching, backed up changes trying for inclusion. Very few parts of the kernel will be left untouched. Keeping the 2.5 change list short seems like a battle that has already been lost. Despite the delays, it seems clear, in retrospect, that 2.4.0 still came out too soon. It only truly began to stabilize after 2.4.10, when the virtual memory subsystem was replaced, and it may be 2.4.18 or so before it is generally recognized as being solid. 2.4.0 should never have been released without a rock-solid VM implementation. Could it be, though, that the long freezes required to stabilize something as complex as the kernel are self-defeating? By the time the bugs and performance problems are really ironed out, the pressure to add new features and major changes is intense. Linus has not always been able to resist that pressure, and it's unlikely that any other maintainer would do better. A freeze can be sustained for a month or so; to try to keep one in place for six months or a year is asking too much. Linus has always refused to start a development kernel series until the stable kernel is truly stable. The idea, of course, is to keep the developers focused on fixing things until all the serious bugs are gone. To an extent, that approach certainly works; it's also true, however, that many developers go off making bigger changes anyway, and that some of them get into the "frozen" kernel. Maybe it is time for the kernel development process to take a cue from the Debian Project. Debian development does not stop when a release is frozen; the development and stabilization processes go on in parallel. Debian is no faster than the kernel at producing new major releases, but those releases, when the finally come, tend to be solid. The continued presence of an unstable release relieves the temptation to throw inappropriate things into the frozen version. When the time comes to impose a freeze for 2.6 (or 3.0?), the kernel developers may want to give some thought to firing off a 2.7 (or 3.1) shortly thereafter. Rather than pulling developers away from the task of stabilizing the production kernel, a parallel process could help keep them from destabilizing it. IBM goes into the prebuilt clusters business. IBM has sent out an announcement regarding its new line of "eCluster" servers. IBM has been selling Linux-based clusters for some time, of course; what's different here is that the cluster comes as a single, off-the-shelf package. It's not a cheap package, though: an eight-node "eServer Cluster 1600" will set you back $85,000. The clusters are made up of eServer x330 and x342 servers - thin, rack-mount boxes with Intel processors. The operating system is Red Hat Linux 7.1. In addition, IBM has ensured that a number of commercial applications are available for its clusters, including high-availability packages, WebSphere, DB2, workload management tools, and transaction processing utilities. There is also a set of bundled cluster management utilities, brought over from the Unix world. The Linux cluster industry has long shown great promise; how else can anybody get such computing power for so little money? It has been slow to grow up, however. Linux appeals to "do it yourself" types, but even the most independent users can balk at receiving a pallet full of boxes and cables, marked "some assembly required." As the products, management utilities, and applications mature, it is to be expected that cluster adoption will grow tremendously. Next week's LWN.net Weekly Edition will be published on November 21 - one day early - so that we can get it out of the way and go off to enjoy the (U.S.) Thanksgiving holiday. Inside this LWN.net weekly edition:
This Week's LWN was brought to you by:
|
November 15, 2001
| ||||||||||||||||||||||||||||||||||
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Security page. |
SecurityNews and EditorialsA new PhpNuke at last. Back in September, a severe vulnerability was reported in PhpNuke; with a carefully-formed URL, arbitrary files could be uploaded to the server. Fixes were available, but the PhpNuke project itself was entirely silent on the matter for over a month. Not exactly what one wants to see when faced with a complete, well-documented, remote vulnerability.Finally, however, the project has responded; a look at the PhpNuke downloads page shows that version 5.3 was released on November 7. This release includes, of course, the relevant security fixes. Any PhpNuke sites out there that have not already applied the unofficial fix will certainly want to upgrade now. Bug secrecy vs. full disclosure (ZDNet). ZDNet is running a lengthy piece by Bruce Schneier responding to Microsoft's attempts to silence those who disclose security vulnerabilities. "What we've learned during the past eight or so years is that full disclosure helps much more than it hurts. Since full disclosure has become the norm, the computer industry has transformed itself from a group of companies that ignores security and belittles vulnerabilities into one that fixes vulnerabilities as quickly as possible. A few companies are even going further, and taking security seriously enough to attempt to build quality software from the beginning: to fix vulnerabilities before the product is released." Security ReportsRed Hat security update to lpr. Red Hat has updated lpr to fix a remotely exploitable hole in that package. If you have lpr running on your (6.x only) systems, this one is almost certainly worth applying.Horde IMP 2.2.7 security release. If you're running the Horde IMP mail system, do have a look at the IMP 2.2.7 release, which contains a fix for a nasty session hijacking vulnerability. No distributor updates have been as of this writing.Red Hat updates iptables. Red Hat has issued an iptables update fixing a (Red Hat specific) problem wherein the firewall rules could fail to be set up at boot time. UpdatesConfiguration file vulnerability in ht://Dig. The ht://Dig search engine contains a vulnerability which allows a remote user to specify an alternate configuration file. If that user is able to place a suitable file in a location where ht://Dig can read it, the system may be compromised. See the original report from the ht://Dig project for details. This vulnerability first appeared in the October 11 LWN security page.This week's updates: Previous updates:
This week's updates:
Previous updates:
Webalizer tag vulnerability. The "webalizer" logfile analysis program has a vulnerability which can allow an attacker to place arbitrary HTML tags into the reports. When the reports are viewed, these tags can be used toward unpleasant ends, including cross-site scripting attacks. A fix is available which closes the vulnerability. (First reported in the November 8, 2001 LWN security page). This week's updates: Previous updates Remotely exploitable buffer overflow in w3m. w3m is a text-based browser similar to Lynx. A buffer overflow in w3m can be triggered when a base-64 encoded string longer than 32 characters is found in a MIME header field. Source code patches to fix the problem were posted to the w3m developers' list. (First LWN report: June 28, 2001). This week's updates: Previous updates:
Debian security update to ssh-nonfree. The Debian Project has released a security update to its non-free ssh package fixing the remotely exploitable vulnerability there. This vulnerability has long been fixed in OpenSSH, but it remains in the non-free version. The real recommendation is to switch to OpenSSH; however, there is a new non-free ssh package available for those not wanting to make that change. ResourcesBastille-Linux 1.3.0-pre1 is available from the Bastille-Linux web site. This version is oriented toward the hardening of Red Hat Linux 7.2. It is a testing prerelease, so the usual cautions apply.vsftpd 1.0.0 released. Chris Evans has announced the 1.0.0 release of his "very secure FTP daemon." It may be version 1.0, but vsftp already has a track record: apparently Red Hat used it to handle the load (15,000 concurrent users) when 7.2 was released. Chris is contemplating a very secure ssh server as his next project. ssh exploit analysis. A detailed analysis of the ssh crc32 compensation attack detector exploit has been posted by David A. Dittrich. Those interested in the low-level mechanics of how this (old) exploit was managed should have a look. Brute force web application session ID exploits are the subject of this paper published by iDEFENSE labs. LinuxSecurity.com's newsletters, Linux Advisory Watch and Linux Security Week, for this week are available. EventsUpcoming Security Events.
For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net. Section Editor: Jonathan Corbet |
November 15, 2001
LWN Resources | |||||||||||||||||||||||||||
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Kernel page. |
Kernel developmentThe current kernel release is still 2.4.14. Linus's prepatches are up to 2.4.15-pre4. For the most part, this prepatch consists of a fairly restricted set of patches and updates, along with a fairly complete merge from the "ac" kernel series. There were, however, a couple of surprises:
There are no "ac" patches for now; Alan has been working on merging his stuff into 2.4.15 instead. Coding style in the kernel. Code style is one of those issues that programmers can argue over indefinitely. So, in a sense, it's surprising that the Linux kernel list sees very few discussions on this matter. Most of the time, kernel hackers are more concerned about the quality of the code, rather than what it looks like. Thus, a look through the kernel source will turn up a number of different ways of formatting code - especially in peripheral pieces like drivers. There is an official coding style for the kernel, though, as set down (in typical Linus style) in the CodingStyle document found in the source tarball. It's introduced in this way: This is a short document describing the preferred coding style for the linux kernel. Coding style is very personal, and I won't _force_ my views on anybody, but this is what goes for anything that I have to be able to maintain, and I'd prefer it for most other things too. Please at least consider the points made here.
If you want to start a debate on a subject, however, all that seems to be necessary is to involve perennial target Richard Gooch. A number of developers have gone after him for not following the Linus-blessed coding style. The argument, essentially, is that, since Richard's code is part of the core kernel, it should adhere more closely to the coding standards. Numerous other developers need to look at this code, they say, and they have a harder time of it as a result of the different style. Richard's response is that it's his code, and, as long as he's maintaining it, he should be able to use a style that allows him to work efficiently: And the coding style used elsewhere in the kernel is revolting to me. More importantly, it's harder for me to parse than my own style. I shouldn't have to constantly stumble over an appalling coding style in my own code!
Some kernel hackers could get away with this approach, but Richard is running into resistance. One person even submitted a patch reformatting one of Richard's subsystems into the standard style. Linus didn't accept it - among other things, he doesn't want to be doing that sort of tweaking at this particular point in the stable kernel series. If a certain subset of hackers has its way, however, coding standards will be more of a concern with future changes to the kernel. Most large projects do have such standards, and maybe it's time for the kernel to follow suit. It would be a change in the kernel development environment, which has always prized the independence of its hackers, however. Are loadable modules free? The question was raised: what sort of speed difference is seen when using loadable modules instead of hard-linked code? The immediate response from some was "almost nothing," but further consideration has shown that not to be true. There are, in fact, a number of costs associated with loadable modules. The biggest, perhaps, relates to how loadable modules are placed in kernel memory. The code for a module needs to live in a contiguous address space. The kernel sets up that address space with a function called vmalloc, which allocates memory with virtual addresses. In other words, a loadable module is in an address space that is visible to the kernel, but which is separate from where the core kernel code goes. This difference is important. The core kernel address space is a direct map of physical memory; it can be handled very efficiently in the processor's page table. Indeed, on some processors, a single page table entry covers the entire kernel. Space obtained from vmalloc, instead, uses one page table entry per memory page. A greater number of page table entries means more lookups, and more translation buffer misses. One estimate is that the slowdown can be as much as 5%. Given this problem, why not load modules into the regular kernel memory space? Module code requires a contiguous address space. Since the standard kernel space is a direct map of physical memory, contiguous address spaces must also be contiguous in physical memory. Once the system has been running for a while, finding even two physically contiguous pages can be a challenge; finding enough to load a large module can be almost impossible. Nonetheless, it turns out that Andrea Arcangeli's kernel patches include a feature where the kernel will attempt to find a contiguous space for an incoming module. If that attempt fails, the kernel falls back to the older vmalloc approach. This change, it is said, makes a measurable difference with some benchmarks. Some architectures (i.e. PowerPC) also have problems going between kernel and module code. There can be a substantial amount of setup work required every time that transition happens. Modules also seem to have endemic problems with race conditions - it is possible, for example, for the kernel to attempt to access a newly-loaded module before it is fully initialized. Modules can also, in some situations, be removed while still in use. Such occurrences are obviously quite rare, but they can be catastrophic when they happen. The race conditions can be fixed with enough work, but that may require changing some fundamental kernel interfaces. In general, dealing with loadable modules is not an easy task; as one kernel hacker told us in a private message: "Doing live surgery on the kernel is never going to be pretty." Warning about GPLONLY symbols. A little while back, the ability to reserve kernel symbols for GPL-licensed modules only was implemented. An attempt to load a non-GPL module yields an "unresolved symbols" complaint, along with the message: "Note: modules without a GPL compatible license cannot use GPLONLY_ symbols." This message has, apparently, created a certain amount of user confusion, so the next version of modutils will, instead, say something like: Hint: You are trying to load a module without a GPL compatible license and it has unresolved symbols. The module may be trying to access GPLONLY symbols but the problem is more likely to be a coding or user error. Contact the module supplier for assistance. This seems like a step in the right direction, but it raises an obvious question: why not simply distinguish between the two different errors and tell the user exactly what's going on? There is no real reason to tell users about GPL-only symbols if the module in question is not trying to use any of them. The answer is that it's just too much trouble, for now. The modutils symbol code is getting messy; it will be fixed in 2.5, but, for now, the above message is the best that can be done. Besides, says modutils maintainer Keith Owens, "Since it only affects BOMs [binary-only modules], I don't really care that much about precise error messages." Other patches and updates released this week include:
Section Editor: Jonathan Corbet |
November 15, 2001 For other kernel news, see: Other resources: |
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Distributions page. Note: The list of Linux distributions has moved to its own page.
|
DistributionsPlease note that security updates from the various distributions are covered in the security section. News and EditorialsRanking distributions (DistroWatch). Last week we looked at the popularity of distributions, based on statistics compiled at Linux Counter. The top five distributions were Red Hat, Debian, Mandrake, Slackware, and SuSE; in that order. Since then DistroWatch has come up with another method of ranking the distributions; based on the number of page hits each individual distribution gets on their site. They list forty distributions in order, by number of page hits. Their top five: Red Hat, Mandrake, Debian, SuSE, Slackware. No one should be surprised that the same five show up in slightly different order. Also found at DistoWatch is The Linux Distribution Game, a guide to picking a Linux distribution. It covers the top five and another seven as well. Among the lesser known distributions we found Beehive Linux, not new exactly, but new to our list. Read more about Beehive below. New DistributionsBeehive Linux. The creators of Beehive Linux wanted a fast, simple, secure i686 optimized Linux distribution without all the cruft and clutter. This distribution is lean and mean and has native ReiserFS support built in. This is a distribution made by system administrators, for system administrators. Beehive has been around since January 1, 2001. ClumpOS. ClumpOS is a CD-based Linux/MOSIX mini-distribution designed to allow you to quickly, or temporarily, add nodes to a MOSIX cluster. The initial release, R3, came out November 12. Linux for Windows 9X. Linux for Windows 9X is a Windows 9X friendly version of Linux. It installs on a Windows 9X disk and allows for two way exchange of files between both Linux and Win9X. Monkey Linux was the prototype for this distribution, which is now at version 0.2. Distribution NewsDebian. Look for the Debian Project at Hispalinux Congress 2001 in Spain, and at Linux Kongress in the Netherlands. LynuxWorks unveils BlueCat 4.0. LynuxWorks has released BlueCat Linux 4.0, the latest version of its embedded distribution. Pricing starts at $2700. Also from LynuxWorks is this announcement of a forthcoming hard real-time version of BlueCat Linux, based on RTLinux. Mandrake Linux Community Newsletter. The Mandrake Linux Community Newsletter for November is out. Covered topics include replacing NT primary domain controllers with Mandrake Linux, a new menu-driven rescue mode, and the business case of the week. Red Hat. The Red Hat German development team has created a rescue CD for Red Hat Linux 7.2 that fits on a credit-card sized CD. Now available for download at ftp://ftp.redhat.de/pub/rh-addons/rescue-cd/ Diskcheck is a small utility supplied with Red Hat Linux 7.2 that is used to optionally notify the System Administrator when disk space on one or more partitions drops below a pre-defined level. The version that shipped with RH 7.2 has some problems, so Red Hat has made a new diskcheck program available. SuSE Enterprise Server 7 for the S/390. SuSE announced that its Enterprise Server 7 distribution is now available for the S/390 mainframe architecture. SuSE Linux to discontinue 6.3 version. SuSE Linux 6.3 will no longer be supported after Monday, December 10th 2001, after a lifespan of two years. If you haven't upgraded your SuSE box in a while, maybe it's time. Minor Distribution updates2-Disk Xwindow Linux System. The 2-Disk Xwindow Linux System released 1.2.01 beta with major feature enhancements on November 12. Minor enhancements went into 1.2.01, released November 14. BasicLinux. BasicLinux version 1.5 has been released. BasicLinux is a mini-version of Linux that boots from HD, FD or CDrom and runs in a 4meg ramdisk. floppyfw. floppyfw is a router and simple firewall on one single floppy. Stable version 1.0.12 contains a DHCP server and DNS cache. Also this version uses the 2.2.20 kernel. kmLinux. kmLinux is a complete Linux distribution for schools. kmLinux-2.1.2 contains kernel-2.4.12, XFree-4.1.0, KDE-2.2.1 and lots of other good stuff. See the announcement in English. The web site is in German. Mindi-Linux. Mindi-Linux uses a skeleton ramdisk and your kernel, modules, and tools to build a boot/root disk set. Version 0.45 has been released. Sorcerer GNU Linux. Sorcerer GNU Linux is a source-based ix86 Linux distribution designed for advanced Linux administration. A kernel update to 2.4.14 and minor feature enhancements went into version 20011106. ttylinux. ttylinux is a minimalistic Linux distribution that can fit in 4 MB of disk space. Version 1.15 of ttylinux has been released. Distribution ReviewsSuSE Linux Professional 7.3 (KillerTux). There is a review of SuSE Linux Professional 7.3 on the KillerTux site. "At this point we were stuck and couldn't get to a prompt. We thought this would be an excellent opportunity to try the ext3 file system. Therefore, we powered off the unit. Sadly, we lost the partition. The system was never able to boot into Linux again. Instructions on the screen were to manually run fsck. Nothing we tried helped. Our new setup is using ReiserFS." Despite that, it's actually quite a positive review: "In our opinion, SuSE Linux Professional 7.3 is an excellent product." Section Editor: Rebecca Sobol |
November 15, 2001
Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Development page. |
Development projectsNews and EditorialsAssistive Technology Projects for Gnome The Gnome project continues to move forward in the area of accessibility with two new projects, the Gnome Onscreen Keyboard and Gnopernicus.The Gnome site features an accessibility section that addresses the various disabilities that affect people, and presents solutions to make Gnome software useful to people with these impairments. These solutions are known as assistive technologies, and address a wide variety of impairments with some interesting solutions. The Gnome Onscreen Keyboard, or GOK project has the following goals: "GOK aims to enable users to control their computer without having to rely on a standard keyboard or mouse. Many individuals have limited voluntary movements and must control the computer using alternative input methods. These input methods may be controlled by actions such as blowing and sipping to activate a pneumatic switch, an eye blink and/or directed gaze with an eye tracking system, head movement, muscle contractions or limb movements." The Gnopernicus Project addresses people with visual disabilities. "The Gnopernicus project will enable users with limited vision, or no vision, to use the Gnome 2 desktop and Gnome/GTK+-2 applications effectively. By providing automated focus tracking and fullscreen magnification, Gnopernicus will aid low-vision Gnome users, and its screen reader features will allow low-vision and blind users access to standard GTK+2 and Java-based GUI applications via speech and braille output." Both of these new projects are made possible by the Gnome 2 built-in accessibility framework. Audio ProjectsMuSE 0.6.3 available. A new release of MuSE, the Multiple Streaming Engine, has been made available. MuSE allows multiple audio streams to be merged and sent to an Internet broadcast server. "MuSE is being developed in the hope to provide the GNU community with a user friendly tool for network audio streaming, making life easier for independent free speech radios." This version features support for 16Khz sound, and lots of bug fixes. DatabasesPostgreSQL v7.2 beta 2. The second beta of PostgreSQL v7.2 has been released. This release contains a number of improvements in performance, administration, and security. (Thanks to Doug McNaught). EducationSEUL/edu Linux in Education Report. The SEUL/edu Linux in Education Report for November 12 is out. Covered topics include software for web-based journals, and the first of a series of Linux in Education case studies. ElectronicsNew releases from the gEDA project. The gEDA project features a few new releases this week, the Gnu Circuit Analysis Package version 0.30, and an Icarus Verilog snapshot for November 10, 2001. Embedded SystemsUpdated Linux-PDA Quick Reference Guide. Rick Lehrbaum has posted a newly updated version of the Linux-PDA and PDA-Linux Quick Reference Guide. Embedded Linux Newsletter. The LinuxDevices.com Embedded Linux Newsletter for November 8 is out, with the usual roundup of goodies from the embedded Linux world. Mail SoftwareMailman 2.0.7 released. Mailman 2.0.7 has been released. Among other things, this release contains a couple of security fixes. New site: milter.org. A new site for mail filtering issues, milter.org, has gone online. The goal of the site is to act as a clearing house for mail filtering software issues. (Thanks to Jose Nazario.) Network ManagementSnort 1.8.2 released. Version 1.8.2 of Snort, The Open Source Network Intrusion Detection System, has been released. This is a bugfix release which fixes a number of problems. Printing SystemsCUPS v1.1.11 is Released. CUPS version 1.1.11 has been announced. "CUPS 1.1.11 adds support for embedded TrueType fonts and PostScript functions in PDF files and adds a new 'cupsaddsmb' program for exporting CUPS printer drivers to Windows clients, adds preliminary support for MacOS X and Darwin. It also now supports printer drivers with more than 100 media options, includes several general performance improvements, and fixes a potential JavaScript vulnerability in the web interface." OSDN Printing Summit 2001 notes wrap-up. The completed notes from the OSDN Printing Summit 2001 are online. "Actual progress probably will come about less as a result of this conference but instead when many distributions ship printing systems that aren't completely half-assed. Only then will real progress begin to appear." Web-site DevelopmentZope 2.4.3 released. Following last week's 2.4.3 beta 1 release, Zope 2.4.3 is now available. This release includes a few more bug fixes. MiscellaneousGetting Started with LDAP (O'Reilly). Luke A. Kanies introduces LDAP, the Lightweight Directory Access Protocol, on the O'Reilly Network. "This article was much more difficult than I expected. I initially began with an in-depth explanation of LDAP as a protocol, but realized that the real goal here is to be able to work with LDAP right now, not after reading 50 pages of abstract explanations." Using RPM on Red Hat Linux 7.1 (IBM developerWorks). Dan Poirier talks about the process involved in creating RPM packages on IBM's developer Works. |
November 15, 2001
|
|
Desktop DevelopmentAudio ApplicationsGLAME 0.5.3 released. A new release of the GLAME audio manipulation program is available. Version 0.5.3 is a development release and it includes several bug fixes and optional real-time updates of plugin parameters. National language support for French and German has been added to the graphical front end. BrowsersGdkxft 1.3 Patch Enables Anti-Aliasing on Mozilla. A new release of Gdkxft is available, version 1.3. "Gdkxft transparently adds anti-aliased font support to GTK+ 1.2. Once you have installed it, you can run any (or, nearly any) existing GTK+ binary and see anti-aliased fonts in the GTK widgets. You don't need to recompile GTK+ or your applications. The latest version of Gdkxft, version 1.3, adds AA support for Mozilla." Galeon 0.12.7 available. With an unceasing pace of forward motion, the Galeon project has released version 0.12.7. This version is RC2 for Galeon 1.0 and includes a few bug fixes. Desktop EnvironmentsFirst Evolution 1.0 release candidate. The first release candidate for Evolution 1.0 has been announced. "After more than two years of hard work, with over 750 thousand lines of code, Ximian Evolution stands out as the premier groupware suite for Linux and UNIX systems." What's needed now, of course, is for lots of people to try it out and find the remaining bugs. Gnome Foundation Board candidate list. For those who are interested: here's the full list of those running for the GNOME Foundation board. New GNOME Installation Guide. A new version of the GNOME Installation Guide is out. It's a comprehensive document for beginners who want to install their own GNOME and understand what's actually going on with it. GUNIH - GNOME in the Hispanic Universities. The GNOME Hispano group has announced a new project, Gunih, which aims to get more software contributions from the Hispanic university community. Bonobo conference paper available. Dirk-Jan Binnema has published a technical overview of Bonobo, the paper was recently presented at the Dutch Unix User Group (NLUUG) Autumn conference Kernel Cousin KDE for November 9, 2001. The November 9, 2001 edition of the Kernel Cousin KDE is out. Featured topics include LDAP KIOSlave, Simplifying the DCOP Process, Struggling to Clean Up KConfig, Disabling Action in XML GUI, Registering KDE Mime Types?, KNotes Joins the PIM Applications, Proofreading Strings For KDE3, KDE3 Features Plan and Kalling the [K]Artists. ALS 2001 Summary (KDE dot News). KDE dot News looks at the KDE presence at the recent ALS 2001 conference. GamesThe latest from WorldForge. The WorldForge project has a few new releases, Metaserver 1.2, which is a stable release of the Metaserver, and Cyphesis 0.1.0, both from Al Riddoch. Also, the November edition of The Chopping Block has been published. GraphicsGIMP 1.3 released. Version 1.3.0 of the GIMP, the beginning of a new development series, has been released. "Get ready for reorganized, not-yet-really-working sourcecode, compile it, hack it, send patches and help making a new GIMP that kicks ass." Of course, being a proper beginning of a development series, 1.3.0 doesn't actually work... (Thanks to Zachary Beane). Gimp-Print 4.1.99 rc1 available. Leading up to the 4.2 stable release, Gimp-print version 4.1.99rc1 has been released. This version adds a Polish language translation, support for more printers, build fixes, and more. InteroperabilityWine Weekly News for November 11, 2001. The latest Wine Weekly News is available. Topics include Winsock2, overlapped I/O, linking in .lib Files, and more on a problem with VirtualDub. Office ApplicationsXNotesPlus v3.4.0. Former LWN editor Michael J. Hammel has released XNotesPlus v3.4.0, a personal information manager with full Palm Pilot support. AbiWord Weekly News #69. Issue #69 of the AbiWord Weekly News is out with the latest developments from that project. MiscellaneousThis week in DotGNU. The This Week in DotGNU summary for November 12 is out, with the latest from that project. Included is a look at progress with the free Java implementation. |
Desktop Environments GNOME GNUstep KDE XFce XFree86 Window Managers Afterstep Enlightenment FVMW2 IceWM Sawfish WindowMaker Widget Sets GTK+ Qt |
|
Programming LanguagesC++OSE version 7.0 available. Version 7.0 of OSE is available. "OSE is a generic application framework suitable for constructing general purpose applications, distributed systems and web based services." This version is the first stable release after a year of beta releases. HaskellHaskell Communities and Activities Report. The first edition of the bi-annual Haskell Communities and Activities Report has been announced. The goal of the report it to produce an executive summary of Haskell project and language development. PerlObject-Oriented Perl (O'Reilly). Simon Cozens discusses introduces the reader to Object-Oriented Perl in an O'Reilly article. Building Perl projects with MakeMaker (IBM developerWorks). Sean Dague introduces MakeMaker for Perl. "If you've used UNIX or Linux for some period of time, you've probably written a few Perl programs to automate simple tasks. Each of these programs does something basic and simple that might otherwise take you 10 or 20 minutes to do by hand. In this article, Sean will show you how to convert just such a Perl program into a far more robust programming project, one that will be generic enough to be widely distributed across many disparate platforms." Computer Telephony Programming in Perl (use Perl). David Rowe talks about using Perl and Telephony::CTPort to control PCI telephone interface cards. "After much experimentation with different languages and packages, it became obvious to me that Perl would be a great language for Computer Telephony programming. So I wrote the Telephony::CTPort module to encapsulate the functionality of a CT card port in Perl. For example, you can take the port off hook, onhook, record and play audio files, and collect DTMF digits using this module." PHPPHP Weekly Summary for November 12, 2001. The November 12, 2001 PHP Weekly Summary is out. Topics include a new BSD-style Zend Engine license, a Windows CHM bug, new DOMXML and gettext extensions, PostgreSQL Async, PHP on Netware, and more. PythonThis week's Python-URL. Dr. Dobb's Python-URL for November 9 is out. Covered topics include teaching Python to kids, the future of stackless Python, and more. RubyTriple-R: The Rubicon Result Repository. The Ruby Garden has added a section called Triple-R, the Rubicon Result Repository. Triple-R contains "a comprehensive (and growing) set of automated tests for both the language and the built-in classes and modules. This test suite, called Rubicon, can be run by any Ruby user." Tcl/TkTcl-URL for November 14, 2001. The November 14, 2001 Tcl-URL is out. Topics include CriTcl, simulating LED displays, a Tcl demo of graph theory, and more. XMLUsing XSL-FO to create printable documents (IBM developerWorks). Rodolfo M. Raya introduces XSL-FO (XML Stylesheet Language-Formatting Objects) on IBMs developerWorks. "Need portable documents that, unlike most XML documents, include representation information? This article introduces XSL-FO (XML Stylesheet Language-Formatting Objects) and explains how it can come to the rescue. To demonstrate the advantage of using XSL-FO, the article includes an example implementation of a database reporting system that uses Java and XML code." XML::SAX (use Perl). The use Perl site features an article on XML::SAX, a Perl module that adds better XML support to Perl. Integrated Development EnvironmentsAnjuta and gIDE merged!. The Anjuta and gIDE projects have been merged. "The merged project will continue under the name 'Anjuta'. The application itself will be identified as 'Anjuta Dev Studio', and will initially be based on the gIDE codebase." Section Editor: Forrest Cook |
Language Links Caml Caml Hump Tiny COBOL Erlang g95 Fortran Gnu Compiler Collection (GCC) Gnu Compiler for the Java Language (GCJ) Guile Haskell IBM Java Zone Jython Free the X3J Thirteen (Lisp) Use Perl O'Reilly's perl.com Dr. Dobbs' Perl PHP PHP Weekly Summary Daily Python-URL Python.org Python.faqts Python Eggs Ruby Ruby Garden MIT Scheme Schemers Squeak Smalltalk Why Smalltalk Tcl Developer Xchange Tcl-tk.net O'Reilly's XML.com Regular Expressions |
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Commerce page. |
Linux and BusinessCovalent launches Enterprise Ready Server. Covalent has announced the release of its "Enterprise Ready Server" product. It's based on the (otherwise unreleased) Apache 2.0 server, but with a Java application server and some administration tools added on. Covalent has also announced the obligatory support services. Compaq and OSDN create Clustering Foundry. Compaq and the Open Source Developer Network have announced the creation of a "clustering foundry" on SourceForge. The foundry appears to be primarily a way for Compaq to share its clustering technology with the community. 'Creatures Internet Edition' for Linux. Linux Game Publishing has announced that "Creatures Internet Edition" will be released for Linux. Learning the Unix Operating System, Fifth Edition. O'Reilly has announced the release of the fifth edition of Learning the Unix Operating System by Jerry Peek, Grace Todino and John Strang. Teamware Office 5.3 released. Fujitsu's Teamware Group has announced the release of Teamware Office 5.3 for Linux. It's "a complete set of ready-to-run groupware applications for today's business professionals." OSDL announces 2nd Enterprise Achievement Award Contest. The Open Source Development Lab has announced its second "Enterprise Achievement Award" contest, which will give $25,000 to whoever they decide has made the greatest contribution to "Enterprise Linux" over the last two years. The full set of rules is available for those who are interested; the nomination form is online as well. Analyst: Linux to dominate high performance computing in less than three years. The Aberdeen Group has released a research report claiming that Linux will dominate the high performance computing market by 2004. Evans Data: Linux interest higher outside the U.S.. Evans Data has announced the results of a survey of developers. According to them, 39.6% of North American developers expect to be working with Linux in the next year, compared to 48.1% of "international" developers. Also: "More than half of those surveyed have enough confidence in Linux to use it for mission-critical apps." Linux Stock Index for November 08 to November 14, 2001.
The high for the week was 29.10 Press Releases:Open source products
Distributions and bundled products
Proprietary Products for Linux
Hardware running Linux
Products and Services Using Linux
Products With Linux Versions
Java Products
Books & Training
Partnerships
Personnel & New Offices
Linux / Open Source At Work
Other
Section Editor: Rebecca Sobol. |
November 15, 2001
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Linux in the news page. |
Linux in the newsRecommended ReadingOpen Source alive and well at O'Reilly P2P conference (Register). The Register covers the P2P conference from an open source perspective. "Among the vendors in attendance, Sun was especially prevalent. In his keynote, Sun's Phipps advised the audience that their best protection against vendor lock-in was Open Source. He said Sun views Open Source as a valuable software development methodology, rather than 'being religious about it.'" Linux Outlawed! (Troubleshooting Professional). Troubleshooting Professional has put up a special issue on the SSSCA. "What is the end result if SSSCA passes? It starts bleak, and gets bleaker. For starters, Linux is outlawed." MS promotes Linux from threat to 'the' threat - Memo (Register). The Register has picked up an alleged internal Microsoft memo on competing with Linux. "Speaking of fights, Brett Cocking and team from the SLG vertical just don't know when to quit! Not only did they displace RedHat for a 40+ web server deal at Broward County in Florida, they're also going straight after one of the Linux community's key wins at the City of Largo (dubbed the City of Progress). 'If they're the city of progress, why are they running Linux?', Brett jokes." How Microsoft invented open source, by Billg (Register). The Register reports on the Microsoft shareholder meeting. "There you have Bill's view of how the good free software movement should perform, tapping away at the creation of baseline 'adequate' functionality so other people can - we hesitate to say 'steal' - it, develop it and make money out of it." Apache 2.0 to debut from Covalent (News.com). News.com reports on Covalent, which is about to release a version of Apache 2.0, even though the Apache Project has not yet done so. "But Covalent, which employs some but not all of the key members of the Apache development effort, is ahead of the rest of the Apache programmers, who still consider 2.0 to be beta software and whose current 'production version' is 1.3.22, which is ready for real-world use." Linux security self-censorship ominous (Register). Here's an article in The Register about the suppression of information about security fixes in the 2.2.20-pre changelogs. "First, Microsoft's Scott Culp argued in an essay that security researchers shouldn't reveal the nature of security holes in software. Then Culp may have found an unexpected ally in his war against full disclosure: Linux's second-in-command, Alan Cox. Cox's decision to delete security-related material from the Linux kernel changelog seems almost to honor Culp's request that we suppress information useful to attackers." CompaniesCasio to ship Linux, Transmeta laptop next week (Register). Here's a brief Register article on the new "Fiva" laptop from Casio. "Interestingly, though, users select which operating system they want to boot into by toggling a physical 'Change Over' switch in the Fiva's body. Flip it to A Mode and you get XP; set it to B Mode and you get Linux." New CEO replaces Lineo founder (News.com). According to this brief News.com article, Lineo founder Bryan Sparks has stepped aside, and COO Matt Harris is the new CEO of the company. "Founder and former CEO Bryan Sparks will remain chairman, [spokesman Lyle] Ball said, though his new duties remain vague." VA Linux goes mainstream (IT-Director). IT-Directory has put up a look at the SourceForge 3.0 release. "This version of SourceForge runs, not surprisingly, on Linux (however, the company has announced plans for other operating systems, of which the first will be Sun Solaris). You might think that it would also run based on an open source database such as MySQL but, fortunately for its sales potential, the company has taken the pragmatic stance of rolling it out on Oracle (though 8i rather than 9i) in the first instance." BusinessFuture of the Data Center (ComputerWorld). Nicholas Petreley talks with Open Source Development Lab leader Tim Witham in this (slightly old) ComputerWorld article. "What impressed me most was his long-term outlook for Linux. Witham is convinced that Linux will own the data center in about five years." (Thanks to Peter Link). Linux: The Penguin Marches On (IT-Director). Here's an IT-Director article on how Linux is doing in the corporate world. "Our guess is that Linux on the desktop is still too early to call, but on the server it now looks to be unstoppable." ReviewsA developer's perspective on Sharp's Zaurus SL-5000D Linux/Java PDA (LinuxDevices). LinuxDevices.com is running a detailed look at the Sharp SL-5000D PDA. "Sharp calls their kernel 'Lineo Embedix'; though it is not clear what Lineo brings to the party -- at least from the point of view of the kernel. Basic functionality is provided by BusyBox , an open source project now maintained by Lineo. In any case, it should not be necessary to purchase Embedix to write software for the Zaurus -- freely available tools will work just fine." Worth a read. Editors' Choice Awards (Linux Journal). The Linux Journal has announced its "Editor's Choice" winners for the year. Word to the Wise: KWord's Quest for Completion (LinuxPlanet). LinuxPlanet looks at KOffice, and is not particularly impressed. "Without neglecting to acknowledge the incredible efforts of the open source developers that have gotten us this far with KOffice on what must amount to a shoestring budget, I have to say that as a consumer, I am getting a bit cynical about opening up a Linux product and being disappointed with the results." Internet liberation theology (Salon). Salon reviews The Future of Ideas, the new book by Lawrence Lessig. "Lessig's discussion of levels of control in the information ecology follows from the work of NYU communications scholar Yochai Benkler. Benkler described the Internet as a multitiered environment consisting of an underlying physical layer (the wires), a logical layer (the protocols) and the content (the Web pages you view, the cable programming you receive). At each level, Lessig notes how the balance is tilting increasingly from freedom to control." InterviewsInterview: Neal Walfield (KernelTrap). KernelTrap interviews Hurd developer Neal Walfield. The article gives a good overview of what the Hurd is about. "With respect to usability, the Hurd works quite well as a desktop system, however, I would not yet recommend it to anyone as a server. That said, approximately half of the Debian Woody archive has been compiled for the Hurd. This includes most development tools and noteworthy programs such as XFree86." Alan Cox on the DMCA, his future, and the future of Linux (NewsForge). NewsForge interviews Alan Cox. "I have a list of things I want to get done in 2.5, most of which consist of removing old ugly code. There is some device driver stuff I want to work on, and there are a whole collection of userspace things I want to play with somewhat more -- especially configuration tools and usability." MiscellaneousGeeks on the Half Shell (Linux Journal). Here's a travelogue by Doc Searls from the Geek Cruise. "After the third Bloody Mary, it doesn't matter what the hell Richard Stallman says." Section Editor: Forrest Cook |
November 15, 2001 |
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Announcements page. |
AnnouncementsResourcesIDG World Expo Introduces Online Conference Planner for LinuxWorld NY 2002. DG World Expo has announced software called My Show Planner, an online conference planner that allows conference attendees to personalize their conference schedules and social engagements at LinuxWorld Conference & Expo. EventsLinux Bangalore/2001. A three day Linux conference, known as Linux Bangalore/2001, will be held in Bangalore, India from December 10 through 12, 2001. Events: November 15, 2001 - January 10, 2002.
Additional events can be found in the LWN Event Calendar. Event submissions should be sent to lwn@lwn.net in a plain text format. Section Editor: Forrest Cook. |
November 15, 2001 | ||||||||||||||||||||||||
|
Software AnnouncementsHere are this week's Freshmeat software announcements. Freshmeat now offers the announcements sorted in two different ways: The Alphabetical List and Sorted by license |
Our software announcements are provided courtesy of FreshMeat
| ||||||||||||||||||||||||
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Linux History page. |
This week in Linux historySix years ago Red Hat Linux 2.1 was released. Three years ago (November 19, 1998 LWN): Trolltech announced that the Qt library would be released under an open source license. That license, the QPL, was truly open source, but remained controversial anyway. The Qt licensing issue didn't really die down until the library was relicensed under the GPL in 2000. Bruce Perens warned about the danger of trojan horse software. Three years later, there have been very few trojan incidents, but the danger is probably more real than ever. Stable kernel 2.0.36 was released with the first known application of "holy penguin pee." According to Linus: This, btw, is not something I would suggest you do in your living room. Getting a penguin to pee on demand is _messy_. We're talking yellow spots on the walls, on the ceiling, yea verily even behind the fridge. However. I would also advice against doing this outside - it may be a lot easier to clean up, but you're likely to get reported and arrested for public lewdness. Never mind that you had a perfectly good explanation for it all.
Digital Creations released the source for their Principia product. Principia, of course, became Zope, arguably the first big Python "killer app". The Linux Journal Editor's Choice Awards went out...the product of the year was Netscape Communicator, the "most desired port" Quark Xpress, and the best new hardware was the Corel Netwinder. Some awards just don't stand the test of time... Slackware 3.6 was released. Both Red Hat and SuSE announced support programs for their distributions. Red Hat hired Matthew Szulik to be the company president. VA Research (now VA Linux Systems) received a venture investment from Sequoia Capital, and Netscape purchased "NewHoo," which has since become the Open Directory Project. FUD of the week: Linux may be a great way for computer-literate individuals to get under the hoods of their computers for little cost, but it's nothing more than a convenient form of protest and public relations for the major software vendors that plan to support it. If nothing else, the Linux community has an influence beyond its numbers, and getting on its good side might help sales elsewhere. As long as Linux remains a religion of freeware fanatics, Microsoft (and other NOS vendors) have nothing to worry about.
Two years ago (November 18, 1999 LWN): The first Linux Business Expo happened as part of Comdex in Las Vegas. The Linux Professional Institute completed its first certification exam, finally. SuSE 6.3 was announced - though it was not due to hit the net until December. Mozilla M11 was released. Rumors were circulating of a new company to be formed by GNOME hackers Miguel de Icaza and Nat Friedman. Red Hat's purchase of Cygnus Solutions was confirmed. VA Linux Systems decreed that its IPO would happen at $11-13 per share - rather short of the $30 that it eventually went out at (but far higher than today's price). Scary thought of the week: I don't think people realize just how close we came to a Microsoft-dominated Web. If Microsoft, having trounced Netscape, hadn't been surprised by the unexpected strength of Apache, Perl, FreeBSD and Linux, I can easily imagine a squeeze play on Web protocols and standards, which would have allowed Microsoft to dictate terms to the Web developers who are currently inventing the next generation of computer applications.
Advogato hit the net. One year ago (November 16, 2000 LWN): The KDE League announced its existence. Meanwhile, the GNOME Foundation released the preliminary results for the first board of directors. Digital Creations (now Zope Corporation) hinted at how successful free software companies might look and operate in the near future. They secured a $12 million funding round at a time when venture capital was scarce. MandrakeSoft hired Bastille Linux security guru Jay Beale as Security Group Director. A position he has retained. IBM released the source for OpenAFS (a version of the Andrew File System) under its "IPL" license. IBM also released the first "reference implementation" of its Enterprise Volume Management System (under the terms of the GPL). Netscape 6 launched. A scan through open source chat rooms such as Slashdot.org reveals that most users who tested the software say it is still full of kinks and bugs and are already looking forward to the release of Netscape 6.1.
"... barriers to the adoption of open source software persist", wrote Michelle Head at LinuxNews.com. The health care industry would seem to present the perfect challenge for open source design: one would think that an organization requiring a stable, secure operating system able to manage a number of different types of data with complete integration and the kind of ease-of-use most physicians need would have open source written all over it. But the health care industry's information technology status remains largely in the Dark Ages--even as healthcare's growing complexity cries out for cutting-edge technology solutions.
One year later one burning topic at the recent National Summit on Future of eHealth Application Development was: What is the role for standards, open source software, or public domain approaches to eHealth development? What changes (e.g., structural changes, incentives, funding) are needed to jumpstart and sustain such approaches?
Section Editor: Rebecca Sobol. |
November 15, 2001
LWN Linux Timelines |
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Letters page. |
Letters to the editorLetters to the editor should be sent to letters@lwn.net. Preference will be given to letters which are short, to the point, and well written. If you want your email address "anti-spammed" in some way please be sure to let us know. We do not have a policy against anonymous letters, but we will be reluctant to include them. |
November 15, 2001 |
From: "Eric S. Raymond" <esr@thyrsus.com> To: lwn@lwn.net, editors@linuxtoday.com, malda@slashdot.org, editor@linux.com, editors@newsforge.com Subject: Thank you, Microsoft, but no thanks! Date: Fri, 9 Nov 2001 16:50:08 -0500 In remarks at a Microsoft stockholders' meeting, Bill Gates recently claimed that Microsoft was responsible for the success of open source. "Really," he said "the reason you see open source there at all is because we came in and said there should be a platform that's identical with millions and millions of machines." As an exercise in retroactive imperialism, this is little short of breathtaking. It ignores the fact that though the open-source culture wouldn't get public visibility until after 1993, or a name for itself until 1998, it already existed well before the foundation of Microsoft in 1975. Many of today's most active hackers can readily remember a time when the typical response to the word "Microsoft" was "Who are they?" -- and some of our most important work (such as the Berkeley TCP/IP stack that Microsoft itself copied and used) was written years before the computing landscape flattened into PCs as far as the eye can see. But there is one smidgen of truth in this; yes, Mr. Gates, recently you have helped open source succeed -- in much the same way Osama bin Laden has helped beef up airport security lately. Microsoft's monopolistic, price-gouging, bullying behavior is making open source more attractive every day. We'd thank you, except that you're only accelerating a process that would have happened anyway. You're a serviceable villain, but not a necessary one; the dedication to excellence and the sense of worldwide community that are behind the open-source movement were here long before Microsoft, and will still be here long after Microsoft is gone. -- <a href="http://www.tuxedo.org/~esr/">Eric S. Raymond</a> | ||
From: Dan Stromberg <strombrg@nis.acs.uci.edu> To: letters@lwn.net Subject: legal aspects of opensource Date: Thu, 8 Nov 2001 10:33:45 -0800 I sincerely hope you won't stop covering the legal aspects of opensource. It's important information, and you cover it well. -- Dan Stromberg UCI/NACS/DCS | ||
From: Bruce Ide <greyfox@flying-rhenquest.net> To: lwn@lwn.net Subject: Redistributing GPL Code Date: Thu, 8 Nov 2001 05:16:43 -0700 > Heres an interesting scenario, though: suppose an unethical vendor > obtains a copy of a program licensed under the GPL, makes a change, > and resells the product under a proprietary license? Then I sue him for distributing a derivative work under the copyright laws. Unlike a regular EULA, which takes rights away from the user, the GPL only grants you rights. If you do not accept the GPL or EULAs get declared unconstitutional in court, control reverts back to standard copyright with all the happy copyright protections including the derivative work clauses. This of course depends upon the copyright holder defending his copyright. If the copyright holder happens to be the FSF, I guarantee you they'll go after the infringer like a rabid pit bull. I'm pretty sure Stallman's been itching to try the thing out in court. You know why every company this far has caved when he's gone after them for similar things? Because those companies have lots of expensive lawyers who have evaluated the GPL. They've told the people in charge that it's solid and that the company will lose in court if the FSF sues them. Check with any big company that does software and you will find they have a policy that if you work on a software product, you can't contribute (or even look at the source for) a similar open source program. Even in your spare time. Usual disclaimers apply; I am not a lawyer (But I play one on TV.) -- Bruce Ide greyfox@flying-rhenquest.net Carpe capregenus http://www.flying-rhenquest.net | ||
From: Chris Brand <Chris_Brand@spectrumsignal.com> To: 'Gleef' <gleef@ybten.net>, "'letters@lwn.net'" <letters@lwn.net>, 'Alan Cox' <alan@lxorguk.ukuu.org.uk> Subject: Re: DMCA Issues Date: Fri, 9 Nov 2001 14:38:28 -0800 Gleef wrote: >Alan is neither a US citizen nor a US resident, and should not bear >the brunt of fighting a US law; I consider his stance of staying away >from the US, until the DMCA no longer threatens him, prudent. Ironic, then, that since the 1988 Copyright, Design and Patents Act became law in the UK, it has been illegal there to "publish information intended to enable or assist persons to circumvent that form of copy-protection" See http://www.hmso.gov.uk/acts/acts1988/Ukpga_19880048_en_21.htm#mdiv296. I suspect that anything that is considered "rights management" could also be considered "copy-protection", although I'm certainly not a lawyer. Certainly file permissions and userids may be used for copy-protection, and Alan's far more vulnerable to UK law than the DMCA. Chris Brand | ||
From: Alan Cox <alan@lxorguk.ukuu.org.uk> To: Chris_Brand@spectrumsignal.com (Chris Brand) Subject: Re: DMCA Issues Date: Fri, 9 Nov 2001 22:49:07 +0000 (GMT) Cc: gleef@ybten.net ('Gleef'), letters@lwn.net ('letters@lwn.net'), alan@lxorguk.ukuu.org.uk ('Alan Cox') > law in the UK, it has been illegal there to "publish information intended to > enable or assist persons to circumvent that form of copy-protection" > See http://www.hmso.gov.uk/acts/acts1988/Ukpga_19880048_en_21.htm#mdiv296 > <http://www.hmso.gov.uk/acts/acts1988/Ukpga_19880048_en_21.htm#mdiv296> 2b. Note the "intended to" The DMCA lacks intent checks. Thats also why thefreeworld.net requires you promise you arent using the info to commit an offence. Alan | ||
From: Seth LaForge <sethml@ofb.net> To: letters@lwn.net Subject: Re: bug reporting in noncommercial software Date: Sat, 10 Nov 2001 14:48:01 -0800 Cc: debian-debbugs@lists.debian.org, David.Kastrup@t-online.de Two weeks ago on lwn.net, David Kastrup complained that his users don't submit bugs, and that the failure of free software to keep bugs under control is due to lack of bug reports. This is an area I've been giving thought to lately. I think that a large part of the problem is the great variety of bug reporting and tracking mechanisms in use. If I want to report a bug for some program, I have to hunt down the documentation which describes how to submit a bug, possibly register with a bug reporting database, figure out what version I have of the program and all software that it depends on, and coherently describe the bug. By this time I've spent half an hour of my life reporting a bug that may well have already been reported by somebody else. This doesn't much encourage me to report bugs. The Debian Project (<URL:http://www.debian.org/>) has inadvertantly found a solution for the problem. They have a bug tracking system for tracking bugs in packages in the Debian distribution - it's at <URL:http://www.debian.org/Bugs/>. The system is primarily for tracking bugs in the packaging of programs (for example, a package that doesn't install man pages properly), but it is also used to track bugs in the actual programs. Every package has a designated package maintainer. When a software bug is reported to a package maintainer, the maintainer is responsible for forwarding the bug on to the package author (or bug tracking system, or mailing list, or what-have-you) and keeping track of its progress. By routing all bug reports through maintainers who decide what action to take, Debian has made it much simpler and more consistent to report a bug. Further, Debian features the excellent "reportbug" utility. Suppose I discover a bug in elvis. All I have to do is type "reportbug" in a shell. I get back a prompt "Enter a package:". I type "elvis". reportbug then queries the Debian bug tracking system for existing bug reports on elvis and displays summaries of all bugs. I can then view the full text of any bug report, and if I find one that matches the bug I'm attempting to report, I can either quit or submit a followup to the existing bug report. If I don't find my bug already listed, reportbug will bring up an editor window in which I can describe the problem. report bug then appends information about the version of the package involved, all packages it depends on, my kernel version, etc. and sends the report on to the Debian bug tracking system. reportbug makes it easy for me to discover if my bug has already been reported. It makes it sure that all bugs get reported with full information on version numbers and the status of the system. I only have to learn to use a single bug reporting tool rather than learning a new tool for every program I encounter a bug in. It's great! It would be wonderful if a system like this could be extended to free software in general, rather than just the Debian distribution. Because there are Debian packages for most free software, there's bug tracking for pretty much any free program I might run into, but the system isn't available for users of other distributions, or non-Linux systems. I'm not sure how one would generalize the Debian bug tracking system to extend to all of free software. One way that comes to mind is to split the Debian bug tracking system into two halves - one half for Debian-specific bugs, and the other half for program bugs. Then package up reportbug for all of the major Linux distributions, as well as for *BSD, Solaris, etc. Encourage the authors of simple packages to use it as their primary bug tracking system; I'm sure there are plenty of projects and programs which currently don't use a bug tracking system out of inertia, but would if there were a simple standard. Of course there are currently political and technical obstacles to splitting the Debian bug tracking system as I propose, but the fundamental infrastructure is there and ready to go. I hope this letter will inspire some thought and perhaps action on the matter. Seth LaForge | ||
From: Scott Johnston <scott@accom.com> To: letters@lwn.net Subject: ivtools-1.0 release Date: Fri, 09 Nov 2001 15:28:51 -0800 Thanks for the mention of the 1.0 release of ivtools. I should mention that Vectaport Inc. is no longer an ongoing commercial concern, but the ivtools software lives on with a BSD-style license. This could prove useful to free software businesses developing custom commercial applications that require direct-manipulation graphics. Yes, idraw is ancient by recent standards, but then so is X11, emacs, TeX, ghostscript, and don't forget the Unix kernel. Old software does not necessarily make for useless software. But you knew that. Scott Johnston http://www.ivtools.org | ||
From: Nathan Myers <ncm@nospam.cantrip.org> To: letters@lwn.net Subject: Gartner reports' true meaning Date: Sun, 11 Nov 2001 03:39:55 -0800 To the editors, The Gartner Group has has published several reports lately touching on Free Software that must have left many LWN readers confused. After years of painfully misleading commentary, suddenly we see a few outbreaks of rare good sense, punctuated by more of the customary nonsense. I have been observing "market research" companies for a decade, and have learned a lot about what such reports really mean. Although all "market research" companies claim to do research (and a few actually do!), that is not their main job. They offer their "reports" at outrageous prices, but most of their paying customers aren't paying to learn what's in the reports. What are the real customers buying? The real customers are what are usually called "corporate communications" officers -- less politely, flacks. The job of a flack is to get her employer's product noticed. Sending press releases is a part of the job, but press releases, when not discarded, usually appear where people can safely ignore them. To get a press release noticed, it has to _seem_ to come from somewhere else. This is the market researchers' real job. They gather material sent in by their real, paying customers into "reports". They invite cooperative magazine columnists to (otherwise) expensive conferences, feed them handsomely, and hand them reports. Columnists regurgitate the reports in those industry magazines we all get at well below production cost. When we see a "market research" report, even knowing its true origin, we can learn something. We can learn what the big players in a market want believed. More, we can learn what many buyers, as well as investors and smaller competitors in that market, will do. Buyers follow the recommendations because they believe, or don't know what else to do, or are afraid not to. The smaller competitors have to provide what the customers think they want (so actually have to buy the reports!). Investors put their money where the buyers are. When this positive- feedback cycle works just right, everybody makes out fine until somebody notices that the products don't work or the consumers aren't interested. (Even then, nobody has to give any of the money back.) What does this mean about recent, surprising, reports? First, the market research agencies are in a fix right now. A big chunk of their more generous, naive, and "innovative" customer base just closed its collective doors. Literally thousands fewer corporate communications officers are shoveling press releases and checks into their mailboxes. Second, just because few are paying to have reports written doesn't mean they can stop writing reports; they depend for survival on their names appearing in print. Third, the cheapest, most reliable way get mentioned in print is to write controversial things. Finally, a good way to drum up new business is to provoke it by publishing what some would pay to have re-spun. The recent, surprising reports from the Gartner Group could be examples of this process: maybe Gartner is just stumping for Microsoft business. More likely, something even more cheesy is going on. In any case, the most sensible response to a Gartner Group report is to ring the spittoon and move on. Nathan Myers ncm@nospam.cantrip.org | ||