Linux in the news
All in one big page
See also: last week's Back page page.
As you may have noticed, trying to download a distribution right now is a difficult undertaking, even if you are not after that new release that's in the news. One place to look is LinuxISO.org, which has CD images of a number of distributions. Most of LinuxISO's servers seem to be in Europe. There is also the SourceForge mirror server, though even its heavily hyped massive bandwidth appears to be a bit stressed at the moment.
And don't forget, of course, the Tucows Linux library. It has mirrors worldwide, and is especially good if you're looking for something a little older.
Section Editor: Jon Corbet
September 28, 2000
Two years ago (October 1, 1998 LWN). This was the week when Intel and Netscape announced investments in an obscure company called Red Hat. If you were not paying attention at the time, you will likely have a hard time understanding the impact that those investments had. Money from Intel now shows up on Linux business plans sometime shortly after getting the incorporation papers signed.
At the time, however, it was the first direct statement from an established technology company that Linux was going to go somewhere. It brought a new legitimacy to the Linux business arena. To a great extent, this investment changed the situation overnight.
In a way, the investments could be looked at as the day Linux bought a suit and shaved. Linux, a Unix-like operating system, so far has mostly been an underground computing phenomenon.
LWN reviewed GNOME 0.30. Things have come along since then.
Cygnus released the first version of its eCos embedded operating system.
Red Hat, which had a proprietary CDE offering back then, discovered that it was full of bugs. Not only that, but Red Hat couldn't fix them. So they dropped the product, and pretty much got out of the proprietary software business altogether.
The development kernel was 2.1.123. This kernel came out with a bunch of compilation errors due to a messed up patch application. After the screaming reached too high a point, Linus threw up his hands and left to take a vacation. This was one of the famous "Linus does not scale" events of the 2.1 development series, and served notice that something had to change.
Two years later, the 2.3 development has been free of such episodes. Some of the changes made, wherein more patches pass through various "lieutenants" before getting to Linus, appear to have helped.
Caldera officially launched its 1.3 distribution. SuSE announced its "Office Suite 99" -- essentially a package built around its distribution and the ApplixWare office suite.
One year ago (September 30, 1999 LWN): Then, as now, the Embedded Systems Conference was in progress. The big players were Cygnus, with its new EL/IX platform, and Lineo, which had a thing called "Embedix" in the works.
PC Week put up a "Hack PC Week" challenge; its Linux server was promptly hacked. The problem, as it turned out, was a third-party ad serving script they had put on the system, along with a distinct lack of attention to application of security updates.
Then, as now, somebody was trying to get a project management system for the Linux kernel adopted.
The first release of GNOME's Bonobo component system happened.
[The penguins] are, in fact, trained actors used to appearing before hot lights and cameras. Some of their commercial credits include Batman (the movie), as well as several frozen food ads. However, it would now appear that their career as the Magic penguin (nicknamed 'MeL' by the Company) is at an end.
Linus Torvalds was awarded an honorary doctorate at the University of Stockholm.
Letters to the editor should be sent to firstname.lastname@example.org. Preference will be given to letters which are short, to the point, and well written. If you want your email address "anti-spammed" in some way please be sure to let us know. We do not have a policy against anonymous letters, but we will be reluctant to include them.
Date: Thu, 21 Sep 2000 12:37:08 -0400 From: "Bill Rugolsky Jr." <email@example.com> To: firstname.lastname@example.org Subject: NFS in 2.2.18pre9 Hi, Just a quick note: Alan has only merged Trond Myklebust's NFS client patch (SunRPC/NFSv2 fixes, TCP,NFSv3 added). Dave Higgen's knfsd patch, which applies over Trond's patch, has not been merged. Alan may still have concerns about compatibility or particular implementation details; he hasn't elaborated publicly. On the positive side, even if the knfsd patch doesn't go in, it is relatively localized to lockd and nfsd, and so should apply fairly cleanly going forward. Still, it would be nice to have Linux NFS client/server works out-of-the-box; this is a principal requirement in NFS-heavy environments such as our workgroup. Once 2.4 is stable, it will be a non-issue, but that is several months away, at minimum. Regards, Bill Rugolsky email@example.com
Date: 24 Sep 2000 00:43:02 -0000 From: Eric Smith <firstname.lastname@example.org> To: email@example.com Subject: Eric Raymond on closed-source security Gentlemen, On September 22, you quoted a Government Technology interview with Eric Raymond: "it's folly, absolute, utter folly, to make the security of the system depend on the security of the algorithms." I did a double-take when I read this. Then I followed the link and was astonished to see that you did in fact accurately quoted the GT article. Of course, I don't know whether GT accurately quoted ESR. What ESR should have said is that it is folly to make the security of the system depend on the *secrecy* of the algorithm. I imagine that secrecy is what he meant when he said security, and perhaps secrecy is a form of security, but it's only one aspect. In general it is not even possible to have a secure system without a secure (but not necessarily secret) algorithm. If your algorithms aren't secure, it matters little whether they are secret or not. Part of this is to use crypto algorithms that are secure, i.e., to use triple-DES rather than XOR with a small constant. However, many people think that just because they use a good crypto algorithm, their program is secure. Unfortunately, while the use of a good crypto algorithm is necessary for a program to be secure, it is not sufficient. Read any issue of Bruce Schneier's Crypto-gram newsletter, and you'll find listings of cases where people have built insecure programs by improperly using a good crypto algorithm: http://www.counterpane.com/crypto-gram.html If you wonder how a program that uses a very secure algorithm can still be insecure, read Bruce's essays "Why Cryptography is Harder than it Looks" and "Security Pitfalls in Cryptography": http://www.counterpane.com/publish.html Eric Smith
Date: Thu, 21 Sep 2000 16:06:26 +0100 From: Dave Peacock <firstname.lastname@example.org> To: email@example.com Subject: Outrage at Debian dropping security for 2.1 Who the hell do Debian think they are?! How dare they make people wait a _ridiculously_ long time for an official release, and then drop sec support within a few months? That is completely unacceptable. Security is a _vital_ aspect of any software, _especially_ an OS. Debian has been dropping in my opinions for a while now, for various reasons, but this is really the icing on the cake. Debian, you have _totally_ lost my support. _Maybe_ I can understand dropping support for non-sec bug fixes this early, but security fixes should at _least_ be worked on for a year or two, ideally, indefinately. I think I will replace my 2.1 machines with a dist that has a better release cycle, no bloatware (read - wannabe crappy packages with no value in a base OS dist), and some kind of concept that sec fixes are _critical_. Debian developers/maintainers/people of power: Please re-consider and maintain sec stuff for _at least_ a year. -- Dave Peacock Technical Support Engineer firstname.lastname@example.org +44 (0)208 564 5121 iPlanet E-Commerce Solutions www.iplanet.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ I/O, I/O, It's off to disk I go, a bit or byte to read or ~~~~~~~~~~~~~~~ write, I/O, I/O, I/O, I/O ~~~~~~~~~~~~~~~~