Weekly Edition
Return to the Press pageRecent Features
| |||||||||||||
The making of Wine (Network World)
Network World talks with CodeWeavers CEO Jeremy White about Wine. "'We are completely rewriting the Windows operating system from the ground up,' he says. 'Basically we took Microsoft's crown jewel, that they've had billions of dollars to develop using tens of thousands of developers, and we, the open source community, have essentially re-implemented that. We are the scrappy underdogs.'"
(Log in to post comments)
The making of Wine (Network World) Posted Apr 16, 2008 14:07 UTC (Wed) by clump (subscriber, #27801) [Link] I have been playing with both Crossover trial versions and the Free Software Wine recently. In 2000 Wine was complete enough to run Half Life. Wine certainly is impressive software, however it can be daunting for newcomers. Crossover cleans up much of what's bothersome about Wine, like the interface, though I wonder if Crossover will always be kept as the polished version.
security sweep before 1.0? Posted Apr 16, 2008 17:02 UTC (Wed) by jabby (guest, #2648) [Link] I was just curious whether the wine codebase was being audited for security by Coverity's static checker. I know it's a lot of code and I was curious if there was a last-minute push to close all findable vulnerabilities before the 1.0 release (and thereby avoid a flood of security-related updates shortly thereafter).I checked http://scan.coverity.com and found Wine listed on "Rung 1" of their Scan ladder (which seems to indicate a kind of "not quite first-class" status). Here are the numbers listed for the project as of 4/16/2008 (16:50 UTC):
Defect Summary: Fixed Verified Uninspected 116 21 298 Lines of Code: 1,603,208 Defects/KLOC 0.199 There are some large projects (>1MLOC) that are doing worse (eg: Firefox), but at least one (KDE) is doing a *lot* better, in terms of sheer numbers of uninspected and unfixed defects as well as defects per kloc. I just wanted to post this information in case someone else was curious, and maybe to call attention to the need for a good security audit and code cleanup before the 1.0 release. Of course, they must already have a plan for such a thing... right? Jason
security sweep before 1.0? Posted Apr 16, 2008 17:30 UTC (Wed) by JoeBuck (subscriber, #2330) [Link] A perfect Coverity score wouldn't mean that Wine is secure; after all, a perfect Wine would run all Windows malware, at least with the privileges of an ordinary user, which is good enough for many black hat purposes.
security sweep before 1.0? Posted Apr 16, 2008 19:43 UTC (Wed) by jospoortvliet (subscriber, #33164) [Link] Yep. Until now, I've always thought Wine to be too incomplete (yet) to be able to run most spyware/addware/etc properly - but those times might be gone soon...
security sweep before 1.0? Posted Apr 16, 2008 21:39 UTC (Wed) by bronson (subscriber, #4806) [Link] Wouldn't running everything in its own bottle largely fix this? I suppose some thought would have to be put into privs... don't want it to be like client-side Java: - "this application is requesting access to ./alck.foo^. Grant / Deny?" - "This application would like to open a socket to http://secure.example.com:9248 Grant / Deny?" It was even worse than Vista! Would Wine be able to do something like this? Or is sandboxing / bottling just too difficult to be worth the dev time?
security sweep before 1.0? Posted Apr 17, 2008 2:43 UTC (Thu) by JoeBuck (subscriber, #2330) [Link] If the program in bottle can access the net, it send spam or join a botnet.
security sweep before 1.0? Posted Apr 16, 2008 19:25 UTC (Wed) by dank (guest, #1865) [Link] FWIW, a couple folks are slowly going through the Coverity results for Wine. As of today, the count is UNINSPECTED 216 RESOLVED 7 PENDING 4 IGNORE 34 FALSE 41 BUG 36 More volunteers are probably needed before we can improve those counts.
|
|||||||||||||