LWN.net Weekly Edition for March 11, 2004 [LWN.net]

A grumpy editor's calendar search

Your editor is, at times, a creature of habit. Many, many years ago, back when Tcl and Tk were new and exciting, he discovered a simple calendar called "ical" and he has been using it ever since. ical may be old and

unmaintained, but it works. It provides a basic calendar, appointment book, and task list without taking up too much screen space or system resources. Its interface is quick and does not require lots of clicking and form filling. It does exactly what it needs to do.

Creatures of habit, perhaps, should not run Debian unstable on their desktops. Your editor has learned to scrutinize every dist-upgrade carefully before turning it loose, but he missed the one that deleted ical from his system. Some investigation turned up that, in fact, ical has not been part of Debian for some time; it had been removed as being obsolete, unmaintained, and superseded by better alternatives. ical was able to continue to exist for years, however, until some recent change in unstable forced its removal.

After scrambling to copy his calendar file to another system, your editor decided it was time to investigate some of these newer, better alternatives. The results, it must be said, were somewhat disappointing. The new crop of desktop calendars may be impressive to look at, but few of them have achieved the straightforward ease of use and unobtrusiveness that ical had almost fifteen years ago. Fortunately, the news is not all bad.

The first stop in such a search almost has to be Evolution. Ximian's high-profile groupware system is, doubtless, highly useful for busy people who must juggle meetings and share their schedules with others. One of the big advantages of working for a small operation like LWN, however, is that scheduling a meeting is a simple matter of finding a table at a local brewpub, and Evolution can't help with that. For one whose goal is a simple calendar manager, and who has no desire to switch to a new email client, Evolution brings a great deal of heavyweight baggage for little gain. The calendar interface is difficult to navigate around in; your editor never did succeed in reproducing the calendar view found on the Evolution screen shots page. Evolution 1.4 also crashed several times while being tested. Evolution may be an impressive piece of software, but it is not appropriate to consider as a replacement for ical.

The word is that Evolution 2.0 will feature a much-improved calendar manager, and the underlying infrastructure will make it easier to create independent, standalone calendar applications.

The next logical place to look is KOrganizer, the KDE calendar application. KOrganizer it must be said, is a nice calendar manager. The default layout wastes a lot of space, but a bit of edge dragging fixes that. KOrganizer allows for relatively painless entry of events, and it understands the concept of events which are attached to a day, but which have no particular time (e.g. "wedding anniversary: have a present or sleep on the couch"). Alarms are nicely configurable, though your editor noted that the alarm windows had a tendency to pop up underneath the KOrganizer window on his (non-KDE) desktop.

There is one nice ical feature that KOrganizer lacks: the ability to add events without dealing with dialog windows. With ical, it's simply a matter of dragging an entry over the relevant time period and typing in the info. With KOrganizer (and a number of other calendar managers), you have to set the times in special dialog fields. KOrganizer 3.2 has improved things somewhat by allowing the time range to be set with the mouse, but it requires an explicit configuration option and still puts up a dialog for the event description. In the modern, graphical, direct manipulation world, the dialog window should be unnecessary if the more complex features (custom alarms, recurrence) are not being used.

Another possibility is a package called plan, which is a calendar manager based on Motif. Plan has the basic necessary features; it can handle appointments (but appears to lack a task list). It requires a separate daemon to handle alarms, and complains if that daemon is not running when it starts up. It has two basic views, being full-month and one week; there is no way to get the "this month calendar and today's events" view that many other calendar managers offer. Event entry is relatively unfriendly, requiring dates and times to be typed into form blanks. Plan works as a basic calendar, but fails to inspire enthusiasm.

A simple, but cute entry is gDeskCal. This calendar is meant to sit on (and blend into) the desktop; it uses alpha blending to make itself inconspicuous, and comes with several different "skins" which can be used to change its appearance. gDeskCal has a simple appointment manager, and it can read Evolution appointments as well. Hovering the mouse over a given day will yield a transient window listing that day's appointments. There is no alarm capability, however.

Your editor was also pointed at "xcal", which is available as a Debian package but which appears to lack a web page. Anybody who wonders what life was like when the Athena Widget Set was new should give xcal a try. Anybody wanting a modern calendar application should look elsewhere, however.

The final stop on this tour is GNOME-PIM. This calendar manager, like KOrganizer, handles all of the basic tasks and provides a number of useful views. Unlike KOrganizer, GNOME-PIM allows entry and management of calendar entries directly in the main window, without dialogs. Also unlike KOrganizer, it lacks "no specific time" events. Unlike ical, GNOME-PIM does not have a flag on events saying whether that event should cause the day to be highlighted on the one-month calendar view. There are certain types of events ("it's trash day") that are nice to get reminders for, but which don't really qualify as special events. GNOME-PIM has a lot of potential, but it suffers from a big problem: development activity appears to have come to a stop, and there has not been a GNOME-PIM release since the end of 2002. The last thing a grumpy editor needs is to commit himself to another unmaintained calendar application.

The winner is fairly clear: the only application which is competitive as an ical replacement appears to be KOrganizer. The KDE developers have done a top-quality job of creating a focused, highly-configurable calendar manager which brings in a (relative) minimum of unneeded baggage. Your editor will miss the quickness and simplicity of ical, but KOrganizer will get the job done. Let us hope, however, that the developers of graphical applications will not forget the users who are not interested in massive, do-everything applications. It should always be possible to find, say, a reasonably functional calendar without dragging in email clients, web servers, and other unrelated stuff. The old Unix guideline - a tool should do one job, and do it well - is best not forgotten.

Comments (70 posted)

Linux a la Carte

March 11, 2004

This article was contributed by Joe 'Zonker' Brockmeier.

Progeny is proposing a different way to look at Linux distributions. According to Progeny's Ian Murdock, the traditional Linux distribution follows a "top-down" "one-size-fits-all" model that doesn't meet the needs of many Linux users.

For those who view Linux not as a product but as a platform on which to build their own products, the monolithic nature of the typical distribution is a particularly bad fit. The typical Linux-as-product distribution optimizes for breadth--because it is "one-size-fits-all", it needs to include a huge assortment of features and technologies to satisfy the widest possible audience, only a few of which may be important to any given project (and the few that are important will always vary). Ideally, for Linux-as-platform users, a distribution should optimize for depth, i.e., to excel in those few features and technologies important to the project at hand.

The new approach, then, is to "componentize" Linux by allowing the user to choose only the bits that they need. We spoke with Murdock about Progeny's plans for componentized Linux to see where the company is headed. Is componentized Linux yet another Linux distribution? Emphatically not, according to Murdock:

One thing that's very important to point out, it's not a distribution per se -- it's more of a template above an existing distribution like Red Hat or Debian...someone can come in and say 'this is what I want' and then it becomes a question of 'which distribution foundation do I want under that?' ... It's a much smaller job to come in and say 'I want an LSB 2.0-compliant runtime and Active Directory integration module' instead of having to go in to Debian to figure out what packages you need.

Besides, Progeny has already been there and done that with regards to the distribution business. The company started with Progeny Linux, a "commercialized" version of Debian, and eventually moved on to a business model of helping other companies customize Linux to fit their needs. Customization, according to Murdock, often involved a lot of time removing components from "monolithic" distributions that their customers had started with -- which in turn led to the concept of componentized Linux.

For users who are interested in seeing componentized Linux in action, Progeny has released "Componentized Linux Core" ISOs based on Debian Sarge. There are two ISO images available, only the first is necessary to perform an install -- the second contains the remainder of source code for the distribution that didn't fit on the first ISO. They provide an early glimpse of the concept, though the release is a bit short on actual components. The Componentized Linux Core uses Progeny's Anaconda for Debian installer and allows the user to install a short list of components: XFree86 4.2, GNOME 2.4, a 2.4 or 2.6 kernel, and an LSB runtime and devel component.

Why is Progeny making Componentized Linux public now? For one thing, the company is looking to highlight Progeny's approach to customizing Linux. Murdock also said that he's noticed a number of people developing custom distributions, and that they'd like to give something back to the community -- and to prevent others in the community from having to re-do the same work that Progeny has already done. He also said that he hopes that Progeny will be able to build a community around Componentized Linux that will help the project evolve to everyone's benefit. Murdock noted that the response thus far has been positive:

I think it's a concept that resonates with people, because Linux is a fundamentally different OS. The leading commercial distributions are looking more and more like the proprietary OSes that they are replacing...people are looking at this and saying 'it's a good fit, and it'll save me a lot of time.'

Though Progeny's first release is based on Debian, Murdock said that the company also hopes to have a Fedora-based Componentized Linux and "possibly more than that."

It will be interesting to see if the à la Carte approach gains widespread appeal. No doubt, part of the distribution proliferation problem stems from the difficulty of customizing "major" distributions to specific tasks. Instead of seeing hundreds of different Linux distributions -- each with their own installer, administration tools and assorted quirks -- perhaps we could look forward to a day when most distributions utilize a single common core and distinguish themselves through package repositories. For users who have had to master multiple distributions, package formats and admin tools, it's an attractive prospect indeed.

Comments (7 posted)

SCO and Public Perception

Mark Barrenechea, a senior vice president in charge of product development at CA, said the SCO licenses weren't bought but were "thrown in" as part of a settlement CA reached last August with Canopy.

--Dow Jones

The word from CA would appear to be clear: the company did not go out looking for "Linux licenses" from the SCO Group. Instead, the Canopy Group, SCO's largest stockholder, decided to toss the licenses in as part of an apparently unrelated settlement some months ago. It must have seemed like a good idea at the time; it was an easy way to claim that a large company had obtained licenses from SCO.

Given the subsequent revelations, one would expect the press to be looking into false statements of "Linux license" sales. There is also the interesting question of just why the Canopy Group felt the need to push Linux licenses in this way. Canopy claims to not be a part of SCO's crusade, but events like this suggest otherwise. Instead, however, we got headlines like:

CA signed Linux license from SCO Group (Forbes)
CA named as SCO licensee (InfoWorld)
Computer Associates Signs Licenses from SCO to Use Linux (Dow Jones)
CA-SCO deal a blow to Linux (ITWeb)
Computer Associates pays off SCO (Slashdot)

For quite some time now, the SCO Group has been very well treated by the media. Many of its claims have gone unchallenged, and even the company's goofiest statements get wide coverage. Thus we hear that Darl McBride's enemies are out to kill him, but important little details, like the fact that SCO dropped the trade secret claims that were at the core of its initial suit against IBM, somehow don't get covered. One can only guess that SCO v. IBM as a "David v. Goliath" story makes for better headlines.

Even so, the world beyond the free software community is clearly beginning to figure things out. Consider the latest from the Motley Fool:

With dwindling cash and the entire industry ready to fight, the company looks like it's treading thin ice during spring melt. Given the ham-fisted efforts of its law team, and its haphazard legal strategy, I wouldn't bet that any amount of litigation will keep SCO above water.

The questions asked by reporters at the March 3 conference call are also telling: they aren't buying it anymore. To really see how the SCO PR battle is going, however, one should take a look at the company's stock price.

Anybody who was paying attention during the dotcom bubble knows better than to attribute too much rationality to stock prices. That notwithstanding, a stock market is an efficient machine for integrating the opinions of a large number of unrelated people. SCO's stock price peaked briefly at $22.29 in October, when the BayStar deal was announced. At that time, the company's market capitalization was a little over $300 million. Given that SCO has no business left other than its Linux-related litigation, its stock can be seen as a sort of call option on SCO's lawsuits. Even at its peak, SCO's stock price represented a perceived chance of collection of less than 10%. If the company were truly set to collect billions, it would not be valued in the millions.

As this article was being written, SCO's stock has fallen below $10/share for the first time since July. The value of the call option is clearly declining.

Since stock prices are interesting as an indicator of public perception, we have prepared an annotated chart correlating the company's stock price against various events from the last year. It shows how the public view of SCO has gone up and down and the correlation with the actions of SCO and others. SCO may yet manage to engineer another increase in its stock price, but it seems unlikely to get anywhere near the highs of last October. If SCO's actions are truly part of a stock scam, it would appear to have failed.

Most readers will be familiar with the Halloween X memo leaked to Eric Raymond. The memo is for real, but SCO claims that its author, outside consultant Mike Anderer, misunderstood the situation. It has, regardless, caused the wider world to look again at Microsoft's relationship to SCO, and may have played a part in the recent stock decline.

Meanwhile, SCO has filed its memo in opposition of Novell's motion to dismiss the "slander of title" suit. SCO maintains that the asset purchase agreement was sufficient to transfer the Unix copyrights, and that it has, indeed, suffered damages from Novell's actions. SCO is also trying to get the case moved back to Utah state court after Novell moved it to the Federal court. The Federal court is the same one which is hearing the IBM case; perhaps SCO has decided it no longer wishes to try its luck there.

Comments (4 posted)

EU Intellectual Property Rights Directive passed

On March 9 the European Parliament passed, without amendment, the "Intellectual Property Rights Enforcement" directive under fast-track procedures. This directive, which worries free software advocates and others (see this FFII page for the details), is expected to be passed by the European Commission shortly. At that point, the battle shifts to the individual EU member states, each of which must pass its own implementation legislation. Concerned Europeans will certainly want to pay attention to what is happening in their countries as this process goes forward.

LWN.net Weekly Edition for March 11, 2004

gdk-pixbuf: buffer overflow

kdelibs: cookie disclosure

mozilla: multiple vulnerabilties

python: buffer overflow

sysstat: temporary file vulnerability

wu-ftpd: two vulnerabilities

apache2: Denial of Service vulnerability

CUPS: denial of service

Filename disclosure vulnerability in fam

fetchmail may crash on specially crafted message

GnuPG: ElGamal signing keys compromised

gtkhtml: malformed messages cause crash

iproute: local denial of service

kdepim: VCF file information reader vulnerability

kernel: local root exploit

kernel: local root exploit in 2.4.22

kernel-utils: setuid vulnerability

libpng, libpng3: buffer overflow

libtool - Insecure handling of temporary files

libxml2 - arbitrary code execution

mailman: cross-site scripting vulnerabilities

mailman denial of service

mc: arbitrary code execution

metamail: integer and buffer overflows

mikmod: buffer overflow

mod_python: denial of service vulnerability

mpg321: format string vulnerability

mplayer: remotely exploitable buffer overflow vulnerability

mutt: buffer overflow

Nessus NASL scripting engine security issues

netpbm: insecure temporary files

nfs-utils xlog() off-by-one bug

openssh: timing attack leads to information disclosure

perl information leak

postfix: denial of service vulnerabilities

PWLib: possible Denial of Service

rsync - remotely exploitable heap overflow

screen: privilege escalation

File overwrite vulnerability in tar and unzip

tcpdump: flaws in the ISAKMP decoding routines

Multiple vendor telnetd vulnerability

util-linux: information leak in the login program

xboing - buffer overflows