Slashdot Mirror

Here, and be careful he might be reading what you say.

This issue came up last June; LWN had a talk with maddog and covered the story back then. It's kind of surprising to see a big deal of it being made now... In short: the licensing terms have changed a bit (see the articles for the reasons) but the core rules regarding the trademark have not.

• That idiot is behind samba
• reverse engineering bitkeeper is a big word. Look at what he did: http://lwn.net/Articles/132938/
• he merely was trying to get more information from the bitkeeper repository. He wasn't satisfied with the bitkeeper-to-cvs bridge that BitMover offered because it was losing information on its way. He assumed that the lost data was owned by the user, so that he had the right to get it. That may be against the license, but he didn't have to force to reverse engineer the protocol as the bitkeeper repository itself allowed to be cloned remotely using very simple commands.

You might be surprised to say I agree with your logic. However, when the future is so murky on the course of actual events might be, can the option of doing nothing be the best? The problem is many people expect to be told the "answer", when one simple answer more probably does not exist. [If you have a subscription look at the first item on the front page of linux weekly news for the past week, http://lwn.net/Articles/146412/ "Interview: Eben Moglen", which I have not yet read fully, however, seems so far to be a cogent argument for pursuing the path of patents.]

In my view, doing nothing is not an option. Whether this will suffice or even be effective counter force is still an open question.

In my opinion Linus.

Remember Perens was co-founder of the Open Source (Foundation/whatever), whose goal was to entice commercial interests to open source. Perhaps a bit too successful, but the point is afterwards he belatedly recognized "Open Source" effort was at least partially misdirected.

While I know too little about UserLinux, there is a critique of Perens' role: http://lwn.net/Articles/146959/#Comments

read the comment under the name of syntaxis, which has a quote from back in March but "... Sarge has been out for ages now and UserLinux still hasn't released ...". In a link in the comment Perens says he is awaiting only release of Sarge.

[Regarding this portion of lwn.net - guests even posted here, you need not be a subscriber to read the comments.]

Er, no. EV1 (aka Rackshack) bought a SCO license, but Google doesn't turn up anything about Rackspace. I think you've just gotten the names (Rackspace vs Rackshack) mixed up.

- Intelligence comes handy when one is 5 level deep in a nested function (which can't be simplified) and trying to add another 2 levels at once.

Yeah, I'm sure it does. Or maybe that good inteligence should not be wasted on 7 level deep functions that need rewriting anyway?

Now, some people will claim that having 8-character indentations makes the code move too far to the right, and makes it hard to read on a 80-character terminal screen. The answer to that is that if you need more than 3 levels of indentation, you're screwed anyway, and should fix your program.

I suppose it's obligatory for me to note that LWN's kernel summit coverage talks about the development model changes - and many other things.

I didn't know about the Linux symposium. I would have gone.

http://www.contractors.com/sp/windowsvista.html

http://www.vistawindowco.com/about_vista.php

this one is cool:
http://lwn.net/Articles/130168/

and more

That's why I believe in the BSD license. Code under the BSD license can still be commercially exploited. That means you can still make money off it. And that means smart people will continue to write and use it.

So I guess all of these people are fictional. There's no way they could be getting paid to develop the GPL licensed Linux kernel. Except that most of them are. And that's just one project. Proprietary license fees are neither the only nor the best way for poeple to pay for effective software.

I reject your reality, and substitute my own.

Apparently so.

Slashdot has tons of anti-MS bias, though. Linux definitely has it's fair share of security problems. They're just not as widely publicised. (I am one of the dual users you speak of).

Steady on there; there may be hope for Linuxfund yet.
This newsforge report on LInuxfund,
which I found via Linux Weekly News,
appears to be the most up-to-date report on the project.

Yet another dupe but whats worse is it seems to be another platform being used by "Whitedust" to media whore and put their name out there. Just take a look at this ridiculous press release.

Essentially, whenever Reader 5.0.9 or 5.0.10 opens a PDF file, it creates a randomly named duplicate in /tmp which can then be read by other users with the appropriate permissions, which makes it a local file disclosure vulnerability.

So in version 7, I see that it creates the temp copy in RAM (mkstmp()), but now its vulnerable to be read in a much different way. On Hyperthreaded processors (i.e. multicore from Intel), since the processor itself has a shared cache, both cores need to be able to read from it. If one core opens the pdf, any process running on the other core can read the contents as they pass across the cache. Oops!

In addition to the recommended upgrade to version 7, there is a version 5.0.11 which addresses this issue, otherwise, nice troll.

As others have mentioned, the recommended upgrade also adds some defaults to a new feature that allows the pdf to "phone home" when opened. Sure, 5.0.11 fixes the flaw, but 99% of the users who are asked to upgrade will try to find the latest version they can, and upgrade to that. In this case, that means the "phone home" version.

That's progress. Of a sort.

http://lwn.net/Articles/139914/

BSD-like for code that either isn't terribly interesting or important enough to care about it being embraced and extended or code that represents a canonical implementation of a proposed standard that it is hoped will be widely adopted. Yes, even by Microsoft.

GPL-like for interesting and unique code that presents a "Unique Selling Point" for Free-as-in-speech software. Organisations that want use it to reduce development costs and to later redistribute products need to accept the author's terms, or get off their arse and develop their own equivalent code.

LGPL-like for code that would, if it weren't for its intended usage, be otherwise licensed as GPL-like above, but it's better if it's widely used. Yes, even by proprietary applications.

MPL-like for 'donated' code for which the original author wishes to reserve rights for themselves that they don't necessarily wish to grant to others. Their code, their right to choose. If you don't like it, play somewhere else.

None of what I've written above is original, even rms has said similar things in the past.

Conceivably, I can accept (and even hope for) the theoretical possibility that the time will come when everyone accepts that Free software is here to stay and that no-one wishes to try to selfishly exploit it. Just like the possibility that one day humans will learn to treat each other with respect and consequently, police forces, weapons, property rights and even laws are no longer necessary to deter unwanted exploitation. Sadly, that day is not yet here. And that's where I disagree with esr.

and have a read of why the interrupt problem isn't a problem anymore, at least on Linux. Note the date too - October 2001.

LWN.net

NAPI has been implemented in the kernel.org kernels for a number of years now.

Mostly true, I admit. But check out fish. Really! I am not biased by the fact that I am the main author. :)

Some of the new features in fish include a much nicer history, descriptions for tab completions (like when tab completing a manual page, the description is the whatis information on the manual page), tab completions for the options to many common commands, a good pager for browsing long lists of tab completions, syntax highlighting with error flagging of many common errors such as misspelled commands, misspelled options or reading from or appending to a non-existing file, X clipboard integration, a saner language syntax.

Read this article for more information.

Why should not a commandline interface use syntax highlighting to improve readibility and highlight errors? And yes bash does have programmable completions, but there are a lot of possible improvements, like descriptions of each completion (when completing a maunal page, show the whatis information for the manual page, etc), a better pager for completions, etc.

I really think bash lacks a large number of useful features. But then again, I am biased, since I have written a shell my own shell. But before you say that bash is 'good enough', I think you shouuld read this article for a description of some of these features my shell has.

Whell, Posix shell is a pretty bad language, for one thing. Read the second half of this article for my opinions on why Posix is bad.

I think there are a lot of room for innovation in the CLI market. How about syntax highlighting? Or better integration with the GUI? A better completion mechanism? A visual shell, with a visual tree representation of the filesystem for quick directory selection?

A few of these ideas can bew found in fish, which you can read up on here.

I've written a Unix shell that aims to have a lower learning curve than traditional shells. It does this by having a smaller and simpler syntax, and integrated help features.

There is an article about the shell here, and the shells homepage is here.

Microsoft's rival in this area is shaping up to be Xen [...] Xen doesn't yet support Windows, however

AFAIK Xen actually does support Windows, and it's not exactly a rival because it was originally sponsored by Microsoft Research - here is a relevant link

Having said this, I'm still convinced that full virtualization is the wrong approach and the separation technologies such as Linux VServer, FreeBSD jails or Solaris Containers will ultimately kill hypervizors.

Except that Yellow Dog has already said that they aren't going to transition to x86, they're sticking to PPC. Yes, it's possible that this divergence will decrease sales to the point that they go out of business, but they seem to think it will increase their presence in the xserve market.

What it means is that a new copy of sshd is exec'ed for each connection after the master sshd fork()s to handle the connection. Previously, the forked sshd would just handle the whole session. It starts off as a literal copy of the address space of the parent and stays very similar throughout its life.

Now should there be some kind of vulnerability in sshd, an attacker can connect, get a new fork()ed copy of the master sshd and attempt to guess whatever they need to successfully exploit it. Should they guess wrong, their sshd will likely crash, but they can just connect, get another (identical) copy and try again.

Some systems (eg OpenBSD and PAX-based Linuxes like Adamantix) shuffle various things up (library offsets, stack location, ProPolice canaries, whatever) at exec() time. In the case of sshd, re-execing after the fork() means that instead of being able to linearly scan through the possible values needed to conduct the attack, the attacker has to guess the right ones for their current connection. Basically, instead of multiple shots at a stationary target, the attacker is now faced with an environment with lots of moving targets, all of which must be hit in order to conduct a successful attack. This should make it much harder to conduct the exploit.

For a look at those moving targets, see Theo de Raadt's Exploit Mitigation Techniques paper.

stolen from the comments here:

http://lwn.net/Articles/134531/

I've dealt with Linux security enough to know security is work for any OS, especially when you are not just running servers for developers or apps. When you get into linux desktop users, security takes a lot of work and attention.

The FSF currently advises free software developers to get defensive software patents (Eben Moglen mentioned this during linux.conf.au, as reported partway through the article about his talk on this page). Of course, there's a difference between simply not asserting patents and licensing them under appropriate terms. It would be nice if the FSF were to propose a license for making patents available to GPL code, so that we get actual standardized licenses instead of vague statements.

Not difficult.

Nokia seems absolutely pro-swpat. Their patent department has done lots of lobbying in conferences and in the European Parliament. We encountered the head of their IP department, Tim Frain, in Bournemouth in summer 2002. Participants at the conference easily demonstrated that his arguments are economic nonsense. http://swpat.ffii.org/gasnu/nokia/index.en.html

Campaigners are opposed by representatives from large companies, including Nokia, which the FFII reports is engaged in energetic Pro-Patent Lobbying Efforts. Nokia argues that software patents "provide incentives to undertake research and development in Europe, and to promote licensing and technology transfer". http://www.theregister.co.uk/2004/04/13/eu_patent_ protest/

Meanwhile, lobbyists in favour of software patents are also gearing up
for the fight. FFII has obtained a copy of a round-robin letter being
circulated by Nokia's Tim Frain (Nokia/Southwood) and Dany Ducoulombier
(Nokia/Brussels) for pro-patent signatures before April 8th. The letter
calls on ministers to drop their objections, and to support a draft text
issued by the Irish Presidency on March 17th. http://lwn.net/Articles/79930/

I have no idea what point you're trying to make, but either way you are wrong.

If you're trying to make the point that people would be "screaming bloody murder" if distros released fixed without known exploits, you are wrong. For examples of *tons* of vulnerabilities without known exploits that have been patched by individual distributions, just take a look at this page:

http://lwn.net/security

You'll see that in general there is no coordination whatsoever between the distros. But no-one has screamed bloody murder.

If you're trying to make the point that people would be "screaming bloody murder" if distros released fixed for vulnerabilities *with* known explots without co-ordination, you are also wrong. In fact, just the opposite would happen -- if there is a known vulnerability, people want their distros to fix things ASAP, not sit on their asses until every other distro plus upstream has time to fix.

So, either way you are totally and unequivocally *wrong* about anybody screaming bloody murder about distros doing to Mozilla what Mozilla is doing here. Both happen routinely, and your stupid +5 comment is only misleading people.

Suck it up, admit that you are WRONG, that what you said HAS NOT A GRAIN OF TRUTH TO IT. Instead of trying to save face by playing word games, you need publicly correct your mistake instead of trying to cover things. You are being an asshole.

If Microsoft buys RedHat, three things will happen:

(1) Fedora and all the good will of open source developers towards RedHat will dry up.

(2) The expectation is that, RHEL and Fedora will be gutted or hobbled (no matter what Microsoft says), so current users will look to alternatives.

(3) RHEL clones (see http://lwn.net/Articles/129698/ ) would recieve the bulk of the community behind RHEL, and Fedora's community would migrate to Ubuntu or some offshoot of Ubuntu that has a focus similar to Fedora (e.g. multiple CDs, SELinux ported, Fedora tools ported).

http://lwn.net/Articles/77074/

Linux recently added write barriers. I don't know if it helps but it looks like its related

GCJ can compile java code for the platforms supported by GCC - way more than Sun's offerings or other propietary VMs.
Red Hat is paying people to support OOo 2.0 with GCJ. And GCJ 4.0 is already quite good...

Indeed, the problem is big. Some BSDs don't have java, linux ppc users either. Right now Java's "portability" is a joke with Sun's VM, even if it was free as in speech.

That's why GNU classpath & GCJ is important. It will provide us with a free (as in speech & beer) java VM for those who doesn't want to use Sun's VM (linux users, basically). Redhat is putting lots programmers & money behind of GCJ and collaborating with tons of community-based projects - they really want a free java. In fact, Redhat has some people hacking on GCJ to support openoffice's java features.

Actually, GCJ 4 is one of the GCC 4.0 greatest features, here is an article about why it's so great. They've achieved almost all Java 1.4 important features and there's work ongoing to support 1.5.

And GCJ does support, in fact, MORE architectures and operative systems than Sun's propietary offerings - yes, more. It's what will make java truly palataform-independent. GCJ is part of GCC, so it supports the platforms that gcc supports - much more than Sun's VM or other propietary VMs

LWN reviews RHEL clones

This guy doesn't know what he's talking about.

Probably. Dunno since I stopped RTFAs a while ago.

However, the IBM PowerPC 970FX aka Apple G5 processors have had NX for a while. Partial Linux support already exists. Check it out.

http://lwn.net/Articles/126862/

I like the 970FX (apart from its tiny cache). Shame Apple has a monopoly on the desktop systems, and you have to buy their OS to run Linux on one.

OSes like Linux or MacOS don't do them on any architechtures.

Linux does support limited stack and library randomization. However, there are questions as to the effectiveness of these techniques.

The migrated code originated from V7, not BSD. (It is under BSD license by now, anyway.)

Should you be curious, I've posted the slides to my talk on LWN.net.

ZDNet UK reports that the City of Munich has chosen to migrate its 14,000 desktops to Debian.

If the licensing is so heinous that an open source project can't accept it

It isn't a problem for open source projects. They can already access the data. Well, those outside the US anyway, and people inside just need to download from outside...

It's Adobe, a proprietary US company, that's having problems.

Fortunately, outside the Land Of The Free(tm), anyone can access Nikon's encrypted data with a simple GNU/Linux application

• Permanent loss of storage space -- This is simply not a problem in modern filesystems, but old filesystems like FAT or dawn-of-time Unix filesystems would run into this problem.
• Performance hits resulting from files which exist across different areas of the disk (thus, requiring head motion).

mke2fs -m 0 /dev/ram0
mount /dev/ram0 /media/ram

The source for git is available online at:

I'm having some difficulty wrapping my head around what git is and how much functionality it provides that is needed to do SCM. My take on this is that git can be thought of as a low level SCM repository kernel that can implement a particule file structure (optimized for directory content management) that leads to easy replication, distributed file system with no worries about file corruption (unless you are really worried about SHA1 collisions). Git is not yet a SCM but a work in progress of the repository layer.

Anyone familiar with ClearCase (a proprietary SCM now owned by IBM) is aware (possibly painfully so if they were invloved with administrating it) that it uses its own proprietary file system (which it calls VOBs). ClearCase has replication capabilities so there may be some degree of overlap in the basic concepts between ClearCase's lower level VOB layer and git.

There's more to do on top of git to make it part of a polished SCM system. I expect just as Linux has multiple Desktops (KDE/Gnome/xfce) there will be multiple git front-end clients to use the git utilities (API) to manipulate the contents of a git repository using your favourite language (Perl/PHP/Java/...) along with utilities to provide gateways to/from other SCM repositories such as CVS.

Fedora Core 4 has literally been waiting for this.

From Feburary: http://lwn.net/Articles/124798/

That article includes the question/answer:
- Does that mean Fedora Core 4 will ship with a pre-release compiler?
We're not *that* crazy. If GCC 4.0 is delayed, we will either revert, or slip.

Actually, Arch is integrating git

Consistent, then:)

[In reply to disappointed patch contributors a few years ago Linus once explained that people wanting a builtin kernel debugger should get over the fact that he was bastard and proud of it.]