Slashdot Mirror

this is a cut/paste of this article. Unless you actually wrote it, don't copy with no reference.

http://lwn.net/Articles/84583/

It just so happens that LWN.Net talked about this recently.

And remember
Microsoft = "Free as in Drugs"(*)
BSD = "Free as in Beer.
Linux = "free as in Speach.

(*) "With Microsoft, the first hit is always free - remember that all your life. They're going to all these different websites and having them become .Net websites. They say they're not going to make any money. For now, they'll not charge you for access to your Passport environment. Maybe soon they'll charge you $50. That's $50 that they're charging you for info that they stole from you." -- Scott McNealy

What do you have to say about Linux being able to this for a single system image, eh?

swpat game is not yet over nl parl might revoke the minister's vote Even after that there's second reading, but it's better to stop at this stage. (Doing the same as the dutch in your country might help ;)

Yep, that's right, the distrobution that was out before kernel 1.0 is now considered Yet Another Distro.

e-e

the best image viewer to date is XV

BTW it is a shame that both KDE and GNOME hasn't come with anything better.

The NX flag was only announced 18th March, so I'd say that was 'quickly', not 'finally'. It only made it into Linux 20 days ago

A gross misunderstanding caused by the English translator.

Same paragraph in the original French article:
Il précise qu'il a rencontré de nombreux acteurs du secteur et estime que les logiciels libres, de type Linux, OpenOffice, Mozilla, Apache, MySQL, Evolution, constituent aujourd'hui une "solution très crédible", "en particulier en terme de sécurité", portée par des entreprises "solides et innovantes".

Roughly translated, ``He [Dutreuil] states that he has met many stakeholders of the sector and founds that free software --as Linux, OpenOffice, Mozilla, Apache, MySQL, Evolution-- conforms `a very credible solution' nowadays, `particularly in terms of security', supported by `solid and innovative' companies.''

A gross misunderstanding caused by the English translator. Same paragraph in the original French article:
Il précise qu'il a rencontré de nombreux acteurs du secteur et estime que les logiciels libres, de type Linux, OpenOffice, Mozilla, Apache, MySQL, Evolution, constituent aujourd'hui une "solution très crédible", "en particulier en terme de sécurité", portée par des entreprises "solides et innovantes".
Roughly translated, ``He [Dutreuil] states that he has met many stakeholders of the sector and founds that free software --as Linux, OpenOffice, Mozilla, Apache, MySQL, Evolution-- conforms `a very credible solution' nowadays, `particularly in terms of security', supported by `solid and innovative' companies.''

If you'd been reading lwn.net you would have already noticed their link to a Bloomberg article, written in english, which covers this.

Take a look at this article at Linux Weekly News

-jim

It's interesting considering that Symantec was considering (or at least said they were considering) switching to linux recently.

Here is a brief article.

It must be a wonderful discussion, because as pointed out by Nathan himself: It's a safe place to rant without being contradicted by apologists, toadies, people worried about their unwise career choices, or even facts.

>Does that mean there will be significantly fewer articles about Transmeta?

Actually, he left Transmeta... over a year ago, in order to concentrate more on his Linux kernel work.

-- tabris
-
Bet nobody with modpoints will read this.

Yeah, those distro's memory / CPU / ... requirements are going up. So? They're not the only ones you can choose from; lwn.net's distribution list lists more than 300, from specialized to general, from small to big, and from "for pros" to "for my grandma". The same holds true for GUIs, too - there's more desktop environments than just KDE and Gnome, and there's more GUIs than desktop environments, too. fvwm2 may not be everyone's favourite, but there are *many* different window managers to choose from, and with a bit of time invested, you'll find the one that is just right for you (and your computer). The real problem, I think is that users (even those posting on slashdot) have inconsistent requirements: they do want all the eye candy, nifty features and slick-ness of a modern distro, but at the same time, they also want to be able to run it on older hardware without a slowdown. Think about it - it's not gonna happen, and that's not the fault of those creating the distributions. It's just a fact of life. Get over it and accept it.

if he could read the absolute shite that Brown is spewing from his asshole. From what I've seen of that response, the cheeky bastard thinks that it's high comedy to slander Torvalds and misquote Tanenbaum. Warn the American government about "hybrid source" software??? Right. They already know: It works much better than the closed source model.

To wit: Open Source and Viruses, which I'm certain will receive much attention on Slashdot very soon.

Whilst googling for another place to download the ISO (I'm late to the party and the agnula.org site is smoldering), I found this mailing list announcement that mentions their French Mirror, graciously hosted by IRCAM:

http://freesoftware.ircam.fr/mirrors/agnula/1.1/1. 1.1/demudi-live-cd_1.1.1.iso

Now that my download is almost complete, I feel I can share the love.

Most of slashdot readers already know that there are a bunch of modified firmwares for the wrt54g such as this one. You should also be aware to realise that they are already backdoored/rootkit version (custom version of teso's adore of the wrt54g which will hide specific clients, processes, mac address and connections. It should also be noted that vulnerable linksys access point are trivial to detect using kismet (runs on linux, *bsd, zaurus, wrt54g) or kismac (runs on Mac OS X).

Last time I tried Inkscape I was surprised that no support for Layers could be found. IMHO Layers is an essential feature in any decent modern graphic editor. And what is the deal with the "Spiral" tool as a main drawing tool? Does anybody ever have a need for a spiral drawing tool? In my eyes it seem like the featureset is more determined by the inherent capabilites of the SVG format rather than the needs of the users.

But OK, OK... it may be because my need is for technical drawing tool more than an artistic drawing tool. You may also read the opinions in the The Grumpy Editor's diagram editor followup

Because (IIRC) Opterons scale much better than Intel chips in a multiple-CPU environment.

No they don't

Unfortunatly I caught this story too late It would have been nice for people to see the solution I used posted from here

Boot from the Rescue CD (there is no need to start networking or mount drives) (at the boot: prompt type "linux rescue") Issue the command: fdisk -l /dev/hda to print the current partition table to screen in non-interactive mode.
Write down the drive geometry as reported at the beginning of the output from fdisk. This is reported as number of Cylinders, Heads, and Sectors (hence the name CHS).
You can now reboot the computer by simultaneously holding down the keys Ctrl-Alt-Delete.
You can now boot the Fedora Core 2 installation CD. At the first menu prompt you should now choose to run the installer with the known geometry.
Example: linux hda=14593,255,63
The installer should now run normally and not alter your partition table geometry entry. If, for any reason, this geometry should be changed regardless of this preventative step, please use the recovery steps to correct the geometry of the drive as reported by the partition table.

I have confirmed this works with no problems and is safe, just make sure you get into the shell for fdisk -l as soon as you can, if you go too far into the install you'll hit the bug, the idea is to get everything copied before parted uses the bogus values.

Having read every comment on bugzilla about Bug 115980 it sounds to me like the bug most likely is in Windows. On some machines Windows will create an incorrect partition table. FC2 will correct the partition table, and Windows stops booting. But a few of the latest comments suggests that it might be a bit more complicated than that. Because the problem doesn't happen immediately at install, but first at the first boot of either Windows or Fedora. It is unclear which of the two trigger the problem at the first boot. It seems very few people are able to reproduce the problem, which means it is not easy to track down. Instead of whining anybody who has this problem should help finding the cause. And finally another article on lwn mentions that no data loss happens unless you start doing something stupid.

So he found a similarity in ctype.h. Of course that could not have been stolen from Minix. It was stolen from SCO. Unless there is another explanation for the similarities.

Where is the MS Bashing taking place?
Mind you I've only read 3 comments so far - so I can't say wether you are over-reacting or not.

The article in itself is just a very interesting one.
Carrying the same amount of technical curiosity (and awareness)
as when proof-of-concepts viruses were written for Linux.

There is also a story going on about Symantec considering a Linux switch (I find that interesting news too). And again Slashdot does post a LOT of (shall-we-say) pro MS-articles too. I wont enumerate here, unless someone really wants me to.

Now if the bad posts upsets you - you can always filter by threshold; *sometimes* it works -
I personally prefer seeing everything (-1) including ignorant/thick/mediocre posts - I find them amusing.

That was a decade ago. 65+ floppies to enjoy Slackware 2.1 with a 1.1.59 kernel in 1994. I think I remember 1.0 coming on 24 diskettes.

Small historical Slackware archive.

To quote Linus Torvalds:

People have been pretty good (understatement of the year) at debunking those claims, but the fact is that part of that debunking involved searching kernel mailing list archives from 1992 etc. Not much fun.

Unlike early post BSDi development of the "free" BSD's, almost all of the Linux kernel development took place in the open and over the internet.

In comparison Microsoft has "lost" the source to MSDOS and "deleted" CEOs email from it's servers. There is NO real public provenance to the source code to most of Microsoft's products. If this is, like the threat from patents is an issue then Linux is in a better postion than its competitors in the market.

Here is the full posting by Linus and the live comments thread on LWN: [RFD] Explicitly documenting patch submission

And that someone would be Andrew Morton.

According to the alerts below, Fedora Core 2 has these vulnerabilities, and furthermore, they can lead to arbitrary code execution:

FC2 CVS alert

FC2 Subversion alert

I can understand that a buffer overflow can cause a DoS (e.g. crashing a daemon), but how can it lead to arbitrary code execution with FC2's kernel-level stack protection? Is this just a cut and paste typo from alerts of older distros?

According to the alerts below, Fedora Core 2 has these vulnerabilities, and furthermore, they can lead to arbitrary code execution:

FC2 CVS alert

FC2 Subversion alert

I can understand that a buffer overflow can cause a DoS (e.g. crashing a daemon), but how can it lead to arbitrary code execution with FC2's kernel-level stack protection? Is this just a cut and paste typo from alerts of older distros?

Data execution prevention (DEP) marks all memory locations in a process as non-executable unless the location explicitly contains executable code. There is a class of attacks that attempt to insert and execute code from non-executable memory locations. Data execution prevention helps prevent these attacks by intercepting them and raising an exception.

Data execution prevention relies on processor hardware to mark memory with an attribute that indicates that code should not be executed from that memory. Data execution prevention functions on a per-virtual memory page basis, most often changing a bit in the page table entry (PTE) to mark the memory page.

The actual hardware implementation of DEP and marking of the virtual memory page varies by processor architecture. However, processors that support data execution prevention are capable of raising an exception when code is executed from a page marked with the appropriate attribute set.

Both Intel and Advanced Micro Devices (AMD) have defined and shipped Windows-compatible architectures for data execution prevention. Windows supports DEP on the AMD64 platform and Intel Itanium Processor Family (IPF) processors.

The 32-bit version of Windows (beginning with Windows XP Service Pack 2) utilizes the no-execute page-protection (NX) processor feature as defined by AMD. In order to use the NX processor feature, the processor must be running in Physical Address Extension (PAE) mode. The 64-bit versions of Windows uses the NX processor feature on 64-bit extensions and certain values of the access rights page table entry (PTE) field on IPF processors.

It is hoped that future 32-bit and 64-bit processors will provide data execution prevention. Microsoft is addressing possible compatibility issues with existing applications and drivers while working with processor vendors to encourage the adoption and development of DEP technologies.

--Here you go:

Kernel Traffic

Linux Weekly News

Linux Kernel Mailing List Digest (from google, not tested by me)

--Try and find a site that details the inner workings of the NT kernel, on a weekly or any regular basis -- really -- I dare ya. If you can *find* the date on the NT kernel file, compare it with the downloadable kernels that you can find here:

Kernel.Org

> csound is only free for non-commercial use

No, this was changed recently. It's now LGPL: http://lwn.net/Articles/31840/

Its documentation is also under the GFDL now.

One reply mentioned kerneltrap.org, which is excellent. I also recommend lwn.net's weekly edition, which is available initially only to lwn.net subscribers. It becomes freely available to everyone one week after its initial publication date every Thursday. Not only does it cover weekly news in Linux (the kernel, here) but also in security, noteworthy applications and announcements from OSS land and distros in particular. Look here for last week's edition, and note how concise yet illuminating Jonathan's style is. Please subscribe; lwn.net kicks major butt.

The whole paper appears to be centred around the idea that the GPL is a contract. Most people seem to think the GPL is actually a licence, not a contract - this kind of makes the whole paper useless, in my opinion, and is what led to the confused conclusion.

http://lwn.net/Articles/61292/ is a useful discussion of the difference, once you accept it as a licence the whole discussion of "enforcability" kind of goes out of the window.

Your in luck. I've been looking for something similiar and I bothered to search the web.

A grumpy editor's calendar search
Enterprise Solutions Overview
Open Source Overview
Linux Links

Freshmeat is always worth a look too. The biggest problem I found was too much choice.

So far I've tried Chronos but I found that not all it's CPAN dependancies were resolvable for me. I've also tried MyCalendar.
It's nice and simple, accessible via the web, but unfortunately it's webpages are too big to fit in my cellphone's memory. My ideal solution would serve up some tight WML when necessary and possibly be accessible via Outlook for my secretary.

So, I haven't found my ideal solution yet.

If anyone has any opinion on the other web calendaring solutions, please share...

Stacey Quandt joined OSDL as principal analyst in September 2003 - press release.

LWN coverage of the appointment.

Quandt appears to no longer work for OSDL as she is credited in the featured article as "Stacey Quandt Industry Analyst, Quandt Analytics". Her bio at the bottom of this newsforge story also describes her as no longer working for OSDL. Would be interesting to know her reasons for leaving.

BUT... the linux kernel developers need to get over their fanaticism about open-source drivers.

Sorry, but this "fanatacism" that you speak of is the whole reason that the open-source movement is going as strong as it is today. Closed-source proprietary software sucks, but it *really* sucks when it's the operating system kernel and drivers.

I think it was Rob Malda who said at Penguicon that his personal picture of ideal software licensing looks something like an inverted pyramid. At the lowest level you have firmware and the OS kernel, which should be as open and free as humanly possible. As you go higher, you have a whole lot more software that depends on the lower levels but gets more and more specialized and is used by fewer and fewer people. At the very top, you have ultra-specialized apps that are closed-source and the developers can charge whatever they want for them because they tend to serve extremely narrow markets and the companies that have the cash to spend on them.

Closed-source kernel modules have no place on this map. In my opinion, GPL'd kernel modules don't even have a place on this map, but I can tolerate it to some extent. I see little difference between closing wireless drivers to prevent FCC violations and banning the possession of knives to prevent stab wounds. Those who have a strong desire to violate either most often find a way to do so, and those with a legitimate reason to have access to them just have to suffer.

Also note that this isn't just fanaticism, it's also about legality. Technically, you are violating the GPL by loading closed-source modules into GPL'd software (e.g. the Linux kernel). Read Linus's take on it.

• it's hard to notice when something is not there.
• people tend to push these farther and farther away from the actual usage, so they get confused about what has been escaped. It's hard to maintain clear contracts between functions about something like this.
• even if you're diligent when writing the initial code, it's easy to slip when applying patches

So I think a new approach is needed. One where you don't mix instructions and data so easily, or flag them more readily.

With SQL, this has been around for a while: bind variables. Your SQL queries tend to be static with ? thrown in (or :foo for named bind variables). In Perl, it looks like:

my $sth = $dbh->prepare('select * from mytable where foo = ?');
$sth->execute($foo);

Not everyone is using bind variables, and I don't know why. One reason may be that positional bind variables can be confusing: they require you to correlate two lists in your head to position the correct variables in the correct spots. Not all language/database combos support named bind variables. (JDBC doesn't!) But they can be emulated - that's one reason I made xmldb.

For HTML, it's more rare to find something that does this. Apache Cocoon does, but it's grotesquely complex. I'm working on a simpler system, though it's not ready for production. Here's the idea: my files (XFP) are to a SAX ContentHandler as JSP is to a byte stream.

I like SAX because it's a way of making XML that does things right. Instead of doing something like:

out.println("<elem a=\"" + foo + "\" b="blah">Blah: " + bar + "</elem>");

AttributesImpl attribs = new AttributesImpl();
a.add("a", foo);
a.add("b", "blah");
out.startElement("elem", a);
out.characters("Blah: " + bar);
out.endElement("elem");

<elem b="blah">
<xfp:attribute name="a">foo</xfp:attribute>
Blah: <xfp:expr>bar</xfp:expr>
</elem>

<elem a="{foo}" b="blah">Blah: {bar}</elem>

My code is all Java. But the concepts should apply to PHP, Perl, Python, anything.

Anyone else working on a system to solve this problem? I'd be interested to share ideas.

LWN ran a story about the Utah anti-spyware law last month. A number of parties objected, but don't appear to have any legitimate grounds for complaint. The law doesn't ban spyware outright, but requires that spyware explain to the user what it will do, and obtain the user's consent before doing it. Only naughty people/companies should have a problem with that.

The LWN story links to an excellent analysis of the law by Benjamin Edelman.

Fortunately he wrote an article answering that exact question a while back for lwn.net

So you might ask yourself: Why is there a sudden rise in pushing for GPL enforcement by the netfilter/iptables project? The remainder of this article will try to give you an answer from the project's point of view.


PS: Subscribe to lwn.net. They're good people.

Fortunately he wrote an article answering that exact question a while back for lwn.net

So you might ask yourself: Why is there a sudden rise in pushing for GPL enforcement by the netfilter/iptables project? The remainder of this article will try to give you an answer from the project's point of view.


PS: Subscribe to lwn.net. They're good people.

Because the GPL does not require any promises in return from licensees, it does not need contract enforcement in order to work.

This reminds me of the many times ESR defended VA Linux, on his way to becoming rich and then normal again.

This reminds me of the many times ESR defended VA Linux, on his way to becoming rich and then normal again.

FFII's lastest political situation report has some pretty choice things to say about about it:

"All of Europe's innovators, including individual inventors, small and medium size enterprises (SMEs), as well as large multinational companies, require patents to protect their inventions, provide incentives to undertake research and development in Europe, and to promote licensing and technology transfer", claims the letter.

"Nokia doesn't seem to be counting Opera among the European innovators", comments Håkon Wium Lie, CTO of Opera Software Inc, an innovation leader in the web browser market and producer of much of the software used in Nokia's mobile phones.

And, as Hartmut Pilch president of FFII and speaker of the Eurolinux Alliance explains, Opera is just one of "more than 5000 European CTOs and 2000 CEOs who have publicly endorsed our petitions against software patents".

Pilch continues:

"The Nokia patent department's claim that patents are needed to fund research in the software sector looks like a desperate attempt to mobilise the misconceptions of people who are not familiar with the ICT sector. All the economic studies we know of, including those ordered by the European Commission and by member state governments, have shown that software patents are only of very secondary importance as a means of securing investment in research and development. The main drivers of competitive advantage are copyright, in-house capability, unavoidable complexity, and the ability to react quickly to customer needs. In fact, according to the most detailed economic studies, patent investments in the United States have actually tended to reduce spending and divert it *away* from R&D investment in this sector. These points came out particularly clearly in the testimony given by directors of large companies to the US Federal Trade Commission at governmental hearings in the USA last year".

"The letter from Nokia is written from a perspective of a corporate patent lawyer concerned about a possible erosion of his department's importance within his company. Ministers should see it for what it is."

FFII's most hollow laughter is directed at the claim that the Irish proposed text would not "unduly hinder interoperability".

Jonas Maebe, Belgian speaker of FFII, explains:

"The Industry committee, and the Legal Affairs committee, and the full session of the European Parliament, all demanded a special provision to allow data to be inter-converted between different packages and software platforms. Otherwise companies can use software patents to lock in users' data to a particular program or operating system, and competition would be impossible".

"It's a systematic problem. Each and every market niche is individually potentially at risk. That's why, in the final vote in September, the European Parliament voted in favour of the provision by 393 votes to 35".

"But according to Nokia, the Council Working Party has 'responded' to the European Parliament's call, so everything's all right. And how (despite a valiant last-ditch opposition by the Luxemburgers) does the Working Party propose to respond ? By deleting the European Parliament's clause entirely, and instead replacing it with a recital that says any problems can be left to existing antitrust law".

"Remember, this is the antitrust law which has just taken four years, at vast expense, to go after a /single/ accused company, Microsoft; which Microsoft says it can tie up in appeals for another four years; and which at the end of the day looks like the case will be settled with a cosy cross-licensing deal between Microsoft and Sun, and Samba definitely not invited to the party".

"One starts to wonder about what kind of idealised dreamworld these people live in."

Lackadaisical (adj.) - 1) Lacking spirit, liveliness, or interest; languid: "There'll be no time to correct lackadaisical driving techniques after trouble develops" (William J. Hampton). 2) Affectedly pensive; languidly sentimental.

And now thanks to SCO and the RedHat lawsuit (page 5) referenced by the Groklaw article we might see an expansion of the definition for lawyers and geeks alike...

3) Lacking urgency and passionate conviction: "[SCO is] ... taking a lackadaisical attitude toward pursuing its claims."