Slashdot Mirror

axehind writes "Dr. Moshe Bar recently announced the creation of openMosix, a new OpenSource project. The project has quickly attracted a team of volunteers developers from around the globe and is off to a very fast start. openMosix, is an extension of the Linux kernel. openMosix is a Linux kernel extension for single-system image clustering. openMosix is perfectly scalable and adaptive. Once you have installed openMosix, the nodes in the cluster start talking to one another and the cluster adapts itself to the workload. "

xpccx writes: "Newsforge has this blurb about the IEEE changing its 'IEEE Copyright Form' for submissions to the 'IEEE Copyright Transfer & Export Control Compliance Form.' From the IEEE site: 'While the IEEE standard manuscript submission process has always required authors to represent that the necessary clearances and approvals have been obtained, the newly revised Form now requires the author's explicit affirmation that the manuscript does not violate U.S. export laws or restrictions.' And specifically from the new form, 'The undersigned further warrants that the publication or dissemination of the Work shall not violate any proprietary right or the Digital Copyright Millennium Act (the "DCMA").' Maybe the IEEE just wants to protect itself from DMCA lawsuits, but I hope their intention is not to abandon authors who get sued."

bbh writes: "NewsForge has an article about the Free Software Foundation asking the makers of LindowsOS a simple question, 'Where's the Source?' Lindows CEO Michael Robertson has an interesting take on what the GPL means."

SgtXaos writes "The newly created American Open Technology Consortium has posted a draft of their position statement online. They propose to change that by forming a real lobbying force to educate and influence congress about issues near and dear to all of us geeks. Here's a chance to put money where our uh, er, typing is." Newsforge (also part of OSDN) has a story and interview with the founders.

rleyton writes "Codeweavers have just announced Crossover Office, a Wine derivitive which allows MS-Office 97 & 2000 products as well as Lotus Notes to run without a Windows OS License. If it's as cool as the Crossover plugin product, then it could mean a significant step forward in Wine's progress." NewsForge got hold of a final beta copy a couple of days ago and has a Crossover Office review up already, and DesktopLinux.com has one too. This looks pretty cool, yes. Now if a PHB tells you can't run Linux, because you need Office - tell him you'll save money by not needing a Windows license, and call still use Office.

Tony Stanco writes: "Newsforge has an article on what happened at the Security Enhanced Linux panel in Washington about certification under the Common Criteria for Information Technology Security Evaluation standard."

Over on NewsForge, Roblimo has taken a look at Sun's new StarOffice 6.0 (due out in April for retail purchase), and comparing it to OpenOffice build 641C. I installed StarOffice on a new Toshiba laptop, and since my Mandrake 8.2 ISOs are still trickling in, have StarOffice 6.0 running instead under Windows XP. (I have just a few additional notes on this, below.)

The installation was dead simple, and therefore better than most software: I popped in the CD, and with about 10 minutes of point-click-whirrring, the software was installed. The only notable aspect of this process is that the CD included (and popped onto my hard drive, with prompting) a new Java runtime environment (Sun's standard JRE, version 1.3.1). The helpful timer that accompanies the install is conservative, which is nice -- it started out estimating 14 minutes for the "transferring files" portion, but quickly dropped down to less than five.

Having not touched StarOffice for a while, it's nice to see the features in OpenOffice trickle in -- most importantly, getting rid of the monolithic desktop makes it actually usable to those of us who hate screen-hijacking software. And at least on this 1 GHz, 256MB laptop, even "bloatware" features like auto-correction are snappy enough not to be bothersome.

Two small notes on Roblimo's review for anyone curious about using SO under Windows: The Windows version does claim to open "WordPerfect (Win) 6.0-7.0" documents, which is at least a start toward WordPerfect compatibility. And under Windows, the nice X-Window style one-click text transfer isn't an option. One more note for 6.0 Beta testers: you can download a patch from Sun to extend the life of the beta from March 31 to June 3 2002.

pitabutter writes "Sounds like AOL is joining the list of companies making the internal switch to Linux, taking their default browser choice along with them. Oddly, second article in a short time linking AOL and Red Hat. " As with all things with AOL/Mozilla, I'll actually believe it when the darn thing ships - but the internal switch to Linux is something that I've also heard from people.

An anonymous submitter sent in a link to a recent email from the kde-devel list, criticizing the release process. Hopefully the KDE guys can work out any problems and keep up the good work that we've seen in the past. Update: 03/10 14:20 GMT by M : One of the comments below points out that another KDE developer has made an extensive response to the original criticisms.

LinuxCare founders Dave Sifry, Art Tyde and Dave LaDuke have started their second company: Sputnik. Basically, they have an ISO you can download that will turn a laptop with an 802.11b card into a wireless gateway. They also wrote a user-authentication scheme that reroutes all traffic to the gateway until the user logs in via a web form. This should sound familiar to people who stay in broadband capable hotels a lot. Using this authentication technique, the software allows you to choose who can and cannot use your gateway, and in you'll be able to charge strangers for access (with Sputnik handling the billing). This will likely get some isps a wee bit upset. NewsForge has an article detailing what they are doing. Update: Turns out the authentication wasn't written by Sputnik, my bad. They use NoCatAuth Disclaimer: I've known these guys for a long time and am pals with them, so I waited until someone else (in this case Grant at NewsForge and the NYT) put something up independently about them before linking to them.

LinuxCare founders Dave Sifry, Art Tyde and Dave LaDuke have started their second company: Sputnik. Basically, they have an ISO you can download that will turn a laptop with an 802.11b card into a wireless gateway. They also wrote a user-authentication scheme that reroutes all traffic to the gateway until the user logs in via a web form. This should sound familiar to people who stay in broadband capable hotels a lot. Using this authentication technique, the software allows you to choose who can and cannot use your gateway, and in you'll be able to charge strangers for access (with Sputnik handling the billing). This will likely get some isps a wee bit upset. NewsForge has an article detailing what they are doing. Update: Turns out the authentication wasn't written by Sputnik, my bad. They use NoCatAuth Disclaimer: I've known these guys for a long time and am pals with them, so I waited until someone else (in this case Grant at NewsForge and the NYT) put something up independently about them before linking to them.

Sinistar2k writes: "Showing remarkable restraint and an unwillingness to shout 'Give it up for me!', Steve Ballmer comes across as a poor, beat down soul in the video deposition (Windows Media or RealPlayer required) released today by US District Judge Colleen Kollar-Kotelly. Also available are text depositions of Ballmer and Allchin." gouldtj adds: "Here is a timeline on the Microsoft trial. It is pretty complete, and it goes back to 1990. It is nice to see all of this in one place, I'd almost forgotten about the old stuff. It just reminds you how long this stuff can take." Finally, ackthpt writes: "The nine non-settling states have modified their requirements, rather than Microsoft having to sell various versions of Windows, they would have Microsoft Windows sold as a modular platform, where the user could opt for different vendors software for different uses. Just days ago the nine settling states were rattled by Microsoft's end-around, challenging state attorneys' general participation in anti-trust procedings." And if your own computing (or career) depends on a Microsoft operating system, Roblimo suggests that you stop using it, because Steve Ballmer says Microsoft may take it away.

An anonymous submitter sent in: "The hearing is over, and Adam Kessel posted a report about what happened in the court room. The judge is probably not going to issue a temp. injunction against NuSphere on the GPL violation, but probably WILL issue an injunction on trademark issues." Politech has another report on the hearing.

A little fairy whispered in our ear: "MySQL AB is seeking a temporary injunction against NuSphere, even though they've finally released the source code for Gemini and MySQL Advantage. According to the GPL, NuSphere lost the right to redistribute when they violated #3 by not providing the source code originally. The FSF will testify tomorrow in court, according to this Newsforge article." Newsforge and Slashdot are both part of OSDN. We've done a couple of previous stories about the MySQL AB vs. Nusphere conflict: the original story, a follow-up, and a note about a countersuit. Update: 02/26 21:15 GMT by T : bkuhn (Bradley Kuhn of the Free Software Foundation) writes: "The FSF has a press release on the matter and affidavit that we filed is also available."

Over at NewsForge (NewsForge is part of OSDN, as is Slashdot), Roblimo has posted his impressions of the long-awaited, much-ridiculed Red Flag Linux (English version). It may not be a big seller outside of the Chinese-speaking world (despite the available English-language install), but it's not a hoax, and it's available as an ISO for download. Update from Roblimo: I did not write the NewsForge Red Flag review. Matt Michie deserves all credit for this excellent work.

Jrbl writes "NewsForge is running This editorial by Tina Gasperson about the possible implications for GNOME if it gets Mono (which allows patented components.) There's also a reference to this article at The Register in which Miguel de Icaza raves about Microsoft."

Jrbl writes "NewsForge is running This editorial by Tina Gasperson about the possible implications for GNOME if it gets Mono (which allows patented components.) There's also a reference to this article at The Register in which Miguel de Icaza raves about Microsoft."

Jim Hall writes: "Newsforge [ed. note: Newsforge and Slashdot are both part of OSDN] is running an article about the FreeDOS Project. If you don't know: FreeDOS aims to be a complete, free, 100% MS-DOS compatible operating system, and is released under the GNU General Public License. It's a good read. From the article: 'But, in the true spirit of Open Source, FreeDOS is not content to be an imitation of the existing technology. ... Open Source talks about freedom to use, but it also means freedom to choose. FreeDOS gives people another choice. If you don't want DOS, try something else. But if DOS might be the key for that special device you are building, check out FreeDOS. It is definitely worth a look.'" We did an interview with Hall two years ago - looks like the project has come a long way since then.

Jim Hall writes: "Newsforge [ed. note: Newsforge and Slashdot are both part of OSDN] is running an article about the FreeDOS Project. If you don't know: FreeDOS aims to be a complete, free, 100% MS-DOS compatible operating system, and is released under the GNU General Public License. It's a good read. From the article: 'But, in the true spirit of Open Source, FreeDOS is not content to be an imitation of the existing technology. ... Open Source talks about freedom to use, but it also means freedom to choose. FreeDOS gives people another choice. If you don't want DOS, try something else. But if DOS might be the key for that special device you are building, check out FreeDOS. It is definitely worth a look.'" We did an interview with Hall two years ago - looks like the project has come a long way since then.

Dare Obasanjo contributed this followup to an article entitled The Myth of Open Source Security Revisited that appeared on the website kuro5hin. He writes: "The original article tackled the common misconception amongst users of Open Source Software(OSS) that OSS is a panacea when it comes to creating secure software. The article presented anecdotal evidence taken from an article written by John Viega, the original author of GNU Mailman, to illustrate its point. This article follows up the anecdotal evidence presented in the original paper by providing an analysis of similar software applications, their development methodology and the frequency of the discovery of security vulnerabilities." Read on below for his detailed analysis, especially relevant with the currency of security initiatives in the worlds of both open- and closed-source software.

The Myth of Open Source Security Revisited v2.0 The purpose of this article is to expose the fallacy of the belief in the "inherent security" of Open Source software and instead point to a truer means of ensuring the quality of the security of a piece software is high.

Apples, Oranges, Penguins and Daemons

When performing experiments to confirm a hypothesis on the effect of a particular variable on an event or observable occurence, it is common practice to utilize control groups. In an attempt to establish cause and effect in such experiments, one tries to hold all variables that may affect the outcome constant except for the variable that the experiment is interested in. Comparisons of the security of software created by Open Source processes and software produced in a proprietary manner have typically involved several variables besides development methodology.

A number of articles have been written that compare the security of Open Source development to proprietary development by comparing security vulnerabilities in Microsoft products to those in Open Source products. Noted Open Source pundit, Eric Raymond wrote an article on NewsForge where he compares Microsoft Windows and IIS to Linux, BSD and Apache. In the article, Eric Raymond states that Open Source development implies that "security holes will be infrequent, the compromises they cause will be relatively minor, and fixes will be rapidly developed and deployed." However, upon investigation it is disputable that Linux distributions have less frequent or more minor security vulnerabilities when compared to recent versions of Windows. In fact the belief in the inherent security of Open Source software over proprietary software seems to be the product of a single comparison, Apache versus Microsoft IIS.

There are a number of variables involved when one compares the security of software such as Microsoft Windows operating systems to Open Source UNIX-like operating systems including the disparity in their market share, the requirements and dispensations of their user base, and the differences in system design. To better compare the impact of source code licensing on the security of the software, it is wise to reduce the number of variables that will skew the conclusion. To this effect it is best to compare software with similar system design and user base than comparing software applications that are significantly distinct. The following section analyzes the frequency of the discovery of security vulnerabilities in UNIX-like operating systems including HP-UX, FreeBSD, RedHat Linux, OpenBSD, Solaris, Mandrake Linux, AIX and Debian GNU/Linux.

Security Vulnerability Face-Off

Below is a listing of UNIX and UNIX-like operating systems with the number of security vulnerabilities that were discovered in them in 2001 according to the Security Focus Vulnerability Archive. AIX 10 vulnerabilities[6 remote, 3 local, 1 both] Debian GNU/Linux 13 vulnerabilities[1 remote, 12 local] + 1 Linux kernel vulnerability[1 local] FreeBSD 24 vulnerabilities[12 remote, 9 local, 3 both] HP-UX 25 vulnerabilities[12 remote, 12 local, 1 both] Mandrake Linux 17 vulnerabilities[5 remote, 12 local] + 12 Linux kernel vulnerabilities[5 remote, 7 local] OpenBSD 13 vulnerabilities[7 remote, 5 local, 1 both] Red Hat Linux 28 vulnerabilities[5 remote, 22 local, 1 unknown] + 12 Linux kernel vulnerabilities[6 remote, 6 local] Solaris 38 vulnerabilities[14 remote, 22 local, 2 both] From the above listing one can infer that source licensing is not a primary factor in determining how prone to security flaws a software application will be. Specifically proprietary and Open Source UNIX family operating systems are represented on both the high and low ends of the frequency distribution.

Factors that have been known to influence the security and quality of a software application are practices such as code auditing (peer review), security-minded architecture design, strict software development practices that restrict certain dangerous programming constructs (e.g. using the str* or scanf* family of functions in C) and validation & verification of the design and implementation of the software. Also reducing the focus on deadlines and only shipping when the system the system is in a satisfactory state is important.

Both the Debian and OpenBSD projects exhibit many of the aforementioned characteristics which help explain why they are the Open Source UNIX operating systems with the best security record. Debian's track record is particularly impressive when one realizes that the Debian Potato consists of over 55 million lines of code (compared to RedHat's 30,000,000 lines of code).

The Road To Secure Software

Exploitable security vulnerabilities in a software application are typically evidence of bugs in the design or implementation of the application. Thus the process of writing secure software is an extension of the process behind writing robust, high quality software. Over the years a number of methodolgies have been developed to tackle the problem of producing high quality software in a repeatable manner within time and budgetary constraints. The most successful methodologies have typically involved using the following software quality assurance, validation and verification techniques; formal methods, code audits, design reviews, extensive testing and codified best practices.

1. Formal Methods: One can use formal proofs based on mathematical methods and rigor to verify the correctness of software algorithms. Tools for specifying software using formal techniques exist such as VDM and Z. Z (pronounced 'zed') is a formal specification notation based on set theory and first order predicate logic. VDM stands for "The Vienna Development Method" which consists of a specification language called VDM-SL, rules for data and operation refinement which allow one to establish links between abstract requirements specifications and detailed design specifications down to the level of code, and a proof theory in which rigorous arguments can be conducted about the properties of specified systems and the correctness of design decisions.The previous descriptions were taken from the Z FAQ and the VDM FAQ respectively. A comparison of both specification languages is available in the paper, Understanding the differences between VDM and Z by I.J. Hayes et al.
   
   
2. Code Audits: Reviews of source code by developers other than the author of the code are good ways to catch errors that may have been overlooked by the original developer. Source code audits can vary from informal reviews with little structure to formal code inspections or walkthroughs. Informal reviews typically involve the developer sending the reviewers source code or descriptions of the software for feedback on any bugs or design issues. A walkthrough involves the detailed examination of the source code of the software in question by one or more reviewers. An inspection is a formal process where a detailed examination of the source code is directed by reviewers who act in certain roles. A code inspection is directed by a "moderator", the source code is read by a "reader" and issues are documented by a "scribe".
   
   
3. Testing: The purpose of testing is to find failures. Unfortunately, no known software testing method can discover all possible failures that may occur in a faulty application and metrics to establish such details have not been forthcoming. Thus a correlation between the quality of a software application and the amount of testing it has endured is practically non-existent.
   
   There are various categories of tests including unit, component, system, integration, regression, black-box, and white-box tests. There is some overlap in the aforementioned mentioned testing categories.
   
   Unit testing involves testing small pieces of functionality of the application such as methods, functions or subroutines. In unit testing it is usual for other components that the software unit interacts with to be replaced with stubs or dummy methods. Component tests are similar to unit tests with the exception that dummmy and stub methods are replaced with the actual working versions. Integration testing involves testing related components that communicate with each other while system tests involve testing the entire system after it has been built. System testing is necessary even if extensive unit or component testing has occured because it is possible for seperate subroutines to work individually but fail when invoked sequentialy due to side effects or some error in programmer logic. Regression testing involves the process of ensuring that modifications to a software module, component or system have not introduced errors into the software. A lack of sufficient regression testing is one of the reasons why certain software patches break components that worked prior to installation of the patch.
   
   Black-box testing also called functional testing or specification testing test the behavior of the component or system without requiring knowledge of the internal structure of the software. Black-box testing is typically used to test that software meets its functional requirements. White-box testing also called structural or clear-box testing involves tests that utilize knowledge of the internal structure of the software. White-box testing is useful in ensuring that certain statements in the program are excercised and errors discovered. The existence of code coverage tools aid in discovering what percentages of a system are being excercised by the tests.
   
   More information on testing can be found at the comp.software.testing FAQ .
   
   
4. Design Reviews: The architecture of a software application can be reviewed in a formal process called a design review. In design reviews the developers, domain experts and users examine that the design of the system meets the requirements and that it contains no significant flaws of omission or commission before implementation occurs.
   
   
5. Codified Best Practices: Some programming languages have libraries or language features that are prone to abuse and are thus prohibited in certain disciplined software projects. Functions like strcpy, gets, and scanf in C are examples of library functions that are poorly designed and allow malicious individuals to use buffer overflows or format string attacks to exploit the security vulnerabilities exposed by using these functions. A number of platforms explicitly disallow gets especially since alternatives exist. Programming guidelines for such as those written by Peter Galvin in a Unix Insider article on designing secure software are used by development teams to reduce the likelihood of security vulnerabilities in software applications.

Projects such as the OpenBSD project that utilize most of the aforementioned techniques in developing software typically have a low incidence of security vulnerabilities.

Issues Preventing Development of Secure Open Source Software

One of the assumptions that is typically made about Open Source software is that the availability of source code translates to "peer review" of the software application. However, the anecdotal experience of a number of Open Source developers including John Viega belies this assumption.

The term "peer review" implies an extensive review of the source code of an application by competent parties. Many Open Source projects do not get peer reviewed for a number of reasons including

• complexity of code in addition to a lack of documentation makes it difficult for casual users to understand the code enough to give a proper review
  
  
• developers making improvements to the application typically focus only on the parts of the application that will affect the feature to be added instead of the whole system.
  
  
• ignorance of developers to security concerns.
  
  
• complacency in the belief that since the source is available that it is being reviewed by others.
  
  

Also the lack of interest in unglamorous tasks like documentation and testing amongst Open Source contributors adversely affects quality of the software. However, all of these issues can and are solved in projects with a disciplined software development process, clearly defined roles for the contributers and a semi-structured leadership hierarchy.

Benefits of Open Source to Security-Conscious Users

Despite the fact that source licensing and source code availability are not indicators of the security of a software application, there is still a significant benefit of Open Source to some users concerned about security. Open Source allows experts to audit their software options before making a choice and also in some cases to make improvements without waiting for fixes from the vendor or source code maintainer.

One should note that there are constraints on the feasibility of users auditing the software based on the complexity and size of the code base. For instance, it is unlikely that a user who wants to make a choice of using Linux as a web server for a personal homepage will scrutinize the TCP/IP stack code.

References

1. Frankl, Phylis et al. Choosing a Testing Method to Deliver Reliability. Proceedings of the 19th International Conference on Software Engineering, pp. 68--78, ACM Press, May 1997. < http://citeseer.nj.nec.com/frankl97choosing.html >
   
   
2. Hamlet, Dick. Software Quality, Software Process, and Software Testing. 1994. < http://citeseer.nj.nec.com/hamlet94software.html >
   
   
3. Hayes, I.J., C.B. Jones and J.E. Nicholls. Understanding the differences between VDM and Z. Technical Report UMCS-93-8-1, University of Manchester, Computer Science Dept., 1993. < http://citeseer.nj.nec.com/hayes93understanding.ht ml >
   
   
4. Miller, Todd C. and Theo De Raadt. strlcpy and strlcat - consistent, safe, string copy and concatenation. Proceedings of the 1999 USENIX Annual Technical Conference, FREENIX Track, June 1999. < http://www.usenix.org/events/usenix99/full_papers/ millert/millert_html/ >
   
   
5. Viega, John. The Myth of Open Source Security. Earthweb.com. < http://www.earthweb.com/article/0,,10455_626641,00 .html >
   
   
6. Gonzalez-Barona, Jesus M. et al. Counting Potatoes: The Size of Debian 2.2. < http://people.debian.org/~jgb/debian-counting/coun ting-potatoes/ >
   
   
7. Wheeler, David A. More Than A Gigabuck: Estimating GNU/Linux's Size. < http://www.counterpane.com/crypto-gram-0003.html >
   
   

Acknowledgements

The following people helped in proofreading this article and/or offering suggestions about content: Jon Beckham, Graham Keith Coleman, Chris Bradfield, and David Dagon. © 2002 Dare Obasanjo

rutledjw writes: "This should be good for some flame wars. A story on HPWorld that I read about on NewsForge gives an interesting comparison between XP and Linux. I personally think the story wanders a little and wouldn't call it comprehensive, but it is interesting. It does point out a particular bottleneck in how the 2.4.x kernels handle asynchronous IO. Apparently this is being addressed in the 2.5 kernels..." It actually appears quite low-flame and balanced, and unlike some Linux vs. Windows comparisons, goes into decent detail rather than just glib generalizations.

mpawlo writes: "I wrote something on public procurement and open code that you might want to share with your readers. In my opinion, it is time that public bodies and governments look over their public procurement policies to warrant competition. I don't think free software or open source should be the only choice when it comes to public computer programs, but as of today, public bodies all over the world designs their requirements in a way that rules out all Free Software and Open Source alternatives already at the drawing table. May the best computer program and license win! That's the only way to get an effective allocation of public money when it comes to public computer programs. Maybe a good topic for discussion among Slashdotters?"

There's an interesting piece running on Newsforge concerning advocacy of Open Source within the (US) Federal Government. The Feds, as we've talked about here before, are caught in an interesting cross fire - and based on personal experience, I can tell you that they are looking at it. Carpe Diem, folks.

Clarkson University wins a server from IBM. Sun is bringing embedded Linux to its UltraSparc IIe processors. Wired has an overview of LinuxWorld, talking about how it's all business and the joy is gone; and so does Internet.com; and so does Newsforge, which also has a story about LinuxWorld in Paris. The Register has a lengthy interview with Miguel de Icaza, in which he notes "Gnome 4.0 should be based on .NET".

Clarkson University wins a server from IBM. Sun is bringing embedded Linux to its UltraSparc IIe processors. Wired has an overview of LinuxWorld, talking about how it's all business and the joy is gone; and so does Internet.com; and so does Newsforge, which also has a story about LinuxWorld in Paris. The Register has a lengthy interview with Miguel de Icaza, in which he notes "Gnome 4.0 should be based on .NET".

A Commentor writes: "According to news.com Ximian is changing the license to Mono from GPL to a variant of the XFree license. Apparently this is due to a partnership with Intel." Update: 01/28 15:03 GMT by T : There's a story at NewsForge as well, where RMS weighs in firsthand on the license choice.

An Anonymous Coward writes: "Newsforge has an article about new generation secure chat protocol called SILC (Secure Internet Live Conferencing). The article features the protocol and its features like secure file transfer. Interesting article and very interesting protocol." We posted a story about SILC last year; looks like they've come a long way since then.

Well, the wait is finally over. Lindows, the system that promises to bring Windows software to Linux, has finally been released in sneak-preview form. You can catch a first hand review of the system on NewsForge.

Well, the wait is finally over. Lindows, the system that promises to bring Windows software to Linux, has finally been released in sneak-preview form. You can catch a first hand review of the system on NewsForge.

An Anonymous Coward writes: "News forge is running an interview With lokigames president Scott Draeker. Looks like the leaked email wasn't a hoax after all. A very sad day for Linux. AOL? Redhat? IBM? someone please help these guys."

crashlight writes: "A Linux cluster on the desktop--Rocket Calc just announced their 8-processor "personal" cluster in a mid-tower-sized box. Starting at $4500, you get 8 Celeron 800MHz processors, each with 256MB RAM and a 100Mbps ethernet connection. The box also has an integrated 100Mbps switch. Plus it's sexy." Perhaps less sexy, but for a lot less money, you can also run a cluster of Linux (virtual) machines on your desktop on middle-of-the-road hardware. See this followup on Grant Gross's recent piece on Virtual Machines over at Newsforge.

Over at Newsforge, Grant Gross has written an interesting overview of the options available for hosting multiple Linux installations on virtual machines; interestingly, it's not just for those with the big bucks for high-end IBM hardware, though that's surely nice.

red5 writes: "Newsforge has a report of a new "iMac-like" internet computer from the good people over at OEone. On an interesting note it uses Mozilla as its GUI. Read the article for all the details." Another submitter sent in an interview with the company.

red5 writes: "Newsforge has a report of a new "iMac-like" internet computer from the good people over at OEone. On an interesting note it uses Mozilla as its GUI. Read the article for all the details." Another submitter sent in an interview with the company.

red5 writes: "Newsforge has a report of a new "iMac-like" internet computer from the good people over at OEone. On an interesting note it uses Mozilla as its GUI. Read the article for all the details." Another submitter sent in an interview with the company.

Johannes writes "Newsforge column on "lagom" copyright. I think we need to discuss these issues more. Maybe a GNU GPL law isn't so bad after all. As Pawlo states: "Would not a modern democratic society benefit from a plurality of irreconcilable and incompatible doctrines? We need the GNU GPL, but we also need proprietary software, Open Source software, BSD licenses, the Apache license and so forth. That would make the case for GNU GPL legislation void. However, as Lawrence Lessig taught us in his book Code and Other Laws of Cyberspace, the code may in itself work against plurality.""

sombragris writes "I've spotted in NewsForge a very interesting editorial by none other than RMS himself on the subject of getting rid of those annoying MS Word attachment that people send. The essay is worth thinking and doubtless worth implementing." I've found that KWord and Abiword both did a fine job of reading Word files - it's the being able to Save As Word where things get messy.

sombragris writes "I've spotted in NewsForge a very interesting editorial by none other than RMS himself on the subject of getting rid of those annoying MS Word attachment that people send. The essay is worth thinking and doubtless worth implementing." I've found that KWord and Abiword both did a fine job of reading Word files - it's the being able to Save As Word where things get messy.

As you might know, Slashdot runs on Greenwich Mean Time. That means that you're reading the last story posted in 2001, in which we've gathered some more year-end submissions. Happy New Year to all, no matter what time zone you're in! Zargo writes: "Infosync.no has a great collection of articles named Rewind 2001 looking back at the best stories of 2001. Lots of cool gadgets in there. Samsung 3G prototypes, a car designed by Bella and Nokia, soft hardware by IDEO, Siemens wristphone, Compaq's project Mercury, the Agende VR3 Linux based PDA, the Pogo, Psion's über gadgets, Handspring's Treo, Fathammer's X-Forge, Samsungs YOPY (Linux PDA), Sharp's Zaurus SL-5500 including screenshots. Lots and lots of cool stuff to read."

Speaking of Stuff, Dave Gould writes: "I have published my picks for the 2001 Stuff of the Year. Here's hoping for lots of neat new stuff in 2002!" I bet high that stuff continues to arrive. Maybe even more IT.

Weedstock writes: "EE Times has a list of 15 interesting articles about technologies to watch in 2002. One of those articles, Software model needs overhaul, explains the current problems with computer processing and describes new technologies (Such as the Reconfigurable Architecture Workstation processor from MIT) that will affect this domain in the next year."

uninet writes: "'Looking back over the past year, I think most people would have to agree it has been a ground breaking time for open source. While it is true that open source companies suffered just like the rest of the tech sector from poor economic conditions, those same conditions have also made open source appear even more attractive.'" Here's the rest of Open For Business' analysis of the year past and coming.

There are plenty more year-end wrap-ups filled with bulleted lists and instant nostalgia, but few can top Llewyn, who writes: "The couple who met on Slashdot two years ago are celebrating their first wedding anniversary! you can email them at scott@asofyet.org and elysse@asofyet.org or visit their reminiscing website." Congratulations!

For those into New Year's festivities of the more athletic (and semi-athletic) variety, burntfungus writes with words on "Security and open 802.11b WLAN Access Points along the Rose Parade route, Pasadena's yearly event that allow anyone to be a street person for two nights a year! If you get cold there are many places to get a hot cup of coffee or hot chocolate. Watch floats (on webcam, blimps and low flying stealth bombers! Find a public WLAN access point or two."

At least partly wrapping up one of this year's oddest stories, several readers have submitted a link to a CNN story which says that Dmitry Sklyarov has returned home to Russia, and has already raised a toast with his wife and children. I hope Dmitry's treated a little differently on his next visit to the U.S. suwain_2 adds a link to this Newsforge story as well.

Weedstock writes: "In an article on LinuxWorld, Joe Barr is once again making 10 predictions about the success of Linux for the new year." The first of many sets of predictions for 2002, no doubt. And some guy named "Robin" or "Roblimo" or something like that wrote about Linux in 2003 for Newsforge.

It's not a contradiction: Free software costs money. (That's because server space, bandwidth, coffee, electricity, computers, and workspace all cost money.) Besides which, the time it takes to code new window managers, programming libraries (and languages), web browsers, and all the other goodies which make a modern computer useful may be spent as a labor of love, but it's time that competes with real-world jobs, family time, vacations in the Riviera and sleep. Besides the relative few who work at work on their Free software projects, the programmers, project managers, web-site maintainers, documentation jockeys and QA volunteers behind the programs we enjoy every day don't seem to be in it for the money, so much as the thrill of releasing new software, a desire to make their own world a little better, and for plain old fun. The staffers and volunteers who put long hours and dedication into organizations trying to safeguard online freedoms are also obviously interested in rewards that go way beyond salaries. This New Year's, consider giving them a little money anyhow. Here are a few ideas; you're invited to point out projects and organizations that I've left out.

As you may have read the other day, the FreeBSD project is now taking donations via PayPal. And if you're in a clean, roots-UNIX kind of mood, the folks at OpenBSD and NetBSD (NetBSD PayPal) would probably also appreciate your goodwill, not to mention your money, hardware and time.

If you don't have a specific project in mind, but would like to donate some of your chunk of the time-money continuum to a worthy software undertaking, a good place to start is Software in the Public Interest. They can take both general donations as well as earmark for projects they support, like Berlin, Debian, GNOME and more. (Not into GNOME? KDE could use some assistance, including money, too.)

If you like the projects funded by the boxed-distribution makers (like paying for full-time work on endeavors like KOffice), you can do more than buy the box: Mandrake has recently formed something called the Mandrake Club as a gathering place for both people and funds.

To encourage (and reward) cross-platform goodness, supporting the Mozilla project is hard to beat. (This story was posted using a 9.7 build using the wonderful Modern theme.) Source of Mozilla wisdom Mozillazine could use some help paying for the switch to a new host, and to defray ongoing costs. Another good place to cast your perls is Yet Another Foundation, which supports the somewhat scrutable development of the not-so-scrutable Perl.

More generally, consider investing some money in organizations like the Free Software Foundation, the Electronic Frontier Foundation, and the Electronic Privacy and Information Center (EPIC), all of which help battle (in court and in the marketplace of ideas) the forces who wish to monitor and otherwise exert top-down control of your computer and everything to do with your on-line life.

Remember, with all of these projects, non-monetary contributions are welcomed as well -- if you can write or correct some online documentation, create test-cases to root out weaknesses, or create some pretty graphics to smooth the user experience, you can contribute. (Long-distance pizza deliveries to developers are also generally appreciated.) Teaching a coworker, classmate, parent or friend how to set up mailfilters on a Linux box, or how to edit photos in the GIMP, is a nice way to save them money, too. Making a difference locally might also mean contributing some time, money or hardware to help run local LUG events.

Note: Many of the organizations named above are set up as 501(c) charities; if you'd like to claim any charitable contributions as tax deductions, now's the time to get the postmark, at least if it's important to you for those donations to be on the current calendar year. For a few more ideas on ways to donate geekily this year, see Jack Bryar's Newsforge column with some more links.

And a Happy New Year's!

SumDeusExMachina writes: "NORAD is at it once again folks! You can track Santa as he travels across the globe via a nifty Real Media stream." Apparently, this guy has been making some changes up North, too, including stealth technology, so I hope the radar tracks.

Hitch asks: "My LUG's mailing list has had a thread for about a week now arguing about Red Hat's policy which prohibits calling CD's burned from iso's available on Red Hat's site 'Red Hat Linux' or including 'Red Hat' in the name of the CD in any way. This includes things like 'Sombrero Rojo' and 'Maroon Head Covering' according to some of their pages. And according to some others, you cannot make a CD called 'My Linux' with the line 'Contains Red Hat version X.X' in small print underneath. We have, however, found another page that says precisely the opposite, also on the Red Hat website. I was wondering what the rest of the community's thoughts on this are, and perhaps since I know Red Hat people read this, what the official word is. Primarily we're concerned for Installfests, burning and handing out CD's to friends, and things like CheapBytes. How does this affect them?" According to a recent article on NewsForge, Red Hat has changed their Trademark policy. Hopefully the new changes will make the policy less confusing. What do you think about the new changes to the policy?

morcego asks: "I think everyone remembers the case of PCs for Kids, the Australian group that donates computers for the poor children, when Microsoft asked them lots of money for the software on the computers they donated. I am trying to convince schools to start using free software, and I have heard arguments like 'all free software initiatives in public schools around the world have failed.' I know this is not true, but I need cases to show them. So, do you know of any school (public or not), or other educational institution that has been saved from paying large amounts of money (and closing its doors) by free software?" For those interested in this topic, you'll probably want to read up on the latest salvo in the Microsoft private antitrust settlement. It sounds like education, and Open Source, may now have an official relationship, and things are now getting kicked into high gear. While it's good to hear about the "SchoolForge" coalition (no relation to SourceForge or NewsForge), what educational resources are currently available to schools from the Open Source arena?

morcego asks: "I think everyone remembers the case of PCs for Kids, the Australian group that donates computers for the poor children, when Microsoft asked them lots of money for the software on the computers they donated. I am trying to convince schools to start using free software, and I have heard arguments like 'all free software initiatives in public schools around the world have failed.' I know this is not true, but I need cases to show them. So, do you know of any school (public or not), or other educational institution that has been saved from paying large amounts of money (and closing its doors) by free software?" For those interested in this topic, you'll probably want to read up on the latest salvo in the Microsoft private antitrust settlement. It sounds like education, and Open Source, may now have an official relationship, and things are now getting kicked into high gear. While it's good to hear about the "SchoolForge" coalition (no relation to SourceForge or NewsForge), what educational resources are currently available to schools from the Open Source arena?

miracle69 writes: "Well, it looks like the perfect convergence for the average Slashdot reader. What we've got here is a game that is approaching the Slashdot Enthusiast's Valhalla. It's released under Windows and Linux, costs a mere 25 USDs, and has no middleman to jack prices up. Of course, that means it's not available in stores, nor will it be seen on TV, but according to Newsforge, it's got great gameplay. So, will 25 bucks, a fresh game idea, and a Linux release make others in the gaming world stand up and take notice?"

jdavidb writes: "I pulled up the Ximian redcarpet updater this morning and discovered that Evolution 1.0 is finally available! Now Outlook can start facing some serious competition, although there's still a long way to go. (Evolution does not yet emulate all the Outlook viruses, of course, nor does it integrate with Exchange Server.)" Here's Ximian's full announcement. Update: 12/03 14:59 GMT by T : Nat Friedman of Ximian points out that they're offering a software extension which does allow integration with Exchange 2000. There's good story on the new iteration of Evolution at NewsForge, too.

rbeattie writes: "The Register is reporting that the code for 'the first generic operating system for microcomputers' is now open source. It's interesting to see the final chapter for the code that could have been what was MS-DOS. The article includes the requisite background of CP/M from Gary Kildall's snubbing of IBM to its transformation into DR-DOS, later being sold to Novell then to Caldera who spun it off with Lineo who finally opened up the source in October." The original story is actually at NewsForge. Update: 11/27 22:13 GMT by T : Note, thanks to reader Greg Head, that DR-DOS source appears available only for money; the original headline implied that DR-DOS source was also now available at no charge.

proclus writes: "Stallman's response to the GNOME board election process is a lesson in the application of free software principles. For Stallman, GNOME is a GNU project, and the main goal is to promote free software. His consistancy and ethics are admirable, but one wonders if GNOME has grown beyond its roots in the free software community. Is Stallman's view of GNOME too narrow? The GNU-Darwin Distribution and The Fink projects are a case in point. It is simply amazing how many people want to use GNOME together with Mac OSX, and yet in Stallman's view, this would be an example of GNOME falling short of its goals. If free software is used together with proprietary, then the movement has failed to displace proprietary software, and free the users. Is it possible to reach such users with free software ideals, and is it necessary to divorce free software from proprietary in order to accomplish that goal?"

John Ineson writes: "There is a bug in the latest kernel releases, that causes fs corruption on umount. A lot of people have already been hit by this, so for now I suggest you hold fire on booting those new kernels. More dead-duck than greased-turkey. Two possible fixes are being discussed on linux-kernel." Colin Bayer adds links to a story at the Register and Al Viro's fix. Update: 11/25 00:39 GMT by T : Tarkie writes "Linux 2.4.16-pre1 is out, as detailed at NewsForge. If you've been having the filesystem corruptions, might be worth a try so that 2.4.16 can be out ASAP!"