Slashdot Mirror

There certainly are a lot of games companies here in Guildford, but there's also a fair bit of tech research and other IT work going on.

The Surrey Research Park, near the Royal Surrey County Hospital and associated with Surrey University has plenty of tech-based companies including Red Hat UK (where I work), Mitsubishi Electric Visual Information Laboratory, the aforementioned Lionhead Studios, BOC, etc etc etc.

Also, the University itself has a rather good reputation in technology and the sciences, and has just opened a big new Biology and Nursing block, so there's plenty going down in this here town...

Honestly, I would say the same thing about a lot of commercial software as well. Just because you sell something doesn't mean that it's been designed properly, and likely just because something is free doesn't mean it's been slapped together with duct tape. Further more I'd trust a program with source more than one without and many open source developers are always willing to accept a better design.

<rant>
I really wish people (especially slashdot editors) would get the terminology correct. It's commercial vs. non-profit and proprietary vs. free/open source. These are orthogonal concepts. There is nothing weird about a company that sells open source software. Lots of companies do it these days. RedHat (like all other software companies) sells nothing but commercial software (by definition).
</rant>

Regarding the topic of the article, I certainly wouldn't trust proprietary software. I can't even figure out how it works, let alone what it's supposed to do. I also wouldn't trust a car that didn't let me open the hood and see how it was constructed. I see nothing inherent in the open source model that prevents adherence to design goals, certifications or regulations.

There are some useful articles about getting started with development under Linux, as well as useful downloads, at:

http://www.redhat.com/devnet/

My experience with Dell and RedHat Linux was rather distrubing. We purchased a Dell PowerEdge 2400 (with the PERC2/si Raid Card) when recieved the machine it was not preloaded. In fact the raid driver was not finished. They finaly got us the driver after three weeks when to out suprise the driver was compiled for a specific version of the kernel (Dell's Special Tweaked version) which had a PPP problem (which we needed). I guess my point is RedHat and Dell get all sort of publicity for being open sourced, but yet we could not get the source code to compile the driver ourselves. Yet company like Caldera, IBM, and Mandrake get some publicity but it is almost an after thought. This is just my opinion. Peace Out.

I prefer to develop in a transparent environment---one where I know what code is being invoked, and by whom.

I'm developing under Next/Openstep, and while the Project Builder can be nice in some ways, when things don't quite work, it can be a bear to follow layer after layer of makefile to determine what library or header file is missing.

With standard Unix-like command-line developing, I know what I'm getting because I put it there, and if something's flaky, I can ask make (at least the FSF's version) to trace its ``thought'' processes for me to check. With the IDEs I've seen, too much is hidden, and if it doesn't work exactly as intended, or if you want it to do something that its designer hadn't provided for, you're in for quite a fight.

True, you can develop from the command line under msWin, but for it to be as powerful and convenient as Unix, you need to augment the shell and utilities extensively. Cygwin gives you the missing capabilities, but I'd rather not retrofit---just go to the system whose shell scripting capabilities are a full programming language, that has a ton of Lego-like utilities to be fit together as you wish, and that lets you see what's happening every step of the way. After all, the bottom line of correct programming is knowing exactly what your code will do.

Go here for UFO - Unmaintained Free software and Open source projects. It's hosted by Bernhard Rosenkraenzer of Red Hat, who is also a contributor to the KDE project, which is the reason why /. ignores UFO (yes I'm joking).
--

I have seen many boxes compromised. But there are two configurations I've never seen hacked:

1.Redhat w/ latest updates.
2.OpenBSD.

I can believe #2 but #1 is a stretch, RedHat isn't exactly the cream of Linux distros.
There's _always_ another hole someplace that didn't get noticed yet.
Take a look at the errata page for RH_4.2_,
theres been 4 updates so far this year and this release has been around about 4 years!

Did you have a look at the recent KDE 2.0 beta or a recent KDE 2.0 CVS snapshot? [If you haven't, download from kde.org or get Red Hat Linux binaries here]

Anyone who looks at it anywhere near objectively will notice that anyone who has used Windows can deal with it - the interfaces are similar, and as far as differences are concerned, KDE 2.0 wins in usability.

Something similar can be said about GNOME 1.2, which just needs some more time to get all the functionality implemented.

Red Hat Linux 7.0 will (probably) have an autologin feature for people who don't want to get used to the login process, and other distributions will probably follow.

KOffice (obviously) integrates perfectly with KDE - even StarOffice adds itself to the KDE menus so even the most stupid user can find it. Both of them can read M$-Office files, so converting old documents shouldn't be much of a problem.

I doubt a stupid user could tell the difference between a Windows system and a KDE 2 system that has been configured to look like Windows.

I agree about the "Code it. Use it. Debug it." part though - we need to demonstrate that we are not just a viable alternative, but the better one - if people don't care about reliablity, efficiency and speed, it's not as easy on the desktop as on servers...

http://bugzilla.redhat.com/bugzilla/show_bug.cgi?i d=11876

Cheers.

• Use qmail or postfix instead of Sendamil.
• Make sure you have all security patches for your system installed. Redhat users, for example, can find those patches here.
• Linux users can read Linux weekly news for security updates.
• Manage your SUIDs. Make sure you keep a close eye on all your suids. For example, I use this script to put all my suid in the directory /suid/bin:

  #!/bin/sh
  
  find / -type f -perm +6000 > /root/suids
  
  for a in `cat /root/suids` ; do
  

  mv $a /suid/bin
  ln -s /suid/bin/`echo $a | awk -F/ '{print $NF}'` $a
  

  
  done
  
• Obviously, turn off all unneeded network services in /etc/inetd.conf and (usually) /etc/rc.d/rc3.d. You can see what services are running on your machine with netstat -na.
• For a UNIX that is free and (hopefully) secure out of the box, check out OpenBSD or Trustix.

- Sam

• Use qmail or postfix instead of Sendamil.
• Make sure you have all security patches for your system installed. Redhat users, for example, can find those patches here.
• Linux users can read Linux weekly news for security updates.
• Manage your SUIDs. Make sure you keep a close eye on all your suids. For example, I use this script to put all my suid in the directory /suid/bin:

  #!/bin/sh
  
  find / -type f -perm +6000 > /root/suids
  
  for a in `cat /root/suids` ; do
  

  mv $a /suid/bin
  ln -s /suid/bin/`echo $a | awk -F/ '{print $NF}'` $a
  

  
  done
  
• Obviously, turn off all unneeded network services in /etc/inetd.conf and (usually) /etc/rc.d/rc3.d. You can see what services are running on your machine with netstat -na.
• For a UNIX that is free and (hopefully) secure out of the box, check out OpenBSD or Trustix.

- Sam

Admitted, we don't have anything like MSDN yet - but that's changing... Stuff like developer.kde.org/ and developer.redhat.com isn't quite what it's supposed to be yet, but it's definitely getting there.

As for IDEs, maybe the proprietary ones suck - but did you check out KDevelop lately? While I personally still prefer the vi/make combination over any IDE, it should be easy enough for anyone to get started.

Not that I imagine for a moment that there haven't been problems with Athlon motherboards and systems. But there's no mention of "i820", "Cape Cod", "MTH" or "Rambus" anywhere, even though the Compatibility List as a whole was updated just last Friday. Moreover, the "Tier 1", "Tier 2" business is straight out of Intel's and Microsoft's playbooks for the power games they play with their resellers, big customers, "partners" and the like. (Remember the story of Microsoft's "Tier 1 OEMs" and the Windows 95 desktop from the trial?) Funny to see it turning up in a Linux distribution's HCL...

In this light, passages like "Non-Intel clone CPUs. These CPUs may not be any more "buggy" than pure Intel CPUs, but since the market size of these chips is smaller, what problems do occur seem to be harder to get around." look like subtle but classic IBM-school FUD. Paranoia is not my drug, and Red Hat is not my Great Satan, but I think I smell something fishy here.

Not that I imagine for a moment that there haven't been problems with Athlon motherboards and systems. But there's no mention of "i820", "Cape Cod", "MTH" or "Rambus" anywhere, even though the Compatibility List as a whole was updated just last Friday. Moreover, the "Tier 1", "Tier 2" business is straight out of Intel's and Microsoft's playbooks for the power games they play with their resellers, big customers, "partners" and the like. (Remember the story of Microsoft's "Tier 1 OEMs" and the Windows 95 desktop from the trial?) Funny to see it turning up in a Linux distribution's HCL...

In this light, passages like "Non-Intel clone CPUs. These CPUs may not be any more "buggy" than pure Intel CPUs, but since the market size of these chips is smaller, what problems do occur seem to be harder to get around." look like subtle but classic IBM-school FUD. Paranoia is not my drug, and Red Hat is not my Great Satan, but I think I smell something fishy here.

Are you by chance running a Red Hat distribution?

Red Hat tends to do things a little bit differently, I believe it has to do with the initial ramdisk (initrd) setup they use to load modules on boot-up.

Check Here for the Red Hat-specific kernel building HOWTO.

In addition to linux-ha, which includes links to Linux Virtual Server, Piranha, Ultramonkey, you can also find organizations that do this for a living. One (the company I work for, to be honest) is Mission Critical Linux. Specify what your needs are, exactly (web service, database failover, file system, etc), then look around.

By the way, is your consultant a reseller of Solaris (since I see he suggested that)?

jeff

--

--

It works on my RH6.1. Red Hat issued an updated initscripts package for 6.1 last November that corrects this.

--

the link in the post (to the RH announcement) is broken.
Check out the real announcement here: http://www.redhat.com/abo ut/2000/press_itanium-alpha.html

Linux AFAIK only has one version, RedHat (although other version known as "distros" exist, they are not 100% Official, like RedHat is.

The confusion about which BSD is the true "100% Official" BSD must be losing them users.

RedHat's 100% official RedHat site is at RedHat

Suspicious, I consulted my friendly install of StarOffice on my Linux machine. He didn't answer back, which is what I woudl have expected from M$ Office, and StarOffice continued to happily to my word processing without bother or error.

Moving back over to my Windows machine with M$ Office... that little MechWarrior like droid was not at all happy! He threatened to allow the 'I love you' worm to work its way through my machine via its evil powers of VB scripting.

Flustered... I then remembered who should be in control of the computer in the first place... ME! I promtly played my own ace-in-the-hole against that evil little M$ droid, named "F1", and hit the power button on the computer.

With F1 no longer being a concern, and no virus or VB script security problems on my Linux machine... I moved back over to the screen with the Gnome footprint eagerly waiting to do what I request without problem or crash.

I donned my red hat and rode off in into the lovely sunset with my StarOffice at my side.

Mark Papadakis, WebDeveloper

I am glad you pointed this out.

Evolution is logically split into two parts (there is a process barrier between these parts).

The first are the User Interface Bonobo components. The other part is the non-graphical part that actually drives the data back end (The Wombat process, which is also in turn a Bonobo component).

The Wombat does not use or require a windowing system to be running, it just acts as a serializer and as the data provider for the actual user interface. The user interface can be a terminal application talking to the Wombat trough CORBA, a Web-based mailer/calendar/addressbook, a custom application you wrote that uses any of the above services in Perl (using the Perl/CORBA bindings from Owen Taylor for instance) or an Emacs based interface.

A lot of love has gone into making Evolution "right" in as many aspects as possible.

We welcome more comments on it, and constructive cricitism.

Miguel.

CCVS was written by the guys at Hell's Kitchen Software which is now owned by RedHat. It's available for several OSen.

We use it at the dotcom where I work and it works pretty well. There are APIs for C, Java, Perl, PHP and Python and TCL. They guy who set ours up pretty much used their example code, grabbed the socket server code from the Perl Cookbook, added a few queries to our Oracle database and was good to go.

From what I hear, the support is pretty good as he's needed to call them a couple of times. I'm now supporting the software and I certainly haven't had any problems

Check out http://people.redhat.com/mingo/raid-pa tches/ and get raid-2.2.15-A0

Check out http://people.redhat.com/mingo/raid-pa tches/ and get raid-2.2.15-A0

Bill Gates, upon hearing this news, is reportedly trying to obtain a thermonuclear device to detonate in the slide area, which will cause a tsunami which will devastate much of the US East Coast, including Raleigh-Durham, NC and Washington, DC.

By this, Gates hopes to kill two birds with one stone, destroying the US Department of Justice and RedHat, a leading provider of the Linux operating system.

If I own an open source company like RedHat (or a similar company that has no proprietary code and is publicly held), then I could distribute this code like I would any other "sensitive information"? (of which I would have none, right?)

ftp.kde.org works for me...
If you still can't get there, you might want to try
http://people.redhat.com/bero/experimen tal/
or
http://www.nebsllc.com/kde/ftpkde2/curr ent/
for current KDE snapshots.

Note how Red Hat ignores the contributions of GNU (the GPL, gcc, core UNIX tools) in their version "Linux History." For someone who watched and played with Linux in 1992-1993, this ignores the major way in which GNU tools enabled Linus and collaborators worldwide to develop Linux. I've talked to the marketing manager personally about this (as an industry professional), and sent a follow-up email with a suggested "80s" timeperiod bullet and got no respose. It didn't make it on the priority list. This is precisely the reason I agree that Stallman's concern is justified. Corporate marketing of the Linux history will continue to ignore the contributions of freedom-oriented pioneers unless customers and contributors complain.

Even if you feel (like I do) that Stallman's attempt to relabel things is impractical, feel free to encourage (nicely) corporate marketing to at least acknowledge the *significant* GNU contribution in their version of 'history' at suggest@redhat.com.

--LP

how much of it is working so I can download it now and use it instead of netscape?

Almost all of the functionality is there right now, it just needs to be fixed up.

You can get a current copy out of the KDE CVS tree, or get an RPM at
http://people.redhat.com/bero/experimen tal/.

Konqueror is part of the kdebase package. It needs kdesupport and kdelibs to run.

Konqueror has not been released - konqueror.org has been.
Besides, you can run it from any desktop environment you want - as long as you have the KDE libraries installed, you don't need to be running KDE's window mangager or any other KDE tools to use Konqueror.

RPMs of a recent CVS snapshot for Red Hat Linux can be found at
http://people.redhat.com/bero/experimen tal/. Konqueror is part of the kdebase package.

Richard M. Stallman, the closest thing GNU has to a cult hero, calls Microsoft Windows a disruptive technology.

Microsoft Windows is not a disruptive technology. It's a wannabe operating system, and OSes aren't a thread to anyone - and if they were, it surely wouldn't be a good thing. Richard apparently is referring to the proprietary software movement and the sea change behind Microsoft products that has made them unsettling to more than one or two OS vendors.

What amazes me most is that proprietary software has gained so much momentum without showing any goods. It's a dot-com--all-hype and speculation and no fundamentals. It's like an onion in a bushel of apples. Someone might notice that it looks and tastes different, but peel away its layers, and there's nothing there.

In several years, one of the more high-profile proprietary software projects at its time - Microsoft Bob - has released exactly zero used copies of its interface. It won't be until Microsoft throws a copy into open source that anything usable will be released. And the result is a product that might have some good but not earth-shattering.

In fact, the best parts of Microsoft Bob have nothing to do with proprietaryness. The most important part of Microsoft Bob is that it runs on Windows - it's Microsoft's obvious attempt to tie in the product to a bunch of for-profit wannabe OS products.

Although Microsoft has had incredible stock market valuations at one time, it's very much down to earth right now. This means that they'll quickly have to expand beyond valuations centered on Windows.

Microsoft took the bait, creating MSN, an online service that, while fairly bad, had not much to do with Windows. Perhaps Microsoft needed to add another color to its spectrum. Maybe it will next buy AT&T to flesh out its all-American offerings.

It's clear that Windows has a future and that it's still attracting dumb people. Proprietary Software, on the other hand, appears to be struggling.

The reason is simple: People gravitate toward products, and proprietary software is not geared to create but to make money at the cost of freedom, stability and usability. It's best at tearing apart the establishment because it locks out valuable programmers who might want to improve the products.

But proprietary software advocates should face the facts: Put up some goods or your establishment will be ripped apart, too.

Are you a proprietary software advocate, or do you just not care? Let me know with the "Reply" button below.

The High availability cluster is something else entirely. These clusters are not built for speed, but rather reliability and distributed load bearing. It usually means a group of machines that behave to the user as if they are one. Kind of like a certain major website that we're on. You generally have one or two traffic servers whose job is to send requests to the computer that meets certain criteria. Perhaps you want load balancing web servers. The traffic computers would send some requests to one server, some other requests to the other server, and so on based on some predetermined criteria. It can also be used to make sure no requests go to a dead machine. There is some real good information on this out there, but the most easily digestible is probably at TurboLinux and their High Availability Cluster solution and RedHat with their Piranha solutions.

I know that was oversimplified, but I hope that it helps.

The Red Hat install lets you choose if you want a GUI at startup, or a console (i.e., runlevel 5 versus runlevel 3). It's a nice checkbox called "use graphical login". You can see it here as well as the GUI X configuration during the Red Hat 6.2 install.

In short, Red Hat has a lot more than most happy Mandrake users seem to think... ;)

Kudos to Mandrake though, they're now including Helix GNOME! My biggest gripe about Mandrake was always that GNOME never seemed to work flawlessly - there were always issues with GNOME in Mandrake (like the i18n in GNOME wasn't working no matter how hard I tried, although the rest of my Mandrake test system was internationalised).
Maybe it was just that KDE gets a lot more tested than GNOME in Mandrake. Many KDE users complain about the reverse situation in Red Hat - there's always issues with KDE in Red Hat. I don't know, since I'm a happy GNOME user.

I hope though that they dont include the Helix with the latest development gnome-core 1.1.9... Virtually all other gnome-cores in the devel 1.1.x series I have tested were really, really stable, with the notable exception of 1.1.9, which has a big nasty memory leak =(

I am using a very simliar setup. RH6.2 on a SONY Z505R (the modern one would be the HS or HE I think) with a Motorola L7089 tri-band phone. Works everywhere I've been (UK, Switzerland, Belgium, USA, Canada). No need for a modem either, just IR the phone to the laptop. Not the cheapest solution, but it does work well. Just make sure that you contact your local mobile provider and enable world-wide roaming. Some GSM providers have better roaming agreements than others. Shop around before you sign up if you are planning to roam in North America or Australia. I can't help much with that, since I am in Canada and use FIDO aka Microcell.

And no, this is not redundant, as this has not been posted on the Red Hat errata web site, or elsewhere on the web, yet as of this writing. I couldn't find it at least.

Begin letter.
----------------------------------------
Subject: SECURITY: [RHSA-2000:014-10] Updated piranha packages available
Resent-Date: 24 Apr 2000 20:33:43 -0000
Resent-From: redhat-watch-list@redhat.com
Resent-CC: recipient list not shown: ;
Date: Mon, 24 Apr 2000 16:33:32 -0400 (EDT)
From: Cristian Gafton (gafton@redhat.com)
Reply-To: redhat-watch-list@redhat.com
To: redhat-watch-list@redhat.com
CC: Linux Security , BUGTRAQ@SECURITYFOCUS.COM

-----BEGIN PGP SIGNED MESSAGE----- - -------------------------------------------------- -------------------
Red Hat, Inc. Security Advisory
Synopsis: Piranha web GUI exposure
Advisory ID: RHSA-2000:014-10
Issue date: 2000-04-18
Updated on: 2000-04-24
Product: Red Hat Linux
Keywords: piranha remote CGI command
Cross references: php

-------------------------------------------------- -------------------

1. Topic:

The GUI portion of Piranha may allow any remote attacker to execute commands on the server. This may lead to remote compromise of the server, as well as exposure or defacement of the website.

2. Relevant releases/architectures:

Red Hat Linux 6.2 - i386 alpha sparc

3. Problem description:

Piranha when it is installed generates a 'secure' web interface ID using the HTML .htaccess method. The information for the account is placed in /home/httpd/html/piranha/secure/passwords which was supposed to be released with a blank password. In fact the password that is actually on the CD is either 'q' or 'piranha'. It was intended that when the administrator loaded the piranha package onto their box, that it was their resonsibility to change that password. This is not a hidden account. It is meerly used to protect the web pages from unauthorized access. The security problem arises from the /home/httpd/html/piranha/secure/passwd.php3 file from which it is possible to execute commands by inserting them into the change password option eg entering 'blah;/bin/command to execute' into the field, and again to verify, everything after the semicolon is executed with the same privilege as the webserver. It is possible at this point to compromise the webserver or do serious damage to the site.

4. Solution:

For each RPM for your particular architecture, run:

rpm -Fvh [filename]

where filename is the name of the RPM.

Temporarily, you should set a password on the web pages as should be done when you first install the package for the sake of speed you can issue the following command htpasswd -c -b /home/httpd/html/piranha/secure/passwords piranha 'password of choice' In theory, this means only you have access to that area and you are hardly likely to try and exploit the problem yourself.

When you install the update for the piranha-gui, please take a moment to login into the gui frontend and set a password on the account (http://localhost/piranha)

5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info):

N/A

6. Obsoleted by:

N/A

7. Conflicts with:

N/A

8. RPMs required:

Red Hat Linux 6.2:

intel:
ftp://updates.redhat.com/6.2/i386/piranha-0.4.13-1 .i386.rpm
ftp://updates.redhat.com/6.2/i386/piranha-docs-0.4 .13-1.i386.rpm
ftp://updates.redhat.com/6.2/i386/piranha-gui-0.4. 13-1.i386.rpm

alpha:

And no, this is not redundant, as this has not been posted on the Red Hat errata web site, or elsewhere on the web, yet as of this writing. I couldn't find it at least.

Begin letter.
----------------------------------------
Subject: SECURITY: [RHSA-2000:014-10] Updated piranha packages available
Resent-Date: 24 Apr 2000 20:33:43 -0000
Resent-From: redhat-watch-list@redhat.com
Resent-CC: recipient list not shown: ;
Date: Mon, 24 Apr 2000 16:33:32 -0400 (EDT)
From: Cristian Gafton (gafton@redhat.com)
Reply-To: redhat-watch-list@redhat.com
To: redhat-watch-list@redhat.com
CC: Linux Security , BUGTRAQ@SECURITYFOCUS.COM

-----BEGIN PGP SIGNED MESSAGE----- - -------------------------------------------------- -------------------
Red Hat, Inc. Security Advisory
Synopsis: Piranha web GUI exposure
Advisory ID: RHSA-2000:014-10
Issue date: 2000-04-18
Updated on: 2000-04-24
Product: Red Hat Linux
Keywords: piranha remote CGI command
Cross references: php

-------------------------------------------------- -------------------

1. Topic:

The GUI portion of Piranha may allow any remote attacker to execute commands on the server. This may lead to remote compromise of the server, as well as exposure or defacement of the website.

2. Relevant releases/architectures:

Red Hat Linux 6.2 - i386 alpha sparc

3. Problem description:

Piranha when it is installed generates a 'secure' web interface ID using the HTML .htaccess method. The information for the account is placed in /home/httpd/html/piranha/secure/passwords which was supposed to be released with a blank password. In fact the password that is actually on the CD is either 'q' or 'piranha'. It was intended that when the administrator loaded the piranha package onto their box, that it was their resonsibility to change that password. This is not a hidden account. It is meerly used to protect the web pages from unauthorized access. The security problem arises from the /home/httpd/html/piranha/secure/passwd.php3 file from which it is possible to execute commands by inserting them into the change password option eg entering 'blah;/bin/command to execute' into the field, and again to verify, everything after the semicolon is executed with the same privilege as the webserver. It is possible at this point to compromise the webserver or do serious damage to the site.

4. Solution:

For each RPM for your particular architecture, run:

rpm -Fvh [filename]

where filename is the name of the RPM.

Temporarily, you should set a password on the web pages as should be done when you first install the package for the sake of speed you can issue the following command htpasswd -c -b /home/httpd/html/piranha/secure/passwords piranha 'password of choice' In theory, this means only you have access to that area and you are hardly likely to try and exploit the problem yourself.

When you install the update for the piranha-gui, please take a moment to login into the gui frontend and set a password on the account (http://localhost/piranha)

5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info):

N/A

6. Obsoleted by:

N/A

7. Conflicts with:

N/A

8. RPMs required:

Red Hat Linux 6.2:

intel:
ftp://updates.redhat.com/6.2/i386/piranha-0.4.13-1 .i386.rpm
ftp://updates.redhat.com/6.2/i386/piranha-docs-0.4 .13-1.i386.rpm
ftp://updates.redhat.com/6.2/i386/piranha-gui-0.4. 13-1.i386.rpm

alpha:

Oh, it's noticable -- even to the board of directors -- assuming you have time to look up/around you. Some of those that stayed were offered a substantial bonus to stay.

As you haven't given a name (I get three guesses, right? :-)) I don't know if you were around for whatever storm it was that proved Netscape + an SGI Challenge makes a bad web server (chris and I had both tweaked the holy hell out of that thing.) WRAL-TV brought over one of the VA Research boxes (my recommendation) and installed it. In the first 15 minutes, it served 300,000 pages using a 100% stock Redhat installation. After proper configuration -- which I will refer to as "magic" -- it was serving 300,000 pages per minute. I had nothing to do with what they installed in Server City. [The only problems I know of for the stuff in S.C. was due to the network hardware not the web server hardware.]

What "load"? It's been turned off or blocked all week.

All software should be open under a GPL or simpler license.

For the student, geeks and computer sciences that have to actucally work with the source code/software it is 100 times easier if the code is freely (as in speech) avaiable.

For the commerical blood suckers they should fight and make money on terms of good software/support and not on marketing and a huge amount of lawyers.

I am sorry, but I don't see ANY reason that software should be closed. What vaule does closed software have? less than nothing

Just because closed software has the ability to make immoral and unethical money though slezzy business practices, doesn't mean it is right. Business can make money though open source software and services, but the companies will have to work 100 times as hard, and compete based on product/service rather than lawyers/marketing.

Ohh you can see the rant building up in his eyes, lets get out of here, it is about to go off

From Redhat.com

Red Hat, the Red Hat "Shadow Man" logo, RPM, Maximum RPM, the RPM logo, Linux Library, PowerTools, Linux Undercover, RHmember, RHmember More, Rough Cuts, Rawhide and all Red Hat-based trademarks and logos are trademarks or registered trademarks of Red Hat, Inc. in the United States and other countries.

SPARC is a registered trademark of SPARC International, Inc. Products bearing SPARC trademarks are based on an architecture developed by Sun Microsystems, Inc.

Linux is a registered trademark of Linus Torvalds.

All other trademarks are the property of their respective owners.

Maybe this is what he was talking about? What if RedHat became THE Linux Distro that everyone used? Couldn't they at some point say damn the GPL our stuff is our stuff? (a stretch I know but this is probably what is feared).

-Marc

Does it run Linux? FreeBSD? InsertYourReligionHere?

To find out, I started here: the manufacturer's website

What I expected was to spend a few minutes digging around, finding what chipsets it used for various components, comparing with the hardware compatibility lists for my particular sect of Penguin Worship

What I did not expect to find was, in big bold purple letters, "Run Windows 2000/98/NT, Linux".

Not once, but twice. (Although not so big and purple the second time.)

It's also got an S-Video port, which purports to support both NTSC and PAL, and comes with an adapter for composite video output.

And 3D sound.

And 4mb of video memory, support 1280x1024x16.7M and 1600x1200x256.

Yikes. This thing is damn near perfect, considering it's not a Transmeta processor.

Hell, it's more powerful than my server. In fact, I ran an ISP once on far less box than this, serving thousands of customers.

Does it run Linux? FreeBSD? InsertYourReligionHere?

To find out, I started here: the manufacturer's website

What I expected was to spend a few minutes digging around, finding what chipsets it used for various components, comparing with the hardware compatibility lists for my particular sect of Penguin Worship

What I did not expect to find was, in big bold purple letters, "Run Windows 2000/98/NT, Linux".

Not once, but twice. (Although not so big and purple the second time.)

It's also got an S-Video port, which purports to support both NTSC and PAL, and comes with an adapter for composite video output.

And 3D sound.

And 4mb of video memory, support 1280x1024x16.7M and 1600x1200x256.

Yikes. This thing is damn near perfect, considering it's not a Transmeta processor.

Hell, it's more powerful than my server. In fact, I ran an ISP once on far less box than this, serving thousands of customers.

(As usual, because I have the bad luck of reading Slashdot in my time zone, my comment is hardly going to get read, let alone moderated. Oh well.)

I'm surprised nobody seems to remember Ken Thompson's ACM A. M. Turing Award reception speech, “Reflections on Trusting Trust”. If you haven't read that classic essay, you definitely should.

As mentioned in the Jargon File (which ESR surely knows about because he's the current editor of the Jargon File), Ken Thompson planted a Back Door in the login program of the first versions of Unix by planting another back door in the compiler itself. The back door was visible nowhere, neither in the sources of the compiler nor in those of the login program, and yet it was there all the same.

The moral of this is not that it might happen, but that it is possible. You've got to start trusting someone, somewhere. How do you know, after all, that Intel has not planted back doors in your microchip's microcode? Even if you could see the chip's complete source code (and you certainly cannot), the back door may be in the software that compiles the source code to the actual plans. (And even if you can see the complete plans and have a mammoth brain that can understand them, you can never be sure that there is no back door in the laws of physics.:-)

It would be quite possible, in Ken Thompson style, for a Linux distribution, say, RedHat, to put a back door in the version of gcc they use so that, even though they redistribute all the source, and pristine source at that, and even though the compiler bootstraps correctly, yet various binary programs are compiled with back doors in them. (Note that I'm not suggesting they could tamper with the binaries: that would be noticed sooner or later. Ken Thompson's trick is far more devious.)

You cannot bootstrap everything down to the hardware level, not even to the assembler level. And even if you do bootstrap everything, detecting the presence of a back door in the source is equivalent to the halting problem. Consequently, there is plenty of room for back doors even in an Open Source world.

The last thing I want to do is defend Microsoft. I don't use their products, so I frankly don't care how many back doors they might have planted. Nor do I want to advocate security through obfuscation, because that is the one thing that has never wored and never will. But I just want to say that security will never work if you don't start trusting at some point. Microsoft may have failed this trust, now or in other numerous occasions. But for ESR to say that there is no such need in the case of Open Source software is simply wrong.

1. Red Hat already has a PPC distribution, albeit an unsupported one. It's on their "Rough Cuts" CD. (A complete list of PPC distros is on the OpenPPC software page.
2. There are business problems at LinuxPPC -- I personally had to sue them to get paid for work I did. (Follow-ups in private, please.) In the process, I discovered that their papers of incorporation weren't in order and other irregularities.
3. LinuxPPC Inc. has only two assets: (1) A (sort of) well-known name, and (2) connections with the community. I'd argue that the latter is tenuous at best, and that developers would put their efforts behind a Red Hat brand without any money changing hands.

--Tom Geller, co-founder, The OpenPPC Project, for PPC hardware based on open designs.

P.S. I'm talking about LinuxPPC Inc., the corporation, not LinuxPPC.org, the community collaboration. And there are some individuals at LinuxPPC Inc. who are quite good (get well soon, Jason!). But Red Hat would be foolish to throw any money their way IMHO.

So that's who their model was...

• This one is more or less answered in the FAQ. Temporary maintainers will just have to work together. Real maintainers are supposed to tell the temporary maintainers where they want to take the package, and show at least a patch to show they can do something.
  
  Aside from that, first come first serve - once a package has found a new maintainer, it'll be removed from UFO (we can continue hosting it though).
• I haven't really thought about this, but I'd think someone who has maintained a program before will always have something to offer (experience, for instance). I guess it'll be a bit dependent on the particular package.
• This depends pretty much on the license - unless it's not open source, we don't intend to change licensing.
  
  The BSD license in general permits closed-source forks, the GPL doesn't (and licenses can't be changed without the consent of all contributors)