[LWN Logo]
[LWN.net]

Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise news for all interests


Sections:
 Main page
 Security
 Kernel
 Distributions
 On the Desktop
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters
All in one big page

Other LWN stuff:
 Daily Updates
 Calendar
 Linux Stocks Page
 Book reviews
 Penguin Gallery

 Archives/search
 Use LWN headlines
 Advertise here
 Contact us

Recent features:
- RMS Interview
- 2001 Timeline
- O'Reilly Open Source Conference
- OLS 2001
- GaŽl Duval
- Kernel Summit
- Singapore Linux Conference
- djbdns

Here is the permanent site for this page.

See also: last week's LWN.

Leading items and editorials


Wind River Systems buys into free software. Wind River Systems is well known as the largest vendor of proprietary software for embedded systems. It has been clear for a while that embedded Linux is a serious threat to this company's business; many have wondered just how Wind River would respond. Now we know. The company has announced the acquisition of all the "software assets" from BSDi, a long-time seller of BSD-based systems, and the current home of the FreeBSD project.

With this deal, Wind River gets the commercial BSDi system. It also gets the FreeBSD.org server, and, importantly, the services of FreeBSD hacker Jordan Hubbard. Wind River is also picking up Mike Karels and Kirk McKusick for good measure. The company thus has managed to create an impressive BSD-oriented staff in a major hurry.

Why BSD? Given the business climate, Wind River likely could have found an embedded Linux company that was willing to talk deals. Part of the explanation, certainly, is Wind River's distrust of the GPL. From the press release:

We believe that BSD's business-friendly license will allow our customers to take advantage of a widely tested and deployed infrastructure OS while protecting their intellectual property as they make modifications to the BSD source code or extend the functionality of the kernel. Offering BSD technology allows our customers to continue differentiating themselves in a very competitive marketplace.

Companies that modify and distribute an embedded Linux kernel must make their changes available in source form; BSD has no such constraint. Of course, applications running over the kernel can be purely proprietary with either system. But Wind River seems to think that this licensing difference will be enough to allow it to compete effectively against embedded Linux.

What may thus be developing here is the first full-scale commercial confrontation between Linux and BSD. The two systems compete in other areas as well, of course, but they don't often go directly against each other. It will be interesting to see how this one turns out. The fun part, of course, is that free software may well win either way.

[LSB] The Linux Standard Base needs you. The May 28, 1998 LWN carried this proposal for the creation of a "Linux Standard Base." It was signed by an impressive list of Linux luminaries, and had these plans:

The Linux Standard Base project will provide a vendor-neutral standard, backed by source code, upon which to build Linux distributions, much as the Linux kernel project provides a single kernel that is shared by all distributions. This standard base will be distributed as a reference platform from which Linux distributions may be derived and which application producers may use for testing, but it will _never_ be targeted to be an end-user solution in itself, as that is the role of the Linux distributions that incorporate the standard.

The purpose, in short, was to encourage the development of Linux applications by ensuring that these applications could easily run on all (LSB-compliant) Linux systems. Conversely, it was hoped that the LSB would help to maintain the diversity of Linux distributions by preventing situations where users had to buy a particular distribution to run the applications they needed.

That was almost three years ago. Since then, progress on the LSB - at least, to outside observers - has seemed painfully slow. The Filesystem Hierarchy Standard has helped to move the distributions toward standard file layouts, but the full LSB has not been forthcoming.

The wait is almost over. The LSB project now has a whole set of offerings, and is looking to the Linux community to look it all over and provide feedback. With luck and some help, the 1.0 LSB release will happen by the end of this year.

Here's what's available:

  • Version 0.7.5 of the LSB specification is available for review. It's a lengthy document, but it is the core of the LSB. It's ready for a wider crew of debuggers; please consider having a look. There is a review page available which makes it easy to provide comments on the specification.

  • The lsbdev package is available for download. This package currently provides two utilities. lsbappchk will check an application for LSB compliance; it makes sure that the application only uses standard libraries, functions, etc. lsblibchk, instead, checks a distribution to be sure that it is offering all the libraries and associated facilities that the LSB requires. Both utilities are in need of review; check out your applications and systems. If the checkers produce bogus information, the LSB review page can be used to report problems.

  • Finally, there is even a reference implementation of an LSB-compliant system which is available for download and review. It is based on the public beta of Caldera OpenLinux Workstation 3.1, so you first have to get that. Then an add-on package is available from the LSB download site. Put the two together, and you'll have an LSB system. Once again, testing and feedback are needed.

We need a good LSB. It is the standard that will help us to maintain a free operating system that is rich in both applications and distributions. With enough eyeballs, with LSB 1.0 release will be both solid and timely. Taking a look at the LSB is a good way to help the World Domination cause; please consider taking some time and giving the project a hand.

The Linux 2.5 kernel hackers summit was held on March 30 and 31 in San Jose, California. It was an intensive two days of [Kernel summit] presentations and discussions on the directions that 2.5 development might take. LWN editor Jonathan Corbet, by virtue of being a kernel hacker wannabe (and the co-author of the second edition of Linux Device Drivers, which is due out from O'Reilly this (northern-hemisphere) summer) was able to be present at this event; please have a look at LWN.net's Kernel Summit Report for a description of what transpired.

See also the annotated group picture from the summit; we've attached names to the faces and made the result available in a single, 400KB image.

The summit sessions were taped, and will be made available on the web in the near future; we'll put out a note when that happens.

Things that upgrade in the night. Well-known human-computer interaction expert Bruce Tognazzini recently posted this rant about an automatic "upgrade" to his Replay TV box that, for him, downgraded the value of the system. Bruce thus joins the growing crowd of people who realize that it is important to have control over the computers in our lives:

Unless people are protected from purposeful and involuntary downgrades in the usability of already-purchased products, we will see a deterioration of consumer rights unimagined before. 'Buyer Beware!' is one thing, but how can you beware of what the manufacturer will do to damage or degrade your product years after you bought and paid for it?

Another midnight upgrade story can be found via the RISKS Forum. It seems that an automatic upgrade for MSN users resulted in many of them unknowingly calling long-distance numbers to connect to the service. They only found out when their phone bills arrived.

Both cases are examples of a remote corporation empowering itself to change the operation of equipment that does not belong to it. This sort of behavior is a threat to freedom. The ability to add undesirable "features" has been documented in the two postings mentioned above, and in many other places. There are also, of course, some serious security issues. The ability to drop software changes into other people's computers is guaranteed to attract the attention of unpleasant people. Given the industry's inability to protect its internal systems, or the credit card numbers of its customers, it would be a mistake to expect them to do better with their automatic upgrade facilities. Expect to see a major crack along these lines sooner or later.

Of course, we Linux users need not fear this sort of problem. The source is open, and we have control over our systems. We'll never get nailed by an automatic upgrade from outside.

Right? Well, maybe not. Let's ignore the problem of embedded systems (LWN has harped on that problem before) and take a look at plain old Linux computers.

Consider all the businesses out there that have chosen update services as one of the growth areas of the near future. Acrylis, Aduva, Eazel, Red Hat, Ximian, and others are all pushing offerings in this area. And the Debian distribution, ahead of its time as usual, has had this capability for years. The services offered by these companies can be configured to automatically fetch and apply updates. In the middle of the night, of course.

Many LWN readers would never enable this sort of automatic update on their systems. But as the adoption of Linux grows, there will be an increasing number of Linux administrators with relatively low technical skills; many of them will be happy to accept this sort of service. And perhaps they should; none of the recent batch of Linux worms would have gotten very far had the widely-available security updates been applied everywhere. Automatic updates could, perhaps, increase the security of the net as a whole.

But, as we have seen, automatic updates also bring risks. The Linux community is not immune to the problems that these services bring, and could even turn out to be more vulnerable than many others. There is a real potential for trouble here.

Microsoft's Passport License. Many pixels have been expended on the terms of use for Microsoft's Passport service, which would appear to give Microsoft a free license to use any material or ideas that pass through the service. People have expressed fears that, for example, GPL code which is mailed through Hotmail could end up with a dual license that would allow Microsoft to use it in a non-GPL way. There have been loud protests, and some sites are beginning to block mail from Hotmail as a form of protest.

LWN doesn't have much to add to what has been said already. For those who are curious about this situation, we recommend a look at the Microsoft Passport License Dangers page on the TroubleShooters.com site.

Inside this week's Linux Weekly News:

  • Security: "Adore, a worm", Engarde Secure Linux, No backdoor in the Linux kernel, new vulnerabilities in BEA Weblogic and Tomcat, FreeS/WAN 1.9, Alamo, an "antidote" to Knark.
  • Kernel: Is 2.4 ready for prime time?; fixing the scheduler; the new kbuild system.
  • Distributions: A man page for every command, transitions for the Debian project, Rock Linux distribution survey, Engarde Secure Linux, and more.
  • On the Desktop: Printers galore, GNOME 1.4, and the KDE core (release, that is).
  • Development: Perl6 design, state of embedded Linux, streaming media, FreePM.
  • Commerce: Atipa sells hardware division to Microtech; Norwegian State Consulting coordinating agency recommends use of Linux.
  • History: Three years ago, Mozilla is all the rage; One year ago, Microsoft is a monopoly says the court.
  • Letters: Mozilla at 3; ideological differences.
...plus the usual array of reports, updates, and announcements.

This Week's LWN was brought to you by:


April 5, 2001

 

Next: Security

 
Eklektix, Inc. Linux powered! Copyright © 2001 Eklektix, Inc., all rights reserved
Linux ® is a registered trademark of Linus Torvalds