LINUX GAZETTE

[ Prev ][ Table of Contents ][ Front Page ][ FAQ ][ Next ]

"Linux Gazette...making Linux just a little more fun!"


News Bytes

Contents:

Selected and formatted by Michael Conry

Submitters, send your News Bytes items in PLAIN TEXT format. Other formats may be rejected without reading. You have been warned! A one- or two-paragraph summary plus URL gets you a better announcement than an entire press release.


 November 2001 Linux Journal

The November issue of Linux Journal is on newsstands now. This issue focuses on Linux Enterprise and presents the results from the annual Readers' Choice Awards. Click here to view the table of contents, or here to subscribe.

All articles through December 1999 are available for public reading at http://www.linuxjournal.com/lj-issues/mags.html. Recent articles are available on-line for subscribers only at http://interactive.linuxjournal.com/.


 November/December 2001 Embedded Linux Journal

Issue #6 of Embedded Linux Journal has articles about choosing an embedded distribution, building a minimal glibc, Linux single-board computers, and more. Plus a cool chicks-on-a-motherboard cover.

Click here for the table of contents.

Embedded Linux Journal is available free to qualified subscribers in the USA, Canada and Mexico. Click here to subscribe.


Legislation and More Legislation


 Alan Cox Censors Kernel Changelog In Response To DMCA

In Linux 2.2.20-pre10's changelog, Alan Cox refuses to list the details for some "security fixes", writing, "Details censored in accordance with the US DMCA". Apparently file ownership and permissions might be used to protect a copyright, and highlighting the fixes in a changelog could thus be seen as publishing information on copyright circumvention. There was a thread of discussion leading from this decision on linux-kernel, with some list-members feeling that Alan was overreacting. Others made the very fair point that it was up to Alan whether or not he wanted to take the risk of potentially violating the DMCA. Alan's position is that he has taken legal advice, and that this is the most prudent course of action.

LWN's coverage of this story highlighted the fact that although the changelog is censored, the actual code and patches are not. This was also noted on linux-kernel. Rik van Riel posted a link (on Slashdot and linux-kernel) to http://thefreeworld.net/ where you can get the changelog, along with other information/tools not allowed in the US (this is for non-US visitors). Further comments can be found on Slashdot, where the story popped up, and here on The Register.


 An Irish Perspective

With the current confusion and controversy regarding US law relating to software and technology (reported last month in News Bytes), it might be of interest to take a glance at how these issues play out elsewhere, such as Ireland. The IT sector has been a big contributor to Ireland's recent economic upturn. However, there have been relatively few policy developments in the area. One of the more significant government initiatives has been the Electronic Commerce Act(2000)(PDF). A more readable commentary on the act is available. One important, and encouraging, inclusion is the recognition of the right to strong cryptography. As is pointed out in the commentary,
"...the Act provides for a court order to be issued requiring a person to disclose the encrypted evidence in a plain-text form. However, section 27 of the Act specifically provides that nothing in the Act shall have the effect of requiring the disclosure of unique data such as codes, passwords, algorithms, private cryptographic keys..."
There is also a rejection of the concept of key escrow, which is reiterated in the Government Policy on Cryptography and Electronic Signatures, which also asserts the right to free choice of cryptographic method. Partly, these policies were adopted because they were seen as pro-business: technology companies are more important to the Irish economy than media companies. Another factor that may have influenced this decision is the fact that Ireland's communications are vulnerable to monitoring by other states for conventional or industrial espionage. Such allegations were made against the UK regarding Capenhurst Tower. On a European wide level, similar concerns have been raised regarding UK and USA involvement in Echelon.

The UK has taken a less liberal approach, in particular in the Regulation of Investigatory Powers Act. The Irish Government was keen to follow a different route, in the hope that this would encourage inward investment in the electronic commerce and software sectors. The electronic signing by Bill Clinton and Bertie Ahern of a communique on electronic commerce in September 1998 was a high profile publicity stunt to reinforce this image. This, and other pro-business policies, were successful, moving Ireland to the position of second largest exporter of software in the world.

Another significant influence on Irish policy is the European Union. This is not necessarily a bad thing, as some good policies have come from the EU. The Echelon document mentioned earlier states "...e-mails can and should be encrypted by everyone", and is a valuable wake-up call to the importance of security. Bruce Schneier has lauded the EU for taking on board security professionals concerns regarding the new EU Cybercrime Treaty. Additionally, the European Patent office does not grant software patents. A much more disturbing development is the The EU Copyright Directive. Like the DMCA, this is inspired by the World Intellectual Property Organization, and it has some similar provisions. However, European directives are guidelines for national laws, and certainly do not override national constitutions, so there should be a longer road before the EU is fully subject to DMCA style rigour.

On the broader theme of civil liberties and misuse of power, there are valuable lessons to be learned from Ireland's experiences. Ireland's troubled political history has in the past led to some very harsh laws such as the anti-terrorist Offences Against the State Act, repeatedly condemned by Amnesty International. Also, there was significant abuse of 'phone tapping, with both journalists and politicians the victims. Phone tapping has valid security uses, as might some of the measures which has just been enacted enacted in the United States, but it is very easy to misuse. Although the current Taoiseach (Prime Minister) has apologised for the abuse, much harm has already been done. Indeed this controversy has flared up again, as one of the ex-ministers responsible for the wiretaps (and opposed to apologies) is now chairing a government telecoms enquiry.


 Anti-Terrorism Bills Compared

The American Civil Liberties Union (ACLU) have prepared a chart showing the differences wiretapping/surveillance provisions between current law and various Anti Terrorism bills: The originally proposed Bush Anti-Terrorism Act (ATA), the House Judiciary compromise Patriot Act, the Senat-Passed USA Act, and the House Passed USA Act. There are also ACLU comments on each.

At Security Focus, Richard Forno has written on these issues, and on the danger of too-readily sacrificing freedoms. Richard Stallman has also commented on the dangers of erosion of civil liberties, in particular under the USA Act.

On Wednesday 24th October, the USA Patriot Act (HR 3162) was passed by the house of representatives 357-66, and the following day by the Senate, 98-1, with Russ Feingold the only dissenter.


 James Love on Lobbying and Hague Conventions

Slashdot had a recent interview with consumer advocate James Love. He has some ideas on getting decision makers' attention which may be of special interest to Linux advocates. In particular, he recommends writing to congressional staffers that are working on the specific issue, rather than just to congress members. Also, he mentions that it is worth writing letters to well-read newspapers (or local newspapers of a Congress member you want to reach).

This tactic could be surprisingly effective. I know for a fact that in government departments in my own country, Ireland, that civil servants are assigned to read the major newspapers and cut out articles that are relevant to their department. Particular attention is given to the letters page, and these clippings are seen by the head civil servants and ministers (i.e. decision/policy makers) in each department.

One other issue, raised by Love, which might be of particular relevance here, is the Hague Convention on Jurisdiction and Foreign Judgements. This is a subject on which James has commented extensively. The convention in question is a treaty that would implement, among other things, cross-border patent enforcement. "Everyone would be liable for infringement of foreign patents, and the Hague Convention would give exclusive jurisdiction for both validity and infringement in the county of registration." There is an an online introduction to this subject, by James Love. The official website is at: http://www.hcch.net/.


 RIAA mischief

Slashdot quotes Wired's allegation that the Recording Industry Association of America (RIAA) tried (and failed) to get inserted into the Anti-Terrorism bill a provision that would allow it to hack into your computer to see if you had any unauthorized MP3s and delete them. It seems they think they had this right all along (!) but are afraid they might get branded as Cyber-Terrorists if they tried it under the new USA-Act! Of course, the biggest concern is collateral damage to your computer, which RIAA wants to shirk responsibility for. This story was also picked up by ArsTechnica. The RIAA later published a rebuttal, which doesn't really contradict much of what was written, but spins differently.

In a similar vein, though perhaps inaccurately, The Register reported on a secret meeting between Senators Fritz Hollings, Ted Stevens, and representatives of RIAA and the big media companies. Interesting reading, but now comes the caveat: "Our source may not be all he or she claimed to be, and serious doubts have been cast on the veracity of the comments attributed to the RIAA's Rosen and co."


 But Didn't the Hijackers Already Present Valid ID?

Slashdot ran a story on how both Oracle and Sun are pressing for a national ID card, powered by their own systems. Nice business trick, cashing in on current hunger for any available and visible security measure. This was also covered by The Mercury News here. For a rational assessment of current security concerns take a look at Bruce Schneier's Crypto-Gram special issue devoted to the September 11 terrorist attacks and their aftermath. It is also an excellent source of links. A fine point he makes is that many new "security" measures are aimed at making people think they are more secure, rather than actually improving real security. If you then throw into the mix the interests of powerful lobbies opposed to free communication, you get an unpleasant mix.


 SSSCA update

ZDNet report that some tech heavyweights (Intel, IBM, Microsoft, etc.,) have objections to the proposed SSSCA bill. Indeed Slashdot later highlighted reports that the Senate Commerce Committee's hearings on the Bill have been postponed due to mounting opposition. It's not dead yet, but this should be positive.


Linux Links


Linux Focus
The following articles are in the November-December issue of the E-zine LinuxFocus:

Some links found recently on Slashdot

The Duke of URL have

CNET have reported that Amazon.com significantly reduced its IT budget by migrating to Linux.

Details, at Cryptome.org, on the "Beale Screamer" anti-DMCA MS Digital Rights Management circumvention. Further information.

Linux Weekly News reported that the W3C is eager to adopt patented technology in standards. More details on LWN and summary here.

Opera (among others) had a bit of a tussle with Microsoft over MSN not allowing connections from non MS browsers. MS backed down.

What good is a Linux client? IBM's Mark Chapman give you the benefit of his own experience as a Linux newbie changing over from Windows.

Virus writers are industrial terrorists says Microsoft, as reported by The Register.

Linux.com have an introduction to using the Snort Intrusion Detection System. Further reading here, courtesy ILUG.

In LWN, Michael Hammel, who used to write LG's _The Graphics Muse_ column, surveys Linux's repitoire of games, both old and new, free and commercial. This is a very quick overview of the kinds of games Linux has, and its support for gaming technology.

IBM is working with Citizen Watch to develop a Linux watch. There's a photo of a prototype showing Tux on the screen.


Upcoming conferences and events

Listings courtesy Linux Journal. See LJ's Events page for the latest goings-on.

5th Annual Linux Showcase & Conference
November 6-10, 2001
Oakland, CA
http://www.linuxshowcase.org/

Strictly e-Business Solutions Expo
November 7-8, 2001
Houston, TX
http://www.strictlyebusinessexpo.com

LINUX Business Expo
Co-located with COMDEX
November 12-16, 2001
Las Vegas, NV
http://www.linuxbusinessexpo.com

15th Systems Administration Conference/LISA 2001
December 2-7, 2001
San Diego, CA
http://www.usenix.org/events/lisa2001


News in General


 W3C and Patents

Linux Weekly News recently reported that W3C has a draft policy which would allow patented technology to be included in web standards. LWN has a good commentary on the issues, which could ultimately endanger the future of free software on the internet. The "Scalable Vector Graphics" (SVG) standard, already adopted by the W3C, includes patented technology from Apple. The W3C is already behaving as if the new policy were in force.

What most disturbed many observers was the under hand way in which the change was apparently being sneaked through. The "consultation period" came to most peoples attention thanks largely to LWN's Adam Warner who posted this message. Following this comments in W3C's comment thread turned sharply against the idea once it became generally known. Included are comments by Linux bigwigs. Many of the most important posts are linked from LWN. Some predict that this could lead to a situation similar to the one following the patent rows surrounding GIF's, and the subsequent development of PNG's. LWN suggests the possibility that in the future, the free software community may have to form another web standards committee to compete with W3C if W3C starts destroying the web with non-open technology that threatens the web's universal viewability.


 LWN in Difficulties

Unhappy news, Linux Weekly News is facing the budget shortfalls common to free web news sites. In particular, Tucows is no longer able to continue providing support. As a result, Michael Hammel, LWN "On the Desktop" columnist (and former LG "The Graphics Muse" columnist) is leaving LWN. We wish Michael well.

More disturbing is LWN's prediction that, "Unless we can come up with a way of paying salaries soon, LWN risks dropping off the net entirely." There is a mailing list to discuss LWN's future at http://vena.lwn.net/mailman/listinfo/discussion (now needs registration). This news was also discussed on Slashdot.


 Kernel Vulnerability

Slashdot reported on a recently spotted kernel vulnerability. Details are available in a mail from Rafal Wojtczuk. Briefly, There are two bugs present in Linux kernels 2.2.19 and below, and 2.4.9 and below (2.4.10 may be vulnerable too). The first vulnerability results in local DoS (based on deeply nested symlinks. The second one, involving ptrace, can be used to gain root privileges locally (in case of default install of most popular distributions). Linux 2.0.x is not vulnerable to the ptrace bug mentioned. Kernel patch is included at the end of the mail and here. Red Hat have updated kernel packages available for 2.4 and 2.2 kernel series.
Details of updated Debian source packages (i386) are available in this post, updated kernel images are also available. Check your own distro's web-page for updates.


 Linux Making Inroads

Three separate stories pointing towards possibly more widespread adoption of Linux in the near future. First, in what one might call the birthplace of Linux (and certainly Linus!), The Register reports That Finnish local government is leaning away from Windows and towards Linux. The city of Turku, population around 200,000, has reacted to Microsoft's latest licensing changes by kicking off a study of Linux alternatives.

Also in Europe, IDG.net have reported that Germany's lower parliament (the Bundestag) is considering switching from Windows to Linux for its 5000 computers. The main reasons are for security, stability and (again) to save money in the face of MS's new upgrade terms. The parliamentary committee will decide late this year or early next year which OS will replace its current version of Windows NT.

Finally, Technews.com have run a Thai story: that Thailand's government will back the idea of using free, Thai-language 'open source' software as a way of reducing spending and software piracy. An official is quoted: "To be independent from foreign software, the country needs to build a knowledge base along with developing human resources and work based on open source software."


 Linux NetworX Cluster Aids BioCryst in Medical Development

Linux NetworX, have announced that BioCryst Pharmaceuticals, is now using a Linux NetworX Evolocity cluster to aid in creating pharmaceuticals for the treatment of human disease and illness such as influenza and hepatitis C. Implementing an innovative drug discovery approach, scientists at BioCryst create synthetic small-molecule inhibitors, atom by atom, to bind with specific disease-causing proteins or targets.

BioCryst's new Evolocity cluster includes 32 Pentium III 933 MHz processors, with 16 GB of memory and a 10/100 Ethernet network. Linux NetworX configured the cluster to handle complex computer modelling applications, such as X-ray crystallography and combinatorial chemistry. BioCryst utilizes the Linux NetworX ClusterWorX management software and signed an on-going service agreement as well.


 ALS for free: Oakland November 5th-10th

In response to an uncertain political climate and the recent economic downturn, the USENIX Association and the Atlanta Linux Showcase, Inc. jointly announced today that they will offer free registration to everyone wishing to attend technical sessions at next month's Annual Linux Showcase & Conference in Oakland, California. USENIX and ALS are making this unprecedented offer because they believe the networking opportunities and high-calibre technical content at this conference provide an important service to their membership and the general open source community.

"We recognize this may only be a temporary readjustment until the 'brick and mortar' companies start using open source products to a greater degree. Therefore, we feel that it is crucial to provide current technical information to the community at this time," said Jon "maddog" Hall, USENIX Director and ALS Invited Talks Program Chair. "There are also several political issues facing the open source community right now such as DMCA, SSSCA, copyrights, and software patents. The ALS invited talks track reflects this and we felt that we could not put off these important discussions to a later time."


 SAIR Linux and GNU

"For the third consecutive show, SAIR Linux and GNU's partnership with IDG was a huge success. As the leading developer of vendor neutral training curriculum and certification materials for open source software, SAIR Linux and GNU offered free Linux review sessions and free certification testing at the LinuxWorld Conference and Expo event which took place at San Francisco's Moscone Center. SAIR Linux and GNU served as the official Certification Sponsor for the August 27 thru August 30 event which welcomed more than 18,000 attendees and 180 exhibitors."

For more information on the success of the LinuxWorld Expo, visit http://www.linuxcertification.com/linuxworld/ or http://www.linuxworldexpo.com . You can also access additional information about SAIR Linux and GNU Certification or locate a training center, by visiting www.linuxcertification.com. Additional information about testing can be found at www.2test.com or www.vue.com.


Distro News


 Debian

The Debian HURD iso images are now available from your local ftp.gnu.org mirror. There are 3 iso's available, but you only need the first one to get a system going, so get downloading now!"


The position of Debian Security Secretary has been filled, with the appointment of Matt Zimmerman and Noah Meyerhans to the role.


Details of an updated webalizer package were posted on Debian Changes. It fixes a bug whereby Webalizer stopped working on Oct 5th, 2001.


 Red Hat

Red Hat have released Red Hat Linux 7.2. Naturally, there is a press release, with details of the new features (includes Gnome 1.4, Nautilus, and ext3).


 SuSE

SuSE Linux, have announced SuSE Linux 7.3, in both Professional and Personal editions. Recognising security concerns SuSE Linux 7.3 offers Features include KDE 2.2.1, Linux Kernel 2.4.10 with glibc 2.2.4, an extended range of drivers and improved USB support, with better automatic hardware detection.


SuSE Linux presented the third generation of its e-mail solution at the IT expo SYSTEMS, held in October in Munich. SuSE Linux eMail Server III is a solution for small and medium-size enterprises, dedicated workgroups and government administrations. A new feature is Skyrix which provides calendar and scheduling functionalities for booking appointments, rooms, or other resources.


Software and Product News


 Gnect

Gnect is a theme-able "four in a row" game for GNOME. Similar to Tetris, but the object is to get four marbles/tiles in a row in any direction within a 7x7 grid. The tiles do not automatically descend, so there's no time limit. You choose the column and the tile drops from the top. License GPL, including the Velena strategy engine.


 Loki

Courtesy of Slashdot, comes the news of Loki's upcoming game: Postal Plus. Loki have a press release with more information.


 MOSIXVIEW Cluster Management Software

Matthias Rechenburg, in co-operation with the Technical University of Jerusalem, has developed a new Cluster-management software for Linux: MOSIXVIEW. This software is based on the MOSIX-Cluster technology, and contains some helpful, MOSIX-specific applications for cluster-management. MOSIXVIEW was developed to simplify management activities and provide a graphical user-interface. You could manage a nearly infinite number of hosts with it.

MOSIXVIEW is free for download and is based on the GPL-licence model. For more information, consult http://www.mosixview.com or http://www.waplocater.de/mosixview/. Also, Linux Focus have taken a look at this package.


 webMathematica Brings Computation to the Web

Wolfram Research, maker of Mathematica technical computing software, have announced the release of webMathematica. webMathematica is built on Java servlets, making it compatible with any web server, servlet engine, or application server that supports the Servlet 2.0 API or higher. webMathematica is initially available for Windows 95/98/Me/NT/2000 and Intel-based Linux platforms. webMathematica enables users to:


 PHP Black Book, new from Coriolis

Coriolis will soon be releasing their first book in the PHP field: the PHP Black Book is a reference to the PHP open source scripting language version 4, written by Peter Moulding. The book is oriented toward creating business applications, written by an experienced author and developed as a problem-solving reference rather than a tutorial. The author has contributed to www.phpbuilder.com.


 Micro Sharp Technology and Astaro Firewall Partnership

Micro Sharp Technology have announced an agreement with Astaro to market their Firewall software product as part of the Netule line of products. Netule is a robust, thin server appliance solution. The OEM version will allow hardware systems builders to supply a low cost, robust server appliance solution for small and medium sized business.


 IMA Internet Exchange Messaging Server 5.1

International Messaging Associates has just released the latest in its top Messaging Solution - Internet Exchange Messaging Server (IEMS) 5.1. Among other features, IEMS 5.1 has enhanced virus and spam detection control and adds an Attachment Removal Filter Module. In an introductory offer, IMA is giving away 15-user licenses for free. IEMS5.1 is interoperable in Linux and Windows and will add support for Solaris and HP-UX by late-October. Government and enterprises planning to shift their messaging platform from Windows to Linux will be able to simply auto-migrate their MS Exchange mailboxes to IEMS. IEMS 5.1 can be downloaded from http://www.ima.com/download/v5eval.html.


Copyright © 2001, Michael Conry and the Editors of Linux Gazette.
Copying license http://www.linuxgazette.net/copying.html
Published in Issue 72 of Linux Gazette, November 2001
[ Prev ][ Table of Contents ][ Front Page ][ FAQ ][ Next ]