|
ru.linux
- RU.LINUX ---------------------------------------------------------------------
From : Sergey Lentsov 2:4615/71.10 14 Mar 2002 18:30:52
To : All
Subject : URL: http://www.lwn.net/2002/0314/
--------------------------------------------------------------------------------
[1][LWN Logo] [2][oasisi.php?s=2&w=468&h=60]
[LWN.net]
Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise news for all
interests
Sections:
Main page
[3]Security
[4]Kernel
[5]Distributions
[6]Development
[7]Commerce
[8]Linux in the news
[9]Announcements
[10]Letters
[11]All in one big page
Other LWN stuff:
[12]Daily Updates
[13]Calendar
[14]Linux Stocks Page
[15]Book reviews
[16]Penguin Gallery
[17]Archives/search
[18]Use LWN headlines
[19]Contact us
Recent features:
- [20]2001 Timeline
- [21]O'Reilly Open Source Conference
- [22]OLS 2001
- [23]Gael Duval
- [24]Kernel Summit
- [25]Singapore Linux Conference
- [26]djbdns
Here is the [27]permanent site for this page.
See also: [28]last week's LWN.
Leading items and editorials
Not good enough. A look at [29]this week's LWN Security Page shows
that it has been a busy week. The PHP updates were still wandering in
when problems turned up with OpenSSH and the zlib library. This is a
scary set of vulnerabilities.
PHP is present on, according to the [30]PHP usage page, well over
7 million domains. OpenSSH can be found on most security-conscious
systems. And the zlib library finds its way into no end of
applications, and even the Linux kernel. Each of these vulnerabilities
has instantly exposed a large portion of the entire installed base of
Linux (and Unix) systems. (In all fairness, it's not clear that the
OpenSSH bug is exploitable remotely, and the zlib problem looks like a
hard one to take advantage of). This is the stuff that large-scale
damaging worms are made of.
It is fortunate, in other words, that nobody with the requisite skills
felt the whim to take down the Internet with these vulnerabilities.
The cause of Linux World Domination would certainly be set back a bit
if vast numbers of Linux systems simultaneously fell prey to a vicious
attack. One of these days, a widespread vulnerability will be
discovered by somebody with hostile intent; that will not be a good
day.
The security of open source software may well be better than that of
proprietary code, but it's clearly not good enough. We are all exposed
to vulnerabilities lurking in code that we depend on every day. The
free software community has to improve its security performance soon,
or somebody is going to rub our noses in how bad it really is.
The GNU HURD will be ready by the end of the year, or so says Richard
Stallman in [31]this PC World article. Says Richard:
We actually have the GNU kernel working, and we can now produce the
GNU system, as opposed to the GNU/Linux system that people have
been using so far.
The HURD, of course, is the operating system kernel built by the GNU
project, which is based on the Mach microkernel. It has been under
development since 1990, and many have despaired of seeing it ever
reach a releasable state. But most have paid little attention; the
Linux and BSD kernels have been more than adequate for a long time.
What is the point of releasing a GNU kernel now?
There's a few obvious reasons that come to mind. One is that it is, in
a real sense, the completion of the GNU project as laid out by Richard
Stallman almost 20 years ago. The microkernel architecture is seen by
some as being inherently superior to the monolithic design of the
Linux kernel (though there is hardly a consensus on that point).
Finally, one should not overlook this other quote from the PC World
article:
Distributions of GNU/Linux include commercially licensed software,
and that diverts the user and developer community from the goal of
freedom, according to Stallman. "One of the reasons we are looking
forward to having the GNU system finally available from the GNU
Project is that it will be only free software," Stallman added.
It will take an interesting interpretation of the GPL and LGPL to keep
proprietary software off the GNU kernel, but it appears that RMS is
planning to try.
The chances are that no mainstream commercial software house would try
to challenge a "free software only" edict for the HURD kernel. Linux
and BSD both, after all, have no problem with proprietary
applications. Thus, it seems unlikely that the HURD will mount a
substantial challenge to the established free kernels anytime soon.
Unless, of course, the claims of technical superiority turn out to be
true. If the HURD really is that much better, we may yet find it on
our desktops, and "the GNU/Linux system that people have been using so
far" could find itself consigned to history. But the HURD will have to
be a lot better...
Running a free software business with donations. MandrakeSoft, the
publisher of the Mandrake Linux distribution, has put out [32]its
strongest call yet for donations to help keep the business going:
As a company, we make our revenue by selling packaged versions of
the distribution and by delivering services such as consulting,
training, etc. -- but our development costs and community-based
services are not yet covered by income. It is estimated that we
will "break even" by the end of 2002, but it is unlikely that
MandrakeSoft can remain unchanged during these next few months
without drastically cutting costs unless additional revenue is
generated quickly.
The company is hoping to generate that additional revenue through
memberships in the Mandrake Linux Users Club and Corporate Club.
Without these memberships (i.e. donations), MandrakeSoft will likely
have to take further staff cuts, with the company's various free
software developments being among the first things to go.
Could it really be true that the open source business model is
fundamentally broken, that the only way for an open source business of
any size to survive is by asking its users for tips? MandrakeSoft
claims that is not the case:
The company's long term prospect are very good, but we are still
paying for the "sins" of the previous management.
According to the posting, if MandrakeSoft can get past its current
short-term problems, it should be in good shape for the long run. One
can only hope that this claim is true. MandrakeSoft is perhaps the
most community-oriented of the large commercial distributors. The
company's openness to its users and commitment to free software are
unparalleled. If MandrakeSoft were to fail, or to change its
community-oriented approach, the community would suffer a great loss.
It will be a sad sign if a company that builds such high-quality
products and that is so responsive to its customers were not a viable
operation.
But, then, perhaps it is appropriate that the user community should be
asked to support this sort of corporation directly. Mandrake users
derive a real and substantial benefit from that distribution; it is
not too much to ask that they help fund its development. Making
donations to support the software that one uses makes all kinds of
moral sense. It is hard to see a viable way for users to contribute to
all the developers of all the free software they use. But helping out
a community-oriented distributor seems like a good start.
Supporting LWN. There's another community-oriented free software
business which could use your help: LWN.net. We, too, are facing a
short-term cash crunch and need some income to keep the site on the
air for the next few months while longer-term initiatives mature. To
that end, we have a couple of ways in which you, our readers, can help
out:
* Donations. Numerous readers have asked us over the last few months
whether we would accept donations. We may be distressingly slow in
responding to such an obviously good thing, but we eventually get
there. We're glad to announce our [33]donation page, where
interested readers can contribute to LWN via Paypal. Credit cards
may also be used for those who do not have their own Paypal
account.
* Advertising. LWN could use some more advertisers. If you have a
small business or other endeavor that you would like to advertise
on LWN, please have a look at our [34]self-service advertising
page. A small amount of money can yield a great deal of exposure
to LWN's readers.
We thank you, as always, for your support. Dealing with our readers
has always been the greatest reward of working on LWN.
Inside this LWN.net weekly edition:
* [35]Security: Significant zlib vulnerability; OpenSSH release;
Java VMs and Linux
* [36]Kernel: The IDE hostile takeover; taskfile and filtering;
ultra-fast kernel compiles.
* [37]Distributions: Debian Project Leader Elections; New - Arch
Linux; LFS 3.2 is out.
* [38]Development: GTK+ 2.0, GNOME 2.0b2, mpg321 0.2.9, Mozilla
0.9.9, Galeon 1.2, Gimp 1.3.4, Samba 2.2.3a, GnuCash 1.6.6,
oprofile 0.1, Valgrind memory debugger.
* [39]Commerce: HP Announces Global Consortium; Embedded Linux
Market enters era of standardization.
* [40]Letters: France and patents; SSSCA; AOL and Linux.
...plus the usual array of reports, updates, and announcements.
This Week's LWN was brought to you by:
* [41]Jonathan Corbet, Executive Editor
March 14, 2002
Sponsored Link
[42]Your Text Ad Here
Purchase your own text ad with our self-serve advertising system.
[43]Next: Security
[44]Eklektix, Inc. Linux powered! Copyright Л 2002 [45]Eklektix, Inc.,
all rights reserved
Linux (R) is a registered trademark of Linus Torvalds
References
1. http://lwn.net/
2. http://oasis.lwn.net/oasisc.php?s=2&w=468&h=60
3. http://lwn.net/2002/0314/security.php3
4. http://lwn.net/2002/0314/kernel.php3
5. http://lwn.net/2002/0314/dists.php3
6. http://lwn.net/2002/0314/devel.php3
7. http://lwn.net/2002/0314/commerce.php3
8. http://lwn.net/2002/0314/press.php3
9. http://lwn.net/2002/0314/announce.php3
10. http://lwn.net/2002/0314/letters.php3
11. http://lwn.net//2002/0314/bigpage.php3
12. http://lwn.net/daily/
13. http://linuxcalendar.com/
14. http://lwn.net/stocks/
15. http://lwn.net/Reviews/
16. http://lwn.net/Gallery/
17. http://lwn.net/archives/
18. http://lwn.net/op/headlines.phtml
19. http://lwn.net/op/Contact.html
20. http://lwn.net/2001/features/Timeline/
21. http://lwn.net/2001/features/oreilly2001/
22. http://lwn.net/2001/features/OLS/
23. http://lwn.net/2001/features/MandrakeSoft.php3
24. http://lwn.net/2001/features/KernelSummit/
25. http://lwn.net/2001/features/Singapore
26. http://lwn.net/2001/features/djbdns.php3
27. http://lwn.net/2002/0314/
28. http://lwn.net/2002/0307/
29. http://lwn.net//2002/0314/security.php3
30. http://www.php.net/usage.php
31. http://www.idg.net/ic_829012_4394_1-3921.html
32. http://www.linux-mandrake.com/en/mdkfuture.php3
33. http://lwn.net/corp/paypal/donate.php3
34. http://lwn.net/corp/advertise/text/
35. http://lwn.net/2002/0314/security.php3
36. http://lwn.net/2002/0314/kernel.php3
37. http://lwn.net/2002/0314/dists.php3
38. http://lwn.net/2002/0314/devel.php3
39. http://lwn.net/2002/0314/commerce.php3
40. http://lwn.net/2002/0314/letters.php3
41. mailto:lwn@lwn.net
42.
http://oasis.lwn.net/oasisc.php?s=2&c=5&cb=2025340455&url=http%3A%2F%2Flwn.net%2
Fmediakit%2Ftextad.php3
43. http://lwn.net/2002/0314/security.php3
44. http://www.eklektix.com/
45. http://www.eklektix.com/
--- ifmail v.2.14.os7-aks1
* Origin: Unknown (2:4615/71.10@fidonet)
Вернуться к списку тем, сортированных по: возрастание даты уменьшение даты тема автор
| Тема: |
Автор: |
Дата: |
|
URL: http://www.lwn.net/2002/0314/ |
Sergey Lentsov |
14 Mar 2002 18:30:52 |
|
|
