InternetNewas.com: “Hoping to pry a few fingers from Microsoft Corp.’s seemingly iron-clad grip on the market for e-mail software, Sun Microsystems, Inc. Wednesday unveiled StarOffice 6 to compete with the Redmond, Wash. firm’s ubiquitous Office product… In a nutshell, StarOffice 6 allows the creation of documents, spreadsheets and presentations on the Linux, Solaris and Windows platforms… including some with Microsoft’s Office import and export filters.
Opera releases 6.0 for Linux, supports Symbian Magpie
The Register writes “Opera Software announcements tend to hunt in packs, and this week is a prime example; in fact, we’ve got enough to be able to do a roundup. Heading the lineup today we have the release of Opera 6.0 for Linux, closely followed by 6.02 for Windows. These arrived before we’d even got around to writing up yesterday’s announcement of Opera support for Symbian’s Magpie (although we actually think that’s more interesting).”
Top MSFT foe dispenses Internet Explorer from official website
Astonished Reader writes “Connecticut Attorney General Richard Blumenthal, one of the loudest voices in opposing a settlement in U.S. v. Microsoft, has an official web page that encourages visitors to get and use Internet Explorer, according to this report on Linux and Main. The report says that Konqueror and Opera view the site without any problem, as long as they lie about what they are.”
ExtremeTech: Linux apps are ready for primetime
Manonthemoon writes: “ET has an article outlining major linux apps and why they are ready to take on Microsoft’s crap.
http://www.extremetech.com/article/0,3396,s=25209& a=26959,00.asp“
Category:
- Linux
Is Geodesic’s free gift helping Mozilla development?
– By Robin ‘Roblimo’ Miller –
Michael Spertus, of Geodesic Systems, has set up a free online demo version of his company’s Great Circle software, a real-time error detection and code diagnosis tool, specifically for Mozilla developers. He says Mozilla leaders have been “supportive,” but he has no way of knowing just how helpful Great Circle has been to the Mozilla development process.
The demo itself is rather interesting. It can pinpoint areas within Mozilla that account for some of the program’s largest problems, identifying them almost down to the offending line of code. Think of this as a mechanized aid to the idea of “many eyes make all bugs shallow” that allows human developers to skip the annoying step of reading through the millions of lines of code (literally) in Mozilla and go straight to some of the major bugs and fix them.
Michael Spertus, of Geodesic Systems, has set up a free online demo version of his company’s Great Circle software, a real-time error detection and code diagnosis tool, specifically for Mozilla developers. He says Mozilla leaders have been “supportive,” but he has no way of knowing just how helpful Great Circle has been to the Mozilla development process.
The demo itself is rather interesting. It can pinpoint areas within Mozilla that account for some of the program’s largest problems, identifying them almost down to the offending line of code. Think of this as a mechanized aid to the idea of “many eyes make all bugs shallow” that allows human developers to skip the annoying step of reading through the millions of lines of code (literally) in Mozilla and go straight to some of the major bugs and fix them.
Since the Mozilla Great Circle demo requires no login or other identification from users, Spertus has no way of telling how many Mozilla developers have accessed his site or what they have done with the information it has given them. “It’s hard to tell with the Mozilla community because it’s so decentralized,” he says. “I don’t actually know how much they have been using the tool.”
Spertus says he is willing to offer free downloads of a Mozilla-specific Great Circle version to Mozilla developers (if the announcement hasn’t been made by the time you read this, it’ll be along shortly), but has no immediate plans to release Great Circle free for other Free Software projects. Mozilla was selected — and the Linux version specifically — because Spertus himself is an ardent Linux and Mozilla user. But he never forgets, even for a second, that he is in the commercial software business, and that his money comes from selling software development tools to commercial software developers.
Selling to Linux developers is a recent move for Geodesic, something the company got into only about six months ago. The company has traditionally (and successfully) sold to Windows and Unix developers — the first Great Circle Unix version came out in 1996 — but Spertus says they are already selling enough Linux software that “Windows, Solaris, AIX, and Linux are roughly comparable” in unit sales, with versions for other flavors of Unix selling in much lower quantities than those for these four operating systems, which generate the bulk of Geodesic’s Great Circle sales.
If nothing else, this tells you that commercial software development for Linux is growing rapidly. People don’t buy development tools they don’t need if they plan to stay in business for long, and not many people go into business hoping to go broke — unless they’re in a Mel Brooks movie, anyway.
Amazon.com, for example, made a widely-publicized move to Linux last year. Spertus says Amazon is a major Geodesic customer that uses the Great Circle product to help develop their software, and notes that “Amazon runs a 60 day development cycle from concept to live, so they have to write clean code quickly.” Then, Spertus says, Amazon uses Geodesic’s Runtime Solutions to help that code run smoothly once it’s up.
The problem Spertus sees with Linux — and he’s been playing with Linux almost since the beginning, and was one of the coauthors of Coherent, a pre-Linux “Unix for PCs” — is that “Linux is rock-solid, but some of the applications are not so good.” He asks, “What good is a solid operating system if your apps crash twice a day?” He lauds IBM’s forays into self-healing servers, but points out that the IBM concept of “scripting responses to anticipated problems” is not the same as Runtime, which he describes as “not a diagnostic tool, but something you deploy with an application that automatically corrects errors.”
So Geodesic wants to sell Runtime Solution and Great Circle products to enterprise Linux users, and is using its free Mozilla help as a combination attention-getter and proof to prospective customers that their stuff actually works as advertised. NewsForge can’t argue with that. Our parent company, VA Software, provides SourceForge.net as a free service to Open Source developers, and also points to it as a successful example of a large-scale SourceForge deployment when talking to potential SourceForge commercial product customers.
We can’t comment about SourceForge sales here for obvious conflict of interest reasons, but Spertus says his plans to make Geodesic products hot-hot in the commercial Linux software development marketplace are moving along nicely; that the Great Circle product Mozilla developers get to use free typically sells for “$300 to $1000 per seat, depending on platform, support, and number of seats,” and notes that of all the company’s many platform-specific versions, “Linux is the least expensive.”
Why the favoritism toward Linux? Spertus says it’s the fastest-growing software development marketplace nowadays, and “we want to be aggressive about establishing ourselves there.”
Asked repeatedly whether he’d be willing to offer a free version of Great Circle to non-commercial Open Source and Free Software developers similar to what he’s offering to the Mozilla project, Spertus said he didn’t want to be pinned down or “make any promises.” But he didn’t rule out the possibility.
Indeed, something Spertus himself says repeatedly — that too many applications get 90% finished, and that Geodesic’s Great Circle software is perfect help for taking them the last bit of the way toward full usability — applies at least as much in the Free Software world as anywhere else, possibly even more so. But questions about where Free Software ends and commercial software begins are still not totally answered in any practical sense, and for people like Spertus who earn their livings writing software, it is no easier to give away their work than it is for an auto mechanic to work on cars all day for free instead of charging for his or her labor while this month’s mortgage is due.
Meanwhile, Mozilla development has been rapid recently, especially on the bug-squashing front. Perhaps some of that increased speed is due to Great Circle. We hope so. It’s certainly an advantage Mozilla developers have over Microsoft’s Internet Explorer developers, who are not getting free online development tools from Geodesic, and can’t expect to get any as long as Explorer’s source code is hidden from public view.
Greenpeace UK exchanges Windows for Linux
Anonymous Reader writes “silicon.com reports that environmental action group Greenpeace UK has transferred its mission-critical fundraising systems to a Linux-powered Java enterprise product from Red Hat.”
Category:
- Linux
GNOME 2.0 is about ready
Anonymous Reader writes “GNOME 2 will ship on time next month, Jeff Waugh tells Linux and Main. The article also has links to screenshots, code snapshots, and CVS access for anybody who wants a preview.”
Category:
- Open Source
Red Hat Linux Advisory: sharutils
Red Hat: “Updated packages for sharutils are available which fix potential privilege
escalation using the uudecode utility.”
escalation using the uudecode utility.”
---------------------------------------------------------------------
Red Hat, Inc. Red Hat Security Advisory
Synopsis: Updated sharutils package fixes uudecode issue
Advisory ID: RHSA-2002:065-13
Issue date: 2002-04-16
Updated on: 2002-05-14
Product: Red Hat Linux
Keywords: fifo symlink pipe output file handling uudecode
Cross references:
Obsoletes:
---------------------------------------------------------------------
1. Topic:
Updated packages for sharutils are available which fix potential privilege
escalation using the uudecode utility.
2. Relevant releases/architectures:
Red Hat Linux 6.2 - alpha, i386, sparc
Red Hat Linux 7.0 - alpha, i386
Red Hat Linux 7.1 - alpha, i386, ia64
Red Hat Linux 7.2 - i386, ia64
3. Problem description:
The sharutils package contains a set of tools for encoding and decoding
packages of files in binary or text format.
The uudecode utility would create an output file without checking to see if
it was about to write to a symlink or a pipe. If a user uses uudecode to
extract data into open shared directories, such as /tmp, this vulnerability
could be used by a local attacker to overwrite files or lead to privilege
escalation.
The Common Vulnerabilities and Exposures project (cve.mitre.org/) has
assigned the name CAN-2002-0178 to this issue.
Users should update to these errata sharutils packages which contain a
version of uudecode that has been patched to check for an existing pipe or
symlink output file.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
To update all RPMs for your particular architecture, run:
rpm -Fvh [filenames]
where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directory only contains the
desired RPMs.
Please note that this update is also available via Red Hat Network. Many
people find this an easier way to apply updates. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:
up2date
This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.
5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info):
6. RPMs required:
Red Hat Linux 6.2:
SRPMS:
ftp://updates.redhat.com/6.2/en/os/SRPMS/sharutils-4.2.1-2.6.x.src.rpm
alpha:
ftp://updates.redhat.com/6.2/en/os/alpha/sharutils-4.2.1-2.6.x.alpha.rpm
i386:
ftp://updates.redhat.com/6.2/en/os/i386/sharutils-4.2.1-2.6.x.i386.rpm
sparc:
ftp://updates.redhat.com/6.2/en/os/sparc/sharutils-4.2.1-2.6.x.sparc.rpm
Red Hat Linux 7.0:
SRPMS:
ftp://updates.redhat.com/7.0/en/os/SRPMS/sharutils-4.2.1-8.7.x.src.rpm
alpha:
ftp://updates.redhat.com/7.0/en/os/alpha/sharutils-4.2.1-8.7.x.alpha.rpm
i386:
ftp://updates.redhat.com/7.0/en/os/i386/sharutils-4.2.1-8.7.x.i386.rpm
Red Hat Linux 7.1:
SRPMS:
ftp://updates.redhat.com/7.1/en/os/SRPMS/sharutils-4.2.1-8.7.x.src.rpm
alpha:
ftp://updates.redhat.com/7.1/en/os/alpha/sharutils-4.2.1-8.7.x.alpha.rpm
i386:
ftp://updates.redhat.com/7.1/en/os/i386/sharutils-4.2.1-8.7.x.i386.rpm
ia64:
ftp://updates.redhat.com/7.1/en/os/ia64/sharutils-4.2.1-8.7.x.ia64.rpm
Red Hat Linux 7.2:
SRPMS:
ftp://updates.redhat.com/7.2/en/os/SRPMS/sharutils-4.2.1-8.7.x.src.rpm
i386:
ftp://updates.redhat.com/7.2/en/os/i386/sharutils-4.2.1-8.7.x.i386.rpm
ia64:
ftp://updates.redhat.com/7.2/en/os/ia64/sharutils-4.2.1-8.7.x.ia64.rpm
7. Verification:
MD5 sum Package Name
--------------------------------------------------------------------------
12f79cea5e757283428bfd5e7b0bc564 6.2/en/os/SRPMS/sharutils-4.2.1-2.6.x.src.rpm
e8af0b8d4a868cfdca38a423f58fdf12 6.2/en/os/alpha/sharutils-4.2.1-2.6.x.alpha.rpm
fb407a76a64f1ea713ed386b8201dcc8 6.2/en/os/i386/sharutils-4.2.1-2.6.x.i386.rpm
d878b93bb7fc4fe311f2bcdd94271baf 6.2/en/os/sparc/sharutils-4.2.1-2.6.x.sparc.rpm
230f45ad2b7e945fcf69c61e552b0aa7 7.0/en/os/SRPMS/sharutils-4.2.1-8.7.x.src.rpm
79e971f91f745358513faf93c8ac16bf 7.0/en/os/alpha/sharutils-4.2.1-8.7.x.alpha.rpm
38d89d89bb513d216b1a2a954be6d07b 7.0/en/os/i386/sharutils-4.2.1-8.7.x.i386.rpm
230f45ad2b7e945fcf69c61e552b0aa7 7.1/en/os/SRPMS/sharutils-4.2.1-8.7.x.src.rpm
79e971f91f745358513faf93c8ac16bf 7.1/en/os/alpha/sharutils-4.2.1-8.7.x.alpha.rpm
38d89d89bb513d216b1a2a954be6d07b 7.1/en/os/i386/sharutils-4.2.1-8.7.x.i386.rpm
4f9adbdbff849ee05d718e15121bafb0 7.1/en/os/ia64/sharutils-4.2.1-8.7.x.ia64.rpm
230f45ad2b7e945fcf69c61e552b0aa7 7.2/en/os/SRPMS/sharutils-4.2.1-8.7.x.src.rpm
38d89d89bb513d216b1a2a954be6d07b 7.2/en/os/i386/sharutils-4.2.1-8.7.x.i386.rpm
4f9adbdbff849ee05d718e15121bafb0 7.2/en/os/ia64/sharutils-4.2.1-8.7.x.ia64.rpm
These packages are GPG signed by Red Hat, Inc. for security. Our key
is available at:
http://www.redhat.com/about/contact/pgpkey.html
You can verify each package with the following command:
rpm --checksig <filename>
If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
rpm --checksig --nogpg <filename>
8. References:
http://www.aerasec.de/security/index.html?id=ae-200204-033&lang=enhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0178
Copyright(c) 2000, 2001, 2002 Red Hat, Inc.
Category:
- Security
States: Microsoft urged Linux retaliation
From Reuters:
“A Microsoft Corp. MSFT.O executive urged the company to quietly retaliate against supporters of the rival Linux operating
system in an August 2000 memo that nine states still suing the software giant want admitted as evidence.”
“A Microsoft Corp. MSFT.O executive urged the company to quietly retaliate against supporters of the rival Linux operating
system in an August 2000 memo that nine states still suing the software giant want admitted as evidence.”
RSA security rings up QRS deal
From Boston.internet.com:
“To safeguard business-to-business communications, encryption software from RSA Security ( NASDAQ:RSAS) will be be incorporated into the supply chain
management offerings of QRS (NASDAQ:QRSI).
“To safeguard business-to-business communications, encryption software from RSA Security ( NASDAQ:RSAS) will be be incorporated into the supply chain
management offerings of QRS (NASDAQ:QRSI).
Its RSA’s first major customer announcement since it disclosed plans to lay off about 200 workers, or 17 percent of staff in a bid to cap on operating
expenses.”