[LWN Logo]
[LWN.net]

Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise news for all interests


Sections:
 Main page
 Security
 Kernel
 Distributions
 On the Desktop
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

Other LWN stuff:
 Daily Updates
 Calendar
 Linux Stocks Page
 Book reviews
 Penguin Gallery

 Archives/search
 Use LWN headlines
 Advertise here
 Contact us

Recent features:
- RMS Interview
- 2001 Timeline
- O'Reilly Open Source Conference
- OLS 2001
- Gaël Duval
- Kernel Summit
- Singapore Linux Conference
- djbdns

Here is the permanent site for this page.

See also: last week's LWN.

Leading items and editorials


Turbolinux and Linuxcare call it off. The word went out on May 1 that the planned merger between Turbolinux and Linuxcare had been cancelled. The full story may never come out, but it seems to have come down to a disagreement over the relative value of the two companies. Neither company, of course, is worth what people once thought it was, and it was not possible to come to an agreement over what the valuations should be at this time.

This breakdown is going to be hard on Linuxcare. The company has lost important staff in the merger process, and the support business is proving rather harder than many had originally thought. Linuxcare will find itself short of staff, short of funds, and short of business. Not much fun.

Life may not be all that easy for Turbolinux either. The North American market has been a hard one to crack, and several companies have set their sights on Asia, Turbolinux's stronghold. There has been a distinct lack of press releases hyping high-profile Turbolinux cluster deployments. The "we're a software company" strategy appears to be having some difficulties.

And, in fact, it appears that Turbolinux is considering moving away from the distribution business and toward a more service-oriented model. LWN actually predicted this move back when the merger was announced. (Of course, we've predicted a lot of other things too, but we don't remind you of those...) Turbolinux is going to have to come up with a compelling strategy and set of products in a hurry, or life could get more difficult.

Why is the support business so hard? Not that long ago, the prevailing FUD was that Linux needed credible support options to succeed. After all, nobody was going to bet their job on the system without 24x7 support and toll-free numbers.

Linux has taken off, and the support options exist. So why are so few companies buying those support services? Perhaps there are far fewer important Linux deployments than people think. Without deployments, there is little need for support contracts. We don't believe it, though.

What if the truth were something else: what if Linux users simply do not need support? One of the nice things about Linux, after all, is that it simply works. It is also true that setting up Linux and making it work in a specific role requires a certain amount of Linux expertise. By the time you've figured out how to make it do what you need it to do, you know enough to keep it working.

And, for the times when external help is needed, it's still true that the best source of that help is the net. Searching out an answer or asking in the right forum can be faster and more effective than talking to a technical support call center employee - and cheaper.

Could it be that, in the end, technical support services are only needed for proprietary, black-box systems? When the source is free, the development directions are known, the bug lists are public, and anybody with the requisite skills can fix a problem, there is little need to buy expensive support services. Free software empowers its users to take responsibility for keeping their own systems going.

Another bad quarter at VA Linux. Last December, VA Linux Systems reported $56.0 million in quarterly revenue. Thereafter, with great disappointment, it produced its January, 2001 revenue figure: $42.5 million. At that time, the company suggested that revenues would fall further, perhaps even "under $30 million."

Did they ever. VA has just put out a press release stating that revenues for the quarter just completed would be in the range of $18 to $20 million. Under $30 million indeed. In other words, the money flowing into VA is one-third of its peak, and is back at levels last seen in 1999.

It looks bad; one might well wonder if we are seeing the death spiral of one of the oldest and most successful Linux companies.

Probably not. VA has gotten hammered, but the company is not necessarily doomed. Now is not a good time to be trying to sell technical infrastructure; nobody is buying. Even Cisco has seen a 30% fall in revenues. The dotcoms are no longer spending money like drunken sailors (they rather resemble badly hungover sailors these days), and the tighter economy has caused a lot of companies to stop spending. Companies like VA are highly exposed to this market; they benefitted from that exposure over the last few years, and it is hurting them now.

In other words, VA's problems are not inherent in its business model or Linux. It could have benefitted from a more diversified customer base, but the simple fact is that these are hard times.

VA remains a company with a strong brand, good products, and a staff full of top-tier Linux hackers. It also has money in the bank to keep it going for a little while yet. It will never have an easy life, the market is far too competitive for that. VA may also find itself to be an acquisition target as long as its stock price remains low. But, when the economy begins to pick up again, VA should be well positioned to come back.

S/390 Linux to power Banco Mercantil. Not all the news from the Linux business world is bad. IBM is expected to announce on Thursday, May 3, that Banco Mercantil, one of Venezuela's largest banks, will be deploying Linux on an S/390 mainframe. This installation thus becomes one of the first high-profile financial institution deployments for Linux.

Initially, the S/390 (running SuSE Linux) will be replacing some 30 NT boxes and handling fairly mundane tasks: file serving, domain name service, firewalling, and web serving. It will also take on some simple financial functions, such as allowing customers to check their account balances; this capability is helped by the "two cryptographic processors" in the S/390 system.

This step was a fairly easy one for Banco Mercantil to take - it already had the IBM mainframe in house. So it was just a matter of setting up the Linux partition and installing the SuSE distribution. The cleverness of IBM's strategy can be seen here: many banks and other large institutions have these mainframes. The S/390 port allows these institutions to dip their toes into Linux easily, and to experiment with moving their tasks and software over. It wouldn't be surprising to see more announcements of this variety in the near future.

SDMI followup. Last week's LWN Weekly Edition discussed the threats against professor Edward Felten, who was planning to present his paper on how he cracked the SDMI watermarking scheme. Prof. Felten, of course, decided not to present that paper, citing the expense and uncertainty of litigation as the reason.

Many people have pointed out that this development isn't quite the defeat that it seems (see, for example, this Salon article). The paper, of course, has already been published on the net, so the information is out there. Meanwhile Prof. Felton has shown the world, in a graphic way, that the Digitial Millennium Copyright Act is a serious threat to freedom of speech in the U.S. That demonstration may prove to be far more valuable than a presentation of his SDMI paper.

The DeCSS case reopens. One place where the withdrawal of the SDMI paper may have an effect is in the DeCSS appeal, for which testimony began on May 1. This case, of course, is based on the DMCA, so demonstrations of the DMCA's effect on freedom of speech are relevant. For coverage of how the testimony went, see this Wired News article, or this highly detailed Slashdot article. Predicting the outcome of these cases is always perilous, but this looks like it is going to be a tough battle.

Inside this week's Linux Weekly News:

  • Security: CylantSecure for Linux, vulnerabilities in gnupg, Bugzilla, KDEsu, and gftp.
  • Kernel: 2.4.4 wobbles out; dump and filesystem corruption; swap space management.
  • Distributions: Conectiva drafts a plan for measuring quality from a user perspective, a new distribution from Brazil crops up.
  • On the Desktop: XFce, GNOME Packaging Project, Sikigami, Mosfet returns.
  • Development: GLAME audio editor, X15 web server, Zope Book, Jxta series, dumbcode.
  • Commerce: Sony releases Linux for the PlayStation 2, TurboGenomics releases TurboBLAST.
  • History: VA Linux, Linuxcare in the past.
  • Letters: Free audio licenses; somebody to blame; desktop page gripes.
...plus the usual array of reports, updates, and announcements.

This Week's LWN was brought to you by:


May 3, 2001

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 On the Desktop
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

See also: last week's Security page.

Security


News and Editorials

CylantSecure for Linux. We generally don't profile new commercial products for Linux on this page, preferring to focus on Open Source products and solutions instead. However, the announcement of the availability of CylantSecure for Linux caught our eye for a couple of reasons.

The first reason, a quite positive one, was the approach being used by the product. Most of the current focus of intrusion detection systems look either at the input to the system (e.g., network connections, attack signatures) or the output from the system (file checksums, etc.). CylantSecure looks instead at the behavior of the system itself, producing a model for what the "normal" behavior of the CPU is, when in production use, and therefore detecting "abnormal" behavior and actively dropping connections or terminating processes that display abnormal behavior.

This was interesting to us because it, in many ways, resembles how a good systems administrator monitors a system, or would monitor a system, if they had the time to watch it closely 24 hours a day. The system administrator knows what the machine is used for, the people that use it and the behavior of the machine under normal load. Abnormal behavior means something needs to be fixed, whether the "something" is a security problem, a network problem, a disk problem, etc. So a security model that scientifically models the behavior that a system administrator "learns" as part of the job, was definitely of interest.

The second reason CylantSecure for Linux caught our eye, though, was its implementation. To be specific, its implementation includes the use of binary kernel modules, which gave us strong concerns. Linus has strongly deprecated the use of binary kernel modules even for device drivers, for many good reasons. The use of binary kernel modules to implement core functionality in a new security product was, in our opinion, a very bad idea. Fortunately, a phone interview with Cylant CEO and founder John Munson and Scott Wimer, their Director of Product Development, cleared up our concern, as we explain below.

Implementation. CylantSecure for Linux is implemented in four pieces. The first consists of two patches to the Linux kernel which modify the kernel data structure to allow the gathering of information about actions taken by the kernel, both the action taken and the process id associated with that action. This goes beyond just tagging system calls; the second of the two patches inserts instrumentation (new function calls) into over 3300 places in the kernel. The source code for these patches is fully available, and therefore not a concern. It is, however, large, running over 300K in size.

The second piece of CylantSecure consists of binary kernel modules which actually collect the data from the kernel, create profiles from it and pass information on to the third piece, a user-space process called "Watcher". We were very happy to learn from our interview with John and Scott that the source code for these modules will be released in the near future and that they were never intended to remain closed source. Currently the modules are going through a re-design. As soon as that re-design is complete and, as a result, the code is clean and maintainable enough to be a "worthwhile gift to the Open Source community", Scott assured us that the code would be released.

The remaining two pieces of CylantSecure are the Watcher, mentioned above, and the console management system. The management system may also be Open Sourced, but that decision has not yet been finalized. The Watcher program will remain closed source. In fact, a patent is pending on the techniques used in the Watcher program to model the system behavior. Software patent-watchers within the community will have to judge the virtue of this patent compared to the many other software patents that we have often deprecated, but it is certainly not quite the same as putting a patent on "point-and-click". Nonetheless, if someone believes there is already prior art for this patent, we would be interested to hear about it.

It should be noted that CylantSecure for Linux was primarily a proof-of-concept product; they chose the Linux kernel for their first project because it is an extremely large, complex and stable piece of software. The techniques used, though, are just as applicable to any other large software system, such as accounting systems, payroll, traffic analysis, any software system where reliability and security is essential. In fact, they are as applicable to ensuring reliable data input as to preventing intrusions.

But does it work? The folks at CylantSecure believe it does but state up front that they are engineers, implementing a scientific engineering principle, not security experts. They don't have a background in breaking into systems themselves. As a result, they have made a victim machine available and promised to give it to the first person that successfully "owns" the box. The box is running an unpatched installation of Red Hat Linux 6.2, so there are plenty of security holes available. The question is whether an attacker can gain access and keep it without being detected and shunted off the system by CylantSecure.

We'll be interested to hear about the results. No non-disclosures are required and they even have an IRC channel available to allow attackers to chat directly with their developers.

Overall, we found the new paradigm being explored very interesting and we are looking forward to seeing the reaction of the security community to their approach.

New Linux-targeted worm: lpdw0rm. SecurityFocus has released their analysis of a new worm, lpdw0rm. This particular worm is targeted at systems running unpatched versions of Red Hat Linux 7.0 that are running the LPRng service, one of the vulnerabilities that previous worms have also targeted.

Installing Red Hat's patch for LPRng (made available back in October) will prevent a system from being successfully attacked.

Predictable TCP initial sequence numbers. We first mentioned the problem of preditable TCP initial sequence numbers in the March 15th LWN Security Summary. The original report came from Guardent, a Massachusetts-based security firm who published the existence of the weakness, but not their own research on the topic. This week, more information was released.

  • A paper from Michal Zalewski entitled Strange Attractors and TCP/IP Sequence Number Analysis describing "the use of dynamical system methods to analyze and predict TCP initial sequence numbers".

  • Tim Newsham's paper on the topic, which Guardent has finally released.

  • CERT's advisory on the topic. "TCP initial sequence numbers were not designed to provide proof against TCP connection attacks. The lack of cryptographically-strong security options for the TCP header itself is a deficiency that technologies like IPSec try to address. It must be noted that in the final analysis, if an attacker has the ability to see unencrypted TCP traffic generated from a site, that site is vulnerable to various TCP attacks - not just those mentioned here. The only definitive proof against all forms of TCP attack is end-to-end cryptographic solutions like those outlined in various IPSec documents".
Meanwhile, Linux and OpenBSD (and FreeBSD, which has picked up the OpenBSD fix) were singled out in the CERT report as being the only TCP implementations to be relatively immune to the reported problem.

Security Hall of Shame: Tektronix. Elias Levy, moderator of BugTraq, found recent information posted about security vulnerabilities in the Tektronix Phaser Network Printer Administration Interface annoying enough to send out a personal comment on them. "This is not a major vulnerability. The only reason I bring it to your attention is because this is standard operating procedure for many companies. They release a products in the market with no or little security. When someone points this out to them they ignore him. When its pointed out in public they threaten to sue him. When they fix it they do it just as badly as the original security measure. And a few months latter the product is shown to be insecure once again".

What was it that caught Elias' attention enough to generate so much ire? The original report of this vulnerability was made in November of 1999. The vulnerability is severe enough that it can be potentially used to permanently damage the printer. Instead of resolving the actual security problems, Tektronix simply changed the URL that could previously be used for the attack by adding an underscore at the beginning and changing the ".html" suffix to ".shtml".

In addition, non-Tektronix posters had provided a workaround to improve the security of the printer, which Tektronix has since broken.

Of course, the potential impact of the vulnerability can be mitigated by keeping the printer behind a firewall and restricting access to the local network. Meanwhile, Tektronix does not believe that anyone actually cares about this vulnerability. For our part, we would expect any security-conscious site to remove Tektronix from their list of acceptable vendors, given the level of cluelessness and ineptness demonstrated in the way this vulnerability has been handled.

Call for Articles: SecurityFocus focuses on Incident Handling. SecurityFocus is developing articles for a planned series on Incident Handling, scheduled for publication from June onwards. If you are interested in provided an article for them, check their call for articles.

Security Reports

Zope Zclass security update. A new security bug has been found in all versions of Zope (up to and including 2.3.2) which can allow unauthorized access to a clever attacker. A patch is available which fixes the problem; sites running Zope should probably apply it soon.

gnupg 1.0.5 released with multiple security fixes. gnupg 1.0.5 was released on April 29th. Multiple security patches have been released against gnupg 1.0.4; this new release includes all of those patches, including fixes for the gnupg web of trust vulnerability and false positives from detached signatures. Of course, in addition to security fixes, other feature enhancements and bug fixes are included. An upgrade to 1.0.5 is recommended.

Remote vulnerabilities in Bugzilla. Bugzilla 2.12 has been released and contains fixes for a couple of security problems that could allow remote users to execute commands on the Bugzilla server under a non-root account. Workarounds are documented, but an upgrade to the new version is recommended. For more details, check both 2671 and 2670.

KDEsu tmplink vulnerability. KDEsu creates a world-readable temporary file to exchange authentication information and then deletes the file soon after. This allows a race condition under which the account of the local X user can be compromised. Fixes for the problem are included in kdelibs-2.1.2. The KDE Project recommends an upgrade both to kdelibs-2.1.2 and to KDE 2.1.1. For more details, check BugTraq ID 2669.

gftp format string vulnerability. gftp is a multi-threaded X-based ftp client. A format string vulnerability has been reported in gftp by Richard Johnson. The problem is fixed in gftp 2.0.8 and later. BugTraq ID 2657.

MandrakeSoft's rpmdrake tmplink vulnerability. Linux-Mandrake has issued an advisory and an updated package for rpmdrake, fixing a tmplink vulnerability in that package.

web scripts. The following web scripts were reported to contain vulnerabilities:

Commercial products. The following commercial products were reported to contain vulnerabilities:

  • The SAP R/3 Web Application Server Demo for Linux has been reported to be vulnerable to a local root exploit via the program saposcol (SAP Operating System Collector) which is installed setuid root. Both workarounds and updated versions of the program have been made available. BugTraq ID 2662.

Updates

NEdit temporary file link vulnerability. Check the April 26th LWN Security Summary for the original report. BugTraq ID 2627.

This week's updates:

Previous updates:

Multiple security fixes in OpenSSL-0.9.6a. OpenSSL-0.9.6a was announced last week and contains fixes for four security issues. An upgrade to the latest version is recommended.

This week's updates:

SAFT/sendfile broken privileges. Check the April 26th LWN Security Summary for the original report. The vulnerabilities can be exploited locally to gain root privileges. BugTraq ID 2631 and 2645.

This week, Florian Weimer pointed out that sendfile author Ulli Horlacher, released an updated version of sendfile in February which Florian indicated should correct the problems.

Previous updates:

Multiple FTP daemon globbing vulnerabilities. Check the April 12th LWN Security Summary for the original report.

This week's updates:

Previous updates:

ntp remotely exploitable static buffer overflow. An exploit for a static buffer overflow in the Network Time Protocol (ntp) was published on April 4th. This exploit can allow a remote attacker to crash the ntp daemon and possibly execute arbitrary commands on the host. Patches and new packages to fix this problem came out quickly. It is recommended that you upgrade your ntp package immediately. If you cannot, disabling the service until you can is a good idea. For more details and links to related posts, check BugTraq ID 2540.

This week's updates:

  • Engarde, updated advisory, includes i386 packages not included in the original advisory

Previous updates:

Zope security update. Digital Creations released a security update to Zope (all versions up to 2.3b1) fixing a security vulnerability in how ZClasses are handled the week of March 1st. An upgrade is recommended.

This week's updates:

  • Debian, previous update to Zope was seriously broken
Previous updates:

Resources

New Turbolinux Public Key. Turbolinux has updated their public key.

Security Breach Traced to Hole in Head of Admin (BBspot, humor). From BBspot to lighten your mood for the day, comes an article about a Security Breach in Linux and its source. "Work at Selby Communications ground to halt as their network server was wiped clean yesterday by a malicious virus. Security experts called in to investigate the incident discovered the virus exploited a hole in the head of Systems Administrator Matt Simmons".

vsftpd-0.9.0. Chris Evans announced the release of vsftpd-0.9.0 this week. vsftpd is a small, fast ftp server written from the ground up to be free of security holes and/or to mitigate the impact of potential security problems.

lcrzoex and lcrzo 3.10. New versions of the network test tools lcrzoex and lcrzo were released this week.

Events

Black Hat Briefings USA '01. A full announcement for the upcoming Black Hat Briefings USA, to be held July 11th-12th in Las Vegas, Nevada, USA, was released this week. "This year's topics include: Reverse Engineering, the Honey Net Project, the CVE, 802.11b WEP security, ICMP scanning, SQL security configuration, GSM and WAP security, and more".

Early Bird registration for NetSec. Early bird registration for NetSec2001 Network Security Conference ends May 4th. NetSec2001 will be held June 18th through the 20th in New Orleans, Louisiana, USA.

Upcoming Security Events.
Date Event Location
May 13 - 16, 20012001 IEEE Symposium on SecurityOakland, CA, USA
May 13 - 16, 2001CHES 2001Paris, France
May 29, 2001Security of Mobile Multiagent Systems(SEMAS-2001)Montreal, Canada
May 31 - June 1, 2001The first European Electronic Signatures SummitLondon, England, UK
June 1 - 3, 2001Summercon 2001Amsterdam, Netherlands
June 4 - 8, 2001TISC 2001Los Angeles, CA, USA
June 5 - 6, 20012nd Annual IEEE Systems, Man, and Cybernetics Information Assurance WorkshopUnited States Military Academy, Westpoint, New York, USA
June 11 - 13, 20017th Annual Information Security Conference: Securing the Infocosm: Security, Privacy and RiskOrlando, FL, USA.
June 17 - 22, 200113th Annual Computer Security Incident Handling Conference (FIRST 2001)Toulouse, France
June 18 - 20, 2001NetSec Network Security Conference(NetSec '01)New Orleans, Louisiana, USA.
June 19 - 20, 2001The Biometrics SymposiumChicago, Illinois, USA.

For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net.

Section Editor: Liz Coolbaugh


May 3, 2001

LWN Resources
Security alerts archive

Secured Distributions:
Astaro Security
Castle
Engarde Secure Linux
Immunix
Kaladix Linux
NSA Security Enhanced
Openwall GNU/Linux
Trustix

Security Projects
Bastille
Linux Security Audit Project
Linux Security Module
OpenSSH

Security List Archives
Bugtraq Archive
Firewall Wizards Archive
ISN Archive

Distribution-specific links
Caldera Advisories
Conectiva Updates
Debian Alerts
Kondara Advisories
Esware Alerts
LinuxPPC Security Updates
Mandrake Updates
Red Hat Errata
SuSE Announcements
Turbolinux
Yellow Dog Errata

BSD-specific links
BSDi
FreeBSD
NetBSD
OpenBSD

Security mailing lists
Caldera
Cobalt
Conectiva
Debian
Esware
FreeBSD
Kondara
LASER5
Linux From Scratch
Linux-Mandrake
NetBSD
OpenBSD
Red Hat
Slackware
Stampede
SuSE
Trustix
turboLinux
Yellow Dog

Security Software Archives
munitions
ZedZ.net (formerly replay.com)

Miscellaneous Resources
CERT
CIAC
Comp Sec News Daily
Crypto-GRAM
LinuxLock.org
LinuxSecurity.com
Security Focus
SecurityPortal
   

Sections:
 Main page
 Security
 Kernel
 Distributions
 On the Desktop
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

See also: last week's Kernel page.

Kernel development


The current kernel release is 2.4.4, which was released on April 28. This release contains, of course, the zero-copy networking code, and a number of other enhancements and bug fixes.

It also evidently contains some new bugs - the complaint level for 2.4.4 appears to be higher than with some of the other 2.4.x releases. The "run children first" change to the fork() system call (discussed in the April 19 LWN Kernel Page) seems to have caused quite a few problems, and it has already been reverted in Linus's 2.4.5pre1 prepatch. A number of other problems have been reported as well; people without a burning need to upgrade to 2.4.4 might just want to wait for 2.4.5.

As noted, Linus has since released 2.4.5pre1 with some additional fixes. Alan Cox, meanwhile, is at 2.4.4ac3 with a rather longer set of fixes.

Trashing your filesystem with dump. It has been known for a very long time that using dump to back up live filesystems can result in corrupt backups. It turns out that, with Linux kernels through 2.4.4, dumping a live filesystem has the potential to corrupt the filesystem in place, even if the dump process has no write access.

Alexander Viro reported the bug which makes this possible. It can happen only on SMP systems, and is not easy to trigger, but it is there. Essentially, if the filesystem allocates a new metadata block for the filesystem, and a separate process reads that block at the wrong time, the wrong data will be written back to disk. The fix is relatively straightforward, and has already been incorporated into 2.4.5pre1.

Linus pointed out an interesting little fact as part of this discussion: dump will not work correctly on 2.4-based systems in any case. The filesystem keeps quite a bit of useful information in the page cache - and will do so even more in the future. dump, however, works with the raw device, which deals with the buffer cache instead. The two are not always synchronized, and it is possible that dump will end up reading the wrong data. In case that's not clear enough:

So anybody who depends on "dump" getting backups right is already playing russian rulette with their backups. It's not at all guaranteed to get the right results - you may end up having stale data in the buffer cache that ends up being "backed up".

For now, there is really no easy way to fix dump for 2.4. If you're using it, this might be a good time to go looking for a different tool.

A 2.4 swap bug - maybe. A discussion of Linux swapping behavior turned to an interesting aspect of how the system handles swapping. Swap space, of course, is used to hold copies of pages which have been moved out of memory. It turns out that when a page is restored to main memory from swap, its slot in the swap file is not released. Thus, in some situations, Linux can "run out" of swap space even though much of that swap space is taken up by data that is not currently swapped out. According to Alan Cox, this behavior is forcing some large systems to remain with the 2.2 kernel.

At first blush, the proper course of action seems simple: when a page is swapped back into memory, its swap slot should be freed. As is often the case, though, life is not that simple. Some of the twists that come up here (as pointed out by Stephen Tweedie) include:

  • The system tries to group memory areas together in the swap file. Freeing swap slots individually would destroy that grouping, thus fragmenting the swap area. That, in turn, can lead to slower swapping performance.

  • Suppose you swap a page in, then, due to memory pressure, have to swap it back out again. If the page has not been modified, the copy on disk is still valid, and the page can be freed immediately. If, instead, the slot has been freed, the page must be written again.

  • The Linux virtual memory system does not make it easy to find all of the page table entries that are pointing to a particular page. When a particular process swaps in a page, its page table will be updated accordingly. But if other processes have page tables pointing to the swapped page, they will continue to point to the disk copy. Until all of those references are changed, the disk copy can not go away.

The proper solution, thus, would appear to be to retain the copy in the swap cache for as long as there is no real virtual memory pressure. Once things get tight, it's time to start throwing things away. In some cases, though, (such as the one where the swap copy of a page is valid), it may be better to toss out the memory copy of the page.

Moral: virtual memory is never simple.

SGI releases XFS 1.0. SGI has announced the release of XFS 1.0. The 2.4 kernel now has another journaling filesystem in a stable release state; XFS also offers a number of features for users with intense I/O bandwidth requirements. It claims to work with NFS, and comes with an installer for Red Hat Linux 7.1 systems.

Perhaps not wanting to be left out entirely, IBM has released JFS beta 3 release 0.3.0.

ECN enabled on kernel.org. The kernel.org FTP server has enabled ECN (the Explicit Congestion Notification protocol). If you find you're now having a hard time downloading that new kernel, there's a chance you're behind a broken firewall which doesn't handle ECN properly. See Jeff Garzik's ECN page for help if you find yourself in that situation.

Other patches and updates released this week include:

  • A group of students at Northern Michigan University has announced a set of benchmarks that were run on kernels from 2.0.1 through 2.4.0. They give a view as to how performance in a number of areas has changed over time.

  • A new Linux security module patch has been released by Greg Kroah-Hartman.

  • A new FreeS/WAN KLIPS2 design, meant to work well with netfilter, has been announced by Richard Guy Briggs. He's looking for feedback. Those who are not easily offended might also enjoy the Linux FreeS/WAN poster on his site.

  • Keith Owens has released a few new versions of the kdb kernel debugger which work with recent kernel releases.

  • Jeff Mahoney announced a large patch to ReiserFS which makes it work on big-endian systems.

  • Daniel Phillips has posted a patch to make his directory indexes work in the page cache. As with many of his patches, this one includes a lengthy discussion of what changes have been made and why; it makes for interesting reading on how the VFS works. Daniel subsequently released a pair of new patches, one of which works with Alexander Viro's "directories in the page cache" patch.

  • Jeff Dike has released a new version of user-mode Linux which works with 2.4.4 and contains a number of fixes.

  • Eric Raymond's CML2 patch is up to CML2 1.3.3.

  • Andreas Gruenbacher released version 0.7.11 of the access control list patch, quickly followed by version 0.7.12.

  • Matthew Wilcox has posted a description of what he thinks should be done with file locking in the 2.5 development series.

Section Editor: Jonathan Corbet


May 3, 2001

For other kernel news, see:

Other resources:

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 On the Desktop
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

See also: last week's Distributions page.

Lists of Distributions
distrowatch
ibiblio
Kernelnotes
Linux.com
LinuxLinks
Woven Goods

Embedded Distributions:
3ilinux
Bifrost
Blue Cat Linux
BluePoint Embedded
Compact Linux
Coollinux
DSPLinux
ELinOS
ELKS
Embedded Debian
Embedix
Etlinux
FlightLinux
Hard Hat Linux
Jailbait
Linux/Coldfire
LEM
Midori
NeoLinux
OnCore Systems
PeeWeeLinux
RedBlue Linux
RedIce-Linux
Royal Linux
RTLinux
Tynux
uClinux
White Dwarf Linux

Handhelds/PDAs
Agenda-VR
Familiar (iPAQ)
Intimate (iPAQ)
Linux DA
PocketLinux
PsiLinux

Secured Distributions:
Astaro Security
Castle
Engarde Secure Linux
Immunix
Kaladix Linux
NSA Security Enhanced
Openwall GNU/Linux
Trustix

Special Purpose/Mini
2-Disk Xwindow System
Mindi Linux
SmoothWall

Floppy-based
Brutalware
BYLD
Coyote Linux
DLX
Fd Linux
Fli4l (Floppy ISDN/DSL)
floppyfw
Floppix
FREESCO
Linux in a Pillbox (LIAP)
Linux Router Project
LOAF
muLinux
Nuclinux
Proxyfloppy
ShareTheNet
Small Linux
Tomsrtbt
Viralinux_II

CD-based
BasicLinux
BBLCD Toolkit
CDLinux
Crash Recovery Kit
DemoLinux
Devil-Linux
Finnix
Gibraltar
innominate Bootable Business Card
Linuxcare Bootable Business Card
LNX-BBC
MkCDrec
RunOnCD
Sentry Firewall
SuperRescue
Timo's Rescue CD
Ututo
Virtual Linux

Zip disk-based
NBROK
ZipSlack

Small Disk
hal91
MicroLinux
--> Peanut Linux
PKLinux
Relax Linux
TA-Linux
Tomukas
ttylinux
VectorLinux

Wireless
Bambi Linux
Flying Linux

Hardware-specific
(ARM)
ARM Linux
(Beowulf)
Scyld Beowulf
(IBM)
Think Blue Linux
(Oracle's NIC)
NIC Linux
(PA-RISC)
PA-RISC Linux
(Playstation)
Runix
(PowerPC)
Black Lab Linux
LinuxPPC
MkLinux
Yellow Dog
(Sparc)
Splack
UltraLinux
(Older Intel)
ClarkConnect
Monkey Linux
TINY

DOS/Windows install
Armed Linux
DragonLinux
Phat Linux

Diskless Terminal
GNU/Linux TerminalServer for Schools
K12LTSP
LTSP
Pygmy
Xdenu

Distributions


Please note that security updates from the various distributions are covered in the security section.

News and Editorials

Conectiva's Snapshot and quality measurements. Conectiva provides access to a snapshot version of Conectiva Linux, containing all the current development work for the next release. As part of that process, they have put together a method for "measuring" the quality of the snapshot from a user's point of view (rather than from the developer's point of view, which is expected to be quite different).

They sent to us this explanation of the snapshot measurement, which depends heavily on input from users. In fact, one of their assumptions is that if users are affected by a bug, they will report it to the bug tracking system. For the stable version of a distribution, this would be a rather unsafe assumption. Hopefully, though, people brave enough to work with a development snapshot probably want the opportunity to air the problems that they find.

In any case, any type of quality measurement is interesting. As long as the measurement consistently improves as the distribution improves and degrades as the quality of the distribution degrades, then it will have some long-time value.

Check out their snapshot page to see how they currently rate their own snapshot. They've got a ways to go to get it to a level acceptable by their own standards. Of course, it is good to have goals that challenge you! Do note that the snapshot quality measurement process is currently in draft form.

PPC Linux news: Jason Haas quits, Yellow Dog 2.0 is coming. LinuxPPC co-founder Jason Haas has announced his resignation, and, indeed, his retirement from the computer world. You did a lot of good work, Jason, you'll be missed.

Terra Soft Solutions, meanwhile, has announced that Yellow Dog Linux 2.0 will be demonstrated at the Macintosh Business Expo.

ROCK Linux 1.4.0. The ROCK Linux 1.4.0 stable release is out. It includes a great many updates, including the 2.4.3 kernel. Although this is a stable release, it comes with a caveat: "ROCK Linux 1.4.0 is _intended_ for production usage, but given that it's a dot ohh!? (.0) release, you might proceed with care while we hold tight to the brown paper bags".

For more information on Rock Linux, check the April 5th Distributions Page, which contains a link to the distributions survey for Rock Linux.

Rock Linux 1.4.1 is promised in the near future and will include support for non-Intel platforms (which were not shipped with 1.4.0).

New Distributions

Console Linux. Thanks to Andre Leao Macedo for giving us a pointer to Console Linux, a new Linux distribution out of Brazil. The available information is in Portuguese. The distribution is based on Red Hat Linux and remains tied to Red Hat, promising 100% compatibility with Red Hat while providing Portuguese versions of the distribution and installer.

Here is one rough quote from the site, translated using Babelfish and some guesses: "The Linux Console was created as the the result of a dream, the belief that open software is the only way to improve the technological growth in the area of computer science in Brazil. Stimulating new minds will not happen just in the classrooms, but also in on-line communities, thus allowing more Brazilians to develop their creativity and help democratize this area of Brazil". [Note that all translation errors are the fault of this editor, please accept my apologies in advance.]

Distribution News

Red Hat News. In addition to security-related updates for Red Hat (which are covered in the security section), Red Hat also released a slew of bug-fixes recently. Below is a list of them with some information on their relevance:

In Red Hat Linux:

  • New wireless-tools packages were released to fix a conflict between the packages and later kernels. The wireless-tools package supports the use of wireless networking products. Only Red Hat Linux 7.0 is affected.

  • New mouseconfig packages were released to fix a problem in Red Hat Linux 7.1 where support for mouse devices other than /dev/mouse was only partially complete. This will only impact people running mouseconfig after the installation process is complete.

In Red Hat Powertools:

  • New radvd packages were released to fix problems with radvd failing to start properly. In addition, radvd no longer runs as root, which may also close potential security holes. radvd is the router advertisement daemon for IPv6.

  • New FileRunner packages were released to provide help files which were missing. FileRunner is a simple file manager with built-in FTP support.

  • New logcheck packages have been released that are now LSB-compliant. Configuration options have been removed from the shell script into a file called /etc/logcheck. Logcheck monitors the system log files for potential security violations.

  • New ace-rhcn packages have been released, fixing minor errors that caused some of the games in the package to segfault when started. The ace-rhcn package, also known as the "Ace of Penguins", is a set of solitaire games.

  • xferstats, a package that compiles information about file transfers based on information in the logfiles, now has a new location for its configuration file.

  • New CBB packages have been released to fix permissions problems on some of the perl scripts. CBB is a personal financial management package written in Tcl/Tk and (apparently) Perl.

Debian News. A new version of dpkg was released this week, closing 90 bug reports. Many additional enhancements and new features are included as well.

The Debian Project will be exhibiting at two upcoming events, the Multimedia-Market in Stuttgart, Germany, May 2nd through the 4th and the Braunschweiger Linux-Tage in Braunschweig, Germany, May 4th through the 6th. This will provide an excellent opportunity to talk with Debian members, particularly the speakers, Peter Ganten, Thomas Lange and Martin Schulze.

A new Kernel Cousin Debian Hurd was published this week and includes discussion about what would be required to allow the Debian Hurd to join the upcoming release plans for Woody as an official Debian platform. No new Kernel Cousin Debian has been published since March 28th.

Slackware News. No changes were recorded to the Intel or Alpha Changelogs this week, but the Sparc port finally got the upgrade to XFree86 4.0.3, along with a host of other small updates or fixes to maintain compatibility with the updated XFree86.

Linux-Mandrake News. A summary of printing improvements in Linux-Mandrake 8.0 talks a bit about CUPS and other new features.

Other comments on Linux-Mandrake 8.0 include a glowing report on the new firewall wizard, as well as links to several reviews of the new distribution from a variety of sources.

ASPLinux News. Last week, we erroneously reported that ASPLinux 7.1 had already been released. This was incorrect. Unfortunately, there is a numbering difference between the Russian versions of ASPLinux and the Singapore versions of ASPLinux. The Russian ASPLinux 7.1 is functionally equivalent to the Singapore ASPLinux 7.0. The Singapore ASPLinux 7.1 is due out within the next three weeks and they promise it will be both different and more comprehensive than their release of ASPLinux 7.0.

NBROK News. NBROK 0.5 was released this week. This is the first "stable" version of NBROK to be released. NBROK is based on Slackware and tailored to run off of a ZIP drive.

SuperRescue CD News. A minor update to SuperRescue CD, version 1.3.1a, was released this week. It contains minor bugfixes.

RT-Linux News. RT-Linux has announced support for several multi-processor PowerPC machines, including the dual G4 PowerMacs and the dual and quad IBM RS/6000 systems. SynergyMicro multiprocessor PowerPC boards will also be supported in the near future.

Section Editor: Liz Coolbaugh


May 3, 2001

Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.


Leading
Caldera OpenLinux
Debian GNU/Linux
Linux-Mandrake
Red Hat
Slackware
SuSE
TurboLinux

Also well-known
ASPLinux
Best Linux
Conectiva Linux
e-smith
Kondara MNU/Linux
Progeny
Rock Linux

Non-technical desktop
easyLinux
Icepack Linux
Independence
LibraNet
Redmond Linux
WinSlack

Education
Boston University
kmLinux
LinuxFromScratch
OpenClassroom
Red Escolar

General Purpose
Alzza Linux
aXon Linux
Bad Penguin Linux
BearOps
Black Cat Linux
BluePoint Linux
BYO Linux
CAEN Linux
Cafe Linux
ChainSaw Linux
Circle MUDLinux
cLIeNUX
Complete Linux
Console Linux
Corel Linux
CRUX
Darkstar Linux
DLite
easyLinux
Elfstone Linux
ESware Linux
Eurielec Linux
eXecutive Linux
Fried Chicken
FTOSX
FullPliant
Gentoo
Go!Linux
HA Linux
Halloween Linux
HispaFuentes
IceLinux
Ivrix
ix86 Linux
J-LINUX
JBLinux
Jurix
KRUD
KSI-Linux
Lanthan Linux
Laonux
LASER5
Leetnux
Linpus Linux
Linux Cyrillic Edition
Linux MLD
LinuxOne OS
LinuxPPP
Linux Pro Plus
Linux-SIS
LNX System
LoopLinux
LSD
Lute Linux
MageNet
Mastodon
MaxOS
minilinux
MSC.Linux
nmrcOS
NoMad Linux
Omoikane GNU/Linux
PingOO Linux
Plamo Linux
PLD
Project Ballantain
PROSA
Rabid Squirrel
Repairlix
Root Linux
Scrudgeware
Serial Terminal
Sorcerer
spyLinux
Stampede
Stataboware
TechLinux
TimeSys Linux/RT
Tom Linux
Trinux
Turkuaz
Ute-Linux
VA-enhanced Red Hat
Vine Linux
Virtual Linux
WholeLinux
WinLinux 2000
XTeamLinux
ZipSpeak

Country-specific
Argentina
GNU/Linux Ututo
Britain
Definite Linux
Eridani
China
COSIX
Red Flag
France
Linux/MNIS
Italy
LinuxEspresso
Madeinlinux
Vedova
Spain
Linux Esware
Thailand
Kaiwal Linux
Thai Linux Extension

Related Projects
Chinese Linux Extension

Historical (Non-active)
Dualix
Gentus
Giotto
MCC Interim Linux
OS2000
Storm Linux
Yggdrasil

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 On the Desktop
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

See also: last week's On the Desktop page.


Note: An asterisk (*) denotes a proprietary product, (w) denotes WINE based tools.

Office Suites
Ability (*)(w)
Anywhere Desktop (*)
(formerly "Applixware")
GNOME Office
HancomOffice
KOffice
StarOffice / OpenOffice
Siag Office
WordPerfect Office 2000 (*)(w)

Java / Web Office Suites
ThinkFree Office (*)
Teamware Office (*)
Cybozu Office (*)

Desktop Publishing
AbiWord
iceSculptor (*)
Impress
Maxwell Word Processor
Mediascape Artstream (*)
Scribus

Web Browsers
Mozilla
Netscape (*)
Opera (*)
Konqueror
Galeon

Handheld Tools
KPilot
JPilot
Palm Pilot Resources
Pilot Link
SynCal

On The Desktop


This week, MoonGroup.com interviews Olivier Fourdan, creator of the [XFce] XFce desktop environment. "Xfce is very easy to configure since all common settings are managed thru graphical tools, using the mouse. However, Xfce is definitely not a clone of CDE. For me, a clone is just like Lesstif and Motif. You can use one in place of the other. But you don't consider GNOME or KDE as clones of windows, do you?"

So, what are XFce's strong points and what distinguishes it from other desktop environments? The XFce project home page claims that it is a fast, lightweight, and efficient system, and it is appealing to the eyes. Perhaps more to the point: "I believe that the desktop environment should be made to increase user productivity. Therefore, the goal is keep most system resources for the applications, and not to consume all memory and CPU usage with the desktop environment". Another interesting goal of XFce is to perform all desktop configuration with the mouse; configuration files are hidden from the user. This certainly separates it from older lightweight windowing environments such as fvwm2 and twm.

XFce supports themes and comes with a reasonably full list of utility applications. Virtual screens and multiple pop-up menus are included as are support for multi-byte character sets and 18 language translations. Version 3 of XFce is GTK+ based, so running Gnome applications on it should be simplified. XFce is apparently going for the middle ground between the older, simple window managers and the big, full-featured systems like KDE and Gnome.

If you have an inclination to try it out; version 3.8.1 of XFce was just released on April 29, 2001. (Thanks to Joseph J Klemmer.)

Desktop Environments

The 'people' behind KDE: Konqi. The "People Behind KDE" series continues with this interview with Konqi the dragon, the KDE project's mascot. "When I was young I wanted to be a fireman, but I dropped that idea when they explained to me that fireman don't actually make fires. Firemen put fires out instead of making them."

April 27 GNOME Summary. The GNOME Summary for April 27 is out. It covers the Ximian GNOME 1.4 release, the "Eazel Pal" program, and several other topics.

Announcing the GNOME Packaging Project. Gregory Leblanc launched the GNOME Packaging Project in order to package binaries of GNOME. Volunteers are needed.

Embedded GNOME - Sikigami. There is an embedded GNOME project going on in Japan called Sikigami, which means daemon in old Japanese.

Mosfet.Org: New MegaGradient Widget Style. Mosfet is back and has released a a new funky widget style, dubbed MegaGradient. Mosfet is well-known for his previous work on KDE2. He also notes on his homepage that he has recently got a life, has left MandrakeSoft (amicably) and is looking for a new job, preferably allowing him to continue his work in the Linux/KDE area. Congratulations and best of luck, Mosfet.

You can't always get what you font (ZDNet). ZDNet's Evan Leibovitch talks about his pet peeve regarding the Linux desktop. "As someone who's been using Linux as my primary workstation OS since the days of Caldera Network Desktop 1.0 (circa 1995) and its Looking Glass GUI, I don't just have one Linux desktop frustration; I have a list. At the top of that list is the ghastly manner in which Linux systems implement fonts."

Office Applications

AbiWord Weekly News #41. The April 27, 2001 edition of the AbiWord Weekly News is out. This week's news includes the release of AbiWord 0.7.14, bug prioritization, and download stats.

Desktop Applications

Opera for Linux beta 8 now available. Opera 5.0 beta 8 has been released. Opera is a commercial web browser that is available in freely-useable version (with an embedded sponsor ad) or a paid/registered mode.

Miscellaneous

Omni Printer Driver version 0.1.2. A new release of the Omni printer driver is available as of April 26, 2001. This release features a fix in the newFrame logic for each device class.

Interview: Frank Hecker (OpenOffice.org). OpenOffice.org's Louis Suárez-Potts interviews Frank Hecker, one of the key people behind the open-sourcing of Netscape's code. "Over time I became very frustrated with the traditional proprietary software development model, where all development had to be done inside the company and the only developers who had access to source code were members of the internal engineering groups."

Section Editor: Michael J. Hammel


May 3, 2001


Note: An asterisk (*) denotes a proprietary product, (w) denotes WINE based tools.

Desktop Environments
GNOME
GNUstep
KDE
XFce

Window Managers (WM's)
Afterstep
Enlightenment
FVMW2
IceWM
Sawfish
WindowMaker

Minimalist Environments
Blackbox

Widget Sets
GTK+
Qt

Desktop Graphics
CorelDRAW (*)(w)
GIMP
Kontour
Photogenics (*)
Sketch

Windows on Linux
WINE
Win4Lin
VMWare

Kids S/W
Linux For Kids

Send link submissions to lwn@lwn.net

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 On the Desktop
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

See also: last week's Development page.

Development projects


News and Editorials

GLAME, the Gimp of Audio Processing

A new stable version of GLAME, version 0.4.0, was released on April 26, 2001, just over a year after the last stable release, GLAME 0.2.0.

[GLAME] The GLAME homepage states: "GLAME capabilities now include multi-track editing, hierarchical organisation of tracks in to projects and groups, and graphical wave editing. The graphical filter network editor has seen lots of improvements in the past months and can be used to compose new filters from elementary plugins up to almost arbitrary complexity. Sound data is backed by on-disk storage to allow editing of tracks larger than available memory. Threading and zero-copy operations inside the filter network allow for efficient processing of audio streams." GLAME's primary developer is Richard Günther, with help from a team of developers. GLAME is licensed under the GPL license.

The GLAME 0.4.0 announcement has been covered on gnome.org and has been listed on Freshmeat, where the code is available for download.

The GLAME Manual sheds some light on the capabilities of GLAME. GLAME supports numerous sound systems including ALSA, OSS, ESD, and native SGI. The common .wav file is the default format; other formats can be added with user-supplied helper libraries.

GLAME has both a graphical and console based frontend. The GLAME graphical frontend has a main control window, a Wave Editor, and a Filterwork Editor, which allows audio filters to be graphically constructed from component parts. The Wave Editor has the usual oscilloscope audio display with support for cut/paste/delete operations. The Filterwork Editor appears to be where the real power of GLAME resides, with complex groupings of component filters being possible via simple mouse clicks. Similar to the GIMP, GLAME has been designed with extensibility in mind; user-supplied plug-in audio filters are supported.

The console interface, cglame, provides a Guile-based scripting capability that allows for filters to be connected together via code.

In all, GLAME 0.4.0 looks like an important new addition to the list of open-source audio processing tools. We hope that the project continues to grow and has the same success that the GIMP has had.

Education

Linux in education report for April 30. Here's the latest Linux in education report. There's an online test bank that need testing, discussions about GRASS and other Free GIS software, and much more.

Mail Software

Mailman 2.0.4 released. Version 2.0.4 of Mailman, the GNU Mailing List Manager has been released. This version fixes some bugs in version 2.0.3 relating to Python 2.1 compatibility problems.

TMDA 0.10 anti-spam software. Version 0.10 of TMDA, a Python-based anti-spam package, is now available. This release contains bug fixes and removes dependency on the amkCrypto package.

Network Management

OpenNMS Update. The OpenNMS Update for May 1 is out with the latest from the network management scene. It includes the 0.7.4 stealth release, an OpenNMS consulting position that is open, and more.

Science

FreePM-0.9.0b released (Linux Med News). Linux Med News reports on the release of FreePM version 0.9.0b. FreePM is an open-source medical practice management package. This version features a more mature template system, report examples and dynamic PDF generation.

Web-site Development

X15 web server alpha release. Fabio Riccardi has released X15, a web server which, he claims, is as fast as TUX (currently the record holder), but which, unlike TUX, runs entirely in user space. Mr. Riccardi is especially interested in hearing from people who can test X15's performance on high-end systems.

Zope for the Perl/CGI programmer (developerWorks). IBM developerWorks presents Zope for the Perl/CGI programmer. "A parallel between traditional CGI and Zope occurred to me today: if you moved from C programming to Perl, you certainly remember how nice it was to work with strings under Perl as opposed to managing the memory buffers and pointers you need to do the same thing with C. The move from CGI to Zope also abstracts away a lot of the system detail that has nothing to do with the business of running Web sites. I think you'll like it."

Zope 2.3.2 released. Zope 2.3.2 has been released. This is a bugfix release which contains no new features of note. Note that it was quickly followed by a security update which needs to be applied to 2.3.2 and earlier versions to prevent unauthorized access.

Also out is the rough draft version of the Zope Developer's Guide.

'The Zope Book' is finished. The final version of The Zope Book, by Michel Pelletier and Amos Latteier, is now available. It will be published by New Riders, and should show up on the shelves in a couple of months; meanwhile, the online version is available now.

Window Systems

SECURITY: New KDE Libraries Released. Now its official. The new KDE libraries have been released. Besides fixing the KDEsu security exploit, those who use Konqueror will be happy to know that the "protocol for http://x.y.z died unexpectedly" bug has also been fixed.

Word Processors

AbiWord Weekly News. The AbiWord Weekly News has been reincarnated and promises a new layout and more weekly features. More information on bug status is included, recognizing that the average person doesn't browse the bug database on a regular basis. In addition, they are taking nominations for the most important bugs to be fixed before the 0.9.X and 1.X releases come out.

LyX Development News. The April 25 LyX Development News is out, with the latest from the LyX community.

Section Editor: Forrest Cook


May 3, 2001


Application Links
GIMP
Mozilla
Galeon
High Availability
ht://Dig
mnoGoSearch
MagicPoint
Wine
Worldforge
Zope

Open Source Code Collections
Berlios
Freshmeat
OpenSourceDirectory
Savannah
Le Serveur Libre
SourceForge
Sweetcode

   

 

Programming Languages


Caml

Here is the Caml update from David Mentré, which, this week, concerns itself with the FORT regression testing framework.

C++

RunTime: High-performance programming techniques on Linux and Windows 2000 (IBM developerWorks). In the first in a series of IBM developerWorks articles, Edward G. Bradford compares the performance of Linux and Windows running C++ code. "In this new series of articles, I'll focus on high-performance programming techniques for the Linux and Windows 2000 operating systems. I'll show you useful and efficient programming practices solving the same problems on Linux and Windows 2000. Once solved, we'll measure at least one aspect of the performance of each platform. A variety of performance testing scripts and programs will demonstrate the speed of operating system features. The goal is to show how to get the best possible performance from each operating system and, as an aside, compare the performance of the two platforms."

Java

O'Reilly series on Jxta. Coinciding with the Jxta announcement from Sun, O'Reilly has published as a series of Jxta articles.

Lisp

LISA 0.8 available. From the better late than never department, a new version of LISA, the Lisp-based Intelligent Software Agents, was released on April 18. This version provides two important features: most of the support necessary for reasoning on instances of CLOS objects, and a syntax change in the DEFRULE macro that will allow the specification of things such as salience, containing module, etc.

Perl

Perl 5 Porters for April 29, 2001. The April 29, 2001 edition of the Perl 5 Porters is out. Topics this week include B::Deparse Hackery, Underscores in constants, Licensing Perl modules, M17N and POD, Regexp dumping, and more.

PHP

PHP Weekly Summary for April 30, 2001. The April 30, 2001 edition of the PHP Weekly News is out. Topics this week include Unix paths, a new SDL extension, a WDDX extension fix, a PHP 4.0.5 RC 8 release, and more.

PHP 4.0.5 released. Version 4.0.5 of PHP is now available for download. The changelog details the many bug fixes and other changes. New features include output compression, experimental FastCGI support, and improved thread-safe operation.

Common PHP Installation Problems (O'Reilly). Darrell Brogdon discusses common PHP installation problems in an O'Reilly ONLamp article. "What? You mean PHP isn't perfect?! Well, as a language it almost is, but installing it can be a bear for the inexperienced. So let's take a look at what might happen and try to keep that blood pressure down, will ya?"

Python

This week's Python-URL. Dr. Dobb's Python-URL for April 30 is out, with the latest interesting tidbits from the Python development community.

Python-dev Summary. The Python-dev Summary for April 25 is out. It covers the new iterator implementation, class methods, and other topics of interest to the Python development community.

Java-Python Extension beta. The first beta release of JPE, the Java-Python Extension has been announced:

JPE is at once:
- A Python module (named 'java') providing access to all Java services from Python
- A Java package (named 'python') providing access to all Python services from Java

Shell Scripts

dumbcode.org: live fast, die young, and leave zombies. Described by the folks at NTKnow as the moshpit freshmeat, dumbcode.org is now up and maintaining a collection of useful utility scripts. "If you've never been here, dumbcode is the only archive for really bad or worthless open source software, outside of /home/*/bin."

A Bastard Operator from Hell would certainly have fun with the rroulette command:
Description: Perl script that kills a random process every 23 seconds. Best run as root.
Pros: Adds a thrilling sense of uncertainty and anticipation to the coding day.

Tcl/Tk

Dr. Dobb's weekly Tcl-URL! Summary. The latest summary of the Tcl development world has been posted in Dr. Dobb's Tcl-URL!.

e4Graph 1.0a3 released. Version 1.0a3 of e4Graph has been announced. "e4Graph is a package for efficient persistent representation and manipulation of graph-like data. Using it you can concentrate on representing the data you care about and its relationships, rather than on the storage layout or persistence mechanism."

XML

Produce WBMP for any platform (IBM developerWorks). Bilal Siddiqul writes about Wireless Bitmap programming in an IBM developerWorks article. "WBMP (Wireless BitMap) is the format for images in the WAP (Wireless Application Protocol) specification. WML (Wireless Markup Language) cards use this format to show images on WAP sites. In this article we will study this format and generate WBMP images from XML data through JSP and JavaBeans."

Section Editor: Forrest Cook

 
Language Links
Caml
Caml Hump
Tiny COBOL
Erlang
g95 Fortran
Gnu Compiler Collection (GCC)
Gnu Compiler for the Java Language (GCJ)
Guile
Haskell
IBM Java Zone
Jython
Free the X3J Thirteen (Lisp)
Use Perl
O'Reilly's perl.com
Dr. Dobbs' Perl
PHP
PHP Weekly Summary
Daily Python-URL
Python.org
Python.faqts
Python Eggs
Ruby
Ruby Garden
MIT Scheme
Schemers
Squeak
Smalltalk
Why Smalltalk
Tcl Developer Xchange
Tcl-tk.net
O'Reilly's XML.com
Regular Expressions
   

Sections:
 Main page
 Security
 Kernel
 Distributions
 On the Desktop
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

See also: last week's Commerce page.

Linux and Business


Sony releases Linux for the PlayStation 2. Thanks to Maya Tamiya we got the scoop on Sony's announcement of a Beta Release 1 of its PlayStation 2 Linux Kit. The kit includes a DVD with software (some open source and some proprietary), a 40GB hard drive, keyboard and mouse. The open source software includes a Red Hat based OS using a 2.2 kernel. It's also Ethernet ready. The Sony kit should be available in Japan in June. SonyPS2

Priced at 25,000 Yen (just over $200 USD at current exchange rates), this package isn't exactly cheap as beta products go, but it might well be worth the price to developers and people looking for a low end way to learn Linux. This machine is not just for playing games on, though it certainly can be used for that. It could, potentially be turned into a TV recorder, web browser or movie player, just for starters. Some of that will be limited by the proprietary software, but my guess is that Sony is counting on developers taking it apart and turning it into other things, with just enough proprietary bits that they'll get a piece of the pie when some Sony PlayStation-based must-have-toy sweeps the market.

TurboGenomics releases TurboBLAST. TurboGenomics has announced the release of TurboBLAST, a genetic sequencing tool. This product may be one of the first commercial packages for Beowulf clusters: "Initial benchmarks of TurboBLAST on a network of 11 commodity PCs running Linux reduced a month-long BLAST run to just two days. Greater speed-up of BLAST is achieved simply by adding more machines to the TurboBLAST system."

BlackCluster-2 for high speed web service. BankHacker.com, a Spanish Linux company, announced BlackCluster-2, a Linux cluster system for high performance HTTP servers. The cluster uses AMD Duron and AMD Athlon processors, and runs Red Hat Linux.

NuSphere introduces NuSphere MySQL Advantage 2.0. NuSphere has announced the availability of "NuSphere MySQL Advantage 2.0," a MySQL-based web development package "for small- and medium-sized enterprises."

New version of 'DNS and BIND' from O'Reilly. O'Reilly has announced a new edition (the fourth) of DNS and BIND. This edition covers BIND 9, various new DNS standards, and more. The security chapter has been made available online.

Also out from O'Reilly is Oracle &Open Source: Tools and Applications.

FreePM Adds 3000 Drug Objects to Formulary. FreePM is a template driven system that utilizes open-source software to provide physicians with an easy to use, easy to modify medical record management solution. FreePM recently announced that it now has 3000 drug objects available for download.

April issue of LPI-News. Here's the latest issue of the Linux Professional Institute (LPI) Newsletter. This month includes:

  1. Linux Jobsite webpage.
  2. Comdex Chicago.
  3. IBM and NEC purchase bulk blocks of vouchers.
  4. Level 2 - Progress
  5. LPIC-1 Graduates as of March 31st 2001; 430
  6. IBM Press release.

Linux Stock Index for April 26 to May 02, 2001.
LSI at closing on April 26, 2001 ... 30.99
LSI at closing on May 02, 2001 ... 33.58

The high for the week was 33.58
The low for the week was 30.99

Press Releases:

Open source products

  • Global Software Consultants (ORLANDO, Fla.): Open-Source Software Opens Door for Web Entrepreneurs. GSC is creating open-source applications specially designed for small to mid-size businesses and offering additional products and services.

  • SAP AG (): SAP DB; open source database. SAP DB is an open, SQL-based, relational database management system. The database kernel is released under the GNU General Public License and the GNU Lesser General Public License is used for clients and programming interfaces.

Distributions and bundled products

Proprietary Products for Linux

Servers and Desktop Systems

Products and Services Using Linux

Products With Linux Versions

Books & Training

Partnerships

Investments and Acquisitions

Personnel & New Offices

Linux At Work

Other

Section Editor: Rebecca Sobol.


May 3, 2001

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 On the Desktop
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

See also: last week's Linux in the news page.

Linux in the news


Companies

Turbo-Linuxcare Merger Implodes (Linuxgram). Linuxgram reports on the cancellation of the Turbolinux/Linuxcare merger. "[Linuxcare CEO Art] Tyde's reasons for the bust-up were more a matter of direction and individual goals although [Turbolinux CEO Paul] Thomas said that Turbolinux intends to cease being a distribution company by the end of the year and become a systems management platform, a move that will put it in direct competition with companies such as BMC and Computer Associates, not to mention of course the ever-constant Microsoft and the rival distributions, Red Hat, SuSE and Caldera, which are all searching for ways to exit the pure distribution game."

Linuxcare, Turbolinux reverse merger plan (News.com). News.com looks at the collapse of the Turbolinux/Linuxcare merger. "[Art] Tyde said that after the merger cancellation details are worked out, Linuxcare likely will lay off more staff, in addition to staff cuts announced in February. And the company will abandon the technical support business plan that had been at its heart since the company started promoting itself in February 1999."

Open source's black hole (ZDNet). ZDNet's Evan Leibovitch rips into Apple in this opinion column. "No one outside the world of Mac advocates actually buys into the myth that exploiting Mach represents a change in Apple's closed corporate attitude. Apple simply found a source of cheap high-quality systems software that it could make its own without needing to give back so much as a bug fix, let alone useful software projects."

VA Linux issues third earnings warning (News.com). News.com covers VA Linux' third quarter warning. "VA did report increasing demand for its consulting services and its Open Source Development Network, a Web OSDN site with news, programming projects and other resources."

Caldera latest Linux company to cut jobs (News.com). News.com reports on the layoffs at Caldera, as well as Stormix shuttering its doors. According to the report, Stormix reported on their web site the company "has suspended its operations and has gone into 'hibernation' mode. Since all of Stormix's employees are regrettably laid off, we can no longer offer support."

Google Defies Dot-com Downturn (TechWeb). TechWeb looks at Google's booming business. "While other e-businesses are cutting back, Google is increasing its infrastructure as fast as it can, doubling the size of its server farm in the last 10 months, to 8,000 systems." And Google runs Linux on all its servers.

SGI promotes CFO, boosts Linux effort (News.com). News.com has posted an article about SGI which covers the promotion of Hal Covert to President (he was once the CFO at Red Hat), and the release of the XFS filesystem. "SGI is banking on Linux for computers using Intel's upcoming Itanium chip, expected to be announced late this May, according to a source familiar with the plan. Part of the company's longer-term effort to accommodate the chip consequently relies on improving Linux in directions where SGI thinks it can do better than the competition."

Sun, IBM take server brawl to the streets (News.com). "Peace, Love and Linux" vs. "the dot in dot-com". This article looks at the rivalry between Sun and IBM. "Sun executives have derided the initiative at Big Blue, saying IBM is grasping at Linux the way it grasped at Windows for servers in earlier years. Sun believes its Solaris version of Unix is better and that IBM is distracted by having so many different operating systems to support."

Linux Training Pyramid Topples (Wired). A deeper look into the inner workings of LinuxGruven appears to be turning up unethical business practices, among other things. "In March, 2000, the Better Business Bureau opened a file on Linuxgruven. The Bureau's records indicate 'this company has an unsatisfactory business performance record with the Bureau, due to a lack of response to customer complaints that were brought to Linuxgruven's attention by the Bureau.'"

Trials and Tribulations

DeCSS code-crack dispute back in court (ZDNet). ZDNet covers the return of the DeCSS case to the US courts. "Other sites named in the suit caved and removed the code, leaving 2600 and its publisher as the only defendants in the case. After a lively trial featuring teen hackers, computer scientists and record executives, New York Federal District Judge Lewis Kaplan sided with the MPAA, ruling that 2600 could neither post nor link to the code.

The Electronic Frontier Foundation (EFF), which is representing 2600, appealed the ruling in January 2001, calling it a blow to the First Amendment."

Hacker Mag Faces Tough Hearing (ZDNet). ZDNet is running a Reuters article on the first day in the DVD case appeal. "The movie industry had targeted as many as 500 individual sites in more than ten nations in late 1999 when DeCSS started to become freely available over the Internet -- as part of a bid to stifle the rise of this video equivalent of Napster."

Regardless of any particular feelings about Napster, descriptions of DeCSS as its "video equivalent" need to be challenged. There is not much equivalence there...

Studios Demand Internet Services Block Access to Pirated Movie Programs (Oregonian). According to this article in The Oregonian, the MPAA is now pressuring Internet service providers to shut down customers who are using Gnutella. "Gnutella doesn't rely on a central catalog. In fact, it's an open-source program, meaning that no one really owns or operates it. So controlling it isn't as easy. 'They are really trying to put the cat back in the bag,' said Lydia Pallas Loren, an associate law professor at Lewis & Clark Law School who specializes in cyberlaw."

Business

The Market Channel That Makes Linux Go (Consulting Times). This Consulting Times article looks at how resellers help Linux. "Ron Herman's association has done what start-up Linux companies tried and failed. They provide the per-incident help desk support companies need to use Linux. They provide an association where small independent Linux companies can find resources to bid on jobs. They can help the independent Linux consultant win and keep business. Linux consultants wanting products to offer customers might do themselves a favor by looking at the products "the channel" provides." (Thanks to Tom Adelstein)

Microsoft issues bounty for OS-less PC buyers (Register). The Register looks at Microsoft's 'turn in your customers program'. "While stopping just short of claiming that anyone buying a PC without an OS is a de facto criminal, MS obviously reckons that doing so would be outré enough to qualify one for suspicion, or referral to a shrink."

For information on this program, which offers prizes to system resellers for telling Microsoft about orders for systems without operating systems, see this page.

Microsoft wants you... (ZDNet). Here's ZDNet's take on Microsoft's "turn in your customers" program. "Worried that your customers might take offense? Don't be, Microsoft reassures you. While you may have compromised your customer's privacy, your privacy will still be protected: 'Microsoft will not disclose your Company's identity as the source of the bid information.'"

Linux hype?. Dave Finton pointed out this pair of articles to us. 32BitsOnLine is carrying an article called Linux: A Story Of Hype, which says that Linux will not survive the release of Windows XP. "I don?t want our readership to get the wrong impression, but let?s face it, Linux will never replace Windows. There was a lot of hope that Linux would even make a mark in the enterprise. Unfortunately, I don?t see it happening. Large companies like the fact that Windows comes with Bill Gates. If I were the CIO of a large firm, I would sleep better knowing that I could shift blame to Bill Gates. Wouldn?t you? It?s nice to know that I can have access to Linux?s source code, but without someone to whom I can shift blame, I would not want my organization to have to suffer through the task of testing a, well, untested operating system. "

LinuxToday is running a response to this attempt to spread FUD (fear, uncertainty and doubt). "Microsoft on the desktop has held its market share. Microsoft has let its server share slip dramatically. NT workstations have major competition from Linux, Sun Solaris, HP UX and AIX especially with GNU program support. Every major UNIX distribution has fresh ports of GNU distributions on their web sites."

Products

Sony tests Linux on PlayStation 2 (ZDNet). ZDNet has posted an article on Sony's PlayStation 2 announcement. Sony will be releasing an official version of Linux to run on the PlayStation 2. "Users will receive a hard drive with built-in 10Mbit Ethernet socket that will plug into the console's PCMCIA slot, a mouse and a keyboard, as well as a PS2-compatible version of the popular open source operating system. The PS2 Linux Kit will cost the equivalent of about $200 and will go on sale in June 2001the Japanese market".

As previously mentioned, the PS2 Linux Kit will only be released to to the Japanese market. Initially, only a 1,000 copies of the kit will be manufactured; additional copies will be dependent on demand. Some have asked how Sony can restrict the Linux kit from becoming available outside Japan. Please note that the kit itself includes hardware components. Once the kit has been sold, the GPL'd portions of the code included can be redistributed, but that will not include the hardware and presumably any proprietary code shipped with the system in order to interface with the hardware.

Sony to release Linux for PS2 (News.com). News.com takes a look at the Sony PlayStation 2 Linux kit. "Sony selected Linux to help game developers simulate the PlayStation 2 so they could get a jump on creating games before the actual hardware was available."

IBM Unveils iServers That Allow Sub-CPU Partitions (TechWeb). TechWeb takes a look at IBM's new iServer series for Linux. "The new OS/400 V5R1 operating system can handle up to 32 partitions in a single system.

Some of those partitions can be Linux. Because of the operating system support, Linux applications written for an iSeries server can also be run on IBM's pSeries, formerly known as the RS/6000 servers, said [iSeries product marketing manager Ian] Jarman. The operating system includes a virtual I/O features which allows the same hard disks to be shared by OS/400 and Linux applications, allowing multiple virtual servers to be managed on a single iSeries, he said."

Update on teeny weeny Linux SBCs (LinuxDevices). LinuxDevices.com presents a sampling of some "teeny weeny" embedded Single Board Computers that support embedded Linux. "A growing number of extremely small, yet highly integrated, single board computers (SBCs) make it increasingly easy to embed Linux in a wide range of applications, from handheld devices to embedded instruments."

Reviews

Security: Not Just for SysAdmins (Linux Journal). The Linux Journal has reviewed Real World Linux Security by Bob Toxen. "I would highly recommend this book to any Linux SysAdmin (and user) interested in securing their Linux systems. From practical hands-on tips and techniques to detailed explanations of attacks and other Linux security issues, this book is a must-read for anyone interested in Linux security."

Heat is on Windows (ZDNet). ZDNet reviews Samba 2.2. "For basic file sharing and print sharing in a Windows client environment, Samba 2.2 offers plenty of reasons to look beyond Windows server operating systems in settings where Samba's lack of trust relationship and BDC (backup domain controller) support doesn't matter." (Thanks to Jeremy Allison).

Living Cheaply: SuSE 7.1 and USB on a Budget Box (SignalGround). The price performance on AMD's Duron processor inspired SignalGround to give it a try, using SuSE's latest version at the same time. Total cost of the test system: $474 (not including the $75 for SuSE 7.1). "If you're living on a budget -- and who among us isn't? -- you can still build yourself a powerful system for a very modest price. On top of that, you can't go wrong with SuSE 7.1. I was extremely impressed. Its hardware support is the best we've seen, and the whole package is put together well".

Commentary: Jxta usable, but for what? (News.com). C|Net says that while Sun's new Jxta offers promise, it is not clear what that promise is. "The problem--as with several of Sun's technologies, including JavaSpaces, Jini and those in the Sun Open Network Environment--is that the company has failed to develop and articulate a strategic vision of how the technology is to be implemented."

Miscellaneous

Ninth Annual International Python Conference (Linux Journal). Linux Journal covers the Python Conference held back in early March. "Last year, Guido used the code name "Python 3000" to refer to a mythical future version that would be perfect but not necessarily backward-compatible. Since then, the Python team has realized that a quantum leap is not necessary. All desired changes can be implemented gradually using the new warnings framework and the __future__ module to give users a transition period."

Penguin, 'Mad Dog' Visit Africa (Wired). Linux International Executive Director Jon "maddog" Hall will take open source to Africa this week, according to this Wired news story. "This is where the battles in the software industry will be held. Open-source advocates believe that when African governments start viewing a deeper usage of technology as a higher priority than it currently is, they will decide to ditch proprietary software in favor of open-source software."

Party like it's 999,999,999 (BBC). The BBC News covers the one billionth second (in Unix time). The 1,000,000,000 second since 0000 GMT 1 January, 1970 happens at 0146 GMT on 9 September, 2001. "Hans Schou, one of the members of the [Skåne Sjælland Linux User Group], said it is planning to combine the billion-second commemoration with a party celebrating 10 years of Linux - an operating system built around the heart of Unix." (Thanks to Andy Gibb)

Section Editor: Rebecca Sobol


May 3, 2001

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 On the Desktop
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

See also: last week's Announcements page.

Announcements


Resources

Jargon File 4.3.0. Eric Raymond has released version 4.3.0 of the Jargon File. "This version 4.3.0 is intended specifically to recognize and honor the wonderfully insane hackers of the Bergen Linux User's Group in Bergen, Norway. In perpetrating the world's first implementation of RFC1149 ('A Standard for the Transmission of IP Datagrams on Avian Carriers') they have pulled off what may just be the funniest, cleverest hack of the last fifteen years."

Linux Gazette #66. The Linux Gazette Issue 66, May 2001, is now available. It contains the usual mix of news, reviews, interviews, humor and helpful hints.

High-performance programming techniques on Linux and Windows 2000 (IBM developerWorks). Here is the first in a series of articles comparing Linux (with 2.4 kernel and with 2.2 kernel) to Windows 2000. This one is about setting up timing routines.

Tip Of The Week: Chek Ur Speling (LinuxLookup). Learn about Linux spell checking that can be run from the command line.

The Struggle for RAID (Duke of URL). Duke of URL has posted an article covering the installation of Promise FastTrak 66, 100 and Lite IDE RAID cards under Linux.

Events

Debian at Braunschweiger Linux-Tage. Debian will have a booth at Braunschweiger Linux-Tage, in Braunschweig, Germany, May 4 - 6, 2001.

Applied Computing Conference and Expo announces keynote speakers. Annabooks Events announced the keynote addresses that will be presented at this year's conference, scheduled for May 14 - 17, 2001 at the Santa Clara Convention Center, Santa Clara, Calif.

Embedded Systems Conference Chicago. CMP Media announced the program for the Embedded Systems Conference Chicago, July 9 - July 12, 2001.

Events: May 3 - June 28, 2001.
Date Event Location
May 4 - 6, 2001Braunschweiger Linux-TageBraunschweig, Germany
May 5 - 6, 2001Linux Certification BootcampCupertino, California
May 8 - 10, 2001LinuxWorld(New Zealand ExpoCentre Greenlane)Auckland, New Zealand
May 9, 2001Linux@workOslo
May 9 - 10, 2001Linux ExpoSao Paulo, Brazil
May 10, 2001Linux@workStockholm
May 10 - 12, 2001LinuxWorld TaiwanTaipei, Taiwan
May 11, 2001Linux@workHelsinki
May 13 - 17, 2001Spring 2001 Enterprise Linux Implementation ConferenceSan Jose, CA
May 14 - 17, 2001The 2001 Applied Computing ConferenceSanta Clara, CA
May 15, 2001Linux@workFrankfurt
May 15 - 18, 2001Linux ExpoShanghai, China
May 16, 2001Linux@workZurich
May 17, 2001Linux@workMilan
May 18 - 19, 20012nd Magdeburger LinuxtagMagdeburg, Germany
May 18, 2001IST programme actions on free / open source software developmentBrussels
May 19 - 20, 2001LinuxCertified.com Linux FundamentalsCupertino, California
May 20 - 23, 2001eXtreme Programming(XP2001)Sardinia, Italy
May 24 - 26, 2001LinuxWorldKorea
May 29 - 31, 2001II Forum Internacional do Software LivreBrazil
June 6 - 7, 2001Linux ExpoMilan, Italy
June 7 - 8, 2001Second European Tcl/Tk User MeetingGermany
June 11 - 14, 2001Hot Springs Educational Technology Institute conference(Hot Springs High School)Hot Springs, Arkansas
June 12, 2001Linux@workLondon
June 13, 2001Linux@workParis
June 14, 2001Linux@workBrussels
June 15, 2001Linux@workAmsterdam
June 20 - 21, 2001Linuxdays 2001St. Pölten, Austria
June 25 - 30, 2001USENIX Annual Technical ConferenceBoston, Massachusetts

Web sites

Donald K. Rosenberg at OT Land. LogOn Technology Transfer announced the launch of OT Land with a series of articles on Open Source Software by Donald K. Rosenberg.

User Group News

Two LUGOD events. LUGOD (Linux Users Group of Davis) announced a Linux Installfest workshop in conjunction with the UC Davis Computer Club, on May 20, 2001, in Engineering Unit II at UC Davis (Davis, California).

Then on June 5, 2001, Borland Software Corporation will present Kylix Rapid Application Development IDE at the LUGOD meeting held at Z-World in Davis.

LUG Events: May 3 - May 17, 2001.
Date Event Location
May 3, 2001Linux User Support Team, Taegu(LUST-T)Taegu, Korea
May 3, 2001Edinburgh LUG(EdLUG)Edinburgh, Scotland
May 5, 2001Twin Cities LUG(TCLUG)Minneapolis, MN
May 5, 2001Sheffield LUG(ShefLUG)University of Sheffield, UK
May 7, 2001
May 17, 2001
Rice University LUG(RLUG)Houston, TX
May 7, 2001Baton Rouge LUG(BRLUG)Baton Rouge, LA.
May 8, 2001Victoria LUG(VLUG)(University of Victoria)Victoria, British Columbia
May 8, 2001Long Island LUG(LILUG)(SUNY Farmingdale)Farmingdale, NY
May 9, 2001Toledo Area LUGToledo, OH
May 9, 2001Columbia Area LUG(CALUG)(Capita Technologies Training Center)Columbia, Maryland
May 9, 2001Silicon Corridor LUG(SCLUG)(Back of Beyond pub in Kings Road)Reading, UK
May 9, 2001San Antonio Linux Users Group(SATLUG)(Cisco Offices)San Antonio, TX
May 10, 2001Boulder LUGBoulder, CO
May 10, 2001Phoenix Linux Users Group(PLUG)(Sequoia Charter School)Mesa, AZ.
May 12, 2001Consortium of All Bay Area LinuxMenlo Park, CA
May 12, 2001Route 66 LUGLa Verne, CA
May 15, 2001Bay Area LUGSan Francisco, CA
May 15, 2001Kansas City LUG Demoday(KCLUG)(Kansas City Public Library)KC, Missouri
May 15, 2001Linux Stammtisch(Bandersnatch Brew Pub)Tempe, AZ
May 16, 2001Central Iowa LUGWest Des Moines, IA
May 16, 2001Linux User Group in GroningenThe Netherlands
May 16, 2001Arizona State University LUG(ASULUG)Tempe, AZ
May 17, 2001St. Louis LUGSt. Louis, MO.
May 17, 2001Omaha LUG(OLUG)Omaha, Nebraska
May 17, 2001South Mississippi LUG(SMLUG)Gulfport, Mississippi


May 3, 2001

   

 

Software Announcements


Here are this week's Freshmeat software announcements. Freshmeat now offers the announcements sorted in two different ways:

The Alphabetical List and Sorted by license

 

Our software announcements are provided courtesy of FreshMeat

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 On the Desktop
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

See also: last week's Linux History page.

This week in Linux history


Three years ago (May 7, 1998 LWN): The Uniform Commercial Code, also known as the "shrink wrap license" law, now known as UCITA, was the subject of this lengthy discussion.

Former Debian leader Bruce Perens raised a heated discussion in the Debian community when he announced plans to build a new Linux distribution, based on Red Hat Linux. Bruce never built that new distribution, at least not directly. The Linux Standard Base, initially headed by Bruce, now has the reference implementation he wanted. He then later accepted a position as CEO of the Linux Capital Group, which funded Ian Murdock's Progeny Linux Systems, which created Progeny Debian, yet another new distribution.

In any case, Bruce's set of goals for his dream distribution remain interesting.

A nifty new search engine, then known as "google.stanford.edu," hit the net.

According to this ZDNet article two big database providers had no plans to port to Linux.

Database makers Oracle Corp. and Informix Software Inc., whose wares near the top of the Linux community's wish-list, both say they have no plans to support Linux. "We do 16 ports right now, and I could easily add another one. But we don't want to do it unless it makes sense," says Mike Saranga, Informix's senior VP of product management and development.

I guess it finally made sense because database products are now available for Linux from Oracle, Informix, SAP AG and others.

Two years ago (May 6, 1999 LWN): The Mindcraft III benchmarking effort was announced. The results of Mindcraft II had never been released. This time Mindcraft invited Linux experts to tune the Linux system used in the test. In this round of testing some performance issues were found in the Linux kernel; the exposure helped get these issues fixed. Also, countering the claims that Linux tuning information was not readily available, two new sites, TuneLinux.com and Linux Performance Tuning announced their existence. TuneLinux has not been updated in over a year, but the Linux Performance Tuning page is still active.

It is also worthwhile to take a look at Dan Kegel's site which reports, "As of February 2001, performance on the SAP database benchmark on a 4 CPU machine is dramatically better with 2.4 compared to 2.2."

Here's how VA Linux systems looked two years ago, according to Forbes:

Duplicating a Dell-type direct sales model, VA Research is solidly profitable, with a net margin of more than 10%. [Larry] Augustin estimates that revenues will double every quarter for the next two years. VA is shooting for $1.5 billion-plus in sales during the next five years. So far, for the first quarter 1999, Augustin has kept his promise: Sales are up 300% sequentially.

Development of a USB subsystem for the Linux kernel got a bit of a jump start when Linus decided to ignore the existing Linux USB efforts, and tossed a completely new implementation of his own making into the 2.2.7 kernel.

One year ago (May 5, 2000 LWN): The media wanted to know where the 2.4 kernel was. There were several articles remarking on slipped schedules (as if an actual schedule ever existed). This ZDNet article quotes Linus Torvalds:

"We didn't much have a timetable for 2.4 originally, except that everybody knew that the two and a half years between 2.0 and 2.2 was too painful," Torvalds said. "The original hope was to have a release schedule between nine and 12 months, which everybody thought was wonderful, but at the same time a lot of people wondered about how it would work with a minimum three-month testing cycle. Right now it's been about 15 months since 2.2, and it's almost certainly going to be at least three more months," Torvalds continued. "Oh well. More than I would have liked, but not surprisingly so." Torvalds said a big part of the reason that 2.4 is running behind schedule is the same reason that Windows releases so often run late: Developers always want to add just one more feature.

In reality the 2.4 kernel wasn't released until January of this year, about 23 months after 2.2. Well the cycle was a bit shorter, only two and a quarter years instead of two and a half. Besides we all know that when it is released is not as important as how well it works and, of course, we like all those cool new features.

Dr. Dobb's Python-URL, a weekly look at postings on comp.lang.python, included Martijn Faassen's story of the "really early days of Python".

Decades passed while Gordon and the timbot did their work. The timbot sent off some surreptitious messages to various people. John McCarthy got a few hints on recursion. Bill Gates was funded by an anonymous investor. (so, they needed the money! what?!) Larry Wall received a pamphlet on postmodern linguistic analysis. And one christmas, Guido van Rossum received a thick envelope containing the complete plans for a working time machine.

Just in case you were wondering...

Linuxcare laid off a substantial portion of its workforce - estimated at about 35%, and canceled its pending IPO. LWN wrote that "Linuxcare has the dubious honor of being the first open source downsizing. One can only wish that it will be the last." Unfortunately, Linuxcare was not the last open source company to downsize, nor was the last such event for Linuxcare itself.

In contrast, VA Linux Systems was on a spending spree. It was in the process of acquiring Andover.Net (but the $60 million cash payment had just been dropped from the deal - VA is probably happy to have that money now), and also announced the acquisition of Precision Insight.


May 3, 2001

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 On the Desktop
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

See also: last week's Letters page.

Letters to the editor


Letters to the editor should be sent to letters@lwn.net. Preference will be given to letters which are short, to the point, and well written. If you want your email address "anti-spammed" in some way please be sure to let us know. We do not have a policy against anonymous letters, but we will be reluctant to include them.

May 3, 2001

   
From:	 Michael Stutz <stutz@dsl.org>
To:	 robin@eff.org, webmaster@eff.org
Subject: Concerns with EFF's Open Audio Licensing strategy
Date:	 Wed, 25 Apr 2001 11:54:31 -0400
Cc:	 me@ram.org, linart@li.org, antomoro@free.fr, hemos@slashdot.org,
	 lessig@pobox.com, cc@cyber.law.harvard.edu, barlow@eff.org, lwn@lwn.net


Dear Robin Gross, et al.:

Why would the EFF make a new special-purpose license to promote free
music instead of working with the long-existing free art community?
Has the EFF been unaware of these efforts, outlined in places such as
<http://dmoz.org/Computers/Open_Source/Open_Content/>,
<http://linart.net/>, <http://ram.org/ramblings/philosophy/fmp/>,
<http://dsl.org/copyleft/>, <http://antomoro.free.fr/c/lalgb.html>,
and <http://www.gnu.org/philosophy/license-list.html>? If not, why is
the EFF endeavoring to do this?

The new music licensing scheme brought forth by EFF ignores the
musicians and artists who have been working on and using free
licensing for years, working independently, unsupported by corporate,
government, or non-profit backing, and doing it through our own
initiative. Our music, although free and "open source," will remain
incompatible with the EFF's new license, because it has not taken
existing free music licensing into consideration.

With this new Open Audio License, the EFF organization is effectively
promoting an alternative that is incompatible with the more robust
solutions that are already available. The artists and designers who
have been copylefting or otherwise freeing their work long before
anyone ever spoke of "open content" are not even linked to or
acknowledged in the EFF's IP resource links section -- making this
seem, from my perspective, more like a political move whose intent is
unclear or even dubious.

There is a danger to making more and more special-case licensing; if
there exists licenses for every type of work, from music to manuals,
all made by many different organizations, those works will all remain
incompatible with each other -- even when all such works are,
supposedly, "open." These gated communities are no architectural
recipe for a "vibrant commons."

That said, nobody is promoting or aiding free art and music, and the
EFF's assistance in this effort would be welcomed and appreciated. My
suggestion is to work with and solicit input from existing efforts --
and not try to segment the community even further, or pretend that
better solutions do not already exist. We have a lot to accomplish and
there is plenty of work for everyone.


Michael Stutz
   
From:	 Eric Smith <eric@brouhaha.com>
To:	 letters@lwn.net
Subject: someone to blame
Date:	 1 May 2001 21:19:09 -0000

On 30-Apr-2001, you quoted 32BitsOnLine as saying "I would sleep better
knowing that I could shift blame to Bill Gates."  If you run MS software,
you do indeeed know that there's someone to blame.  However, this
"accountability" plus $2 will buy you a cup of coffee.

With Linux there may not be anyone to blame, but since Linux is much more
robust, I've rarely had any serious problems.  The few major difficulties
I've had were solved very quickly with help from people on mailing lists
and news groups.  Personally I much prefer getting very quick fixes to
my problems over having someone to blame.

Eric Smith
   
From:	 Florian Cramer <paragram@gmx.net>
To:	 letters@lwn.net
Subject: Complaint about "On the Desktop" section
Date:	 Thu, 26 Apr 2001 15:48:08 +0200

Dear editors, 

I read lwn since its first issues and find it by far the best
information source on Linux, GNU and Free Software. Your editorials are
well worded and express opinions very thoughtfully while the other
sections provide extremely concise and helpful information. So I am
disappointed that your new section "On the Desktop" doesn't meet your
standards at all. Its verbosity is in a sharp contrast to the little
information it provides. It seems as if the editor of this section is
unfamiliar with desktop linux and reporting rather his personal
experiences with getting acquainted with the subject matter. 

The confusion in the two previous LWN issues about KDE 2.x and Mico is
telling, all the more, since your editor created new confusion when he,
correcting his previous mistake, mixed up CORBA, the low-level component
protocol, with high-level component models on top of CORBA like Gnome's
Bonobo. The "On the Desktop" section unfortunately reminds me of the
cluelessness of Joe Barr's "LinuxWorld" columns. It would be nice if it
could be improved to be on par with the rest of LWN. 

Bests,

Florian Cramer

-- 
http://userpage.fu-berlin.de/~cantsin/
http://www.complit.fu-berlin.de/institut/lehrpersonal/cramer.html
GnuPG/PGP public key ID 3D0DACA2 
   
From:	 Mike Richardson <mike@quaking.demon.co.uk>
To:	 letters@lwn.net
Subject: Re: Google Data
Date:	 Fri, 27 Apr 2001 13:52:25 +0100

I've no doubt that a lot of interesting data could be culled from Google. 
However, one had better be carful about interpreting it:

>The first thing I noticed is that the references to free software and open
>source combined are an order of magnitude less than the references to Linux.
>This seems to indicate a significant disparity between the popularity of
>Linux and any knowledge of the philosophies behind the movement that created
>it.

I suspect this is more likely due to a disparity in the number of pages like 
"Getting the XYZ card to work on Linux" as compared to "Getting the XYZ card 
working on Open Source", particularly as Google picks up lots of pages from 
mail archives.

>Another thing to notice is that only a small number of page include
>references to both RMS's "Free Software," and ESR's "Open Source."
>Moreover, almost twice as many pages use the Open Source designation
>exclusively. This seems to indicate that there is some real disagreement
>about which term to use, and the Open source people seem to have been a
>somewhat more effective in advocating their particular rhetoric, and
>associated philosophy.  

Maybe. Or then again, is might be that people know which term they want to 
use and use it (and don't use the one thay don't mean). I'd agree with the 
last sentance though.

>Another somewhat surprising piece of information is that Linux trails only
>slightly behind Porn in number of page references on Google. 

My brief experince of porn on the net (just looking to see if the fuss in the 
press matches reality, honest!) suggests that porn sites are heavy on 
pictures and short on words (that figures). If you could search by picture 
content I fear than Linux would loose.

>I once was part of a cultural anthropology project which analyzed writings
>on bathroom walls

OK, this has nothing to do with linux, but seen amongst the graffiti on a 
toilet wall in the University of Cambrige (the original one) University 
Library: "To the lavatory cleaner; why not burn some books at the same time?"

Regards
Mike

-- 
mike@quaking.demon.co.uk
http://www.quaking.demon.co.uk
   
Eklektix, Inc. Linux powered! Copyright © 2001 Eklektix, Inc., all rights reserved
Linux ® is a registered trademark of Linus Torvalds