[LWN Logo]
[LWN.net]

Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise news for all interests


Sections:
 Main page
 Security
 Kernel
 Distributions
 On the Desktop
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

Other LWN stuff:
 Daily Updates
 Calendar
 Linux Stocks Page
 Book reviews
 Penguin Gallery

 Archives/search
 Use LWN headlines
 Advertise here
 Contact us

Recent features:
- RMS Interview
- 2001 Timeline
- O'Reilly Open Source Conference
- OLS 2001
- Gaël Duval
- Kernel Summit
- Singapore Linux Conference
- djbdns

Here is the permanent site for this page.

See also: last week's LWN.

Leading items and editorials


Linux costs less to insure. In the U.S., at least, a number of important changes happen not as a result of government regulation, but as a result of insurance company requirements. Insurance companies, of course, have a strong motivation to stay on top of certain types of problems - they end up paying for them, in the end. So they attempt to encourage safer behavior through their premiums.

So it is interesting to see the insurance industry begin to flex its muscles in the operating systems arena. Consider this News.com article on the business of "hacker insurance":

Okemos, Mich.-based J.S. Wurzler Underwriting Managers, one of the earliest agencies to offer hacker insurance, has begun charging its clients anywhere from 5 to 15 percent more if they use Microsoft's Windows NT software instead of Unix or Linux for their Internet operations.

This policy is the result of "hundreds of security assessments" done by the company.

In this policy change, we have (perhaps) the first quantitative assessment of the relative costs of Windows and Linux security problems. While it is nice to see a (hopefully) objective result that favors Linux, it is also a little disappointing. 5-15% is a fairly small margin; we should really be able to do better than that. It's a start, anyway.

On the auditing of free software. One of the advantages of free software is said to be the greater degree of auditing of the code. The source is available to anybody, so of course people are looking it over for problems. "All bugs are shallow" and so on. Right?

The truth seems to be a bit less encouraging. People stumble across "obvious" bugs in old code on a regular basis. Most projects have more than their share of ugly code, well below the quality one would expect from a system based on peer review. Common security problems turn up in code that has been in service for years. If wide-scale auditing is happening, it certainly is missing a lot of problems.

But it seems increasingly clear that this degree of auditing is not happening. At the recent Kernel Summit, one high-level hacker was heard to mutter that only a very small percentage of the kernel code had ever been read by anybody other than the original author. And the kernel is one of the most heavily audited free software packages available.

What is going on here is fairly obvious when you think about it. Auditing code tends to be unpleasant, tedious work. Learning a large code base is hard, but until a hacker really understands the package being audited, any fixes are more likely to create bugs then remove them. But once you reach a point where you can confidently audit code in a particular program, you're also at a level of understanding where you can spend your time creating cool new features instead.

In other words, the choices available to a talented hacker are generally (1) spend your time on tedious code auditing, and remain an obscure participant, or (2) create something new and exciting, and maybe become famous. Or something like that. It is not surprising that auditing work tends not to get done.

It sure would be nice if more such work did happen, though. Software truly benefits from being looked at by multiple people. More projects should consider setting up "janitorial" groups to encourage auditing activities and to help new hackers get going with the code. The various companies out there that depend on Linux could also, perhaps, dedicate some of their staff time to auditing tasks. Also helpful, of course, is the development of automated auditing tools (see this week's kernel page).

Even better would be a shift in free software community ethics to recognize code auditing as the crucial and difficult task that it is. There is, at times, too much emphasis on the people who crank out the code, and not enough on those who really make it work for everybody. When auditing becomes a highly appreciated effort, maybe free software will achieve its potential for top-quality code.

IP Filter licensing followup. Our story last week on the IP Filter licensing issue drew a fair amount of attention and mail. Several of our readers politely pointed out that one aspect of our reporting was not quite accurate: FreeBSD, as it turns out, does not use IP Filter as its standard firewalling system. IP Filter is an option, but the default firewalling code for FreeBSD is the free "ipfw" package.

OpenBSD, meanwhile, has chosen to drop IP Filter as a result of the licensing problems.

Anybody wondering whether these choices were wise may wish to peruse this article in the OpenBSD journal, and, in particular, read IP Filter owner Darren Reed's comments. They speak for themselves, and should help any prospective user decide whether it is a good idea to depend on this particular package.

Linux and TV's. This week, Princeton Graphic Systems announced a TV running an embedded Linux kernel. The use of Linux in embedded systems is certainly not new, but a look at just how many projects are aimed at the couch potato crowd might be interesting. Aside from the Tivo, Linux has seen a surge in projects aimed at the ubiquitous cable set-top box.

NetGem seemed to start the flurry with an announcement in April 1999 of their NetBox Cable, the first set-top box to run on the Linux OS for cable-based Internet access. Lineo followed later that year with a project partnered with MeterNet in September of 1999. In January 2000, the company's Linux offering was selected for a box from Bast for use in hotels and apartments. Neither project has been heard from since. Coollogic suggested they had been shipping their e-Pilot box since October of 1999, though LWN.net got word of shipment in April of 2000.

Fast forward to 2001 and you'll find the collection of players has boomed. Aside from the aforementioned Princeton Graphics Systems offering, Sylvania has their own TV, while Nokia is set to launch their much hyped Media Terminal. On the downside, though, the highly anticipated Indrema game box is, alas, no more. That is only to be expected; not all companies can be expected to succeed. It is still interesting to see more and more of them choosing to bet their future on Linux.

LinuxDevices.com's Cool Devices Quick Reference Guide gives a complete run down of other interesting products running Linux.

Inside this week's Linux Weekly News:

  • Security: European Parliament recommends encryption and Open Source software, new vulnerabilities in gnupg, Webmin, and TWIG. More distribution updates.
  • Kernel: 2.4.5, the Stanford checker returns; 2.4 virtual memory stability.
  • Distributions: Red Hat, SuSE and Turbolinux announce Itanium ports, Yellow Dog Linux 2.0 ships, Lanthan Linux added to the list.
  • On the Desktop: Printing issues but skip the tissues (the desktop is not dead)
  • Development: WaveSurfer, new PostgreSQL and mnoGoSearch, an Animation Editor, the GNet network library, FHS 2.2, Java 3d and JMF.
  • Commerce: Here comes the Itanium.
  • History: "Lignux", the importance of faith, Python's first move.
  • Letters: GPL boundaries, software bloat, desktop page
...plus the usual array of reports, updates, and announcements.

This Week's LWN was brought to you by:


May 31, 2001

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 On the Desktop
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

See also: last week's Security page.

Security


News and Editorials

European Parliament Report on Echelon. A European Parliment report released on Tuesday, March 24th, 2001, based on seven months of testimony, concluded that a world-wide spy network does exist. A leaked copy of the report is available, thanks to the ever-useful Cryptome site.

It makes for interesting reading - if you have a lot of time. Those in a bit more of a hurry may need to content themselves with this CNN article. The report appears confident that the "world-wide spy network" exists, and that it directly involves the U.S., Britain, Canada, New Zealand and Australia. Note that, while confirming that such a network was started back in 1948, the US and British administrations flatly deny that it continues to exist.

Meanwhile, from the Free Software and Open Source community perspective, two strong recommendations are made in the report that concern us directly: "The report recommends the routine encryption of all electronic mail and the use of open source software -- where the code of programs is open to both private and official inspection."

This is a confirmation of what we've predicted for several years, that world-wide governmental security needs would push the demand for Free and Open Source software. It is fun to be watching as those predictions bear fruit.

Quarterly CERT summary. Here is the quarterly CERT summary listing the most significant outstanding security issues on the net. There are few surprises there - the same old BIND vulnerabilities continue to be exploited, indicating that many sites still have not applied fixes for them.

The RISKS of calculating Pi in binary. From the RISKS digest we have this bit of amusement on the dangers of calculating Pi in binary. Among other things, one risks prosecution for violation of the Digital Millennium Copyright Act and exposure to nasty cracking software. Be careful out there.

Spring Cleaning continues. We are continuing to see new distribution updates for old security problems come out this week. Being optimistic, we hope this means that all of the security teams are doing a comprehensive spring cleaning, checking to make sure they've closed all the known security holes. We're confident there are more out there that need to be plugged. In fact, if you check the update section below, several vulnerabilities clearly have only been addressed by a small number of the distributions.

Turbolinux, Linux-Mandrake and Engarde Security Linux are among the distributions plugging old holes this week.

Security Reports

gnupg format string vulnerability. A potential format string vulnerability has been reported in gnupg. A proof-of-concept exploit was published with the report. gnupg 1.0.5 and earlier are vulnerable; gnupg 1.0.6 contains a fix for this problem and an upgrade is recommended. Here is the changelog for gnupg 1.0.6. BugTraq ID 2797.

Webmin environment variable inheritance vulnerability. Webmin, a Unix web-based systems administration tool, has been reported in versions 0.84 and earlier not to properly clear all environment variables before it runs. As a result, the environment variable HTTP_AUTHORIZATION can be used to gain access to the Webmin login and password.

Although Webmin 0.8.5 resolves this problem, it uses cookies in a manner that may also be exploitable to attach to a running Webmin session. No fix for this latter problem has yet been reported. Disabling Webmin until a fix is available is the only currently reported option. Check the BugTraq discussion for more details or BugTraq ID 2795.

  • Caldera, disabling Webmin recommended, no updated packages available yet.

TWIG Webmail SQL query modification vulnerability. TWIG is a PHP-based groupware tool released under the GNU GPL. Under TWIG 2.6.1 and earlier, it has been reported that an unauthorized user may be able to modify SQL queries by including form variables in SQL query strings. As a result, they may be able to perform unauthorized operations. The most recent version of TWIG is 2.6.2. We do not currently have any confirmed information on whether or not this problem was resolved in TWIG 2.6.2. A review of the Changelog was inconclusive, nor was it confirmed that the TWIG developers had been notified of the problem.

Distributed Queueing System (DQS) buffer overflow. The Distributed Queuing System (DQS) is an experimental Unix-based queueing system from the Supercomputer Computations Research Institute. It is "freely distributed Copyrighted software". A buffer overflow has been reported in DQS in the 'dsh' utility. This utility is installed setuid in some packages, making it possible for the vulnerability to be exploited to gain local root access. 'dsh' is not an essential feature of DQS, so it can be removed, or the setuid bit can be removed, to quickly resolve the problem.

DQS is apparently shipped with Debian and SuSE; Debian is not vulnerable, SuSE 6.3, 6.4 and 7.0 have been reported to be vulnerable. SuSE is aware of the problem and will be provided updated packages soon. Meanwhile, they recommend that either the package be removed or the setuid bit modified.

Drake Diedrich also noted that DQS is no longer supported by SCRI, but they have refused to relax distribution restrictions on the software, making it difficult for an active developer community to be founded.

Guardian Digital WebTool inherited environment variable vulnerability. Guardian Digital WebTool is a package provided with Engarde Secure Linux. It is apparently a tool that can be used to manage services; certainly one of the functions it has is to restart a service. Unfortunately, with WebTool 1.0.71 and earlier, certain environment variables are inherited by the restarted process when they should not be. As a result, WebTool can be exploited locally potentially to gain root access. An upgrade to WebTool 1.0.72 will resolve the problem. This issue should be specific to Engarde Secure Linux.

Turbolinux-specific pmake vulnerability. Turbolinux issued an advisory this week to fix a security problem specific to that distribution. Pmake was shipped setuid root, making it exploitable to a local root attack. Updated packages are provided.

NetBSD IPv4 denial-of-service vulnerability. NetBSD has issued an advisory warning that bogus IPv4 fragmented packets can be used to prevent a NetBSD node from communicating with other nodes. Exploits have been published but are not always successful. NetBSD 1.5.x systems can be upgraded to resolve the problem. There is no fix for NetBSD 1.4.x as of yet. BugTraq ID 2799.

NetBSD Hitachi Super-H port input verification vulnerability. NetBSD issued an advisory this week warning that a vulnerability was found in their Hitachi Super-H port where failure to validate input to a system call resulted in access to the Status Register by unauthorized users. Only the sh3 port (Hitachi Super-H) is affected. An upgrade to NetBSD-current will resolve the problem. BugTraq ID 2810.

web scripts. The following web scripts were reported to contain vulnerabilities:

  • MIMAnet Source Viewer, a freely available CGI script for viewing source code files, has been reported vulnerable to a directory traversal attack. The vendor has been notified and has confirmed the vulnerability. A workaround is provided; a fix is pending.

Proprietary products. The following proprietary products were reported to contain vulnerabilities:

  • Nine vulnerabilities were reported this week in the Beck GmbH IPC@CHIP single chip embedded webserver. Check the Security Focus Vulnerability Database for details.

  • Computer Associates InoculateIT, an anti-virus package, has been reported to be vulnerable to a symbolic link file overwriting attack, e.g., a symbolic link is created in /tmp during installation which could be exploited by an attacker to overwrite an arbitrary file on the system. No vendor response has been reported so far.

  • Cisco has reported a vulnerability in Cisco IOS Software whereby security scanning software can trigger a memory leak. Fixes for the problem have been made available. BugTraq ID 2804.

Updates

vixie-cron crontab permissions lowering failure. Check the May 10th LWN Security Summary for the original report. Vixie Cron 3.0pl1 fixes this latest problem.

This week's updates:

Previous updates:

mandb symlink vulnerability. In the week of May 10th, Debian reported a symlink vulnerability in mandb, a tool distributed with the man-db package. The vulnerability was found by Ethan Benson. Other distributions that install man setgid are also impacted.

This week's updates:

Previous updates:

KDEsu tmplink vulnerability. Check the May 3rd LWN Security summary for details. Fixes for the problem are included in kdelibs-2.1.2. The KDE Project recommends an upgrade both to kdelibs-2.1.2 and to KDE 2.1.1.

This week's updates:

Previous updates:

Multiple security fixes in OpenSSL-0.9.6a. OpenSSL-0.9.6a was announced the week of April 26th and contains fixes for four security issues. An upgrade to the latest version is recommended.

This week's updates:

Previous updates:

Samba local disk corruption vulnerability. Check the April 19th LWN Security Summary for the original report. This problem has been fixed in Samba 2.0.9 and an upgrade is recommended. Note that all versions of Samba from (and including) 1.9.17alpha4 are vulnerable (except 2.0.9, of course). BugTraq ID 2617.

Note that 2.0.8 was originally believed to fix this problem, but did not. As a result, some of the original distribution updates had to be re-released with 2.0.9. Samba 2.2.0 users are not affected by this problem.

This week's updates:

Previous updates:

IP Filter fragment caching vulnerability. Check the April 12th LWN Security Summary for the initial report. IP Filter 3.4.17 has been released with a fix for the problem. BugTraq ID 2545.

This week's updates:

Previous updates:

VIM statusline Text-Embedded Command Execution Vulnerability. A security problem was reported in VIM the week of March 29th wherein VIM codes could be maliciously embedded in files and then executed in vim-enhanced or vim-X11. Check BugTraq ID 2510 for more details.

This week's updates:

Previous updates:

Multiple vulnerabilities in bind 8.2.2 and bind 4. Check the February 1st LWN Security Summary for the initial reports. Bind 8.2.3 contains fixes for the problems with 8.2.2. Bind 4 fixes are also available, but an upgrade to bind 8 or even bind 9 is generally considered a preferable approach.

Note that the latest version of bind is now 8.2.4. It does not include any new security updates, but is recommended by some distributions in preference to 8.2.3.

This week's updates:

  • Trustix, packages updated to 8.2.4

Previous updates:

pico symbolic link vulnerability. Check the December 14th, 2000 LWN Security Summary for the initial report of this problem. Note that this has also been reported as a pine vulnerability, but the vulnerable component is still pico, not pine. Check BugTraq ID 2097 for more details.

This week's update:

Previous updates:

ncurses buffer overflow. Check the October 12th, 2000 LWN Security Summary for the initial report of this problem.

This week's updates:

Previous updates:

Resources

WireX releases FormatGuard. WireX has officially released FormatGuard. Its purpose is to protect programs against format string attacks. It's an extension to the C library, and is released under the LGPL.

vsftpd 0.9.1 released. vsftpd 0.9.1 is now available. Several nasty bugs and one race condition have been fixed.

Delivering Signals for Fun and Profit. Michal Zalewski has published a paper entitled "Delivering Signals for Fun and Profit" in which he discusses understanding, exploiting and preventing signal-handling related vulnerabilities. "According to a popular belief, writing signal handlers has little or nothing to do with secure programming, as long as handler code itself looks good. At the same time, there have been discussions on functions that shall be invoked from handlers, and functions that shall never, ever be used there. Most Unix systems provide a standarized set of signal-safe library calls. Few systems have extensive documentation of signal-safe calls - that includes OpenBSD, Solaris, etc".

TCTUTILs and the Autopsy Forensic Browser versions 1.0.1. Brian Carrier has released version 1.0.1 of TCLUTILS and the Autopsy Forensic Browser. "TCTUTILs is a set of tools that are built on the framework of The Coroners Toolkit (TCT). ... Autopsy is an HTML-based graphical interface to TCT, TCTUTILs, and basic UNIX utilities".

Events

Call-For-Papers: SANE 2002. Just in time to make you feel like the year has flown by, the Call-For-Papers for the 3rd International SANE Conference (SANE 2002) has been published. SANE 2002 will be held May 27th through the 31st, 2002, in Maastricht, The Netherlands.

Upcoming Security Events.
Date Event Location
May 31 - June 1, 2001The first European Electronic Signatures SummitLondon, England, UK
June 1 - 3, 2001Summercon 2001Amsterdam, Netherlands
June 4 - 8, 2001TISC 2001Los Angeles, CA, USA
June 5 - 6, 20012nd Annual IEEE Systems, Man, and Cybernetics Information Assurance WorkshopUnited States Military Academy, Westpoint, New York, USA
June 11 - 13, 20017th Annual Information Security Conference: Securing the Infocosm: Security, Privacy and RiskOrlando, FL, USA.
June 17 - 22, 200113th Annual Computer Security Incident Handling Conference (FIRST 2001)Toulouse, France
June 18 - 20, 2001NetSec Network Security Conference(NetSec '01)New Orleans, Louisiana, USA.
June 19 - 20, 2001The Biometrics SymposiumChicago, Illinois, USA.
June 19 - 21, 2001PKI Forum Members Meeting(Kempinski Hotel Airport Munchen)Munich, Germany
July 11 - 12, 2001Black Hat Briefings USA '01Las Vegas, Nevada, USA.

For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net.

Section Editor: Liz Coolbaugh


May 31, 2001

LWN Resources
Security alerts archive

Secured Distributions:
Astaro Security
Castle
Engarde Secure Linux
Immunix
Kaladix Linux
NSA Security Enhanced
Openwall GNU/Linux
Trustix

Security Projects
Bastille
Linux Security Audit Project
Linux Security Module
OpenSSH

Security List Archives
Bugtraq Archive
Firewall Wizards Archive
ISN Archive

Distribution-specific links
Caldera Advisories
Conectiva Updates
Debian Alerts
Kondara Advisories
Esware Alerts
LinuxPPC Security Updates
Mandrake Updates
Red Hat Errata
SuSE Announcements
Turbolinux
Yellow Dog Errata

BSD-specific links
BSDi
FreeBSD
NetBSD
OpenBSD

Security mailing lists
Caldera
Cobalt
Conectiva
Debian
Esware
FreeBSD
Kondara
LASER5
Linux From Scratch
Linux-Mandrake
NetBSD
OpenBSD
Red Hat
Slackware
Stampede
SuSE
Trustix
turboLinux
Yellow Dog

Security Software Archives
munitions
ZedZ.net (formerly replay.com)

Miscellaneous Resources
CERT
CIAC
Comp Sec News Daily
Crypto-GRAM
LinuxLock.org
LinuxSecurity.com
Security Focus
SecurityPortal
   

Sections:
 Main page
 Security
 Kernel
 Distributions
 On the Desktop
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

See also: last week's Kernel page.

Kernel development


The current kernel release is 2.4.5, which was released by Linus on May 25, just before he boarded a plane headed for Japan. The details of what's in this release can be found in the changelog; it consists almost entirely of bug fixes and cleanups.

Alan Cox's current release is 2.4.5ac4. This patch is, as usual, rather larger than the Linus patch. Happily, while merging with 2.4.5, Alan separated out the list of patches which are unique to the "ac" series. There are still hundreds of them - the merging process has a while to go. Interesting stuff in there includes an important fix for a problem that causes crashes for 2.4.5 ReiserFS users, a number of fixes to bugs recently found by the Stanford checker (see below), user-mode Linux, the CMS filesystem, a version of the JFFS filesystem with compression, threaded core dumps and a tremendous number of bug fixes.

Andrea Arcangeli, meanwhile, has released 2.4.5aa1, which contains a long and different set of fixes, many of which are performance related.

The return of the Stanford checker. We first covered Dawson Engler's global analysis tools in the March 22 LWN kernel page; thereafter, that group got quiet for a while. Now that final exams are presumably over, the checker group has resurfaced with a whole new set of bug reports. They include:

Once again, the response from the kernel hackers has been immediate and positive. This kind of tool can help greatly with the code auditing problem in general, and will certainly lead to higher-quality code.

Unfortunately, the checker still is not generally available, though Mr. Engler has told us in the past that he intends to release it when development is complete. In the mean time, the group has announced a web site which provides access to the bug database. Have a look for a view into the sorts of problems that can be found with sufficiently sophisticated tools.

Stabilizing memory performance in 2.4. One of the remaining problem areas in the 2.4 kernel is its virtual memory subsystem. Not only are there simple performance problems, but there are also still situations that can cause the kernel to deadlock. Not quite what one wants to see in a stable series. The kernel hackers are working on dealing with these problems, however; with luck, VM difficulties will not be with us for much longer.

One problem that users of recent 2.4 kernels are likely to have noticed is heavy use of swap space. It is not unusual for a kernel to be running heavily in swap even when there is not that much going on with the system. This problem seems to have only gotten worse with recent kernels. It is, of course, the same old bug where the kernel fails to recover swap space for pages which have been brought back into memory (covered in the May 3 kernel page). This problem will get fixed, but not quite yet. Alan Cox phrased it well:

That is a giant size special edition stupid design flaw that is on the VM hackers list. But there are only a finite number of patches you can do in a day, and things like sucking completely came first I believe.

Alan didn't spell out what "sucking completely" meant, but most would probably agree that system deadlocks could be fairly described with that term. Rik van Riel this week managed to stir things up a bit with this patch which attempted to fix a couple of deadlock problems.

One deadlock problem happens on high-memory systems. "High memory," in this context, means memory beyond that which can be directly mapped into the kernel's address space, and often beyond that which can be addressed with 32-bit pointers. High memory is useful for many things, but it brings with it some special problems; one such problem is the fact that it can not, usually, be used for I/O operations. Since most peripheral devices can only address 32 bits of memory, the high memory zone tends to be beyond their reach.

That means, in turn, that any data that moves between a high memory page and, say, a disk drive must be copied by way of a "bounce buffer" in low memory. On systems with a lot of high memory and a lot of I/O, a large number of bounce buffers will be required. If the bounce buffers succeed in taking up enough low memory, buffer allocations will hang, and the system will no longer be able to allocate the memory needed to free other memory. At that point, the system locks up.

Similar problems can happen with buffer allocations even in the absence of high memory, though they are more rare.

Rik's patch attempts to fix these deadlocks by simply allowing certain memory allocation operations to fail. It is, in the end, better to fail an operation than lock up the system. Ben LaHaise, instead, has posted a patch which addresses the problem through a memory reservation mechanism. In this scheme, a set of pages is set aside just for critical tasks like bounce buffer allocation. By prioritizing these allocations, deadlocks can hopefully be prevented.

Linus, however, doesn't like any of these approaches; he thinks they are attacking symptoms. Rather than try to deal with very low-memory situations, he says it is better to try to figure out how those situations come about in the first place. A fix can then deal with the original problem.

That fix may be a little while in coming, still. Until then, 2.4 virtual memory will not be all that Linux users would like it to be.

The Advanced Linux Sound Architecture project has moved, to SourceForge, of course. Subscribers to the old ALSA lists will need to go to the ALSA mailing lists page and sign up again. ALSA is getting increasingly interesting as it heads toward a stable release and, presumably, a bid for inclusion in the 2.5 kernel.

Other patches and updates released this week include:

Section Editor: Jonathan Corbet


May 31, 2001

For other kernel news, see:

Other resources:

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 On the Desktop
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

See also: last week's Distributions page.

Lists of Distributions
distrowatch
ibiblio
Kernelnotes
Linux.com
LinuxLinks
Woven Goods

Embedded Distributions:
3ilinux
Bifrost
Blue Cat Linux
BluePoint Embedded
Compact Linux
Coollinux
DSPLinux
ELinOS
ELKS
Embedded Debian
Embedix
Etlinux
FlightLinux
Hard Hat Linux
Jailbait
Linux/Coldfire
LEM
Midori
NeoLinux
OnCore Systems
PeeWeeLinux
RedBlue Linux
RedIce-Linux
Royal Linux
RTLinux
Tynux
uClinux
White Dwarf Linux

Handhelds/PDAs
Agenda-VR
Familiar (iPAQ)
Intimate (iPAQ)
Linux DA
PocketLinux
PsiLinux

Secured Distributions:
Astaro Security
Castle
Engarde Secure Linux
Immunix
Kaladix Linux
NSA Security Enhanced
Openwall GNU/Linux
Trustix

Special Purpose/Mini
2-Disk Xwindow System
Mindi Linux
SmoothWall

Floppy-based
Brutalware
BYLD
Coyote Linux
DLX
Fd Linux
Fli4l (Floppy ISDN/DSL)
floppyfw
Floppix
FREESCO
Linux in a Pillbox (LIAP)
Linux Router Project
LOAF
muLinux
Nuclinux
Proxyfloppy
ShareTheNet
Small Linux
Tomsrtbt
Viralinux_II

CD-based
BasicLinux
BBLCD Toolkit
CDLinux
Crash Recovery Kit
DemoLinux
Devil-Linux
Finnix
Gibraltar
innominate Bootable Business Card
Linuxcare Bootable Business Card
LNX-BBC
MkCDrec
RunOnCD
Sentry Firewall
SuperRescue
Timo's Rescue CD
Ututo
Virtual Linux

Zip disk-based
NBROK
ZipSlack

Small Disk
hal91
MicroLinux
--> Peanut Linux
PKLinux
Relax Linux
TA-Linux
Tomukas
ttylinux
VectorLinux

Wireless
Bambi Linux
Flying Linux

Hardware-specific
(ARM)
ARM Linux
(Beowulf)
Scyld Beowulf
(IBM)
Think Blue Linux
(Oracle's NIC)
NIC Linux
(PA-RISC)
PA-RISC Linux
(Playstation)
Runix
(PowerPC)
Black Lab Linux
LinuxPPC
MkLinux
Yellow Dog
(Sparc)
Splack
UltraLinux
(Older Intel)
ClarkConnect
Monkey Linux
TINY

DOS/Windows install
Armed Linux
DragonLinux
Phat Linux

Diskless Terminal
GNU/Linux TerminalServer for Schools
K12LTSP
LTSP
Pygmy
Xdenu

Distributions


Please note that security updates from the various distributions are covered in the security section.

News and Editorials

Distributions quick to announce Itanium support. Intel announced this week that products using its new Itanium processor would become available in June. Check our Commerce page for details on some of those products and a bit of the history behind Linux and the Itanium.

Their announcement was quickly followed by announcements from three of the major Linux distributions promising support for the Itanium process now, soon or sometime. Red Hat and SuSE were the first two announcements seen, both released on Tuesday, May 29th.

Red Hat trumpeted the "in the coming weeks" availability of Red Hat Linux 7.1 for the Itanium processor while SuSE promised the availability of SuSE Linux 7.2 for the Itanium chip as of June 20th. Not far behind, Turbolinux announced the next day that Turbolinux OS 7 would support the Itanium platform. No release date for Turbolinux OS 7 was mentioned.

Other distributions are sure to follow soon. Many person-years of work has gone into adding and testing Linux support for the Itanium architecture. We are now starting to see the payoff for that work.

Yellow Dog Linux 2.0 ships. Terra Soft Solutions has announced that it is now shipping the 2.0 version of Yellow Dog Linux. Check our May 10th Distributions Summary for more details on this new release.

Additional information can also be found in this MacDisccusion interview with Dan Burcaw, Co-Founder and CIO of Yellow Dog Linux. "We've tested on every currently available Apple machine. All work pretty well. The only outstanding issues are machines shipping with radeon and nvidia video cards. Those folks are stuck in offb for now, although we're in touch with NVidia and hope to get some drivers as soon as we can."

Linux Distribution Round-Up (Duke of URL). The DukeofURL has posted a round-up of Linux distributions broken out into beginner, intermediate, and advanced groups. The information is based on distributions that have been reviewed previously, which leaves out many possibilities. Nonetheless, the information provided is useful, partially just because it is backed up by the more in-depth distribution reviews.

The round-up starts with a nice introduction to the differences between the Linux 2.2 and 2.4 kernel series, XFree86 3.X vs 4.X, Gnome versus KDE and multiple glibc versions. From there, it bravely separates the distributions into its groupings:

  • Beginner: Linux-Mandrake, Phat Linux, WinLinux, Corel Linux (almost defunct) and Best Linux.

  • Intermediate: Red Hat, SuSE, Gentus (defunct), Kondara GNU/Linux, Conectiva, TurboLinux and Caldera OpenLinux.

  • Advanced: Slackware, Debian GNU/Linux and Trustix.

New Distributions

Lanthan Linux. Fred Mobach sent us a pointer to another distribution that was missing from our list, Lanthan Linux, out of Germany. Lanthan Linux is specifically aimed at people currently using Microsoft Windows on their PCs. A knowledge of MS Windows is expected and the distribution is tailored to help new Linux users from that environment move to using Linux on a stand-alone machine or within a small network. Note that the website is currently only available in German, but there seems to be a plan to provide an English version of the site as well.

Distribution News

Debian Weekly News. This week's edition of the Debian Weekly News includes discussions on packaging themes, the release of autoconf 2.50, how to detect port scanners and FTP file globbing security issues.

Meanwhile, there is still time to catch members of the Debian Project at the last two days of Linux World Expo Tokyo 2001 in Tokyo, Japan.

Caldera OpenLinux replaces Red Hat and Windows NT at Korean ISP. Here's another sign that the competition between the distributions may be heating up: Caldera International has put out a press release claiming that a large Korean ISP (i Mobile Computing) will be deploying almost 1000 OpenLinux servers, replacing a number of Red Hat and Windows systems in the process.

Linux-Mandrake Community Newsletter. This week, the inaugural issue of the Linux-Mandrake Community Newsletter was released. This first issue is only available in English; later issues will also be made available in Spanish, German and French.

Interesting news in this edition includes the Grand Opening of the MandrakeStore and development progress towards a PowerPC version of Linux-Mandrake.

Slackware News. The first betas for the next release of Slackware were released in the past two weeks, the Intel beta #1 on Saturday, May 19th, the Sparc beta #1 on Tuesday, May 22nd, and the Alpha beta #1 on Friday, May 25th. Note, however, the attached warning that the distribution is not yet fully frozen, meaning some substantial changes could go in between now and the final release.

Large numbers of package updates went in this past week. The most notable of which were probably glibc-2.2.3 (Mozilla was rebuilt on it without errors, so it was declared 'good to go') and the 2.4.5 kernel. Note also that Alexander Viro's patch for reiserfs was added into 2.4.5, so the Slackware 2.4.X kernel is no longer unpatched. Of course, that could change with the release of 2.4.6, presuming it incorporates the required reiserfs fixes.

On the Alpha front, an important XF86 patch to (hopefully) clear up some problems that caused crashes on some machines has gone into the Alpha development tree.

On the Sparc front, reiserfs support was added this week and a README on how to create bootable SPARC CD images is now available (booting from floppies is not supported on the Sparc platform).

SuSE 7.2 coming in June. SuSE preannounced the availability of the next version of their distribution for the IA32 platform, which will be out June 15th. The latest release will include KDE 2.1.2 and focuses specifically on improved security and multimedia support.

ASPLinux 7.1 released. The folks at ASPLinux have announced their latest version, ASPLinux 7.1. The new version is 100% compatible with Red Hat Linux 7.1 and comes with a preconfigued Web Hosting solution based on HSPcomplete (proprietary). ASPLinux 7.1 will be available via retailers and authorized resellers the first week of June.

JBLinux 2.0. JBLinux 2.0 has just been released. Like many recent distribution releases, JBLinux 2.0 includes a new installation process. In this case, they've expanded file system support to include SGI XFS filesystems in addition to ext2 and reiserfs. "The software has been upgraded to the 2.4.4 kernel, glibc 2.2.3, gcc 2.95.3, XFree86 4.0.3, and others. KDE 2.1.1 has been added, and GNOME has been updated to Ximian GNOME 1.4. This release uses Mozilla 0.9, and galeon 0.10.6 and lots of other goodies".

For more information on JBLinux, check our initial coverage of the distribution, from October 19th, 2000.

Redmond Linux build 34. Joseph Cheek sent out a note this week announcing Redmond Linux build 34, a new development snapshot foreshadowing the next Redmond Linux release. Build 34 finally has a functional version of their new update tool. An updated kernel, KDE 2.X and webcam support have been added, among other new features and bug fixes.

Coyote v1.29 Repackaged. A bug was shipped with Coyote Linux version 1.29 which prevented it from booting on most systems. This was traced to the environmental support for a serial port console. Coyote 1.29 has been repackaged without that support. If you downloaded Coyote 1.29 prior to May 28th, 2001 and you are having problems booting, it is recommended that you download the repackaged version to use instead.

cLIeNUX pasties. cLIeNUX author Rick Hohensee sent out a note introducing cLIeNUX pasties, "commands that are halfway between shell command aliases and a menu-driven mouse interface in a text terminal with a mouse".

cLIeNUX is best known for having specifically chosen to break compatibility with the Linux Standards Base and the Filesystem Hierarchy Standard. Check the March 2nd, 2000 edition of LWN for more information on cLIeNUX.

To find cLIeNUX, check both the http://www.clienux.com site and ftp://linux01.gwdg.de/pub/cLIeNUX/interim, where apparently some of the development pieces of cLIeNUX currently reside.

Minor Distribution updates

  • Astaro Security Linux 1.818, a new version of their stable development tree, was released this week.

  • Midori Linux 1.0.0-beta2 has been released and includes XFree86 4.0.3, Linux 2.4.3, pcmcia 3.1.25, icewm 1.0.8 and swm 1.2.4. Bison, flex, findutils and gdbm have also been added.

Distribution Reviews

Review: Progeny Linux (DukeOfUrl). The Duke of URL reviews the Debian-based Progeny Linux distribution. "For the busy user, more administration tools would be nice. While I prefer the more manual approach, many users are too busy to want to mess with text files. This is essential if Progeny is to make it to the corporate desktop. There are many tools available, such as LinuxConf, which could easily be incorporated, that would make it easy for the point and click generation."

Review: e-smith server and gateway (NewsForge). NewsForge reviews the e-smith server and gateway distribution. "The e-smith software adds a useful Web interface for managing and configuring the server. While it does not address every possibility, it does seem to cover most of the basic functions. With these Web pages, someone with no experience as a system administrator could conceivably set up and manage this server."

On a related note, e-smith also released updated documentation this past week, including a new version of their user manual, new HOWTO documents and template, a new mailing list for discussion of e-smith documentation and a new document describing the e-smith Documentation Process.

An index of RPMs for freely distributable add-on modules contributed by e-smith developers has also been made available.

Section Editor: Liz Coolbaugh


May 31, 2001

Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.


Leading
Caldera OpenLinux
Debian GNU/Linux
Linux-Mandrake
Red Hat
Slackware
SuSE
TurboLinux

Also well-known
ASPLinux
Best Linux
Conectiva Linux
e-smith
Kondara MNU/Linux
Progeny
Rock Linux

Non-technical desktop
easyLinux
Icepack Linux
Independence
LibraNet
Redmond Linux
WinSlack

Education
Boston University
kmLinux
LinuxFromScratch
OpenClassroom
Red Escolar

General Purpose
Alzza Linux
aXon Linux
Bad Penguin Linux
BearOps
Black Cat Linux
BluePoint Linux
BYO Linux
CAEN Linux
Cafe Linux
ChainSaw Linux
Circle MUDLinux
cLIeNUX
Complete Linux
Console Linux
Corel Linux
CRUX
Darkstar Linux
DLite
easyLinux
Elfstone Linux
ESware Linux
Eurielec Linux
eXecutive Linux
Fried Chicken
FTOSX
FullPliant
Gentoo
Go!Linux
HA Linux
Halloween Linux
HispaFuentes
IceLinux
Ivrix
ix86 Linux
J-LINUX
JBLinux
Jurix
KRUD
KSI-Linux
Lanthan Linux
Laonux
LASER5
Leetnux
Linpus Linux
Linux Cyrillic Edition
Linux MLD
LinuxOne OS
LinuxPPP
Linux Pro Plus
Linux-SIS
LNX System
LoopLinux
LSD
Lute Linux
MageNet
Mastodon
MaxOS
minilinux
MSC.Linux
nmrcOS
NoMad Linux
Omoikane GNU/Linux
PingOO Linux
Plamo Linux
PLD
Project Ballantain
PROSA
Rabid Squirrel
Repairlix
Root Linux
Scrudgeware
Serial Terminal
Sorcerer
spyLinux
Stampede
Stataboware
TechLinux
TimeSys Linux/RT
Tom Linux
Trinux
Turkuaz
Ute-Linux
VA-enhanced Red Hat
Vine Linux
Virtual Linux
WholeLinux
WinLinux 2000
XTeamLinux
ZipSpeak

Country-specific
Argentina
GNU/Linux Ututo
Britain
Definite Linux
Eridani
China
COSIX
Red Flag
France
Linux/MNIS
Italy
LinuxEspresso
Madeinlinux
Vedova
Spain
Linux Esware
Thailand
Kaiwal Linux
Thai Linux Extension

Related Projects
Chinese Linux Extension

Historical (Non-active)
Dualix
Gentus
Giotto
MCC Interim Linux
OS2000
Storm Linux
Yggdrasil

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 On the Desktop
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

See also: last week's On the Desktop page.


Note: An asterisk (*) denotes a proprietary product, (w) denotes WINE based tools.

Office Suites
Ability (*)(w)
Anywhere Desktop (*)
(formerly "Applixware")
GNOME Office
HancomOffice
KOffice
StarOffice / OpenOffice
Siag Office
WordPerfect Office 2000 (*)(w)

Java / Web Office Suites
ThinkFree Office (*)
Teamware Office (*)
Cybozu Office (*)

Desktop Publishing
AbiWord
iceSculptor (*)
Impress
Maxwell Word Processor
Mediascape Artstream (*)
Scribus

Web Browsers
Mozilla
Netscape (*)
Opera (*)
Konqueror
Galeon

Handheld Tools
KPilot
JPilot
Palm Pilot Resources
Pilot Link
SynCal

On The Desktop


Linux Printing with CUPS. Printing on Unix systems has always been a bit of a black art. The history of Unix printing carries with it various implementations of print spoolers, i.e. systems which queue files submitted for printing so the printer software can handle them in some managed order. Users run command line tools like lpr (BSD) or lp (System V) to spool a request that will be processed later by the printer daemon (lpd for Linux and BSD-style systems, lpsched for System V-based Unix systems). This whole system works well for the command line world but is not very desktop friendly and leaves a lot to be desired when it comes to adding drivers for the latest inkjet printers.

Currently, the majority of Linux distributions rely on lpr-based solutions for printing. An updated version of lpr, called LPRng, has replaced the older, less secure versions. But while security and some network connectivity has improved users are still working with command line interfaces to their printing system.

Despite the gloomy appearance this might present, help is on the way. A new printing system, called CUPS, is fast being adopted by Linux vendors, desktop environment projects, and application developers. CUPS is a GPL-licensed implementation of the Internet Printing Protocol (IPP), an IETF sponsored standard for cross platform printing systems. In essence, it is a replacement for the very limited print spoolers that have been common to Unix systems for years. The latest version of CUPS, version 1.1.8, was released on May 23rd, 2001.

CUPS supports PPD (Postscript Printer Description) files, making it easier to identify printer features for both local and remote printers. These PPD files normally accompany the Windows drivers that come with printer hardware but can also be found on Adobe's web site. User authentication is provided so that printer use can be limited to known users and print jobs can be encrypted (using TLS or SSL3). Finally, IPP-based systems permit the sender to use printers for which formatting and document handling issues may not be known. According to the CUPS web site, all major Linux distributions, including Caldera, Debian, Linux-Mandrake, Red Hat, SuSE and Turbolinux, ship with the CUPS software.

But while CUPS itself provides more support for printer hardware, it still relies on System V (lp) and BSD-style (lpr) command line interfaces for user access. Fortunately, it also provides programmed interfaces which GNOME, KDE and general applications can use. There are a number of graphical tools available for configuring and using it.

  • XPP - The X Printer Panel uses the FLTK library so could run easily under either GNOME or KDE, but since FLTK is not generally distributed by Linux vendors and is not part of either GNOME or KDE, users will likely have to install the library and application manually.

  • QtCUPS - QtCUPS is a Qt based front end to the CUPS software and is suitable for managing both printer configurations and print job specifics under the KDE environment. QtCUPS is conceptually a Qt version of XPP.

  • KUPS is the KDE graphical CUPS management tool which allows adding, removing, and configuring printers and classes using powerful, complete and user-friendly dialogs. It also includes a graphical CUPS server configuration tool. Users can find some useful information at http://cups.sourceforge.net/kups/, but The Web site is a bit outdated. Latest KUPS version, 1.1, is only available in the Linux-Mandrake distribution.

  • Print Pro Plus is a commercial product from Easy Software Products.

CUPS has been developed by Easy Software Products, a company founded by Mike Sweet, the man who wrote the original print plug-in for the GIMP. That project, too, has seen a major overhaul and become a printing subsystem of its own. The quality of the prints produced by this system can be outstanding, at least for the Epson drivers that have been tested by LWN.net, even without CUPS interaction. While the previously mentioned tools provide configuration options for adding printers to the system, the Gimp-Print tool offers job specific handling on a very sophisticated scale. It can also handle feeding print jobs directly to a wide range of printers, bypassing printer drivers that may be outdated on your system.

One of the problems with handling printing under Linux is that there are two very distinct configurations that need to be handled: one for system wide printer descriptions and one for print job specifics at the user level. Who should handle developing tools for both? Is configuring a printer to make it available an OS thing, or is it a desktop thing?

That, of course, depends on who you talk to. According to the XST project leader Chema Celorio, GNOME thinks all printer configuration is a desktop issue. Current plans call for GNOME print functionality to be configured using the Ximian Setup Tools (aka XST) while print job specifics (items like page orientation and paper size) will be application specific using the gnome-print-admin tool (aka Print Dialog). As Chema puts it,

The reason we are working on two different solutions (the XST tool and gnome-print-admin) is that the XST tool fixes system wide configuration and gnome-print-admin will take care of printing with GNOME applications, so we can interact with the user when he is about to print. The XST tool will fix printing with non-gnome applications like Netscape or Mozilla for example.

So users will add printers using XST and configure them for specific print jobs using the print dialog (in whatever form that eventually takes). The only problem is that this is currently just vaporware - the admin tool code is in the unstable branch and hasn't seen a public release yet and the XST package has yet to add the system wide printer configuration features.

At this point KDE appears to be handling things the same way, though their web site would make it appear the the 2.0 architecture doesn't do much in this area. Fortunately, this isn't true. In February, Michael Goffioul proposed a new printing architecture that will address the issue from many angles, including support for CUPS and the standard lpd subsystems. Much of the work Michael has done has been integrated into QtCUPS and KUPS for KDE. The 2.2 release of KDE should see more of this work in end user form.

The graphical interface is heavily based on my previous work QtCUPS/KUPS. It mainly consists of a powerful print dialog (like QtCUPS) which is now used by default by all KDE applications, and of a control module for print management (like KUPS). Everything is now included in KDE-2.2alpha, so if you have time, you might want to give it a try (you only need kdelibs and kdebase).

In the end, what this all boils down to is that printing is still a black art. Instead of one system - even if it were one for GNOME and one for KDE - you have what seems like dozens of distribution specific tools to configure variations on the originally BSD lpr system or the newer (and more complete) CUPS system. Finding the right tool still requires tracking it down and installing it manually and, worse, the higher level environments have not completely integrated printing into their office and desktop environments.

For the time being, at least, you'll need to keep your local Linux guru handy if you want to upgrade your printer configurations.

Printing Resources. The best place to start when exploring how to get printers to work with your particular system is the Printing Howto. This comprehensive document not only explains the details of how printing works on Linux systems from a users perspective, but what configuration tools are available for the various major Linux distributions.

LinuxPrinting.org contains an easy to use database of printers that shows whether the printer is supported or not, and if it is with what drivers. Most drivers are designed to work with Ghostscript, but some come directly from vendors such as HP.

Where not to go? Linux Printing Usage HowTo, which hasn't been updated in 3 years. While a moderately accurate technical document, it simply doesn't provide information relevant to the current GNOME, KDE, and CUPS-based environments.

Finally, IBM's OMNI project is another good resource. This project is working with GNOME (and others) to develop drivers for printers from many vendors, including Canon, Epson, Okidata, and Panasonic among others.

CD Distributions. A discussion has been on going on the KDE Promo mailing list regarding the selection of a Linux distribution to include with a distribution of the latest KDE. The original message says the question arose from a Dutch computer magazine. Since then, numerous responses have pointed out the issues related to associating KDE with any distribution. The consensus seems to be to either pick the distribution that is behind the curve on KDE releases (SuSE and Debian are noted here) or to pick the distribution that is most used (Red Hat, Mandrake or SuSE).

More corrections and clarifications. I've been informed that Opera does support anti-aliased fonts on Linux, when linked against a version of Qt which supports them. According to the mail I received, that would be Qt 2.3 or greater. Make sure you run the statically linked version of Opera for this. The dynamically linked version apparently runs against Qt 2.2.4, so you definitely want the statically linked version to try this. (Thanks to Camilla Karlsson)

An even clearer explanation comes from well known KDE developer Kurt Granroth: "You see, you are technically right when you say that it is the Xft library providing the anti-aliasing. However, for KDE's point of view, it's not Xft but Qt that is doing it. That is, since Qt has support for anti-aliasing (using Xft), KDE has it. " Essentially, since Qt is supplying anti-aliasing support for KDE, it can provide it for any application. And that explains why you can also get anti-aliasing in Opera.

Desktop Environments

Ximian Setup Tools 0.5.1. A new version of the apparent successor to Linuxconf, the Ximian Setup Tools (also known as XST), has been released. This version adds support for Debian Woody, Red Hat Linux 7.1 and SuSE 7.0, along with an uncountable set of bug fixes.

GNOME Summary. The latest GNOME Summary is out. Check it out for the latest from the GNOME Project, including an interesting list from Havoc Pennington on possible future GNOME developments.

Kernel Cousin KDE #11. This week's Kernel Cousin KDE covers discussion on a KDE Games network, the future of Noatun, and Visio support issues in Kivio.

GDM 2.2.2 released. An update to gdm, the graphical front end to GNOME has been released. This is a fairly major update which includes better support for Xinerama, better language support and a clock in the login window.

Gesture Recognition for KDE (KDE Dot News). A project is underway to provide gesture recognition for KDE. The screen shots show that the gestures are to be mapped to commands, so a clockwise box drawn with the mouse over a window could be used, for example, to kill the application.

Desktop Applications

GnuCash 1.5.97 is released.. GNOME's money management tool, GnuCash, has been updated this past week. This release is considered an unstable developer's release, so use with caution.

Three AbiWord Weekly News editions released. Issues number 43, 44, and 45 of the AbiWord Weekly News have been released.

The abisource web site changed IP's at the time this announcement went out which caused some problems with visitors access to the documents. The changes should have propagated by now, however. If you still can't reach it, try the new IP address directly (65.161.114.201): 43, 44, and 45

Gnomermind 1.0 stable released. Gnomermind, a Mastermind-styled game for GNOME environments, has reached a 1.0 stable release. The game is highly configurable, as the screenshot section of the web site shows.

KPovModeler. KPovModeler is a KDE-based interactive modeler for the POV-Ray raytracing engine. This is a very new project, so new the source is only available via CVS (a sort of nerd library, for those who have never used CVS). Screenshots look interesting for such an early release, though.

And in other news...

A GUI situation indeed (ZDNet). The Linux desktop isn't dead just yet, even if Eazel is according to Evan Leibovitch in his Linux Opinion column. "Nautilus was never deemed to be a critical component of any Linux GUI. For users of the GNOME desktop, Nautilus is but the prettiest among a number of available file managers, with aspirations of becoming the preferred default. Meanwhile, in the world of KDE, Eazel has always been a non-issue. KDE's Konqueror component combines file manager and Internet browser in a manner similar to Internet Explorer, and it is sufficiently attractive and functional that Nautilus was never coveted by the KDE crowd."

HP exec: Linux will be desktop champ (ZDNet). HP's Bruce Perens says that the Linux Desktop is further along at this point than other environments when they were 4 years old. "Dismissing Linux for the desktop is shortsighted, says Perens. "Consider the age of the Linux desktop. Development started from zero sometime in 1997. It's almost maturation time for that desktop, and four years is a lot less time than it has taken any other desktop project to get to the level that Gnome or KDE are at."

Desktop Usability?. A pointer to the Summary of Comments For GNOME User Testing (Winter 2001) popped up on the KDE Artists mailing list this past week. It's an interesting read, though it's not clear where, when or how the tests were done. What it does show is that users look for familiarity in the desktop. This means, like it or not, the interface has to look very similar to Windows or perhaps a Mac initially. Providing configurable changes to the UI is paramount, but you have to start with something the non-technical user understands, lest they run away in fear or worse, frustration.

Setting up a diskless kiosk using GNOME. Jamie Zawinski wrote an article explaining how to use GNOME in a diskless kiosk based on a project he did for a lounge he runs. "A friend talked me into spending a bit more money on the kiosks to get something more reliable: diskless desktop computers for the kiosks, plus external flatscreens. I've been experimenting with the ThinkNIC diskless computer (200MHz and 64M RAM for around $200) plus KDS Radius 15-inch LCD screens (1024x768 for around $580.) The benefits here are that: the machine itself can be serviced; and if the machine gets toasted, I don't have to buy a new screen too. The screens can be secured such that they are fairly indestructible, and they also have a warranty."

The Dot. We noted that the KDE news site, known affectionately as The Dot, has been difficult to reach this past week. Discussions on various mailing lists suggest that server may be overloaded or have other problems and options are being explored to remedy the situation.

A Common Linux U.I. for You and I (osOpinion). This article from osOpinion examines the aging discussion about GNOME and KDE trying to be too much like Windows. "Take a look at KDE and GNOME. While both have a pile of applications available, KDE applications won't work perfectly with GNOME, and vice versa. In effect, what we are heading towards is two "bundled" application suites."

Where Is the New Linux Experience? (osOpinion). The struggle for desktop acceptance for Linux may be taking the wrong path, according to this article from osOpinion. "Gnome and KDE both are taking the wrong path. They are trying to build too much into the desktop. In doing so, these UIs are getting slower, and are bringing bloatware to Linux for all the wrong reasons."

Section Editor: Michael J. Hammel


May 31, 2001


Note: An asterisk (*) denotes a proprietary product, (w) denotes WINE based tools.

Desktop Environments
GNOME
GNUstep
KDE
XFce

Window Managers (WM's)
Afterstep
Enlightenment
FVMW2
IceWM
Sawfish
WindowMaker

Minimalist Environments
Blackbox

Widget Sets
GTK+
Qt

Desktop Graphics
CorelDRAW (*)(w)
GIMP
Kontour
Photogenics (*)
Sketch

Windows on Linux
WINE
Win4Lin
VMWare

Kids S/W
Linux For Kids

Send link submissions to lwn@lwn.net

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 On the Desktop
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

See also: last week's Development page.

Development projects


News and Editorials

Linux based audio tools have been coming along nicely in recent times and this editor can't resist playing with yet another audio toy. A new version of the program WaveSurfer has just been released. WaveSurfer is a graphical audio toolkit that is written in Tcl/Tk and is based on the SNACK sound kit. In fact, Wave surfer's capabilities are a good introduction to the various SNACK sound kit capabilities.

[WaveSurfer] WaveSurfer can perform basic audio record, playback, and editing functions. WaveSurfer features a fairly wide variety of audio displays, in fact, the displays may be its most advanced feature. It is possible to view audio data as waves, spectrograms, spectrums, and pitches.

WaveSurfer supports a number of audio file types including wav, smp, snd, au, aiff, and csl formats. Large sound files are also supported; this makes it possible to work on files that are larger than memory, an important feature. WaveSurfer has the ability to output its displays as Postscript files, which emphasizes its capabilities as a research tool.

The installation of WaveSurfer couldn't have been easier, it involved downloading a binary image and setting the file to executable. The security paranoid should build from source, of course. The WaveSurfer source code is released under a BSD-style license.

With only a small investment in time perusing the online documentation, it was possible to load an audio file, edit out some undesirable sections, add some effects, and save the the results to a new file. Most of the functions are fairly intuitive to the user.

Despite having lots of fancy display features, the basic waveform display seems to be a bit lacking in features. Horizontal zooming is possible, but vertical zooming lacks GUI controls and is non-intuitive to use. The recording function is perhaps a bit too simple, there are no VU meters and finding a way to set the recording parameters, such as number of channels and sample rate, is not obvious.

The effects section includes fun things like reverb and file reversal, but lacks fade in/out functions, a very useful feature for editing both big music files and short sample files. The Linux audio world could really use a tool with a nice variable time logarithmic fade in/out function. There does not appear to be any way of creating and saving position markers, a feature that is critical for CD work.

With those shortcomings noted, an important part of any sound program is the "feel" of the GUI. WaveSurfer seems to be fairly easy to run and is heading in a good direction. The small WaveBar display provides an easy way to move around and zoom in and out of an audio file, and it nicely tracks the sound once the system wide Automatic scroll during playback mode is selected.

It would be great to see this program grow and mature into a more general purpose tool. The current focus appears to be mainly on audio display, with an emphasis on the study of speech. The addition of a few more general purpose audio editing features would make this tool useful to a much wider audience.

Oddly, to date, my favorite audio editing tool is still Broadcast 2000, a video editing program. Broadcast 2000 is well suited for production work on audio CDs and has a good list of useful features. Glame, which was featured in this column on May 3, 2001 is also looking like a contender for the spot as the best audio editing tool under Linux. Hopefully some nice, friendly competition will arise.

Databases

PostgreSQL version 7.1.2 released. Version 7.1.2 of PostgreSQL has been released. This is a bug fix release and systems can be upgraded from 7.1.X releases without the need for a database dump/restore operation.

PostgreSQL's Multi-Version Concurrency Control (O'Reilly). Joseph Mitchell has put together an article on concurrency control at the O'Reilly onLamp site. ' If you use PostgreSQL, you know that "no-locking" is already a reality. In PostgreSQL, readers never wait for writers, and writers never wait for readers. Before anyone objects to the claim that there is "no-locking" in PostgreSQL, let me explain PostgreSQL's advanced technique called Multi-Version Concurrency Control (MVCC).'

Documentation

LDP Weekly News for May 29, 2001. Several updated documents have been listed in the current issue of the Linux Documentation Project Weekly News. A new Mwave modem document has also been included.

Education

Linux in education report #45. The May 28 edition of the Linux in Education report has a discussion of Linux web filtering tools for children, pointers to Linux projects in Columbian and Russian schools, and pointers to a number of interesting applications in the educational realm.

Electronics

New Icarus Verilog. Work continues on the gEDA project's Icarus Verilog compiler. The May 20, 2001 snapshot is available from the gEDA site.

Embedded Systems

Here they come -- TVs with embedded Linux! (LinuxDevices). LinuxDevices looks at Princeton Graphic Systems TV running an embedded Linux kernel. "Powered by National Semiconductor's Geode CPU running an embedded Linux operating system, Ch.1 offers rendering of web pages at their native resolution of (SVGA) 800 x 600 through its full-featured browser via a 56k modem for dial up ISP service or Ethernet, T1, DSL or cable modem for broadband connections."

Embedded Linux Newsletter for May 24, 2001 (LinuxDevices). The weekly summary of the Embedded Linux world has been published by LinuxDevices.com. This past week saw stories on the Hi-Muse musical appliance, HA support for Hard Hat Linux, and an opinion piece on why Linux will trounce competitors in the embedded market space.

Cross platform python serial I/O with xio. An early beta version of xio, a cross platform serial I/O module for Python has been announced. Currently, the module implements port creation, opening, closing, configuration, reading, writing & status peeking. It has been tested under Linux-x86 and Win-9X. It contains a naive implementation of flow control (and pretty untested -- so beware!).

Graphics

The Animation Editor, A Code Sculpture in GTK+. Lion Kimbro discusses the process of writiting of an animation tool based on GTK+.

Network Management

GNet Oatmeal release available. The GNet network library is a C based network library package. Version 1.1.0, the Oatmeal release, is considered stable and is now available.

OpenNMS Update, Vol 2, Issue 22. This week's edition of the OpenNMS Update includes a discussion on advances to the Easy Installer, Snort integration, a Solaris port and lots more.

Printing Systems

CUPS 1.1.8 released. A new release of the CUPS printing system is available. Version 1.1.8 features a large number of bug fixes.

Standards

FHS 2.2 released. The latest edition of the Filesystem Hierarchy Standard, version 2.2, has been released.

Web-site Development

Zope Weekly News. The Zope Weekly News for May 26 is out. Topics covered include the EuroZope conference and the upcoming 2.4 alpha release.

mnoGoSearch 3.1.14 released. Version 3.1.14 of the mnoGoSearch web search engine is available. The release notes document the changes which are mostly bug fixes. A PHP compatibility fix has also been added.

HTTP Benchmarking (UnixReview). Part 1 of a 2 part series on HTTP benchmarking has been published by UnixReview.com. "Autobench is a Perl front-end to httperf that helps automate the process of testing a Web server or comparing the performance of two Web servers. Autobench has an additional benefit in that it can generate a file from the results, which can be imported into a spreadsheet to form a graph or plot of the results. Autobench can also make use of a configuration file; I'll go into more detail about that next month."

Section Editor: Forrest Cook


May 31, 2001


Application Links
GIMP
Mozilla
Galeon
High Availability
ht://Dig
mnoGoSearch
MagicPoint
Wine
Worldforge
Zope

Open Source Code Collections
Berlios
Freshmeat
OpenSourceDirectory
Savannah
Le Serveur Libre
SourceForge
Sweetcode

   

 

Programming Languages


Caml

Caml Weekl News for May 23 to 29, 2001. The May 23 - 29, 2001 edition of the Caml Weekly News is out. This issue focuses on adding lisp-like properties to the Caml implementation of atoms.

Java

Blackdown releases Java 3d 1.2.1_01 API for Linux. A new release of Blackdown Java 3d API has been announced. The README file lists a number of bug fixes and contains installation instructions and installation requirements. The API may be obtained from the download page. Java 3D is covered by a Sun Binary Code License.

Java Media Framework 2.1.1-FCS. Also, the Blackdown Java Linux Team and Sun have announced the release of JMF 2.1.1-FCS Performance Pack for Linux. The Java Media Framework is an API for working with multimedia streams in Java applications.

Perl

Perl 5 Porters digest for May 27, 2001. The May 27, 2001 edition of the Perl 5 Porters digest is out. Topics include variable attributes and the iThreads module, defining real bugs, Test::Harness cleanup, and more.

This Week in Perl 6. The This Week in Perl 6 digest for May 20-26, 2001 is out. Topics include a Perl assembly language standard, the Perl Apprenticeship Program, Perl virtual registers, slices, and more.

PHP

PHP Weekly Summary for May 27, 2001. The May 27, 2001 edition of the PHP Weekly Summary is out. Topics this week include a DOM XML extension roll back, PHP 4.0.6 RC2, a new get_defined_constants() function, charset-aware html entities, and more.

Python

Dr. Dobb's Python-URL! (May 28). This week's summary of the Python world includes discussions on the worse case behavior of Python lists, updates on the status of PSF plus the relationship of ActiveState and the Python License, and options for running Python on handhelds.

python-dev summary 2001-05-10 through 2001-05-24. This week's summary of the python-dev mailing list has been published, with its usual set of statistics and analysis.

A couple of new Python books. O'Reilly has announced the release of the Python Standard Library, a text that "distills the best parts from over 3,000 newsgroup messages." It aims to be a definitive reference to the Python library; the author is Fredrik Lundh.

Meanwhile, David Beazley has announced that the second edition of the Python Essential Reference is complete and on its way to the printer.

Updated Python development documentation. A number of small updates have been added to the Python 2.2 online documentation.

Jext: an open IDE for Python. Jext is a new, multi-platform programming editor for developing Python code. Jext features auto indent, word completion, syntax colorization, a Python class browser, and numerous editing functions. Jext is licensed under the GNU GPL license.

Tcl/Tk

This week's Tcl-URL. Dr. Dobb's Tcl-URL for May 28 is out. Topics this week include source-level optimization, internationalization, complex arithmetic, a library of extra Tcl commands, a new Tcl GUI builder, a new SNACK sound toolkit, and more.

XML

GETOX, a new Gnome Editor for Text Oriented XML (gnome.org). GETOX, the Gnome Editor for Text Oriented XML, is now available. "The main goal of GETOX is to manipulate an XML file as if it were a simple text file. It should also allow users to produce valid documents at any time by interpreting the DTD and suggesting contextual elements."

Section Editor: Forrest Cook

 
Language Links
Caml
Caml Hump
Tiny COBOL
Erlang
g95 Fortran
Gnu Compiler Collection (GCC)
Gnu Compiler for the Java Language (GCJ)
Guile
Haskell
IBM Java Zone
Jython
Free the X3J Thirteen (Lisp)
Use Perl
O'Reilly's perl.com
Dr. Dobbs' Perl
PHP
PHP Weekly Summary
Daily Python-URL
Python.org
Python.faqts
Python Eggs
Ruby
Ruby Garden
MIT Scheme
Schemers
Squeak
Smalltalk
Why Smalltalk
Tcl Developer Xchange
Tcl-tk.net
O'Reilly's XML.com
Regular Expressions
   

Sections:
 Main page
 Security
 Kernel
 Distributions
 On the Desktop
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

See also: last week's Commerce page.

Linux and Business


Here comes the Itanium. Intel chose this week to announce the official launch of the Itanium processor, with the first systems hitting the market in June. People have been waiting for this processor for a long time - even the Linux 2.4 kernel showed up first. The various distributors have wasted no time in announcing distributions for this processor; see this week's Distributions page for the list.

The processor itself is interesting, but not earth shaking - it's just another CPU chip in the end. It will not be the first 64-bit chip to run Linux, or the first RISC chip. The Itanium does not provide any exciting new capabilities, just more speed.

What makes this release interesting is the reflection that, as recently as a few years ago, it was not at all clear that Linux would run on this processor. All of the relevant information was locked up behind nondisclosure agreements, and the Itanium club was an expensive one to join. Without the ability to see the documentation and release the resulting code, an Itanium port would not be possible.

What happened, of course, is that Intel figured out that a Linux port was very much in its interest, and provided the necessary support. The result is that Linux will be one of the flagship operating systems on the Itanium - it was the first system to run on that processor, and may well prove to be the one that makes the best use of it. After all, Linux has supported 64-bit processors for many years.

The "Linux and Itanium" announcements are already rolling in. Some of the more interesting ones so far include:

  • IBM has announced a series of Itanium-based systems, which will be used to build a new cluster at the National Center for Supercomputing Applications. The cluster will be made up of 160 nodes, and will be capable of performing 1 trillion calculations per second. It will be, they say, "the most powerful Linux supercluster in academia."

  • SGI announced that its first Itanium system, the 750 server, will run Linux.

  • HP has announced a whole line of Itanium systems, from workstations to 16-processor servers. They will, of course, run Linux, along with a couple of legacy operating systems.

  • Mission Critical Linux will be offering clusters based on Linux/Itanium systems.

  • Compaq has announced the availability of Itanium servers running Linux in the third quarter.

Perl CD Bookshelf, Version 2.0. O'Reilly and Associates has announced the release of the second edition of the "Perl CD Bookshelf." This CD contains five O'Reilly Perl books in HTML form.

Open Source Development Lab Adds Second Facility. The Open Source Development Lab (OSDL) has announced the establishment of a second facility outside Tokyo. OSDL is a non-profit organization supported by NEC, Hitachi, Fujitsu, Mitsubishi Electric, Miracle Linux and another 14 companies.

WireX and Counterpane form partnership. WireX (creators of the Immunix distribution) and Counterpane (home of Bruce Schneier) have announced a partnership, which seems to be mostly oriented around (further) hardening Immunix.

Fujitsu, Hitachi, IBM and NEC announce commitment to enhance Linux enterprise capabilities. Fujitsu Limited, Hitachi Limited, IBM, and NEC Corp. have announced a partnership to refine features needed to drive Linux further into the enterprise. The partnership plans to address issues like scalability, problem isolation, and NUMA systems.

IEMS5 available for major Linux distributions. International Messaging Associates (IMA) has released Beta 18 of its latest Internet Exchange Messaging Server (IEMS) 5 for public evaluation. The current enhancements include new operating system support for six major Linux distributions: Red Hat, SuSE, Mandrake, TurboLinux, VALinux, and Caldera.

Linux Stock Index for May 24 to May 30, 2001

LSI at closing on May 24, 2001 35.09
LSI at closing on May 30, 2001 31.54

The high for the week was 35.23
The low for the week was 31.54

Press Releases:

Open source products

Distributions and bundled products

Proprietary Products for Linux

Hardware and bundled products

Products and Services Using Linux

Products With Linux Versions

Books & Training

Partnerships

Investments and Acquisitions

Personnel & New Offices

Financial Results

Linux At Work

Other

Section Editor: Rebecca Sobol.


May 31, 2001

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 On the Desktop
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

See also: last week's Linux in the news page.

Linux in the news


Recommended Reading

Free Software's Stallman strikes back at Microsoft (ZDNet). eWeek covers Stallman's talk at NYU. "Stallman addressed everything from the distinctions between open source and GNU/Linux to his take on how Microsoft might be best broken up by the government, in the aftermath of the Department of Justice antitrust trial."

LinuxUser issue 11 special edition. LinuxUser has published an article on how Microsoft has locked out Unix/Linux clients from UK Government sites. "The second, and far more serious, issue is that individuals and organisations not running Microsoft products are prevented from using the Gateway's authentication service, due to the requirement for proprietary PKI technologies on the client computer. The site claims that other browsers do not give proper support for SSL and digital certificates." A PDF version of this document is also available.

Opinion: A third way for software development (LinuxDevices). Lineo CEO Bryan Sparks talks about whether or not a balance can exist between open source and intellectual property. "Allowing proprietary and GPL code to interact while keeping the two separate is a fundamental process practiced by organizations around the world. For example, if an application or driver runs in user space and makes normal calls to the operating system, the proprietary source code is not required to be licensed under the GPL but may be licensed under a proprietary license if the author chooses."

Linux-based killer robot at Battlebots? Not quite! (LinuxDevices). LinuxDevices.com reports on the entry, or near entry, of a Linux-based robot in the popular BattelBots competition.

Companies

Intel set to rattle server market with Itanium (News.com). C|Net's News.com looks at the upcoming official release of Itanium, Intel's 64 bit processor technology. "For Intel, the chip is the beginning of what it hopes will be a long-running family of workstation and server chips. Though work continues on future versions of the chip, it's also the end of a protracted initial development process. Many people at Intel, and co-developer HP, will breathe a sigh of relief when the curtain raises on the chip, which has been more than seven years in the making."

Linux @ Apple.com (PenguinPPC). The folks at PenguinPPC.org have written their views of Apple's open source initiatives. "Apple has stepped up on loaning equipment to Linux companies and even granting access to the Hardware Quality labs. However, documentation requests were usually answered with 'those documents do not exist.' Apple still is generous with providing loaners but the lack of any hardware documentation reduces coding efforts to reverse engineering games of plug and chug."

Companies fight over CD listings, leaving the public behind (C|Net). A more in-depth look into the Roxio/Gracenote battle that will determine just who can and can't get hold of the CDDB music database. "If Roxio wins, open-source competitors to Gracenote will be legally free to build databases that can't be co-opted by others. If Gracenote wins, other databases relying on individuals' submissions could be considered the property of whatever company collects and formats the data."

Exec shakeup rocks Linux specialist Mandrakesoft (ZDNet). ZDNet gets around to covering the MandrakeSoft employment changes. "Mandrake's U.S. public relations firm would confirm only that there had been a management shuffle and that Poole had left. It would not disclose how many jobs had been lost, but said no further staff reductions were anticipated."

Sharp to display Linux handhelds (C|Net). C|Net reports that Sharp is expected to show Linux-based handhelds at the JavaOne conference in San Francisco in June.

Sun offers Gnome preview for Solaris users (ZDNet). eNews looks at Sun's preview release of GNOME for Solaris systems. "Sun is making significant contributions to the Gnome (GNU Network Object Model Environment) project and is collaborating with other key industry players, including Red Hat Inc., Ximian and Hewlett-Packard Co., to ensure it becomes the leading desktop for Unix and GNU-Linux-based systems, she said."

Business

IBM, Japan PC makers team on Linux (News.com). C|Net looks at the recent joint venture by a group of Japanese companies along with IBM to help push Linux development forward. "'The companies, with a combined total of about 500 engineers working on enterprise-related Linux software development, will share information and divide tasks with a view to making products available over the next year or two, an NEC spokesman said.'"

A Different View (ZDNet). This article provides an introductory look at why IT shops should be using Linux. "Open source can solve specific infrastructure issues, such as the costs for managing the number of software licenses required to keep infrastructure running, along with the extra costs of proprietary software and/or appliances."

Reviews

New handheld aims to bridge digital divide (ZDNet). MSNBC examines the Simputer, a Linux-based handheld aimed at making computing affordable to poor communities. "A local community such as the village panchayat (tax collector's office), the village school, a kiosk, a village postman, or even a shopkeeper should be able to loan the device to individuals for some length of time and then pass it on to others in the community. The Simputer, through its Smart Card feature, allows for personal information management at the individual level for an unlimited number of users."

Interviews

Interview: Hans Reiser (InfoLinux). The Indonesian magazine InfoLinux interviews Hans Reiser the force behind the ReiserFS filesystem. "We are going to add plugins in our next major version, and we hope that plugins will do for filesystems what they did for Photoshop. We will add compression and encryption, and thanks to DARPA funding the encryption will be going into v4.0."

Section Editor: Forrest Cook


May 31, 2001

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 On the Desktop
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

See also: last week's Announcements page.

Announcements


Resources

Speech: We are the new guardians of the world. Here is the text of a speech by Tony Stanco, one of the founders of FreeDevelopers, on why free software is an important part of freedom as a whole. Worth a read. "The world has fought a lot of wars to make regular law open, democratic and available to the governed. We shouldn't let technology take us backwards to a time when a few people have the arbitrary power to create whatever law they please and have everyone else just subject to it. I found that technologists discount these ideas more than they should."

LinuxUser issue 9. The online version of LinuxUser, Issue 9, is now available for download in PDF format. This issue includes a cover story on Samba, "The NT Killer", and stories on the OSDEM conference, a comparison on Linux and BSD and real time operating systems.

Events

Wizards of OS 2. The second Wizards of OS conference has been announced for October 11 to 13 at the House of World Cultures in Berlin. The event appears to have gotten more ambitious; free software is still high on the agenda, but issues like peer-to-peer, public knowledge, and biotechnology are there as well. Speakers include Bruce Perens, Rusty Foster (of Kuro5hin fame), Lawrence Lessig, and others. It looks like a seriously interesting event.

Australian Unix User Group's Annual Conference. The call for papers has gone out for this conference on Open Source, Linux and BSD. Deadline for submissions is June 15.

Events: May 31 - July 31, 2001.
Date Event Location
May 31, 2001II Forum Internacional do Software LivreBrazil
May 31, 2001The Unix Users Group the Netherlands Spring Conference(De Reehorst)Ede, the Netherlands
May 31, 2001MontaVista seminar(Irvine Hilton)Irvine, Calif.
June 5, 2001MontaVista seminarChicago.
June 6 - 7, 2001Linux ExpoMilan, Italy
June 7 - 8, 2001Second European Tcl/Tk User MeetingGermany
June 7, 2001MontaVista seminarToronto.
June 11 - 14, 2001Hot Springs Educational Technology Institute conference(Hot Springs High School)Hot Springs, Arkansas
June 13, 2001Linux@workParis
June 14, 2001Linux@workBrussels
June 15, 2001Linux@workAmsterdam
June 20 - 21, 2001Linuxdays 2001St. Pölten, Austria
June 25 - 30, 2001USENIX Annual Technical ConferenceBoston, Massachusetts
June 25 - 27, 2001NCSA Linux users' and system administrators' conference(University of Illinois)Urbana, IL
June 29 - July 1, 2001Linux 2001 Developers'' ConferenceManchester, UK
July 3 - 5, 2001Enterprise Linux Institute ConferenceOlympia, London
July 4 - 9, 2001Libre Software MeetingBordeaux, France
July 4 - 5, 2001Linux Expo ExhibitionOlympia, London
July 5 - 8, 2001LinuxTag 2001 - Stuttgart,Germany
July 9 - 12, 2001Embedded Systems Conference(Navy Pier Festival Hall)Chicago, Ill.
July 9 - 13, 2001SAGE - AU 2001(Grosvenor Vista Hotel)South Australia
July 19 - 25, 2001Networking Event 2000(ne2000)Nuenen, the Netherlands, South
July 23 - 27, 2001O'Reilly Open Source Software ConventionSan Diego, California
July 23 - 27, 20011st annual PHP ConferenceSan Diego, California
July 25 - 28, 2001The Ottawa Linux SymposiumOttawa

Web sites

Penguinista's first year. The Penguinista! news site is celebrating its first anniversary. Congratulations, and we wish you many more!

Geeknews.org on hiatus. This time, it's not the economy's fault. It looks like the realities of college life are taking their toll on the founder of geeknews.org. "It is with a great deal of regret that I report to you all that I have decided to put Geeknews.org on a bit of a hiatus. As of May 28th, 2001 Geeknews.org will cease to have a web presence. However email for the site will continue to work normally."

User Group News

LUG Events: May 31 - June 14, 2001.
Date Event Location
May 31, 2001Bergen Linux User Group(BLUG)Bergen, Norway
May 31, 2001The Unix Users Group the Netherlands Spring Conference(De Reehorst)Ede, the Netherlands
May 31, 2001AaLUG: Generalforsamling i AaLUGDenmark
June 2, 2001Twin Cities LUG(TCLUG)Minneapolis, MN
June 2, 2001Sheffield LUG(ShefLUG)University of Sheffield, UK
June 4, 2001Baton Rouge LUG(BRLUG)Baton Rouge, LA.
June 5, 2001Linux User Group of Davis(LUGOD)(Z-World)Davis, CA
June 5, 2001NorthWest Chicagoland LUG(NWCLUG)(Harper College)Palatine, Illinois
June 5, 2001Missouri Open Source LUG(MOSLUG)Kirkwood, Missouri
June 6, 2001Silicon Valley LUG(SVLUG)San Jose, CA
June 6, 2001Southeastern Indiana LUG(SEILUG)(Madison/Jefferson County Public Library)Madison, IN
June 6, 2001Kansas City LUG Demoday(KCLUG)(Kansas City Public Library)KC, Missouri
June 7, 2001Edinburgh LUG(EDLUG)Edinburgh, Scotland
June 7, 2001Gallup Linux Users Group(GalLUG)(Coyote Bookstore)Gallup, New Mexico
June 9, 2001Consortium of All Bay Area Linux(CABAL)Menlo Park, CA
June 9, 2001Route 66 LUGLa Verne, CA
June 9, 2001GalLUG Installfest(Connecting Point Computers)Gallup, New Mexico
June 11 - 14, 2001Hot Springs Educational Technology Institute conference(Hot Springs High School)Hot Springs, Arkansas
June 12, 2001Victoria LUG(VLUG)(University of Victoria)Victoria, British Columbia
June 12, 2001Long Island LUG(LILUG)(SUNY Farmingdale)Farmingdale, NY
June 13, 2001Toledo Area LUG(TALUG)Toledo, OH
June 13, 2001Columbia Area LUG(CALUG)(Capita Technologies Training Center)Columbia, Maryland
June 13, 2001Silicon Corridor LUG(SCLUG)(Back of Beyond pub in Kings Road)Reading, UK
June 14, 2001Boulder Linux Users Group(BLUG)(Nist Radio Building)Boulder, CO
June 14, 2001Phoenix Linux Users Group(PLUG)(Sequoia Charter School)Mesa, AZ.


May 31, 2001

   

 

Software Announcements


Here are this week's Freshmeat software announcements. Freshmeat now offers the announcements sorted in two different ways:

The Alphabetical List and Sorted by license

 

Our software announcements are provided courtesy of FreshMeat

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 On the Desktop
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

See also: last week's Linux History page.

This week in Linux history


Five years ago: the Free Software Foundation, feeling left out of Linux, decided to call it "Lignux" instead. That one did not stick, however...

Four years ago: Alan Cox withdrew as the Linux CERT contact person:

I no longer have any faith in CERT nor believe it is the right way to handle the lamentably bad state of computer security today. It muddles along like some kind of comic book 3rd world security agency trying to hide the truth - the only reason we haven't had major computer security catastrophes on the internet is because nobody has lit the fuse, not because we have security.

It's not clear that the situation has improved a whole lot since then...

Three years ago (June 6, 1998 LWN): The Open Group stated that it would be willing to consider bending some of its rules in order to award its "Unix98" certification to Linux. The proprietary Unix vendors, it seems, had written off the low-end server market, and figured that they might as well help Linux fight in that arena. The certification never materialized, but that does not appear to have slowed down Linux much.

Version 0.8 of the proposed Debian Constitution was released.

Two years ago (June 3, 1999 LWN): The unpleasant "shrink-wrap software law" known as UCC-2B was reincarnated as UCITA. Two years later, UCITA remains an active proposal, though its progress seems to have stalled.

Red Hat Linux 6.0 upset many customers with its new, higher price. Red Hat answered the criticism by offering "Red Hat Core," which was offered at the older price ($40). People were not exactly encouraged to buy it, though:

You have been writing code for years and can recompile the kernel in your sleep....You know what you're doing and you know how it all works. In fact, you're one of the "gurus" who is most likely helping all your friends get into Linux. You don't need a floppy; you don't need help in getting started, and you don't need support.

"Red Hat Core" was also not available through resellers; it had to be bought directly from Red Hat. Two years later, Red Hat no longer follows this strategy; Red Hat Linux 7.1 is available for $40, or for slightly less from the usual resellers.

Linux IPOs were still in the future, but people were beginning to worry:

One factor to consider as VA ponders going public is compensating the myriad programmers who have contributed to Linux over the years.... If a company such as VA or Red Hat went public and made a lot of money off Linux, "What does that mean for all those people who've done a lot of work and don't necessarily" make money out of it? Will they still want to contribute to Linux? "That's one of the issues we're struggling with," [Larry] Augustin said.
News.com.

Publicly-held Linux companies may have quite a few disgruntled stockholders, but their public nature does not seem to have created too many difficulties with developers.

Linux-Mandrake 6.0 was released.

One year ago June 1, 2000 LWN. The LWN this week in history section made its first appearance in the now defunct back page.

Richard Stallman stated that free software was unimportant for embedded systems:

I'm less concerned with what happens with embedded systems than I am with real computers. The real reason for this is the moral issues about software freedom are much more significant for computers that users see as a computer. And so I'm not really concerned with what's running inside my microwave oven.

The original article, which ran on GnuLinux.com, appears to be no longer available. RMS has since expressed more concern about closed embedded systems.

Linus released kernel 2.4.0-test1, just before leaving town for a few weeks. "It's not a real 2.4.0 release, but we should be getting closer." Not all that much closer - 2.4.0 was still several months away.

The Python development group, headed up by Guido van Rossum, moved to BeOpen. It seemed like a good idea at the time, but this arrangement didn't last all that long.

Michael Tiemann talked about the apparent lack of progress with the Linux Standard Base:

In Hitchhiker's Guide to the Galaxy, one of the paradoxes presented is that if people had proof of God, their belief would be fact-based instead of faith-based, and the loss of faith would cause God to cease to exist. The way Linux standards work, you've got to believe. If people believe, then standards are widely accepted.

One can only hope that the imminent arrival of LSB 1.0 does not bring about this sort of paradox...


May 31, 2001

LWN Linux Timelines
1998 In Review
1999 In Review
2000 In Review
2001 In Review

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 On the Desktop
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

See also: last week's Letters page.

Letters to the editor


Letters to the editor should be sent to letters@lwn.net. Preference will be given to letters which are short, to the point, and well written. If you want your email address "anti-spammed" in some way please be sure to let us know. We do not have a policy against anonymous letters, but we will be reluctant to include them.

May 31, 2001

   
From:	 Dominic Mitchell <dom@semantico.com>
To:	 letters@lwn.net
Subject: IPFilter
Date:	 Thu, 24 May 2001 17:44:01 +0100

It's worth noting that (at least in the case of FreeBSD, not sure about
the others), there is also ipfw, another kernel level firewall, which
is competent to work with, if you do not like ipfilter.

This is similiar to the situation with floating point emulator in
FreeBSD.  There are two distributed versions, one GPL, one BSD.  You can
choose the one that applies.

-Dom
   
From:	 "Chad C. Walstrom" <chewie@wookimus.net>
To:	 letters@lwn.net
Subject: The Boundaries of GPL
Date:	 Tue, 29 May 2001 11:29:20 -0500

You wrote:

    But the real problem is that Linus does not own the copyright for
    the entire kernel. Many major contributors have retained their own
    copyright on the code they have added, and many of them are
    opposed to proprietary modules. That leads to a couple of
    troublesome scenarios:

An interesting possibility to solving this problem is to unify the
copyrights of all code contributed to the Linux kernel.  There are two
ways to do this, transfer copyright control to the Free Software
Foundation, or create a non-profit organization specifically designed
to maintain and develop the Linux kernel and all aspects thereof.  I
highly doubt that all the Linux kernel developers could be convinced
to sign over copyright control to their contributions to the FSF, as
not too many people buy in to the Marxist-like views of RMS and the
FSF.  

The second option is quite intriguing, however.  An organization that
is focused strictly upon the Linux kernel would guarantee that the
concerns and issues related to the kernel would not be overlooked in a
larger, all-encompassing organization.

As a side note, I have been unable to find any documentation
concerning an established Constitution of the FSF or any such related
issues.  How is the FSF run?  Who is in charge?  Who defines policies?
Is it an RMS monarchy?  The GNU website is only helpful in so far as
providing the GNU Manifesto and multiple opinion papers on Free
Software.

-- 
Chad Walstrom <chewie@wookimus.net>                 | a.k.a. ^chewie
http://www.wookimus.net/                            | s.k.a. gunnarr
Key fingerprint = B4AB D627 9CBD 687E 7A31  1950 0CC7 0B18 206C 5AFD


   
From:	 Neilen Marais <nmarais@hertz.ee.sun.ac.za>
To:	 floydls@home.com, letters@lwn.net
Subject: On The Desktop May 10 -- KDE Bloat
Date:	 Thu, 24 May 2001 09:51:17 +0200

Hi Floyd, LWN people.

> Also, I agree completely with Michael A. Schwarz in his email (Wrong 
> way to look at it).  The time to make a program fast and use less 
> memory is when it is designed and implemented, not later.  If you 
> wait till later then you miss the most beneficial time to improve 
> it.  KDE and GNOME should work OK on old equipment.  After all MS 
> windows works and KDE and GNOME.  They are not all that much more 
> advanced.

While I agree with the fact that you'd be missing the best time to
optimize for speed if you do it later (i.e.. later people will have
faster hardware anyway), it is just not always (seldom, really)
practical to make things fast from the start.  

In the words of Donald Knuth (whom you should all know of :-)

"Premature optimization is the root of all evil".

While a good initial design would make it easier to improve performance
later, it is unlikely that early implementations of any design will have
optimal performance.  

In the case of desktop environments there was virtually nothing to start
with, and thus features tend for the moment to take preference to
speed.  IMHO this is the right approach to take.   Says even I running a
4 year old low-end system... But upgraded to 160 MB RAM. RAM is _cheap_
right now.

Cheers
Neilen

P.S. I have no specific involvement in any of the desktop projects, but
remember how excited I was to find the very very first KDE activity.
   
From:	 Eric Smith <eric@brouhaha.com>
To:	 letters@lwn.net
Subject: ioctl() replacement
Date:	 24 May 2001 18:07:40 -0000

In your 24-May-2001 issue, you mention one of the possible ioctl()
replacements:

    Another approach calls for the opening of a control channel as a
    separate file descriptor, then invoking operations with write() and
    read() calls. Such an approach is workable and network-friendly, but
    it lacks the atomic nature of ioctl(). Things can happen between
    when an operation request is written and the results are read back.

The latter objection is not necessarily true.  If the interface is defined
such that a response is always generated when the write() is performed, as
part of the atomic operation, and the response is simply not delivered
until the read() call occurs, I don't think there's a problem.  At least,
not any new problem that didn't already exist with ioctl().

Being network-friendly is a huge benefit.  I have needed for some time
to be able to fully control remote serial ports and remote tape drives.
I thought about doing a hack to work like ptys but for arbitrary devices
(rather than just ttys), and somehow bouncing ioctl()s to user space, where
a process would act as a proxy to get the calls to the remote machine.
I quickly learned how infeasible that is.  Linus' proposal to change the
ioctl() call interface, while not directly network-friendly, at least
would make it possible to support my specialized proxy.

Eric Smith
   
From:	 Martin <chimbis@skjoldebrand.org>
To:	 lwn@lwn.net
Subject: Linux on desktops
Date:	 Fri, 25 May 2001 07:45:23 +0200

I found I couldn't agree with the DELL representative quoted as:

"It's still a fundamentally technical operating system," said Steve 
Smith, Dell's European market development manager for client systems. 
"It's very easy for someone who doesn't know what they're doing to 
break. It's not designed for the novice user." 
Microsoft's grip on the applications market, with Office, also shows no 
sign of weakening, Smith said."

This might reasonably make sense only from a narrow point of view - 
namely people and countries that actually can afford throwing away 
thousands on tools to communicate. Many people do not have this kind of 
money available for something that isn't necessary for everyday 
subsistance. It is surprising that a highly configurable, stable, 
useable and affordable philosophy isn't being actively "marketed" 
towards people and countries where cost is a big issue. Specifically 
developing countries could benefit imensly from using an operating 
system, and applications easily and cheaply customized for specific needs.
My plan is to try to (together with organisations that has expressed an 
interest for this in our standard aid program) implement a GNU/Linux 
based computer training center (or even centers) in East Africa during 
2002.

I'm interested in hearing from anyone who has been involved in similar 
projects in the past. You're welcome to write to me privately 
(chimbis@bahnhof.se) or at my office address 
(martin.skjoldebrand@forumsyd.se).

Cheers,

Martin Skjöldebrand
CTO, Forum Syd
Swedish NGO Center for Development Co-operation

--
Speaking only for myself. Views expressed in this email message are not 
necessarily shared by my employer.


   
From:	 Bret Mogilefsky <mogul@gelatinous.com>
To:	 letters@lwn.net
Subject: Letters page for May 24th
Date:	 Thu, 24 May 2001 16:28:57 -0700

Rob Funk wrote in your letters page:

  While I generally respect Hammel's work, like others I am beginning to
  question how his writing fits into LWN.  It reads more like a column than
  a section of news, and none of the other sections read like that.  [...]
  I believe that desktop-oriented news is important, but the current style
  doesn't inspire confidence in this news source.

I agree that desktop news should be well covered, and that the current
writer is just inappropriate.  It is quite frustrating to watch him bumble
through learning what's available and how it works week after week as
he's writing rather than writing about new developments or issues.  He's
confessed several times that he's new to the whole desktop thing and
started writing copy about Gnome before he'd even tried KDE... 

I consider LWN to be the highest quality Linux news source available, and
in my mind it needs knowledgable writers the way ABC World News Tonight
needs knowledgable reporters.  If we watched a reporter on Capitol Hill try
to explain what he does and doesn't know about Congress at the same time
he's reporting on what legislative issues were being hotly debated that
day, we'd probably change the channel... As it is now, I can only go two or
three paragraphs into the section before I skip to the next page in
frustration.  This writer is better suited to writing something like
"Desktop tip-of-the-week" than writing the insightful, comprehensive weekly
column we expect.

Sorry, but he's got to go...


Bret
   
From:	 =?iso-8859-1?Q?J=F6rn?= Nettingsmeier <nettings@folkwang-hochschule.de>
To:	 letters@lwn.net
Subject: The "Desktop" section needs rethinking.
Date:	 Sat, 26 May 2001 13:22:59 +0200

Dear LWN editors !

I've been reading lwn.net for about 2 years, and i find it a very
high-quality and concise news source. I greatly appreciate your work
and the continuity of a weekly up-to-date newsletter.
The "Desktop" section, however, leaves a lot to be desired and does
not at all match the level of the other columns.
The irritating verbosity there (as opposed to the dense and
informative style elsewhere) has been pointed out by others before. 
What actually triggered this little rant of mine was the author's
question of how to remove desktop icons. While he claims to be an
old-school Fvwm user (which is perfectly ok), my very humble opinion
is that an editor of "On the Desktop" should be familar with
concepts such as right-clicking for a context menu. Instead of
providing insightful news about the latest developments, the section
reads more like the very first steps of a dedicated bare-X user on a
modern GUI system. While this is certainly interesting, it does not
meet the expectations I have of a "Desktop" column in LWN.

No offense intended,

sincerely yours,

Jörn Nettingsmeier



-- 
home://Kurfürstenstr.49.45138.Essen.Germany      
phone://+49.201.491621
http://icem-www.folkwang-hochschule.de/~nettings/
http://www.linuxdj.com/audio/lad/
   
From:	 Pavel Roskin <proski@gnu.org>
To:	 <letters@lwn.net>
Subject: Is Nautilus defunct?
Date:	 Fri, 25 May 2001 10:15:36 -0400 (EDT)

>From the daily news for May 25:

> Still, they offer many installation options ranging from a complete
> text-based Linux system up to full GUI splendor with the latest
> version of KDE or GNOME equipped with Eazel's now defunct Nautilus.

I believe that "defunct" is a wrong word for Nautilus. Let's see how
Webster dictionary defines this word:

Etymology: Latin defunctus, from past participle of defungi to finish,
die, from de- + fungi to perform -- more at FUNCTION
Date: 1599
: no longer living, existing, or functioning <the committee is now
defunct> synonym see DEAD

Nautilus is living, existing, and functioning, just as it was before.
Free software doesn't die if the principal developers stop working on it -
it dies when it's no longer needed.

-- 
Regards,
Pavel Roskin

   
From:	 Joe Klemmer <klemmerj@webtrek.com>
To:	 letters@lwn.net
Subject: Automatic updating
Date:	 Fri, 25 May 2001 11:15:59 -0400

On the subject of tools for automatic updating of software you said...

"One other note on automated installers: the Debian project has
probably had this issue addressed longer than anyone with their set
of "apt" tools. Use of apt to update just about any package is pretty
painless. All that may be missing from this might be a graphical
front end integrated into KDE and GNOME."

The Free/Net/OpenBSD way of doing updates is very much like the apt
tools (from what I understand).  Granted I haven't actually used either
of these but I know that on the *BSD's you just go to the install
directory and do "make install" and it'll go out, find all the software
and dependencies, build and install everything.  This seems to be, at a
fundamental level, the same way that apt-get works.

I mention all of this because, if memory serves (and that would require
an act of god), FreeBSD was using this system before Debian was
created.  As I said, I could be way off on the timing, but it would be
good to see just how similar or different that the Debian and *BSD ways
really are.  I've been using RPM's for, well, since RPP evolved into
RPM.  However, I really like the idea of just doing something like -

# cd /usr/src/ports/xfce
# make install ; clean

and having my desktop all updated.

Joe

---
"Do not meddle in the affairs of wizards, for you are crunchy and taste
good with ketchup."
   
From:	 Ronald Pottol <chaos@chaostrophy.org>
To:	 letters@lwn.net
Subject: AMANDA
Date:	 25 May 2001 15:23:03 -0700

> > From the May 17,2001 LWN:
> > 
> > "That said, it is worth pointing out that, as far as we know, there is
> > still not a free, top-quality large network backup and restore system
> > available for Linux. Numerous commercial alternatives are out there, but
> > the available free systems just do not have the same level of features and
> > scalability. This could be a good project for somebody..."
> 
> Perhaps you missed a nice package by the name of AMANDA
> (http://amanda.org/).

AMANDA is a neat package, but it has two flaws that I see, first, it
cannot split a backup (single partion) across a tape (and it only
supports tape), second, there is no easy way to get a minimum set of
tapes for an off site backup, as it spreads your full backups across
your tapes.  Handy in many ways, but ugly if you want a few tapes that
have a full backup of your site on them for an off site backup.

Add these two things, and I think it would really be there.  

Ron
-- 
All your CPU are belong to Tux!
   
From:	 Max.Hyre@cardiopulmonarycorp.com
To:	 thanks@amazon.com
Subject: Why I'm not availing myself of ``Great Savings Every Day''
Date:	 Tue, 29 May 2001 11:39:10 -0400
Cc:	 ask_tim@oreilly.com, letters@lwn.net

[Note:  This is intended for Mr. Alan Brown, or someone with a
 similar level of authority.  The reason should be obvious once
 you've read the body.]

   Dear Mr. Brown:

   Under the subject line of ``Get Great Savings Every Day''
you wrote to me:

> We noticed it's been a while since you last ordered from us
> (using this account).
	[snip]
> Sincerely,
> 
> Alan Brown
> Grand High Pooh-Bah of Fun and Convenience
> (a.k.a. Chief Marketing Officer)
> Amazon.com


   Actually, I've already written to your company about why
I'm no longer a customer, but from the tenor of the response,
it was handled by someone with no authority to either address
the problem, or refer the matter up to someone who might.

   In short, I am sending my trade elsewhere until Amazon
ceases to support software patents.  That's why I returned my
last purchase from you, and have made none since.

   ``But, we don't'', I hear you say, ``we're just forced into
using them by competitive pressures.''  This is right up
there with any rationalization of the form ``We have to <X>
in order to compete fairly with others who do'', where you
can fill in <X> with whatever is the standard ethical lapse
for the activity in question.  Pick whichever of `bribe',
`smuggle', `deal with a corrupt regime', `write misleading ad
copy', etc., etc., as seems to you to match software patents
for odiousness.

   As a computer programmer, my ability to practice my craft
is directly threatened by software patents.  Software is a
malleable medium, probably the ultimate such.  Any programmer
worth her salt is continually inventing new forms, discarding
those inappropriate to the task at hand, shaping others to
fit the current need.  Such work requires skill and undivided
focus to execute even halfway proficiently.  Such conditions
are impossible under a regime which requires the programmer
to continually look over her shoulder for fear the patent
police are coming to say she can't use this module, that
function, the other line of code.

  I am further taken aback that a company whose lifeblood is
in the ebb and flow of computer instructions, would counte-
nance such a shackling of the employees who create and oversee
that ferment.  If this is not apparent to you (and I must
conclude that it isn't), I urge you to talk to your program-
ming employees, taking with you an assortment of the software
patents granted in the U.S.  Ask them how they can work
without violating one or the other of them.  Ask them what it
would take to know every patent issued, including yesterday's
batch, in order to dodge such violations.  If they're honest,
they'll tell you it's a mental impossibility.  The software
patent will ultimately drag to a halt the most fruitful field
of endeavor seen in the history of technology, all in the
name of fostering advances in the state of the art.

   Where were software patents from, say, 1945 to 1970?
Nowhere to be seen, as computing started the exponential
growth that continues today.  They are not a necessary
ingredient for computing's growth, but they are sufficient
to stunt, if not halt, it.

   Thus, I ask you, Mr. Bezos, and the board of directors
of Amazon to examine this situation in the clear light of
day, and join in the fight to abolish software patents
entirely.  It's required, O Pooh-Bah, to restore the
``Fun and Convenience'' to programming.


		Sincerely,

			your ob'd't servant,


						Max Hyre
   
Eklektix, Inc. Linux powered! Copyright © 2001 Eklektix, Inc., all rights reserved
Linux ® is a registered trademark of Linus Torvalds