[LWN Logo]
[LWN.net]

Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise news for all interests


Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

Other LWN stuff:
 Daily Updates
 Calendar
 Linux Stocks Page
 Book reviews
 Penguin Gallery

 Archives/search
 Use LWN headlines
 Advertise here
 Contact us

Recent features:
- RMS Interview
- 2001 Timeline
- O'Reilly Open Source Conference
- OLS 2001
- GaŽl Duval
- Kernel Summit
- Singapore Linux Conference
- djbdns

Here is the permanent site for this page.

See also: last week's LWN.

Leading items and editorials


Fun with trademarks. As if to prove that the U.S. is not alone in presenting obnoxious intellectual property challenges to free software, Germany has turned up a couple of interesting cases on its own. Both of these are challenges relating to trademarks; there are likely to be many more where these came from.

The first concerns the MobiliX site, which is maintained as a mobile Linux resource by Werner Heuser. It seems that [Obelix] Mr. Heuser is the subject of a trademark suit filed by the infamous lawyer Guenter Freiherr von Gravenreuth. The complaint? The term "MobiliX," evidently, might be confused with the name of Obelix, the famous and indomitable Gaulish menhir hauler. Now, Mr. Obelix (see picture, right) does share some physical characteristics with Tux the penguin, but it still seems like it would be hard to confuse the two.

Mr. Heuser, who has even registered the "MobiliX" trademark in Germany, is determined to fight this case. We wish him the best of luck in this battle.

Meanwhile, SuSE has been hit by a restraining order blocking the distribution of SuSE Linux in Germany. This order results from a suit by our good friend Guenter Freiherr von Gravenreuth, once again. The claim is that the KDE "Krayon" package violated Crayon's trademark in Germany - even though SuSE does not ship Krayon. According to this News.com article, this issue was resolved just before LWN went to "press." "SuSE was not required to submit payment for any license fees."

So that case, at least, was resolved relatively easily. The next one may not be. Free software is available globally. If you were to look at the names found on any given distribution, chances are good that a large number of them would resemble trademarks somewhere in the world - especially if you are a lawyer looking for things to litigate. It will not take too many of these cases before people and companies start to take down their free software web sites, and to start pulling programs out of distributions.

Trademarks, thus, are a great opportunity for those who wish to harass free software developers and distributors. This is not going to be an easy problem to solve, to say the least.

It is time to be done with buffer overflows. The recent Microsoft XP vulnerability, the one that exposes almost every system connected to the net, was caused by a buffer overflow. It is easy to sneer at Microsoft for allowing such a vulnerability into their code, but one should look at this week's LWN security page before sneering too hard. Linux distributors have done a good job at rushing out fixes for the remotely exploitable vulnerability in the widely-used mutt mailer. That vulnerability is, of course, a buffer overflow problem.

We in the free software community claim to have programs which are more secure than the proprietary variety. In some ways, that is true: the mutt updates came out much more quickly than the XP fix, which took five weeks. But we still ship a lot of code which contains vulnerabilities, including trivial problems like buffer overflows.

It is time that this practice came to an end. If the free software development process is truly better at examining its code, if many eyeballs really make all bugs shallow, then we should be able to eliminate this class of errors from our systems. Indeed, it is interesting to ponder why such errors still turn up with amazing regularity.

One answer, certainly, is that the number of eyeballs looking at free code is frequently exaggerated. Auditing code is a tedious and often thankless task; most hackers would rather be working on the next great word processor, network protocol, or scheduling algorithm. Once you can understand a given body of code well enough to figure out where the buffer overflows are, you are in a position to do something more interesting.

We, as a community, need to do more to encourage auditing of code for buffer overflows and other vulnerabilities. There are projects out there - consider the kernel janitors project or OpenBSD - which show that developer communities can do this sort of work. Code auditing can be a good way for a new developer to learn his or her way around a project's source; encouraging auditing and recognizing those who find (and fix) problems could go a long way toward eliminating buffer overflows as something that Linux users need to worry about.

Another obvious answer is that the languages used for much free software development make buffer overflows too easy. C and C++ will not be going away anytime soon; they offer a sort of control and power that is needed in too many places. But anybody contemplating a new development should think long and hard about using an implementation language that is inherently resistant to buffer overflows. Many such languages exist (consider Python, Perl, Ruby, Java, etc.); it should be possible to find one to suit almost any taste. More modern languages can be a lot of fun to program in, and they are free of whole classes of problems that bother C and C++ programmers.

Imagine the comfort of running an operating system which had not experienced a buffer overflow vulnerability for a year or more. This is a goal that should be attainable by a community such as ours. A serious effort to eliminate these embarrassing and avoidable errors would do much to establish Linux's credibility as a truly secure system. Can we really afford not to do it?

Inside this LWN.net weekly edition:

  • Security: Linux virus on the loose; lots of updates; Linux security white papers from IBM
  • Kernel: A new 2.5 scheduler; achieving low latency; preparing ALSA for inclusion.
  • Distributions: A New Distribution List; New this week: Debian-Med, IPCop Firewall, Trinity Rescue Kit, and Xitnalta Alindis.
  • Development: Gopher 3.0, PDA apps, Squid virus scanner, XNotesPlus V3.5, gFTP 2.0.11, GCC for AMD x86-64, OProfile 0.0.8.
  • Commerce: BBC providing Ogg streams; Lineo, Metrowerks and Motorola Broadband form Triarc Content Labs; HP, MSC offer turnkey Linux clusters.
  • History: Creative Labs learns about free software; the UTICA rears its ugly head; Linux kernel 2.4.0 released.
  • Letters: Kernel trees; application installation.
...plus the usual array of reports, updates, and announcements.

This Week's LWN was brought to you by:


January 10, 2002

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

See also: last week's Security page.

Security


News and Editorials

Linux virus on the loose. Articles in IT-Director and Newsbytes claim there is a Linux virus making the rounds. According to Newsbytes: "Like the initial RST, the new variant identified by Qualys is designed to infect binary files in the Linux Executable and Linking Format (ELF) and create a "back door" on an infected system that gives a remote attacker full control."

A Rough Year for SSH (Linux Journal). The Linux Journal looks at the troubles faced by SSH over the last year. "Several groups focused their attentions on this cornerstone of the net, and several problems emerged. ssh has emerged from this scrutiny a stronger product."

Open-source security tools gain favor (ZDNet). This ZDNet Tech Update article is about open-source software in the enterprise security market. "Open-source security tools are gaining appeal in the enterprise as IT managers and CIOs search for ways to step up security while holding down costs."

Security Reports

Debian and Red Hat security updates to exim. It seems that, for certain exim configurations, a properly crafted mail message may cause an arbitrary command to be executed. Not good; upgrades are recommended.

The updates available so far are for Debian and Red Hat Powertools. Exim is only available from Red Hat in the Powertools package. It is not vulnerable in the default Powertools configuration.

Conectiva security update to proftpd. Conectiva has issued an update to proftpd fixing a couple of remotely exploitable vulnerabilities in that package.

Mandrake Linux security update to bind. MandrakeSoft has issued a security update to bind. The problem appears to be incorrect permissions on some of bind's configuration files; it would seem to be a Mandrake-specific vulnerability.

Bugzilla upgrade to version 2.14.1. This security update has patches for a number of security-related bugs described in this announcement. All users of Bugzilla, the bug-tracking system from mozilla.org, who are using a version of Bugzilla installed from a downloaded tarball or package file are strongly recommended to update to version 2.14.1.

Heap overflow in snmpnetstat. Axioma Security Research posted this description of a remotely exploitable vulnerability in snmpnetstat on bugtraq. Snmpnetstat is part of the ucd-snmp package. The problem was researched on Red Hat Linux 7.1.

Updates

Directory indexing and path discovery in Apache. Versions of Apache prior to version 1.3.19 are vulnerable to a custom crafted request that can cause modules to misbehave and return a listing of the directory contents by avoiding the error page. (First LWN report: September 20, 2001).

This week's updates:

Previous updates:

Buffer overflow problem in glibc. The glibc filename globbing code has a buffer overflow problem. For those who are interested, Global InterSec LLC has provided a detailed description of this vulnerability. This problem was first reported by LWN on December 20th.

This week's updates:

Previous updates: Problems with libgtop_daemon. The libgtop_daemon package is a GNOME program which makes system information available remotely. LWN reported the remotely exploitable format string and buffer overflow vulnerabilities in that package on December 6th. On November 28th SuSE recommended disabling the libgtop_daemon on systems where it is running until an update is available.

Many Linux systems do not run libgtop by default, but applying the update is a good idea anyway.

This week's updates:

Previous updates:

Remotely exploitable security problem in mutt. Most of the major distributions have provided updates for this buffer overflow vulnerabilty which was fixed in mutt versions 1.2.5.1 and 1.3.25.

This is a remotely exploitable hole; applying the update is a very good idea. It was first mentioned in  the January 3rd LWN security page.

This week's updates:

Previous updates:

Cross-site scripting problem in namazu. This vulnerability was first reported in  the January 3rd LWN security page.

This week's updates:

Previous updates: Format string bug in stunnel. Stunnel has a format string bug described in detail here. Versions prior to 3.15 are not vulnerable. LWN first reported the problem on January 3rd.

This week's updates:

Previous updates:

Resources

Trent Jaeger, David Safford, and Hubertus Franke of the IBM T.J. Watson Research Center have authored two new white papers on security topics . The first is "Linux Security for the Enterprise: Executive Summary" and the second is "Security Requirements for the Deployment of the Linux Kernel in Enterprise Systems". The papers are available from the IBM Linux Technology Center website . (Thanks to Steve Fox).

Guidelines on Firewalls and Firewall Policy. NIST Special Publication 800-41, Guidelines on Firewalls and Firewall Policy, is now available from here (PDF format). "This document contains an overview of recent developments in firewall technology, and guidance on configuring firewall environments. It discusses firewall access control, active content filtering, DMZs, and co-location with VPNs, web and email servers, and intrusion detection."

Events

Upcoming Security Events.

The USENIX Security Symposium 2002 call for papers is available here. The submission deadline has been extended to February 1, 2002. This year the symposium is scheduled for August 5th to 9th in San Francisco, CA, USA. "If you are working on any practical aspects of security or applications of cryptography, the program committee would like to encourage you to submit a paper."

The New Security Paradigms Workshop 2002 has issued this call for papers. "In order to preserve the small, focused nature of the workshop, participation is limited to authors of accepted papers and conference organizers". This ACM/SIG sponsored workshop will be held September 23rd to 26th at the Chamberlain Hotel in Hampton, Virginia, USA.

Date Event Location
January 7 - 9, 20022002 Federal Convention on Emerging Technologies: a Homeland Security ForumLas Vegas, Nevada, USA
January 30 - February 2, 2002Second Annual Privacy and Data Protection SummitWashington D.C., USA
February 15 - 17, 2002CODECON 2002San Francisco, California, USA
February 18 - 22, 2002RSA Conference 2002San Jose, CA., USA

For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net.

Section Editor: Dennis Tenney


January 10, 2002

LWN Resources
Security alerts archive

Secured Distributions:
Astaro Security
Castle
Engarde Secure Linux
Immunix
Kaladix Linux
NSA Security Enhanced
Openwall GNU/Linux
Trustix

Security Projects
Bastille
Linux Security Audit Project
Linux Security Module
OpenSSH

Security List Archives
Bugtraq Archive
Firewall Wizards Archive
ISN Archive

Distribution-specific links
Caldera Advisories
Conectiva Updates
Debian Alerts
Kondara Advisories
Esware Alerts
LinuxPPC Security Updates
Mandrake Updates
Red Hat Errata
SuSE Announcements
Turbolinux
Yellow Dog Errata

BSD-specific links
BSDi
FreeBSD
NetBSD
OpenBSD

Security mailing lists
Caldera
Cobalt
Conectiva
Debian
Esware
FreeBSD
Kondara
LASER5
Linux From Scratch
Linux-Mandrake
NetBSD
OpenBSD
Red Hat
Slackware
Stampede
SuSE
Trustix
turboLinux
Yellow Dog

Security Software Archives
munitions
ZedZ.net (formerly replay.com)

Miscellaneous Resources
CERT
CIAC
Comp Sec News Daily
Crypto-GRAM
LinuxLock.org
LinuxSecurity.com
Security Focus
SecurityPortal
   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

See also: last week's Kernel page.

Kernel development


The current development kernel release is still 2.5.1; Linus's prepatch series is now up to 2.5.2-pre10. Many of the recent prepatches were dominated by kdev_t fixes, but that task now appears to be mostly complete. So 2.5.2-pre10 includes buffer cache changes from Al Viro, more USB updates, a large ARM update, and, incidentally, a new scheduler (see below).

As an aside, the kdev_t change is a classic example of how Linus manages kernel development. A proprietary software architect would, after deciding to proceed with this sort of data structure change, instruct one or more lower-level engineers to go through and make the new structure work everywhere. Linus, instead, just fixes the stuff that he uses personally, and assumes that people will come in with patches to deal with the rest. And that is, generally, exactly what happens. And if nobody bothers to fix a certain piece of code, that, too, is useful: it implies that nobody is using that subsystem, and it can be considered for removal.

The current "dj" patch from Dave Jones is 2.5.1-dj13; it is synchronized with 2.5.2-pre9, and includes some additional fixes.

The current stable kernel release is 2.4.17. Marcelo has released 2.4.18-pre2 as the next step toward the 2.4.18 stable release.

Those working with ancient kernels may be interested in the first 2.0.40 release candidate from David Weinehall.

Other kernel trees:

  • Andrea Arcangeli's 2.4 patch is 2.4.18-pre2aa1; it adds a number of fixes, a scheduler update of its own, user-mode Linux, TUX, and more to 2.4.18-pre2.

  • Michael Cohen has released the second 'mjc' kernel, which adds a number of experimental things to the 2.4.17 kernel.

  • Nathan Russell has decided to get into the act with 2.4.18-nj1; this one adds Rik van Riel's reverse mapping VM and a few fixes to the 2.4.18-pre1 kernel.
The -nj1 announcement drew a complaint that, perhaps, the number of kernel trees was getting a little too large.

A new scheduler goes into 2.5.2. One can assume that the worst of the block I/O and kdev_t problems in the 2.5.2-pre series have been dealt with: Linus has decided to stir things up again by replacing the scheduler outright. To make things even more fun, the new code is not one of the scheduler implementations that has been floating around for a while; instead it is a completely new development from Ingo Molnar.

Ingo included a detailed description of how the new code works. The following discussion is drawn mostly from that posting; those interested in the details may well want to go to the original source.

The new scheduler starts, like most of the proposed alternatives, by creating per-CPU run queues. As the number of processors increases, the overhead caused the current global run queue becomes intolerable. A separate run queue for each processor eliminates the need for a global spinlock, and avoids a great deal of cache line contention between processors.

The current Linux scheduler works by passing over every runnable process and calculating a "goodness" value; the process with the highest goodness is the one that gets to run. As the number of runnable processes increases, the goodness calculation gets more expensive. So the new scheduler does away with all of that. It implements, instead, an array of run queues, sorted by priority. When it is time to select a new process to run, the scheduler need only consult a bitmap to find the runnable process with the highest priority and pick it off the appropriate queue. The selection process is thus O(1): it does not take more time as the number of processes grows.

The code is actually a little bit more complicated than that, in that there are actually two run queue arrays. Once a process exhausts its time slice, it is moved from the "active" to the "expired" array, where the priority sorting is retained. When all processes have used up their time slices, the expired and active arrays are switched and the process begins anew.

The per-CPU run queue arrays also have the effect of keeping processes on the same processor. Efficient use of memory caches requires this behavior; the old scheduler also tried to enforce CPU affinity, but not always very effectively. With the new scheduler, instead, a different problem could arise: all of the runnable processes could find themselves contending for a single CPU, while other CPUs sit idle. To avoid this situation, the scheduler will occasionally move processes between processors if the run queues get too far out of balance.

Real-time processes are handled a little differently, and in a way that has drawn a few complaints. There is a single, global run queue for real-time processes. When such a process becomes runnable, all processors are interrupted and race to see who can execute the process first. The idea here is that real-time processes require the minimum possible latency, and there is no way to know in advance which processor will be able to drop what it's doing to run a real-time process. By setting all processors on the task, the new scheduler, through brute force, identifies the processor which can respond most quickly each time. But there will be a cost paid by all other processes on the system, which will find themselves interrupted (briefly, usually) every time a real-time process wants to run.

There are a few other features to the new code. One is that it restored the "run a newly forked child before the parent" behavior that was briefly tried in the 2.4 series. That change has been backed out in more recent versions of the patch, however. The new scheduler also tracks CPU usage over time (a few seconds worth) in an attempt to identify the real CPU hogs on the system. Those processes will find their priorities decreased somewhat so that interactive tasks can run first.

Ingo's explanation also includes a number of benchmark results, all of which show improved performance with the new scheduler. The most impressive, perhaps, is the one that tests pure context switching behavior. With this benchmark, the 2.5.2-pre6 scheduler could do just over 240,000 context switches per second on a two-processor system, and 108,000 on an eight-processor system. In other words, the eight-processor system ran slower due to the increased global run queue and lock contention. With the new scheduler, the results were 977,000 switches per second (two processors) and 6,117,000 per second (eight processors). Not bad.

For another set of benchmarks, see this posting from Mike Kravetz. These results show that the new scheduler could still use some work in places.

As of this writing, Ingo's latest patch is version E1, which is quite small (since most of the patch is already in 2.5.2-pre10). Early versions of the patch generated a fair number of bug reports, but those seem to have slowed down. It's hard to say what will happen in latter 2.5 releases, but the scheduler wars may be over, for now.

ALSA gets ready. Advanced Linux Sound Architecture founder and maintainer Jaroslav Kysela has posted a patch containing the latest ALSA code, ready for inclusion into the 2.5.2-pre9 kernel. Among other things, this version of the subsystem shows the beginning of an effort to strip out the 2.2 and 2.4 compatibility code.

The thing that drew everybody's attention, however, was not the ALSA code itself, but its new directory organization. The patch creates a new top-level sound directory in the kernel tree; many developers had expected to see ALSA in the drivers/sound directory instead. The thinking is that ALSA includes much more that just drivers; there is a whole set of higher-level functions as well. Linus compares the ALSA code to the networking subsystem; network drivers are part of it, but there is much more involved.

The final organization is, in fact, likely to mirror how the networking code is handled. The sound directory will contain most of the ALSA code, but the low-level drivers will stay in drivers/sound. There is still no word on when ALSA will actually be merged, and there probably won't be until it shows up in a prepatch.

How to improve latency? The question of latency - the time it takes the kernel to respond to events - is back on the agenda. There seems to be a consensus that the 2.4 kernel is still too unresponsive for many needs. People working with streaming media tend to be the first to complain, but they are not the only ones.

There are two approaches out there for addressing the latency problems:

  • Find the specific places where the kernel executes for too long and insert explicit "scheduling points" to break them up. Andrew Morton has an extensive low-latency patch which can provide 1ms maximum latency in most situations; he has also sent out a mini low-latency patch for inclusion into the 2.4 kernel. This patch provides a 36ms worst-case latency, but is far less intrusive.

  • Make the Linux kernel preemptible; this is done by allowing the kernel to be kicked off the processor any time it is not holding a spinlock. Essentially, any part of the kernel that is not a spinlock-protected critical section becomes an implicit scheduling point. The current preemptible kernel patch, for both 2.4 and 2.5, is available from Robert Love.
There are considerable differences of opinion over which approach is best - at least, for 2.5. Nobody is really proposing that the preemptible kernel patch go into 2.4; it is far too big a change for that. Many would like to see it in 2.5, however.

The main objection to the preemptible kernel patch is that it breaks a long-standing fundamental assumption: that code running in kernel space will not be preempted until it explicitly gives up the processor. This could lead to no end of weird, difficult to debug problems. But the truth of the matter is that a preemptible kernel does not add any complexity not already introduced by SMP systems. Preemptability appears to have a good chance of winning in the end, but that, of course, is a call for Linus, and he has been silent on the topic.

Other patches and updates released this week include:

  • Jens Axboe has posted a new I/O scheduler (i.e. "elevator") which attempts to ensure that block I/O requests are executed within a given time period. (People wanting to try the patch should use the later version which contains some fixes).

  • A new hashed wait queue patch was posted by William Lee Irwin III.

  • dietHotplug 0.4 was announced by Greg Kroah-Hartman.

  • A new radix-tree page cache patch was announced by Christoph Hellwig and Momchil Velikov.

  • Eric Raymond announced CML2-2.0, a major release which includes new language features and autoconfiguration support. It was quickly followed by the 2.0.1 'brown paper bag' release; the current version is 2.0.4.

  • The SGI Visual Workstation support in the kernel has gone unmaintained for so long that its removal was being considered. No longer: Jesse Barnes has posted a new Visual Workstation patch for 2.4.17.

  • Manfred Spraul has posted a new zero-copy pipe patch.

  • Rik van Riel has released version 11a of his reverse mapping VM implementation.

  • Release 1.0.12 of IBM's journaling filesystem was announced by Steve Best.

  • Paul Larson has announced the Linux Test Project 20020108 release.

  • Trent Jaeger has announced a set of tools for the verification of the hooks used by the Linux Security Module patch. A few problems have been turned up which may result in changes to the LSM patch.

  • Greg Kroah-Hartman has released klibc 0.1, a small C library for applications that go into an initramfs partition. This posting was followed by a request for comments on what is really needed for an initramfs C library and the best way to get there.

Section Editor: Jonathan Corbet


January 10, 2002

For other kernel news, see:

Other resources:

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

See also: last week's Distributions page.

Note: The list of Linux distributions has moved to its own page.

Distributions


Please note that security updates from the various distributions are covered in the security section.

News and Editorials

A New Distribution List. Work has begun on updating the LWN Distribution List. Many people will remember how the long lists of Linux distributions once lined the sides of this page. Then they moved to a page of their own, out of sight and out of mind for many. For some time this list has been falling into a state of disrepair. New distributions were added, but only rarely were defunct distributions removed. Many of the links have gone unchecked since they were first added.

That's in the process of changing. It doesn't show on the current page, but a new list is growing in the background. Entries will look something like this:

Xitnalta Alindis
Link: http://alindis.sunsite.dk/
http://freshmeat.net/projects/alindis/
A comprehensive guide to building a GNU/Linux distribution.

Many people have written to LWN with pointers to new distributions, suggestions for new or rearranged categories, and with the occasional dead link. While it may have seemed that these suggestions dropped into a black hole, they have all actually dropped into a mail folder for further consideration. Less than a third of the list has been checked and updated so far and numerous dead links, changed links, and out-of-place items have been identified. Hopefully a new list will be forthcoming by the end of the month. In the meantime all suggestions for improvement will be considered.

New Distributions

Debian-Med. LinuxMedNews has an announcement for Debian-Med, a medicine oriented Debian distribution project. The project includes: "Support for general practice and laboratory research. The general idea is adopted from the Debian Junior project. So we provide a set of packages which have dependencies from Debian packages which help solve certain tasks."

IPCop Firewall. The IPCop Firewall is a Linux firewall distribution. It is geared toward home and SOHO users with a user-friendly, task-based design. The current version is 0.1.0 and more information can be found at its SorceForge project page. (Thanks to Charles Williams)

Trinity Rescue Kit. The Trinity Rescue Kit version 0.3 has been announced. The TRK is a bootable CD-Rom based on the Red Hat 7.1 distribution.

Xitnalta Alindis. The Xitnalta Alindis project provides a comprehensive guide to building a GNU/Linux distribution. A new draft of the Alindis Documentation has been released.

Distribution News

Debian Weekly News. The Debian Weekly News for January 1 is out. Covered topics include a new net installation CD for Woody, installing evolution on Woody via the apt "pinning" capability, a proposed new package upload policy, and more.

The new Debian maintainer program is working out well, but new sponsors are needed. All Debian developers are encouraged to become sponsors to new maintainers so the process will continue to work.

Here's an update on the state of the potato, the upcoming 2.2r5 release.

Mandrake News. The Mandrake Linux Community Newsletter #24 for January 1 contains articles on MandrakeClub, the new Mandrake Shareholder Newsletter, Cooker ISO images and much more.

The Mandrake Linux Community Newsletter #25 for January 8 covers MandrakeSoft's third anniversary, the newly-available 8.1 ProSuite Gold Edition, and more.

The PHP packages provided for Linux-Mandrake 7.2 in MDKSA-2001:077 did not have support for the mail() function. This update provides that support.

Red Hat News. There will soon be, once again, a version of Red Hat Linux for the Alpha architecture. Red Hat has announced that an Alpha port of Red Hat Linux 7.2 will be available in "Q1 2002."

Red Hat 7.2 for Itanium is available now.

Here's an enhancement advisory for teTeX on Red Hat Linux 7.2 - i386.

Slackware. An upgraded gcc-3.0.3 package, with fixed install script symlink bugs, is now available according to the ChangeLog.

Trustix Secure Linux. Trustix Secure Linux has been hard at work fixing bugs. Here is a note from TSL with some added information. And here are the packages that have been updated.

Yellow Dog Linux. The "Complete Yellow Dog Linux" package is now available.

Minor Distribution updates

2-Disk Xwindow System. The 2-Disk Xwindow System is a small Linux distribution which includes libc2.1, busybox, tinylogin, e3, pppd, several daemons, X, alloywm, chimera, and xpaint. The kernel (2.4.14) supports umsdos, ext2, initrd, floppy, iso9660, PPP, and networking. Version 1.2rc05 was released January 8.

ClumpOS. ClumpOS is a CD-based Linux/MOSIX mini-distribution designed to allow users to quickly, or temporarily, add nodes to a MOSIX cluster. Version R4.3 was released on January 2.

Enterprise Linux 3.0. ImageStream has announced an upgrade to Enterprise Linux 3.0.

floppyfw. floppyfw released development version 1.9.17 of its Linux firewall on a single floppy.

Sorcerer GNU Linux. Sorcerer GNU Linux is a source based GNU Linux distribution. Version 20020103 is now available.

Distribution Reviews

Beehive Linux: A review (linux.nf). Here is a reveiw of Beehive Linux. "I'm impressed with the stability and maturity of this newcomer Linux distribution. It's happily running on my test machine, and, if I can clear up a few more details (and get Galeon running!), I may put it on my production machine."

Redmond Linux: a review (linux.nf). Redmond Linux is reviewed at the Linux.nf site. "I have been following the development of Redmond Linux for a while now, never actually using it. I decided to change around my LAN, and figured now was as good a time as any to give it a try. All I can say is wow. Flawless install in under 20 minutes on a duron600@1050 abit kt7 256megs, generic nic, SBPC 128, tnt2 m64. If you're frustrated by linux, or are thinking about trying it out read on. This is simply the best option for those looking for a windows alternative, or a linux playground/schoolyard."

Section Editor: Rebecca Sobol


January 10, 2002

Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

See also: last week's Development page.

Development projects


News and Editorials

Gopher 3.0 (Furry Terror) released To mark the tenth anniversary of Gopher, the Gopher development team has released version 3.0 of the Internet Gopher Server and Client, " the first new release of the UMN Gopher tree in five years and the result of a year's worth of effort". This release includes fixes for many security bugs, better MIME support, and support for current operating systems.

Gopher is a hypertext system that lacks the graphical capabilities of the web, but it does have file download capabilities. Gopher has been on the endangered species list for quite a while but it may be experiencing a comeback in some circles. The Gopher format is still supported by most of the common web browsers.

The Gopher Project was in use prior to to the wide adoption of the World Wide Web. It offered remote file access without the hassles of logging into an FTP server.

Gopher tends to be a bit more efficient than the web, and is both quicker to use and a lighter load on the server. It could still be a useful protocol for bandwidth and graphics limited devices such as wireless PDAs with small format screens.

The Gopherspace Introduction promotes the protocol and illustrates some of Gopher's history. The Gopher Manifesto documents more Gopher history and contains lots of fun Gopher trivia.

Downloads of the latest versions of the Gopher softweare packages are available here.

Audio Projects

GStreamer 0.3.1 released. Version 0.3.1 of the GStreamer streaming media framework has been released. This version features a number of bug fixes, code restructuring, and reworked utilities. "..this release of GStreamer is still mostly aimed at developers, but users wanting to experiment can test gstreamer using its command line interface documented in the gst-launch man page and in the wiki".

This week on LINUXMUSIC. This week, the LINUXMUSIC site looks at Cow, a set of C++ classes for displaying audio data, Jsynlib, a set of Java synthesizer tools, the terminatorX realtime autio synthesizer, sloop.splitter, a realtime sound effect program, and more audio stuff.

Documentation

LDP Weekly News. The weekly summary from the Linux Documentation Project is out. It looks at the continuing effort to relicense its documents, and gives extensive lists of new and updated HOWTOs.

Education

SEUL/Edu report for January 9, 2002. The January 9, 2002 edition of the SEUL/Edu report is available. This edition takes a look a the new Schoolforge coalition, and other educational free software topics.

The Schoolforge project launches. [schoolforge] The Schoolforge project has announced its existence. Schoolforge is the result of a coalition of education-oriented groups which are working to encourage the use of free software (and more) in the educational system. The Schoolforge site already has a comprehensive collection of free resources available.

Embedded Systems

Contest: Linux4.TV applications. The Embedded Linux Journal is running a contest based on the free "Linux4.TV" set-top box platform. They are looking for proposals for interesting applications for this platform using embedded Linux; proposals are due by February 20.

Embedded Linux Newsletter (LinuxDevices). The LinuxDevices.com Embedded Linux Newsletter for January 3 is available, with the usual roundup of useful stuff from the embedded Linux community.

Kinkatta-Lite ported to Zaurus and iPAQ (KDE.NEWS). The KDE AIM client known as Kinkatta has been ported to the Zaurus and iPAQ PDA platforms. The source code won't be available for a while, but the screenshots look pretty impressive.

Mail Software

Virus Scanner for Squid. Kurt Huwig has announced a patched version of Squid that scans for email viruses using the OpenAntivirus ScannerDaemon.

Network Management

Introducing Hank. Introducing Hank is a document describing the new Hank ("Hank Acts on Network Kaptures") tool. Hank can fill a number of network monitoring roles, including protocol monitoring, intrusion detection, and packet filtering. A version of Hank is available for download now.

Peer to Peer

Distributed Systems Topologies: Part 2 (O'Reilly). Nelson Minar continues his series on peer-to-peer technologies. "In this second part, I introduce seven criteria for evaluating a system design and discuss their relative merits. Systems with hybrid topologies often seem to demonstrate the advantages of the various constituent designs that comprise their makeup."

Web-site Development

Zope News for January 4, 2002. The January 4, 2002 Zope News is out. Topics include the upcoming Python conference, development of Zope 3, ParsedXML changes, the EuroZope mailing list, and more.

The latest Zope Members News. This week, the Zope Members News looks at some Zope LUG news, Zope training, Graph Method 0.3.0, and more.


January 10, 2002


Application Links
GIMP
Mozilla
Galeon
High Availability
ht://Dig
mnoGoSearch
MagicPoint
Wine
Worldforge
Zope

Open Source Code Collections
Berlios
Freshmeat
OpenSourceDirectory
Savannah
Le Serveur Libre
SourceForge
Sweetcode

   

 

Desktop Development


Desktop Environments

Kernel Cousin KDE #29. The January 4, 2002 Kernel Cousin KDE is available. Topics include exporting syntax enlightened source, KBugBuster out of beta, an upgraded KOffice Filter Framework, PIMs, and more.

People of KDE: Christian Couder. This week's People of KDE features Christian Couder, a contributor to the KDevelop project.

GNOME Summary for January 4, 2002. The GNOME Summary for December 16, 2001 through January 4, 2002 is out. Take a look for all of the latest in the world of GNOME.

Evolution 1.0 testimonials. A new new set of Evolution 1.0 testimonial images has been posted. Have a look for information on "Evo nudism," what Alan Cox has in mind, and more.

GNUstep Weekly Editorial. The GNUstep Weekly Editorial for January 4, 2002 is out with coverage of GNUstep developments.

Games

PyDDR: a Dance Dance Revolution clone. Pygame looks at PyDDR this week. "PyDDR is a clone of 'Dance Dance Revolution'. The idea is simple, there's a mat with four directional arrows, and the game scrolls arrows up the screen to the beat while playing a song. When the arrows reach the top of the screen (not sooner and not later), the player hits the corresponding arrow on the pad, and given that it's hit on time with the beat, points are scored."

GUI Packages

FLTK v1.1.0b10 Released. Work continues on the beta releases of FLTK, with the release of version 1.1.0. Beta 10.

Interoperability

Samba turns 10. This week is the tenth anniversary of the first Samba release. Congratulations to the entire team for a decade of excellent and highly useful software! (Thanks to Andrew Bartlett).

Kernel Cousin Wine #112. Kernel Cousin Wine number 112 is available. Topics include building a test suite, cooperating with the Odin project, Lindows, EULA conflicts, and mixed mode CD labels.

Office Applications

KDE.de App of the Month: KNotes. KDE.org examines KNotes as it's KDE.de App of the Month. (in German)

Kernel Cousin GNUe #10. Issue #10 of Kernel Cousin GNUe is out with all of the latest GNU Enterprise developments.

XNotesPlus V3.5 available. Former LWN desktop editor Michael Hammel has announced XNotesPlus Version 3.5, "a personal information manager (PIM) for Linux and Unix systems with full featured support for the Palm Pilot. XNotesPlus is being released as shareware.

Miscellaneous

gFTP 2.0.11 released. A new release of the gFTP FTP client has been announced. Version 2.0.11 features a number of bug fixes.

 
Desktop Environments
GNOME
GNUstep
KDE
XFce
XFree86

Window Managers
Afterstep
Enlightenment
FVMW2
IceWM
Sawfish
WindowMaker

Widget Sets
GTK+
Qt
   

 

Programming Languages


Assembly Language

Osimplay, formerly shasm, is now beta. A beta release of Osimplay, an x86 macro-assembler written in GNU Bash 2 has been announced. "It's reasonably useable, and the bugs that arise may now be small enough to not always require the author to fix, although I would love to know about them. This version of osimplay is public domain."

C

GCC on the AMD x86-64. Thanks to Jan Hubicka, Bo Thorsen and Andreas Jaeger from SuSE, GCC now runs on the AMD x86-64.

Caml

Caml Weekly News for January 8, 2002. The January 8, 2002 edition of the Caml Weekly News is out. News includes a new library, ML GMP, that interfaces Objective Caml with GNU MP and an Objective Caml image processing library known as CamlImages 2.00.

Java

Looking Back and Ahead on ONJava.com (O'Reilly). Steve Anglin discusses Java progress in 2001 on O'Reilly's ONJava.com site. "In the Java world, 2001 saw the development of the Java 2 Enterprise Edition (J2EE) 1.3 and Enterprise JavaBeans (EJB) 2.0 specifications, and the impact of their use with open source Java projects such as Apache's Jakarta Tomcat and Struts. Another important development was the Java API for XML (JAX), aimed squarely at the development of Web services."

Lisp

December 2001 Free the X3J Thirteen! available. The December, 2001 edition of Free the X3J Thirteen! is out. Topics include OpenMCL 0.9, GCL status, McCLIM, CMUCL, SBCL, UncommonSQL, CLOCC, and new cCLan packages.

Perl

Functional Programming (IBM developerWorks). Teodor Zlatanov writes about functional programming in Perl. "Teodor introduces functional programming and several essential Perl idioms important for Perl programmers looking for speed and elegance in their code, such as the map() and grep() functions, and the Schwartzian and Guttman-Rosler transforms."

Perl 6 Porters Digest for January 5, 2002. The January 5, 2002 Perl 6 Porters Digest is out. This issue features discussions on Generators, the beginnings of a signed-to-unsigned migration, Parrot string work, fixed-size output records, and more.

PHP

PHP Weekly Summary for January 7, 2002. The January 7, 2002 edition of the PHP Weekly Summary looks at a number of PHP buf fixes, making PHP run in standalone mode, an updated MySQL extension, and more.

Python

This week's Python-URL. Here's Dr. Dobb's Python-URL for January 7, 2002, with a longer than usual collection of interesting happenings from the Python development community. Topics include PyXML 0.7, Python 2.2 on the Zaurus PDA, PyChecker 0.8.7, an overview of date and time arithmetic modules, a Python time period library , and the upcoming Python conference, among other things.

Daily Python URL. This Week, the Daily Python URL looks at data mining in Python, the Cheetah template engine, and Climate Data Analysis Tools.

Ruby

Ruby Weekly News for January 6, 2002. The January 6, 2002 edition of the Ruby Weekly News covers this week's ruby-talk mailing list discussions. Topics include a Ruby application server, a gzip interface to Ruby, OpenSSL for Ruby, and Cardinal, a Ruby front-end to the Perl 6 Parrot interpreter.

Tcl/Tk

This week's Tcl-URL. Here's Dr. Dobb's Tcl-URL for January 7, 2002 with the latest from the Tcl/Tk community. Topics include processing procedure args, pad and ipad revealed, a weekly regexp lesson, Tcl in systems administration, and lots more.

XML

Real-world XML Schema (IBM developerWorks). Paul Golick and Richard Mader discuss the correct way to define an XML Schema on IBM's developerWorks. "Does your industry provide a set of best practices for XML Schema to streamline industrywide data integration? If not, perhaps it should follow retail's lead. Since 1993, the Association for Retail Technology Standards (ARTS) of the National Retail Federation (NRF) has been developing a standard data model to help retailers integrate applications and interface point-of-sale (POS) data more easily."

XML Anti-Awards 2001. Edd Dumbill points out some of the problems that XML faced in 2001. "As expected, James Clark deservedly scooped up the 'XML Cup' for contributions to the XML industry at XML 2001. To redress the balance in favor of the usual cynical sniping, I'm happy to present the Anti-Awards for 2001, intended to burst some overinflated XML bubbles."

Miscellaneous

OProfile Version 0.0.8 released. Version 0.0.8 of OProfile, a Linux x86 profiler, has been announced. This release adds bug fixes and better library call differentiation.

Introduction to CVS (O'Reilly). Jennifer Vesperman introduces CVS, the widely used Concurrent Versioning System on O'Reilly's ONLamp site.

The MIT Lightweight Languages Workshop (Dr. Dobb's). Eugene Eric Kim covers the MIT Lightweight Language Workshop on Dr. Dobb's.

Section Editor: Forrest Cook

 
Language Links
Caml
Caml Hump
Tiny COBOL
Erlang
g95 Fortran
Gnu Compiler Collection (GCC)
Gnu Compiler for the Java Language (GCJ)
Guile
Haskell
IBM Java Zone
Jython
Free the X3J Thirteen (Lisp)
Use Perl
O'Reilly's perl.com
Dr. Dobbs' Perl
PHP
PHP Weekly Summary
Daily Python-URL
Python.org
Python.faqts
Python Eggs
Ruby
Ruby Garden
MIT Scheme
Schemers
Squeak
Smalltalk
Why Smalltalk
Tcl Developer Xchange
Tcl-tk.net
O'Reilly's XML.com
Regular Expressions
   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

See also: last week's Commerce page.

Linux and Business


BBC providing Ogg streams. The BBC is currently experimenting with providing streams in the free Ogg format. This is an important trial for this format, which, with luck, could help push patented audio formats off the net. If you get a chance to try it out, I'm sure the BBC would appreciate feedback on the trial. (Thanks to Allan Pointon).

Lineo, Metrowerks and Motorola Broadband form Triarc Content Labs. Here's a press release from Lineo, Metrowerks, and Motorola on their new joint venture: Triarc Content Labs. Triarc's purpose is to develop new applications and services for Linux-based set-top boxes.

HP, MSC offer turnkey Linux clusters. HP and MSC Software have announced a partnership to offer turnkey clusters based on HP hardware and MSC.Linux.

'Majesty' for Linux. Linux Game Publishing has announced that it will be porting Cyberlore Studios' game "Majesty" to Linux. The one thing they don't say is when the game will be available.

LinuxWorld to include newbie classes. IDC has announced that the upcoming LinuxWorld Conference & Expo will include a series of "A Taste of Linux" classes aimed at newcomers. The offerings include "Linux 101" by Chris DiBona and "Unix to Linux Migration," taught by Michael Tiemann.

Python & XML from O'Reilly. O'Reilly has announced the release of Python & XML, by Fred Drake and Christopher Jones.

JavaScript: The Definitive Guide, 4th Edition. O'Reilly has announced the availability of the fourth edition of JavaScript: The Definitive Guide.

Corel delisted from LWN LSI. Since Corel has sold its Linux technologies to Xandros we at LWN no longer consider Corel to be a Linux company. It has therefore been removed from the LWN Linux Stock Index.

Linux Stock Index for January 03 to January 09, 2002.
LSI at closing on January 03, 2002 ... 31.94
LSI at closing on January 09, 2002 ... 34.19

The high for the week was 34.19
The low for the week was 31.94

Press Releases:

Open Source Products

Proprietary Products for Linux

Embedded Linux Products

Products and Services Using Linux

Products With Linux Versions

Linux At Work

Java Products

Books & Documentation

Partnerships

Investments and Acquisitions

Section Editor: Rebecca Sobol.


January 10, 2002

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

See also: last week's Linux in the news page.

Linux in the news


Recommended Reading

What is the point of Linux? (IT-Director). IT-Director says that Linux needs better marketing. "One of the problems with the open source model is that there is no governing body to determine the product's future strategy. Whilst this communal approach has been the strength of Linux development so far, could it also be its undoing?"

Lockware (FindLaw). Worth a read: this article on the FindLaw's legal commentary site on Hollywood's "intellectual property" strategy. "But Hollywood will continue to press for the legislation, and it may have an important ally: Microsoft. Digerati have observed that the SSSCA could help kill off threats to Microsoft's monopoly from open-source operating systems such as Linux, as it would be difficult, if not impossible, to build SSSCA-compliant encryption into open-source software, where every line of source code is available for public inspection and modification."

Lawmaker promises changes to online copyright law (CNN). CNN reports on Representative Boucher's attempt to address some of the problems with the DMCA. "Boucher told an audience of musicians, lawyers, and music industry officials at the Future of Music policy summit that his bill would modify section 1201 of the DMCA to allow consumers to defeat copy-protection measures for legitimate personal uses, but would still outlaw circumvention efforts for piracy."

Public money, private code (Salon). Salon looks at pressures within U.S. universities to not release code under free licenses. "Many would regard giving the Internet to the world as a benevolent act fitting for one of the world's great public universities. But Bill Hoskins, who is currently in charge of protecting the intellectual property produced at U.C. Berkeley, thinks it must have been a mistake. 'Whoever released the code for the Internet probably didn't understand what they were doing,' he says."

Linux invades Unix enterprise space (vnunet). This vnunet article says that Linux can now move into "enterprise" deployments, thanks to the inclusion of journaling filesystems. The article contains an interesting claim, though: "However, one problem with journaling file systems is that they easily become fragmented. Due to the nature of its allocation file system, journaling soon ends up with blocks scattered all over the disk. This fragmentation is also true for the Ext2 file systems installed by default on every Linux distribution."

Xanadu project lifts open source kimono (Register). The Register reports on the new Sunless-Sea site, home of the "Xanadu Cyberarcheology Project." Much of the history of the long-lived Xanadu Project is being dug out and made available. "Even though you might find it hard to justify the time to the pointy-haired boss, it's well worth the excursion."

On The Horizon: 'Peer Production' Promises To Leap In Importance (TechWeb). TechWeb looks at the future of 'peer production' - getting others to do some of your work for you. "When 2001 began, open-source software was still viewed as the domain of hobbyists and hackers, and the open-source process was seen as incapable of producing stable, mission-critical business applications. But no more. The open-source Linux operating system remains the fastest-growing operating system out there, and with IBM's huge investment in Linux products, it's moving steadily toward the IT mainstream."

The IDC Top 10 IT industry tips for 2002 (Register). The Register is carrying a set of 2002 predictions from IDC. "Linux will have a 'breakout year.' Last year there were a number of ways the market could have gone - including into the tank. Now it seems clear that Linux has become a viable alternative for enterprise use."

Best of 2001 (IT-Director). IT-Director picks the best products from 2001. "Red Hat Linux: The company that is, perhaps, the most astute when it comes to getting Linux away from the view of Open Source as a hobby, and convincing businesses that it offers a true commercial opportunity. Strong support for a good range of platforms and looks to compete in the UNIX market as much as being an 'anti-Windows' sell. Of all the Linux companies, Red Hat seems to be the one most likely to succeed." StarOffice also made the list.

A look back: 2001 (NewsForge). NewsForge has put up a 2001 retrospective. "Many Open Source-related businesses struggled to find working business plans; the U.S. government explored ways to limit the freedom to code; community nemesis Microsoft took all kinds of potshots at Linux and Free Software license; and it looks as though Microsoft will get off with a slap on the wrist for its antitrust violations. But through it all, the community of Open Source/Free Software coders and users continued to thrive and crank out good software."

Companies

Missouri Attorney General sues Linuxgruven founders (St. Louis Post-Dispatch). Here's an article in a Saint Louis newspaper on the latest in the sad Linuxgruven saga. It seems that the Missouri state attorney general (Jay Nixon) is now suing the company's founders for deceptive trade practices. "Nixon claims that James Hibbits and Michael Lebb lured hundreds of applicants with advertisements for jobs paying $45,000 a year. Once applicants arrived at Linuxgruven offices, interviewers who appeared to be human resource employees said the job applicants first had to pay up to $3,150 for training."

Royal unveils $299 Linux/Microwindows based PDA at CES (LinuxDevices). LinuxDevices.com looks at the new "Lin@x" PDA from Royal. "Applications included with the device include a full featured Internet Browser plus a Personal Information Management (PIM) software suite with Address Book, Calendar with Scheduler, Notes, and Calculator functions. The Lin@x will also ship with an MP3 player application and other multimedia support."

User fury as Sun puts x86 Solaris to sleep (Register). The Register reports that Sun is ceasing development on the x86 version of Solaris. "All in all, it's a minor historic decision by Sun as it leaves no proprietary Unix left in active development on Intel hardware." BSD/OS and QNX RTOS users might disagree with that assessment.

Ximian and theKompany: Converging doctrines (NewsForge). NewsForge compares Ximian and theKompany. "Some people are irritated with both Ximian and theKompany because of their perceived lack of cooperation, which will force users to choose between KDE and GNOME because many applications produced by these two companies will only run on one or the other."

Business

Lindows could give Linux life and worry Microsoft (SiliconValley). Dan Gillmor looks at Lindows in this SiliconValley.com article. "While Lindows will be constructed on top of open-source software, some of its key elements will be proprietary -- a strategy that will not make some open-source advocates happy but which [Lindows founder Michael] Robertson says is essential to making the business work. Lindows won't be the first to meld proprietary and open code, but the potentially high visibility of the project will spark a strong, continuing debate."

How to run a Microsoft-free shop (CIO). CIO tells how to run an operation without Windows. The article is interesting because it concentrates entirely on the politics of moving an organization to Linux, rather than the technical side. "This journey usually starts with a tech executive playing around. Maybe it's a Linux firewall on a home machine. Maybe it's a Linux desktop on an old Pentium that was collecting dust. But it starts at the top. A Microsoft-free IT shop cannot exist without the CIO reading up on and understanding the power of the alternatives."

Red Flag Linux beats out Windows in Beijing (Register). According to the Register, a Beijing municipal software procurement passed over Microsoft and went with Red Flag Linux instead. "China agreed to clean up its act on intellectual property as part of its WTO membership, but the Beijing move suggests that it will do so by opting for local companies. If this is the case western vendors will miss out on the market, and Windows use in China will be steadily eroded by Linux."

Escape from Redmond (Byte). Byte's Jerry Pournelle is looking harder at Linux as the only viable Microsoft alternative. "Simultaneously, there are strenuous efforts to make Linux more user friendly. Some of those are resisted by the guru tribe - what's the point of being an expert if everyone can do all the things you can do? - who try to make newcomers learn all the richness of the command line instead of using Gnome or KDE or some other Graphical User Interface to just get the job done. I've seen this drive new users stark raving mad. Indeed, it nearly happened to me." (Thanks to Atul Chitnis).

Reviews

The StartX Files: Gnumeric 1.0 Proves Stable and Fast (LinuxPlanet). LinuxPlanet reviews Gnumeric 1.0. "And that's something I kept coming back to in this application. No matter what I threw at it, whether over-formatted Excel files or huge workbooks full of data, Gnumeric never faltered or slowed. It's stability and speed in GNOME was excellent. It even clipped right along in KDE, too."

Resources

Network Booting of a diskless Linux device with PXE (LinuxDevices). LinuxDevices.com has put up a how-to article for those interested in booting diskless systems using the PXE (Preboot eXecution Environment) protocol.

Interviews

Interview: Shawn Gordon (DesktopLinux). DesktopLinux interviews Shawn Gordon, CEO of theKompany. "I can't see any difference between earning a living selling proprietary software (and doing open source on the back of it) and, say, selling washing machines (and doing open source on the back of it). In both cases you are making a living that allows you to survive and then do open source work because you like to."

Miscellaneous

Forcing Linux on a crap Presario laptop (Register). Here's a different sort of installation nightmare story from The Register. "But I did fdisk the little junker, and it did feel awfully good. And then I set about forcing Linux down its ungrateful Windows-compatible little throat."

Linux Gazette #74. The January Linux Gazette is out. Articles in this issue include looks at micro_httpd, installing from source, Cuyo, socket programming, and more.

Section Editor: Forrest Cook


January 10, 2002

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

See also: last week's Announcements page.

Announcements


Events

LinuxWorld Offers 'A Taste of Linux'. The LinuxWorld conference, to be held from January 29 to Febrary 1, 2002 in New York City, is offering a series of introductory classes on the basics of Linux.

YAPC::Europe::2002 (Munich) - Call for Papers. YAPC::Europe will be held in Munich on September 18 to 20. The call for papers is out now; the theme of the conference this time will be "The Science of Perl." Proposals will be accepted through the end of July.

FOSDEM interview: DJ Adams. The Free Software and Open Source Developers Meeting has posted another interview with one of the speakers at the upcoming event. This one is with DJ Adams, Jabber instant messaging developer. "One really attractive feature of Jabber is the low cost of entry. By this I mean that Jabber's protocol is simple. If you can read and construct XML, and use TCP sockets, you can turn Jabber to your advantage. The open source Jabber server is written in C, and the codebase is fairly small, which means that it's not an impossible task to get a grip on what's going on from end to end."

Events: January 10 - March 1, 2002.
Date Event Location
January 28 - 29, 2002The Conference on File and Storage Technologies(FAST 2002)Monterey, CA
January 29 - February 1, 2002LinuxWorldNew York, NY
February 1 - 3, 2002Linux Event 2002Livorno, Italy
February 3 - 6, 2002Embedded Executive Summit(Ritz-Carlton)Half Moon Bay, California
February 4 - 7, 200210th International Python Conference(Hilton Alexandria Mark Center)Alexandria, Virginia
February 5, 2002OMG Information Days Europe 2002Amsterdam
February 6, 2002OMG Information Days Europe 2002Brussels
February 6 - 9, 2002linux.conf.auBrisbane, Australia
February 7, 2002OMG Information Days Europe 2002Paris
February 8, 2002OMG Information Days Europe 2002Madrid
February 13 - 15, 20021st CfP German Perl Workshop(Fachhochschule Bonn-Rhein-Sieg, Sankt Augustin)Bonn, Germany
February 16 - 17, 2002Free Software and Open Source Developer's Meeting(FOSDEM 2002)(Brussels, Belgium)Brussels, Belgium
February 18, 2002OMG Information Days Europe 2002Milan
February 19, 2002OMG Information Days Europe 2002Zurich
February 20, 2002OMG Information Days Europe 2002Munich
February 21, 2002OMG Information Days Europe 2002Vienna
February 22, 2002OMG Information Days Europe 2002Budapest
February 25, 2002OMG Information Days Europe 2002Prague

Additional events can be found in the LWN Event Calendar. Event submissions should be sent to lwn@lwn.net in a plain text format.

Web sites

New Portugese Security Portal System. PTnix is a Portugese language security portal for Unix and Linux. (Thanks to Pedro Inacio)

Help Wanted

Linux Guru Wanted. a chip design company in the Orange County, CA area is looking for a linux guru who has kernel and embedded development skills.

Section Editor: Forrest Cook.


January 10, 2002

   

 

Software Announcements


Here are this week's Freshmeat software announcements. Freshmeat now offers the announcements sorted in two different ways:

The Alphabetical List and Sorted by license

 

Our software announcements are provided courtesy of FreshMeat

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

See also: last week's Linux History page.

This week in Linux history


Ten years ago: the first version of Samba was released.

Six years ago: LILO version 17 was released as was Qt 0.93 for Linux.

Five years ago: StarOffice Beta 3 was released.

Four years ago: S.u.S.E. Linux 5.1 was released. A French language edition of Red Hat Linux 5.0 was also released.

Three years ago (January 14, 1999 LWN): Creative Labs was in the news concerning the release of information on their Sound Blaster Live card. The company had done a turnaround in policy, starting with the position of not wanting to release its proprietary information and ending with a job posting for a Linux programmer. One can now find a device driver for the Emu10K chip in the Linux kernel source.

LinuxWorld.com ran an article on the Gimp and some potential problems due to two principal developers leaving. "If the story of Gimp's development represents an emerging pattern, then all is not well for open source software." Gimp still appears to be alive and well, so perhaps these problems were overrated.

The press pundits were predicting that 1999 would be the year of Linux, which it was, as was 2000 and 2001 ...

The OpenSSL project was announced. Its goal of creating an open-source full featured secure communications package has been reached, and it is still going strong.

The development kernel was version 2.2.0 pre7 with the 2.2.0 release coming soon. Various Linux distributions were readying their systems for the new kernel. Also, the Kernel Traffic newsletter was introduced.

In the development world, Gnome 0.99.3, code named Profiling Bonobo was released. Digital Creations (now Zope Corp.) opened up the source code to DCOracle, a Python extension to the Oracle database.

Corel introduced their Netwinder thin server product which ran Corel's own port of Linux. That seemed significant at the time.

Tucows opened Linuxberg, still the place to find all things Linux at Tucows.

Two years ago (January 13, 2000 LWN): The Uniform Computer Information Transactions Act (UCITA) was attracting opposition. It contained a number of unpleasant components for the customers of commercial software, including remote shutdown code, contracts that could not be read until the box was opened, and transferability restrictions. Reverse engineering was also under attack, something that affected Linux developers. UCITA has since passed in a small number of states in the US and still remains as a threat.

Michael Tiemann, formerly from Cygnus, moved into the position of Red Hat's Chief Technical Officer after the acquisition of Cygnus by Red Hat. Red Hat also managed to complete a stock split, things were riding high and wild in the world of Linux stocks.

The second draft of the US cryptography regulations were discussed, some of the rules were about to be relaxed. This affected Linux in that the kernel could contain more secure versions of the encryption software without the need for user intervention.

The development kernel was up to version 2.3.39 with a 2.3.40 prepatch available. Lots of USB changes were in progress along with many other things. The stable kernel was version 2.2.14.

In the world of distributions, it was claimed that the Chinese government may have banned Windows 2000 in favor of Red Flag Linux. While Microsoft products were never banned, Red Flag Linux and other localized versions such as Bluepoint Linux remain popular in China.

The Linux Professional Institute announced free Linux exams and signed up over 300 people in a short time.

Caldera Systems filed for its IPO. The now renamed Caldera International succeeded in going public, and later acquired SCO, shifting some of its Linux focus into SCO's UNIX products.

LinuxOne's IPO filing wasn't looking very likely to succeed, people in the financial world were beginning to notice the real lack of technical substance in the company.

One year ago (January 11, 2001 LWN): The 2.4.0 kernel was released on January 4, 2001. This long awaited stable version of the Linux kernel left developers with no development branch to work on. The ancient kernel release 2.0.39 was announced on January 9, ending development on that branch. The older stable kernel release was at 2.2.18 and while occasional bug fixes were still getting in, new features were not accepted. New features were not accepted on the 2.4 branch either, at least at first. Most of the new features have had to wait nearly a year, for the recently announced 2.5. series to begin.

In the closed-source world, releases are a big deal because they are seen very seldom and usually contain major feature additions. By contrast, an open-source software release is essentially a milestone -- a declaration that what was already available is now stable.
-- LinuxDevices.com

The soon to be released Filesystem Hierarchy Standard v2.2 was discussed.

Bruce Peren's online magazine Technocrat.net shut down.

Lineo, Inc. announced the release of the uClinux 2.4 kernel. Mozilla 0.7 was released. Turbolinux started selling IBM Linux-based software. The NSA released a prototype of its Security-Enhanced Linux System.

There was much ado about a short-lived movie called "Antitrust", which contained a cameo spot with Miguel de Icaza and screen shots of GNOME.

Already, members of the open-source community are salivating over the film's release. They've flocked to the official MGM Web site to bash Microsoft and extol the virtues of open-source software. The forums there read more like postings on the open-source news Web site Slashdot than the starstruck opinions that often appear on such sites. Some postings urge people to switch to Linux. Others offer tech support.
-- News.com

Too bad the movie wasn't as good as the software it portrayed.

Section Editor: Rebecca Sobol.


January 10, 2002

LWN Linux Timelines
1998 In Review
1999 In Review
2000 In Review
2001 In Review

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

See also: last week's Letters page.

Letters to the editor


Letters to the editor should be sent to letters@lwn.net. Preference will be given to letters which are short, to the point, and well written. If you want your email address "anti-spammed" in some way please be sure to let us know. We do not have a policy against anonymous letters, but we will be reluctant to include them.

January 10, 2002

   
From:	 Andreas Tretow <tretow@snafu.de>
To:	 letters@lwn.net
Subject: Alternative kernel trees will grow in importance
Date:	 Tue, 08 Jan 2002 13:44:27 +0000

In your predictions for 2002 you write that "increasingly, the kernels 
that people actually run will be produced by somebody else."

Wow, what a prediction. Especially since Linus Torvalds now maintains 
the development kernel 2.5. A kernel that is not designed to be run in 
production environments. The stable release 2.4.x, which is being 
maintained by Marcelo Tosatti will obviously be the one that most people 
will sooner or later run on their systems. As the 2.4.x series matures 
it is only natural that people will increasingly switch from the 2.2.x 
kernels and the older 2.4.x (which were maintained by Linus).

Andreas


   
From:	 "Gregor N. Purdy" <gregor@focusresearch.com>
To:	 letters@lwn.net
Subject: Kernel version nomenclature
Date:	 08 Jan 2002 09:07:33 -0500

Friends --

>From the "my $0.02" department...

With the proliferation of kernel versions we've seen over the last
few years, I'd like to suggest a slight change to the way folks label
their kernels. Just yesterday the Daily Updates section of LWN had a
news item about Linus' 2.5.2-pre10, with 2.5.1-dg13 also mentioned, but
the note says it is caught up as far as 2.5.2-pre9.

I would suggest that "the first 'dj' kernel based on 2.5.2-pre9"
should be called 2.5.2-pre9-dj1, not 2.5.1-dg13. On a similar note,
I'd love to see vendor kernels named similarly. My RedHat 7.2 box
is running 2.4.9-13. Of course, that really means 2.4.9-rh13. The
13th build/revision/iteration/whatever of kernel 2.4.9 made by
RedHat.

As long as we don't end up with derivative chains too many levels
deep, this should work fine and be easier to follow. If everyone's
leftmost chunks match those of Linus' or Marcelo's official kernels,
then its clear from the name alone what code its based on.


Regards,

-- Gregor
 ____________________________________________________________________ 
/            Inspiration >> Innovation >> Excellence (TM)            \

   Gregor N. Purdy                         gregor@focusresearch.com
   Focus Research, Inc.               http://www.focusresearch.com/
   8080 Beckett Center Drive #203                  513-860-3570 vox
   West Chester, OH 45069                          513-860-3579 fax
\____________________________________________________________________/

[finest@newyork.ny.us]$ ping osama.taliban.af
PING osama.taliban.af (68.69.65.68) from 20.1.9.11 : 56 bytes of data.
>From 85.83.77.67: Time to live exceeded

   
From:	 Kay Hayen <KayHayen@gmx.de>
To:	 peter.w.lawson@noaa.gov
Subject: Installing applications
Date:	 Sun, 6 Jan 2002 22:31:49 +0100
Cc:	 letters@lwn.net


Regarding setup.exe and Linux for installations, 
Peter Lawson writes:

"Usually it works.  Why can't it be that easy in Linux?"

It could be and sometimes does.  

Yet, the "problem" about Linux is that people using their freedom to do 
things they love. Getting things right for 95% is not one of those. They
either make it work for 100% or just themselves and expect others to
make it work for themselves.

Let me ask rhetorically: If Windows works 95% of the time, why don't 
people want to use it, what's so bad about 5% of the installs killing 
your system? You can always reinstall, can't you? 

I personally love about Linux the make-it-possible or do-it-right 
attitude. This is why apt-get exists. In my eyes, it's the do-it-right
for software installation. Now if Debian was only more easy to
install, but probably it never will, since I e.g. don't think I will have
to reinstall Debian all that soon. Simply because they solved how
to update a running system the right way.

Yours, Kay Hayen



   
From:	 "Marty Leisner" <mleisner@eng.mc.xerox.com>
To:	 letters@lwn.net
Subject: How easy things are with windows...(NOT!!)
Date:	 Fri, 04 Jan 2002 13:38:30 -0500
Cc:	 peter.w.lawson@noaa.gov, leisner@rochester.rr.com


I've installed more than 100 installations
since I started using linux.

Peter Lawson's letter on 1/3/2002 makes statements 
which I take issue with.   Seems I tinker with whatever
machine is in front of me -- and I know if its an open
source machine I can reach a favorable conclusion if I
spend the time.   Otherwise, i often have to give up and
accept a status quo.

I recently spent hours with a friend who bought
a "cutting edge" Dell 2 years ago (nVideo card, 
DVD player, CD-RW).   

We needed to reinstall windows 98 -- after many hours
of playing around, we finally got the system working
(seems the windows distribution CD rom is useless with
this combination of hardware) -- we downloaded drivers from
the net, used "additional" CDs -- I'm going to write dell
an angry letter about how they sell a machine without a 
"cookbook" way to install which works.

I've seen a number of machines where redhat installed
painlessly and windows was a pain in the arse!!
Also the other way around...

Far too many times I click on setup of some application in
windows, and it doesn't WANT to setup for (for some reason).
At least if I can follow a manual path, I can override the
setup which failed -- which is a very rare case in windows.
Many times when installing an application is a problem, I regress to
a "clean machine".

I would recommend to Peter Lawson to take advantage of
mailing lists and search engines like google and to take
old FAQs with a grain of salt.  On second thought, why
doesn't Mr. Lawson contribute something by documenting
his difficulties and providing a "recipe" to get things working.

I've often found installing RPMs for binaries for a redhat system
a breeze.

marty           mleisner@eng.mc.xerox.com   
Don't  confuse education with schooling.
        Milton Friedman to Yogi Berra

   
Eklektix, Inc. Linux powered! Copyright © 2002 Eklektix, Inc., all rights reserved
Linux ® is a registered trademark of Linus Torvalds