[LWN Logo]
[LWN.net]

Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise news for all interests


Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

Other LWN stuff:
 Daily Updates
 Calendar
 Linux Stocks Page
 Book reviews
 Penguin Gallery

 Archives/search
 Use LWN headlines
 Advertise here
 Contact us

Recent features:
- RMS Interview
- 2001 Timeline
- O'Reilly Open Source Conference
- OLS 2001
- GaŽl Duval
- Kernel Summit
- Singapore Linux Conference
- djbdns

Here is the permanent site for this page.

See also: last week's LWN.

Leading items and editorials


Do you miss the bubble days? Only two years ago, Linux was still riding high in the stock market, and money seemed to be everywhere. Exciting new companies were popping up, IPOs were in the works, and jobs were easy to come by. It was an exciting time, and, in some ways, more fun than the harder times we are experiencing now.

It is hard to welcome recession, but the dotcom bubble (and Linux's small part in it) are something we are better off without. A reminder of that came in this week, in the form of this press release from NASD Regulation on its finding against Credit Suisse for, among other things, its handling of the VA Linux Systems IPO. Here's what was going on back then:

For example, after a CSFB customer obtained an allocation of 13,500 shares in the VA Linux IPO, the customer sold two million shares of Compaq and paid CSFB $.50 a share -- or $1 million -- as a purported brokerage commission. The customer immediately repurchased the shares through other firms at normal commission rates of $.06 per share at a loss of $1.2 million on the Compaq sale and repurchase because of the $1 million paid to CSFB. On that same day, however, the customer sold the VA Linux IPO shares, making a one-day profit of $3.3 million.

The Linux community had become the plaything of some fairly sleazy people with their own agendas. The amateurs (i.e. LinuxOne) didn't get very far, but the pros made out quite well. For a while, anyway. The bubble had little to do with Linux, and it distorted many of the community's priorities in unfortunate ways. With its end, we have been able to get back to the things that really matter.

And we are doing well. The software keeps getting better, and adoption continues to rise. Those who expected Linux to disappear with the dotcoms have been surprised, and many are taking another look. Linux companies have certainly not seen the end of their hard times; nonetheless, the optimistic among us can begin to see signs of better times ahead. The next big surge in interest in Linux (and free software in general) may be about to happen; with luck, it may come about in a more rational way this time. In the end, it's about the software, and sustainable ways to ensure its continued development.

On Lindows. We occasionally receive mail asking why we do not give more attention to Lindows and its upcoming distribution. For the most part, we have been waiting to see what actually comes out of the company. The Lindows distribution remains vaporware, and proprietary vaporware at that. There has been very little to write about, so far.

The great promise of Lindows, of course, is its ability to run Windows applications. There is little word on how that will be accomplished; it appears that a set of proprietary add-ons to Wine will be employed. The goal of supporting Windows applications is a good one; such a system can help those who are interested in migrating toward Linux, but who have applications that they are unwilling to leave behind. And one assumes that people needing to run proprietary Windows application will not have too much trouble paying for a proprietary Linux system to run them on.

This plan might just work. That assumes, however, that Lindows manages to release a system that works well enough for Windows users. That may eventually happen. Meanwhile what has come out of Lindows has not been all that encouraging.

There is, for example, the little trouble of getting sued by Microsoft. Whether or not you believe that Microsoft's claim of trademark infringement is justified, getting into that sort of fight is not going to be good for a startup company. And it's not just Lindows that suffers; consider this bit of joy from a Lindows "Michael's Minutes" column:

Also, we feel obligated to disclose to you that we were compelled to disclose your email address to Microsoft during the discovery process as well as the content of many of your messages sent to us.

This suit, in other words, has turned Lindows into a source of information for Microsoft on Linux users and what they are saying. Cool.

Lindows is trying to present itself as part of the free software community. So, for example, we now have the "LindowsBuzz" site:

LindowsBuzz was developed to promote the evolution and adoption of the Lindows Operating System (LindowsOS) through community involvement, evangelism, and cooperation.

As if that weren't enough, there's LindowsHelp, LindowsDEV, and even eLugs. It all looks like cool community stuff, but there's just one problem: there's no community. There is no software to run, no view of or participation in the development process, nothing but marketing materials.

That's not quite true, actually; there is the Lindows Insiders program. All you have to do is send them $99 and:

Agree to a non-disclosure agreement, keeping the program itself and those things you learn as a Lindows.com Insider confidential, just as any Lindows.com employee would.

Lest you set your expectations too high, the Insiders program page also warns: "Although certain Insiders may be called upon to review and/or test the OS as it develops, joining the Lindows.com Insiders program does not guarantee this..." Red Hat users who want to know where the system is going can look at Rawhide, Mandrake users have Cooker, and Debian users can look at sid. Lindows users get to pay $99 and, if they are lucky, they get a beta of the operating system under a nondisclosure agreement.

Lindows may yet succeed in building a Linux-based business - that remains to be seen. With luck, the company will thrive and bring in millions of new desktop Linux users. But Lindows is seemingly unaware of how the Linux community works; it would like to wear the trappings of the community without actually being a part of it. It's not surprising that the Linux community has generally reacted to Lindows with yawns.

(Update: we've been told that the Lindows "Sneak Preview" was released to some "insiders" just as this article was published. LindowsOS is perhaps beginning to become less of a vapor product).

Microsoft remedy comment period ending soon. It is a commonly (though not universally) held opinion in the Linux community that the proposed remedy for Microsoft's anti-competitive behavior is inadequate. In fact, the remedy seems unlikely to change much. For the most part, it will leave Microsoft free to carry on pretty much in the usual ways.

American antitrust law mandates a comment period before remedies are imposed. Comments received must be published by the government, with responses. In this case, that period is coming to a close: comments have to be in by January 28 to be considered. If you have something to say with regard to the settlement, time is running out.

Dan Kegel's remedy page seems to be the definitive resource for information on the proposed remedy and the comment process.

LWN turns four. The very first LWN weekly edition came out on January 22, 1998. That means we've now been doing this for over four years. It has certainly been an interesting time, and it shows no signs of getting less so in the future. We're looking forward to seeing what happens next.

Meanwhile, we would like to say "thank you" to all of our readers who have kept us going for so long. Writing for this audience is a great pleasure.

Inside this LWN.net weekly edition:

  • Security: Seeking the RST.b virus; a Mozilla Cookie Exploit
  • Kernel: Reverse mapping VM; the Athlon bug; needing ACPI.
  • Distributions: Distributions Lost and Found.
  • Development: XFree86 4.2.0, heartbeat 0.4.9a, DigiTemp 2.3, Audacity 0.98, GNOME 2.0 alpha, Xfce 3.8.14, Gnumeric 1.0.3, SBCL 0.7.0, Apocalypse 4, glibc 2.2.5.
  • Commerce: Lineo's embedded application migration tools; MontaVista announcements; LinuxWorld announcements.
  • History: New Alpha and Sparc versions of Linux and glibc 2.0; the birth of Mozilla; the long-awaited 2.2.0 kernel release.
  • Letters: Loadable modules and security; why a Red Hat acquisition would matter.
...plus the usual array of reports, updates, and announcements.

This Week's LWN was brought to you by:


January 24, 2002

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

See also: last week's Security page.

Security


News and Editorials

Qualys Detects and Provides Analysis of Newly-Discovered Linux Trojan. Qualys has put out a press release on how its tools can detect and remove the "new and potentially dangerous Remote Shell Trojan, referenced as RST.b, with backdoor and self-replicating functionality." If anybody out there has actually encountered this beast, we would be interested in hearing about it.

MS' highest priority must be security - Billg (Register). The Register has Bill Gates's memo stating that Microsoft will now focus on security. Plus, of course, some commentary of their own. "Hello? Earth to Bill -- it took years of grinding public humiliation for MS to make a simple modification preventing malicious executables from launching automatically in Outlook. If this is Gates' idea of a security job well done, then all we have here is another PR smokescreen."

Security Reports

Mozilla Cookie Exploit. According to this Bugtraq post from Marc Slemko a bug in versions prior to Netscape 6.2.1 or Mozilla 0.9.7 allows "...an attacker to, if he can convince the user's browser to load a given URL, steal their cookies for any given domain. It does not require that active scripting is enabled in the browser, and can be done with something as simple as an image tag." Since many sites use cookies for authentication, an attacker may be able to impersonate a user by using cookies stolen in this manner.

Red Hat security update to uucp. Red Hat has updated its uucp package to fix a vulnerability in the uuxqt utility. It seems that uuxqt does not check its options very well, allowing an attacker to execute commands as the uucp user. If you have uucp installed on your system (even if you're not actually using it), you may want to apply this update. But, this subsequent Bugtraq posting states that the Red Hat update does not fix the whole problem.

Security update to enscript. Enscript has a temporary file handling bug. Updates fixing the problem were released by Debian and Red Hat.

Red Hat security update to OpenLDAP. Red Hat has issued a security update to OpenLDAP fixing an access control problem in that package.

Conectiva security update to MySQL. Conectiva has issued a security update to MySQL. It seems that they set up MySQL to do some pretty thorough logging in a world-readable manner, which could expose sensitive information to unwanted parties. This problem is specific to Conectiva.

Mandrake security update to jmcce. MandrakeSoft has issued a security update to jmcce (a Chinese text display tool) fixing a temporary file vulnerability in that program.

web scripts. The following web scripts were reported to contain vulnerabilities:

  • Chuid allows non-webserver owned PHP scripts to accept uploads regardless of the PHP "safe mode" setting.. This Bugtraq post strongly encourages upgrading to chuid 1.3 to avoid vulnerabilities that could allow a user to change the uid of files outside of the designated upload directory (even those owned by root).

Updates

Heap corruption vulnerability in at. The at command has a potentially exploitable heap corruption bug. (First LWN report:  January 17th).

This week's updates:

Previous updates: exim remotely exploitable vulnerability. It seems that, for certain exim configurations, a properly crafted mail message may cause an arbitrary command to be executed. Not good; upgrades are recommended. (First LWN report:  January 17th).

Red Hat only offers exim in the Powertools package. It is not vulnerable in the default Powertools configuration.

This week's updates:

Previous updates:

Format string vulnerability in groff. A format string problem exists in groff; apparently it could be remotely exploited when it is configured to be used with the lpd printing system. (First LWN report: August 16, 2001).

The stable release of Debian is not vulnerable.

New updates:

Previous updates:

ProFTPD remotely exploitable vulnerabilities. This is a security update with fixes for a couple of remotely exploitable vulnerabilities. (First LWN report:  January 10th).

This week's updates:

Previous updates: Remotely exploitable vulnerability in pine. Pine has an unpleasant vulnerability in URL handling vulnerability which can lead to command execution by remote attackers. (First LWN report:  January 17th).

This vulnerability is remotely exploitable; updating is a good idea.

Note: If an update isn't yet available for your distribution, setting enable-msg-view-urls to "off" in pine's setup will avoid the vulnerability. (Thanks to Greg Herlein).

This week's updates:

Previous updates: Format string bug in stunnel. Stunnel has a format string bug described in detail here. Versions prior to 3.15 are not vulnerable. LWN first reported the problem on January 3rd.

This week's updates:

Previous updates: Nasty security hole in sudo. The sudo package, used to provide limited administrator access to systems, has an unpleasant vulnerability which makes it relatively easy for a local attacker to obtain root access. If you have sudo on a system with untrusted users, you probably want to disable it until you can get a fix installed. (First LWN report:  January 17th).

This week's updates:

Previous updates: XChat session hijacking vulnerability. The XChat IRC client has a vulnerabilty that allows an attacker to take over the users IRC session. (First LWN report:  January 17th).

This week's updates:

Previous updates:

Resources

Security-Enhanced Linux update. The SELinux web site was updated with new stable (2.4) and development (2.5) SELinux prototypes. "The stable (2.4) LSM-based SELinux prototype was updated to kernel 2.4.17 and was updated to include a number of bug fixes and minor enhancements made since the previous release. A new development (2.5) LSM-based SELinux prototype based on kernel 2.5.2 was also added to the site."

William Stearns and Michal Zalewski released p0f version 1.8. "p0f is the passive OS fingerprinting utility that can identify a remote machine from just the syn packet of an incoming connection."

Events

Upcoming Security Events.

Register for CodeCon 2002 by February 1st and get a ten dollar discount. "CodeCon is the premier event in 2002 for the P2P, cypherpunk, and network/security application developer community." CodeCon 2002 will be held at DNA lounge in San Francisco, February 15th to 17th.

Date Event Location
January 30 - February 2, 2002Second Annual Privacy and Data Protection SummitWashington D.C., USA
February 15 - 17, 2002CODECON 2002San Francisco, California, USA
February 18 - 22, 2002RSA Conference 2002San Jose, CA., USA
March 11 - 14, 2002Financial Cryptography 2002Sothhampton, Bermuda
March 18 - 21, 2002Sixth Annual Distributed Objects and Components Security Workshop(Pier 5 Hotel at the Inner Harbor)Baltimore, Maryland, USA

For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net.

Section Editor: Dennis Tenney


January 24, 2002

LWN Resources
Security alerts archive

Secured Distributions:
Astaro Security
Castle
Engarde Secure Linux
Immunix
Kaladix Linux
NSA Security Enhanced
Openwall GNU/Linux
Trustix

Security Projects
Bastille
Linux Security Audit Project
Linux Security Module
OpenSSH

Security List Archives
Bugtraq Archive
Firewall Wizards Archive
ISN Archive

Distribution-specific links
Caldera Advisories
Conectiva Updates
Debian Alerts
Kondara Advisories
Esware Alerts
LinuxPPC Security Updates
Mandrake Updates
Red Hat Errata
SuSE Announcements
Turbolinux
Yellow Dog Errata

BSD-specific links
BSDi
FreeBSD
NetBSD
OpenBSD

Security mailing lists
Caldera
Cobalt
Conectiva
Debian
Esware
FreeBSD
Kondara
LASER5
Linux From Scratch
Linux-Mandrake
NetBSD
OpenBSD
Red Hat
Slackware
Stampede
SuSE
Trustix
turboLinux
Yellow Dog

Security Software Archives
munitions
ZedZ.net (formerly replay.com)

Miscellaneous Resources
CERT
CIAC
Comp Sec News Daily
Crypto-GRAM
LinuxLock.org
LinuxSecurity.com
Security Focus
SecurityPortal

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

See also: last week's Kernel page.

Kernel development


The current development kernel release is still 2.5.2. Linus has issued 2.5.3 prepatches up to 2.5.3-pre4; this prepatch has a working ATA/IDE layer, a reworking of the in-core inode structure, and a lot of fixes.

Those interested in what is happening with the 2.5 kernel may want to have a look at Guillaume Boissiere's 2.5 Status summary. This summary is now also available on the KernelNewbies.org site.

The current stable kernel release is 2.4.17. Marcelo's latest prepatch is 2.4.18-pre7, which contains quite a few fixes and updates, and not much else. A 2.4.18 release candidate has not yet been issued.

Other kernel tree releases: Dave Jones has released 2.5.2-dj4; this one is updated through 2.5.3-pre2. It adds a more recent version of the scheduler patch, various fixes, and a major update which makes all input devices use the input layer. As a result, people who run this kernel will have to enable some new configuration options, and probably change their X server configuration as well - unless, of course, they have no keyboards or mice to worry about. See Vojtech Pavlik's note for more information on what is required.

Andrea Arcangeli has announced 2.4.18-pre4-aa1. The most interesting thing in this patch, perhaps, is a change which lets the kernel put page tables in high memory. "It only compiles on x86 and it is still a bit experimental. I couldn't reproduce problems yet though."

2.0.40-rc2 has been released by David Weinehall. This one will go out as the real 2.0.40 stable release unless somebody comes up with a good reason why it shouldn't.

What Rik van Riel is up to. VM hacker Rik van Riel may have taken a bit of a setback when Linus replaced his code with an alternative virtual memory implementation in the 2.4 series. He has not, however, given up on VM work; instead, he has been steadily releasing a set of "reverse mapping" ("rmap") patches for the 2.4 kernels. The rmap code was incorporated into 2.4.18-pre3-ac2 by Alan Cox, who compares the rmap VM favorably with the much-respected FreeBSD memory implementation.

So perhaps it's time to give rmap a look, starting with a bit of superficial background. Linux, of course, is a virtual memory system. This implies that every address generated by a process must be looked up (by the hardware) in a page table. The page table entry (PTE) will either map the address onto a physical memory address or note that the page is not present.

A key point is that a page table is a one-way mapping. Given a virtual address in a process's context, the corresponding physical address may be found. But there is, in the stock kernel, no easy way to find which page table entry (in which process's context) refers to a specific page. Things are complicated by the fact that pages can be shared among processes as well; if a page in memory holds code from the C library, for example, there will be many page table entries pointing to it. The only way to find them is to scan every process's page tables, looking for matching entries. That is a long and expensive task.

The one-way nature of the Linux VM makes memory management tasks harder. Before the kernel can free a given page in physical memory, it must find and mark every page table entry pointing to that page. This is done by scanning page tables and "freeing" pages by invalidating page table entries and decrementing the reference counts on the corresponding pages. When the reference count goes to zero, the system knows that the page is now truly free.

Managing physical memory by scanning virtual memory is inefficient. Many tables may have to be scanned before a given page can be freed. And if the kernel has a pressing need to free pages in a particular zone (subsection of physical memory), scanning virtual memory is not particularly helpful. It may be necessary to look at a large number of PTEs before finding a single page in the right zone.

The solution to these problems is reverse mapping, the creation of a data structure which, given a physical page, can return a list of PTEs which point to that page. The logical place for this information is the system memory map, which is an array of struct page structures, one for each page of physical memory on the system. Rik's patch adds a pte_chain member to the page structure; it points to a simple linked list of pointers to PTEs. Access is thus simple; if you have a physical page you want to work with, just go to its page structure and follow the chain.

Once you have that capability, a number of things become possible. Freeing a page is now straightforward, since all of the relevant PTEs can be found and modified at once. It is also easier to keep track of which pages are actually being used; follow the pte_chain and check each entry's "referenced" bit, and adjust the page's "age" accordingly. This information will help the VM system pick the right pages to throw out. If memory is tight in a particular zone, the physical pages in that zone can be scanned directly without having to sift through tremendous numbers of irrelevant page table entries. All of these features will help to create a more responsive and stable VM under varying loads.

There is a cost, of course. The page structure has a new field, the pte_chain pointer. Then there are linked list entries for the reverse mappings. This extra memory usage matters. As a simplified, "back of the envelope" calculation, consider a 32-bit system with 128MB of main memory, using 4KB pages, and with exactly one PTE for every physical page. This system has 32768 pages; the overhead for the pte_chain, at 12 bytes/page, will occupy almost 400KB of memory - 96 pages. That is a substantial increase in the kernel's memory use - some would call it severe bloat.

The memory used for reverse mappings is actually pretty small compared to the full overhead of the VM system. Even so, the rmap patch tries to mitigate that impact somewhat with another change. The standard Linux page structure includes a wait queue for any process that needs to perform an exclusive operation on the page. That wait_queue_head_t field takes up 12 bytes (i386 architecture, at least) and tends to be unused much of the time. It is not often that a process must actually wait on a page. So, in the rmap patch, the wait queue has been removed from the page structure. Instead, a much smaller list of wait queues is maintained; for a given physical page, a hash function is used to find the associated wait queue. Occasional collisions will occur, resulting in processes waking up when their pages are not yet ready. That is a performance penalty that, with clever coding, should be far outweighed by the memory savings.

The patch contains some other bits, such as a simple "defragmenter" which tries to make large, contiguous memory allocations work (though most of the implementation work remains to be done), and a "drop behind" function which frees up pages belonging to files when a process is doing sequential I/O and has passed over them. There is also a more structured approach to "inactive" pages - pages which have been taken away from a process but which still contain the (potentially useful) data. The new code tries to keep around a fair number of clean, inactive pages; these pages can be quickly given back to their processes if called for, but are also available for allocation elsewhere if need be. Finally, the patch adds a fair number of general cleanups and a lot of comments.

Rik's patch has drawn a number of favorable reviews. For now, however, it is not being proposed for inclusion into 2.5. Indeed, it is only available for the 2.4 kernel series. Rik is currently working with 2.4 only as a way of having a stable base to start from. VM hacking can lead to weird and subtle bugs; it's not helpful if the rest of the kernel is also in great flux with bugs of its own. There will eventually be a 2.5 version, Rik tells us, when things have calmed down and the rmap patch itself is in a more finished state.

The current rmap version is release 12a.

What is up with the Athlon bug? The word first showed up on the Gentoo Linux site: a bug in the AMD Athlon CPU could cause data corruption on Linux systems. The word was that the problem had to do with what happens when 4MB pages are invalidated by the processor; the workaround was to tell the kernel to run without large pages with the mem=nopentium boot option.

The only problem is this: the Linux kernel only uses 4MB pages for kernel space itself. It maps all of (low) memory using large pages, then leaves the mapping alone - 4MB pages are never invalidated. The explanation left many kernel hackers unsatisfied, and the investigation continued.

What is actually going on, as posted by Gentoo's Daniel Robbins, is rather more subtle. The kernel's 4MB mappings cover all of (low) physical memory, including things like AGP memory. In some situations, the CPU can generate "speculative writes" to that memory via the 4MB mapping, and this has the effect of loading a cache line with data from memory. That cache line will eventually be written back to memory (even though the "speculative write" is never executed and the data has not been changed); unfortunately, the AGP processor can have modified the underlying memory in the mean time. The cached memory is thus stale and incorrect, and corrupts things.

Real fixes are still in the works. Meanwhile the mem=nopentium option will work for people who are affected by this problem.

Creeping ACPI. Jes Sorensen tracked down a problem with his shiny new Vaio laptop; it seems that the interrupt line for his CardBus controller was not getting set up properly. He has posted a small, special-purpose fix which patches things up in that case.

The underlying problem, however, remains. Many of the older, BIOS-level hardware tables which have traditionally been used to configure things like interrupts are going away. Instead, the newer ACPI standard is being used. If the kernel is to be able to work with newer hardware, it will need a functioning ACPI implemention, including the AML interpreter.

Running the full-blown ACPI setup is not an entirely popular idea, as was discussed on this page last July. ACPI brings substantial amounts of kernel bloat, reliability worries, and security concerns. Many (or most) people who have really looked over ACPI tend to be unenthusiastic about putting it into their kernels.

Finding a solution that allows future hardware to work without equipping the Linux kernel with an interpreter that can run arbitrary, closed source code is going to be a challenge. Proposals for a "configure and dump" mode for ACPI will address the bloat concerns, but not the others. It will not be a good day when Linux can configure a disk drive, but only at the cost of running a bunch of closed, buggy AML code with, perhaps, some "digital rights management" software thrown in as a bonus.

Other patches and updates released this week include:

Section Editor: Jonathan Corbet


January 24, 2002

For other kernel news, see:

Other resources:

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

See also: last week's Distributions page.

Note: The list of Linux distributions has moved to its own page.

Distributions


Please note that security updates from the various distributions are covered in the security section.

News and Editorials

Distributions Lost and Found. The new Distribution list is still not ready for public consumption. Some two or three dozen links remain unchecked (out of well over 200). In the meantime, a few of the distributions that were reported lost last week, have been found by LWN readers.

Trinux seems to be very popular, since many people wrote to tell about its home on SourceForge.

Many people knew about Definite Linux as well. This distribution was originally built by Jason Clifford and in its day was very popular. It is no longer under development, but you can still find information about Definite Linux at Jason's website, or at the distribution's older commercial home. Definite Linux will be moving to the "Historical" section of the new list.

LoopLinux moved to slightly different URL, but it's still around. It will be found in the "DOS/Windows install" section on the new list. (Thanks to Gordon Buzowetsky and Douwe van der Schaaf.)

Project Ballantain turned into FREESCO (FREE ciSCO). FREESCO has been on the LWN list for a while, we just didn't manage to delete the Project Ballantain link. FREESCO will remain in the new list.

OpenClassroom, like Trinux, moved to SourceForge. (Thanks to norwood sisson.)

New Distributions

FrazierWall Linux. FrazierWall Linux was developed as a customized firewall. It was originally based on the Linux Router Project and Coyote Linux 1.03. However it has evolved into a unique router/firewall distribution. (Thanks to Bruce Kives)

herbix. herbix is a portable server-on-a-floppy distribution. It's now at version 1.0-9.

Instant 802 Linux Access Point. The Instant 802 Linux Access Point, (OpenAP), is an open source Linux distribution for 802.11 access points. LinuxDevices.com has an article about OpenAP.

LEAF. LEAF (Linux Embedded Appliance Firewall) is an easy to use embedded Linux network appliance for use in small office, home office, and home automation environments. Although it can be used in other ways, it's primarily used as a gateway/router/firewall for Internet leaf sites. LEAF 1.0.2 (Dachstein) is now available.

Distribution News

Debian Weekly News. The Debian Weekly News for January 16 is out. Covered topics include the need for more maintainer sponsors, improving quality assurance, the 2.2r5 release, and more.

Mandrake News. Here's the Mandrake Linux Community Newsletter for January 22. Covered topics include MandrakeSoft's new toll-free number for North America, the company's new OTC stock listing, MandrakeClub, and more.

Belgian software company, Eurologiciel, and Mandrakesoft announced the release of three "rock solid" accounting packages. These are euro-centric, supporting France, Belgium and Luxemburg, so far. Naturally they are certified on Mandrake 8.0.

Red Hat News. Red Hat has issued a bug fix for the redhat-config-network network configuration tool. An enhanced package is available for RH 7.2 systems.

Updated KDE packages are available that will fix various bugs (including some minor security issues), improve performance, and add small features for RH 7.2.

A bug fix advisory for the anaconda installer corrects several issues in the Red Hat Linux 7.2 installer.

Trustix Secure Linux. TSL has issued a bug fix for gzip that affects versions TSL 1.01, 1.1, 1.2, and 1.5.

Yellow Dog Linux Bugfix Announcement. The glibc update, version 2.2.4, that is now available for YDL 2.1, no longer provides a development header file needed by programs that interact with the quota subsystem. This update for quota fixes the problem.

Minor Distribution updates

BlueEDU. BlueEDU, or Blue Linux, is a distribution aimed at educational computers. The first release candidate has been announced.

CRUX. CRUX, a lightweight, i686-optimized Linux distribution for experienced Linux users, has released CRUX 0.9.2.

floppyfw. floppyfw has released development version 1.9.18.

IPCop Firewall. IPCop Firewall has released version 0.1.1.

Mindi-Linux. Mindi Linux released version 0.53, which provides improved support for keyboard resource files from systems other than Red Hat and Debian, among other things.

Security Enhanced Linux. The NSA has released updates to its Security Enhanced Linux. The stable (2.4) LSM-based SELinux prototype was updated to kernel 2.4.17 and was updated to include a number of bug fixes and minor enhancements made since the previous release. A new development (2.5) LSM-based SELinux prototype based on kernel 2.5.2 was added to the site. Also, the original SELinux prototype has been reduced to just the 2.2.19 and 2.4.3 kernel patches for historical reference.

Sentry Firewall CD-ROM. Sentry Firewall is a Linux-based bootable CD-ROM, suitable for use as an inexpensive and easy to maintain firewall or IDS(Intrusion Detection System) node. Version 1.1.1 has been released.

Trinity Rescue Kit v0.5. A new version of the Trinity Rescue kit has been released. Version 0.5 has some minor new features and one MAJOR bug fix, which should solve most problems on machines that don't get further than loading their kernel.

Wolverine. Wolverine is a firewall and VPN server that is based on Embedded Coyote Linux. Still under development, Alpha 1 has reached Build 77.

Distribution Reviews

Red Hat 7.2 (Linux Journal). The Linux Journal reviews Red Hat Linux 7.2. "There's a few changes that might frustrate newbies as well as current users, but overall it's a strong new version."

Section Editor: Rebecca Sobol


January 24, 2002

Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

See also: last week's Development page.

Development projects


News and Editorials

XFree86 4.2.0 Released.

The XFree86 project has released a new version, 4.2.0, of its ubiquitous X window server software. This is the fifth release in the XFree86 4 series. XFree86 runs on Linux as well as many other common Unix variants. See the README documents for more basic information.

The release notes summary lists the following new capabilities:

  • Many enhancements and fixes to the drivers for specific video cards.
  • Enhanced input drivers including mouse wheel emulation and support for new devices.
  • Updates and bug fixes to the X server and its extensions.
  • Updated client and libraries, including a patched xterm program and support for remote hosts in Xload.
  • New scalable fonts and better locale support.
  • Updated documentation.
  • Improved support for various operating systems including:
    • Darwin/Mac OS X
    • Open BSD/powerpc
    • Client side support for sparc64 on NetBSD and OpenBSD
    • IBM S3/90
    • Linux arm32 and mips
    • Support for a few obsolete operating systems will be removed.
The full release notes describe the changes in greater detail.

The future Release Plans indicate that the next full release, version 4.3.0, should be available on May, 2002.

XFree86 4.2.0 may be downloaded here.
(Thanks to Martin Lindhe).

Clusters

Announcing heartbeat 0.4.9a. A new version of heartbeat, a Linux cluster node monitoring package, has been released. Version 0.4.9a includes a restructured build system, and adds a new standby feature. (Thanks to Alan Robertson).

High availability status newsletter. Alan Robertson has also sent out the January High Availability Status newsletter. It covers work in the emerging Open Cluster Framework, Alan's four presentations at the upcoming LinuxWorld conference, and more.

Documentation

LDP Weekly News. The Linux Documentation Project Weekly News for January 22, 2002 is out. The LDP Wiki remains the top subject; a number of new features have been added to that system, which is still in a beta test mode.

Education

SEUL/Edu report for January 21, 2002. The January 21, 2002 SEUL/Edu report is out. News includes a project to put Linux into schools in the Indian state of Goa, as well as other educational initiatives. Ten new educational software applications are reviewed this week.

Embedded Systems

Real-time and Linux, Part 1 (LinuxDevices). LinuxDevices.com is running the first of a three-part series on Linux and real time. "In practice, a general-purpose operating system, such as Linux, provides sufficient means for an application with relatively long deadlines if the operating environment can be controlled suitably. It is because of this property that one frequently hears that there is no need for real-time operating systems because processors have become so fast. This is only true for relatively uninteresting projects."

Linux Devices Embedded Linux Newsletter. The January 17, 2002 Linux Devices Embedded Linux Newsletter is out with the latest embedded Linux news.

Mail Software

The latest on milter.org. This week, milter.org discussions look at detecting spam with a velocity counter, and filtering based on type and usernames.

Printing Software

HP's hpijs driver is now free (Linux Printing). HP Recently released its hpijs inkjet printer driver under a BSD license, making it the first free printer driver to come from a printer manufacturer.

Science

DigiTemp 2.3 temperature sensor software. A new version of DigiTemp, software that connects the Dallas Semiconductor one wire temperatures sensors to a serial port, has been released. Version 2.3 adds support for 1-Wire Hubs. Perl plotting and web page generation software is also available for examining the resulting data. DigiTemp features a GPL version 2.0 license. (Thanks to Brian C. Lane.)

Web-site Development

New PHP 4.1.x extension for mnoGoSearch. A new PHP 4.1.x compatible extension module has been released for the mnoGoSearch web site search engine.

The latest Zope Members News. This week's items on the Zope Members News feature talk of a new Zope/Python in healthcare mailing list, a call for Euro Zope members, and a stable release of ExternalFile.

Zope 2.4.x crash fix (ZopeNewbies). People who are having problems with Zope 2.4.x crashes should take a look at this report from ZopeNewbies, apparently an upgrade to Python 2.1.2 will fix the problem.


January 24, 2002


Application Links
GIMP
Mozilla
Galeon
High Availability
ht://Dig
mnoGoSearch
MagicPoint
Wine
Worldforge
Zope

Open Source Code Collections
Berlios
Freshmeat
OpenSourceDirectory
Savannah
Le Serveur Libre
SourceForge
Sweetcode

   

 

Desktop Development


Audio Applications

Gnome-Media: Get it while it's hot. Gnome-Media version 1.100.0 has been released. New features include a new CD player and a new bonobo based CDDBSlave. The project needs some attention in the area of icon drawing, help out if you can.

Audacity 0.98 released. Version 0.98 of the Audacity multi-platform audio editing tool has been released. This release features new invert and reverse effects, an improved noise removal effect, new OSS code, preliminary support for the KDE/aRts sound server, and lots of bug fixes.

aPcStudio 0.5.9 released. Another cross-platform audio editing tool known as aPcStudio is available, with Linux binaries. Version 0.5.9 has been released and is available for testing. aPcStudio uses FLTK and is licensed under the GPL license.

Linuxmusic updates. The LINUXMUSIC site lists a new version of Trommeler, a fun to use X-window system based drum machine.

Desktop Environments

GNOME 2.0 desktop alpha. The alpha release of the GNOME 2.0 desktop has been announced. This release will be for the adventurous only; the GNOME developers will certainly appreciate any help they can get in flushing out bugs for the final release, however.

What's new in GNOME 2 for Users. Here's a writeup by Havoc Pennington on the user-visible changes in GNOME 2. "Lots of rumors have been going around that GNOME 2 won't have any new user-visible features, but while this was the plan and would have resulted in releasing sooner (cough), it's not really what happened. So here's some hype for you."

Kernel Cousin KDE #30. Kernel Cousin KDE issue #30 is available. Topics include work on the KDE 3.1 feature list, new maintainers for KDE Debian packages, a new CVS module for Art Resources, a KDE3 update for GCC3, and a new discussion forum for KDE Enterprise.

Xfce 3.8.14 released. Version 3.8.14 of the Xfce lightweight desktop environment has been released. Changes include a much improved xftree file manager, speed improvements in xfwm, visual enhancements, and bug fixes. (Thanks to Joe Klemmer.)

GNOME Summary for January 19, 2002. The January 19, 2002 GNOME Summary is out. Covered topics include the GNOME 2.0 desktop, the impending AbiWord 1.0 release, and more.

Matthias Ettrich: Integrating Qt Apps with KDE. KDE guru Matthias Ettrich has proposed a new strategy for integrating Qt applications into KDE by way of a small libQtKDE proxy library.

People of KDE: Dimitris Kamenopoulos. This week, KDE.org's People of KDE series features Dimitris Kamenopoulos, a specialist in Greek language translations.

Games

More games at PyGame. This week's new PyGame entry is PYC4 1.1, a 2 player connect 4 dots game.

Graphics

Guppi 0.40.3 Released. Version 0.40.3 of Guppi has been released. "Guppi is a GNOME-based framework for graphing and interactive data analysis." This version features bug fixes, cleaner code, and better looking graphs.

Interoperability

Kernel Cousin Wine #113. Issue #113 of Kernel Cousin Wine is out. Topics include building a test suite, getting support from IBM, Euro support, NT Named Pipes, and more.

Office Applications

Gnumeric 1.0.3 is available. Version 1.0.3 of the Gnumeric spreadsheet program has been announced. "This release syncs up with Guppi 0.40.3. The graphing interface has been improved a bit."

Kernel Cousin GNUe #12. Kernel Cousin GNUe issue #12 is available with the latest Gnu Enterprise developments. Topics include IBM DB2, DotGNU, Debian Packages, GNUe application server discussion, diagnosing problems with Python, GNUe official applications, and more.

AbiWord Weekly News issue #79. Issue #79 of the AbiWord Weekly News is out with all of the latest news from that project. AbiWord version 0.99.1 is soon to be released.

Miscellaneous

This Week in DotGNU. The This Week in DotGNU newsletter for January 19 is out. Covered topics include Debian Portable.NET packages, the Bizplan project, the upcoming LinuxWorld DotGNU panel, and more.

 
Desktop Environments
GNOME
GNUstep
KDE
XFce
XFree86

Window Managers
Afterstep
Enlightenment
FVMW2
IceWM
Sawfish
WindowMaker

Widget Sets
GTK+
Qt
   

 

Programming Languages


Caml

Caml Weekly News. The Caml Weekly News for January 15 through 22, 2002 is out. Topics include dynamic linking with native compilation and a new version of otags.

FORTRAN

Progress continues on G95. The G95 open source FORTRAN 95 project continues to make progress towards a working FORTRAN 95 compiler. Parser development continues, and a Linux binary is available for source code compatibility testing.

HTML

Extending the Web: XHTML Modularization (O'Reilly). Kendall Grant Clark looks at XHTML on O'Reilly's XML.com. "So, for content creators, XHTML -- the W3C's 'reformulation' of HTML 4 as an XML application -- is in fact what XML was in market-speak: a way to semantically extend the Web's lingua franca by adding domain- and genre-specific elements and attributes."

Java

The pros and cons of generating native code from Java source (IBM developerWorks). Martyn Honeyford examines Java native code generation on IBM's developerWorks. "When it was first introduced, it seemed that Java native compilation would surely topple the JVM, taking with it the Java platform's hard-fought platform independence. But even with its growing popularity and the increasing number of native compilers on the market, native compilation has a way to go before it poses a real threat to Java code's portability. Unfortunately, it also may be a while before the technology is mature enough to resolve the Java performance issues so many of us struggle with today."

Gems from the Java Technology Centre (IBM developerWorks). IBM's developerWorks has posted a list of useful Java tips from the Java experts in the IBM Hursley Labs .

Java: Stirring the Cup (Dr. Dobb's). Ed Nisley examines Java as an embedded systems language on Dr. Dobb's Journal. "I was particularly interested in what's required to use Java in an embedded application, given some seemingly significant disadvantages. Judging from the number of places where Java appeared at the Embedded Systems Conference/Boston, though, it's well into the useful stage."

ACUNIA releases Wonka 0.8. According to this LinuxDevices article, ACUNIA has released version 0.8 of Wonka, a JVM and class library. The Wonka license is the GPL-compatible, BSD-like Wonka Public License.

Lisp

Steel Bank Common Lisp 0.7.0 released. Version 0.7.0 of SBCL has been released. "Major changes relate to compiler implementation and optimization, behavior that ANSI Common Lisp explicitly defines as implementation dependent, FFI, deprecation of some old operator names, debugger user interface, better system test scripts, removal of old CMU CL documentation and many bug fixes. The default object file extension and version number have also been changed."

Perl

Apocalypse 4 from Larry Wall. Larry Wall has posted Apocalypse 4, the next set of proclamations on what Perl 6 will look like. It is all about blocks, "what the curlies mean." "Some OO purists say that any time you want to use a switch statement, you ought to make the discriminant of the switch statement into a type, and use method dispatch instead. Fortunately, we are not OO purists here, so forget that argument."

PHP

PHP Weekly Summary for January 21, 2002. This week's PHP Weekly Summary features discussions on manual translations, advanced data types, FOSDEM. Also, an alpha version of PHP5 is soon to arrive.

Python

This week's Python-URL. Dr. Dobb's Python-URL for January 21, 2002 is out. Covered topics include privacy concerns with ActiveState Python, the 2.1.2 release, and more.

New Daily Python-URL entries. New stuff on the Daily Python-URL includes a Python tutorial, Poooks, a Python based book reader program, PyGeo, a 3D geometry visualization lab, ftputil, an ftplib interface, a SIG for Python/C++ integration and more.

Ruby

This week on the Ruby Garden. The current edition of the Ruby Garden features talk about consistency in subscripted references, new Ruby RPMs for Red Hat Linux 7.2, Ruby to C translation, and more. The Ruby Weekly News also lists a number of new and updated Ruby projects.

Tcl/Tk

This week's Tcl-URL. Dr. Dobb's Tcl-URL for January 22 is out, with the usual collection of useful stuff from the Tcl/Tk community. Among other things, you can get your weekly regexp lessons and learn about Tcl/Tk's role in the discovery of fire.

XML

Bright Year In Prospect For XML (O'Reilly). Ed Dumbill predicts XML developments for 2002 on O'Reilly's XML.com.

What Are XForms? (O'Reilly). Micah Dubinko introduces XForms, the XML answer to HTML forms. "A new technology, XForms, is under development within the W3C and aims to meld XML and forms."

Libraries

glibc 2.2.5 released. Freshmeat lists a new version of glibc. The GNU C library home page has not been updated yet, but the software is available for download. (Thanks to Ben Woodhead)

Gdk-pixbuf 0.16.0 is released. A new bugfix release of the Gdk-pixbuf library, version 0.16.0, aka "Deadly Yellow Snow" has been released.

Section Editor: Forrest Cook

 
Language Links
Caml
Caml Hump
Tiny COBOL
Erlang
g95 Fortran
Gnu Compiler Collection (GCC)
Gnu Compiler for the Java Language (GCJ)
Guile
Haskell
IBM Java Zone
Jython
Free the X3J Thirteen (Lisp)
Use Perl
O'Reilly's perl.com
Dr. Dobbs' Perl
PHP
PHP Weekly Summary
Daily Python-URL
Python.org
Python.faqts
Python Eggs
Ruby
Ruby Garden
MIT Scheme
Schemers
Squeak
Smalltalk
Why Smalltalk
Tcl Developer Xchange
Tcl-tk.net
O'Reilly's XML.com
Regular Expressions
   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

See also: last week's Commerce page.

Linux and Business


Lineo announces embedded application migration tools. Lineo has announced the release of Bridgeworks VX and PS. These tools implement the VxWorks and pSOS+ APIs, making it easy to port applications from those systems to embedded Linux.

Wyse launches new Linux thin client system. Wyse has announced the availability of the "Winterm 5440XL." Despite its name, it doesn't run Windows; instead it comes with SuSE Linux. Pricing starts at $519.

MontaVista receives $28 million in financing. MontaVista has announced the receipt of $28 million in new venture capital. Investors include Intel, IBM, and WR Hambrecht.

Also announced by MontaVista is increased support for the PowerPC processor and "joint sales and marketing activities" with IBM.

And, for those who haven't had enough yet, here's another press release on the company's "blockbuster year." Revenues, it seems, are up 250% over what the company earned in 2000. Not bad.

FSF now taking orders and donations online. The Free Software Foundation, at last, has set up secure pages where it can take donations and orders online. Among other things, they had to wait for the RSA patent to run out first. (Thanks to Brett Smith).

Redmond Linux becomes Lycoris. Redmond Linux is trying again; the company has now announced that it will henceforth be known as "Lycoris," and that its Linux distribution will be called "Desktop/LX." "While the name Redmond Linux has its appeal, the names Desktop/LX and Lycoris allow us to shed the connotations of being a software publisher in Redmond, Washington."

Netproject to study Linux for U.K. Police. Netproject has announced that it has been awarded a contract to have a look at deploying Linux on up to 60,000 U.K. police desktops. "The police need very secure, virus resistant and stable desktop computing. We believe that Linux can provide this."

'Programming Jabber' from O'Reilly. O'Reilly has announced the release of Programming Jabber by DJ Adams.

Caldera Proxy Statement. For the Caldera watchers out there: here is the proxy statement for the company's upcoming shareholder meeting. Among other things, shareholders will be voting on a 1-for-4 reverse stock split, the re-election of the current board of directors, and the choice of Arthur Andersen LLP as the company's auditor (watch those paper shredders).

LPI News for January 2002. The Linux Professional Institute looks at LPI at LinuxWorld, LPI around the world, and more.

Finalists for LinuxWorld's Open Source Product Excellence Awards. IDG has put out a press release naming the finalists for the "Open Source Product Excellence Awards," to be handed out at LinuxWorld. Strangely, only a small fraction of the products named are open source, and only two are not sold by an LinuxWorld exhibitor (those being Powercockpit from Turbolinux, and KDE 3.0 beta 1, named for "best open source project").

Linux Stock Index for January 17 to January 23, 2002.
LSI at closing on January 17, 2002 ... 32.61
LSI at closing on January 23, 2002 ... 30.32

The high for the week was 32.61
The low for the week was 29.76

Press Releases:

Coming to LinuxWorld

Proprietary Products for Linux

Linux Hardware

Embedded Linux Products

Products and Services Using Linux

Products With Linux Versions

Linux At Work

Java Products

Training and Certification

Financial Results

Personnel & New Offices

Other

Section Editor: Rebecca Sobol.


January 24, 2002

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

See also: last week's Linux in the news page.

Linux in the news


Recommended Reading

Top Stories of 2001, #5: Linux Falters on the Desktop (WinInfo). One of WinInfo's top stories of 2001 is the failure of Linux to take over the desktop. The article is lengthy and details every setback, but is not entirely negative. "However you measure it--by absolute dollars or actual use--Linux has never achieved the desktop success that's so often predicted. That doesn't mean that it can't grow in this market; indeed, growth is much easier when there's no place to go but up. But for those people who had hoped to see Linux produce a credible desktop contender, one fact is now clear: It isn't happening any time soon. And it most certainly didn't happen in 2001." (Thanks to Con Zymaris).

Copy Controls and Circumvention: Don't Get Around Much Any More (O'ReillyNet). Here's a lengthy article by Andy Oram on the O'Reilly Net site about copy controls, the DMCA, and free speech and fair use rights. "Even given the Second Circuit's predilection to rule for the plaintiffs, its insensitivity to the seriousness of its ruling is cause for concern. The ban on linking, for instance, is a major intervention into the rights and practices of the Web - in fact, a blow at its very heart - not to mention a shadow hanging over communications technologies that will emerge in the future. The new limitation of free speech in computer programs is also far-reaching." Worth a read.

Are DSPs a dying breed? (EE Times). EE Times sees a difficult future for digital signal processors. "Five years from now, the success of a processor in many DSP applications may have less to do with how many multiply-accumulate operations it can perform in parallel, and more to do with whether it can boot Linux."

Microsoft builds the government Linux market (NewsForge). Here's a NewsForge article on how Microsoft's anti-piracy efforts are pushing governments toward Linux. "In India, the state of Goa has finally addressed the issue of illegal code on classroom computers by distributing Linux. Linux enthusiasts from local colleges have pledged to help the government conduct a mass migration of PCs to a localized version of Linux based on the Red Hat distribution."

Companies

AOL in Negotiations to Buy Red Hat (Washington Post). Here's an interesting article in the Washington Post. "AOL Time Warner Inc. is in talks to buy Red Hat Inc., a prominent distributor of a computer operating system, an acquisition that would position the media giant to challenge arch rival Microsoft Corp., according to sources familiar with the matter." (Thanks to Martin Rowe and Carl Joachim Berdal Haga).

Who wins if AOL swallows RedHat? (Register). Here's The Register's take on a potential Red Hat/AOL deal. "In other words, it may be a Linux computer, but a Linux computer serving that's solely serving a gigantic information and entertainment congolmerate. And that will be enough to make folk nostalgic for Clippy the Paper Clip."

Think Twice, Red Hat (O'ReillyNet). O'Reilly's Andy Oram has some warnings for Red Hat as it ponders a deal with AOL. "I just think that Linux has more places to go than most of us now imagine. An independent and quick-thinking Red Hat will be free to go those places as well. I think some of those directions will not be where AOL or Time Warner want to go. If Red Hat is the one to suffer, I don't want the rest of the Linux community to suffer too."

Sources: AOL not bidding for Red Hat (News.com). News.com reports that AOL is not considering a Red Hat acquisition after all. "Whether AOL is looking at Linux or not, the company must find a way to neutralize Microsoft's desktop advantage, say analysts."

Salon.com Leans On Open Source (TechWeb). TechWeb looks at how Salon built its subscription system. "Engineers have a saying: 'Cheap, fast, good. Pick any two.' But online magazine Salon.com thinks it got all three when it desperately needed a subscription system and decided to build, rather than buy, the software using Linux, open source development tools and Java."

Linux serves up the Open (I.T.). The Australian I.T. site has an article about IBM's latest Linux deployment. "IBM has thrown its weight behind the GNU/Linux operating system in a very public way, using the free software competitor to Microsoft's Windows to manage the Australian Open tennis tournament website." (Thanks to Con Zymaris).

Linux virtual machines aren't just for the big boys anymore (NewsForge). Here's a lengthy NewsForge article on Linux virtual machine technology; it includes a survey of a number of available products. "The music swells, and the announcer says something about IBM servers running Linux saving you a bundle. What the commercial doesn't tell you is that the spendy IBM server in the commercial is running multiple copies of Linux at one time as virtual machines."

Linux Software Maker to Relocate (Herald-Sun). The (Durham, NC) Herald-Sun reports on Red Hat's office move. "The move will nearly double Red Hat's current space, giving the company and its 200 Triangle employees room to grow, [Melissa] London said. Red Hat, which offers services and its own version of Linux software, employs 400 additional employees in 18 offices worldwide. But Red Hat began, as many software companies have, in a bedroom. In this case, it was founder Mark Ewing's Durham bedroom in 1993."

New UltraSparc outsells older Sun CPU (News.com). Here's a News.com article about the success of the Sparc III chip, but it wanders into Sun's attitude toward Linux. "Sun, though, accused IBM of ultimately trying to control Linux. 'You can't put a billion (dollars) into Linux dev. without hijacking and owning it,' [Sun VP John] Shoemaker said. IBM is 'making a lot of investments consistent with moving Linux to a more proprietary base,' added Steve MacKay, chief architect in Sun's computer group."

Business

Asian enterprises embracing Linux (ZDNet). ZDNet looks at Linux use in Asia. "The report also revealed that Thailand and Korea led the region in Linux installation, where over a quarter of organizations in both countries use the operating system. In addition, strong Linux adoption was seen in India and Hong Kong -- with 24 percent and 21 percent usage among companies, respectively."

The Open Source Prospect (IT-Director). Here's an IT-Director column by Robin Bloor on the prospects for open source software in general. "For potential business users of Open Source products, this software evangelism is not really relevant and may even be off-putting. But there is another side to this. It is many of the same committed evangelists that provide the free labour that has turned Open Source from a wacky idea into a viable software channel. Many Open Source products are actually better supported than the proprietary products they compete against."

Reviews

Empower Technologies unveils $149 Linux PDA (LinuxDevices). LinuxDevices.com has a brief article (with picture) on yet another new Linux-powered PDA. "The PowerPlay V PDA is based on a 16 MHz Motorola Dragonball system-on-chip processor with 8MB of system RAM memory plus 2MB Flash (upgradeable), and provides an IrDA interface."

Linux-based file server eases remote management (ZDNet). ZDNet reviews the Mitel Networks SME Server 5 (the product formerly known as the e-smith server and gateway). "SME Server is built on a standard Linux operating system which includes common applications and utilities freely available to the Linux community. Although the functionality provided by SME Server is certainly readily available to any knowledgeable Linux administrator, the product's custom management tools and automated installation process let virtually anyone with a modicum of Linux experience install and maintain a network file server with minimal effort."

Interviews

KDE at Conectiva (KDE::Enterprise). The KDE::Enterprise site has an interview with Conectiva's Roberto Teixeira. "It may sound cheesy, but the fact is that choosing KDE is really a no-brainer when you have such a diverse user group as our company has. Our employees range from Linux gurus to people who have very little computer experience like lawyers, accountants and personal secretaries. They all use Linux here and almost all use KDE by default, since we believe it is the best desktop for people to learn how to use."

Interview: Robert Love (LinuxDevices). LinuxDevices.com interviews Robert Love, maintainer of the preemptible kernel patch. "I think Linux can become a contender in the embedded/real-time market without giving up on itself, while still being a UNIX and having the standard Linux API. In fact, I think a lot of the technologies that achieve this could live right in the official kernel. Kernel preemption is one such innovation, and it's an innovation that does not benefit solely real-time applications."

FOSDEM interviews: Philip Hazel and Richard Dale. The Free and Open Source Developers Meeting has put up a couple more interviews with speakers at the upcoming event. The first is with Philip Hazel, author of Exim. "I don't know where this idea came from, because security was not the main focus of the development. Please don't misunderstand me -- security was of course of great concern, but I am not a security expert. I did not want to pursue the development of new security models for MTAs in the way that some other developers have done."

Then, there is this interview with Richard Dale, author of the KDE bindings. "I'm quite excited by the combination of native code generation and debugging with gdb for writing KDE apps in Java. This would just use Java as a 'bettter C++' with no need for any of Sun's 'Java the Platform' technology."

Miscellaneous

Commentary: The Linux alternative for PDAs (News.com). News.com is carrying a Meta Group pronouncement on why Linux PDAs are not interesting. "Linux PDAs will find a role only in situations where companies need a highly customized or specialized system, or one in which devices will be distributed to extremely large numbers of users, such as fast-food outlets."

Section Editor: Forrest Cook


January 24, 2002

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

See also: last week's Announcements page.

Announcements


Resources

2001 Timeline in French. Thanks to Roland Trique, the LWN 2001 Linux Timeline is now available in French.

LPI Certification 101 exam prep. IBM developerWorks is running a preparatory exam for the LPI certification 101 exam. Linux fundamentals are covered. Registration is required. (Thanks to Jeffrey I. Condon.)

See the LPI Weekly News for more LPI events.

CVS Administration (O'Reilly). Jennifer Vesperman gives an overview of CVS administration for software projects.

Linuxlookup motherboard review. Linuxlookoup reviews the Tyan Thunder K7 Motherboard, which supports dual AMD Athlon CPUs.

Events

Annual Conference of Open Source Content Management Systems (Linux Journal). A conference on Open Source Content Management will be held on March 21 and 22, 2002 in Zurich, Switzerland.

Events: January 24 - March 21, 2002.
Date Event Location
January 28 - 29, 2002The Conference on File and Storage Technologies(FAST 2002)Monterey, CA
January 29 - February 1, 2002LinuxWorldNew York, NY
February 1 - 3, 2002Linux Event 2002Livorno, Italy
February 3 - 6, 2002Embedded Executive Summit(Ritz-Carlton)Half Moon Bay, California
February 4 - 7, 200210th International Python Conference(Hilton Alexandria Mark Center)Alexandria, Virginia
February 5, 2002OMG Information Days Europe 2002Amsterdam
February 6, 2002OMG Information Days Europe 2002Brussels
February 6 - 9, 2002linux.conf.auBrisbane, Australia
February 7, 2002OMG Information Days Europe 2002Paris
February 8, 2002OMG Information Days Europe 2002Madrid
February 13 - 15, 20021st CfP German Perl Workshop(Fachhochschule Bonn-Rhein-Sieg, Sankt Augustin)Bonn, Germany
February 16 - 17, 2002Free Software and Open Source Developer's Meeting(FOSDEM 2002)(Brussels, Belgium)Brussels, Belgium
February 18, 2002OMG Information Days Europe 2002Milan
February 19, 2002OMG Information Days Europe 2002Zurich
February 20, 2002OMG Information Days Europe 2002Munich
February 21, 2002OMG Information Days Europe 2002Vienna
February 22, 2002OMG Information Days Europe 2002Budapest
February 25, 2002OMG Information Days Europe 2002Prague
March 4 - 6, 2002International Symposium on Advanced Radio Technologies(ISART 2002)(Dept. of Commerce, 325 Broadway)Boulder, CO
March 5, 2002OMG Information Days Europe 2002Helsinki
March 6, 2002OMG Information Days Europe 2002Stockholm
March 7, 2002OMG Information Days Europe 2002Oslo
March 8, 2002OMG Information Days Europe 2002Copenhagen
March 12 - 16, 2002Embedded Systems Conference(Moscone Center)San Francisco, California
March 21 - 22, 2002Annual Conference of Open Source Content Management Systems(OSCMSC)(Swiss Federal Institute of Technology (ETH))Zurich, Switzerland

Additional events can be found in the LWN Event Calendar. Event submissions should be sent to lwn@lwn.net in a plain text format.

Section Editor: Forrest Cook.


January 24, 2002

   

 

Software Announcements


Here are this week's Freshmeat software announcements. Freshmeat now offers the announcements sorted in two different ways:

The Alphabetical List and Sorted by license

 

Our software announcements are provided courtesy of FreshMeat

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

See also: last week's Linux History page.

This week in Linux history


Six years ago: Red Hat released Red Hat 2.1 for the Alpha architecture; this was the first official Red Hat release for that processor.

Red Hat also (in this message from "bob@redhat.com") announced its fancy new web site, that was even "SEARCHABLE!".

Five years ago: Ulrich Drepper released the first, experimental version of glibc 2.0. Thus began a long and sometimes painful (but worthwhile) transition.

Four years ago (January 29, 1998 LWN): In a brief note to comp.os.linux.announce, an ambitious, if not too smart, little company called Eklektix announced an online publication called the Linux Weekly News. The first issue hit the web on January 22, 1998, though we got a bit more serious with the January 29 issue.

Netscape announced that it would release the source for Communicator 5.0. At this distance, it can be hard to remember the impact that announcement had; at the time, it was a huge thing. It was the event that made a lot of people aware of free software. The pace of events picked up thereafter. This was the beginning of the Mozilla project, which has resulted in several nice browsers for Linux.

The Debian 2.0 release roadmap was posted, along with a set of 2.0 release requirements.

Three years ago (January 28, 1999 LWN): The long-awaited 2.2.0 kernel release hit the net on January 25. No formal announcement was made, other than this rather terse note on the kernel.org site. Linus did announce that 2.3.x was not going to happen anytime soon, and that it was not time to start sending in patches. One patch had to go in quickly, however, once Dan Burcaw pointed out an easy way for any user to crash a 2.2.0 system.

Linus also said that 32-bit Linux systems would never support 4GB of memory. Of course, 2.4.0 did exactly that... Perhaps his crystal ball isn't so infallible after all.

Both HP and SGI announced plans to support Linux on their hardware. Back in 1999, this sort of thing was still a big deal.

Somebody broke into ftp.win.tue.nl and replaced the source for the TCP wrappers package with a new version that contained a back door. The problem was found within hours, and, apparently, no sites were compromised as a result of this change. This episode pointed out a real vulnerability in free software, however, and helped motivate the use of signatures on source packages. It is probable, however, that few users check signatures even now, and a repeat of this sort of attack is almost certain at some point.

What happens when Windows programmers start to switch to Linux?

Barring a sudden, unforeseen bursting of the Linux bubble, we're about to see the nontechnical aspects of programming take center stage like never before, not even when the rise of the IBM PC brought mainframe programmers to the desktop, or even when the Y2K fiasco made legions of programmers learn (or relearn) Cobol. From the standpoint of individual programmers, this will look like yet fiasco made legions of programmers learn (or relearn) Cobol. From the standpoint of individual programmers, this will look like yet another standards/mindset war, with coders once again serving as both foot soldiers and the short term prize. The difference is that this time there will be a distinct cultural aspect to the war, and if we're lucky, the outcome could be a significantly more competitive industry.
-- Lou Grinzo, Dr. Dobb's Journal.

Two years ago (January 27, 2000 LWN): Caldera, Red Hat, and Turbolinux all announced that they would ship IBM's Java implementation with their distributions, leaving Sun out in the cold. Sun, instead, announced the availability of "free Solaris 8," complete with source code.

In a move aimed at Linux, Sun said it will announce Wednesday that it is making the source code for its new Solaris 8 operating system "open." Webster's has lots of definitions for the word, including "not sealed, fastened, or locked." But when you dig into the details of Sun's announcement, you'll find that what it is offering doesn't come close to meeting the dictionary's definition, let alone that of the open-source movement.
-- Lawrence Aragon, Red Herring.

SGI, meanwhile, released its OpenGL implementation under an open source license.

DeCSS hacker Jon Johansen was detained for questioning regarding his role in the cracking of the DVD encryption system. The persecution of young Johansen continues. Last week the Norwegian government, under pressure from the Motion Picture Association of America (MPAA), indicted Jon for crimes including contributory copyright infringement.

Lineo shipped the 1.0 version of its Embedix embedded Linux distribution. The Debian project ran into a little snag when, halfway through the nomination period, nobody had stepped forward saying they wanted to be the next project leader. Corel was claiming rave reviews for its Debian-based distribution.

The Journal of Linux Technology was announced by VA Linux Systems and O'Reilly & Associates. Only two issues were ever published. It was a nice idea though.

One year ago (January 25, 2001 LWN): Gartner Group analyst George Weiss was interviewed in vnunet.com about IBM's intentions toward Linux.

Weiss said he could see a day when "80 per cent of the revenues, indirect or direct, attributed to Linux will go into IBM coffers unless companies like HP, Red Hat and VA Linux smarten up their act. IBM will have a stranglehold on the community."

So far, at least, IBM has avoided the stranglehold.

Linus Torvalds expressed his opinion of device-to-device copy capability in the Linux kernel.

device-to-device copies sound like the ultimate thing.

They suck. They add a lot of complexity and do not work in general. And, if your "normal" usage pattern really is to just move the data without even looking at it, then you have to ask yourself whether you're doing something worthwhile in the first place.

Linus saw a trend toward connecting hardware with direct, point-to-point links that would not be amenable to direct operations between devices. Quoth Linus: "Just wait. My crystal ball is infallible."

SuSE Linux 7.1 for SPARC was released as a beta. The announcement came with a list of known bugs. The Slackware Linux Project announced the release of a current branch for Alpha processors. The SuSE Linux Groupware Server combined the Domino Messaging and Web Application Server with SuSE Linux.

The Open Source Development Lab opened its doors.

Backed by the support of 19 sponsor companies and more than $24 million in funding, the Open Source Development Lab is an 11,000-square-foot computing center located in Beaverton, Oregon, a high-tech district west of Portland.
-- Wired News.

Section Editor: Rebecca Sobol.


January 24, 2002

LWN Linux Timelines
1998 In Review
1999 In Review
2000 In Review
2001 In Review

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

See also: last week's Letters page.

Letters to the editor


Letters to the editor should be sent to letters@lwn.net. Preference will be given to letters which are short, to the point, and well written. If you want your email address "anti-spammed" in some way please be sure to let us know. We do not have a policy against anonymous letters, but we will be reluctant to include them.

January 24, 2002

   
From:	 Adrian Hosey <alh@warhound.org>
To:	 lwn@lwn.net
Subject: kernel modules and security
Date:	 Thu, 17 Jan 2002 08:56:39 -0500 (EST)


> Not everybody likes this idea. Many people build kernels with no loadable
> module support at all, and wish to continue doing so. Their reasons
> include:
>
>    * Security. Some people feel safer if there is not an easy way to
>      patch code into their running kernels. The fact of the matter,
>      though, is that the Bad Guys figured out how to modify a running
>      kernel some time ago, whether or not that kernel has loadable module
>      support."


This is specious reasoning. Security is about probabilities and
possibilities. By closing as many avenues as possible, I reduce the
probability of being a victim. There may be a very few Bad Guys out there
who know how to take advantage of a modular kernel, but there are even
fewer who know how to modify a running static kernel.

Let's estimate that 1 thief in 1000 carries a set of lockpicks. You still
lock the door to your home don't you? To keep out the other 999? Saying
that "A does not matter because some small number of people know how to do
B" just does not follow.


-- 
I am woefully underprepared to rock.

   
From:	 "Brad Spengler" <bspengle@bucknell.edu>
To:	 <lwn@lwn.net>
Subject: about module security
Date:	 Thu, 17 Jan 2002 21:21:22 -0500

>From the kernel section:
>"Security. Some people feel safer if there is not an easy way to patch
>code into their running kernels. The fact of the matter, though, is that
>the Bad Guys figured out how to modify a running kernel some time ago,
>whether or not that kernel has loadable module support."

You failed to mention that it's trivial to also stop the only other
method attackers are able to use to modify the kernel code without
module support.  It's a simple one-line patch that has been shown in the
newest edition of phrack and will be included in grsecurity 1.9.3 with
logging.  So, really, the security of module support isn't a "non-issue"
as you claim it to be.

-Brad
http://grsecurity.net


   
From:	 David.Kastrup@t-online.de (David Kastrup)
To:	 letters@lwn.net
Subject: A sidenote to the AOL/RedHat merger story
Date:	 20 Jan 2002 21:08:10 +0100


When this letter is published, matters will probably have long cleared
up.  Whichever way they do this, I would like to remind people of a
small thing that has been widely overlooked.

When RedHat was afloat with market capitalization, they acquired a
strategic asset before anybody else could.  Cygnus, a comparatively
small company in charge of the development of gcc, the GNU compiler
collection.  This compiler is crucial as infrastructure to most Free
Software projects.  Linux would not have happened without it.  The
quality of the generated code currently is good, mostly.  It usually
cannot hold water compared to the best commercial compilers with a
larger development crew and probably less portability, but it is good
enough to be workable for most projects on a wide range of platforms.
Competitiveness of free software hinges upon the quality of this
project, and its ability to cope with the idiosyncrasies of frequently
emerging new processor architectural details.

For this reason alone, the purported deal cannot be shrugged off in
the vein of "well, if RedHat goes down the drain, there will be dozens
of other distributions remaining".  The clout (or lack of it) behind
gcc development is crucial for Free Software.  So let's all hope for
the best.

-- 
David Kastrup, Kriemhildstr. 15, 44793 Bochum
Email: David.Kastrup@t-online.de
   
From:	 Dylan Griffiths <Inoshiro@kuro5hin.org>
To:	 letters@lwn.net
Subject: Shortsightedness of some kernel developers.
Date:	 Thu, 17 Jan 2002 17:10:58 -0600

	Since no one seems to have pointed this out, much more than "Aunt Tilly" 
would benefit from an autoconfiguration system for Linux.  Ever deploy 
Linux on a 6 box homogeneous network?  You can share your kernel config. 
BUT, move to a company with a few hundred boxes, each one from a different 
generation of purchasing... and you find out, you really need that 
autoconfig.  That way you can script deployment in ways you currently can't.

	Added functionality like this doesn't make "the 31337" less so, it merely 
opens up more possibilities.  Precisely why I started using Linux 
specifically, and computers in general.
-- 
     www.kuro5hin.org -- technology and culture, from the trenches.
                          -=-=-=-=-=-
Those that give up liberty to obtain safety deserve neither.
  -- Benjamin Franklin
   http://www.zdnet.com/zdnn/stories/news/0,4586,2812463,00.html
   http://slashdot.org/article.pl?sid=01/09/16/1647231
                          -=-=-=-=-=-

   
From:	 Guy Harris <gharris@sonic.net>
To:	 Bryan Henderson <bryanh@giraffe-data.com>
Subject: Re: buffer overruns - helpful tool
Date:	 Thu, 17 Jan 2002 23:44:35 -0800
Cc:	 letters@lwn.net

> asprintf() is a surprisingly little-used GNU C library routine.  It's 
> special to the GNU library, so you can use it only in Linux-only code.

No, and no.

% uname -sr
FreeBSD 3.4-RELEASE
% man asprintf

PRINTF(3)              FreeBSD Library Functions Manual              PRINTF(3)

NAME
     printf, fprintf, sprintf, snprintf, asprintf, vprintf, vfprintf,
     vsprintf, vsnprintf, vasprintf - formatted output conversion

SYNOPSIS
     #include <stdio.h>

	...

     int
     asprintf(char **ret, const char *format, ...)

	...

DESCRIPTION
     The printf() family of functions produces output according to a format as
     described below.  Printf() and vprintf() write output to stdout, the
     standard output stream; fprintf() and vfprintf() write output to the giv-
     en output stream; sprintf(), snprintf(), vsprintf(), and vsnprintf()
     write to the character string str; and asprintf() and vasprintf() dynami-
     cally allocate a new string with malloc(3).

		...

     Asprintf() and vasprintf() return a pointer to a buffer sufficiently
     large to hold the string in the ret argument; This pointer should be
     passed to free(3) to release the allocated storage when it is no longer
     needed.  If sufficient space cannot be allocated, asprintf() and
     vasprintf() will return -1 and set ret to be a NULL pointer.

		...

NetBSD and OpenBSD have it as well.

So perhaps it should be rephrased as

	asprintf() is a surprisingly little-used GNU C library and BSD C
	library routine.  It's special to the GNU library and the
	{Free,Net,Open}BSD C libraries, so you can use it only in code
	that only runs on free UNIXes, unless you use your own copy of
	asprintf on UNIXes lacking it, or, on those platforms, use GNU
	libiberty:

		http://gcc.gnu.org/onlinedocs/libiberty/

	which includes asprintf().
   
Eklektix, Inc. Linux powered! Copyright © 2002 Eklektix, Inc., all rights reserved
Linux ® is a registered trademark of Linus Torvalds