[LWN Logo]
[LWN.net]

Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise news for all interests


Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Letters

Other LWN stuff:
 Daily Updates
 Calendar
 Linux Stocks Page
 Book reviews
 Penguin Gallery

 Archives/search
 Use LWN headlines
 Advertise here
 Contact us

Recent features:
- RMS Interview
- 2001 Timeline
- O'Reilly Open Source Conference
- OLS 2001
- GaŽl Duval
- Kernel Summit
- Singapore Linux Conference
- djbdns

Here is the permanent site for this page.

See also: last week's LWN.

Leading items and editorials


The SSSCA under any other name smells just as foul. U.S. Senator Ernest Hollings ("the Senator from Disney") has submitted his latest payback to the entertainment industry as the "Consumer Broadband and Digital Television Promotion Act," which goes under the awkward acronym of CBDTPA. This proposed law would have far-reaching effects for the free software community, and is thus worth a close look. For those wanting more information, a look at the full text of the bill is worthwhile. We'll go over the relevant portions here.

The bill begins with a set of 23 "findings," intended to justify the new law. They talk about the plight of the poor content providers, who just can't bring themselves to make their wares available on the net (or via digital television) without guaranteed protection. Current protection schemes are inadequate because:

...those agreements do not prevent the continued use and manufacture of digital media devices that fail to incorporate such security measures.

In other words, we're being told that the government must step in and make content controls mandatory for all "digital media devices." And what benefit do they "find" we will get from this?

The secure protection of digital content is a necessary precondition to the dissemination, and on-line availability, of high quality digital content, which will benefit consumers and lead to the rapid growth of broadband networks.

Many of our readers may have been unaware of the fact that any problems with the growth rate of broadband networks are due to the lack of mandatory copy protection schemes. Or that there is no high quality digital content on the net. All we have to do is to turn the net into another form of television, and these problems will go away.

Of course, the DMCA, too, was brought in with promises that it would enable a flood of wonderful digital products for us to buy...

The core of the CBDTPA is new restrictions on what a "digital media device" can do. According to the bill, a "digial media device" is (emphasis added):

The term "digital media device" means any hardware or software that: (A) reproduces copyrighted works in digital form; (B) converts copyrighted works in digital form into a form whereby the images and sounds are visible or audible; or (C) retrieves or accesses copyrighted works in digital form and transfers or makes available for transfer such works to hardware or software described in subparagraph (B).

This is, of course, a very broad definition. Any computer, which has no trouble "reproducing copyrighted works in digital form," certainly qualifies. Importantly, a "device" can be software. A Linux distribution falls under this definition, and would be bound by the requirements of this law.

The operative part of the CBDTPA falls into two phases: (1) the establishment of "security system standards," and (2) the requirement that all "digital media devices" follow those standards.

The establishment of the standards is supposed to be done in the private sector, which will be given a year to accomplish the task. Should the private sector fail to get its act together, the government (in the form of the Federal Communications Commission) will jump in and set the standards instead. Either way, there's a set of criteria to be met, defined in these vague terms:

  • reliable
  • renewable
  • resistant to attack
  • readily implemented
  • modular
  • applicable in multiple technology platforms
  • extensible
  • upgradable
  • not cost prohibitive

These terms are not further defined in the proposed law. There is one other, interesting requirement: "any software portion of such standards is based on open source code." Of course, "open source" is not defined for the purposes of this law either; still, in theory, it means that we should at least be able to see the code for the "security systems" that are being forced onto our computers.

There is a token nod toward fair use, saying that security systems must not interfere with fair use rights. The penalties for noncompliance with this section, though, are very small - far smaller than those for selling a noncompliant device or stripping protective codes. It does not look like it is meant to be taken seriously.

Once the standards are set, industry has one more year to implement them, then the enforcement stage begins. There is a section requiring ISPs to pass through protected content intact, but the core of the law is Section 5:

A manufacturer, importer, or seller of digital media devices may not: (1) sell, or offer for sale, in interstate commerce, or (2) cause to be transported in, or in a manner affecting, interstate commerce, a digital media device unless the device includes and utilizes standard security technologies that adhere to the security system standards adopted under Section 3.

In other words, unless your Linux distribution (which is a "digital media device," remember?) implements the security standards, it is now illegal - at least, if you want to sell it or transport it over state lines. (The emphasis on "interstate commerce" is the hook that gives the federal government the authority to regulate the movements of "digital media devices").

So how can free software function in this legal environment? Given that the code implementing the security standards is supposed to be open source, it could conceivably be incorporated into a Linux distribution. (Note, however, that nothing in the proposed law requires a patent-free or royalty-free standard). Such work would have to be done by a distributor; it's hard to imagine the kernel maintainers willingly incorporating this stuff into the mainline code. Then Linux users could simply remove that code. Then again, maybe not; Section 6 says:

No person may knowingly remove or alter any security technology in a digital media device lawfully transported in interstate commerce...

So one of the fundamental freedoms of free software would be stripped away: you would not legally be able to modify your system to fit your needs.

But then, can a system based on free software ever meet the standards being set by this law? A source-available system, where users can remove the corporate big brother code at will, can never be "reliable" or "resistant to attack" in the eyes of CBDTPA supporters. If that interpretation holds, Linux systems become illegal whether or not they include the security code.

What about downloading a Linux distribution from a non-US server? The legality of such an act will depend on a court's interpretation: is a user, by virtue of having performed a download, an "importer"? If so, downloading Linux from outside the U.S. is not allowed; otherwise it is legal. Either way, people would be at risk of prosecution until the precedents had been set.

The absurdity of this legislation stretches belief. It's not clear what chances it has to become law; the Senate seems well beholden to the entertainment industry, but the House seems to be less enthusiastic. We should not count on the House to put this one out of its misery, though; those of us who are in the U.S. need to let our Senators know what we think of this thing. See this EFF advisory for more information on how to do that.

iSCSI and patented technology. The IETF IP Storage working group is charged with the task of defining standards for accessing storage devices (i.e. disks) directly over an IP network. This is an increasingly interesting area: as computing systems become more distributed over ever-faster networks, why not avoid expensive "storage area network" interconnects and use the existing, cheap technology? It may well be that, not too long from now, disk drives (and arrays) will just plug into your household gigabit Ethernet next to the printer. It will be desirable, of course, for Linux systems to be able to make use of these drives.

Perhaps the most prominent standard coming out of the IPS working group is iSCSI, the encapsulation of SCSI commands within the TCP protocol. The draft iSCSI standard is nearing completion; it will go to the internet standards "last call" stage shortly. So, one would hope, there would not be any major outstanding issues with the standard at this point. Unfortunately, that is not quite true - there is a patent issue with iSCSI that has the potential to make free software implementations difficult or impossible.

An important part of the iSCSI standard is authentication. Just because you have placed a disk drive on the network does not, after all, mean that you want to let anybody have access to it. Network drives need a strong and secure authentication protocol, and the working group has tried to provide one.

The choice for authentication is the "Secure Remote Password" (SRP) protocol, which is described in RFC 2945. It looks like a reasonable protocol, providing both authentication and secure key exchange. There is only one problem: SRP appears to be covered by three separate patents, with three holders.

  • Stanford has an SRP patent. Stanford has offered a royalty-free license (PDF format) that would appear to offer no obstacles to a free software implementation.

  • Phoenix claims that its "SPEKE" patent may apply to SRP. The company will make a license available on RAND ("reasonable and non-discriminatory") terms - not royalty-free.

  • Lucent also has two patents which may be applicable to SRP. This company has made vague promises to make the patents available "in accordance with normal Lucent licensing practices," which are not RAND, much less royalty free. Lucent is not currently committing itself to a position on whether it believes a license is necessary to use SRP.

The uncertainty behind Lucent's position, in particular, has given the iSCSI working group cause to worry about the use of SRP. At a working group meeting last week, the decision was made to demote SRP from an implemention requirement to an option. Instead, another protocol (perhaps CHAP augmented by a key exchange protocol) will be made mandatory.

That could all change, though, and not for the better. According to the SRP summary from the working group meeting:

Lucent continues to be approached with requests to be more cooperative. Lucent's actions (or lack thereof) are the primary cause of this delay to iSCSI.

In other words, the working group is not bothered by the Phoenix patent, which would require the purchase of a license under RAND terms. If Lucent becomes "more cooperative," we could find ourselves faced with an iSCSI standard which is encumbered by patents. That would not be a good thing for the free software community.

For more information, see the IPS working group's web page, which has pointers to the relevant draft standards and a mailing list for discussions.

Inside this LWN.net weekly edition:

  • Security: Format string exploits in libsafe; Apache security and bug fix release
  • Kernel: Can close() fail?; cleaning up include files.
  • Distributions: Sorcerer, Sorcery, and Lunar-Penguin.
  • Development: Parrot 0.0.4, HPIJS 1.0.4, Apache 1.3.24, Analog 5.22 security fix, mpg321 0.2.10, Net Hack 3.4.0, FLTK 1.1.0b12, Evolution 1.0.3, Advance 0.7.2, Gtk2Hs, mod_lisp 2.2, CPANPLUS 0.01, Python .2.1c2.
  • Commerce: The HRP-2P Linux-powered humanoid robot; Linux software store for Zaurus Handheld; IBM and SuSE to offer 'enterprise ready' Linux services.
  • Letters: Hurd, GPL, devexit_p.
...plus the usual array of reports, updates, and announcements.

This Week's LWN was brought to you by:


March 28, 2002

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Letters

See also: last week's Security page.

Security


News and Editorials

Apache 1.3.24 Released. Apache version 1.3.24 has been released. "This version of Apache is principally a security and bug fix release."

Security Reports

Format string exploits in libsafe Libsafe versions prior to 2.0-12 are vulnerable to format string exploits. "Libsafe protection against format string exploits may be easily bypassed using flag characters that are implemented in glibc but are not implemented in libsafe." The current version is libsafe 2.0-13. Steve Beattie pointed out that the Immunix FormatGuard tool is not vulnerable to these kinds of attacks.

Squid proxy cache security update. Squid-2.X releases up to and including 2.4.STABLE4 are vulnerable to attack from a malicous DNS server. The problem is fixed in Squid-2.4.STABLE6 problem.

Debian Security Advisory - mtr. A buffer overflow problem in mtr may allow an attacker to gain access to the raw socket, which makes IP spoofing and other malicious network activity possible.

Redhat update for imlib. Red Hat has released a security update for imlib that fixes "potential problems loading untrusted images", this vulnerability is exploitablie via the NetPBM package.

Mandrake security alert for kdm. MandrakeSoft has issued a security alert for kdm; it seems that the default configuration allows XDMCP connections from anywhere. The workaround is to make a small configuration file change; see the alert for details.

Komba Samba share browser password disclosure vulnerability. The problem is fixed in Komba2 0.7.3. All prior versions are vulnerable.

Webmin local privilege escalation vulnerabilities. The webmin 0.93 release fixes local privilege escalation vulnerabilities in the /var/webmin and /etc/webmin/servers/ directories.

web scripts. The following web scripts were reported to contain vulnerabilities:

Proprietary products. The following proprietary products were reported to contain vulnerabilities:

Updates

zlib corrupts malloc data structures via double free. This vulnerability impacts all major Linux vendors. It may impact every Linux installation on Earth. Updates are required to zlib and any packages that were statically built with the zlib code. (First LWN report: March 14).

LinuxSecurity describes the vulnerability and coordinated distributor efforts in detail. "Packages including X11, rsync, the Linux kernel, QT, mozilla, gcc, vnc, and many other programs that have the ability to use network compression are potentially vulnerable."

Updating is recommended. As always, please proceed with caution when applying updates to the kernel.

This week's updates:

Previous updates:

See also: articles in ZDNet and The Register about the zlib vulnerability. And, these reports from ZDNet and Vnunet on this vulnerability in some of Microsoft's major applications.

Both PHP3 and PHP4 have vulnerabilities in their file upload code which can lead to remote command execution. This one could be ugly; sites using PHP should apply updates at the first opportunity. If an update isn't available for your distribution, users of PHP 4.0.3 and later are encouraged to consider disabling file upload support by adding this directive to php.ini:

  
	file_uploads = Off

CERT has issued this advisory on the problem. This article in the Register also talks about the vulnerability. (First LWN report: March 7).

Developers using the 4.2.0 branch, are not vulnerable because because file upload support was completely rewritten for that branch.

This week's updates:

Previous updates:

Update: Despite some concern expressed in an earlier report by LWN, these updates do, in fact, fix the problem. The original update from the php team fixes the security hole but introduces a "rare segfault condition" that is not a security problem.

Resources

RAV AntiVirus v8.5 for Linux Review (LinuxLookup). Here is a review of RAV AntiVirus v8.5 for Linux. "RAV AntiVirus v8.5 for Linux Mail Servers, Servers, and Workstations is flexible and scalable, allowing independent configuration of the scanning module, fully independent from the Mail Server. In the configuration file you can customize the actions to be taken by RAV when detecting a virus - clean, move, copy, rename, delete, ignore, reject - and benefit of advanced features, like warning the sender, warning the receiver or warning a third party (the server administrator when detecting an external threat)."

Getting Started with Gnu Privacy Guard (Open for Business). Here is a HOWTO article on using GNU Privacy Guard (GPG). "The idea of signing your key is to create a "web of trust," where if John trusts Jim's identity, and Jim trusts Nancy's identity, then John knows he can trust the identity of Nancy too. Most often, signing is reciprocal, so John and Jim probably signed each other's keys, and Jim and Nancy did the same."

Linux security week. The Linux Security Week publication from LinuxSecurity.com is available.

Events

UniNet announced the 1st Information Security Conference at UniNet, InfoSec 2002, which will run from April 15th to 19th on the UniNet IRC network (irc.uninet.edu) in the channel #infosec.

Upcoming Security Events.
Date Event Location
April 1 - 7, 2002SANS 2002Orlando, FL., USA
April 5 - 7, 2002RubiconDetroit, Michigan, USA
April 7 - 10, 2002Techno-Security 2002 ConferenceMyrtle Beach, SC
April 14 - 15, 2002Workshop on Privacy Enhancing Technologies 2002(Cathedral Hill Hotel)San Francisco, California, USA
April 15 - 19, 2002InfoSec 2002UniNet IRC network (irc.uninet.edu) - channel #infosec
April 16 - 19, 2002The Twelfth Conference on Computers, Freedom & Privacy(Cathedral Hill Hotel)San Francisco, California, USA
April 23 - 25, 2002Infosecurity Europe 2002Olympia, London, UK
May 1 - 3, 2002cansecwest/core02Vancouver, Canada
May 4 - 5, 2002DallasConDallas, TX., USA
May 12 - 15, 20022002 IEEE Symposium on Security and Privacy(The Claremont Resort)Oakland, California, USA
May 13 - 14, 20023rd International Common Criteria Conference(ICCC)Ottawa, Ont., Canada
May 13 - 17, 200214th Annual Canadian Information Technology Security Symposium(CITSS)(Ottawa Congress Centre)Ottawa, Ontario, Canada
May 27 - 31, 20023rd International SANE Conference(SANE 2002)Maastricht, The Netherlands

For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net.

Section Editor: Dennis Tenney


March 28, 2002

LWN Resources
Security alerts archive

Secured Distributions:
Astaro Security
Castle
Engarde Secure Linux
Immunix
Kaladix Linux
NSA Security Enhanced
Openwall GNU/Linux
Trustix

Security Projects
Bastille
Linux Security Audit Project
Linux Security Module
OpenSSH

Security List Archives
Bugtraq Archive
Firewall Wizards Archive
ISN Archive

Distribution-specific links
Caldera Advisories
Conectiva Updates
Debian Alerts
Kondara Advisories
Esware Alerts
LinuxPPC Security Updates
Mandrake Updates
Red Hat Errata
SuSE Announcements
Turbolinux
Yellow Dog Errata

BSD-specific links
BSDi
FreeBSD
NetBSD
OpenBSD

Security mailing lists
Caldera
Cobalt
Conectiva
Debian
Esware
FreeBSD
Kondara
LASER5
Linux From Scratch
Linux-Mandrake
NetBSD
OpenBSD
Red Hat
Slackware
Stampede
SuSE
Trustix
turboLinux
Yellow Dog

Security Software Archives
munitions
ZedZ.net (formerly replay.com)

Miscellaneous Resources
CERT
CIAC
Comp Sec News Daily
Crypto-GRAM
LinuxLock.org
LinuxSecurity.com
Security Focus
SecurityPortal

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Letters

See also: last week's Kernel page.

Kernel development


The current development kernel release is 2.5.7. Linus is on vacation, so no 2.5.8 prepatches have been released.

Dave Jones released 2.5.7-dj1 on March 21. "Resync, add compile fixes, simmer for 30 mins on low heat. Add random pending patches to taste. Still untested beyond 'it compiles', handle with care."

Here is Guillaume Boissiere's 2.5 status summary for March 27.

The current stable kernel release is 2.4.18; the current 2.4.19 prepatch from Marcelo remains 2.4.19-pre4; released on March 20.

Alan Cox's latest prepatch is 2.4.19-pre4-ac2. It includes a great many fixes and a lot of USB updates, but there have been no major changes since the new IDE code went in last week.

When close() goes bad. The close() system call is defined with the usual sort of return value: zero on success, nonzero otherwise. Most programmers do not look too closely at the return value from close(); after all, when you are closing a file descriptor, the useful work has generally been accomplished. But a close can return a failure code. This code does not generally refer to the close operation itself (which must succeed); instead, it can be used to indicate a failure in some other, perhaps related device operation. A CDROM driver could return a failure status if it is unable to unlock the drive door, for example. Other devices may still have operations outstanding, and the return value from close() is the only way to report problems with those operations.

Inside the kernel, close() maps to a function called release() in the file_operations structure. That function, too, has a return value. So Axel Kittenberger was surprised to find out that there was no connection between the release() return value and what the application gets back from close(). Instead, that value is discarded, and close() always succeeds. He has posted a patch which fixes the situation by passing the release() return value through.

Not everybody agrees that this is the right thing to do, interestingly. It has been stated that the fsync() call should be used by applications which are interested in any last-minute errors. But that approach doesn't address errors that happen in the close process itself. It is also a little strange to have return values from the operation that do not mean anything. So, while there are people who suggest that the release() function should be changed to return void, it's probably more likely that this patch will be applied.

Straightening out the header files. People who dig around in the kernel source code tend to notice one thing early on: the header files are a bit of a mess. Figuring out which headers to include - and in which order - can be a pain. And it often seems necessary to include a large number of (seemingly) unrelated files to get a piece of code to compile.

Daniel Phillips has started attacking one of the header file problems: the unstructured intermixing of definitions of data structures and the functions that use those structures. Many of the header files have "evolved" over time into fairly long and twisted things; programmers have thrown new definitions in over the years, often without any sort of overall design for the header file itself.

Numerous problems have their roots in this untidiness, but Daniel has picked out one in particular: it can be hard to define inline functions that use certain kernel data structures. Such functions often get defined before the structures they reference; this, of course, does not work if the function needs to know anything specific about the data structure. Rearranging the definitions can be hard, so programmers tend to give up on inline functions and fall back on the use of macros. Macros work, but they are inelegant, and, crucially, they do not offer the same sort of type checking that inline functions do.

The solution, according to Daniel, is to split out the definitions of fundamental data structures into their own header files. These small headers can then be placed early in the list of files to include, and their structures are available for use in inline functions later. He has posted a patch which makes this change for struct page, a fundamental data structure used in the management of physical memory. This change allows a couple of former macros (_pa, which converts kernel-space virtual addresses to physical addresses, and _va, which does the opposite) into inline functions. Says Daniel:

As soon as I had the inline version of __pa, it picked up an oversight where Jeff [Dike] uses virtual addresses in his page tables instead of physical addresses. It works in the case of uml, but it's quite unexpected and has only gone unnoticed this long because of weak type checking due to use of macros.

The code changes required for this sort of patch are not small, since a fair amount of rearranging can be required. It appears that it may be worth the effort, though. For any ambitious folk who would like to take on other kernel headers, Daniel has posted his algorithm for accomplishing the task. It is, he says, "slightly painful, but not horribly excruciatingly painful." With such inspirational words, who can resist the urge to jump in and help out?

Other patches and updates released this week include:

Kernel trees:

  • J.A. Magallon's latest is 2.4.19-pre4-jam1.

  • Marc-Christian Petersen has released 2.4.18-WOLK3.1. This kernel now has over 90 patches; some of the latest additions are TUX, User-mode Linux, the Linux Trace toolkit, and more.

Core kernel code:

  • Hubertus Franke has posted a patch to the code that assigns IDs to new processes. The current method of finding an unused PID is very inefficient, especially if there are large numbers of processes running on the system. With this patch, process ID assignment is faster on systems with at least 25,000 processes running - so most people won't need it for their desktop systems.

  • Andrew Morton has released a new set of reworked VM patches (as originally written by Andrea Arcangeli and covered here last week).

  • A new radix tree page cache patch has been released by Christoph Hellwig.

Device drivers

  • Jens Axboe has released support for "Mt. Rainier" CD-RW drives. See here for the latest version.

  • Richard Gooch has released devfsd v1.3.25 and devfs 199.10.

  • Patrick Mochel has updated his device model code to build an ordered list of all devices on the system. A set of functions has been supplied which can use that list to suspend, resume, or shut down all devices in the system in the proper order.

Filesystems:

  • Roger Gammans has written some documentation for the JBD (journaling) layer.

  • Anton Altaparmakov has released a completely rewritten, read-only NT filesystem implementation.

  • Version 0.8.23 of the access control list patch has been released by Andreas Gruenbacher.

Kernel building:

  • Roman Zippel has released a specification for his new kernel configuration system.

Miscellaneous:

Ports:

  • Here is the announcement for the latest NCR Voyager port from James Bottomley.

Section Editor: Jonathan Corbet


March 28, 2002

For other kernel news, see:

Other resources:

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Letters

See also: last week's Distributions page.

Distributions


Please note that security updates from the various distributions are covered in the security section.

News and Editorials

Sorcerer, Sorcery, and Lunar-Penguin. Last week we reported that Sorcerer GNU/Linux (SGL) was no longer available. Numerous people wrote in with additional information, so this week we have a more complete story to tell. It's the kind of story that illustrates that a good open source project is difficult (if not impossible) to kill.

SGL was first released by Kyle Sallee in April 2001 and in just a few months it became one of the most popular source-based Linux distributions around. Gaining in popularity also meant gaining a larger development team, as is the nature of free software. Unfortunately though, not everyone shared the same vision of SGL and its future. Without getting into all the nasty details, we'll just jump to the part where Kyle left the project and removed the source code from its accustomed repository (and the mirrors). He apparently did try to stop the other SGL team members from going on with the project from there, but as we mentioned, it's very hard to stop a good software project. The source was already out there. So, from the ashes of Sorcerer grew two new distributions. Kyle doesn't seem to be working with either one at this time, but we wish him well on his next project (whatever that is). Most of all, we'd like to thank all the people who wrote to LWN with additional links and information.

Lunar-Penguin has its roots in SGL, but it's quickly evolving into something else. If you like SGL, but want something a bit faster paced, more leading edge, then LP could be just for you. Current SGL users should be able to switch to LP now, but that's guaranteed not to last for long. LP released the ISO image lunar-20020321.iso.bz2 on March 21, 2002.

Sorcery GNU/Linux or possibly Sorcerer GNU/Linux is project created by former team members of SGL, after Kyle's departure. It strives to remain a popular, source-based distribution. Sorcery 0.1.2 was released into cvs on March 19, 2002, and a new Sorcery tarball, 0.1.3, has been released since. This posting at the Sorcery Linux site contains some additional information on the birth of Sorcery, and talks about some future development plans for the new SGL.

The site SorcererLinux.org was created as an impartial resource, with links to both new projects, and other Sorcerer resources including a link to the original Sorcerer documentation.

Distribution News

Debian News. The Debian Weekly News for March 20 is out, with coverage of the Debian Leader election, the latest boot floppies, offensive content, CeBIT, and more.

Debian users will now find cryptographic software in the main archive. Anthony Towns provides an explanation of why it wasn't there before, and what can be found there now.

There is another revision of 'potato', Debian GNU/Linux 2.2r6 due out at the beginning of April 2002.

The Call For Votes is out now. "NOTE: The vote must be GPG signed (or PGP signed) with your key that is in the debian keyring."

The Kernel Cousin Debian Hurd #115 For March 19, 2002 is available.

Mandrake Linux News. The Mandrake Linux Community Newsletter #35 for March 20, 2002 talks about Mandrake Linux 8.2 (Intel version available; a note from the Developers; 8.2 PPC Status Report) and more.

The release of a second beta version of Mandrake Linux 8.2 for the PowerPC architecture has been announced.

MandrakeSoft has announced the availability of StarOffice 6.0 Final for its MandrakeClub "Silver" members and above. This ZDNet article clarifies Mandrake's download policy.

Red Hat Linux Advanced Server. Red Hat has announced the launch of its "Red Hat Linux Advanced Server" distribution, "the first enterprise-class Linux operating system." It starts at $800, and includes a one-year Red Hat Network subscription, a 12-month (minimum) release cycle, a number of kernel patches (i.e. asynchronous I/O), a Java-based web console for cluster management, and more.

Skipjack - the latest Red Hat beta. We mentioned it last week, but here's the official announcement on the release of "Skipjack," Red Hat's latest beta release. "As always, we do not recommend the use of beta software on mission critical or production systems. In fact, we may laugh at those who try."

SuSE Linux. usr local bin is a new site dedicated to updated RPM packages for SuSE Linux, mainly offering GNOME software builds.

Yellow Dog Linux 2.2 ships. Terra Soft Solutions has announced the release of Yellow Dog Linux 2.2. It's based on Red Hat Linux 7.2, but, of course, it runs on the PowerPC.

Minor Distribution updates

2-Disk Xwindow System. The 2-Disk Xwindow System has released v1.2.9 with minor feature enhancements.

Astaro Security Linux. Astaro Security Linux has released v3.041 with major feature enhancements.

Icepack Linux. Icepack Linux has released v2.0, "a complete rewrite of our version 1.0, but of course still offering the features you appreciated in our first release".

Leka Rescue Floppy. Leka Rescue Floppy has released v0.6.0 with minor bug fixes.

Recovery Is Possible!. Recovery Is Possible! (RIP) has released v51 with minor feature enhancements.

ttylinux. ttylinux has released v2.0 with minor bug fixes.

Wolverine. The Wolverine firewall and VPN product (based on Embedded Coyote Linux) has released Alpha 3 (Build 153) with major feature enhancements.

Distribution Reviews

Mandrake 8.2 First Impressions. Anthony Barker reviews Mandrake Linux 8.2. "Mandrake has done a lot of work cleaning up the user interface and making Linux more intuitive. Moreover, it is supposed to be more stable - the kernel as well as Mandrake's tools ( although I have not experience that so far). Perhaps I have been a bit harsh because I lost my data directory (my own fault - but of course I internally blame the vendor). Overall, I think mdk 8.2 is the best Mandrake release so far, a candidate for the best linux distribution, and perhaps my favorite desktop operating system."

Section Editor: Rebecca Sobol


March 28, 2002

Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.

Distribution Lists:
LWN List
DistroWatch
ibiblio
Linux.com
LinuxLinks
LDP English-language GNU/Linux distributions on CD-ROM
Woven Goods

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Letters

See also: last week's Development page.

Development projects


News and Editorials

Parrot 0.0.4 is Released

Use Perl reports on the release of Version 0.0.4 of the Parrot compiler, which is at the heart of the new Perl 6 language.

We now have a working JIT compiler, thanks primarily to Daniel Grunblatt. Gregor Purdy produced something he calls 'predereferencing', which rearranges Parrot bytecode in memory to give a 22% speedup over the normal Parrot run. Dan Sugalski himself has provided a fast arena-based memory allocation system, and a copying garbage collector to match. We're starting to look like a real interpreter, and to prove it, Clinton Pierce has written an XML parser in Parrot bytecode.

Also included in Parrot 0.0.4 is Alex Gough's bignum library, code cleanup by Jason Gloudon, and "rudimentary regular expression support" contributed by Brent Dax.

Here is the full list of changes for the new Parrot.

The latest version of Parrot may be downloaded here. See the Parrot 0.0.4 readme file for the necessary build instructions.

Additionally, Simon Cozens has handed off the duties of Parrot project leader, or "Parrot Pumpking" to Jeff Goff.

Electronics

New Icarus Verilog simulator (gEDA). The gEDA site lists a new development version of the Icarus Verilog electronic simulation language compiler. In addition, a new stable version 0.6 was also released recently.

Embedded Systems

Embedded Linux Newsletter (LinuxDevices). The LinuxDevices.com Embedded Linux Newsletter for March 21 is available, with the usual roundup of events from the embedded Linux community.

The preempt patch vs the low-latency patch (LinuxDevices). LinuxDevices has posted a white paper that compares two methods for achieving low kernel latency. "In this whitepaper on Linux Scheduler Latency, Clark Williams of Red Hat Inc. compares the performance of two popular ways to improve kernel Linux preemption latency -- the preemption patch pioneered by MontaVista and the low-latency patch pioneered by Ingo Molnar -- and discovers that the best approach might be a combination of both."

Opening Up the PlayStation 2 with Linux (O'Reilly). Howard Wen reviews the Sony PlayStation 2 Linux development environment on O'Reilly. "Besides the sheer geek thrill of being able to do it, there's a practical reason for running Linux on a PlayStation 2. A lot of people expressing interest in this kit are hobbyists looking to gain experience in developing for a major game console."

Printing Software

HPIJS 1.0.4 released (Linux Printing). Linux Printing mentions the new release of the HPIJS inkjet printer drivers. Version 1.0.4 includes a new high resolution mode, support for A3 and A5 paper, and bug fixes.

Web-site Development

Apache 1.3.24 Released. Apache version 1.3.24 has been released. "This version of Apache is principally a security and bug fix release." (Thanks to Jonas Eriksson.)

mnoGoSearch-php-3.2.0.beta2 available. A new version of mnoGoSearch-php, a PHP interface to the mnoGoSearch search engine is available. The Change Log file lists all of the changes.

Zope Members' News. This week's Zope Members' News items include a look at the MailBoxer mailing list manager, the QuotaFolder 0.1 quota system, the ZFireBirdDA database adapter, the Logger 1-0-2 Zope logging system interface, and more.

Analog Security Hole. Version 5.22 of the Analog web log analyzer fixes a cross-site scripting security hole in which Javascript code can be arbitrarily inserted into web logs. The log entries can then be viewed by arbitrary browsers.

mod_perl in 30 minutes (O'Reilly). Stas Bekman gives a speedy introduction to mod_perl on O'Reilly. "In this article I'll show step-by-step installation and configuration scenarios, and chances are you will be able to run the basic statically compiled mod_perl setup without reading any other documents."

Documentation

LDP Weekly News. The March 26, 2002 LDP Weekly News mentions a new "documents" category. New documents cover creating high quality Linux applications, backing up and restoring data, intrusion protection, physical security, securing data in transit, and an introduction to viruses and virus hoaxes.


March 28, 2002


Application Links
GIMP
Mozilla
Galeon
High Availability
ht://Dig
mnoGoSearch
MagicPoint
Wine
Worldforge
Zope

Open Source Code Collections
Berlios
Freshmeat
OpenSourceDirectory
Savannah
Le Serveur Libre
SourceForge
Sweetcode

   

 

Desktop Development


Audio Applications

mpg321 version 0.2.10 released. A new version of mpg321, the free MP3 player, has been released. Version 0.2.10 features a number of bug fixes and useability improvements.

Ardour progress continues. Work continues on the Ardour multi-track audio recording package. Generalized undo/redo operations have been added, stability and usability enhancements have been added, and Ardour now works as a Jack client.

Web Browsers

Mozilla Independent Status Reports. The latest Mozilla Independent Status Reports feature new releases of LiveSidebar, SVG Graphs, the Mozilla Translator, mozCalc, Annozilla, Mozblog, and BrowserG!.

Desktop Environments

Ximian GNOME on a low-resources machine. Linux and Main looks at software bloat and its effects on running Gnome on a Pentium-166. "Hear me out. It's true that we have all kinds of nifty desktops and applications. This is great. It is also, sadly, true that as the capacity of hardware has increased -- bigger drives, more memory, faster processors, an actual reduction in price -- coding has fallen slack. We do just about the same stuff at just about the same speed, even though our machines should, if the coding standard of even two or three years ago were in place, literally scream with speed."

Kernel Cousin KDE number 36. Kernel Cousin KDE Issue #36 is available. Topics include advanced media streaming, KParts and Streaming Data, Moving Day for Wallpapers, KOffice publicity, KDE 3.0 status, KOffice graphics, Addressbook transitioning, and more.

KDE 3.0RC3: Prepare to Fall in Love (KDE.News). KDE.News reports on the newly released KDE 3.0 RC3 with much enthusiasm: "...yesterday morning I installed KDE 3.0rc3 and, to be honest, it is truly magnificent! Konqueror is fast, fast, fast! Never seen anything like it (except maybe Lynx) in the main browsers - even long pages in my Most Often Visited list all but instantly popped into place.

The rest of KDE 3 is simply spectacular, too. Everything is snappier, from menus (despite the addition of cool menu icons) and dialogs (these pop up much faster) to applications, and the look is even more professional than KDE 2. Wowwww, I am in total awe. Superb, excellent, amazing job, guys, KDE 3 absolutely rules!"

People of KDE: Eva Brucherseifer. This week's People of KDE features Eva Brucherseifer, one of the founders of KDE-Women, KDE-Edu, and the KDE-Solaris mailing list.

Games

Net Hack Version 3.4.0. Version 3.4.0 of the classic NetHack game has been announced. This release features bug fixes, better portability, enhanced configuration file processing, and lots more.

Pygame updates. This week, the Pygame site features SCAM, the Sprite Collision and Mechanics Library. "SCAM is a library that provides easy to use pixel-perfect collision detection. It is a C extension module and has support for python and pygame."

GUI Packages

FLTK 1.1.0b12 Available. Version 1.1.0b12 of the Fast Light ToolKit (FLTK) has been announced. This release features bug fixes and working drag-n-drop support, among other things.

Office Applications

Ximian releases Evolution 1.0.3. "Ximian Evolution version 1.0.3 is now available. Evolution 1.0.3 resolves a number of smaller issues discovered in the previous release, and includes enhanced compatibility with the forthcoming Ximian Connector for Microsoft Exchange. You can expect to see improved performance and stability in this release, especially for addressbook functions over LDAP."

Advance 0.7.2 released. Version 0.7.2. of the Advance Personal Information Manager (PIM) is available. This version is a functional beta release. (Thanks to Bryan Brunton.)

Kernel Cousin GNUe #21. Issue #21 of Kernel Cousin GNUe looks at analytical processing, web browser compatibility, international support, GNUe for Red Hat and Debian, and more.

AbiWord Weekly News. The March 26, 2002 AbiWord Weekly News covers the new AbiWord 0.99.3 release as well as other progress in AbiWord development.

 
Desktop Environments
GNOME
GNUstep
KDE
XFce
XFree86

Window Managers
Afterstep
Enlightenment
FVMW2
IceWM
Sawfish
WindowMaker

Widget Sets
GTK+
Qt
   

 

Programming Languages


Caml

The Caml Hump. The "latest adds" on The Caml Hump include lox, a library framework for concurrent, single-threaded Internet application services, and Ant, which aims to be a Caml replacement for the TeX typesetting system.

The Caml Weekly News. The March 26, 2002 edition of the Caml Weekly News is out. Topics include weak hash tables, Ensemble 1.35, and ant V0.3pre.

Haskell

The Gtk2Hs Haskell binding for Gtk2. Axel Simon has announced Gtk2Hs, a rewrite of the gtk+hs Haskell binding for Gtk. Improvements include automatic memory management, nearly complete coverage of widget functions and signals, Unicode support, Object-oriented calling conventions, and more. (Thanks to Jens Petersen.)

Java

Tetris meets the Java bean (IBM developerWorks). Scott Clee uses Java beans to implement the Tetris game. "IBM Software Engineer -- and gamer at heart -- Scott Clee provides a simple way to take the Tetris game model and wrap it up as a reusable Java bean component. Once the game elements have been broken down into Java objects, they can be reassembled to form the complete game model bean, enabling it to be plugged into virtually any Tetris GUI."

Micro-Tuning Step-by-Step (O'Reilly). Jack Shirazi gives some tips on optimizing Java performance. "Micro-tuning is a term often used to mean speeding up small sections of code out of context, by profiling and analyzing that code and using some of the many techniques available to make code run faster. In contrast, macro-tuning looks at the program in context, and tries to improve performance by altering the algorithms, data structures, or interactions between components or subsystems."

Lisp

mod_lisp 2.2 released. Version 2.2 of the mod_lisp Apache web server module, has been released. "This version allows more than one Set-Cookie".

CLSQL initial public version released. The first public version of CLSQL, a Common Lisp interface to the PostgreSQL and AODBC database engines, has been released.

Perl

CPANPLUS 0.01 Released (use Perl). Version 0.1 of the CPANPLUS Perl module management system has been released.

PHP

PHP 4.2.0 rc 1 (PHP News). PHP News looks at the new PHP 4.2.0 rc1 release. Testers are being solicited, the official PHP 4.2.0 is scheduled for release on April 22, 2002.

PHP Weekly Summary for March 25, 2002. The March 25, 2002 PHP Weekly Summary features a preview of Zend Engine 2, PHP 4.2.0 rc 1, removal of PAM code from PHP, bug fixes, Java serialization, and Crypto++.

Python

Dr. Dobb's Python-URL!. Here's the Dr. Dobb's Python-URL! for March 26, 2002. Topics include exception handling, serving MS SQL with Python, the Python-bz2 compression library, and more.

PyKDE2: KDE Bindings for Python (O'Reilly). Stephen Figgins talks about a project that was built with PyKDE2, the KDE bindings for Python.

The Daily Python-URL. The latest entries on the Daily Python-URL include articles on Reportlab Toolkit version 1.13, an Introduction to Jython, NormalDate, python-bz2, and more.

Python 2.2.1c2. A second release candidate for the next Python bugfix release has been announced. "There haven't been many changes since 2.2.1c1, just a few fixes."

Ruby

The Ruby Garden. This week's Ruby Garden looks at modifying mkmf.rb to support frameworks, and mentions a Linux Journal article on Ruby.

Meanwhile, the Ruby Garden's Ruby Weekly News has announcements for ByteCodeRuby 0.1.1, vimRubyX, RubyMail 0.8, RubyFilter 0.8, rpkg 0.3.2, REXML 2.0.2, RUDL 0.6, FXRuby-1.0.3, and Rubyzip 0.4.1.

Tcl/Tk

This week's Tcl-URL!. The March 25, 2002 Tcl-URL! features a number of Tcl tips, obtaining #include capability, paths and package loading, supergrid, an Icon library, the Toucan IDE for the Palm platform, the State Machine Compiler, and more.

XML

Exploring XML Encryption, Part 1 (IBM developerWorks). Bilal Siddiqui introduces XML encryption on IBM's developerWorks. "XML Encryption provides end-to-end security for applications that require secure exchange of structured data. XML itself is the most popular technology for structuring data, and therefore XML-based encryption is the natural way to handle complex requirements for security in data interchange applications."

What's New in XPath 2.0 (O'Reilly). Evan Lenz compares XPath 2.0 to XPath 1.0. "A better way of describing XPath 2.0 is as an expression language for processing sequences, with built-in support for querying XML documents."

Web Service Sublimation (O'Reilly). Martin Gudgin and Timothy Ewald talk about the current state of Web Services on O'Reilly. "In the broadest possible sense, Web Services are an attempt to use XML to build distributed information processing systems that work across the Internet without necessarily requiring a browser as the client. Many present Web Services as a silver bullet that makes building this sort of system easy, but this view is naive. "

Integrated Development Environments

GNUstep Weekly Editorial. The March 22, 2002 GNUstep Weekly Editorial looks at the initial launch of the GNUstep developers' release, which splits the project into stable and an unstable trees.

Miscellaneous

Jext 3.1 pre2. A new version of the Jext programmer's editor has been released. This version replaces the stable version and features an updated ProjectMaster plugin.

Section Editor: Forrest Cook

 
Language Links
Caml
Caml Hump
Tiny COBOL
Erlang
g95 Fortran
Gnu Compiler Collection (GCC)
Gnu Compiler for the Java Language (GCJ)
Guile
Haskell
IBM Java Zone
Jython
Free the X3J Thirteen (Lisp)
Use Perl
O'Reilly's perl.com
Dr. Dobbs' Perl
PHP
PHP Weekly Summary
Daily Python-URL
Python.org
Python.faqts
Python Eggs
Ruby
Ruby Garden
MIT Scheme
Schemers
Squeak
Smalltalk
Why Smalltalk
Tcl Developer Xchange
Tcl-tk.net
O'Reilly's XML.com
Regular Expressions
   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Letters

See also: last week's Commerce page.

Linux and Business


The HRP-2P Linux-powered humanoid robot. [Linux robot] Longtime LWN friend Maya Tamiya has sent us a description of a new Linux-powered "hackable" humanoid robot called the HRP-2P; it is produced by Kawada Industries and AIST. There are press releases available from Kawada and AIST; they are in Japanese but the pictures are cool. The robot was built with a real-time Linux variant called ART-Linux.

Sharp and Handango announce Linux software store Zaurus Handheld. Sharp Electronics Corp. and Handango announced an alliance to provide Linux and Java software to users of Sharp's Linux-based Zaurus SL-5500 series handheld.

IBM and SuSE to offer 'enterprise ready' Linux services. IBM and SuSE have announced a deal wherein they will collaborate to provide "enterprise ready" Linux services to their customers. Among other things, the PR says "IBM will package and support turnkey implementations of SuSE Linux Enterprise Server (SLES), backed by SuSE's expert development, maintenance, and support teams."

CodeWeavers launches CrossOver Office. CodeWeavers has announced the launch of its "CrossOver Office" product, which allows Linux users to run Microsoft Office and Lotus Notes on their systems without a Windows license.

A Closer Look at Linux: Executives Gadre and DeWitt discuss Sun's Open Source strategy. Sun Microsystems has posted a page detailing the company's plans for Linux.

Protecting Creative Works in a Digital Age. The Senate Committee on the Judiciary has jurisdiction over intellectual property issues in the US Senate, including such issues as the DCMA. The Committee is working to craft copyright policies that advance the complementary goals of protecting copyrighted works, serving consumers and the public interest, and promoting the development of innovative technologies. They are inviting public comment. (Thanks to Jeffrey Burkeen)

The Book of SAX released. No Starch Press has announced the release of The Book of SAX, which covers the Simple API for XML.

Linux Based POS Terminals Increase 80% in 2001 According to IHL Consulting Group. The population of Retail Point of Sale Terminals running Linux in North America increased 80% according to a study from IHL Consulting Group.

Linux Stock Index for March 21 to March 27, 2002.

Press Releases:

Open Source Products

Distributions and Bundled Products

Proprietary Products for Linux

Embedded Linux Products

Products and Services Using Linux

Products With Linux Versions

Linux At Work

Java Products

Books & Documentation

Training and Certification

Partnerships

Section Editor: Rebecca Sobol.


March 28, 2002

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Letters

See also: last week's Linux in the news page.

Linux in the news


Recommended Reading

Bleak future looms if you don't take a stand (SiliconValley). Recommended reading: this call to action from Dan Gillmor on SiliconValley.com. "And insist that they reject anything resembling legislation introduced last week by Sen. Ernest Hollings, D-S.C. This favor to the entertainment moguls would lead us down a control-freak path of putting copy protection in every digital device. Tell them you don't want your PC to be neutered into an expensive DVD player. And tell them you don't want the Internet, the greatest enabler of free speech in history, to be reduced to online television."

Abe Lincoln and the internet pirates (Financial Times). Disney CEO Michael Eisner has an appalling Financial Times column telling us that Abraham Lincoln would have supported the CBDTPA. "Lincoln's affection for the internet would have stemmed from its power to unite. America's 16th president fought to hold the United States together. Nearly a century and a half later, he would have been thrilled to see the web make it possible for citizens from Key West to Kauai to share an enormous range of news, information and knowledge. But he undoubtedly would have disdained those who go to sites with names such as Gnutella, Madster, BearShare, Limewire, Swaptor, Morpheus or Rapigator to pilfer the intellectual property of others."

Anti-copy bill hits DC (Wired). Wired reports on the introduction of the SSSCA into the U.S. Senate. It has transformed into the "Consumer Broadband and Digital Television Promotion Act (CBDTPA)," but the intent is the same. "...the newly named CBDTPA says that all 'digital media devices' sold in the United States or shipped across state lines must include copy-protection mechanisms to be defined by the Federal Communications Commission."

See also: Senator Holling's remarks when introducing the legislation.

Proposed anti-piracy bill draws fire (News.com). CNET reports on a debate involving representatives from the recording industry, computer manufacturers, and the Open-Source Applications Foundation on the topic of recently proposed U.S. Government controls on digital media devices. "The debate comes days after Sen. Ernest "Fritz" Hollings introduced a bill that would ultimately require computer and consumer electronics companies to build piracy-prevention software into their products. Called the Consumer Broadband and Digital Television Act--once known as the Security Systems Standards and Certification Act--the bill has some powerful lobbyists including Hollywood studios Walt Disney and 20th Century Fox."

Anti-Copy Bill Slams Coders (Wired). Wired looks at how the CBDTPA would affect programmers. "According to the CBDTPA, any software with the ability to reproduce 'copyrighted works' may not be sold in the United States after the Federal Communications Commission's regulations take effect. Even programmers who distribute their code for free would be prohibited from releasing newer versions -- unless the application included federally approved technology."

Does it take hardware to repel pirates? (ZDNet). ZDNet covers the introduction of the CBDTPA (formerly SSSCA) in the Senate. "Bruce Schneier, chief technology officer for network protection firm Counterpane Internet Security, said the bill would essentially lock up all content in boxes controlled by copyright holders no matter what device or computer the information is on. The legislation would also have far-reaching effects on the software and computer industry, making almost all of today's software and hardware illegal and putting open-source software in a tight spot, he said."

Biting the Hand that Beats You (Linux Journal). Here's a rant from Doc Searls in the Linux Journal about the CBDTPA and those who are pushing for it. "But not Disney. Not News Corp. These guys are having trouble making the transition from potato farming to whatever comes next. They have no idea how to do business with resourceful human beings rather than passive vegetables. So they run to government for protection."

MS Office arrives on the Linux desktop (DesktopLinux). DesktopLinux.com reviews CrossOver Office from CodeWeavers. "CodeWeavers' new CrossOver Office product delivers on the long-standing goal of the Wine project: making it easy for anyone to successfully install and run Windows software on Linux systems, using a simple point-and-click process. It works so well, and the Windows programs that it currently supports run so smoothly, that it makes me feel slightly guilty -- as though I'm somehow cheating."

Councils want an Office alternative (vnunet). UK councils are looking into open source alternatives to Microsoft Office. "Local government user group Socitm has strongly criticised Microsoft's licensing policies. It is already in talks with Sun Microsystems about whether its StarOffice suite offers a realistic rival for authorities."

Commentary: StarOffice is now more viable (News.com). CNET looks into the viability of StarOffice as a replacement for Microsoft Office. "Many enterprises use the same version of Office companywide to standardize desktops. However, enterprises now realize that most workers consume information but don't create it, so they don't use more than 20 percent of the features in Office. At the same time, changes in Microsoft's license policy could force some customers to pay twice as much for the next version. Enterprises looking for alternative suites may eventually find one in StarOffice 6.0, which will likely become available in the second quarter. "

Raymond: Mac OS X too restrictive (ZDNet). ZDNet UK's Matthew Broersma talks to Eric Raymond about Apple's Public Source License. "Apple may be courting open-source developers with its Unix-based Mac OS X, but it doesn't have all open-source gurus convinced. Eric Raymond, the co-founder of the Open Source Initiative, told ZDNet UK that he, for one, finds Apple's "public source" licence too restrictive."

Open source wins Java rights (vnunet). According to Vnunet, Sun may be loosening its grip on the Java Testing Compatibility Kit license. In the past, the high price of the license has prevented its use by open source Java implementations. "The software giant has buckled following a campaign headed up by Apache on behalf of the open source community, which called on Sun to discontinue licences prohibiting Java compatible open source implementations, and make compatibility testing more accessible. "

Sun opens Java to Open Source community (Register). The Register covers Sun's plans to modify the JCP so open source community members can submit APIs for inclusion in Java specifications. "And, in a gesture of good-will, Sun will move some web services JSRs - currently navigating the JCP - to an open source license. Sun was unable to say which JSRs will be opened, but said all JSRs would eventually be moved to an open source license. JSRs are the working name of Java APIs before they graduate the JCP."

Red Hat exec questioned in antitrust case (Reuters). Reuters looks at on Michael Tiemann's testimony concerning the Microsoft antitrust case. "Wheeler tried to neutralize Tiemann's testimony on Monday by pointing out that Microsoft's settlement with the Justice Department would require Microsoft to make disclosures that would ensure compatibility with other companies' software.

But Tiemann said the settlement deal was vague and could allow Microsoft to continue withholding technical information competitors need to make sure their software works well with Microsoft products."

Linux Executive Accuses Microsoft (Associated Press). Red Hat CTO Michael Tiemann gave his views on Microsoft's proprietary extensions in a U.S. District Court, according to this article on the Associated Press. "'Some disclosure does not mean complete disclosure or substantial disclosure,' Tiemann said."

Testimony: Microsoft still intimidating (News.com). News.com carries this Reuters article about testimony in the Microsoft hearings. "Red Hat Chief Technology Officer Michael Tiemann told U.S. District Judge Colleen Kollar-Kotelly that computer makers had rebuffed his attempts in recent years to pre-install the Linux operating system on their machines because of fears that Microsoft would retaliate."

Makers of PCs Fear Wrath Of Microsoft (Washington Post). The Washington Post covers Michael Tiemann's written testimony for the federal court hearings on the sanctioning of Microsoft. "At one point in 2000, Red Hat had a deal with Dell to put Linux in desktop and laptop personal computers, but it was later abandoned, Tiemann testified. He said Dell balked at helping Red Hat do the necessary technical work to make Linux function because he was told Dell feared it would jeopardize its relationship with Microsoft."

Also, see ComputerWorld's article on the subject.

Microsoft Suggests Red Hat Short on Development for Competing Linux System (Dow Jones Newswires). According to this article a Microsoft attorney has accused Red Hat of doing too little to help itself. "Red Hat Inc. [a distributor of the competing Linux operating system,] has invested little to either develop applications that would run on Linux or to make third-party applications work, argued Microsoft attorney Stephanie Wheeler."

Free and Transparent software for all (Linux Valley). Linux Valley has this editorial (in Italian) about a Press Conference at Palazzo Madama (the Senate of Italy), in which Sen. Cortiana (Greens Federation) presented a proposed law regarding the introduction of Free Software in the public administration. Here is the Babelfish translation. (Thanks to Francesco De Carlo)

Don't give up hope on developers yet (ZDNet). On ZDNet, Robert K. Fullerton writes about advances in the promotion of new ideas. "The computer world is loaded with individuals with new, inventive ideas who are not afraid to trot them out. There are still many outlets for individual creativity. The whole Linux world, which is based upon that very premise, shows increasing promise. The open source movement is gathering proponents and appears increasingly viable -- even thriving. New companies will arrive to cash in on innovation; some will fail, a few won't. But that's no different than any other economic endeavor."

How Coder Cornered Milosevic (Wired). Wired News looks at Patrick Ball's work in the prosecution of Slobodan Milosevic. "Ball added it was important to note that human rights work 'is best served by free software, so that any group who wanted to reproduce my work could do so without a huge investment. I did the data processing using Python, we used MySQL, and all the data coding teams used Linux and Apache.'"

Companies

IBM calls up new Linux server (News.com). News.com covers IBM's latest Linux offering. "The company on Tuesday announced a new eServer based on the Linux operating system for the telecommunications industry. At the same time, Big Blue introduced a new Linux Service Provider Lab to test Linux software for telecommunications companies."

Mandrake Linux policy angers members (ZDNet). Some Mandrake Club members are not happy about a MandrakeSoft decision to allow only those members paying higher fees to download the latest StarOffice, now that Sun is charging for the office suite. "Because of this policy, the company changed the note on Mandrake Club's site from "All membership levels enjoy the same benefits," to "All membership levels enjoy almost the same benefits." This, however, left many of the original Club members feeling ripped off."

Inside Sun (ConsultingTimes). ConsultingTimes looks at the the marketing of StarOffice 6, and its relation to OpenOffice.org in an interview with Mike Rogers, vice president and general manager of desktop and office productivity at Sun. "Rogers: We are 100% in sync with OpenOffice.org and we'll stay so. That's not to say there won't be derivative products at OpenOffice.org -- people can take the source and do something to feed a niche market, supply a port to a platform we don't support, or a language that we don't support. That's all good."

SuSE infuses Blue blood into Linux (ZDNet). ZDNet looks at the relationship between IBM and SuSE. "SuSE, a German company that both Intel and IBM have small minority stakes in, does this by offering IBM's customers peace of mind. According to SuSE's [Jurgen] Deck, that peace of mind comes in the form of a 'single throat to choke if something goes wrong.' In addition to making sure that Linux is running smooth as silk on all of IBM's platforms, SuSE also makes sure that IBM's customers don't mistakenly move their Linux installations out of lockstep with what's supported by companies like Oracle and SAP."

Business

Linux Is Served (TechWeb). TechWeb looks at the sucess of Linux as a server. "With support from the major vendors, analysts predict that Linux installations will capture 32 percent of the Intel server market by year's end, up from 27 percent last year. Why? Linux is considered more robust and scalable than Microsoft's Windows NT. And users can modify Linux's open source code as needed."

Commentary: Ten key consequences (News.com). News.com has a Gartner Group pronouncement on the effects of the HP/Compaq merger - whether it happens or not. "Linux and IBM AIX will increase their support among independent software vendors, likely at the expense of HP/UX and Compaq Tru64."

Reviews

Zaurus Linux PDA makes wireless debut at JavaOne (Mobile Tech News). Mobile Tech News gives a sneak peak at the latest fun Linux device. "Sun and Sharp will be offering the long-awaited Zaurus Linux PDA bundled together with a Linksys 802.11b (Wi-Fi) interface card. Pricing has been set at $299 for the conference promotion. The unit comes pre-installed with the Linux operating system, and the PersonalJava virtual machine software."

Qtopia and embedded Linux showing up on smart phones soon (NewsForge). NewsForge reports on TrollTech's Qtopia. "Qtopia is a complete embedded application environment that is based on Qt and the Linux kernel. It stays smaller, requiring about 8MB of ROM, because it works directly with the Linux framebuffer -- there's no need for a bulky X11 server, or a window manager, or toolkits. [...] Qtopia is dual-licensed just like Qt. Free Software adherents can pick it up with the GPL, and commercial developers can take Qtopia with a proprietary, for-pay license that will let them keep their code private."

Humanoid robot goes to work on Linux (ZDNet). ZDNet UK covers the Kawada HRP-2P robot. "Linux is proving a popular choice for robotics, partly due to the flexibility of the operating system -- developers can customise the code freely for their own purposes. Fujitsu created a robot based on Linux last year, called Hoap-1 . In disclosing the internal architecture of Hoap-1 Fujitsu urged open-source developers to try and improve the robot's operating system code."

Linux Gets Even More Friendly (IT-Director). IT-Director examines new features in SuSE 8.0, KDE 3,0, and Mandrake Linux 8.2. "Linux is still not ready for large-scale deployment to users without significant local support available, but it is daily becoming more and more user friendly."

Miscellaneous

Making a success of 'Freeware' (IT-Director). This article proves that many people don't understand the nature of Open Source/Free Software licensing. "For a while it looked as though the Open Source community would be going down the same route -- dogmatically demanding that all software licensing is theft and saluting proudly as each new development sinks beneath the waves of Microsoft oppression."

Commentary: Trust no one (News.com). News.com has another Gartner Group opinion piece; this one is about security and actually shows some clue. "Unlike proprietary software security programs that don't open code for public scrutiny, open-source software allows for public viewing. This process allows open-source software vulnerabilities to be discovered faster than those in proprietary software, and the spiral release-and-enhance model used in well-managed open-source products will result in higher-security applications more quickly than in the typical waterfall model seen with commercial proprietary software."

RTAI goes (partly) GPL (LinuxDevices). Here's a LinuxDevices.com article on the RTAI license change. "In summary, the RTAI team made the switch to GPL to satisfy any lingering qualms by developers that there may be some kind of patent infringement risk when using RTAI. With the switch to GPL, the RTAI team is now convinced that RTAI meets the RTLinux patent license requirements and thus developers will not need any kind of license from the holders of the patent (FSMLabs)."

Section Editor: Forrest Cook


March 28, 2002

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Letters

See also: last week's Announcements page.

Announcements


Resources

Intro to X, Basic Tweaks for XFree86 Version 1.0 (Linux Orbit). Linux Orbit shows how to configure an XFree86 setup. "Do you have XFree86 version 4 running on your computer but haven't gotten it working just the way you want it? Maybe there are some features you would like to take advantage of, but don't know how. Or maybe you'd just like something more to experiment with. If you still can't even get a graphical screen, or the resolution isn't high enough for you, then you should seek information on a setup program called xf86config or XF86Setup. But if you need some configuration beyond that, then this article is for you. " (Thanks to John Gowin.)

How to get started editing video & audio with Linux (LinuxWorld). Joe Barr gives us an interesting tutorial overview of some tools that will turn your Linux box into a movie-making machine.

The KDE Cafe Opens Doors. A new email list, KDE Cafe, has been announced. "KDE-cafe is the virtual chill-out zone of KDE, a cross between slashdot and irc, a cross between the local pub and the opinions page of your newspaper."

PHPMagazin. A new publication about PHP, PHPMagazin is being published (in German).

Events

Forum International do Software Livre (Linux Journal). The International Forum of Free Software will be held in Porto Alegre, Brazil on May 2-4, 2002.

Embedded Systems Conference - Chicago. An Embedded Systems Conference in Chicago, Illinois, has been announced. The conference will take place from June 3 through 6, 2002.

Call For Papers: Open Source in the Organisation. The publication 'Systèms d' Information et Management' has issued a call for papers on the topic of open source in the organization. Submissions are due by July 21, 2002. "Although there is evidence of wide-spread industry adoption of both open source products and of open source processes and models, little research has been done to better understand the role of open source software in mainstream business organisations and on the cost, maintenance, economics and legal issues arising from Open Source."

samba eXPerience 2002 schedule. The schedule for the upcoming Samba eXPerience conference is now available online.

VoiceXML: Not Just an Obscure Markup Language (Dr. Dobb's). Shannon Cochran covers the recent VoiceXML Planet conference. "Speech technology, Beck pointed out, will be fundamental in the era of pervasive computing. 'The core technology works and people know that it works,' he said, but the market will be crippled until standards exist. VoiceXML is particularly attractive because it fits easily within the J2EE and web services architecture, supports a componentized development approach, and, with the tag, is flexible enough to accommodate platform-specific features as well."

Events: March 28 - May 23, 2002.
Date Event Location
April 3 - 6, 2002The Association of C & C + + Users Spring Conference(ACCU)(Heritage Motor Centre)Warwick, England
April 4 - 6, 2002GNOME Users And Developer European Conference(GUADEC)Seville, Spain
April 11 - 12, 2002Zope BBQ 2002, EuropeBerlin, Germany
April 24 - 27, 2002Federal Open Source Conference(Ronald Reagan Building)Washington DC
April 29 - 30, 2002Samba eXPerience 2002(Hotel Freizeit)GŲttingen, Germany
May 2 - 4, 2002The International Forum of Free SoftwarePorto Alegre, Brazil
May 13 - 16, 2002O'Reilly Emerging Technology ConferenceSanta Clara, CA., USA
May 18 - 22, 2002The 13th Annual Borland Conference(BorCon)(Anaheim Convention Center)Anaheim, CA
May 19 - 24, 2002XML Europe 2002 Conference & Exposition(Princesa Sofia Inter Continental)Barcelona, Spain

Additional events can be found in the LWN Event Calendar. Event submissions should be sent to lwn@lwn.net in a plain text format.

Section Editor: Forrest Cook.


March 28, 2002

   

 

Software Announcements


Here are this week's Freshmeat software announcements. Freshmeat now offers the announcements sorted in two different ways:

The Alphabetical List and Sorted by license

 

Our software announcements are provided courtesy of FreshMeat

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Letters

See also: last week's Letters page.

Letters to the editor


Letters to the editor should be sent to letters@lwn.net. Preference will be given to letters which are short, to the point, and well written. If you want your email address "anti-spammed" in some way please be sure to let us know. We do not have a policy against anonymous letters, but we will be reluctant to include them.

March 28, 2002

   
From:	 Keith Owens <kaos@ocs.com.au>
To:	 letters@lwn.net
Subject: Exit sections and monolithic kernels
Date:	 Fri, 22 Mar 2002 14:02:41 +1100

You say
> useless "undefined reference to `local symbols in discarded section
> .text.exit'" message that accompanies a failed link

These messages are not useless, on the contrary they are detecting
coding errors where people call functions that have not been included
in the kernel.  These are kernel bugs just waiting to happen.  When
binutils started checking for dangling references, it flushed out
several coding errors.  The down side is that we have to tell the
kernel which dangling references to ignore, using __devexit_p.
   
From:	 Stephen.Schaefer@emis-intl.com
To:	 letters@lwn.net
Subject: Re: [m]ore GPL confusion
Date:	 Mon, 25 Mar 2002 23:55:32 -0500 (EST)

In my understanding of the GPL, there is an important freedom one
retains when using GPL software: you are under no obligation until you
transfer rights in the software (``give it'') to someone else.  If you
obtain a copy and modify it for your own use, noone's going to track you
down and require you to divulge the changes *unless and until* you
provide the software to someone else.  IANAL, but it seems you could go
so far as to provide services using the modified GPL software, again, so
long as you did not distribute the software itself to any other entity.
Otherwise, there would be no need for the Affero GPL, in which such
occlusion of the service is specifically prohibited.

Example: suppose you take GPL scheduling software and modify it to
include your cement company's trade secret algorithm for scheduling
cement trucks.  Are you in any way required to divulge your
modifications?  No.  Suppose you start offering cement truck
scheduling as a service to other cement companies.  Unless the
scheduling software was published under the Affero GPL, you can still
keep your trade secret.  Now suppose you wanted to sell cement truck
scheduling software.  It is only in this case that you would be
required to choose between replacing all the GPL licensed code with
differently licensed code (possibly with the same code, but licensed
differently from the copyright holder), or publishing the full source
and developing a service-oriented business model supporting and
refining the published software.

For reasons I don't understand, people cannot seem to comprehend that
although Free Software advocates want universal participation,
we do not, through the GPL, compel it.  The GPL is a highly pragmatic
compromise.  The world would be unimaginably richer if information *were*
free, but GPL software is no more than an invitation to a beguiling
half shadow of that world.

	- Stephen P. Schaefer

   
From:	 =?ISO-8859-15?Q?Leandro_Guimar=E3es_Faria_Corsetti_Dutra?=
	 <leandrod@mac.com>
To:	 letters@lwn.net
Subject: Hurd and proprietary software
Date:	 Thu, 21 Mar 2002 09:56:07 +0100

 > We are working at clarifying things further, in an attempt to
 > discover (and fairly represent) what the Free Software
 > Foundation's objections are with regard to the existing, fully
 > free distributions. Stay tuned...

	No work needed here.  The meaning of RMS' declaration is clear, and 
clearly documented in the FSF site, besides being clear in the 
history of the relation between Debian and GNU.  While Debian and 
GNU work closely together, and at one time Debian was considered to 
be part of GNU, their differences is that GNU wants to be completely 
free, while Debian has this hair-splitting about providing 
proprietary software (along with free software that depends on 
proprietary software) as add-ons to the official, completely free 
standard Debian software distribution.


-- 
  _
/ \ Leandro Guimar„es Faria Corsetti Dutra        +41 (21) 216 15 93
\ / http://homepage.mac.com./leandrod/        fax +41 (21) 216 19 04
  X  http://tutoriald.sf.net./               Orange Communications CH
/ \ Campanha fita ASCII, contra correio HTML      +41 (21) 644 23 01
   
From:	 Leon Brooks <leon@cyberknights.com.au>
To:	 Jeroen Dekkers <jeroen@dekkers.cx>
Subject: A flying Hurd
Date:	 Sat, 23 Mar 2002 21:20:34 +0800
Cc:	 letters@lwn.net

> The following sentence doesn't make much sense to me either: "Thus,
> it seems unlikely that the HURD will mount a substantial challenge
> to the established free kernels anytime soon."

Pretty easy to understand, really, since you already have all of the pieces 
of the problem:

> Although the current implementation doesn't show it, the design of
> the Hurd and the ideas behind it really rock.

...words 2 through 7 are your answer.

When the current implementation does show it, the Hurd will have acheived 
airspeed. And impressive it will be, as well, there's lots of drool-over and 
kick-ass stuff in there.

Given the time it's taken so far, the Hurd's logo really does need to be a 
squadron of winged pigs (it will win hearts, trust me), or perhaps the Spruce 
Goose, but I think most of the Hurd's team members take it too seriously to 
let that happen. (-:

Cheers; Leon
   
From:	 wa6cvl@sbcglobal.net
To:	 letters@lwn.net
Subject: abe lincoln and the digital pirates
Date:	 Wed, 27 Mar 2002 11:39:00 -0800
Cc:	 wa6cvl@qsl.net

       Mr Eisner:
        I just read your essay that was posted to the Financial Times. I
feel sorry for the problems that you're having. And I respect the
existance ofthe Capitalist system that we enjoy. But contrary to popular
thought, Capitalists (such as yourself) should not be protected and enhanced by
government intervention. Your tale of woe ignores the fact that copyrights
were once of shorted duration, that they were non-renewable, that "Fair Use"
was a bonafide consideration. These laws were originally written to protect
individuals, not corporations. In the spirit of freedom.  I believe that the
government should become less involved.. And mr eisner, intellectual
property rights are not synonamous with monopoly rights..
        Instead of talking about the CBDTPA as a solution, let's look at a
CBDTPA assault of the automobile and the freeway system.
        In  the following analogy:
        1. Any Vehicle = digital device such as a computer.
        2. Roadways   = networks

Be it proposed that it be prohibited to build or modify any vehicle that can
be used in in criminal activity. Such vehicle should not be function in the
commission of any crime, or even the appearance of a crime. If necessary,
the USA will fund and innovate measures to ensure that such standard can be
innovated. Fair Use will not be allowed to any vehicle that is even capable
of being  used in a criminal manner.
        Gosh, Mr Eisner, with your guidance, we could interpret a crowbar in
the trunk as a burglary tool, and insist that car automatically disable..
        If this proves fully successful, we will extend to Political
Correctness cause also..
        Perhaps the government can fund a plan to identify wrong doing in
advance. If your car stops suddenly, you must've been about to do
something bad.....

        AND SO ON.......

de jerry
   
From:	 "Howland, Curtis" <howlandc@kvh.co.jp>
To:	 <letters@lwn.net>, <dlc@radix.net>
Subject: Seen in the March 21st Letters...
Date:	 Wed, 27 Mar 2002 11:25:40 +0900

Dear LWN,

In the March 21st letters section, David Craig considers the statement that
"Yes, it's true: the U.S. government really wants to outlaw free software."
to be inflammatory and beneath the journalistic standards I have come to
expect from your Web site."

I consider the statement, if actually written by LWN, to be rather a mild
understatement. A cursory glance at the 5 Million laws on the books in
America demonstrate that control over ones own life, be it in terms of
labor or software, is the last thing that the various governments in the
U.S. want you to have.

Government is about control. Free software, as in beer or speech, endangers
that control.

Curt-


---
Written from, not for, work.
   
From:	 "jacob navia" <jacob.navia@wanadoo.fr>
To:	 <letters@lwn.net>
Subject: zlib
Date:	 Sat, 23 Mar 2002 22:22:24 +0100

zlib corrupts malloc data structures via double free. This vulnerability
impacts all major Linux vendors. It may impact every Linux installation on
Earth. Updates are required to zlib and any packages that were statically
built with the zlib code

Wouldn't be a good idea to modify free() so that it never frees twice?

When a pointer is passed to it, free should look up if the address is a valid
address, and set an error flag and do nothing if the address is incorrect.

This does not mean that a huge list of addresses must be maintained, but just
some range checking could greatly speed up the process.

I do not think that writing a better free() is completely beyond the reach of
the clib people isn't it?

This would fix all of those bugs in Linux forever, without any need for
patching all buggy applications, or waiting till all those bugs surface!

But who develops now for security?



   
From:	 "Robert A. Knop Jr." <rknop@pobox.com>
To:	 letters@lwn.net
Subject: A note of praise for Seagate
Date:	 Tue, 26 Mar 2002 18:36:36 -0600

I was having some trouble reading a DDS3 tape written with an HP drive
on a Seagate Archive Python 04016 DDS3 drive.  It turned out that the
solution was that I needed to issue a "mt setblk 10240" command on the
Seagate drive to get the blocksize it was using set for how the tape was
written.  However, along the way I cruised by Seagate's support site for
the drive, and saw that there was a firmware upgrade available.  I was
prepared to be annoyed, as the firmware upgarde was a DOS archive
including a program to run to patch the upgrade.  (I don't run Windows
or DOS at all on the machine with the tape drive.)

However, poking around, I discovered that Seagate's got a diagnostic and
firmware patching program available for Linux (in addition to Netware,
Windows, and Solaris).  Hence, I was able to upgrade my firmware (even
though that wasn't the solution to the problem at hand).  This utility
may be found on:

  http://www.seagate.com/support/tape/utils/stdiag.html

I don't know if there is a central information clearinghouse for how
"linux frendly" various vendors are.  You can find that information for
scanners on the SANE page, for printers on the gimp-print page, and for
other devices *sometimes* on their pages.  This is the sort of
information that would be nice to have, however, before making purchase
decisions.

-Rob Knop
rknop@pobox.com
   
Eklektix, Inc. Linux powered! Copyright © 2002 Eklektix, Inc., all rights reserved
Linux ® is a registered trademark of Linus Torvalds