[LWN Logo]
[LWN.net]

Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise news for all interests


Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Letters

Other LWN stuff:
 Daily Updates
 Calendar
 Linux Stocks Page
 Book reviews
 Penguin Gallery

 Archives/search
 Use LWN headlines
 Advertise here
 Contact us

Recent features:
- RMS Interview
- 2001 Timeline
- O'Reilly Open Source Conference
- OLS 2001
- Gaël Duval
- Kernel Summit
- Singapore Linux Conference
- djbdns

Here is the permanent site for this page.

See also: last week's LWN.

Leading items and editorials


Measuring total cost of ownership. A claim that is often made by free software detractors is that free software is not really cheaper. Initial licensing fees, it is said, make up a very small part of the "total cost of ownership" (TCO) of a computing system. Once you figure in the costs of ongoing operations and support, free software no longer looks like a very good deal.

In reality, there is very little in the way of real data which demonstrates, one way or the other, whether a free or proprietary software shop is cheaper to run. So it was refreshing to see information from two separate sources which fills that gap this week. The bottom line from both sources is the same: running an operation with free software costs less.

First, consider a survey done by Cybersource (available in PDF format) which looks directly at the TCO issue. The folks at Cybersource look at two scenarios for outfitting a company with a server and desktop infrastructure, with and without the need to buy new hardware. The survey considers hardware and software costs, and the costs of the staff required to keep things going. The final conclusion: a Linux-based infrastructure has a 25% lower TCO over three years if new hardware is part of the deal; 34% lower if existing hardware is to be used.

The survey could be attacked as being simplistic. The only software cost for the Linux-based network is $79.95 (Australian) for a single copy of a commercial distribution. The possibility that a company may need to buy any proprietary packages is not considered. The survey also does not consider retraining and other migration costs - a point which is often made by proprietary software companies, and which should be taken into account (but see the next item, below). Cybersource found that Linux system administrators cost a bit more than Windows administrators, but does not account for the (generally unmeasured) perception that Windows systems require more administrative time than Linux systems. And so on.

No such survey is going to be perfect, however - real-world networks are complicated things. This survey is, however, a useful contribution to the debate.

The other data point comes from a very different source, and was never meant to be presented as a TCO comparison. Consider Dell's new dedicated hosting service, and, in particular, the D-2800 offering. This service offers a respectable system (Pentium 850, 256MB, 20GB, 21GB/month bandwidth) in two configurations:

  • Red Hat Linux 7.1: $189/month.
  • Windows 2000: $239/month.

The folks at Dell are not out to prove a point about which system is better. They are running a business, and have figured out a competitive price at which they can offer each service. The total cost of ownership of each system will have been figured into the hosting costs they charge their customers. The result is decisive: with identical hardware and bandwidth provision, the Linux system is 21% cheaper. Not a bad result.

Microsoft vs. Peru. These events transpired in late March and early April, but we in the North can be a bit slow at times.... Peru, like a number of countries, is considering legislation which would require the use of free software within the government whenever possible. Microsoft, strangely enough, does not like that idea. So, on March 21, Juan Alberto González, general manager of Microsoft Perú, sent a letter to Edgar Villanueva Nuńez, the Peruvian congressman behind the free software bill. This letter is available on the net translated to English; those wanting to read the original Spanish version can find it (as a set of scanned images) on this page.

The letter raises the usual points heard from Microsoft when it is worried about free software:

  • Use of free software will "discourage local and international software manufacturers who make real and important investments in the country."

  • Free software presents security risks, comes with no warranty, and may violate "the intellectual property rights of third parties."

  • Free software is not really free (of charge), and, in any case, licensing costs are a small part ("8%") of the total cost of ownership.

  • The state could benefit from Microsoft's volume pricing schemes (despite the fact that Microsoft just claimed that licensing costs are almost insignificant).

  • Moving to free software imposes migration costs.

  • The level of service available for free software is inadequate.

  • Using free software will discourage creativity in the Peruvian software industry. "With a law encouraging the use of open source software, programmers lose their intellectual property rights and their most important source of remuneration."
And so on.

Government officials in many countries seem to eat that sort of stuff up. So it is delightful to read Mr. Villanueva's highly clueful response (in Spanish or English translation). We'll present a few excerpts here, but it is worth the effort to read the whole (somewhat lengthy) thing.

Mr. Villanueva starts by reiterating the goals of the free software bill, which Microsoft passed over entirely in its criticism:

  • Free access to public information
  • Permanence of public data
  • Security of the state and its citizens

These goals, he argues, can only be achieved with free, open source code and file formats. Not all free software users are much concerned with freedom, but governments should be. Microsoft's arguments pass over freedom and look at economic issues; it is good to see that this congressman is able to keep the freedom argument in view.

Once that is done, however, Mr. Villanueva proceeds to demolish the economic arguments as well. Concerning, for example, the claim that the local software industry would be damaged:

In addition, a reading of your opinion would lead to the conclusion that the State market is crucial and essential for the proprietary software industry, to such a point that the choice made by the State in this bill would completely eliminate the market for these firms. If that is true, we can deduce that the State must be subsidizing the proprietary software industry. In the unlikely event that this were true, the State would have the right to apply the subsidies in the area it considered of greatest social value; it is undeniable, in this improbable hypothesis, that if the State decided to subsidize software, it would have to do so choosing the free over the proprietary, considering its social effect and the rational use of taxpayers money.

With regard to Microsoft's security claims:

What is impossible to prove is that proprietary software is more secure than free, without the public and open inspection of the scientific community and users in general. This demonstration is impossible because the model of proprietary software itself prevents this analysis, so that any guarantee of security is based only on promises of good intentions (biased, by any reckoning) made by the producer itself, or its contractors.

Mr. Villanueva also sees through the "no warranty" argument:

If as a result of a security bug in one of your products, not fixed in time by yourselves, an attacker managed to compromise crucial State systems, what guarantees, reparations and compensation would your company make in accordance with your licensing conditions? The guarantees of proprietary software, inasmuch as programs are delivered ``AS IS'', that is, in the state in which they are, with no additional responsibility of the provider in respect of function, in no way differ from those normal with free software.

Mr. Villanueva takes issue with the cost of ownership arguments, making many familiar points: there is a more competitive market for services, fixes only need be done once, far fewer problems with downtime, "blue screens of death," viruses, etc. He also has an answer to the claim that migration costs make free software uncompetitive:

Once a policy of using free software has been established (which certainly, does imply some cost) then on the contrary migration from one system to another becomes very simple, since all data is stored in open formats. On the other hand, migration to an open software context implies no more costs than migration between two different proprietary software contexts, which invalidates your argument completely.

For what it's worth, Microsoft is far less concerned about migration costs on its Migrating to Windows from Unix and Linux pages.

One last point worth careful study is Mr. Villanueva's analysis of the failure of Mexico's "Red Escolar" project, which has backed off from its goal of running free software in all of Mexico's schools. Red Escolar failed because it emphasized licensing costs over the other benefits of free software, because it lacked support from the federal government, and, crucially, because there was no real plan for moving over to free software:

...the assumption was made that to implant free software in schools it would be enough to drop their software budget and send them a CD ROM with Gnu/Linux instead. Of course this failed, and it couldn't have been otherwise, just as school laboratories fail when they use proprietary software and have no budget for implementation and maintenance. That's exactly why our bill is not limited to making the use of free software mandatory, but recognizes the need to create a viable migration plan, in which the State undertakes the technical transition in an orderly way in order to then enjoy the advantages of free software.

This is an important realization: you can't just mandate free software and expect it to work. The fact that Peru is thinking about how this change is to be made, and that it is not "free beer" free, is a hopeful sign.

Increasingly, governments are realizing that the goals of freedom of information and security conflict with the use of proprietary software. Most national governments are also well at ease with the notion that they don't have to send all that money to a large, U.S. corporation which has been convicted of antitrust violations. Said corporation does not like this trend, and can only be expected to fight back fiercely. In Peru, however, the company has so far found itself rather outclassed.

LWN now accepts credit cards. Numerous people have asked us for an alternative to PayPal as a means for donating to LWN or paying for advertisements. We may be slow, but we don't forget...we now have secure credit card processing working on the site. If you have been waiting for a non-PayPal way to donate to LWN, now is your chance.

Inside this LWN.net weekly edition:

  • Security: Honeynet Reverse Challenge; tcpdump & FreeBSD; GnuPG 1.0.7
  • Kernel: The end of /proc/ide; kbuild 2.5 and modversions.
  • Distributions: Yet another revision (to the LWN Distributions List); The Arabization of Linux.
  • Development: Samba 2.2.4, SocketCC, Google search modules, Rosegarden 4v0.1.5, GARNOME preview 6, game contest, FLTK 1.1.0rc1, GnuPG 1.0.7, SBCL 0.7.3, Parrot answers, OProfile 0.2.
  • Commerce: Red Hat Launches New Channels to Support Education; EUCD status Wiki established.
  • Letters: Mandating the GPL.
...plus the usual array of reports, updates, and announcements.

This Week's LWN was brought to you by:


May 9, 2002

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Letters

See also: last week's Security page.

Security


News and Editorials

The Honeynet Project Reverse Challenge. The Honeynet Project has announced a new challenge for the security community. It differs from last year's Forensic Challenge, however: "The goal of this challenge is to develop reverse engineering skills amongst the security community. Your mission, if you should choose to accept, is to analyze and report on a binary captured in the wild." The captured binary was released on May 5th. There are actually prizes being offered this time around.

Jeffrey Reava has suggested a couple of resources that "may be helpful in putting together an analysis environment." Please remember that the subject is a binary "captured in the wild" and take appropriate precautions.

NewScientist.com has also run an article about the contest.

Security Reports

Multiple vulnerabilities in tcpdump. Version 3.5.2 fixed a buffer overflow vulnerability in all prior versions. However, newer versions, including 3.6.2, are vulnerable to another buffer overflow in the AFS RPC functions that was reported by Nick Cleaton.

This Conectiva announcement addresses both vulnerabilities. The February 12th Red Hat security advisory updates tcpdump to version 3.5.2, which does not have the AFS vulnerability.

Both problems appear to have been reported and fixed in FreeBSD some months ago. The CIAC report on the vulnerability in versions prior to 3.5.2 is dated October 31, 2000. Nick Cleaton's FreeBSD security advisory on the AFS RPC bug, and reference to a fix for FreeBSD, is dated July, 17, 2001. Tcpdump 3.7 was released on January 21, 2002. So the Linux distributors are running a little slow on this one. (Thanks to Michael Richardson).

Heap corruption vulnerability in imlib. A new problem has been found with the imlib library; this heap corruption bug could, perhaps, lead to remote exploits. Note that this is a different problem than the NetPBM vulnerability (reported below); a new update is required to fix it. So far, the only update we have seen for the new vulnerability is this one from Conectiva.

Webmin/Usermin vulnerabilities. Webmin is a web-based interface for system administration for Unix. Webmin has cross-site scripting and session ID spoofing vulnerabilities which are fixed in version 0.970.

Gentoo security update to evolution. There is a security update to evolution available for Gentoo Linux fixing the malformed header processing vulnerability in that package.

Red Hat Security Advisory: Nautilus. Red Hat has posted a security update to nautilus. "The metadata file code in Red Hat Linux 7.2 can be tricked into chasing a symlink and overwriting the symlink target."

SuSE security update to sysconfig. SuSE has updated its sysconfig package fixing a (SuSE-specific) problem where DHCP clients can be compromised via spoofed DHCP reply packets.

Packet Storm warning. "On May 5, a file was added to Packet Storm which was found to contain a linux virus known as Linux.Jac.8759. The file, 73501867, is an exploit for PHP in binary form." Packet Storm is "a non-profit organization comprised of security engineers dedicated to providing the information necessary to secure the World's networks." (Thanks to Giorgio Zoppi).

Updates

Problem loading untrusted images in imlib. Versions of imlib prior to 1.9.13 used the NetPBM package in ways which "make it possible for attackers to create image files such that when loaded via software which uses Imlib, could crash the program or potentially allow arbitrary code to be executed." (First LWN report: March 28).

This week's updates:

Previous updates:

mod_python remote vulnerability. Version 2.7.7 of mod_python has been announced. "This release (as far as I could tell adequately) addresses the security issue whereby a module indirectly imported by a published module could then be accessed via the publisher." Upgrades are recommended. (First LWN report: April 18).

This week's updates:

Mozilla XMLHttpRequest file disclosure vulnerability. This XMLHttpRequest security bug impacts all Mozilla-based browsers. "The bug is found in versions of Mozilla from 0.9.7 to 0.9.9 on various operating system platforms, and in Netscape versions 6.1 and higher." (First LWN report: May 2).

This week's updates:

Previous updates:

  • The fix is in Mozilla 1.0 branch nightly builds dated 2 May 2002 or later.

ZDNet also covered the vulnerability with a focus on its presence in Netscape.

Resources

Linux security week. The Linux Security Week and Linux Advisory Watch publications from LinuxSecurity.com are available.

GnuPG version 1.0.7 released. Version 1.0.7 of the Gnu Privacy Guard (GnuPG), the open replacement for PGP has been released. This version features a large number of changes and improvements.

Events

Upcoming Security Events.

Mark your calendars - DEFCON 10. The announcement has gone out: DEFCON 10, "largest hacker convention on the planet," will be held August 2 to 4 in Las Vegas.

Date Event Location
May 9, 2002Stanford's Center for Internet and Society Conference on Computer Security Vulnerability Disclosure(Stanford Law School)Stanford, CA, USA
May 12 - 15, 20022002 IEEE Symposium on Security and Privacy(The Claremont Resort)Oakland, California, USA
May 13 - 14, 20023rd International Common Criteria Conference(ICCC)Ottawa, Ont., Canada
May 13 - 17, 200214th Annual Canadian Information Technology Security Symposium(CITSS)(Ottawa Congress Centre)Ottawa, Ontario, Canada
May 27 - 31, 20023rd International SANE Conference(SANE 2002)Maastricht, The Netherlands
May 29 - 30, 2002RSA Conference 2002 Japan(Akasaka Prince Hotel)Tokyo, Japan
May 31 - June 1, 2002SummerCon 2002(Renaissance Hotel)Washington D.C., USA
June 17 - 19, 2002NetSec 2002San Fransisco, California, USA
June 24 - 28, 200214th Annual Computer Security Incident Handling Conference(Hilton Waikoloa Village)Hawaii
June 24 - 26, 200215th IEEE Computer Security Foundations Workshop(Keltic Lodge, Cape Breton)Nova Scotia, Canada

For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net.

Section Editor: Dennis Tenney


May 9, 2002

LWN Resources
Security alerts archive

Secured Distributions:
Astaro Security
Castle
Engarde Secure Linux
Immunix
Kaladix Linux
NSA Security Enhanced
Openwall GNU/Linux
Trustix

Security Projects
Bastille
Linux Security Audit Project
Linux Security Module
OpenSSH

Security List Archives
Bugtraq Archive
Firewall Wizards Archive
ISN Archive

Distribution-specific links
Caldera Advisories
Conectiva Updates
Debian Alerts
Kondara Advisories
Esware Alerts
LinuxPPC Security Updates
Mandrake Updates
Red Hat Errata
SuSE Announcements
Turbolinux
Yellow Dog Errata

BSD-specific links
BSDi
FreeBSD
NetBSD
OpenBSD

Security mailing lists
Caldera
Cobalt
Conectiva
Debian
Esware
FreeBSD
Kondara
LASER5
Linux From Scratch
Linux-Mandrake
NetBSD
OpenBSD
Red Hat
Slackware
Stampede
SuSE
Trustix
turboLinux
Yellow Dog

Security Software Archives
munitions
ZedZ.net (formerly replay.com)

Miscellaneous Resources
CERT
CIAC
Comp Sec News Daily
Crypto-GRAM
LinuxLock.org
LinuxSecurity.com
Security Focus
SecurityPortal

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Letters

See also: last week's Kernel page.

Kernel development


The current development kernel is 2.5.14, released on May 6. This release includes the usual IDE reworking, a big Bluetooth update, an NTFS update, and a bunch of VM/buffer management work. As Linus points out, many of the changes in this kernel affect fundamental layers of the VM and buffer management subsystems; "backups are always a good idea." There have been few complaints, however.

The buffer management changes, which have been working their way in over the last few development kernel releases, make substantial progress toward the goal of eliminating the buffer cache as such. The "buffer head" data structure, increasingly, is used for I/O management and little else. With the recent patches (by Andrew Morton), writeback of dirty I/O pages is done directly out of the page cache, rather than by scanning a list of buffer heads. In a subtle (but important) change, page writeback is now done without locking the page, allowing certain other concurrent uses and reducing lock contention. The change improves performance, but requires kernel developers to be aware that an unlocked page could have write I/O operations active on it. Other changes include hashed wait queues for buffer heads (saving a chunk of memory) and a new way of handling readahead values, which eliminates another ugly global array from the block layer.

The latest prepatch from Dave Jones is 2.5.14-dj2, which adds a reworking of the x86 initialization code and a relatively small set of other patches.

The latest 2.5 Status Summary from Guillaume Boissiere is dated May 7.

The current stable kernel release is 2.4.18. After a long pause, a new 2.4.19 prepatch (2.4.19-pre8) came out on May 2. Marcelo says that there will be just one more prepatch before the first 2.4.19 release candidate. -pre8 includes a big m68k update, many patches from the -ac series, and lots of other fixes.

Alan Cox has released 2.4.19-pre8-ac1, which merges with -pre8 but adds no other changes.

The end of /proc/ide. The week would not be complete without some discontent over Martin Dalecki's IDE changes. The problematic change this time around was his IDE 57 patch, which removes the code implementing /proc/ide. This directory, and those beneath it, provide a wealth of information about the IDE drives on the system: their geometry, how they are configured, etc.

Martin has a couple of complaints about how /proc/ide works. The most important of those is that changing drive settings requires a fair amount of attention to return values, error handling, etc. which "is very unlikely to be implemented in bash." The ability to tweak drive settings should be limited to "real" programs using the ioctl() interface. The other complaint is, simply, that the /proc/ide code is large, about 34KB.

The thing is, of course, that some people like to have the information available in /proc/ide. Some of that information can be obtained from the hdparm command, but not all of it. Until somebody steps in and fills the gap, it is going to be harder to look into the IDE subsystem.

While some people complain about the continual flux and removal of features in the IDE subsystem, Linus thinks it's a good thing:

Who cares? Have you found _anything_ that Martin removed that was at all worthwhile? I sure haven't.

Guys, you have to realize that the IDE layer has eight YEARS of absolute crap in it. Seriously. It's _never_ been cleaned up before. It has stuff so distasteful that it's scary.

So the IDE reworking process is likely to continue.

Is kbuild 2.5 really ready for inclusion? LWN recently stated that, with the solving of the kbuild 2.5 performance problems, detractors were going to have to find some other reason to keep the new system out of the kernel. Well, it seems they have been trying.

The big complaint now is that modversions does not work in kbuild 2.5. Modversions, of course, is a mechanism which attempts to make binary modules loadable into multiple kernel versions without recompilation; it is much appreciated by distributors, binary software vendors, and users who like to be able to upgrade kernels without having to rebuild their external modules.

Essentially, modversions works as follows. A utility program shipped with the kernel (genksyms) is run as part of the kernel build process. It looks at every interface exported by the kernel, and calculates a checksum based on the types used in that interface. Thus, for example, it may look at the prototype for kmalloc():

	void *kmalloc (size_t size, int flags);
From the name, the void * return type, and the types of the arguments it generates (say) a checksum of 93d4cfe6. Through a bit of a long process, any module which is compiled for this kernel will include a definition (essentially) like:
	#define kmalloc kmalloc_R93d4cfe6
The module will thus expect to link against the mangled version of the name, not straight kmalloc.

The mangled names are not used for hard linking within the kernel. They do, however, find their way into the kernel symbol table (and can thus be seen in /proc/ksyms). When insmod is used to load a module, it checks the mangled names against the symbol table, and will only load the module if they match. Thus, if the interface to some function has changed, the insert will fail and the module will have to be recompiled.

In practice, it doesn't always work quite that well. genksyms can find interface changes, but it is unaware of numerous other changes which can make a module unsuitable for insertion into any given kernel. One of these issues (SMP versus uniprocessor) is handled in the kernel makefiles, since it is a common and devastating case. But other options - preemptable kernel, memory model, etc. - are not caught, and can result in the loading of a module which brings down the system. There are also scenarios where modversions can fail to catch an interface change if the user is not careful.

Kernel developers themselves rarely turn on modversions; it does not normally help them, adds extra processing, and it has a hackish feel that turns people off. So it is surprising to see complaints about modversions not working in kbuild 2.5, especially since kbuild developer Keith Owens has said that he plans to fix it once kbuild is part of the mainline kernel. In fact, he plans to fix it right, using the same emphasis on getting the right result that he has applied to the rest of the kbuild system. So modversions will be back for the next stable series, which is the only time it really matters.

SELinux as a Linux Security Module. The NSA's Security Enhanced Linux is one of the better-known high-security Linux distributions. SELinux was also one of the first demonstrations of a security structure built upon the Linux Security Module (LSM) patch. The SELinux hackers have now posted a report describing how SELinux was implemented over LSM. It's worthwhile reading for anybody who is interested in how the LSM patch works, or in how a high-security system can be built over the Linux kernel.

Other patches and updates released this week include:

Kernel trees:

Core kernel code:

Development tools:

Device drivers

Filesystems:

Kernel building:

Miscellaneous:

Networking:

Section Editor: Jonathan Corbet


May 9, 2002

For other kernel news, see:

Other resources:

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Letters

See also: last week's Distributions page.

Distributions


Please note that security updates from the various distributions are covered in the security section.

News and Editorials

Yet another revision (to the LWN Distributions List). When LWN released the newly revised LWN.net Linux Distributions List last February, several people wrote to ask if we could add a table of contents to make it a bit easier to navigate. It took a while to get there, but we are pleased to announce that a table of contents has been added. Now you can find your way to any category with a single click.

As part of the ongoing maintenance of the list we have found two distributions that seem to have disappeared. The Linux Cyrillic Edition, once found at http://www.usoft.spb.ru/Graphic/English/Products/products.html, and LEM, once found at http://linux-embedded.com/, are both gone. As usual, before deleting these distributions from the list we are asking our very knowledgeable readers if they have additional information for either one.

The Arabization of Linux. This week an article from the Arab News showed up at LWN. The article covers several topics, but in particular, it says, "Investment in Linux associated Arabization has not been made by governments or educational institutions. This is a mistake. In the long-term, Arabization of Linux will cost less than licensing fees."

The government may not be helping out much, but we are pleased to report that Haydar Linux and the Arabeyes Project are making progress in this area. The Arabeyes Project is aimed at fully supporting the Arabic language in the Unix/Linux environment. The project is working closely with Haydar Linux to produce a Linux distribution with full Arabic language support. They are getting closer to this goal as Haydar Linux has announced its first beta release. This beta release is meant for programmers and experts to test and report the bugs and problems.

Distribution News

Debian Weekly News for May 1st. The latest edition of the Debian Weekly News is available for your enjoyment. Covered topics include the LILO boot screen, the Debian Developer Portal, the preliminary Woody release announcement, and more.

Mandrake Linux Community Newsletter. The Mandrake Linux Community Newsletter for May 2 is available. Covered topics include the reopening of the MandrakeStore, the Business Case of the Week, and more.

Mandrake Linux Security tools. Security conscious Mandrake Linux users should keep an eye on Mandrake Security tools project. This package is designed to provide a generic secure level for Mandrake Linux users.

MontaVista Linux 2.1 is shipping. MontaVista Software, Inc has announced the release of version 2.1 of MontaVista Linux Professional Edition, a commercial embedded Linux distribution. "MontaVista Linux 2.1 focuses on cross-development capability, with tools hosted on 11 host environments, including Mandrake, Yellow Dog, SuSE, Red Hat, Solaris and VMWare on Windows NT/2000."

MontaVista Linux Professional Edition 2.1 also supports a range of IBM next-generation network processors including the NP4GS3 and the NPe405H and NPe405L family.

Red Hat Unveils Red Hat Linux 7.3. Here's Red Hat's press release on version 7.3 of the company's flagship distribution. See the new features page for a list of all the new goodies this time around.

Slackware Linux. Slackware Linux users were treated to another large set of changes to Slackware-current this week.

If you've had any problems with printing on Slackware you should check out this Slackware printing guide on UserLocal.com.

SuSE Ships SuSE Linux Enterprise Server 7 for 64-bit IBM eServer zSeries. SuSE has issued a press release announcing the new release of their distribution for the zSeries server line from IBM.

Minor Distribution updates

Astaro Security Linux. Astaro Corporation announced version 3 of its combined Astaro Security Linux firewall/ VPN/ anti-virus/content filtering security software. This complete software appliance also bundles a hardened Linux kernel.

GENDIST. GENDIST has released stable version 1.0.0 with minor feature enhancements.

Lunar-Linux. Lunar-Linux has a new ISO available for testing. This one, called Petro_h, is a release candidate.

NSA Security Enhanced Linux. NSA Security Enhanced Linux has released version 2002050211 with minor feature enhancements.

ROCK Linux. Have you been thinking about building a ROCK Linux cluster? Here is a helpful guide. There are new online documentation files available for BUILD, BUILD-CROSS and BUILD-CLUSTER. (Thanks to Stefan Koerner)

Sorcerer Linux. Sorcerer has a new Install/Rescue disk available. "Bugs in linux/POST_INSTALL keeping the image section from being properly written to /etc/lilo.conf during initial installation have been fixed. A new Install/Rescue Image is ready for download. I suggest downloading the much smaller 317 kilobyte xdelta patch and apply that to an unbzip2ed sorcerer-20020427.iso if you already have it."

Source Mage GNU/Linux. Source Mage GNU/Linux is the new name for that branch of Sorcerer GNU/Linux created by former SGL team members. The project has a new web address and the mailing lists have moved. What was once sorcerylinux.org is now sourcemage.org.

Virtual Linux. Virtual Linux has released v1.1 with major feature enhancements.

Distribution Reviews

A first look at Red Hat 7.3. Aschwin Marsman of aYniK Software Solutions has reviewed Red Hat Linux 7.3. "At 22:25 I chose to upgrade my existing RH 7.2 installation. I selected partition hde5 on my 80GB hard drive as the root file system, and selected to customize the packages to be upgraded. After that I got the possibility to upgrade ext2 partitions to ext3. I choose not to upgrade, because all RH 7.2 partitions are already ext3, and the other partitions are on other hard drives which are nominated to be cleaned."

Red Hat releases Linux 7.3 (News.com). News.com reports on the new Red Hat Linux 7.3 release. "Red Hat Linux version 7.3 adds to the company's current open-source operating system offerings with new features that include personal firewall configuration, and installation and video-conferencing software.

The new version also includes Web and telephone access to experts and the Red Hat Network--an automated Internet service for managing Red Hat Linux systems."

SOT Linux 2002 (Tucows). Tucows gave SOT Linux 2002 a 5 cow rating in this brief review. "Whether you're a desktop publisher, a 'Net junkie or a games fiend, SOT Linux 2002 Desktop has everything you'll need to make computer life easier."

What to do with that 'throw-away' Computer - or - OpenBSD rocks on low spec Pentiums! (Linux Orbit). Linux Orbit reviews OpenBSD on older Pentium hardware. "The machine is a classic Pentium 100 MHz with 24MB of RAM and two hard drives at 545MB and 130MB each. Not only is this machine extremely low spec, but it also has a Y2K bug which means I have to run it with a pre 2000 or post 2094 date. If it weren't for the fact that I was given this machine for free, it would probably be in a landfill somewhere. After deleting Windows 95 I decided it would be a perfect machine to try out the OpenBSD 2.9 ISO's which I had downloaded some months before (Since then OpenBSD 3.0 has been released and 3.1 is due 19th May, 2002)."

Section Editor: Rebecca Sobol


May 9, 2002

Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.

Distribution Lists:
LWN List
DistroWatch
ibiblio
Linux.com
LinuxLinks
LDP English-language GNU/Linux distributions on CD-ROM
Woven Goods

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Letters

See also: last week's Development page.

Development projects


News and Editorials

Samba 2.2.4 Released A new stable release of Samba has been announced. Samba allows a Unix-based machine to serve files and printers to Microsoft machines, it provides an inexpensive and reliable alternative to Microsoft-based servers. Version 2.2.4 is recommended for all production systems since it incorporates all of the current bug-fixes.

A few highlights of this release include:

  • Improved SPOOLSS printing for Windows NT/2k/XP clients.
  • Bug fixes relating to the serving of Access and FoxPro database files.
  • VFS layer improvements and the inclusion of a recycle bin vfs module.
  • A new tdbbackup tool for backing up and restoring Samba TDBs.
  • Scalability and stability improvements to winbind.
  • MS-DFS bug fixes.
  • Fixes for the Rpcclient's printer commands.
See the announcement for a detailed list of all of the changes.

Source code and binary packages for Samba 2.2.4 may be downloaded here. Congratulations go to the Samba team for moving this important project ahead. (Thanks to Gerald Carter)

Electronics

Icarus Verilog snapshot for April 6, 2002. A new version of the Icarus Verilog electronics simulation language compiler is available. The release notes detail all of the changes.

Embedded Systems

WANDER: a Portable Linux Data-Collection System (Linux Devices). Linux Devices features an article on the WANDER portable linux-based data collection system. "We wanted to allow the user (typically a scientist doing environmental field research) to install a variety of sensors and configure the system accordingly -- a somewhat nontrivial problem, as we can't very well anticipate every arcane serial protocol or sensor characteristic that might be encountered."

Device Profile: Cyclades TS100 'device server' (LinuxDevices.com). LinuxDevices has posted a review of the Linux-based Cyclades-TS100. "The TS100 is a powerful yet highly compact device server which is used to connect various serial devices to a TCP/IP network."

Embedded Linux Newsletter for May 2, 2002 (LinuxDevices.com). The LinuxDevices.com Embedded Linux Newsletter is available with all of the latest news and info from the world of Embedded Linux and Linux-based gadgets.

Libraries

A C++ Socket Library for Linux (Dr. Dobb's). Jason But introduces his SocketCC C++ socket library on Dr. Dobb's. "I wrote SocketCC, the C++ class library I present here, which supports both IPv4 and IPv6 network communications using both TCP- and UDP-style sockets. SocketCC is not a comprehensive sockets library, nor is it necessarily suitable for all types of applications. However, it is both class based and open source, so you should be able to work around any deficiencies by inheriting classes or rewriting the base class. "

Network Management

Guarddog Firewall 2.0 Almost Ready For Release. Guarddog Firewall is in need of testing. Guarddog is an easy to use, yet powerful, firewall for Linux machines running KDE 2 or 3.

Printing Software

LPRng 3.8.12 released. Version 3.8.12 of the LPRng print spooling system is available. The CHANGES in this release are fairly minor, involving a patch for Tcp wrappers.

Web-site Development

Zope Members News. The Zope Members News features articles on the Fle3 tools for Collaborative Knowledge Building, the Wing IDE version 1.1.4, BlogFace 1.0, the Emil 0.6.0 Email Client, and more.

Web Services

ActiveState Releases Module for Searching Google (usePerl). UsePerl reports on a new web service that allows Google's search engine to be accessed through SOAP. Perl and Python modules are provided.

Wrapping Web Service APIs (O'Reilly). Stephen Figgins explores the PyGoogle interface to Google on O'Reilly's onLamp site. "There are many approaches to writing XML based web services: SOAP, XML-RPC, REST. If all you want to do is use a service, and there is a Python wrapper for it, you might not care what it was written in. Mark Pilgrim's has wrapped the Google SOAP API. Load up his PyGoogle module and google away. The wrapper takes care of the SOAP for you."


May 9, 2002


Application Links
GIMP
Mozilla
Galeon
High Availability
ht://Dig
mnoGoSearch
MagicPoint
Wine
Worldforge
Zope

Open Source Code Collections
Berlios
Freshmeat
OpenSourceDirectory
Savannah
Le Serveur Libre
SourceForge
Sweetcode

   

 

Desktop Development


Audio Applications

Winamp glitch may benefit open source (CNET News.com). Here's an article all about Ogg Vorbis. "A recently disclosed vulnerability in an old version of the popular Winamp media player could provide a boost for the royalty-free alternative to the MP3 format known as Ogg Vorbis."

Rosegarden 4 version 0.1.5. Rosegarden 4 version 0.1.5 has been announced. "The Rosegarden development team would like to announce the release of Rosegarden-4 v0.1.5 - a sequencer and music notation editor for KDE2 now with KDE3 and ALSA 0.9 support.

This is an alpha, development release and while not yet suitable for end-users it has some interesting features and is certainly usable for composition, MIDI playback and recording."

Desktop Environments

GNOME Summary - April 23 - 28, 2002. The GNOME Summary for April 23 - 28 covers the GNOME 2 release, preferences/control panel reorganization, easy bugs to fix, Ximian setup tools, Glade, the frontier extends, AbiWord works in Evolution, and much more.

GNOME Summary for 29 April to 4 May, 2002 AC. Here's the GNOME Summary for April 29 - May 4, 2002. This issue covers a need for GNOME2 maintainers, the world's coolest archiver, a new release of Overflow, and much more.

GARNOME Preview Six (Gnotices). A new version of GARNOME is out. "If you're dying to try the GNOME 2.0 Desktop, but don't want to fall into the depraved addictions and co-dependencies of testing from anonymous CVS, then GARNOME is for you."

Games

Announcing the Crystal Space Contest. The developers of Crystal Space, an Open Source 3D Engine, have announced a contest that involves writing a game, demo, or useful tool for Crystal Space using the Crystal Space framework. Prizes totaling $950 will be awarded to three winners.

The Chopping Block. The May, 2002 edition of the Chopping Block has been published at World Forge games. This edition contains a number of meeting summaries and a bonus fictional piece.

PyDDR 0.4.5 (Pygame). The Pygame site lists a new version of PyDDR. "PyDDR is a clone of 'Dance Dance Revolution'. Dance with your body (or your fingers) and try to keep the beat. The better you do, the higher you score. There is full support for floor pads, so you can dance dance the night away."

GUI Packages

FLTK 1.1.0rc1 released. Version 1.1.0rc1 of FLTK, the fast, light toolkit has been announced. Changes include a long list of bug fixes and improvements.

Interoperability

Kernel Cousin Wine. Issue #121 of Kernel Cousin Wine covers the ALSA driver, Winsock 2 patches, tests, Wineinstall bumps, Euro support, the IE Favorites Menu, problems with CDROMs, and the XIM internationalization patch.

Office Applications

Kernel Cousin GNUe #27. Issue #27 Of Kernel Cousin GNUe features a discussion of links between GNUe and DotGNU as well as many more GNU Enterprise development issues.

AbiWord Weekly News #90. Issue #90 of the AbiWord Weekly News covers new additions and bug fixes for the AbiWord word processor project.

Miscellaneous

GnuPG version 1.0.7 released. Version 1.0.7 of the Gnu Privacy Guard (GnuPG), the open replacement for PGP has been released. This version features a large number of changes and improvements.

 
Desktop Environments
GNOME
GNUstep
KDE
XFce
XFree86

Window Managers
Afterstep
Enlightenment
FVMW2
IceWM
Sawfish
WindowMaker

Widget Sets
GTK+
Qt
   

 

Languages and Tools


Caml

Caml Weekly News. the May 7, 2002 edition looks at Functional Unparsing, high end type theory, and a problem with input_line.

Lisp

Steel Bank Common Lisp 0.7.3 released. Version 0.7.3 of Steel Bank Common Lisp has been announced. It features support for more platforms, bug fixes, improved documentation, and more.

Vendor Neutral cCLan. A new vendor-neutral comprehensive Common Lisp archive network has been announced. "cCLan (comprehensive Common Lisp archive network) is a Lisp software distribution project much like CTAN for (La)TeX and CPAN for Perl. Its goal is to enable users to issue a single command for downloading, compiling and installing a module or application and all the libraries it depends on."

OpenMCL 0.11 released. Version 0.11 of OpenMCL has been released. "OpenMCL is an open-source Common Lisp implementation derived from Macintosh Common Lisp by Digitool. It runs under LinuxPPC and Darwin/MacOS X."

Perl

The Parrot Answers (use Perl). Parrot Pumpking Dan Sugalski answers a bunch of questions about Parrot, the Perl 6 compiler. Some of the questions concern supported platforms, other language support, mod_perl support, performance issues, timelines, and more.

May Issue of The Perl Review (ThePerlReview.com). The latest Perl Review for May is available in PDF form. Articles in this issue:

  • Extreme Publishing: Change Happens -- Brian dFoy
  • Cooking Perl with flex -- Alberto Manuel Sim
  • Parroty Bits: Bit 1, The Parrot Vooms! -- Dan Sugalski
  • Finding Perl Modules -- Brian dFoy

PHP

PHP Weekly Summary for May 6, 2002. The May 6 PHP Weekly Summary looks at the PHP 4.3.0 release plan, PHP 4.2.1 RC 1, the cryptopp and Xdebug extensions, interfaces, string types, and a URL Rewriter.

Python

The Daily Python-URL. This week's entries on the Daily Python-URL include the Python Pattern, fun with generators, ZUBB, embedding Python in ArcView, online polls with Zope, handling units with Unum, and more.

Pyro 2.7 released. Version 2.7 of Pyro (PYthon for Remote Objects) has been announced. "Pyro offers you a Name Server, an Event Service, mobile objects, remote exceptions, dynamic proxies, remote attribute access, automatic reconnection, a detailed manual, and many examples to get you started right away."

Ruby

The Ruby Garden. This week, the Ruby Garden covers ruby_run exiting issues, quotes and hash keys, class/module names and constants, require, and type checks.

The Ruby Weekly News. The May 5, 2002 Ruby Weekly News looks at Ruby/Google 0.4.0, Practical Ruby 0.2.2, RHDL 0.1.0, an RAA wrapper client, and more.

XML

Splitting and Manipulating Strings (O'Reilly). Bob DuCharme shows how to deal with strings with XSLT and XML. "XSLT is a language for manipulating XML documents, and XML documents are text. When you're manipulating text, functions for searching strings and pulling out substrings are indispensable for rearranging documents to create new documents. The XPath string functions incorporated by XSLT give you a lot of power when you're manipulating element character data, attribute values, and any other strings of text that your stylesheet can access."

Debuggers

GNUstep Weekly Editorial. The May 3, 2002 GNUstep Weekly Editorial covers the latest developments on the GNUstep debugger project.

Software Testing

OProfile 0.2 released. Version 0.2 of the OProfile code profiler has been announced. "OProfile is still in alpha, but has been proven stable for many users."

Section Editor: Forrest Cook

 
Language Links
Caml
Caml Hump
Tiny COBOL
Erlang
g95 Fortran
Gnu Compiler Collection (GCC)
Gnu Compiler for the Java Language (GCJ)
Guile
Haskell
IBM Java Zone
Jython
Free the X3J Thirteen (Lisp)
Use Perl
O'Reilly's perl.com
Dr. Dobbs' Perl
PHP
PHP Weekly Summary
Daily Python-URL
Python.org
Python.faqts
Python Eggs
Ruby
Ruby Garden
MIT Scheme
Schemers
Squeak
Smalltalk
Why Smalltalk
Tcl Developer Xchange
Tcl-tk.net
O'Reilly's XML.com
Regular Expressions
   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Letters

See also: last week's Commerce page.

Linux and Business


Red Hat Launches New Channels to Support Education. Red Hat has announced the launch of two new educational channels on Red Hat Network, the Educational Channel, and the K-12 Linux Terminal Server Project Channel.

Red Hat Launches Red Hat Linux Education Program. Red Hat, Inc. announced its K-12 Red Hat Linux Pilot Program. Schools participating in the initiative will be provided with Red Hat software and services at no cost. Red Hat will assess the current and future computing needs of each school and then install the appropriate open source software and programs. Each school is providing its own hardware and has agreed to meet the minimum requirements set by Red Hat.

EUCD status Wiki established. The European Union Copyright Directive is Europe's attempt to inflict the joys of the DMCA upon itself. Needless to say, a few people are beginning to be a little concerned about this possibility. In an attempt to begin coordinating an anti-EUCD response, the Association Electronique Libre has put up a Wiki page for the tracking EUCD implementation legislation in each of the EU member countries. Those who are tracking EUCD are encouraged to help update the information there and keep it current. (See also: this page on the FSF Europe site on why the EUCD is a problem).

FreeGIS CD 1.2.0 released. The Intevation GmbH has released FreeGIS-CD 1.2.0 for GNU/Linux-Systems.

Wing IDE for Python version 1.1.4. Version 1.1.4 of the commercial Wing IDE for Python has been released.

HP to help port openMosix to the IA-64. The openMosix project has announced that HP will help support a port of the openMosix clustering platform to the IA-64 processor.

The New HP is Ready. Here's a press release discussing HP's plans following its merger with Compaq Computer Corp. There are some Linux servers in HP's future.

Caldera Global Services Honored Again. Caldera International, Inc. announced that Caldera TEAM Support for Linux won Network Computing's Annual Well-Connected Award for Linux Support Service and was named the overall category winner in Network Computing's Annual Well-Connected Service Providers and Outsourcing Award Category.

New wireless networks book from O'Reilly. O'Reilly has announced the release of 802.11 Wireless Networks: The Definitive Guide by Matthew S. Gast. "Since network monitoring is essential to any serious network administrator, and commercial packet sniffers for wireless applications are scarce and expensive, the book shows how to create a wireless packet sniffer from a Linux system and open source software."

Linux Buyer's Guide Launches. SSC Publications, publisher of the monthly magazine Linux Journal, announced the launch of the on-line Linux Buyer's Guide.

Linux Stock Index for May 03 to May 08, 2002.
LSI at closing on May 03, 2002 ... 23.20
LSI at closing on May 08, 2002 ... 25.13

The high for the week was 25.13
The low for the week was 19.65

Press Releases:

Open Source Products

Distributions and Bundled Products

Proprietary Products for Linux

Embedded Linux Products

Products and Services Using Linux

Products With Linux Versions

Linux At Work

Java Products

Books & Documentation

Financial Results

Other

Section Editor: Rebecca Sobol.


May 9, 2002

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Letters

See also: last week's Linux in the news page.

Linux in the news


Recommended Reading

MS in Peruvian open-source nightmare (The Register). The Register reports on Microsoft's efforts to derail the Peruvian government's migration to open source software. "Apparently, the Peruvian government is considering a bill mandating open-source software for all public bureaux. From the congressman's letter, we gather that MS had circulated a FUD communiqué calculated to frighten world + dog with images of collapsing domestic software markets, spiraling costs and systems migration nightmares."

Linux operating system comes of age (Arab News). For a different perspective, here's an introductory article in Arab News. "Linux is no longer the OS of university computer labs. For the Kingdom, the Middle East and the developing world, Linux is the OS of the future."

Open-Source Software Opens New Windows to Third-World (Linux Journal). Linux Journal looks at the use of open source software in the third-world. "'Don't be surprised if we become the first country in the world to say that all (government-run) services are going to be GNU/Linux based,' [Pakistan Ministry of Science and Technology advisor Salman] Ansari says enthusiastically."

The Challenge That Is Linux (TechWeb). TechWeb looks into the details behind growth in the Linux server sector. "The number of Linux servers at U.S. companies is growing quickly, faster than Windows servers and Unix licenses, which have become a smaller percentage of the overall server market. Sure, Linux's growth is from a smaller installed base than that of older operating systems. But where's it coming from?"

StarOffice to eat MS share (probably) (Register). The Register has published a ComputerWire article about potential gains in market share by the Star Office office suite. "Technology analysts at Gartner Group predict that Sun has a 'slightly better than 50:50 chance' to win a 10% slice of business away from Microsoft, as organizations start to count the cost of licensing changes being brought about with the introduction on August 1 of Microsoft's new Software Assurance renewable subscription scheme."

University systems a haven for hackers (News.com). This News.com article looks at a talk given by David Dittrich at the CanSecWest security conference. " At the University of Washington, for example, Dittrich, two other security engineers and several network engineers have to deal with network outages, compromised computers, rogue libraries of pirated media and software, and students who can't get online to get their homework done because of all of the illicit traffic."

Study: Music Swappers Buy More (Reuters). Just as the availability of cheap video recording equipment failed to bring down the movie industry, Reuters reports that file sharing services are actually helping to sell commercial CDs. "Internet users who download songs for free from unauthorized "peer to peer" services are more likely to increase their music purchases than regular Internet users, according to a report released Friday." (Thanks to Michael Walma.)

Silent Mayday (Linux Journal). Here's a story from Linux Journal about the Copyright Arbitration and Royalty Panel. "The top internet radio stations are running a day of silence to warn listeners--and everybody else who cares about the Net--about what will happen if CARP rules go into effect later this month."

Community-Based Recording Studios: A Look into the Future (Linux Journal). Linux Journal writes about building free recording studios. "This broadens the base of our precious Public Domain and, at the same time, offers musicians and artists an alternative professional track to the monopolized track offered by the RIAA."

Companies

Capellas: New HP ready to prove itself (News.com). News.com looks at the new HP (after the merger with Compaq). "The new HP in many ways will resemble the old Compaq. The company's strategy will largely revolve around aligning itself with technology giants such as Microsoft and Intel and large consulting firms to deliver products that will be cheaper than those from companies such as IBM and Sun Microsystems, which tout their own internal developments."

Don Capellas articulates HPaq's vision thing (Register). Here is the Register's take on the HP/Compaq merger. "But there was nothing about an R&D strategy for software, and no claim to wrestle the middle ground from the web services war going on between Microsoft, IBM and Sun. This is where you might expect an HP to come out as heroic peacemaker, but Capellas doesn't seem to have a vision for software at all. He doesn't have the will to compete. It's all going to be commoditized, so fuggedaboutit. From which we surmise: if you work for Bluestone, get your CVs over to systems management and storage toot-sweet."

The week in review: HP clears the way (News.com). News.com reports that Walter Hewlett's suit over the HP-Compaq merger has been dismissed by a Delaware judge. "Just hours after the judge revealed his decision, Hewlett abandoned his challenge to the merger, saying he would not further contest the outcome of the shareholder vote. Hewlett said that although he disagreed with the merits of the deal, he said he would now 'do everything possible to support the successful implementation of HP's acquisition of Compaq and encourage others who have shared my views in the past several months to do the same.'" The merger is back on track.

IBM pushes the Penguin harder (IT-Director). IT-Director covers the resources that IBM has available for Linux developers. "The investment program is continuing with a newly announced service, which is being pushed with the slogan "Speed Start your Linux app". It is a free service that it hopes will assist developers to become more proficient in developing Linux applications and will encourage them to use IBM software products."

IBM servers: Who needs humans? (CNET News.com). IBM is selling software that monitors, detects, and repairs problems with IBM servers. The Dallas Morning News has also posted a story about this software.

Open-Source Debate: Today Linux, Tomorrow Solaris? (TechWeb). Tech Web looks at opinions from open-source proponents inside of Sun Microsystems. "Rob Gingell, Sun's chief technologist for software systems, wants the vendor to take an even bolder step into the world of open-source software, in which users can freely access programs and change their basic instructions. 'I keep saying, personally, that I want to go open source on Solaris,' Gingell says. 'I eventually will prevail.'"

Exec exodus continues at Sun (News.com). News.com looks into changes at Sun Microsystems. "Several other executives have recently announced plans to leave the company, raising concerns on Wall Street about the future strength of Sun's leadership ranks."

Linux man latest to go in Sun's Exec shuffle (IT-Director). IT-Director chimes in on the changes at Sun. " Stephen DeWitt, Sun Microsystem's Vice-President for Content Delivery and Edge computing is the fifth Sun Exec to leave in less than a month. The company was slow to recognise Linux but DeWitt's history as President of Cobalt, Sun's edge device, made him a key player in the company's Linux strategy. Add this to an Exec weakened by four other departures and losses in the latest quarter's results, and the future looks unsure for Sun."

Sun Cobalt Linux servers ready to roll (ZDNet). Sun Cobalt is preparing a major addition to its line of Linux-based server appliances this month, according to this ZDNet article. "Rumors of the new server appliances--the first major launch under the Cobalt brand since Sun acquired the company in autumn 2000--have been circulating for several months. The company has still not released more details, but according to sources, is planning at least one dual-processor box, possibly called the Cobalt Raq550."

Business

Vendors Buying Into Linux (TechWeb). TechWeb looks at Linux's steady march into new areas of corporate IT, which they say is making the operating system harder for hardware and software vendors to ignore. "Shifting engineering costs from maintaining hefty operating system code bases to building new applications could ultimately spur innovation, some technologists say."

Takin' Care of Business (Dr. Dobb's). Ed Nisley writes about the business side of embedded software development on Dr. Dobb's. "Despite the firm opinions of some now-departed companies, you can't earn a living by giving away free software. You must actually sell something of value to customers while giving away the software, otherwise your business won't clear the gantry. While this may be obvious now, it was derided as old-think just a year or two ago."

A business case for open source (News.com). News.com presents a good case for using open source software. " Open source is here to stay. It's a valuable tool, and you should learn how to use it. You can be sure that your competitors will."

Open For Business (TechWeb). TechWeb looks at the adoption of Linux in a somewhat negative light. "Yet in the corporate market, Linux still faces something of a technological glass ceiling. While the Energy Department is willing to pay Hewlett-Packard $24.5 million to complete the Linux supercomputer, most business-technology managers don't yet trust the operating system with their most vital applications and data. Studham, a former IBM computer scientist, says he understands their reluctance. 'National labs are some of the early adopters of any technology,' he says. 'If I were [a corporate] IT manager this year, I'd still be experimenting on Linux.'"

Reviews

Device Profile: hippo Internet Phone (LinuxDevices). LinuxDevices.com looks at the hippo Internet Phone. "[hippo CTO Ritha] Pai says hippo's software developers started out with downloaded 'community' PowerPC Linux sources, but decided to move to MontaVista Software's Hard Hat Linux in order to avoid the need to deal with library mismatches and other issues associated with not starting from a prequalified Embedded Linux distribution."

Real-time Linux sub-kernels, benchmarks, and . . . contention (LinuxDevices). In part three of an Embedded Linux Journal series of articles by Kevin Dankwardt on Real-time Linux, Dankwardt reviewed the sub-kernel approach as used in RTLinux and RTAI and provided some benchmark numbers.

GNU/Linux DVD Player Review (Linux Journal). Linux Journal reviews a number of DVD playback applications for GNU/Linux. "Playing DVDs under GNU/Linux has not had the happiest of histories, what with the DeCSS debacle and subsequent legal battle. So you'd be forgiven for thinking that you will never be able to play your DVDs on your GNU/Linux system. Luckily, this is not the case, and there are several applications available for you to download and use."

George Jetson Would Be Proud (TechWeb). TechWeb investigates the Evolution Robotics Software Platform, which runs on Linux. "Much like a PC operating system, Evolution's platform contains the basic system that controls a robot, as well as lots of smaller components and drivers to operate voice recognition or control a particular tool, for example." The platform is based on licensed software.

Caldera Volution Messaging Server: A Product Review (Linux Journal). Linux Journal reviews Caldera's Volution Messaging Server (VMS), which should not be confused with DIGITAL's VMS operating system.

Transgaming WineX 2.0 Review (LinuxLookup). LinuxLookup reviews TransGaming's Wine implementation called WineX. "There was one game in particular that I was interested in running on Linux; Diablo II happens to be my son's favorite hack-and-slay game, so that was first."

Sun's OpenOffice open for business (News.com). News.com covers the release of OpenOffice 1.0. "OpenOffice is based on the same StarOffice code but does not include a database product, a dictionary or technical support from Sun."

OpenOffice suite goes 1.0 (Register). The Register devotes a few words to the recent 1.0 release of OpenOffice.org. "So StarOffice is for businesses and consumers who either want to deal with proper companies and/or don't know or care what open source is, while OpenOffice is undiluted revolution, for people who choke on expressions such as "Sun quality and assurance testing." Or something. The twin-track approach makes some sense in that many (most?) businesses can't deal with software they don't have to pay for, so even if the tab is fairly small the existence of the software in this packaging actually improves its chances of getting adopted in business and bundled with new computers, for sale to the Great Unconverted."

Resources

Linux Multimedia (Linux Journal). Here's a survey of some Linux multimedia tools from the Linux Journal. "Xine could do it, but due to legal restrictions, the makers of Xine are not willing to do it, which seems to make the use of any open-source DVD player in Linux very limited... The last options are the initiatives to provide a plugin for open-source software like Xine. As mentioned before, the big problem with this option is that it's illegal."

Robocode Rumble - Java-Battle-Bot league has been launched. Robocode is a game that teaches you Java on Linux while you build killer Java-Battle-Bots that fight each other to the death in an arena. The newest Robocode league in town, Robocode Rumble has just been launched. It's a joint effort by alphaWorks and developerWorks. If you're just getting started with Robocode, don't miss Rock 'em, sock 'em Robocode! An excellent hands-on starter. In addition Secrets from the Robocode masters, a collection of tips from the experts, presents more advanced techniques and strategies to help destroy all and be the Java-Battle-Bot King.

'First-of-a-kind' Robot Developer Kit supports Linux and open APIs (LinuxDevices.com). Build your own robot after reading this fun article. "Evolution Robotics, Inc. today began shipping its Robot Developer Kit (RDK), an 'industrial strength' kit which includes hardware and software tools to help developers and manufacturers create autonomous personal robots for the home and workplace. The kit's native programming environment is C++ and requires a GCC compiler, and it supports the use of Linux for both the development system and target system OS platforms."

The UML Sysadmin Disaster of the Month is back. User Mode Linux has announced the return of the Sysadmin Disaster of the Month, a monthly feature in which they create a system administration disaster with a User-mode Linux virtual machine and you get to fix it. May's catastrophe is a filesystem that won't boot for some reason.

Interviews

Ian Clarke's peer-to-peer debate (News.com). News.com interviews Freenet creator Ian Clarke. "When I was first dreaming up Freenet, I never thought a software engineer would be jailed for writing a piece of software that let people read PDF documents. I never thought the Digital Millennium Copyright Act would be enforced in the way that it is." (Thanks to Kyle Roberson)

The Future of E-Business (Business Week). Business Week interviews Stanford University law professor Lawrence Lessig, who discusses corporate influence and the Internet. "Think about other platforms in our lives, like the highway system. Imagine if General Motors could build the highway system such that GM trucks ran better on it than Ford trucks. Or think about the electrical grid. Imagine if a Sony TV worked better on it than a Panasonic TV. The highway and electricity grids are all neutral platforms -- a common standard that everyone builds on top of. That's an extraordinarily important feature for networks to have." (Thanks to Kyle Roberson.)

Miscellaneous

MS' MIT prof witness gets toasted over KDE, GNOME (The Register). The Register has a fun report on some transcripts from today's reports of the latest day in court. "Some reports today suggest that Microsoft witness Stuart E Madnick, a computer science professor at MIT, might have made desperate claims in court that KDE and GNOME were operating systems."

SchoolForge advocates use of Open Source software when donating to schools. The SchoolForge group has an announcement countering Microsoft's policy of requiring proper licensing information on computers donated to schools. Use open source software, and skip the hassles.

Penguins invade the North Pole! (Linux Devices). Linux Devices examines a NOAA weather station and web cam that is located on the North Pole. The station uses a Linux based camera from StarDot Technologies.

Open-source . . . shoes? (Red Herring). Can the Open Source concept be used to create great shoes? Red Herring looks at a company who is trying. "The open-source movement may have but a modest foothold in the software world, but one unlikely company has taken the concept to the next step. John Fluevog, a shoe company in Vancouver, British Columbia, is encouraging people not to tweak source code, but to come up with innovative shoe designs and use the Web to place them in the public domain. The winning designs--picked by John Fluevog and by a vote on the Web site--will be manufactured and sold." (Thanks to Michael J. Hammel)

Section Editor: Forrest Cook


May 9, 2002

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Letters

See also: last week's Announcements page.

Announcements


Resources

To be a Master, get certified in Linux and Unix (NewsForge). This NewsForge author advocates Caldera's certification offering. "The Master ACE is important for IT professionals because now they can show expertise both in Unix and Linux, according to Caldera. It makes sense because Caldera is a Unix company just as much as it is a Linux company. And with other businesses like Sun hinting at more integration between their Unix offerings and Linux, forward-thinking sysadmins will see the benefit of getting "legit" with a Master ACE certification."

Prepare for the Linux Professional Institute's 102 exam (IBM developerWorks). IBM's developerWorks has announced a new tutorial to help you prepare for the Linux Professional Institute's 102 exam.

Job postings on Linux Step by Step. Linux StepByStep has announced the availability of an RSS feed for their job posting site.

Linux StepByStep summary for April. Here's a look at what's been happening at Linux StepByStep during the past month. There is now a RSS/RDF feed among other new things..

New Metal and Fog tutorials for the Gimp. New tutorials that describe the use of Fog and Metal effects have been added to the Gimp tutorials collection.

Events

Linuxwochen in Austria. Linuxwochen is a series of road show events that will be held throughout Austria from May 11 to June 30, 2002. (Thanks to August Hörandl.)

Monta Vista High Availability Seminars. Monta Vista will be presenting a series of seminars on building high availability solutions with Linux. The North American series will be held in California, Texas, North Carolina, and Boston. The European series will be held in Helsinki, Stockholm, Stuttgart, Reading, Milan, and Paris. The series will be held during May, 2002.

Damian Conway in Toronto (use Perl). Perl luminary Damian Conway will deliver three talks and four days of corporate training in Toronto, Canada from July 5 through 12, 2002.

Slashdot's Robin Miller is keynote speaker for the CTS show in Orlando. LWN received a note from Steve Litt of the Linux Enthusiasts and Professionals (a Florida LUG) with the news that Robin Miller will speak at the CTS show in Orlando on May 15, 2002, from 10:30am to 11:30am. The title of his talk is "Building Profitable Web Sites With Free Software".

Sun's Scott McNealy and Google's Sergey Brin to give linuxWorld SF Keynote. Here's a press release from IDG World Expo about the keynote speakers at LinuxWorld, coming to San Francisco next August.

Linux.conf.au 2003 | Call For Papers. Linux.conf.au has announced the call for papers for the 2003 conference, which will be held in Perth, Western Australia at the Crawley campus of The University of Western Australia, next to the Swan River.

LinuxTag: German Government Maintains their own Congress Track. The German Ministery of Interior will maintain their own track of talks about "Free Software in governmental agencies" at LinuxTag. This track will be part of the business congress, which aims at professionals in the IT business and governmental workers. The business congress is a one-day conference, hosted at LinuxTag, which will take place at June 6, 2002.

Debconf update. Here is some clarification on what to expect at Debconf2. "Debconf is not an expo or booth-based conference like Comdex or even ALS. Debconf is based around talks, demos and discussions, and will be highly technical in nature. Its target audience is Debian developers, though technical Debian users are welcome to attend as well." Debconf 2 will be held at York University in Toronto, Ontario, Canada, from July 5 - 7, 2002.

Real-Time Linux Workshop 2002. The next Real-Time Linux Workshop has been scheduled for December 6 and 7, in Boston. The Call For Papers has gone out; abstracts should be in by the beginning of July.

Mark your calendars - DEFCON 10. The announcement has gone out: DEFCON 10, "largest hacker convention on the planet," will be held August 2 to 4 in Las Vegas.

UKUUG Linux Developers' Conference. Once again the UK Unix Users Group will hold its annual Linux Developers' conference, July 4 - 7, 2002 in Bristol. It looks like an interesting lineup with Marcelo Tosatti speaking on "The Linux Kernel" and Marcus Brinkmann on "The Hurd", and lots more.

INET 2002 Program Unites Array of Internet Visionaries. A number of Internet Visionaries will speak at the INET 2002 conference, which will be held from June 18-21, 2002 in Arlington, Virginia. "Featured speakers include famed science-fiction writer Arthur C. Clarke, Google CEO Eric Schmidt, Former FCC Chairman Reed Hundt, and Stanford Professor and The Future of Ideas author, Larry Lessig."

CD 2002 Call For Participation. A call for participation has been issued for the First International IFIP/ACM Working Conference on Component Deployment, to be held in Berlin, Germany on June 20-21, 2002.

Smalltalk Solutions 2002 conference review. John McIntosh has published his review of the Smalltalk Solutions 2002 conference.

Events: May 8 - July 3, 2002.
Date Event Location
May 9 - 10, 2002NetWorld+InteropLas Vegas
May 13 - 16, 2002O'Reilly Emerging Technology ConferenceSanta Clara, CA., USA
May 13, 2002Bruce Perens on Open Source Business ModelsCanadian Film Centre in Toronto
May 18 - 22, 2002The 13th Annual Borland Conference(BorCon)(Anaheim Convention Center)Anaheim, CA
May 19 - 24, 2002XML Europe 2002 Conference & Exposition(Princesa Sofia Inter Continental)Barcelona, Spain
May 25 - 26, 2002Magdeburger Linuxtag 2002(Building 22 (W) University of Magdeburg)Magdeburg, GERMANY
May 27, 2002Linux@workCopenhagen
May 28, 2002Linux@workOslo
May 29, 2002Linux@workStockholm
May 29 - 30, 2002Linux ExpoBirmingham, UK
May 30, 2002Linux@workHelsinki
June 3 - 6, 2002Embedded Systems Conference - Chicago(Donald E. Stephens Convention Center)Rosemont, IL
June 4, 2002Linux@workParis
June 5, 2002Linux@workBrussels
June 6, 2002Linux@workAmsterdam
June 6 - 9, 2002LinuxTag 2002(Exhibition Center)Karlsruhe, Germany
June 9 - 14, 20022002 USENIX Annual Technical ConferenceMonterey, CA
June 11, 2002Linux@workFrankfurt
June 12, 2002Linux@workZurich
June 12 - 14, 2002JabberConf Europe 2002Munich, Germany
June 13, 2002Linux@workMilan
June 18 - 21, 2002INET 2002(Crystal Gateway Marriott)Arlington, VA
June 20 - 21, 2002First International IFIP/ACM Working Conference on Component Deployment(CD 2002)Berlin, Germany
June 26 - 28, 2002Embedded Systems Expo & Conference in Tokyo(ESEC)(International Exhibition Center)Tokyo, Japan
June 26 - 28, 2002Yet Another Perl Conference(YAPC 2002)(Washington University)Saint Louis, Missouri
June 26 - 28, 2002European Python and Zope Conference(EuroPython 2002)(Charleroi Espace Meeting Européen)Charleroi, Belgium
June 26 - 29, 2002Ottawa Linux Symposium(OLS)Ottawa, Canada
June 27 - 28, 2002European Tcl/Tk User Meeting(Siemens Trainings Center)Munich, Germany

Additional events can be found in the LWN Event Calendar. Event submissions should be sent to lwn@lwn.net in a plain text format.

Web sites

Sound & MIDI Software For Linux updated. Dave Philips has reorganized his Sound & MIDI Software For Linux page, which has been mostly idle for a few months.

KDE Events. A new web site known as KDE Events will contain current information on KDE conferences, talks, and meetings.

Miscellaneous

Section Editor: Forrest Cook.


May 9, 2002

   

 

Software Announcements


Here are this week's Freshmeat software announcements. Freshmeat now offers the announcements sorted in two different ways:

The Alphabetical List and Sorted by license

 

Our software announcements are provided courtesy of FreshMeat

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Letters

See also: last week's Letters page.

Letters to the editor


Letters to the editor should be sent to letters@lwn.net. Preference will be given to letters which are short, to the point, and well written. If you want your email address "anti-spammed" in some way please be sure to let us know. We do not have a policy against anonymous letters, but we will be reluctant to include them.

May 9, 2002

   
From:	 Leon Brooks <leon@cyberknights.com.au>
To:	 Linux Weekly News - Letters <letters@lwn.net>
Subject: Is free enough?
Date:	 Thu, 2 May 2002 19:15:56 +0800

On last week's LWN front page, Jonathan wrote:
> Is it not enough that the resulting software be free?

No.

It must also be libéré, befreit, liberato, and so on; the word `free' is a 
near-perfect illustration of the ability of commerce to drag down a language. 
BSD is almost entirely unencumbered, but it is not libéré, only at large. 
Unfortunately, the only reasonably free populations on the planet are that 
rapidly dwindling number who are prepared to insist on their freedom.

The FSF should not have a monopoly any more than Larry Ellison or Bill Gates, 
but should not be dismissed, either. The GPL does have the extremely useful 
property of insisting that any enhancements to software are available for all 
to criticise and/or benefit from.

It is proper for the FSF to claim as much of the pie as it can for its cause, 
and proper for representatives of other licencing schemes to lobby for their 
own points of view. You can bet the colectivo norteamericano will be lobbying 
for all its worth. How about you? What are you doing about this windfall?

Cheers; Leon
   
From:	 dm@chrononaut.org (David Moles)
To:	 letters@lwn.net
Subject: Subsidizing the development of non-free software
Date:	 Thu,  2 May 2002 10:13:55 -0700 (PDT)

In regard to FSF Europe's suggestion that copylefted free software
be given preferential funding treatment over non-copylefted free
software in the EU's "Sixth Framework Program", LWN writes:

> LWN has often pointed out the benefits of the GPL. But this sort
> of attempt to create governmental preferences for a specific
> software license could well be self-defeating. Reasonable
> people - all of whom support free software - can and often do
> disagree over software licenses. This recommendation looks like
> an attempt by one group to grab preferential treatment over the
> others. Is it not enough that the resulting software be free?

The free software and open source communities should not let
political, personal, and "religious" issues cloud discussion of
these questions. If you write software, I support your right to
release it under the license of your choice. But this is not a
simple matter of disagreement over software licenses among
reasonable people.

Let me put the question another way: Is it acceptable for private
interests to take free software developed with the public's money
and make it into software that is not available to the public?

This is the question the EU needs to think through. Some people
would say it is. Some people (Microsoft, for one) have gone even
farther and say it's not only acceptable, but desirable.

Personally, I would prefer not to see my tax dollars subsidizing
the development of non-free software. And, make no mistake, that
is what you are doing when you fund the production of
non-copylefted free software.

Is it enough for version 1.0 of the resulting software to be free,
if subsequent versions are not?

-- David Moles

-----------------------------------------------------------------
"There has grown up in the minds of certain groups in this
country the notion that because a man or a corporation has made a
profit out of the public for a number of years, the government
and the courts are charged with the duty of guaranteeing such
profit in the future, even in the face of changing circumstances
and contrary public interest."

                           -- Robert Heinlein, "Life-Line" (1939)
   
From:	 Mike Howard <mike@clove.com>
To:	 lwn@lwn.net
Subject: Necessity of Copyleft
Date:	 Thu, 02 May 2002 09:43:37 -0400


LWN says:
> LWN has often pointed out the benefits of the GPL. But this sort of
> attempt to create governmental preferences for a
> specific software license could well be self-defeating. Reasonable
> people - all of whom support free software - can and often do disagree
> over software licenses. This recommendation looks like an attempt
> by one group to grab preferential treatment over the others. Is it
> not enough that the resulting software be free? 

No.

Perhaps you are not familiar with the way UNIX distributions used to
be constructed prior to GPL.  Code was often donated to the public by
either being placed in the public domain - uuencode/uudecode, Gilman's
tar program - or released under something like the Berkeley licence -
sendmail, the Berkeley sockets distribution, all the underlying TCP/IP
implementation, and many other things.  Vendors, such as SCO, used
slightly modified versions of the code and documentation giving neither
credit to the authors [or as little as possible] and distributing
the code as a proprietary implementation.

The result was that they were able to sell publicly available code
which was incompatible with the publicly available implementations and
hide their trivial modifications.  They also published butchered and
degraded versions of the public documentation - at least in the case of
sendmail - without crediting the original authors or leaving pointers
to the original, more complete and more useful documentation.

The Copyleft stops this practice and is indispensable in preventing
its odious return.

-- 
Mike Howard <mike@clove.com>

   
From:	 Daniel James <daniel@mondodesigno.com>
To:	 letters@lwn.net
Subject: re: The Trouble with Vorbis
Date:	 Fri, 3 May 2002 12:28:48 +0100

Hello,

On your 'Linux in the news' page this week, your editor mentioned the 
article The Trouble with Vorbis on Kuro5hin, and added 'Ogg Vorbis 
may not be as free as it seems'.

I for one don't share the criticisms of this piece. It's not good 
enough for some people that free software developers spend years of 
their life working on projects with modest reward - they have to 
deliver full documentation to third parties too. And turn down 
opportunities to earn a living while they're at it.

I too look forward to the release of a Vorbis specification which can 
be adopted as a standard, but neither I nor anyone else is in a 
position to demand it from the developers. 

Daniel James
   
From:	 David Fallon <davef@tetsubo.com>
To:	 Brian Beesley <BJ.Beesley@ulster.ac.uk>
Subject: Response to your letter to lwn.net
Date:	 02 May 2002 14:52:32 -0700
Cc:	 letters@lwn.net

Hi, this is in response to you letter to lwn.net
(http://lwn.net/2002/0502/letters.php3)

In general, I agree with you, but I wanted to raise some specific points
that you may have missed. In particular, your point four:

> 4. I don't see any reason to accept the inclusion of "billboards" into
> the linux product (source or binary), even if commercial organizations
> were to offer real money to sponsor their inclusion. IMO "free
> software" means "free of intrusion by advertising" as well as "free as
> in beer" and "free as in spirit". The problem here is, if we accept
> advertisements in source code, where do we stop? Advertisements
> appearing during system startup? Advertisements during user login?
> Advertisements appearing at random times during normal operation? 

You have the right idea, but you miss the point of open source. I
applaud anyone clever enough to convince people to pay him or her to
include advertisements in the kernel source. Why? Because, as it's an
open source operating system, your or I are in no way forced to view or
use those advertisements. Envision the scenario where linus was paid a
great deal of money to put an advertisement saying "brought to you by
nike" instead of the standard kernel messages. While linus is off
rolling in his piles of wealth, all the kernel developers have switched
to alan's tree. And 15 minutes after the kernel is released, a patch
appears on the kernel mailing list to remove it. You or I are only
forced to deal with these things when we deal with proprietary software,
when we don't have the rights inherent in the GPL. Just like when
dealing with free speech, it's critical for open source advocates to
hold up the right for everyone to modify the source, no matter how
repugnant the change. It will never be a problem, because fundamentally
the system works. Your right to include the advertisements is a
confirmation of my right to patch them right out of existence.

Anyways. Rock on, and thanks for taking the time to read this, if you've
gotten this far. :)

-- 
dave
   
From:	 Jason Baietto <jason@baietto.com>
To:	 lwn@lwn.net
Subject: GPL virus...
Date:	 01 May 2002 23:14:33 -0400

First, let me state that I'm a huge fan of Richard Stallman
and the FSF.  However, while reading your recent interview
with Richard Stallman, I couldn't help but make a connection
between the GPL and his analogy of patent-infected code being
like salmonella-infected food.

Many people who don't agree with the fundamental principles
of the GPL refer to it as a "virus".  While I don't subscribe
to this view myself, it seems that if a GPL virus did exist
it would have to be called..."Stallmanella" :-)

Take care,
Jason

   
Eklektix, Inc. Linux powered! Copyright © 2002 Eklektix, Inc., all rights reserved
Linux ® is a registered trademark of Linus Torvalds