Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise news for all interests
Published March 26, 1998

Sections: Linux articles Security Kernel news Distributions Ports Software Development Tips Announcements Links of the week Feedback and corrections Other stuff: The LWN Archives Our Linux links page And our new Linux Events Calendar!	Leading items Who needs the source code, anyway?. Certain large vendors of proprietary software have been raising that question, as has the press. There is a certain amount of legitimate confusion on this point. After all, not too many people bother with the blueprints for their house, or the engineering drawings for their car. Why would they need the source code for the software they run on their computer? Those of us who have been in the free software world for a while understand. Free software lets us get in and fix it when it doesn't work. Even better, it lets us (often) count on unpaid people we never met fixing it for us. We can go in and figure out how it works, and how to make it work better. We can make it do something completely new and cool. We have come to count on getting high quality, robust software which evolves rapidly, lacks unpleasant surprises, and which we can use when and where we need. We understand, but it would be a mistake to assume that everybody does. Part of furthering the cause will certainly involve some education in this area. People who never get past the GUI of a system still benefit from the availability of its source, and we need to help them to understand that. Thus we welcome a note received this week from Eric Kidd, who is running a survey of uses people have made of source code. If he gets enough interesting responses, he should be able to put together a very useful summary. We encourage you to help him out. Netscape has released an updated version of their public license. Check it out here. See also a writeup of a day spent compiling the free Netscape release on a Debian box. See also Richard Stallman's gripes about the NPL. Europe-Inside, an open initiative designed to promote IT industrial development and employment in Europe, is promoting a ready-to-use PC for the office based on Linux and Star Office as an alternative to Microsoft products. Page is in French Many thanks to everyone who responded to our survey! Apparently most of you think we're doing a great job. Thank you! At last count, we received 381 responses, with all the information we hoped. We especially want to thank all those of you who provided specific comments. We have read through all of them and appreciate your suggestions. We've drafted a summary of the survey results for those interested in others' responses.	Got some feedback, some news to publish, or something else you would like to tell us? lwn@eklektix.com is our address. Or would you like to be notified when new editions of the Linux Weekly News are published? Click here and send a blank message. Please see our contact page for other contact information. Here is the permanent site for this page.
	Linux in the news John Kirch has put together an outstanding comparison of Unix and NT in a server role. His bias is clear, but he has put together a dense, factual, and persuasive argument for the Unix side, and for Linux in particular. A couple of quotes: "Hewlett-Packard used Linux instead of its own HP-UX UNIX operating system while developing its new PA-RISC processor architecture. Schlumberger will be marketing a remote telephony solution that incorporates Linux.." "NT is also an excellent choice for managers who need to show that they used up their fiscal year budget for hardware/software expenditures. Perhaps this is why it requires no prior purchase approval within federal agencies." If you read only one article this week, this is the one to go for. If only we could get it published in an airline magazine... [Note: John Kirch is apparently changing ISPs. If you have trouble with the link above, you can read the article at this mirror site.] Leaning Toward Linux. An article in PC Week originally dated last summer but "updated" recently gives a favorable, if not entirely factual, review of Linux. In The Great Linux Experiment Dan Shafer talks about his project to work only under Linux for a month, to see how it goes. We wish him luck... POOMA? An article in ComputerWorld talks about massively parallel, cluster-type systems being developed at Sandia National Laboratory, and makes a passing mention of Linux in the process. This seems like a completely different venture than the Beowulf folks are working on. The folks at NC World ran a longish article on enterprise computing strategies. Their advise? Move away from the "declining" standalone PC model, and towards network computers (what a surprise) and lots of central servers. Their suggestion for servers? Linux, of course. What's more, they recommend buying pre-installed Linux systems in general, and the Cobalt Micro Qube in particular. Happily, they provide a substantial (if not complete) list of Linux system vendors out there. This is a nice one. NC World also recommends attending LinuxExpo. So do we.
	Top / News / Security / Kernel / Dists / Ports / Devel / Tips / Announce / Feedback
	A fix for Ascend Kill II is now available. /tmp race of the week: /usr/src/linux/scripts/Configure. There is a bug in Julianne Frances Haugh's shadow package which, if sulog file logging is enabled and su has not been run before, can allow an arbitrary user to create, use and delete the /var/log/sulog file. A fix was quickly posted ... ncftp can be used to execute arbitrary commands on downloads of entire directory trees, due to the use of the system() command to create directories. The latest version, NcFTP (2.4.3) released on March 19th, fixes this bug. It's available from ftp.ncftp.com under /pub/ncftp. A long list of ways to manipulate edquota(8) in malicious ways was provided, along with descriptions, suggestions and a kernel patch for Linux 2.0.33. A fix for a new mh bug (which allows any local user to easily become root) has been created and posted to ftp.redhat.com and a critical bug report has been filed for Debian. No word on other distributions yet. A problem in the Linux sound driver allows an application to overwrite kernel memory. This has been fixed in Linux Kernel 2.1.89. "Winnowing and chaffing" information is a new technique for scrambling data that could circumvent government export policies. A Workshop on Security in Large-Scale Distributed Systems will be held October 20-23, 1998. They are asking for contribution and panel proposals. For a broader look at privacy issues, check out the PRIVACY Forum Digest, a moderated digest for the discussion and analysis of issues relating to the general topic of privacy (both personal and collective) in the "information age" of the 1990's and beyond.
	Top / News / Security / Kernel / Dists / Ports / Devel / Tips / Announce / Feedback
	The current development kernel release is still 2.1.90. There is a pre-patch for 2.1.91 out there. This is a big patch which adds things like BSD process accounting, a number of obscure file systems (including Solaris x86), and an unbelievable number of fixes. Networking fixes also make up a big part of the 2.1.91 pre patch. David Miller has been busy fixing problems, and adding enhancements as well. In his "Greased TCPenguin" announcement, he describes a reworked TCP output engine ("much cleaner and saner") and support for TCP SACKs. "SACK" stands for "selective acknowledgement;" it provides for more efficient retransmissions when multiple packets get dropped out of the same TCP window. Essentially, it's a way for the receiver to tell the sender which pieces made it through and don't have to be retransmitted. If you're interested in TCP SACK, more information can be found on Sally Floyd's SACK page. Another important fix that should be in 2.1.91: Sound Blaster audio output has had the stereo channels reversed for a few releases. We're not sure why people were working on networking issues when such a debilitating bug was outstanding. Fortunately, Itai Nahshon was able to lay it to rest. Problems are still being reported with kmod in 2.1.90. Kmod, the replacement for kerneld, automatically loads kernel modules when they are needed. It turns out that, along with its other problems, it tends not to unload modules very well; in a number of cases it can panic the system. It is claimed that a number of these problems are not actually in kmod, but kmod has brought them out just the same. Much effort is going into kmod, and it can be expected to stabilize soon. Despite some initial adoption pains, nobody has been suggesting a return to kerneld. A new version of the coda filesystem has been released. Coda, an advanced distributed file system, is distributed as part of the 2.1 kernel; no word as to when this release will get folded in. (Coda can also be plugged into a 2.0 kernel, but if you're going to play with an experimental file system, you might as well go with the experimental kernel as well). See their announcement for more info. Version 1.3.1 of the IP firewall chains patches has also been released. This is a reimplementation of the IP firewalling code with expanded firewalling capabilities, better accounting, and more logging features. It is retrofittable onto a 2.0 kernel if desired. They are looking for testers over the next week or so, after which they want to submit the code for inclusion into 2.1. More patches: Richard Gooch has put out version 1.9 of his MTRR patch for the 2.1 kernel. MTRR ("Memory Type Range Registers") allow for serious speedups of some video operations. Richard is looking for testers before submitting the patch for Linus for inclusion into 2.1. See the announcement and patch if you're interested. Will the GGI people leave Linux? Last month we covered a bit of the debate over whether the General Graphics Interface (GGI) belongs in the Linux kernel or not. Evidently some feelings were hurt, and a number of members of the GGI project are talking about porting the system over to one of the BSD variants and making that their primary platform. It seems to be either a way of applying pressure on Linus to accept GGI into the kernel, or perhaps just going over to where they feel more welcome. Putting pressure on Linus seems inappropriate, seeing as he has not done anything to block GGI beyond expressing reservations about certain aspects of what they are doing. You can peruse the mailing list archives on the GGI web site to see the debate. Despite a slowdown recently, Alan Cox is still working on a 2.0.34 release. He'll have a "pre4" patch up at some point on ftp.uk.linux.org (in pub/linux/incoming).	Since we're a weekly publication, chances are we'll be behind a rev or two on the kernel release by the time you read this page. Up-to-the-second information can always be found at LinuxHQ.
	Top / News / Security / Kernel / Dists / Ports / Devel / Tips / Announce / Feedback
	Caldera The first questions from people installing 1.2 have started to come in. First few tips: The fancy "graphical dialer" is xisp Metro-X is no longer bundled with 1.2 because XFree86 was considered to be more sophisticated and up-to-date. Some problems with netcfg have been reported. Check caldera-user for pointers here, since no definitive description or solution has been posted so far. The Caldera 1.2 upgrade script is in internal testing and should be out shortly if no problems are found. Look for it possible this week or next. Debian Bruce Perens' departure has produced less upset than we expected. Though many people gave him heartfelt thanks and expressed concern about the impact, others were confident that, since Ian Jackson is already Debian project lead, and over 300 developers remain committed to Debian's goals, the departure will not injure Debian. And for the relationship between SPI (Software in the Public Interest) and Debian, SPI apparently only owns one disk drive and any hardware donated by others to support Debian will remain in its present state. SPI's change of priorities should not affect Debian. Ian Jackson, the Debian project lead, has posted his first draft of a proposed constitution for Debian. In his announcement, he requested that comments go directly to debian-devel rather than private email. He also mentioned that he is going to need volunteers for the position of Secretary for taking votes, so it appears that the democratic process is joining Debian ... Overall response to the document was reasonably mild. A lot of suggestions were made, a few "Oh no, not that!", but overall people seem to be handling the proposal as a good idea that needs some minor tweaking. A lot of people appear to be reading it, since the load on the site made it difficult to view the document itself. There are some posts going back and forth regarding the impact on the installer (deity) of breaking the distribution onto two to four more CDs. This is going to require major testing to guarantee smooth installs... Flap over the package removals seems to be dying down. Some of the bugs (particularly md5sums problems) are being downgraded to "normal" from "important" which will allow some packages back in even if the maintainer/developer has no time to recompile them. To help with testing, people in Europe can buy "frozen" on a CD from Christian Schwarz. One user's first look at deity has produce the reaction: Wow! We can't wait to see if other reactions are similar ... Red Hat Quite a bit of verbiage is going back and forth regarding Red Hat's policy of not releasing updated packages between official releases, even for reported bugs. They do, quickly, for security problems, but not for other difficulties, such as the incompatibility between their control-panel and usermode packages and the latest GTK. No particular resolution was in sight, at last reading. People would like to see Red Hat do more testing yet release upgraded packages faster. The offered suggestions seemed to be unofficial upgrades that could be released and tested by a wider audience before inclusion into the next official Red Hat release. Alternately, if Red Hat can just make some more money, they could hire additional staff ... One small tidbit in the midst of the debate: Red Hat has one full-time person reading and sorting mail to bugs@redhat.com. He is responsible for verification, validation and tracking of those bug reports. So, although your return response may only be an automated message, bugs@redhat.com is the best place to send bug reports. As for the reputation Red Hat earned of not accepting and implementing fixes for reported bugs, they are working hard to reverse that. So, they ask you to please send them in! For those panting for BIND-8, it has been confirmed that it will be released with Red Hat 5.1. S.u.S.E. An official announcement has been made of the patch provided by S.u.S.E. which allows one to run Java Workshop 2.0 in Linux. This patch was previously reported in our Software Development section, but now S.u.S.E. has stepped to take the credit. An official date for the release of S.u.S.E. 5.2 in Germany was set for March 25th.
	Top / News / Security / Kernel / Dists / Ports / Devel / Tips / Announce / Feedback
	Alpha There has been a steady trickle of reports of problems with g++ on Red Hat 5.0 Alpha systems. The word is that the distributed C++ compiler is simply not worth using; the best thing to do is to install egcs instead. The build of the alpha version of base for Debian 2.0 is going well, with only minor problems, but no one expects currently to make the Debian 2.0 release. Merced The Merced debate continues to rage in comp.os.linux.advocacy. Will Merced help Linux? Hurt Linux? End up not mattering? Nothing will be known until after the chip is released. As far as concerns about not having access to the design before the chip is released, people are forgetting about the real advantage of free software: people power. The development cycle for moving gcc/egcs and Linux to the Merced should be much shorter than the equivalent work from a commercial organization. If our (the Linux community) boasts are true, the worst the lack of NDA information will bring will be a level playing field as opposed to the chance to get there first. Merced un-proven rumours: Small group in Intel is porting Linux to the Merced now, more than 50% of the Merced development team are Linux *users*, Linux will be running on the Merced most likely from day one of it's general availability. No direct sources were quoted, but they were confirmed by at least two indirect sources. Sparc UltraPenguin 1.1 is in the works. Jakub Jelinek remarked that he is testing it now; it should be out soon. (UltraPenguin is SparcLinux for Sun4u "ultra" machines). Want to run SparcLinux under Solaris?. The folks at the Swedish Institute of Computer Science have released a Sparc emulator which is good enough to boot SparcLinux directly from an installation CD. Of course, you need a 200-MB Solaris system to run the thing...
	Top / News / Security / Kernel / Dists / Ports / Devel / Tips / Announce / Feedback
	JAVA After much comparing of notes and quick responses from a number of people across the world, it appears that having versions of libdl.so and ld.so (and ld-linux.so) below 1.8.x (typically 1.7.x) will not work with the Linux JDK. The "Hungry Programmers" are working on a free Java virtual machine. Their effort has been boosted by a merger with OryxSoft virtual machine project. Given that Kaffe is moving out of the free arena, this is an especially good thing. They are currently at release 0.01; check out their site for more info. Interest in japhar is already high in debian-devel. Jim Pick has announced his intention to package japhar for debian as well as possibly pitch in to help. Sergey Nikitin's JDK1.1.5v1.3 for Linux-Glibc2 is out. The goal of this release was to eliminate memory leak. He has also approached Sun and received permission to distribute JDK for Linux on CDROM, so the next release will be available either via ftp or CDROM. Threads Anybody who has worked with threads knows what a pain it is to debug multithreaded programs. Not only can you shoot yourself in the foot nondeterministically, but the debugging tools are primitive. Help is on the way, though... It is claimed that the SmartGDB project is working on LinuxThreads (and thus libc6) thread support. Having a thread-aware version of gdb will be a major win. Python A group trying to bring more order and coordination to Python module development has put together the "Python Expert Library" project. If you're interested, you can sign up for their mailing list (and peruse the archives). High Availability The heartbeat monitor mentioned in our last edition has generated a lot of good energy on the linux-ha group. Projects like this benefit greatly from having something written to evaluate, test and discuss. Thanks to Alan Robertson for writing this! It also triggered Harald Milz to point out the need for a cluster manager and failover subsystem. Alan suggested that the monitoring aspect of a cluster manager is not that different from other general system monitoring and alarm tools and recommended building it on top of the sophisticated tool "mon". Many people consider mon the best of the existing monitoring tools. Well, it turns out that Jim Trocki, of the mon project, is already adding the capability to handle asynchronous failures from sources. Having him participate directly on linux-ha is definitely a plus. Members of the linux-ha list are reading "In search of Clusters", by Dr. Pfister. They'd also love to see him participate on the linux-ha project ... rumour has it that he has good reason *not* to love Microsoft.
	Top / News / Security / Kernel / Dists / Ports / Devel / Tips / Announce / Feedback
	Andras Kemeny posted some rough scripts on linux-admin for monitoring system files and sending messages to alpha pagers when problems are reported.
	Top / News / Security / Kernel / Dists / Ports / Devel / Tips / Announce / Feedback
	Software Package Version Description Angela 1.21 BETA graph editor apache 1.2.6 The definitive web server aview 1.2 an ascii art image browser / animation player bb n/a the portable demo COBF n/a the Freeware C/C++ Sourcecode Obfuscator! dcd n/a dave's cd player dosdoom 0.61 an enhanced version of doom Eiffel 4.2 EiffelBench development environment (COMMERCIAL) Etherback 0.92 pseudo ethernet driver ezmlm 0.30 Digestifying/indexing addon for ezmlm mailing list manager follow 2.02 Web usability analysis tool fetchmail 4.4.1 Full-featured IMAP/POP2/POP3/APOP/RPOP/KPOP client freshrpms 0.7.1 RPM FTP update manager ipchains 1.3.1 Generic IP Firewall Chains ld.so 1.9.7 the ELF dynamic linker package Linbot 0.4 Site Management Tool for Webmasters LogWatch 1.3 log monitoring system lprMagic 2.0 multipurpose lpr input filter MikMod 3.0.3 a portable modules player MultiMail 0.11 Blue Wave & QWK packet reader MultiTrack 2.1 the harddisk recorder for Linux mtr 0.15 network diagnostic tool NetStreamer 0.13 Stream audio 8 or 16 kHz offix alpha High-level GUI library p910nd 0.1 a tiny printer daemon PinfoMan 0.01.3 A Personal Information Manager seascape 0.2 two player network game SimpleMirror 1.1beta1 simple ftp mirroring utility sysvinit 2.74 the Linux System V init TermLock 0.2 Terminal Locker security shell VICE 0.14.0 Versatile Commodore Emulator VisAD Java class library for data analysis and visualization w3mir 1.0 HTTP copying/mirroring tool WCD 2.0.4 Chdir for Dos and Unix w/C src WMPPP 1.0 GUI frontend to pppd Xgfe 1.3 X11 GUI for Gnuplot Yalsim alpha2 Yet Another Logic/Timing Simulator Projects FreeDesigner is an attempt to create a full-featured, free computer-aided design (CAD) system. CAD is certainly another area where Linux lags; let's hope these folks succeed. A call has gone out for help sorting out which parts of the (large) tetex package are not free. Tetex is a distribution of TeX which is widely used. Evidently TeX skills are not needed for this task. Here's their announcement if you would like to help. The Linux PenguinPlay Project (formerly known as the Linux Game SDK Project) is looking for a new server to host various services. The aim of the project is to bring the Linux OS a consistent SDK for game development. Another games project seems to be developing on linuxprog. They've set up some specific mailing lists for the project. Beta testers are wanted for a new Linux MIDI/audio player/plugin. If you've been looking for Linux software for project management, similar to ms-Project or powerproject, Kproject development has started and contributors are welcome. The SEUL project has released their draft installer specification document. Note that the URL in the announcement was temporary and the actual URL is now http://cvs.seul.org/~seul/dev/install/private/installspec.html. X Northern Captain (XNC), an X based graphical filemanager for Linux and FreeBSD systems, is looking for programmers and beta-testers. One poster to seul-dev-apps mentioned a category of software that, as far as he knows, is not yet being ported to/developed for Linux: Educational software. He makes a good case that such software is necessary before parents with small children can move fully over and that it would also allow Linux to enter elementary school classrooms; the Apple showed clearly how useful that could be. Anyone interested in stepping up to this job? Resources More Linux T-shirts! These use Larry Ewing's penguin with a choice of interesting wordings ... A French translation of some portions of Linux Gazette Issue 25 has been made available. Events Please note the addition of our new Linux Calendar. It's just on a test-run, so if you hate it, let us know! It just made sense to us that upcoming events should not be announce once and then forgotten ... Web sites A new web site and mailing list about a low cost open development model for integrated circuits (chips:), inspired by the succesful development model of Linux for software has been created. User groups Note that information about upcoming User Group meetings is now provided on our Linux Calendar. Please check us out and let us know if you like/hate the new system. We'll still post information on new user groups as we see them. New Mailing Lists A mailing list has been setup for xwpe, x windows programming environment.
	Top / News / Security / Kernel / Dists / Ports / Devel / Tips / Announce / Feedback
	Linux links of the week Many (perhaps most) readers of the Linux Weekly News are well aware of Fresh Meat. Fresh Meat is the definitive site for software release information in the Linux world. We mention it now because they have completely reworked the site, and it has a new look. Fortunately, the great information is still there. Unfortunately, some of us find the new colors a bit hard to read. Fortunately, somebody had some scripting fun and "members" of the site can customize the colors to their heart's content. It's a slick idea, and a useful site. We have tried to increase our coverage of Python recently. Those of you who haven't checked it out should wander over to www.python.org and have a look. There is no point in getting into "Python versus Perl" wars here; it is sufficient to say that Python is a highly worthwhile addition to the set of available programming tools.
	Top / News / Security / Kernel / Dists / Ports / Devel / Tips / Announce / Feedback
	Feedback and Corrections No corrections this week - we must have gotten everything right last week (for a change!).
	Top / News / Security / Kernel / Dists / Ports / Devel / Tips / Announce / Feedback

This page is produced by Eklektix, Inc.