Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise
news for all interests
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page
Other LWN stuff:
Archives/search
Recent features: Here is the permanent site for this page.
|
Leading items and editorialsHow should code be regulated? Your editor has just finished a lengthy project - reading Lawrence Lessig's Code and Other Laws of Cyberspace. The project was long because LWN leaves little time for outside reading, and because one does not push through Lessig in a hurry - even without reading all the footnotes. Anyway, the book, which makes a number of interesting points about freedom in the networked era, finishes with a direct call for the application of regulation to software. The case used to illustrate Mr. Lessig's point is the whole Y2K mess, which seemed rather more urgent when Code was published than it does now. It is a lack of a certain kind of regulation that produced the Y2K problem, not too much regulation. An overemphasis on the private got us here, not an overly statist federal government. Were the tort system better at holding producers responsible for the harms they create, code writers and their employers would have been more concerned with the harm their code would create.One can raise a number of straightforward objections to this claim, starting with the very strong presence the U.S. federal government had in the whole Y2K mitigation area. But one has to wonder how effective any sort of government regulation would have been in avoiding the Y2K scare. The idea of coding under state-mandated date representation standards - and standards for everything else - is pretty scary. Shall we bring in governmental code inspectors before every release? How much could really be accomplished via this path? The idea of raising the activity of the U.S. tort system also lacks appeal. Interestingly, Mr. Lessig points out the advantages of open source software in other contexts - he likes its inherent resistence to governmental control and suppression. But he misses the fact that free software had relatively few Y2K issues from the beginning. The bug in the mission-critical nethack application notwithstanding, users of free systems lost little sleep during the date rollover. Very few things had to be fixed. Might it be that the most effective regulation of code, that which has the best chance of preventing future Y2K's, is to have the code out there under a free license? Rather than the (admittedly strawman) code inspector and government standards mentioned above, free software can bring to bear many inspectors who carry with them a set of flexible, timely, and real-world rules. And, of course, they can fix the problems they find themselves. Rather than a vindictive system seeking to "hold producers responsible" for their code, we have a proactive system which takes responsibility for making the code better. Free software requires no regulations, no bureaucracy, and no courts. And it works. If public safety is to be used as an excuse to regulate code, then public safety should demand that code be regulated in the safest and most democratic manner of all: by having the code be free. Linux on handheld computers. The Linux system has turned up in a great number of places, from desktop systems and web servers through to top-500 supercomputers and cameras. So far, however, it has been mostly absent from the ubiquitous, handheld, "palmtop" systems seen in so many shirt pockets. If Linux is useful in all those other contexts, why not in handheld systems as well? Linux got one step closer to the palmtop when Compaq (in the form of Jim Gettys) announced the creation of Handhelds.org. This site is intended to be the focal point for the development of free software operating systems on handheld computers. To that end, it holds code repositories, documentation, mailing lists, and other, related materials. To be sure, Compaq would like to see people buying its iPAQ H3600 with Linux installed - it did, after all, announce the release of a Linux port to that system recently. But Handhelds.org goes beyond being a Compaq-specific site - it addresses handheld systems in general. Thus, for example, it includes the Phillips Nino port. This site goes beyond Linux as well - there is also work on a NetBSD port for the iPAQ. Progress has been quick - there is already a 2.4.0-test1 kernel running on the iPAQ. Expect the pace to pick up once it's possible to actually buy one of these systems - it will be too much fun for developers to resist. Linux is coming to a shirt pocket near you shortly.
Software patents - the fun continues. The "Eurolinux Alliance of European software companies and Open Source associations" has announced (in English and in French) the creation of a petition against the implementation of software patents in Europe. The announcement includes quotes from a number of European free software business figures. Those who would like to avoid the creation of U.S.-style patent problems in Europe may want to have a look and consider adding their names to the petition. Meanwhile, one almost wonders if British Telecom might be closet opponent of software patents. After all, what better way could there be to demonstrate and call attention to the problem than to claim a patent on linking and turn loose a lawyer squad to start shaking down U.S. ISPs? Patent number 4873662 was filed back in 1980, and claims to cover: Informaton for display at a terminal apparatus of a computer is stored in blocks the first part of which contains the information which is actually displayed at the terminal and the second part of which contains information relating to the display and which may be used to influence the display at the time or in response to a keyboard entry signal....When a block is read from the store of the computer the second part is retained in another store which may be located in the terminal or in the computer itself or perhaps both. If this patent is upheld, anybody making a link in the U.S. will need a license from BT to be fully legal - at least until 2006. Such an outcome may well be unlikely, given the degree of effort that is likely to be directed toward defeating this patent. But the patent demonstrates clearly the degree to which patents on software techniques threaten everything that we do. The U.S. Patent Office, meanwhile, has scheduled the Intellectual Property Symposium of the Americas. The purpose of this fancy gathering is not to question the proper role of intellectual property law; instead, the agenda items include things like "Business Software and Business Methods Patent enforcement issues." The event is being held September 11 and 12 in Arlington, VA; registrations have to be in by July 31, but there is no registration mechanism in place yet. One can only hope that a few rational voices can manage to attend. Feature: Interview with Carey Bunks. LWN has posted an interview with Carey Bunks, the author of Grokking the GIMP. A wide range of topics is covered, including the GIMP itself, the history behind the book, the pros and cons of writing under an open content license, and more. Check it out to get the scoop from one who has made a major contribution to the free documentation available for Linux. One last note on Linux laptops. Last week's discussion of Linux laptops talked about how few vendors carry such devices. We neglected to mention a long-time vendor of laptop systems: ASL, Inc.. ASL has been in the laptop business for a long time; we regret the omission. Inside this week's Linux Weekly News:
This Week's LWN was brought to you by:
|
June 22, 2000
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Security page. |
News and EditorialsThe trouble with big libraries. Chris Evans has turned up a number of security problems with libX11 - the low-level library that handles communication with the X window system server. The details can be found in this posting. Suffice to say that they are problematic. But the real problem, as pointed out by Mr. Evans, is that libX11 is a very large body of code. The difficulty of securing large programs has been well known for some time. Even though libX11 is high-quality code that has had more than a decade of debugging, it's still not possible to have a high degree of confidence in its security. So one of the keys to security is to write small, auditable programs. But even small programs can end up linking to very large libraries. Thus, in this case, any program that presents a graphical interface is a large program, whether it looks that way or not. The implication is that no graphical program, no matter how carefully written, can be secure if it is run in a privileged mode. To an extent this problem can be worked around by separating out privileged operations into a separate program. That is what was done with xterm, for example; the "utempter" program handles the privileged operation of changing the utmp file, so that xterm itself can run unprivileged. But more complicated situations will not always lend themselves to this sort of easy separation of tasks. Just another reminder that security is a hard problem. (Chris Evans has also posted on problems he found with the libICE library and xdm. Since the xdm source is used for many other display managers, including KDE's kdm, problems in that program could turn up in many other places.) Another fix for the 2.2 capability bug. The proper way to fix the 2.2 capability bug, which has been much discussed over the last couple of weeks, is to upgrade to the 2.2.16 or 2.2.17pre kernel. However, a kernel upgrade is not an easy thing for every site to do, and the newer kernels have some difficulties of their own. Those not wanting to perform the upgrade may want to have a look at the "capcheck" module, announced by Lionel Cons at CERN. Capcheck is a loadable kernel module which replaces the "capset" system call with a much more restrictive version. It can be loaded into a running kernel, and immediately closes the capability hole. Those who are interested can get the source from the capcheck download site. There are also binary modules there, but loading random binary modules as a security fix is a bit of a self-contradictory action. This fix is a clever use of loadable kernel modules. It also demonstrates the scope of what these modules can do. A module, once loaded into the system, can change its behavior in wide-ranging and subtle ways. Kernel modules have been little-used in attacks on systems thus far, but eventually some clever attacker will find a use for this mechanism. For this reason, many security-conscious sites disable module loading entirely, either via explicit kernel configuration or by using the capability bounding set. For those not wanting to go so far, a degree of caution is necessary. The capcheck module is short and easy to look over; paranoid administrators may want to do that before installing it. Crypto-gram newsletter. Here is the latest Crypto-gram newsletter from Bruce Schneier. The main topic is the new SOAP protocol, which is being promoted as an open source standard. " Because no security is required in either HTTP, XML, or SOAP, it's a pretty simple bet that different people will bungle any embedded security in different ways, leading to different holes on different implementations. SOAP is going to open up a whole new avenue for security vulnerabilities." Security ReportsRemote exploit in Zope 2.1.6. Digital Creations has issued an alert describing a remotely-exploitable security problem with Zope 2.1.6 and earlier. A new 2.1.7 release has been put out (along with a patch for those needing to stay at 2.1.6) that fixes the problem. Upgrades are strongly recommended. Note that the problem affects the 2.2 beta 1 release as well. (Thanks to Paul Hewitt and John Rowell).A new Kerberos problem. A vulnerability in the Kerberos 1.1 (and later) gssftp daemon has been announced. The daemon allows remote users to perform certain FTP commands that shouldn't be allowed, leading to possible denial of service attacks and, in some cases, root compromise. A small patch is included with the announcement which fixes the problem. Note that the krb5-1.0.x distributions are not vulnerable. PHP disclosure problems. PHP 3.0 can, when faced with certain illegal POST requests, disclose more information (including local file names) than is desirable. This information is not enough to compromise a system in itself, but it could prove useful to an attacker. This announcement from H.D. Moore describes the problem and gives a workaround. Insecure communications in emacs. GNU emacs uses subprocesses to perform a great deal of work, including compilations, shell mode, and running debuggers. It turns out that it is easy for outsiders to listen in on the communications between emacs and these processes. The hole has been closed with the release of emacs 20.7.This week's updates: Common Unix Print System. A remotely-exploitable denial of service problem exists with CUPS, a replacement for the old lpd print system. See this alert for details; it also contains pointers to fixed Debian "potato" and "woody" packages. (Debian 2.1 did not include CUPS). Users of the CUPS beta series should be at 1.1b3 or higher. Red Hat setgid vulnerabilities. Michal Zalewski has posted the results of a survey he did looking for setgid executables with vulnerabilities on a Red Hat 6.2 system. The results are not encouraging. Since setgid programs run at a lower level of privilege, they have not necessarily received the same degree of attention as those that run setuid. If they are compromised, however, they can still bring about unpleasant consequences. UpdatesZope. Few distributors package Zope currently, so there are only two updates out there:Kernel. A couple more distributors straggled in with updates to fill in the kernel capabilities hole. Red Hat, which is usually quick to get updates out, waited until June 21, a full two weeks after the problem and the fix were published.
Kerberos. There's only one new update to kerberos, fixing a number of older problems and the new FTP problem described above as well:
ResourcesLinux Security Week newsletter. Here is the Linux Security Week Newsletter for June 19, from the folks at LinuxSecurity.com. EventsCall for participation - RAID 2000. A call for participation has been issued for the Third International Workshop on the Recent Advances in Intrusion Detection, which will be held in Toulouse, France on October 2-4, 2000. June/July security events.
Section Editor: Liz Coolbaugh |
June 22, 2000
| ||||||||||||||||||||||||
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Kernel page. |
Kernel developmentThe current development kernel release is 2.4.0-test1. Linus has returned from his travels, but has only begun to surface on the development lists. One imagines that, after three weeks, he had a bit of a pile of mail witing for him... One sign of his presence, however, is the existence of a 2.4.0-test2 prepatch, in its eighth revision as of this writing. It contains a great many fixes, including "all the unquestionable ones" from the "ac" series that Alan Cox ran in Linus's absence. That series continued over the last week, culminating in 2.4.0-test1-ac22. The "ac" patches have stopped since Linus's return, of course. For the scoop on what's going on, there's no better place to go than Telsa Gwynne's diary: It's rumoured that Linus is back. I am hoping this means I shall see Alan for more than a ten minute lunch break in the near future. Unfortunately, I caught him collecting the Linux 8086 code earlier today, with gleeful mutters. Oh dear. The current stable kernel release is 2.2.16. The 2.2.17 prepatch is up to 2.2.17pre5; Alan is still working on stabilizing things and is thus not including much except obvious bugfixes. One change that did slip through in 2.2.17pre3, however, has raised some questions. It seems that only root can load new keyboard maps now. This change blocks users from doing a number of things they might otherwise like to do, such as loading a Dvorak keyboard or putting useful stuff on the function keys. Or, of course, putting the control key back where Nature always intended it to be. The problem, of course, is that somebody who can remap keys can bind them to perform some rather less useful functions. One could, for example, make the period actually send "rm -r /*", something the unsuspecting user will likely have cause to be unhappy about. The threat of this sort of obnoxiousness was enough to motivate the kernel developers to cut off the ability to change keymaps without privilege. Requiring root privileges to load keymaps puts the issue into the area of administrative policy. Those who want to enable random keymap loading can set up a setuid program to do so; others might choose to limit the loadable keymaps to those found in a specific directory. Now the ability to impose that sort of control exists; in previous kernels it was not possible. Dueling memory management algorithms. One of the more interesting aspects of the 2.4.0-test1-ac22 patch is that it came in two flavors. One incorporates Rik van Riel's latest memory management code; the other, instead, includes Andrea Arcangeli's "classzone" patch. The two have been in disagreement for some time over which approach was best; Alan was perhaps hoping to see some definitive results one way or the other as a result of people trying both out. If so, the initial results look to be disappointing. A few people have posted comparisons, but there has been little that has clearly favored one approach over the other. There are some vague references to classzone providing better interactive performance, but with the van Riel patches yielding better throughput overall. The problem of coming up with a truly optimal Linux memory management algorithm appears to be still unsolved. This issue needs to be dealt with before 2.4.0 can come out; the memory management hackers appear to have some work ahead of them yet. Reiserfs-3.6.9 has been announced. This version adds a new hashing scheme along with a port to a later 2.4.0-test1-ac kernel. Meanwhile, Hans Reiser continues to complain about his treatment in linux-kernel, since his filesystem has not yet been merged into the kernel. Here's an example of what has been going on, complete with the "ReiserFS FUD list." The kernel developers are (mostly) trying to make a real show of deciding on reiserfs based solely on technical considerations, not on the behavior of its leader. He is, however, making that hard to do. The Direct Access File System (DAFS), an attempt to speed file serving in local area networks, was announced this week. DAFS appears to have its roots at Network Appliance, but is now being supported by an industry consortium that includes Red Hat and VA Linux Systems. The details are still scarce - the consortium plans to have a protocol proposal together later this year. But it has the look of a very simple protocol aimed at enabling fast transfers in a low-latency, low-loss situation. More information can be found on the DAFS Collaborative web site. The presence of Red Hat and VA Linux, of course, implies that a Linux implementation of this protocol can be expected sooner rather than later.
IBM to release LVM technology. IBM has posted an announcement to some of the development lists stating that it will donate its logical volume management (LVM) technology to the Linux community. This donation currently seems to be limited to a white paper on the technology; there's no word on when more might be forthcoming. There has also been no word on what this implementation would offer above the existing LVM implementation in the current development kernel series. Watch out for gcc 2.96. The latest versions of the gcc compiler - such as the one found in Red Hat's "rawhide" distribution, will not compile a working kernel. As often seems to happen with new versions of the compiler, new optimizations have been introduced which break assumptions in the kernel. Things will eventually be ironed out; until then, stick with an older compiler for kernel building. Other patches and updates released this week include:
Section Editor: Jonathan Corbet |
June 22, 2000 For other kernel news, see: Other resources: |
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Distributions page. |
DistributionsPlease note that security updates from the various distributions are covered in the security section. News and EditorialsAMIRIX Linux is a new commercial distribution which hit the PR circuit this week. It's another embeddable distribution, with the usual support for running out of flash memory, headless operation, and so on. AMIRIX Linux is a Debian-based product; in fact, AMIRIX claims to be an "instrumental" force in setting up the Embedded Debian Project.A glance through the AMIRIX Linux web site will turn up some more information on the distribution. What's missing is any sort of information on how to actually get a copy of AMIRIX Linux. It turns out that their business model is to work with the manufacturers of embedded systems boards, and to provide a tailored version of the distribution to them. If and when the result is distributed, it is done by the board manufacturer, not by AMIRIX. So there's no straightforward way to just download and look at this distribution. OpenBSD 2.7 released. The release of OpenBSD 2.7 has been announced. Most of the improvements seem to be cryptographic in nature, including a new version of OpenSSH and an encrypted swap area. BlueCat LinuxBlueCat Linux 2.0. LynuxWorks has announced the release of BlueCat Linux 2.0, which contains a number of new features aimed at embedded systems applications, including a new memory profiler and an interactive debugger. It also supports a wider range of hardware than the previous (1.0) release.Caldera OpenLinuxAn automatic update script for Caldera systems was announced by Douglas Hunley. It's intended to be run out of cron; it will download and apply updates automatically.An update mirror for Caldera. The same Mr. Hunley has set up a mirror site which makes Caldera Systems' updates available. Getting through to the main site has evidently been difficult at times recently; using a mirror can make life easier for yourself and everybody else as well. The latest FAQs from Caldera can be seen in this listing. DebianTest cycle 3 to begin. Anthony Towns, who is acting as the potato release manager in Richard Braakman's absence, has announced a plan for the third potato test cycle. The hope is to get out a candidate which has fixed all of the bugs that are currently preventing a release. That involves getting fixed versions of a number of packages in (see this update for a list) and putting it all together. Things are getting closer...ReiserFS is not free enough for Debian? A note showed up on debian-legal this week after a ReiserFS package was rejected due to its licensing. The offending text is "If you wish to integrate it with any other software system which is not GPL'd, without integrating it into an operating system kernel, then you must obtain an additional license." As it turns out, this license has raised discussion before, in other forums. What Hans Reiser is really trying to do here is to open the door for vendors to buy the right to distribute ReiserFS under a non-GPL license. The general consensus is that the license adds no restrictions that are not already found in the GPL; the kernel developers have, in the past, been satisfied with it. Something will probably be worked out here, perhaps involving a rewrite of the ReiserFS license to be a little more clear in what it is trying to accomplish. Meanwhile, however, one developer pointed out that, sooner or later, ReiserFS will be integrated into the mainline kernel. Must the kernel, at that point, be moved to the non-free area?
More on the 'KDE in Debian' debate. Here is a column on Advogato proposing a different sort of solution to the Qt licensing problem. "Maybe we should just classify Qt as an OS on it's own instead? It has lots of the characteristics. You program for the Qt OS and it runs 'emulated' on UNIX/X11, Windows or the Linux framebuffer.... If we decided to re-classify Qt as an OS, what would then happen? All the licensing problems would immediately be solved. You are allowed to port GPL programs to any non-free OS like Windows, BeOS, MacOS etc, so why wouldn't you be allowed to port other peoples GPL programs to a FREE Virtual OS like Qt?" For the reasoning behind Debian's refusal to include KDE, see Joseph Carter's editorial on Freshmeat. "Qt is not non-free software. But it's not GPL compatible either. Some KDE core developers admit this privately, but won't do so in public because of the implications: that much of KDE is not legally distributable until they contact some people that are damned scarce these days and make the necessary arrangements." (Thanks to Scotty Orr). For more Debian news, including an interesting discussion of the Debian project's voting system, check out the Debian Weekly News for June 21. ImmunixImmunix 6.2 released. Immunix 6.2 has been released. Immunix is a version of the Red Hat 6.2 distribution which has been recompiled with the StackGuard compiler, which incorporates protection against some buffer overflow attacks. Other than the recompilation and the incorporation of some updated packages, there do not appear to be changes to the base Red Hat distribution. MaxOSSecond MaxOS beta available. We got a quick note from the folks at MaxOS saying that their second beta was about to hit their web site. It should be available by the time you read this.Slackware LinuxSlackware 7.1 beta 1 has been released. The details of what's new can be found in the changelog. It's a long list...SuSEInstalling Zope on SuSE? If you are looking to install Zope on a SuSE system, you will likely want to have a look at these step-by-step instructions posted by Eric Maryniak. There is a lot of useful help for getting through this (evidently non-trivial) process.SuSE and ham radio have gone together for some time. Now SuSE has set up a separate ham radio page, currently available only in German (translation available via Babelfish). Not content with packaging up all the ham software it could find, SuSE has now set up its own ham station - DK0TUX. It is intended for use as a testbed for SuSE-based ham software. Look for them on the airwaves.
SuSE tries to press technical advantage (CBROnline). The Computer Business Review ran this look at SuSE, with an emphasis on its competition with Red Hat. "While its status as a private company means that SuSE reveals little about its financial figures, its executives claim the company made a modest loss last year, after a profitable 1998. This is attributed to the cost of growing the firm, which saw the appointment of four senior officers in January alone, and sales growth of 350% in the US market in 1999. But, to convert its technical prowess into global market share, SuSE desperately needs the cash generated by the IPO and the publicity that goes with it." TurboLinuxTurboLinux releases operating system in six new languages. TurboLinux has announced the release of its operating system localized in six new languages: French, German, Italian, Portuguese, Spanish, and U.K. English. Section Editor: Liz Coolbaugh |
June 22, 2000
Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Development page. |
Development projectsNews and EditorialsThe Mozilla M16 release is out; see the release notes for details. (Thanks to Thomas Meinders).This week, your LWN Development Page editor tried out the new browser in an operational context. The experience was somewhat variable. Mozilla is getting very close to being a workable replacement for Netscape. The browser seems to be fairly stable and didn't crash on any of the web pages that were visited. The user interface has a nice clean look to it. Netscape users won't have to learn much to move to Mozilla since most of the same capabilities are present. One minor annoyance was that the alt-O "open URL" keyboard accelerator that Netscape uses seems to have been moved to alt-L "open Location" in Mozilla. One similarity with Netscape that could go away is the function of the "File-Quit" menu item in subwindows such as the mail program. "Quit" causes the subwindow and the browser to go away instead of just the subwindow. A better font selection mechanism would also be welcomed; one has to go through a series of menu items to select a new font, and there is no font preview mechanism, so picking new fonts is a painful process. A useful addition is the "History" function under the "Tasks" menu, this shows a list of URLs visited in the current session. As for installation, the installer program core-dumped on a fairly generic RedHat 6.2 system, fortunately, the binary tarball version worked fine. While it still has a number of rough edges, Mozilla seems to be getting there and is well on its way to being a useful browser. We look forward to the upcoming releases and will continue to use the M16 version. BrowsersWebLock for Mozilla. Doug Turner is working on a Mozilla add-on called WebLock that restricts the browser to a single web page, this is useful for keeping child-users from straying too far on the web. DatabasesMySQL 3.23.18 released. A new version of MySQL has been released. This is a development version that has support for big files and binary portable tables. EducationSEUL/edu Linux in Education Report. Here's the latest SEUL/edu Linux in Education Report. It includes an update on the Red Escolar project and more. Organization for Free Software in Education and Teaching. A new project, called the Organization for Free Software in Education and Teaching or OFSET, has been announced. "This organization will try to raise funds for development of free educational software, promote development of free educational software and coordinate the development of specific projects." They have put a manifesto online with more information on what they stand for. Embedded SystemsRTLinux v3.0beta released. Here is the announcement for the beta release of RTLinux 3.0. It includes a number of new features; see the announcement for details. Jemini embedded Java class library (LinuxDevices). You can now get a free, GPL licensed java compiler known as Jemini. "JEMIni is Websprocket's open source Java class library (.lang, .io, .util, .net) distribution. As a set of essential libraries supporting the Java language, JEMIni contains all of the current libraries from open source Java. JEMIni also includes Websprocket-developed packages for device, device driver, system resource management, device management, file management, real-time threads, and messaging." Universal Plug and Play for Linux (Linuxdevices). Intel has released an open-source development kit for Universal Plug and Play on the Linux platform. "On Thursday, Intel said it will release as open source a Universal Plug and Play (UPnP) development kit for the Linux operating system. UPnP, originally developed by Microsoft Corp., is a technology that allows a number of different kinds of devices to communicate via a network using standard protocols, such as TCP/IP." The development kit is being released under a fairly restrictive Single Copy License InteroperabilityJune 19 Wine Weekly News. The June 19 edition of the Wine Weekly News is out. Read about Wine 20000614, bug fixes, and unfixed bugs. Network ManagementOpenNMS weekly updates. Here are two new weekly summaries for the OpenNMS project. The June 14 edition discusses the JSNMP 0.2 release and licensing strategies. The June 20 June 20. edition discusses the JSNMP 0.2.1 release, and talks about the startup of a Bugzilla installation. Office ApplicationsGnucash 1.4 announcement. Here is the announcement for Gnucash 1.4. The program has undergone many changes. Among other things, this is the first stable release based on GNOME, and is probably the first that is suitable for a wide range of users. Interview of the Gimp's Sven Neumann (LinuxPower). LinuxPower interviews Sven Neumann, one of the main developers of The Gimp. Gimp-2.0 will be a total rewrite. This doesn't mean that we will not reuse any code from the current codebase, but we want to change the basic architecture and build the most advanced image processing system out there. Review of Gimp Developer's Conference. Read about the results from the recent Gimp Developer's Conference that was held in Berlin on June 2-4 this year. There you can find out the status of the current Gimp development and plans for Gimp version 2. AbiWord 0.1.10 avaliable. A New Version of AbiWord has been released. Improvements include bug fixes and improved RTF imports. Review of Balsa mail program (LinuxWorld). Joe Barr reviews the Gnome mail program Balsa in this LinuxWorld article. "Might I change my preference for GUI environment based solely on my choice of email? Absolutely. Mail is probably the most important application on my desktop machine these days." On the DesktopPossible KDE/GNOME interoperability?. Here's an article on Rivyn's KDE and GNOME News describing a possible merger of the KParts and Bonobo component architectures. Such a merger, if it happened, would allow for a great deal of interoperability between the two desktop environments. There is a lot that would have to happen to make such a merger work, and the article's suggestion that it could happen for KDE 2.0 seems hopelessly optimistic. But it is a good thing that the two groups are exploring the idea. "A merger between KParts and Bonobo, or KDE using Bonobo, will mean complete interoperability between KDE and Gnome. Nautilus could embed the Konqueror HTML engine, for instance. It basically would erase the blocks between KDE and Gnome, and allow limitless interoperability." (Thanks to Tim Hanson). Gnumeric 0.56 Spreadsheet. A new release of the Gnumeric Spreadsheet has been announced. The release includes bug fixes, keyboard accelerators, and tearoff menus. KDE 1.91 Kleopatra article (LinuxMall). Linux Mall's Greta Durr reviews the Kleopatra release of the KDE desktop. " For developers, KDE 1.91 provides a stable application program interface (API) which allows application developmennt, so they may plan their software releases to coincide with the release of KDE 2.0, scheduled for September of this year." ScienceLinux helps British scientists decode human DNA (ZDNet). British Scientists at Cambridge are using Linux to map the human DNA sequence. "Over three hundred Alpha-based Compaq TRU64 Unix systems as well as 60 Intel-powered Linux machines contributed to the huge number-crunching effort required to interpret the chemical make-up of a chromosome." Web-site DevelopmentZope 2.1.6 Security Bulletin. See this week's LWN Security Page for information on a recent remotely exploitable Zope security hole in Zope 2.1.6 that is fixed by upgrading to Zope 2.1.7. Zope Enterprise Objects (ZEO 0.2) released. ZEO 0.2, the first public release of the Zope Enterprise Objects package, is available here. ZEO is a wide-scale clustering package for Zope, allowing Zope sites to be distributed across a cluster of servers. See the ZEO Fact Sheet for an introduction to the technology. Section Editor: Forrest Cook |
June 22, 2000
|
|
Development toolsPerlJune 18 Perl5 Porters digest. The June 18 issue of the Perl5 Porters digest is out. Speed improvements for method calls and bytecode operations are discussed. New Perl Modules. The latest Perl modules may be found at this site. Numerous HTML modules are included, among other things. YAPC Conference Updates. Find out what is currently happening at the "Yet Another Perl Conference" which is being held at CMU in Pittsburgh, PA. An IRC chat line is available for those who want to participate. PythonTwo new Python-URLs. Here is the June 19 Dr. Dobb's Python-URL . Check it out for the latest in Python news, including a summary of what ActiveState is up to. Also, here is the June 15 Python-URL with discussions on Zope, and Python IDEs. Python modules for XML (IBM). David Mertz has written This article on using the latest Python tools to work with XML. Augmented Operators for Python. For those of you who miss the += forms of operators from C and C++, check out this patch from Thomas Wouters. Examples of the operators are given as they relate to the various Python data types. O'Reilly Open Source Conference/Python. Here is a list of the Python Sessions at the upcoming O'Reilly Open Source Converence on July 17-20 in Monterey, CA. Tcl/tkPapers from the European TCL/TK Meeting. Carsten Zerbst submitted the following:
"
The 1st European Tcl/Tk User Meeting is over now. About 70 participants
from all over Europe came to Hamburg to discuss recent developments and
present their work. Even Ajuba (ex Scriptics) sent the Tcl ambassador
Jeffrey Hobbs to the user meeting.
Additionally several companies, mostly from the area of e-business
presented themselves and tried to hire Tcl programmers. Most
participants said that this event was a success. The papers presented at
the meeting are available from
this site.
See also: this report from the user meeting posted by Jeffrey Hobbs. Tcl-URL. Here is Dr. Dobb's Tcl-URL for June 19, with coverage of the Tcl 8.4 roadmap and other development issues. Section Editor: Forrest Cook |
Language Links Guile Haskell Blackdown.org IBM Java Zone Perl News PHP Daily Python-URL Python.org JPython Smalltalk |
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Commerce page. |
Linux and BusinessLinux Training. Linux training is turning into big business. This week we see announcements of more classes, web-based training, expanded curriculums all available in more locations than ever. Many of these courses are aimed at getting students ready for Linux Professional Institute (LPI) certification exams. The latest round of announcements shows LPI as a front runner in Linux certification. For example CyberStateU.com has announced its web-based training course and Linuxcare, Inc. has announced an expansion of Linuxcare University's course offerings, along with a new training partner program. Both are geared towards helping students pass LPI exams. One of Linuxcare's partners is the Motorola Computer Group. They are working with Linuxcare on an initiative to deliver a set of Linux training courses, also aimed at LPI certification. Locations where these courses will be offered include Beijing, Munich, New York, Osaka, Shanghai, Tokyo, and, of course, Tempe, AZ. TurboLinux is also getting into the training arena. They have announced a partnership with Wave Tech to develop a complete Linux education curriculum that will track to the LPI certification standards, and they also announced a partnership with SmartForce to provide Linux seminars via SmartForce's web site. Red Hat and Dell, and Corel. The Red Hat Linux distribution will be installed on servers used at the Medical Center of Boston International, Inc. and on servers at every Toyota and Lexus dealer in the U.S.. The later announcement also says Dell will supply the computers. By the way, Dell is backing Linux in a big way, shown in announcement that Linux is its third "strategic, global operating system," along with Windows and NetWare. And the distribution of Linux that Dell will install will be Red Hat according to this announcement about the Dell/Red Hat "One Source Alliance." Red Hat will buy computers from Dell for internal use, and Dell will be running Red Hat internally. Red Hat will also be the default support vendor for Dell's customers. Linuxcare support will be available on request. Look for a careers page on Red Hat's web site. Red Hat announced a deal with techies.com to get that set up. Red Hat has announced its first quarter results. They brought in $16 million in this quarter, with a loss of $2.5 million. For Corel the second fiscal quarter has ended. Preliminary results were announced late last week, and final results announced earlier this week. They reported revenues of $36.6 million, producing a net loss of $23.6 million. Inferno source released - sort of. Lucent and Vita Nuova have announced that Vita Nuova will be distributing the Inferno operating system from Lucent. The code will go out under "a subscription license that is similar to the type used by open source software." The dissimilarity, however, is that one must pay $300 ($1000 for corporations) for a license, and further source redistribution can only happen to others who have purchased licenses. Vita Nuova seems to be hoping to create some sort of gated pseudo open-source community. This scheme is actually somewhat reminiscent of how Minix worked ten years ago - but Minix lost much of its community once Linux hit the net. Inferno is said to have some interesting things to show as an operating system, and getting the source out there is a step in the right direction. It is, however, still not free software. Caldera. Better late than never: Caldera Systems has put out an announcement on the preinstallation of OpenLinux on IBM ThinkPad laptops. Helius has announced a new satellite Internet gateway - which is based on Caldera OpenLinux. Announcements from LynuxWorks. LynuxWorks (once Lynx Real-time Systems) has put out a series of announcements. They include this one about the company's receipt of $35 million in private financing, and this one about a partnership with ZF Linux Devices to bundle BlueCat Linux with ZF's "MachZ" development system. Storm Linux 2000 bundles X-Win32. Stormix Technology has announced that it will bundle StarNet's X-Win32 PC X server with the deluxe edition of Storm Linux 2000. StarOffice 5.2 released. Sun Microsystems has announced the release of StarOffice 5.2, which has "over 200 new and enhanced features." Press Releases:Open Source Products.
Commercial Products for Linux.
Products Using Linux.
Products with Linux Versions.
Java Products.
Training.
Partnerships.
Investments and Acquisitions.
Personnel.
Linux At Work.
Other.
Section Editor: Rebecca Sobol. |
June 22, 2000
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Linux in the news page. |
Linux in the NewsRecommended Reading. The O'Reilly Network has put up this history of the PostgreSQL project written by core developer Bruce Momjian. "We were never tempted to follow a more aggressive schedule with more releases. A database server is not like a word processor or a game, where you can easily restart it if there is a problem. Databases are multiuser, and they lock user data inside the database, so we had to make our software as reliable as possible." Linux Companies and a few others. This News.com article looks at Red Hat's quarterly results. "The stronger-than-expected numbers will likely buoy optimism that there are profits to be mined in the Linux industry." Here's Upside's take on Red Hat's financial results. "Given International Data Corp.'s latest predicted growth rates for Linux servers and embedded devices, it's only a matter of time before Linux-related businesses start spinning open source code into gold, he says." ZDNet looks at Red Hat's acquisition of WireSpeed. "The WireSpeed acquisition offers further evidence of Red Hat's intention to be a major player in the Internet appliance and embedded device markets. Earlier this year, Red Hat completed its acquisition of Cygnus Solutions, a prominent open source embedded technology and development tool company." Upside chimes in on Red Hat's acquisition of WireSpeed. "With only 28 employees, WireSpeed offers little in the way of unique software tools or brand value. In essence, Red Hat will be paying more than $1 million per new employee -- or closer to $1.5 million once all the extraneous marketing types have been dealt with in the usual post-merger fashion." Forbes ran this article on Dell's increased commitment to Linux. "Declaring his company 'the Robin Hood for the Unix marketplace,' Red Hat CEO Matthew Szulik claims that the Dell deal 'sounds a bell for the declining opportunity for Unix.' Perhaps, but it's tough to count out Sun, which has grown sales and profits of its Unix servers consistently every quarter for the last two years." Here's ZDNet's take on the Dell/Red Hat deal. "Why is Dell doing this? Simple. It's where the money is. Dell's senior VP of the Enterprise Systems Group, Michael Lambert, explains that Dell is already the No. 2 provider of servers, behind market leader Compaq, and that 9 percent of all Dell servers are now going out the door with Linux." News.com looks at the new deal between Dell and Red Hat. "Though Dell and Red Hat called today's initiative the 'one-source alliance,' Red Hat is hardly the sole source for Linux products and services at Dell. Dell executives said the company will in fact maintain its relationships with TurboLinux and Linuxcare, two Red Hat competitors." The Computer Business Review ran this look at SuSE, with an emphasis on its competition with Red Hat. "While its status as a private company means that SuSE reveals little about its financial figures, its executives claim the company made a modest loss last year, after a profitable 1998. This is attributed to the cost of growing the firm, which saw the appointment of four senior officers in January alone, and sales growth of 350% in the US market in 1999. But, to convert its technical prowess into global market share, SuSE desperately needs the cash generated by the IPO and the publicity that goes with it." Here's an upbeat article about Linuxcare on ZDNet. "You might have thought that Linuxcare's partners--given its recent tumulus history--might be wary of doing more business with the San Francisco based Linux technical-support firm. IBM disagrees. Indeed, IBM, far from downplaying its Linuxcare support relationship, is expanding it." News.com covers the investments in Mission Critical Linux. "Unlike several other Linux start-ups, Mission Critical Linux doesn't plan to use the cash to fund aggressive expansion efforts. 'We believe we have critical mass at the moment' with about 80 employees, said chief executive Moiz Kohari." Upside talks briefly about TiVo. "TiVo's digital video recorder allows on-demand viewing of previously aired TV shows and actually runs its own version of the Linux operating system. TiVo inked a deal with AOL (AOL) Wednesday for $200 million to specially configure its devices for AOL-TV and to develop a special co-branded version of TiVo." The Ottawa Citizen examines ways in which Corel might stay afloat. "All of this points to the need for Mr. Cowpland to consider a more dramatic remedy -- such as breaking up his own Corel into more focused units, perhaps by selling some of them off. One telltale sign: insiders say Mr. Cowpland has even joked recently about his own lack of focus." LinuxPlanet examines potential conflicts of interest when corporations start participating in free software products. Corel and KDE is held up as a case in point. "There is another area of potential conflict: KOffice. As the purveyor of a commercial office suite for Linux, it is hard to imagine that Corel wishes KOffice well." PC World looks at Compaq's support for Linux on handheld computers. "Compaq's release of Linux for the IPaq will allow researchers and developers to write new applications for handheld computers and other intelligent appliances, says Nora Hahn, a Compaq spokesperson. The idea is to try to encourage use of Linux as a common operating system and development tool for handheld computers." ZDNet covers the release of Intel's vision library. "While the open-source library is intended to encourage research, some of the coding could have immediate value in current applications, according to Intel. For example, the camera calibration functions in the software library will allow the use of a wide angle lens to capture a large field of view and correct for the lens distortion that produces unflattering large noses in video conferencing." Here's News.com's take on Intel's Software Development Kit for its Universal Plug and Play. "The development kit, called the Intel Universal Plug and Play Software Development Kit V1.0 for Linux, includes an application programming interface (API) and Linux source code. The API helps hide the complexity of the interface and simplifies development. " Business. BeOpen looks at the demise of Linsight and the difficulties of the Linux media business in general. "Still, in the Linux business community, where commodity software costs have forced even well-established companies to look for advertising-based content to shore up revenue streams, LinDeveloper strikes many as a miner's canary -- an ominous prelude to the mother of all shake outs." The story also suggests that SourceForge is about to start running banner ads. TechWeb takes a long look at Linux in the Enterprise. "But other questions remain. How well does Linux fit the enterprise? How successful have Computer Associates International, Novell, Oracle and other companies been at deploying their products on this new platform? How feasible is running Linux as a core operating system in your organization, and how well will it work?" AsiaBizTech reports on how Japanese computer makers are adopting Linux. "All of the makers are striving to improve and expand their Linux-related services. What they all have in common is a desire to see corporate users starting to adopt Linux in earnest. This means that the makers themselves will then be called upon to undertake the task of building new systems for core business operations and e-commerce services." Here's a ZDNet column arguing that software should not be looked at as a static product; it also offers some suggestions to the Linux business community. "Suggestion: All Linux vendors should get together and package 'pure Linux' as one CD that is included in all of their distros. The add-ons and customizations making up their proprietary package should come on a separate CD that augments the first. The name 'Linux' should be reserved for the 'common' part shared between all vendors." This osOpinion piece looks at the issue of forking from the opposite perspective - that Linux is instead unifying many things across the computing landscape. "On the protocol front, Linux works to unify various methods of sharing files so that a gaggle of Macs, a murder of Windows pc's, a herd of Novell clients, and a parliament of Unix boxes can access the same file system (possibly using the same accounts but with different auth schemes). Suddenly you can have one fileserver for the office and the right tools for each employee." Here's Jesse Berst's latest column telling us that Linux has potential, but not on the desktop. "Linux stands a chance to become a major force in modern computing. But it won't be on the desktop, where consumers have already made their choice. But Linux can succeed in business, where its reliability is well known, and in small devices, where the OS is invisible to consumers." Signal Ground has run this editorial rebutting an editorial from Windows 2000 Magazine. "No, Mr. Thurrott, the numbers that you supply do not represent a loss for Windows in the server space. Rather, they show a market stagnation for Windows, which gained nothing in 1999." Here's a ZDNet column expressing some wishes for the future of the software industry. "Sun, at last acknowledging what everyone else knows -- that it's a far better hardware company than a software company -- really and truly turned Java over to an independent standards body. Sun also would cease immediately its self-imposed Linux ban and start offering it preloaded on its servers." Jakob Nielson's UseIt.com trashes Gnutella from a usability point of view. "The entire open software movement is run by programmers who are motivated to bring out advanced code and not motivated to simplify the user interface to make it approachable by less-technically inclined mainstream users. If they want hundreds of millions of users (as opposed to a few million), it will be necessary to fix the user interface and bring it up to the standards of usability expected of professional software." (Thanks to Bernhard Reiter). Evan Leibovitch continues to write about software licenses on ZDNet. "While BSD folk write code just to 'get it out there,' and the open source movement (at least as expressed by Eric Raymond) advocates that its use makes economic sense, the GNU rationale is based mainly on righteousness. While others seem to value the merits of free software on practical merits or even pure self-interest, the people behind GNU say, when it comes down to it, this is a simple matter of right and wrong." Now here's a fun one...according to this BBC article British Telecom claims to own a patent on hyperlinks. "BT rediscovered the Hidden Page patent three years ago during a routine trawl of its 15,000 patents. The growing popularity of the internet has spurred it to capitalise on the patent. 'It is only now that the world wide web has become commercially significant,' said a BT spokesman. He added that BT has spent the time preparing its licensing programme for companies that want to use hyperlinks. 'It takes a long time to prepare a licensing programme of this magnitude,' said the spokesman." Our old friend John Taschek at ZDNet has figured out why Linux stocks are down. "These companies are trying to salvage dead or dying products by recasting them as Linux essentials. They're going so far as to tweak Linux and make parts of it proprietary. This clearly is not the way of Linux life. Linux developers, meanwhile, resent this. They've seen the profit motive destroy good technology. True Linux types hate companies that push a Linux agenda because they cast a bad glow across the entire Linux base. Investors then pick up on this bad karma and dump their entire Linux portfolios." Here's an Internet Week column looking at the possible consequences of a Microsoft split. "The prospect that Windows might become an excellent product should give Linux supporters pause. Because Microsoft (the OS company) will now have to compete on its own merits, there's no question that the product will become stronger and more stable. Until now, the companies that make Unix and those that distribute Linux have had those qualities pretty much sewn up." Resources. Rick Lehrbaum has provided the latest Embedded Linux Newsletter. It's a comprehensive summary of announcements and press coverage in the embedded Linux area. LinuxNewbie.org has put up this help file on using a Diamond Rio with Linux. "Believe it or not, getting the Rio to work in Linux is easier then the same process in Windows. I'm serious. If you don't believe me then just follow along." Here's a detailed, step-by-step article in LinuxDev.Net on how to integrate the Python interpreter into the Apache web server. "To build a Python module for Apache, there are three steps you need to take: installing the Python libraries, recompiling Apache with the PyApache module, and finally telling Apache about PyApache in the httpd.conf file." Interviews. News.com interviews Irving Wladawsky-Berger, the VP of technology and strategy at IBM. "We see Linux as being as much of a fad as the Internet was in 1995. Linux is more like the Internet in being an industrywide initiative that all vendors can support. That makes it very different from supporting Windows or other technology that's very good but that one vendor has all the control over." LinuxPower interviews GIMP developer Sven Neumann. "I'm sure end-users will like the more consistent user interface of Gimp-1.2 and will love to discover the new features we've built into it. Among the new tools that were added, the much improved support for paths is probably the most worthwhile. The thing I like most about the new Gimp is that it feels much more responsive due to the introduction of the idle-renderer. While Gimp-1.0 used to block the user interface while rendering a new composition of the image, Gimp-1.2 allows you to interrupt that process and combines consecutive changes." BeOpen interviews Randy Terbush, founder of Covalent. "Any work that happens in the [Apache] core continues to go back in the core and is public domain, meaning any other competitive company or end-user has the benefit of those resources. At the same time, using the module API to create some proprietary add-ons that in a lot of cases have to be proprietary because the third party code that we have to license is often proprietary -- there's really no other way if we want to bring Apache to the same level as Netscape and IIS server." News.com talks with Simon Lin of Acer about embedded systems. "Linux is still far from establishing itself as a mainstay, Lin said, but the open-source operating system is helped to a certain degree by timing. Linux is gaining momentum among developers at a time when the device market is taking off." GnuLinux is running an interview with Eazel's Andy Hertzfeld. "People forget how innovative that was. To have all these different companies making hardware that ran the same software, that was the real essence of the PC revolution. Well, it's 20 years later and it's time to commoditize that next level up, the operating system. At the system level, there literally has been no innovation for 20 years. Look at Linux. It's an up and coming contender for a leading edge operating system, yet it's essentially a 30 year old architecture." Finally. This LinuxMall article looks at a medical program called REALTIQ. "Practice striking your poses now--a new medical scanning alignment program that runs exclusively on Linux is scheduled for release late this summer. " Section Editor: Rebecca Sobol |
June 22, 2000 |
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Announcements page. |
AnnouncementsEventsA couple of upcoming conferences. The first Swiss Linux Conference will be happening in Zurich on June 27 and 28 in Zurich. Speakers include Alexandre Julliard and Frank Hecker. (Thanks to Joe Ammann). The Linux 2000 UK Linux Developers' Conference is set for July 7-9 in London. Speakers include Hans Reiser, Rik van Riel, Stephen Tweedie, Miguel de Icaza, Wichert Akkerman, and many others. Training at LinuxWorld. LinuxWorld Conference and Expo has selected Sair Linux and GNU Certification to deliver on-site Linux training and certification at its upcoming convention Aug. 14-17 in San Jose, Calif. Second annual Linux Storage Management Workshop. The second annual Linux Storage Management Workshop has been announced for October 15-19 in Miami, Florida. A number of Linux filesystem hackers will be there, and topics will include "journaled and cluster file systems, logical volume managers, RAID software and hardware, backup and recovery utilities, tape archiving and HSM, high availability, SCSI and Fibre Channel, devfs, page cache and buffer cache issues, software RAID via MD, and storage networking infrastructure." Open Source Retreat, Eildon (AU). Netizen has announced an "Open Source Retreat," to be held in the rural town of Eildon in Victoria, Australia, on October 20-22. Details can be found on the retreat web page. Report from Linux Fest 2000. Here is a report from Linux Fest 2000 in Kansas City; it was posted to the Boulder LUG mailing list by Sean Reifschneider of Tummy.com. It's the first in a series, expect more as the conference gets going. GlobalLinux2000 in Korea. Here's a followup report on GlobalLinux2000 which took place in Korea last week. There's also this account on Slashdot. "Proctors dropped us the following note after jetting home from the Global Linux 2000 meeting in Seoul, Korea. His account is brief, but it conveys a spirit of adventure and fun which only the thought of an RMS / ESR sing-along can." More notes from JavaOne. Juergen Kreileder has sent out an addendum to the JavaOne notes by Nelson Minar. Among other things, he notes that the Blackdown team won the "Outstanding Team Contribution" award there for the Linux JVM port. Web sitesLinuxLinks announces Web Calendar. LinuxLinks.com announced a new multi-lingual web calendar. NUWAVE launches LinuxNuwave.com. NUWAVE Technologies, Inc. announced the launching of its new Linux website www.linuxnuwave.com. User Group NewsCentral Ohio Linux Users Group Meeting. COLUG will meet on Saturday, June 24th. The main presentation is a carry-over from last month on setting up DNS. The second half will be a 'Stump the Guru' Q and A session. Report on SSLUG's trip to the Oresund Bridge. Hans Schou sent us this report on SSLUG's recent trip to celebrate the opening of the Oresund Bridge. "We celebrated the opening by walking on the bridge - the Danes from Copenhagen and the Swedes from Malmoe - and by meeting at the middle of the bridge and setting up a network of four PC's connected together as a symbol for the fixed link." |
June 22, 2000 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Software Announcements
|
Our software announcements are provided courtesy of FreshMeat
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Back page page. |
Linux Links of the WeekSlashroot.org is another Linux news site which appears to be making a go at it with locally-written, feature content. The site is young; it will be interesting to see where it goes. Linux Headquarters is, instead, oriented toward tutorial content. There are HOWTO-type documents on a number of topics, including an example-laden introduction to GTK+ programming. Back to news sites, internet.com has finally launched Enterprise Linux Today, an offshoot of LinuxToday aimed at corporate readers. Section Editor: Jon Corbet |
June 22, 2000 |
|
This week in historyTwo years ago (June 25, 1998 LWN), the Beowulf web site at NASA was temporarily shut down due to export control fears. The project started looking for non-US mirror sites... Alan Cox sounded off on U.S. patent laws: Anyway its up to the US citizens to kick their government in the right direction. "Representation of the people" usually only works when the representative is made firmly aware that there is a horde of the represented right behind him who are going to do serious damage if said representative doesnt do some representing of the people for a change. IBM made its plans to to bundle Apache public, having finally satisfied its lawyers that the whole thing would work. ZDNet's Jesse Berst looked at the prospects for Linux: Would you like to see the rug pulled out from under Microsoft? Here's how it could happen. IBM ships and supports Linux. Oracle does Linux versions of all its products. A consortium of top vendors picks a standard Linux interface and creates a compatibility logo. Offhand, it looks like we have gone a long way toward satisfying his list. Meanwhile, the development kernel was at 2.1.106ac4; there was an initial 2.0.35 prepatch out there on the stable side. Debian 2.0 beta was released. Adaptec saw the light and began to help Linux support its SCSI controllers. One year ago (June 24, 1999 LWN), SuSE surprised the world by releasing its financial results - despite Red Hat's claim to bigness, SuSE was not at all far behind. Over 5000 people attended Linux Expo Paris. Eric Raymond spoke at Microsoft: It was kind of amusing, really, fielding brickbats from testosterone-pumped twentysomethings for whom money and Microsoft's survival are so central that they have trouble grokking that anyone can truly think outside that box. On some subjects, their brains just shut down -- the style reminded me a lot of the anonymous cowards on Slashdot. (From the Linux Journal). Ten European industrial leaders, including Linus Torvalds, worried about software patents. Bob Metcalfe predicted the death of the "Open Sores Movement." The development kernel was 2.3.8 - it was a scary one to run, since massive changes to the I/O system occasionally corrupted file systems. The stable release was 2.2.10. Eric Raymond suggested that the EROS operating system should be the guide for Linux's future. HP announced a line of Linux workstations. | |
|
Letters to the editorLetters to the editor should be sent to letters@lwn.net. Preference will be given to letters which are short, to the point, and well written. If you want your email address "anti-spammed" in some way please be sure to let us know. We do not have a policy against anonymous letters, but we will be reluctant to include them. | |
Date: Thu, 15 Jun 2000 16:32:17 -0400 (EDT) From: Joe Klemmer <klemmerj@webtrek.com> To: letters@lwn.net Subject: Easier floppy access In the 6/15 issue of LWN there is a commentary about easy floppy disk access. I would like to point out a very nice little utility that comes with the XFce desktop <http://www.xfce.org> called "xfdevmount". This utility allows one to mount and open a file manager on the content of a floppy or CD with one click. There are other little gems like this in XFce, too. It's a very good desktop/window manager, too. --- Sweater, n.: A garment worn by a child when its mother feels chilly. | ||
From: Troy Baer <tbaer@columbus.rr.com> Date: Fri, 16 Jun 2000 09:38:13 -0400 (EDT) To: Richard Stallman <rms@gnu.org> Cc: letters@lwn.net Subject: Re: Floppy handling Seen on http://lwn.net/2000/0615/a/rms-floppy.php3: > Is there any possibility of making Linux handle file systems on > floppies like MSDOS, so that there is no need to explicitly mount and > unmount a floppy drive in order to access floppies through the file > system? This can be done with virtually any removable disk media with the Linux autofs kernel-level auto-mounter; basically you need to set the automounter up to unmount the drives after a very short period of inactivity (~1-5 seconds). I've got an example of how to configure autofs to handle floppies, CDROMs, and Zip disks at http://home.columbus.rr.com/tbaer/linux/autofs/. It's not 100% perfect (things like SAMBA will keep drives from unmounting), but it's a start. Hope this helps, --Troy -- Troy Baer, MS(AAE) "My life's work has been to prompt tbaer@columbus.rr.com others... and be forgotten." http://home.columbus.rr.com/tbaer/ --Cyrano de Bergerac | ||
Date: Sat, 17 Jun 2000 01:25:03 -0600 (MDT) From: Richard Stallman <rms@gnu.org> To: tbaer@columbus.rr.com CC: letters@lwn.net Subject: Re: Floppy handling This can be done with virtually any removable disk media with the Linux autofs kernel-level auto-mounter; basically you need to set the automounter up to unmount the drives after a very short period of inactivity (~1-5 seconds). The goal job is to make the system continue in a reasonable way if the user removes a floppy at any time and later inserts another one. Whether the automounter does the job depends on the precise definition of "inactivity" used by the automounter. I fear that its definition is based on the absence of any descriptors pointing to the floppy. If so, it would do the job some of the time, but won't do it reliably. This feature is important enough for non-hacker users that it ought to be done in a solid and reliable way. If some processes have descriptors pointing to the floppy at the time it is removed, they probably have to lose somehow; the best way for them to lose is by getting errors when they try to do any further I/O. But the damage should go no further than that! I think it is best to eliminate caching on floppies, and prohibit mmap on floppies, so as to make floppies more reliable for their most common use--file transfer and archiving. | ||
Date: Fri, 16 Jun 2000 16:04:26 +0530 (IST) From: Atul Chitnis <achitnis@exocore.com> To: letters@lwn.net Subject: RedHat's Update policy To put it mildly - I am appalled at RedHat's lack of seriousness when it comes to updating critical components. By now, everyone and his uncle has heard about the pre 2.2.16 kernel bug. And every distro under the sun has issued kernel updates. Every distro, that is, except RedHat. Instead, there are minor bug fixes and even a couple of security fixes for emacs, but people who have paid good money for RedHat's boxed sets are left out there in the cold - insecure as hell because they cannot update their kernel. Sure, the average Joe Tux will scream "so roll your own kernel", but in the corporate world (that redHat addresses) things don;t always work that way. When is RedHat going to wake up? After the first publicised break-in into a server? I mean, how difficult can it be for RedHat to quietly build kernel RPMs based on 2.2.16 and ship them? Bah! Boo! Hiss! Atul Chitnis -------------------------------------------------------- Atul Chitnis | achitnis@exocore.com (PGP:6011BCB8) Exocore Consulting | http://www.exocore.com Bangalore, India | +91(80)3440397 Fax +91(80)3341137 -------------------------------------------------------- | ||
Date: Tue, 20 Jun 2000 17:22:16 +0100 From: Steve Emms <sde@linuxlinks.com> To: lwn@lwn.net Subject: Who controls the Linux Media ? I run LinuxLinks.com (http://www.linuxlinks.com) - a linux portal and recently we added a personalised calendar service to our web site. We submitted an article to LinuxToday (owned by internet.com) and it was published only to be pulled almost immediately. The reason given was that website enhancements are no longer news. However a similar service offered by another website was published. And who owns that website ? Why internet.com of course. OK, this calendar isn't state of the art - but it is a free service and it does complement the existing facilities on the site. And sure, it is up to LinuxToday what they think is newsworthy and so post. But wait a minute, this sort of thing has made the news before - linuxstart announced a similar calendar service - take a look at http://linuxtoday.com/news_story.php3?ltsn=1999-07-13-015-10-PR What's the difference ? Well, Linuxstart are owned by internet.com This opens up a number of questions about how we judge the news we read. Linux is becoming big business and there are vested interests. Web sites are merging and being taken over by large conglomerates. Who determines the impartiality of the news we read ? Who determines what is news and what is advertising ? LinuxToday is one of the major daily linux newsites and they determine that enhancements to major Linux websites like LinuxLinks is not important. But LinuxLinks is independent - it isn't owned by internet.com and it isn't owned by VA Linux. Is it and sites like it being penalised because they don't have a monopoly in the Linux media ? And is this really in the spirit of the Linux movement ? Steve Emms LinuxLinks.com | ||
Date: Sun, 18 Jun 2000 01:45:42 -0400 To: letters@lwn.net Subject: Embedded source code From: Zygo Blaxell <zblaxell@feedme.hungrycats.org> I almost entirely disagree with a recent LWN letter to the editor... >From: Bret Indrelee <breti@ancor.com>To: lwn@lwn.net >Subject: Embedded source code =2E.. >Some devices have design requirements and operating ranges that they >depend on software to enforce. If it is open source, what are the legal >issues? If someone changes the embedded code in a device and it causes a >fault, whom is at fault? Certainly this is not an argument against building a device that happens to have open or free source code. Just because the device is based on open-source or free software, you as a consumer are not required to actually modify it yourself--and you accept full responsibility if you do, just as you would with a proprietary device. Note that there's nothing about an open-source embedded device that suddenly means that anyone can go hacking it. The device may have read-only software memory, for example, which prevents the software from being upgraded on any given device. The software would be "open source" in the sense that it would be possible to build and program a new device with the same or modified software. This is actually a desirable feature on a lot of embedded devices--you want their program memory to remain intact even after power failures and minor accidents, and the easiest, cheapest, lowest-power way to do that is with some kind of ROM. Embedded devices thankfully do not have to adhere to the PC model where everything is totally controlled by a single CPU, where software is permitted to do anything it wants to do and time it wants to do it. Custom hardware, particularly in a physically distributed system of several independent microcontrollers, can build in some real compartmentalization into the design. This design technique tends to have some nice beneficial side-effects, because robustness, reliability, and security are sometimes made so easy to achieve that they actually occur by accident. >Do you really want someone hacking their car's engine control or ABS >system? These are embedded systems. The problem with this statement is its implied, but not stated, conclusion: because some embedded systems are safety-critical, no embedded systems should be open source. Compare that statement with this one: "Do you really want some bank teller hacking their database or telecommunications systems? These are desktop PC systems. Software for desktop PC's should therefore not be open source." Both statements are not just flawed; they're absurd. >An embedded system isn't supposed to be a computer. It is supposed to be >a widget that performs a specialized task.=20 This is becoming less and less true. Embedded systems, like all other electronics, are becoming more and more complex, with less and less marketable lifetime (which means less development and testing time). One way to solve this is to build a generic device out of commodity parts and customize or upgrade it later with software--this also leads directly to cheaper devices if the parts become sufficiently popular. The ultimate conclusion of this trend is that there will be more and more devices that don't know what their purpose in life is until seconds before they are asked to fulfill it for the first time. These devices will be everywhere. The software inside them will be everywhere. That software will begin to move around too. I already own a printer which can program a Java- and Javascript-enabled web browser to speak its proprietary UDP-based administrative command language. It's not a platform-independent printer driver or anything, but it's a tentative step in that direction. Software will be everywhere--it's therefore important that it be done right. Since we can't expect vendors to start doing real engineering any time soon (and we can't expect consumers to fork over the cash to pay for it any time soon either), it would seem that the only way to achieve quality embedded control software is to have the source code handy so that the inevitable defects can be quickly and cheaply corrected by the people who actually have to support them. I recall statements made 20 years ago, by people who believed that microcontrollers were not supposed to be used as CPU's for "real" computers. The only people who survived making that mistake were the people who got out of the way before the PC revolution destroyed most of what was the established computer industry at the time. I hope that open-source and free software advocates realize that there is an opportunity here that can neither be ignored nor avoided. >The manufacturer of a DVD >player doesn't provide a complete schematic to the buyer, why should >they be expected to provide source code? The last stand-alone stereo system I bought came with a complete schematic on the last three pages of the user manual. OK, admittedly, I bought the machine in 1988; however, I did actually use the schematic once or twice and found it was reasonably complete, although not entirely accurate. As far as I can tell, most consumer AV equipment used to come with complete schematics as a matter of course; it's only in the last ten years or so that I've noticed that the schematics are missing. Of course, the schematics are in fact still available: you just have to order the appropriate service manual from the manufacturer. I've done this once or twice, but I've more often looked over the shoulders of the occasional technician as he performed warranty service on my devices, simply because they happen to have the things lying around the office... Unfortunately, most modern systems are just a few ASIC's stuck on a board, and you usually don't get much information about the ASIC's beyond what you need to know to figure out if a misbehaving machine is cheaper to replace than to fix. I really do miss having this basic level of information available about the devices that surround me. The DVD CCA's snake-oil pseudo-cryptography that they sell to sucker customers like the MPAA would not survive in the marketplace if consumers were unwilling to accept not having access to real technical information about their devices. | ||
To: letters@lwn.net Subject: Pointless Invective (Re: BSD license (Re: letter from Anand Srivastava)) From: Ray Jones <rjones@pobox.com> Date: 19 Jun 2000 13:16:13 -0400 I'm not sure how the recent letter from John Adelsberger made it past LWN's editorial filters. It's true that BSD and GPL both have faults when viewed from the other point of view. It's useful to remember this, and be reminded that each is based on different goals. Healthy discussions of the differences can serve to enlighten and help people to choose the license that best matches their personal beliefs and goals. Unfortunately, Mr. Adelsberger's letter failed to add constructively to the dialogue. Attributing to the FSF (via the GPL) the goal of "enslaving programmers everywhere" goes a bit beyond the pale. This is obviously not even remotely true. Mr. Adelsberger also makes a spurious leap of logic, equating the products of programmers' efforts with their time, and therefore their lives, which under the GPL would be free for the taking. The fallacy here is easily seen by replacing "programmers" with "mathematicians," and "products" with "theorems." I find it interesting to consider a mathematician trying to keep others from publishing work based on his or her prior papers, and claiming that others were stealing his or her "life." Admittedly, the mathematician/theorem analogy is only that, and shouldn't be strained too far. I do feel, however, that the comparison of theorems and programs is not too far off. Certainly if you take them as similar, then the ideas espoused by the FSF and contained in the GPL become more natural. If programs (and other forms of information) are more similar to theorems than, for example, loaves of bread, then the idea of a "propertyless information age" is far less odd than the idea of an "information-as-property based age." Just because we've elevated information to a concrete form of property via national and international legislation does not necessarily mean that that this philosophy is fundamentally correct. The FSF actively opposes this trend (in my view), while the BSD seems more agnostic towards it. I heartily support discussions (even angry ones) of the relative merits and reasons for using GPL versus BSD licenses. To keep such discussions from devolving into shrill and contentless flaming, however, we should avoid the sort of baseless accusations and mischaracterizations that Mr. Adelsberger employs. Full disclosure: I tend to prefer the GPL. I've tried to write the above from a license-independent standpoint. Thouis Jones | ||