Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise
news for all interests
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page
Other LWN stuff:
Archives/search
Recent features: Here is the permanent site for this page. See also: last week's LWN.
|
Leading items and editorialsFun with the press. This last week has been a really remarkable one for awful Linux reporting. We're going to look at a few examples to show just how misrepresentations of Linux reflect a misunderstanding of what we are about, and how they can be damaging. Before we start, however, we'll put in the customary plea: if you choose to respond to the authors of any of these articles, please do so in a polite and factual manner. Flaming will just inspire more bad press in the future. See the Linux Advocacy HOWTO for practical suggestions on how to deal with the press. We'll start with the "PROLIN" virus which has been circulating. PROLIN is not a Linux story - it is, after all, just another Windows virus. The fact that it tells its victims to run Linux was enough for some to try to make it into a Linux story, though. Consider this article in Wired News: "The worm's pro-Linux message isn't a huge surprise," said Pirkka Palomaki, director of product marketing at F-Secure. "Most people who are capable of programming a virus are also Linux fans. Which is not to say that all Linux users are computer crackers." It sure was nice of them to avoid implicating all Linux users. One could actually take this quote in a positive light: people who actually know what they are doing prefer Linux. But the real intent was clearly to associate Linux with Windows viruses, which is nonsensical. Linux users who can program have no lack of cool projects that would welcome their talents; they don't have the time to write stupid stuff. Red Hat recently made it official that a Sparc version of Red Hat 7 is not forthcoming. Here's what CNet News.com had to say about that: The move parallels the gradual decline in the number of CPUs that can run Windows NT. Initially, Microsoft's higher-end operating system was intended to run on PowerPC, MIPS, Alpha and Intel CPUs, but minimal interest led Microsoft to cut back just to Intel chips. The problem here, of course, is that the number of CPUs that can run Linux is steadily increasing. Finding a distribution that supports the Sparc is not hard, even in the absence of Red Hat 7. This article is a classic example of the "Red Hat = Linux" fallacy. Linux is far bigger than any one Linux company, and it is important that people understand that. Moving on: Dell is, of course, partnering with Eazel. There are a lot of interesting things one could say about that deal, but here's what ZDNet chose to report: The deal extends the 'holy war' between GNOME and KDE (K Desktop Environment). Dell is clearly favoring the GNOME project, with Michael Massetti, Dell's software marketing director, admitting he hoped this deal would make Dell's Linux desktop offering more competitive with KDE. Very few people in the Linux community are interested in wars, holy or otherwise. Competition there most certainly is, but that's a different story. Holy wars are the creation of media outlets searching for a more compelling story. These creations present a poor image of our community, to say the least. This Upside article about Plan 9 reveals another common anti-Linux theme: In an industry where microprocessors double and quadruple their speed regularly, software seems trapped in some sort of weird development cycle reserved for electric utilities and Mexican political parties. Take a dig through the source code of most popular operating systems, from Windows 2000 to the growing crop of open source reinterpretations of Unix, and chances are you'll find artifacts of architectural and design decisions dating back to the Tet Offensive. The author is unlikely to have dug through the Linux source, much less that of Windows 2000; yet he feels qualified to pronounce on the quality of the code there. Much that is in Linux most certainly reflects a few decades of accumulated experience; it would be foolish to throw that away. Linux is also new where it counts - where better ways of doing things have been found. Those who would portray Linux as a relic of the past are showing ignorance of both the value of experience and the real nature of Linux. Finally...ZDNet tells us Beware Linux vendors that don't get it. The author was looking for a kernel patch to help defend against SYN flood attacks: My trip to the Mandrake Web site was, well, interesting. I was unable to determine if this patch is available for the Mandrake version of Linux. The site was filled with self-congratulatory rhetoric and an equal amount of anti-Microsoft propaganda, but very little in the way of technical support and not a single phone number. The "anti-Microsoft propaganda" on the Linux-Mandrake web site is rather hard to find. And those who have actually contacted MandrakeSoft know that the company tends to be very highly responsive to its users. If you want free technical support, you can certainly join one of the mailing lists and probably get your question answered. Nonetheless, this particular piece is not entirely without merit. The Linux community should work at making it easier to solve problems. Many resources are there (see, for example, the Linuxcare support database), but many things are still harder than they should be. The above is an impressive array of negative press. Such press, however, has been most notable by its absence. Windows, after all, probably sees more attacks than this on its best days. We can probably expect to see more negative press as Linux continues to gain users and mindshare. Consider it an opportunity to see and respond to the misunderstandings of Linux and free software in general. Bruce Perens moves to HP. Bruce Perens has announced that he has a new job - with Hewlett-Packard. In itself, this move is just another Linux personality making a career move. It is interesting, though, in what it indicates for the Linux business environment in general. Bruce's new job at HP will involve being an activist for Linux, both internally and externally. The internal job will be the harder one; he'll have to work to promote the spread of open source throughout the company, to get it to release more software, and in general to keep HP honest with respect to free software. HP is a huge company, and this task could keep Bruce busy for a long time. Bruce, of course, has been part of the Linux community for many years. He was an early leader of the Debian project, a founding member of the Open Source Initiative, the first leader of the Linux Standard Base project, and also the author of packages such as busybox. His contributions over the years have been numerous, even if he has managed to step on a few toes in the process. His most recent position was at the head of the Linux Capital Group, a venture firm which made investments in startup Linux companies. The Group got into the game a little late, however, and only managed to make investments in a couple of companies; the best known of those is Progeny Linux Systems. The climate in the stock market since last April has not been particularly friendly to Linux investors, and the Linux Capital Group has stopped funding new companies. With little to do there, Bruce concluded that it was time to move on to something a little more secure. The shutdown of the Linux Capital Group highlights an already well-known fact: the capital markets are currently an overtly hostile place. Not long ago, a company with a decent idea for a free software business could be almost sure of obtaining funding. Even not-so-decent ideas often got a warm reception. Many new Linux companies popped up in that era, and many of them are still with us. But it is now a much harder time to start a Linux business. Getting the money to grow beyond a handful of people is a difficult proposition. What that means is that, until the situation changes, the companies that exist now are it - don't expect to see too many new ones in the near future. What we will see, clearly, is a lot more of large, established companies like HP. Some observers have said for years that the ultimate winners in the Linux business arena will be the established computing companies. Once they wake up to Linux, their resources and mindshare will prove hard to beat. HP, by hiring Bruce, has shown that it is waking up. Many others (IBM, SGI, Dell, Compaq, Oracle, etc.) are showing increasing interest. As the Linux market develops, those companies (and others) are going to want a piece of it. Expect to see more of them trying to hire high-profile Linux hackers before too long. There is, increasingly, real money at stake. There will be real competition to go along with it. Inside this week's Linux Weekly News:
This Week's LWN was brought to you by:
|
December 7, 2000
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Security page. |
SecurityNews and EditorialsCarnivore Reviewed and Re-Reviewed. On November 17th, a draft version of a review of Carnivore, the FBI tool for monitoring Internet traffic, was made available to the public. This review was performed by members of the ITT Research Institute in Lanham, Maryland and is 127 pages long. In the Executive Summary, the review makes several recommendations for ways in which Carnivore must be improved, in order to protect individual privacy and assuage concerns about the potential for unauthorized use. Their recommendations include:In other words, they found a flawed product, which can currently be easily manipulated to gather information beyond that authorized in a court order. They believe the flaws are fixable and have made recommendations as to what needs to be done, including eventually releasing the source, but not until some glaring security problems have been fixed first. They did, however, state that they were confident that Carnivore could not be used to disrupt network traffic, either by adding packets to the network, blocking traffic, removing information, seizing control of traffic or shutting down the communications of a person, website, company or ISP. Another group of researchers, this time from several organizations, including AT&T Laboratories, the University of Pennsylvania and Purdue University CERIAS are less sanguine. "Although the IITRI study appears to represent a good-faith effort at independent review, the limited nature of the analysis described in the draft report simply cannot support a conclusion that Carnivore is correct, safe, or always consistent with legal limitations. Those who are concerned that the system produces correct evidence, represents no threat to the networks on which it is installed, or complies with the scope of court orders should not take much comfort from the analysis described in the report or its conclusions". The security of the Carnivore code itself is one issue; the draft report does not include any actual auditing of the code itself for even basic security problems such as buffer overflows. The lack of accountability from non-modifiable audit trails or logs was mentioned in the draft report, but not, they feel, given enough emphasis. Most of all, they feel strongly that the current implementation could allow just about any file on the Carnivore server to be replaced, including audit logs and the software itself. This would certainly make the potential uses of Carnivore infinite; once installed, simply upload new capabilities, use them, delete them and move on. Their concerns indicate that Carnivore, in its current form, is potentially subvertable both by law enforcement agents to use it beyond the scope of a court order and, potentially, by malicious attackers not associated with law enforcement. As a result, they push even more strongly for the release of the Carnivore code, so that its deficiencies can be addressed with the widest possible scrutiny. Of course, given an atmosphere of distrust, which all of this publicity and review process validates, Carnivore will never be trustable. Even if the code is made available, even if all the recommendations of both the official review and this unofficial commentary are implemented, who will guarantee that the code installed on a particular Carnivore has not been modified? If you don't trust the watchers, who can you trust to watch them? Perhaps the eventual consequences of Carnivore are best summed up by this suck.com article. "By demonizing the FBI (or by just sitting back and letting the FBI demonize itself), privacy advocates could go a long way towards stoking the public's interest in - and demand for - electronic privacy, including software to avoid the Bureau's prying eye". They perceive the existence of Carnivore as the necessary incentive to put easy-to-use cryptographic functionality in email and other Internet applications at the top of everyone's wish-list. Interview with Kurt Seifried of SecurityPortal.com (LinuxSecurity Brazil). Kurt Seifried, author of the Linux Administrator's Security Guide, was interviewed by LinuxSecurity Brazil this week. "Security is a process, ongoing and never ends. If you choose shoddy software that is prone to problems then administering it will be that much more difficult. You need a solid foundation to build on, this is the OS and related software. Once you have this you need to keep it up to date, modify configuration info as needed and so forth. You are only as strong as the weakest link in your entire security chain." A Portuguese language version of the interview is also available. Security Reportsptrace non-readable file vulnerability. ptrace, a system call which is used to analyze running processes, does not allow setuid or non-readable executables to be examined. Lamagra Argamal, however, pointed out that ptrace does not properly check the disk image for readability when tracing a child process. This could allow information that was assumed to be protected to be retrieved from the memory of a running process. Linux 2.2.17 through 2.2.10 is known to be vulnerable; earlier versions may also be impacted.For more information, check BugTraq ID 2044. Postaci Webmail password vulnerability. Postaci Webmail is a GPL'd software package that provides a database and platform independent web interface to mail. Michael R. Rudel pointed out that hostname, username and password variables for the MySQL database can be easily retrieved, under the default configuration. Configuration-based workarounds are available, described in both Michael's post and this followup from Stanislav Grozev.There is no indication that the author of the package has been officially notified and no response or followup to this problem was found on the website. For more information, check BugTraq ID 2029. pam_localuser buffer overflow. A buffer overflow was reported in the pam_localuser module. This module is included with the Red Hat Linux distribution, though it is not used by default.This week's updates: ezmlm-cgi potential arbitrary command execution. ezmlm-idx is a mailing list manager designed to work under qmail. ezmlm-cgi is shipped with ezmlm-idx to allow for archiving and viewing lists via the web. Instructions for installing ezmlm-cgi recommend that it be installed setuid root. This week, vort-fu reported potential problems with ezmlm-cgi, if installed setuid to a user other than root. These are derived from the fact that the software will read its configuration file from the local directory if not installed setuid root. As a result, it can be manipulated to execute arbitrary code under the uid of the ezmlm-cgi owner.Note that Frederik Lindberg, author of ezmlm-idx, posted this response contesting portions of the original report. For more information, check BugTraq ID 2053. cgi-bin scripts. The following cgi-bin scripts were reported to contain vulnerabilities:
Commercial products. The following commercial products were reported to contain vulnerabilities:
Updatesbash tmpfile vulnerability. Check last week's LWN Security Summary for the original report. This is similar to the tmpfile problems reported in /bin/sh and /bin/tcsh.This week's updates: Previous updates:
ghostscript vulnerabilities. Two vulnerabilities were reported in ghostscript last week. Both could potentially lead to elevated privileges.This week's updates: Previous updates:
joe symlink vulnerability. Check the November 23rd LWN Security Summary for the original report.This week's updates:
Two CUPS problems. Two problems were reported with CUPS, the Common Unix Printing System in our November 23rd LWN Security Summary.This week's updates:
Local root exploit problem in modutils. Check the November 16th Security Summary and Kernel Page for the original report and details. Note, however, that the updates listed below include either modutils 2.3.19 or modutils 2.3.20. As mentioned above, modutils 2.3.21 has been released with still more fixes.This week's updates:
Hostile server vulnerability in OpenSSH. Check the November 16th LWN Security Summary for details. Upgrading to 2.3.0 is recommended.This week's updates:
Netscape 4.75 buffer overflow. First spotted via this FreeBSD advisory and reported on November 9th, a buffer overflow in Netscape 4.75 enables a client-side exploit. Check the November 9th LWN Security Summary for our original report. Netscape 4.76, which was released on October 24th, fixes the problem.This week's updates: Previous updates:
tcsh symlink vulnerability. A /tmp symbolic link vulnerability was reported in tcsh on October 29th. Check BugTraq ID 1926 for more details. This week's updates: Previous updates:
ncurses buffer overflow. Check the October 12th LWN Security Summary for the initial report of this problem.This week's updates: Previous updates:
diskcheck 3.1.1 symlink vulnerability. Check the August 10th LWN Security Summary for the original report of this problem. This week's updates:
ResourcesArgante project announcement. The Argante project was announced this week, with Michal Zalewski as project leader. Argante is a virtual operating system. It is designed to run on top of Linux, BSD and other Unix operating systems, but to provide an environment where security has not been compromised in order to provide functionality. "Argante is supposed to be a system with no compromises. That is why always when in the traditional system we would face choice "security or functionality", instead of choosing one variant we concluded the choice itself is bad and created its outline from scratch or changed the model in order to reconcile our requirements with expectations." Check the Argante project website for more details. EventsUpcoming security events.
For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net. Section Editor: Liz Coolbaugh |
December 7, 2000
LWN Resources | ||||||||||||||||||||||||
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Kernel page. |
Kernel developmentThe current development kernel release is still 2.4.0-test11. The 2.4.0-test12 prepatch is up to 2.4.0-test12-pre7. This release contains the beginning of the integration of support for the HP PA-RISC architecture; it's unlikely, however, that 2.4.0 will actually have the full PA-RISC support in it. Evidently some of the PA-RISC changes reach into the generic code, and that's a bit more than Linus wants to try to put in so late in the game. There's also the usual big pile of fixes, including some IRQ tweaks that should help people with laptop problems and some changes to how exec_usermodehelper() (used to run modprobe for dynamic module loading) works. Also in the pre7 prepatch is a fix for an "embarrassing" USB error which will likely fix a lot of known USB problems and the removal of the tq_scheduler task queue (see below). The current stable kernel release is still 2.2.17. No new 2.2.18 prepatches have been released this week. The demise of tq_scheduler. The kernel is, in theory, in a code freeze preparatory to the release of 2.4.0. That does not mean, however, that fundamental changes will not happen. With 2.4.0-test11 came a new function called schedule_task. It works like the familiar task queue interface in that it allows the kernel code to "set aside" a task to be executed soon, at a time when nothing more pressing is going on. In particular, schedule_task works like the tq_scheduler task queue, in that the tasks will always be run in process context. With tq_scheduler, however, the process context used is arbitrary - it is whatever process is being scheduled out of the CPU at the moment. Running code in the context of random processes was never, perhaps, the most elegant thing to do, even if it has worked for years. So, with schedule_task, comes a new kernel thread called "keventd." Its only job is to run the scheduled tasks, so that they all run in a well-known context. 2.4.0-test12 will finish the job by removing all references to the tq_scheduler task queue. It's a far-reaching change, touching 29 files in the source tree. As such changes go, it is relatively safe, but it may well create incompatibilities with drivers and other modules that are maintained outside of the mainline kernel. And it is a surprising change to see this late in the development process. A standard interface for network interface configuration? Ivan Passos started off an interesting conversation with this posting pointing out that Linux has no standard interface for configuring many of the parameters relevant to synchronous network interfaces. These parameters include the media type (v.35, T1, whatever), link-level protocol (PPP, HDLC, ...), clock source, etc. He expressed an interest in helping to implement an interface which would make it possible to configure all interfaces in a consistent manner. It was quickly pointed out that this problem is not just limited to synchronous interfaces. Consider the choices available for the "standard" Ethernet interface:
Anybody who has had to configure more than one type of Ethernet interface in a situation where it didn't "just work" knows that there is very little consistency in how this configuration is done. Even the ifconfig media option is not implemented by all drivers. Often it comes down to a "use the source, Luke" approach to figure out just what the boot/load-time parameters for a particular driver are. Of course, designing this interface is easier said than done. It's probably a matter of designing a set of ioctl calls around each networking technology, and trying hard to be sufficiently general to catch all of the important cases. Then there is the small matter of making all of the network drivers actually support this interface. It's a daunting task, but also an important one. Expect to see somebody take a shot at it sometime in the 2.5 development series. Progeny releases nullfs. Progeny Linux Systems, as part of its NOW project, is creating a new network filesystem called "Pelican." As part of that process, the Progeny hackers have created a separate filesystem called "nullfs," which is intended to be used as a way of learning and understanding how filesystems interact with the Linux VFS layer. The first nullfs release is now available for download, and may well prove useful for others who would like to work with Linux filesystems. Essentially, nullfs will allow a suitably privileged user to mount one directory on top of another, creating an active link between the two. Operations on the mounted filesystem generate a bunch of logging information, providing a window into how the VFS is calling the nullfs operations. Some more information, including a simple session log, can be found in the README file packaged with the nullfs release. Other patches and updates released this week include:
Section Editor: Jonathan Corbet |
December 7, 2000 For other kernel news, see: Other resources: |
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Distributions page.
Lists of Distributions |
DistributionsPlease note that security updates from the various distributions are covered in the security section. News and EditorialsThe Debian new maintainer process. The Debian Project drew attention for some time by virtue of having shut down its new maintainer process entirely - it simply was not possible to become a Debian developer. The process was restarted with much fanfare last April; since then, there has been little discussion of the new maintainer process outside of the project's mailing lists. Not everybody is happy with the process, however, and the volume of the debate has been increasing recently.The process itself is anything but straightforward. As can be seen on the New Maintainers Corner page, there are several steps which must be executed before an aspiring developer can join the Debian brotherhood:
The new maintainer statistics page shows how the process is working. Over 300 applicants are in the process currently, with (as of this writing) 54 waiting to have an AM assigned, 148 in the evaluation process, 42 waiting in the final approval process, and 54 "on hold" for some reason or another. Getting through the process can take a very long time. The applicant in the processing stage for the longest time has been there for 250 days; the final approval candidate needing the most patience has been waiting for 171. There has been some grumbling that the process takes such a long time, and requires so much of the applicants. The feeling among the established developers, however, seems to be that things are well as they are. The Debian Project needs developers who are committed, reliable, in agreement with Debian's philosophy, and in it for the long haul. The long process tests a lot of things, including the applicant's determination to join the project. Making the process easier will, it is said, just result in the admission of people who will not help Debian in the long term. There is also a quite frank desire among some to keep the number of developers to a minimum. More developers means more coordination problems and more time lost to administrative overhead. The situation can probably be expected to remain much as it is, with lots of grumbling and little change. (See also: this note on how much harder things were in the early days of Debian, and this one from a current applicant who is satisfied with the process). Should I stay or should I go? (ZDNet). Evan Leibovitch takes a critical look at Corel in this ZDNet opinion piece. "Corel also hasn't maintained its Linux very well. Its first release has been out for more than a year, and to date its Web site lists a total of just one security patch. While most other distribution vendors have been scrambling to ensure that they keep up with open source patches and updates, Corel users are left to fend for themselves." BSD community learns to get along (Upside). Upside looks at the burgeoning BSD community and how it has learned to work together. "Officially, OS X would become the fifth official version of BSD, alongside FreeBSD, OpenBSD, NetBSD and BSDi. The number of versions shows the fractured nature of the community, though there are now signs that the community is learning to work together. For example, organizers of the 1999 FreeBSDcon decide to change the event's name to BSDcon giving other BSD developers, and Apple representatives, a chance to participate." Distribution ReviewsiPAQ goes to Linux-land (Brighthand). Brighthand plays with PocketLinux on the iPAQ. "The Pocket Linux image we loaded was not really a shipping product but was created specifically to demonstrate the potential of Pocket Linux at the Comdex 2000 show. So there were a number of limitations to the image, including a lack of support for the hardware buttons, no screen brightness controls, and no file manager app. But it did have some interesting features, like themes and multimedia, and we were impressed by what we saw and are now anxious to see it used in a production implementation." There are a number of nice screenshots as well. General-Purpose DistributionsConnectiva News. Conectiva has released version 6.0 of their Linux distribution. This release includes an RPM-capable apt-get, KDE 2.0 and XFree86 4.0.1. Debian News. Debian 2.2r2, an update to the "potato" release with a number of security and important bug fixes, was released this week. Dr. Dobb's Journal is carrying a story on Debian Hurd, including how its microkernel architecture differs from Linux's monolithic kernel. "A microkernel is one in which only the minimum necessary functionality is implemented in the kernel. This would include process creation and deletion, scheduling, memory management, and interrupt handling. Anything else, such as network protocol stacks and interprocess communication primitives, should be handled outside of the kernel in user space. Communication between the kernel and these extra kernel OS facilities is done by clean interfaces, unlike in a monolithic kernel, where components can see and manipulate each other in any ad hoc way they choose." An interesting note was posted to the Debian News mailing list this week. It seems that Debian is being used to manage the Microship, a networked pair of amphibian canoe-scale pedal/solar/sail micro-trimarans. Debian will be running a booth at the PLUTO meeting in Terni, Italy. The meeting is happening on December 9 to 11; Debian leader Wichert Akkerman will be there and will give a talk on the Debian package management system on December 10. Linux-Mandrake News. Cooker (the Linux-Mandrake development version) has moved to the 2.4 kernel. This move suggests, of course, that MandrakeSoft intends to base its next release on this kernel. MandrakeSoft turned two recently, and the company celebrated by hauling everybody up to Normandy for a big party. Two sets of pictures from the event have been posted: this set covers the party itself, while the other is a set of pictures of MandrakeSoft employees. The latter page is a good way to put faces with the names of people at MandrakeSoft. Spiro Linux. The word we have gotten from our readers appears to be true: the Spiro Linux distribution is no more. It is a hard time to be trying to make money off a new distribution.
SuSE News. SuSE has released a set of rpm for packages containing strong cryptography. Strong cryptography is not shipped with their international package, so these rpms were left out of the international CD-set for SuSE's S/390 distribution. OpenSSH, GNU privacy guard, SSL support, etc., is included. Trustix News. Trustix Secure Linux 1.2 has been released. It contains many new packages, and bundles some nice stuff like FreeS/Wan and iproute. As they say: "We think it is pretty stable, and would love for you to agree with us." There is also a separate announcement in press-release format available. BSD News. Another major distribution release hit the streets this week, this time of the BSD variety. OpenBSD 2.8 comes with OpenSSH and support for Apple iMac, G3, G4, and G4 Cube machines. With all the BSD news we've seen today, you'd think it was BSD day around the planet. The latest news comes from BSDi, who have announced the release of BSD/OS 4.2. Section Editor: Liz Coolbaugh |
December 7, 2000
Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Development page. |
Development projectsNews and EditorialsMark Dufour sent a note to LWN announcing the Kascade project. Kascade is an Internet search engine that is based on the Open Directory principle. With Kascade, it is possible to build decentralized collections of information. "The distributed nature and lack of central control facilities make for a system immune to company or government control, much like Gnutella and the Internet itself." Kascade uses a a mini-browser to look at directories from the net and can transfer the item of interest to a web browser. The mini-browser has a built in chat feature so that users can communicate with other people who are browsing the directory. This looks to be an interesting project, the developers are seeking contributors to help build directory structures.EducationSEUL/edu Linux In Education Report for December 4. Issue 34 of the SEUL/edu Linux In Education report has been released. Features include retrieving weather information for schools, the reappearance of KDE-EDU, and searching for the roots of words. French translation of Freeduc FAC (Ofset). The Ofset Project has announced a French Translation of the Freeduc FAQ by Guillaume Allegre. The Freeduc project is a Free Education software database. GamesLatest news from WorldForge games. The WorldForge project continues on its quest to make open-source "massively multi-player online roll playing games". The latest news from the site includes articles on collision research and rendering Variable Terrain Height in an isometric client. Embedded SystemsEmbedded Linux Newsletter - November 30th, 2000 (LinuxDevices.com). The Embedded Linux Newsletter is out for the week of November 30th. Topics include embedding Linux on the M-System DiskOnChip and a browser controlled MP3 player mini-howto. AbsoluteX X Window System toolkit (LinuxDevices). AbsoluteX is an LGPL-licensed class library for use with the X window system that was introduced at the Atlanta Linux Showcase. Linux Devices has run an article that discusses AbsoluteX. The source code is now available for download. The Embedded Linux Quick Reference Guide (LinuxDevices). LinuxDevices has published two new parts in the online series on Embedded Linux, see The Embedded Linux Overview Quick Reference Guide and The Embedded Linux Distributions Quick Reference Guide for lots of useful information on embedded Linux. InteroperabilityWine Weekly News for December 4, 2000. The December 4, 2000 issue of the Wine Weekly News is out. News includes the release of Wine-20001202 which features a new winemaker script, new DLL import mechanism, and internationalization and portability bug fixes. Mail SoftwareMailman 2.0 released. The 2.0 release of the Mailman mailing list manager has been announced. "Mailman has most of the features that people want in a mailing list management system, including built-in archiving, mail-to-news gateways, spam filters, bounce detection, digest delivery, and so on." Network ManagementOpenNMS Update. The OpenNMS update for December 5 is out. It covers the new "Testdrive" release, which is apparently aimed at inclusion in a forthcoming release from "one of the major Linux distributions." If you're curious about what's inside OpenNMS, this update is a good place to start. Office ApplicationsFree Photoshop for the people (Salon). Salon has run an article about the Berkeley eXperimental Computing Facility, where the GIMP was born. "'It's almost like it's our duty to create cool things for the world,' says Spencer Kimball, who co-wrote both the GIMP and the Unix versions of Gnutella." The article has lots of interesting trivia on the group. On the DesktopKDE 2.0.1 Available. The latest release of KDE, version 2.0.1, has hit the streets. This release is primarily a bug fix release with the goal of more complete documentation and language translations, so there were relatively few code updates. Some of those changes include:
Alpha Blending (KDE Dot News). KDE Dot News posted some screenshots of alpha-blended icons on the KDE desktop and the Konqueror web browser. The Linux desktop just keeps looking better and better. Keith Packard is also working on the addition of anti-aliased text to KDE, the code is not ready for prime time yet, but the screenshots look good. The People Behind KDE: Matthias Elter. This week's "The People Behind KDE" features an interview with Matthias Elter. Programming GNOME Applications with Perl, Part Two (Perl.com). The second part in the series on programming GNOME applications with Perl has been published on Perl.com. "When designing user interfaces, we need to consider what provides users with the most useful and intuitive view of their data, without overcrowding them. What do we need to be able to get at easily when we're using the application? There are two parts to this question: actions that we can perform, and data we can see." The Evolution of Evolution: Steady Progress (LinuxPlanet). LinuxPlanet's Michael Hall writes about his experiences with Evolution. "The last time I looked at Evolution, the hackers at Helix Code were putting it in front of the public as an actual release for the very first time. As a functioning mock-up, it showed a lot of promise, but there was no way I was letting it near my mail. Since then, we're a few preview releases down the road and it's conceivable that if you're a GNOME fan who's curious about the project, and you can put up with the rough patches Evolution will still throw at you, you could probably start using it today on at least a limited basis." ScienceJournal of Open Source Medical Computing First Call (LinuxMedNews). Linux Med News announced the existence of the Journal of Open Source Medical Computing The Journal is "an electronic forum for disseminating information on free and open source medical computing. Scholarly work on any aspect of free and open source medical computing will be considered for peer-reviewed publication." The new journal has announced its first call for papers. Web-site Developmentnew ZODB project on SourceForge. Andrew Kuchling has announced the creation of a new Zope Object Database project on SourceForge. He followed the announcement up with this note that describes some recent changes to the code. Feasting on life with veteran programmer Ken Manheimer (NewsForge). NewsForge takes a look at Ken Manheimer, who is currently working for Digital Creations. "Like most, he started with BASIC and FORTRAN and since has: Worked with LISP, contributed to emacs (including incorporating icomplete.el and allout.el), studied Scheme, researched and developed Knowbot, resurrected Mailman after the original was decimated in a systems crash, contributed to and administered Python, enhanced ZWiki, a Zope-based Wiki clone, and so far, while at Digital Creations, has developed an issue tracking system for Zope which passed the first round at the Software Carpentry Competition (had to withdraw after that because of lack of time). " Section Editor: Forrest Cook |
December 7, 2000
|
|
Programming LanguagesCThe future according to Dennis Ritchie (LinuxWorld). LinuxWorld has run an interview of Dennis Ritchie, one of the creators of C and Unix. "What is changing is that higher-level languages are becoming much more important as the number of computer-involved people increases. Things that began as neat but small tools, like Perl or Python, say, are suddenly more central in the whole scheme of things. The kind of programming that C provides will probably remain similar absolutely or slowly decline in usage, but relatively, JavaScript or its variants, or XML, will continue to become more central." ERLANGErlang patch release R7B-1 is out. Patch release R7B-1 of ERLANG has been released. See the readme for details, the source can be downloaded here. PerlPerl5-porters for December 4, 2000. The December 4, 2000 issue of Perl5-porters is out. This edition covers regression testing, regular expression bugs, PerlIO news, and Dodgy Function Names, as well as other topics. Perl Module Advent Calendar. See the Perl Module Advent Calendar to get a new Perl module each day in December through Christmas day. Now we have proof that Perl hackers are truly religious about their favorite language. Beginner's Introduction to Perl (perl.com). Doug Sheppard has published the second and third articles in his Beginner's Introduction to Perl series on perl.com. If you have not seen it yet, you may want to start with the first article in the series. PythonPython-dev summary. Here is A.M. Kuchling's Python-dev summary for November 16-30. It covers the need (or lack thereof) for Python standards and a few other development topics. Dr Dobb's Python-URL!. The December 4, 2000 issue of the Dr. Dobb's Python-URL! is out. Among other things, dealing with Linux sound in Python is discussed. Wiki Python (Python News). O'Reilly's Python News has an article by Stephen Figgins on various Python Wiki programs. Wikis are web sites which are built up from user contributions. The article gives a good overview of the various Wiki projects that are being developed. SmalltalkMaking Smalltalk (Linux Gazette). In a recent article on Linux Gazette, Jason Steffler discusses Smalltalk and object-oriented programming in general. Section Editor: Forrest Cook |
Language Links Caml Caml Hump Tiny COBOL Erlang g95 Fortran Gnu Compiler Collection (GCC) Gnu Compiler for the Java Language (GCJ) Guile Haskell IBM Java Zone Jython Free the X3J Thirteen (Lisp) Use Perl O'Reilly's perl.com Dr. Dobbs' Perl PHP PHP Weekly Summary Daily Python-URL Python.org Python.faqts Python Eggs Ruby Ruby Garden MIT Scheme Schemers Squeak Smalltalk Why Smalltalk Tcl Developer Xchange Tcl-tk.net O'Reilly's XML.com Regular Expressions |
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Commerce page. |
Linux and BusinessMandrakeSoft up, Red Hat ... up too?. Here in the land of fuzzy math, we've noticed that both MandrakeSoft and Red Hat grew their respective market shares this week, albeit in different parts of the planet. According to a BCN Market View survey of 316 outlets for computer retail sales companies in Japan, Red Hat Linux 7 sales represented 40% of all Linux sales in that country. The BCN survey is conducted yearly, but Red Hat Linux 7 has only been available in Japan since October. Does this mean, at this rate, that Red Hat would have nearly total market penetration after a full year of sales? Or is this representative of only a spike in sales for a specific product and that, over the year, that spike would level out and more realistic figures would show some other distribution (TurboLinux, perhaps) as the market leader in Japan? In the US, according to a press release from MandrakeSoft, Linux-Mandrake has edged ahead of Red Hat in retail sales from January through September 2000:
While numbers like this are great for businesses, they do little for the consumer. Any set of numbers can be cooked to look just right, especially if taken out of context or applied without sufficient supporting information. Despite this apparent lack of meaning, these numbers do show us the one thing we really care about - no one distribution is in control of the Linux market place. Sun releases Solaris 8 source. Sun Microsystems has released the source code for Solaris 8 for download. The license, of course, is not free software, and Sun will not let you near the source until you have faxed in a signed agreement. It is available free of charge, though, for those who agree to the terms. It would be well to keep in mind the possible troubles that could arise from access to the Solaris source, since it can not be integrated into Linux. See The Solaris Trap for LWN's thoughts on that issue back in 1999. Announcement of Eazel/Dell partnership. Here is the press release confirming the deal between Dell and Eazel. As expected, Dell will be shipping Eazel's environment on its desktop and notebook systems. Dell will also be including Eazel's software update ("Software Catalog") and "Online Storage" services. There is also an (undisclosed) equity investment in Eazel from Dell Ventures. SuSE Linux Announces Strategic Partnership With SGI. SGI and SuSE have announced a strategic partnership. As part of the agreement, SGI has taken an equity investment in SuSE. Lutris, Motorola in development deal for Java phones (ZDNet). ZDnet is reporting that Lutis and Motorola will sign a deal on Monday relating to Java-based phones. "The deal will integrate Lutris' Enhydra application server, which is open source, with Motorola's iDEN handsets, expected to be the first phones compliant with Sun Microsystems Inc.'s Java 2 Micro Edition." Telia goes for Linux on the S/390. According to Reuters, Telia, the Swedish telecom and Internet service provider, is replacing 70 Sun Microsystems servers with one IBM mainframe computer running Linux. Mountain View Data launches Intermezzo file system. Mountain View Data, the company started by Peter Braam and Turbolinux founders Cliff and Iris Miller, has announced the availability of the beta 1.0 release of the InterMezzo high availability filesystem. VA Linux launches 'SourceForge OnSite'. VA Linux Systems has come up with a way of making money off SourceForge. Essentially, for an ongoing fee, the company will deploy a small SourceForge-like system at a customer's site, to be used for internal collaborative development. It's essentially a software development environment appliance. Agilent Technologies is an initial customer. Terra Soft Ships Portable PowerPC Linux Cluster. Terra Soft has announced the availability of the "iDitarod," a portable, PowerPC-based cluster system. At 150 pounds, it's not quite in the laptop class, but a dedicated group of people could indeed move it around. We also have a picture of this cluster; it is a cute package. CodeWeavers Launches Developer Web Site For Wine Project. CodeWeavers, a Windows-to-Linux software company, has introduced a new web site for Wine developers. This site is a development site providing tools, information, and other resources for programmers involved with the commercial-quality version of Wine. VMware Announces Preferred Hardware Partner Program. VMWare announced its Preferred Hardware Partner Program this week. Founding partners in the program include Compaq, Dell, IBM and VA Linux. VMWare also announced its Professional Services Organization (PSO), which includes customer support, education and consulting services. Letter from the Chairman and the CEO of EBIZ. EBIZ has released a letter to its shareholders telling them about how things are going to be better in the future. It covers the LinuxMall and Jones Business Systems acquisitions, investments from Caldera, and more. "With the recent purchase of SCO UNIX by Caldera Systems Inc., a major Linux software company, many of those UNIX VARs see Linux as the natural migration path for their business. The EBIZ acquisition of JBSi turns that migration path into a superhighway and will dramatically increase the number of VARs providing Linux solutions." China Netcom Makes Long Term Commitment to Adopt Bluepoint Linux. Bluepoint Linux Software Corp. announced the signing of an agreement with China Netcom, one of the largest telecommunications companies in China. China Netcom is owned by the Chinese Academy of Sciences, the State Administration of Radio, Film & TV, the China Ministry of Railroad, and the Shanghai City Government. According to the agreement, China Netcom will use Bluepoint Linux Operating System on its servers nationwide. Sun Microsystems Announces Early Access To Java Technologies for XML. Sun Microsystems announced the early access availability of two Java technology API's for the Extensible Markup Language (XML): the Java API for XML Messaging (JAXM) and the Java API for XML Parsing (JAXP). Both APIs are downloadable free of charge through Sun's Java Developer Connection Connection at http://java.sun.com/jdc/. Wing IDE For Python. Archaeopteryx Software, Inc. announced the release of version 1.0 of its integrated development environment, Wing IDE, for Python. The proprietary package includes a graphical debugger, code browser, source code editor, and a project manager. Multicast Technologies Releases Multicast Player. Multicast Technologies, Inc., has released the MCT Player, a multicast MP3 player. The MCT Player is available for Linux as a free download from the company's audio station. Press Releases:Open Source ProductsUnless specified, license is unverified.
Commercial Products for Linux
Products and Services Using Linux
Products with Linux Versions
Java Products
Books and Training
Partnerships
Investments and Acquisitions
Financial Results, Stock News
Personnel
Linux At Work
Other
Section Editor: Michael J. Hammel. |
December 7, 2000
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Linux in the news page. |
Linux in the newsRecommended ReadingResearchers Say Independent Review Of Carnivore Flawed (Newsbytes). According to a Newsbytes story, a team of researchers and academicians has deconstructed the findings of an independent review team charged with evaluating the FBI's e-mail surveillance tool "Carnivore," saying the team's findings gloss over some serious legal and technical concerns. Open source policy (Business 2.0). Business 2.0 asks whether a net-oriented company can run completely on open source software. "Most key enterprise-class components such as database software and transaction processing tools remain proprietary products. Even with the January release of Borland/ Inprise's InterBase database to the open source community, there has not been an open source kernel available for long enough-nor a developers' community large enough, such as the one Linux enjoys-to create a full-featured product to handle online business needs. Still, the March release of the Enhydra application server brings businesses one step closer." Inside The KLAT2 Supercomputer (Ars Technica). Ars Technica is carrying a detailed article on the KLAT2 Beowulf cluster, with an emphasis on its networking design. "In the end, we didn't design KLAT2's Flat Network Neighborhood. Instead, we built a genetic search algorithm (GA) that does it for us. In fact, it not only finds solutions to the aforementioned interconnect problem, but it optimizes the solutions so that the additional bandwidth is placed where it will improve the most important communication patterns." Linux Gazette issue #60. The December 2000 issue of the Linux Gazette has been posted. Articles of interesting include a report on the Super Computing 2000 show, a review of Heroes of Might and Magic III, and using GnuPG. Copyright Act Faces Big Test (Wired). Wired News reports on the upcoming review of the Digital Millennium Copyright Act. "When music is streamed, webcasters are required to pay a performance royalty. In order to generate smooth playback of incoming streams, computers temporarily store some of the data in memory in a RAM buffer. Music publishers have stated that the data in this buffer should be considered a physical creation that would require webcasters to pay a mechanical royalty, similar to what they pay for downloads or CDs." CompaniesStartup unveils tiny `Linux-like' OS for Internet appliances (LinuxDevices.com). According to a LinuxDevices.com news story, DSPsoft Inc. (Sunnyvale, CA) has unveiled UnixCE, a small footprint `Linux-like' operating system for resource constrained Internet appliances and mobile devices. Dell fumbles open source desktop gambit (The Register). The Register is not impressed with Dell's investment in Eazel. "Call us cynical, but the choice of Gnome/Nautilus is what you'd expect if you dragged a trainee PR intern off the street, and threatened to hit them with a rock until they came up with two leading open source names. This really is strategy dictated by short-haul in-flight magazines." Linux looming large for Big Blue (ZDNet). ZDNet reports from IBM's internal Linux summit. "'Initiatives that allow (Linux) to effectively host 100 million mailboxes and run huge backbones for mail systems are exciting for us,' said Greg Olson, co-founder and chairman of Sendmail Inc., in Emeryville, Calif. Sendmail uses an IBM Linux mainframe for development and runs a host of Linux servers." Commentary: Hewlett-Packard takes out Linux insurance (News.com). News.com is carrying a cynical pronouncement from the Meta Group on the hiring of Bruce Perens by HP. "Hewlett-Packard is taking out cheap insurance with its hiring of open-source advocate Bruce Perens, just in case Linux becomes more of a force in the marketplace than anyone expects. Users negotiating with HP can use this new commitment to Linux as a ploy in negotiations, but they should not expect HP to develop Linux into a replacement for HP-UX." HP hires Linux luminary (News.com). Here is a News.com article, on Bruce Perens' new job at HP. "Perens took the job after deciding his previous endeavor, the Linux Venture Group, didn't have a future. 'The stock market is just not the place to be right now,' he said." Red Hat closes trio of offices, lays off 20 (News.com). News.com covers the latest layoffs at Red Hat. "Red Hat laid off personnel doing duplicate work, said spokeswoman Melissa London. 'Nine acquisitions in the past year created a lot of redundancies,' she said. The company now has 550 employees, she said." Red Hat Closing S.F. Office (Wired). Wired News reports on the closing of Red Hat's San Francisco office. "Although Red Hat continues to use the Web for distribution and support, several sources within the company say that management has continually changed plans or has badly bungled implementation of its online strategy." Koreans claim world's first Linux-enabled cellphone (LinuxDevices.com). Two Korean companies, PalmPalm Technology and SK Telecom, along with the Seoul National University have put Linux into a CDMA phone system. "The device, which contains an Embedded Linux operating system, combines smart phone and PDA functionality within a compact handheld device, and offers multimedia capabilities that include animation, MP3, and video communication. Based on its built-in Bluetooth wireless interface, users can even play network games between devices." BusinessDid Netscape jump the gun with new browser? (News.com). C|Net News.com ponders whether Netscape released their 6.0 browser a bit too early. "Some supporters say problems with the release indicate that Netscape should have waited until its open-source group, Mozilla.org, released its own version 1.0 browser, which isn't due for another five months." Cash Registers Are Ringing Up Sales With Linux (TechWeb). Linux deployments abound in this story from TechWeb. "But that's changing. In January, Musicland Stores Corp., the Minnetonka, Minn., company that owns Sam Goody, will start installing new Linux- and Java-based cash registers from IBM." ReplayTV's downturn doesn't faze TiVo chief (News.com). The future of TiVo and its Linux-based recorders is questioned in this article from C|Net's News.com. "Eventually, Ramsay also sees TiVo taking on the roll of real estate broker for a hard drive that could provide numerous services throughout the living room. For example, TiVo could partner with video game or music companies that could use the extra disk space to distribute their content over TiVo's Linux-based platform." No Safe Harbor for Microsoft (TechWeb). IBM has aimed its big guns directly at Microsoft, according to this Network Computing article. And it's using Linux for the bullets. "And as it happens, these dedicated servers are best configured with Linux. Actually, the servers priced at less than $1,000 don't include an OS, but IBM has stated it will charge the MSRP for an installation of either Linux or Windows 2000. Given the price-conscious nature of this sector, Linux would be the odds-on favorite, since it typically costs no more than a fifth the price of Windows 2000." Pepperoni, Extra Cheese, And Linux (TechWeb). Information Week gives us this Linux success story, where pizza-related restaurants are now serving penguin. `Even more important, though, says Ken Hoogstraal, Donato's director of restaurant technology, was Linux' resiliency. Under the old system, a power outage that took out a store server often meant two to three hours of downtime to rebuild the system. "That's time we're not taking orders," Hoogstraal says. "If it happens on a Friday or Saturday night, it could really put the restaurant in a tailspin." The Linux systems seem to come back up much more reliably after an unplanned outage.' ResourcesLinux Power Tuning (TechWeb). Here's a how-to article on Linux performance tuning on TechWeb. "There is one value you should consider disabling: 'TCP Timestamps.' According to the TCP/IP specification, time-stamping is optional, so turning it off will not break interoperability. Time stamps are intended to provide round-trip timing of packets to enable congestion control algorithms. They aren't needed if the majority of your network connections come from high-speed, non-congested local networks." Device Profile: VTech Helio PDA (LinuxDevices.com). LinuxDevices published its latest device profile this week: the VTech Helio PDA. "Not surprisingly, in light of intense competition from the growing number of PDAs that run PalmOS, Windows CE (Pocket PC), or Embedded Linux, VTech has lately begun to express a strong interest in supporting an alternative, more "open" OS. Accordingly, two variants of Embedded Linux are currently being brought up on the device." DIY embedded Linux mp3 stereo (ZDNet). A mini-Howto for experienced developers from ZDNet shows how to build an mp3 player appliance on Embedded Linux. "Its embedded software (kernel, utilities, and application) image is small enough to fit on a floppy, so you could easily install it in a DiskOnChip Flash device within a compact, appliance-like system. You control the resulting MP3 player using a web browser on a separate computer." Keep Tux Safe (ZDNet). Keeping Linux safe is mostly a matter of diligence, according to a ZDNet article on Linux security. "Until someone designs an operating system that reads minds, security will depend on diligent configuration and administration, no matter what OS software you use. Your Linux machine can be extremely secure, but it's not going to get there on its own." ReviewsLinux 2.4 kernel (ZDNet). Here is a short take on what is in the upcoming 2.4 kernel, ZDNet style. "The Linux 2.4 kernel development process has focused on improving performance on larger machines and building in support for new hardware options such as Universal Serial Bus and architectures such as Intel Corp.'s 64-bit Itanium and IBM's S/390." Caldera Edges Linux Closer To Enterprise With Volution (TechWeb). Network Computing takes Caldera's network management package, Volution, for a test drive. "If Volution reaches its natural conclusion, Linux systems will ship with Volution clients pre-installed. When systems reach their final destinations, they will simply need to be powered on to find a workstation-creation daemon to connect them with a data repository. However, this beta version of Volution shows it has a long way to go to reach the maturity of ZENworks and eDirectory, and it lags behind Active Directory policies and profiles as well." Blender 2.0 - The gameBlender (LinuxLookup). A short review and not very detailed (for such a sophisticated application), LinuxLookup has posted a review of NaN's Blender 2.0, aka gameBlender. "For as great as Blender sounds, it also has its negative attributes. For instance there is definitely a steep learning curve that one has to overcome if the plan is doing anything more than rendering a ball on a plane. There is no free documentation to help you get by. You can purchase a users manual for about $40 US, and tutorial guides for about $20 US a pop." Darwin Continues Open Source Evolution (LinuxNews.com). Another look at Mac OS X, aka Darwin, and its BSD roots, this time from LinuxNews.com. `According to Prabhakar, the BSD community has been a great asset to Apple in producing quality software throughout the history of their long partnership. "Having the BSD community welcome us, and having key people like [FreeBSD's] Jordan Hubbard, who's written articles that are extremely valuable, and the number of people who've spent ungodly amounts of time finding and fixing bugs in Darwin that were useful but not a top priority for us at Apple, is of enormous benefit to customers," Prabhakar said.' InterviewsGreg Haerr on the past, present, and future of Microwindows (LinuxDevices.com). LinuxDevices.com interviews the founder of the Microwindows project and current CEO of Century Software, Greg Haerr. "especially in the graphical area in which I'm focused, software developers and systems architects want to leverage the tremendous success that has occurred on the desktop to more portable devices. There's no need to reinvent the wheel when so many applications that have propelled the desktop forward can now be used to enable wireless handheld computing." Miscellaneous.comment: Making Money on Free Software? (LinuxPlanet). Here's a wandering editorial on LinuxPlanet on whether it's possible to make money from free software. "But I think that the Linux companies, at least some of them, have a better than even chance of succeeding despite the potholes and barricades. Here's why: They're committed to making it work. They're hard-working. Though some of them were maybe a little profligate after the injections of money, either by venture capitalists or IPOs, I don't think any has an immutable corporate philosophy of reality denial. They'll adapt." Linux in Polish parliament (Linux News Poland). The Polish Parliament has installed 100 Linux-based X-terminals in its offices. Marek Pokulniewicz, the main computer specialist in the Polish Parliament, has provided a write up and some pictures of the setup. Mike Muuss, author of `ping', killed in car accident. According to stories in Salon.com and The Register, Mike Muuss, author of the standard Unix utility ping, was killed in a car accident last Monday night. "The Unix community is mourning its loss, and not just because by all accounts Mike Muuss was a real nice guy and the software he donated to the public was incredibly useful." The Case For Open Source (TechWeb). President and CEO Bill Portelli of CollabNet gives his perspective on why open source is the right way in this Information Week editorial. "With open-source development, companies and users bypass these delays. Using the Internet to facilitate source-code release, companies such as Hewlett-Packard, IBM, Intel, and Sun Microsystems are gaining competitive advantages, generating long-term revenue and increasing market share." Why I use OpenBSD (ZDNet). Security is the main reason behind one man's choice of OpenBSD for his network infrastructure in this ZDNet article. "OpenBSD's claim to fame is its focus on integrated security and cryptography. To this end, the OpenBSD developers spend a substantial amount of their time auditing the core OS source in an effort to find and fix bugs with security ramifications before they're actually exploited." A platform of a different color (TechWeb). TechWeb reviews the Cobalt Qube3. "We won't say that it's the equal of NetWare, Unix or Windows platforms, but the Linux-based Qube 3 is turning into an attractive powerhouse of its own." Section Editor: Rebecca Sobol |
December 7, 2000 |
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Announcements page. |
AnnouncementsResourcesTip Of The Week: Title Your Terminal (Part 2). If you have ever wanted to customize the title bar on your terminal windows, see the Tip Of the Week from LinuxLookup. EventsDecember/January/February events.
Additional events can be found in the LWN Event Calendar. Event submissions should be sent to lwn@lwn.net in a plain text format. Web sitesdeepLINUX is now PORTABLE!. The deepLINUX portal has announced a WAP enabled website that allows you to view the site with your cell phone or PDA. User Group NewsLane Community College Open Source Computer Group. The LCC Open Source Computer Group has recently been formed at Lane Community College in Eugene, Oregon. The group's mission is to create an open source community at LCC. LUG Events: December 6, 2000 - January 31, 2001.
Additional events can be found in the LWN Event Calendar. Event submissions should be sent to lwn@lwn.net in a plain text format. |
December 7, 2000 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Software AnnouncementsHere are this week's Freshmeat software announcements. Freshmeat now offers the announcements sorted in two different ways: |
Our software announcements are provided courtesy of FreshMeat
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Back page page. |
Linux Links of the WeekThe Open Source Developers Exchange is meant to be a rallying point for open source developers and their projects. Projects can be registered with an indication of the sort of help they would like to have, and developers can link up with those that are appealing. Still lacking a decent Linux implementation is IMPS - the Infinite Monkey Protocol Suite. Certainly we could make good use of it over here at LWN... Section Editor: Jon Corbet |
December 7, 2000 |
|
This week in historyTwo years ago (December 10, 1998 LWN): IBM released its "Jikes" Java compiler under an almost-open-source license. The first DB2 beta was also put up for free download. Sun announced its support for Linux on the Sparc, SGI announced support for Samba, and joined Linux International as well. Linus Torvalds was a guest of honor in the Finnish Presidential Palace for the Independence Day celebration. This photo of Linus and Tove is still available online. ZDNet shows us that some things never change... Linux is awesome in many ways, but no matter how you slice it, it's still basically an evolved port of a 20+ year-old operating system, and with that age comes a certain amount of baggage. Linux may be far more efficient than Windows, but it still carries the past on its shoulders, and (more importantly) lacks many of the futuristic technologies built into BeOS from the start.
One year ago (December 9, 1999 LWN): Andover.Net went public on December 8, at an initial price of $18 per share; it quickly rose to $63. When the December 9 LWN hit the press, the VA Linux Systems IPO was still looming; check this space next week if you don't know what happened. Sometime later this week, another Linux-related company, called VA Linux Systems, will go public under the ticker symbol LNUX. It will probably double or triple in price while market pundits criticize it for being another overhyped IPO.
Both Cosource.com and SourceXchange officially launched. One year later, both are still at it. Corel found itself at the center of a controversy again when it refused to allow minors to download its distribution. Sun announced the release of Java 2 for Linux. The announcement contained no mention of the Blackdown Linux team, which actually did most of the work with this release. KDevelop 1.0 was released. The XFree86 team announced that XFree86 4.0 would not be out before the end of the year. Red Hat announced more deals with Dell, including one in which Dell systems would come with 90 days of Red Hat support - which replaced the Linuxcare support that Dell was offering before. O'Reilly, meanwhile, launched the O'Reilly Network. | |
|
Letters to the editorLetters to the editor should be sent to letters@lwn.net. Preference will be given to letters which are short, to the point, and well written. If you want your email address "anti-spammed" in some way please be sure to let us know. We do not have a policy against anonymous letters, but we will be reluctant to include them. | |
To: letters@lwn.net Subject: About FrameMaker From: Damien WYART <wyart@iie.cnam.fr> Date: 30 Nov 2000 11:04:10 +0100 Dear LWN editors, First of all, thanks for your excellent job on Linux news. Your column about FrameMaker for Linux is very interesting. But I think you forgot to mention (La)TeX as an excellent tool to produce long documents. Of course, there is no advertising on (La)TeX, so people who use it have often heard of it by some friend or colleague. Many users are to be found in universities or research labs. There are nice Emacs and vim mode availables for editing (La)TeX documents, and even the basic document styles give quite nice results. And best of all, it is free software (except for some advanced 3rd party packages). And ease of use and installation have been really improved with Sebastian Rahtz's TeXLive distribution. Support for (La)TeX is really good : many documents float around on the WWW, many books are available, and newsgroups are very active and helpful. (La)TeX is very reliable : TeX kernel is believed to have no remaining bug, and has been existing for more than 20 years ! There is a third way between dead FrameMaker and traditional (often proprietary) word processors. I think this is worth telling it. No, using (La)TeX is not so hard ! Yes, using it to write other documents than scientific articles is common ! Even letters are nicely formatted by LaTeX. Best regards, -- Damien WYART / wyart@iie.cnam.fr | ||
Date: Sat, 02 Dec 2000 17:47:31 +0100 From: Fred Mobach <fred@mobach.nl> To: lwn@lwn.net Subject: Adobe and FrameMaker Hello, Surprising that this Linux Weekly News starts with a _not so_ interesting story on this closed source application ;-). Typesetting is not my forth or interest and so my interest in FrameMaker is just zero. Just two general remarks on this subject. First, it might be possible that the interested GNU/Linux users recognise the fact that there exists more powerful tools for this kind of a job than just the expensive FrameMaker, although not really expensive for those who are professionally working with this tool. They might also have noticed that their preferred tools are Free Software. Second, they might have noticed that their data is kept hostage because of the not-open format in which their data is stored. I do not object commercial software on my preferred platforms but I do object the storage of my data in an undocumented format. Regards, Fred -- Fred Mobach - fred@mobach.nl - postmaster@mobach.nl Systemhouse Mobach bv - The Netherlands - since 1976 /"\ \ / X ASCII RIBBON CAMPAIGN / \ AGAINST HTML MAIL | ||
Date: Tue, 05 Dec 2000 12:35:35 +0200 From: Michel Clasquin <clasqm@mweb.co.za> Subject: Word processing formats To: letters@lwn.net on Sat, 25 Nov 2000, Julio Cesar Gazquez wrote: "Unfortunately, the world never knew an open, well defined, free word processor ...file format." If you have been around long enough, you might remember XyWrite and its offspring Nota Bene. The file format was in plain ASCII - you can hardly get more open than that - yet there was very little you couldn't do with it. The contemporary equivalent would probably be TeX/LaTeX or XML. It's a pity that the XyWrite format didn't catch on: if necessary, you could write a fully formatted file with footnotes, indents, even graphics,, with nothing more than DOS's EDIT. You could even have used COPY CON if you felt the need to show off your manhood, and for the true masochist there was, may the gods help us, EDLIN. Of course most of us just used the XyWrite program itself: even its macros were saved in plain ole ASCII and could be hand-edited outside the program. Unfortunately XyWrite jumped on the Windows/WYSIWYG bandwagon too late, and its file format died with it. But even today a lot of Windows wp apps can still read and write the XyWrite format. A "Save as XYW" function might not be a bad option to take for Linux wp programmers looking for cross-platform usability. In particular, translating between TeX or XML and a subset of XYW should be a fairly trivial exercise. | ||
Date: Thu, 30 Nov 2000 02:19:51 -0600 (CST) From: Mike Coleman <mcoleman2@kc.rr.com> To: letters@lwn.net Subject: Re: Linux and Viruses Linux may be relatively immune from viruses of the sort now common on the Windows platform, but as you say, it doesn't necessarily follow that we should smugly assume that Linux is immune in general. If you're not at least a little worried about this problem, you might want to take a look at the SUBTERFUGUE project motivation document at http://subterfugue.org/motivation.html for some thoughts on why you *should* be. Mike Coleman | ||
Date: Thu, 30 Nov 2000 10:05:58 -0500 From: "Jay R. Ashworth" <jra@baylink.com> To: letters@lwn.net Subject: Universal RPMs. In last week's LWN, you editorialized a bit on the topic of whether RPM packages could be installed on multiple distributions, and what distribution maintainers ought to be doing to make that easier. Cart? That thing behind you is a 'horse'. The problem is that the installation of a package is a point in system administration that is *very* dependent on an undocumented system API called the "installation interface"; that is, packages which need to be installed need to know *a lot*, in many cases, about the distribution on which they're being installed, in order to put files in the expected places, set up boot-time start and cron entries, and many other similar activities. This is just another place in Unix where the API is loose, and this particular one is where the Linux Standard Base people and the Filesystem Standard project are trying to make things a bit easier. The distro maintainers could make things a bit easier, too, by better documenting what they *do* have, and there are other things which could help, too; I'll pick one particular nail to hammer on. The files on a Red hat distribution (among others) in the /etc/rc.d/init.d directory constitute a sort of "service manager interface", in conjunction with SysVinit, they're one of the few ideas stolen from NT that I like. But, while many Linux distributions provide the "chkconfig" command for setting services in this directory to be enabled or disabled in specific runlevels, that command doesn't provide a user interface for turning something on or off, or restarting it, *right now*. I created my on, called svc: /etc/rc.d/init.d/$1 $2 Real complicated, right? People do that all the time, right? So why hasn't RH already added that to the distro? In general, anytime that part of an installation involves "put this file in the right place" or "change this [parameter in] this system control file (inittab)", there should probably be a program that does the work, the call to which can be standardized across systems, and the underlying actions can be specific to a distribution. The unifying of installation packages is a laudable goal indeed. But let's put the *effort* in the right place, shall we? Cheers, -- jra -- Jay R. Ashworth jra@baylink.com Member of the Technical Staff Baylink The Suncoast Freenet The Things I Think Tampa Bay, Florida http://baylink.pitas.com +1 727 804 5015 | ||
From: Richard Simpson <rsimpson@ewrcsdra.demon.co.uk> To: letters@lwn.net Subject: RPM compatibility across distributions Date: Thu, 30 Nov 2000 12:06:19 +0000 In your last issue you discussed the problems of having multiple package formats. But it would be a good start if distributions could even agree on the base names for packages. IMHO SuSE is the main culprit here, although the others could also get a grip. As an example, the documentation for python: RedHat 7.0 python-docs-1.5.2-27 Mandrake 7.2 python-docs-1.5.2-12mdk OpenLinux python-doc-1.5.2-1 SuSE 6.4 pyth_doc-1.5.2-118 Apart from 'docs' and 'doc', SuSE is seriously hampered by limiting RPM names to 8 characters. Why do they do this? I tried SuSE for a while, but constant rpm name conflicts finally drove me away. They also don't append the version number to the file name, so if I try to download several versions of a package (e.g. to try and resolve a problem) they will all be called foo_bar.rpm (even the Alpha ones!!). I propose that distributions try to select a common base name (NOT limited to 8 characters, this isn't DOS) and append an abbreviation to the final release number. So we could have foo_bar-1.2.3-4mdk, foo_bar-1.2.3-4rh, foo_bar-1.2.3-4suse etc. There would be no danger of two different distributions producing different files with the same name and package dependency checks would work better. I agree that this does not solve the rpm/deb/tgz/etc problem, but at least it is an improvement on where we stand today. Richard Simpson -- ---------------------------------------------------------------------------- Richard Simpson Farnborough, Hants, Uk Fax: 01252 392976 rsimpson@ewrcsdra.demon.co.uk | ||
Date: Fri, 1 Dec 2000 09:10:01 +0000 From: Philip Armstrong <phil@kantaka.co.uk> To: letters@lwn.net Subject: Re: Linux Package Management Needs a Wakeup Call, LWN 01Dec2000 You write: "Meanwhile, the true winner will likely be the first distribution that can handle both rpm and .deb files." This is already possible through the alien package under Debian. However, I think your article (and the original that you reference) misses the fundamental reason for the packaging incompatabilities, and why they are never going to be resolved. This is because what counts is not the packaging format itself, but the policies each distribution decides on for things like the placement of configuration files, dependency handling and so on. It is the establishment of consistent packaging policies that defines the quality of a given distribution, and it is the mismatch between the different policies decided on by each of the distributions that makes it difficult to install packages from 'alien' distributions cleanly. For instance a RedHat vim package is never going to be aware of the need to update the /etc/alternatives directory on a Debian system if necessary. Things like the LSB allow minimal compatability to be achieved in regards things like the location of files, but no more. In the end, the existence of an .rpm or .deb suffix on a package is irrelevant. What matters is who has packaged it and for which distribution. Yours, Phil Armstrong -- http://www.kantaka.co.uk/ .oOo. public key: http://www.kantaka.co.uk/gpg.txt | ||
From: Ronald Cole <ronald@forte-intl.com> Date: Thu, 30 Nov 2000 14:40:55 -0800 (PST) To: letters@lwn.net Subject: static initializers In my copy of K&&R2, section 4.9 says: "In the absence of explicit initialization, external and static variables are guaranteed to be initialized to zero". So how about a compromise? Since the redundancy just amounts to documentation, why not do this: static int some_variable /* = 0 */; -- Forte International, P.O. Box 1412, Ridgecrest, CA 93556-1412 Ronald Cole <ronald@forte-intl.com> Phone: (760) 499-9142 President, CEO Fax: (760) 499-9152 My GPG fingerprint: C3AF 4BE9 BEA6 F1C2 B084 4A88 8851 E6C8 69E3 B00B | ||
Date: Fri, 01 Dec 2000 13:02:18 +0000 From: Thomas Sippel - Dau <t.sippel-dau@ic.ac.uk> To: letters@lwn.net, t.sippel-dau@ic.ac.uk Subject: Elevator algorithms Hello, I saw with interest your discussion of elevator algorithms, and the result of your tests. My conclusion is that the notion of elevator algorithms deserves - well, a shot between the eyes, at least as far as operating system kernels are concerned. There is nothing wrong with the original anlysis, of course. It is no good wasitng time moving disk arms around and doing very little. What is not appreciated, however, is that sorting is mostly a martingale: suppose s1 .. sn are sorting algorithms, X is a set of objects, and S1 .. Sn is the sequencing of the objects in X after they have been sorted by algorithm si, i = 1..n. Thus, for all i, (X, Si) = si ( X ) Now a property of sorting is that for any choice of sorts i1 to im si1 ( si2 ( ... ( sim ( X ) ) ... ) ) = si1 ( X ) = (X, Si1) Thus there is no point wasting time on sorting if the data is sorted again later on. This is for idealised sorting algorithms, which can always establish a definite sequencing between two objects - no need for secondary keys etc. However, this is exactly what is happening, whether the kernel sorts I/O request by block number (or cylinder address) is mostly irrelevant, the disk has a cache and will sort it again, using - yes, an elevator algorithm. Thus you could try to re-run your highly scientific tests with one of: o disabling the cache on the disk (don't know how you would do that, maybe using a 10 year old notebook drive with only 256 kb of cache approximates well) o trying to overrun the cache on the disk drive by making every i/o request be 85% or so of the cache size, although with SCSI callbacks you would still have a problem o scrambling the block numbers in the elevator algorithm before feeding them to the sorting alorithm, i.e. ensuring a random request sorting My hunch is that scrambling them has little effect, and that the others are very hard to get to show an effect. I would say the best way to optimise the I/O would be to limit the I/O request size to Size of embbedded cache sqrt ( ----------------------- ) Size of disk sector i.e. if a disk has 8 Mb embeded cache and the sector size is 4096 bit, then limit the size of a single request to 45 sectors. That leaves the elevator algorithm on the disk enough space to do its thing, and even very small caches (like the 256 kb mentioned above) would still allow 8 sector (or 4 kilobyte "page size") transfers. Thomas * Why not use metric units and get it right first time, every time ? * * email: cmaae47 @ imperial.ac.uk * voice: +4420-7594-6912 (day) * fax: +4420-7594-6958 * snail: Thomas Sippel - Dau * Linux Services Manager * Imperial College of Science, Technology and Medicine * The Center for Computing Services * Exhibition Road * Kensington SW7 2BX * Great Britain | ||
Date: Tue, 5 Dec 2000 17:34:50 +1100 To: letters@lwn.net Subject: More problems with biometrics From: David Gibson <dgibson@linuxcare.com.au> In the letters for the 30th of November LWN edition, Rob Knop <rknop@pobox.com> makes an excellent point against the use of biometrics for authentication: However, they suffer from one really huge flaw in comparison to passwords. If your password is stolen, you can change it. You can't change your fingerprint. Unfortunately, biometric systems have another inherent flaw which make them essentially useless as a sole means of authentication. Because measurements will vary slightly with conditions (and sensor noise), to be useful if a biometric system accepts a certain input it must also accept input which is close to it. This means that the mathematical model underlying the system must be smooth (sufficiently similar input gives similar output). This is unlike a traditional password system: 'password' and 'passwore' (1 bit difference) have completely different md5 hashes. A standard calculus result (the implicit function theorem) implies that a smooth function is (at least numerically) invertible. Which means that if the model is known (and we all know how well security through obscurity works) it is relatively straightforward to synthesise input to satisfy it. Synthesised input might not even look like it came from a human at all (to another human), but nonetheless will convince the categorisation model used in the system. So although many biometric systems are quite reliable at correctly categorising the input from different people, without a reliable means to check if the input is really coming from a physically present person (which no-one has come up with) a system for which a biometric test is sufficient to gain access cannot be considered secure. Biometric tests can be useful where they are usin in addition to passwords or other conventional techniques (i.e. in order to gain access you must both pass the biometric test, and provide the correct password). -- David Gibson, Technical Support Engineer, Linuxcare, Inc. +61 2 6262 8990 dgibson@linuxcare.com, http://www.linuxcare.com/ Linuxcare. Support for the revolution. | ||