Other LWN stuff:
 Daily Updates
 Calendar
 Linux Stocks Page
 Book reviews
 Penguin Gallery

 Archives/search
 Use LWN headlines
 Advertise here
 Contact us

Recent features:
- RMS Interview
- 2001 Timeline
- O'Reilly Open Source Conference
- OLS 2001
- Gaël Duval
- Kernel Summit
- Singapore Linux Conference
- djbdns

Here is the permanent site for this page.

See also: last week's LWN.

Leading items and editorials

Concern about that concentration of resources appears to be growing. New factors include the continuing financial difficulties at VA Linux Systems and SourceForge's move toward proprietary software (as of this writing, the SourceForge jobs page includes a position for a database administrator to "oversee and deploy the transition from Postgres to Oracle"). SourceForge is an expensive gift from VA Linux to the free software community; if VA continues to bleed cash and continues to move toward proprietary software, the company will eventually be forced to look at ending that gift. No responsible board of directors could do otherwise. The idea of 30,000 projects simultaneously looking for a new home is rather scary.

So the level of concern seems notably higher in recent times. It should not be forgotten, though, that SourceForge has been (and still is) a tremendous act of support for the free software community. The hosting of all those projects has been a major contribution; just as important has been the demonstration of how to satisfy (some of) the community's needs. Through SourceForge, we have learned more about how free software development works, and how to help it to flourish.

So why, exactly, did we end up with a single, monster hosting site? It does not appear that there is a natural monopoly there. SourceForge-hosted projects are essentially independent of each other, and there is little synergy in being on the same server. The simple fact is that there have been few alternatives out there. Almost nobody else has wanted to pay the bills involved with providing that sort of service.

Alternatives are beginning to hit the net, however. The GNU project's Savannah server has been up for about a year, using SourceForge code. Savannah currently hosts 356 projects - smaller than SourceForge, certainly, but significant nonetheless. The Savannah hackers have an ambitious development plan which includes replacing much of the SourceForge code, and taking a new approach to free software project hosting. The new Savannah is drawing some interest, showing up in places like the DotGNU project list.

A crucial part of the Savannah plan is that it does not anticipate creating another huge site to compete with SourceForge. The plan, instead, calls for a distributed, decentralized architecture. Savannah servers would be able to mirror (in a read-only mode) each others' projects, but none would become the One Big Server. A well-defined import/export protocol will make it easy to move projects between servers.

This plan looks like the right one for the future. There is no reason why project hosting needs to be centralized, and many reasons why it should not be. With luck, SourceForge will remain a cornerstone of the free software development community for a long time. But it should not be the entire foundation.

(See also, these other free software development hosting sites: Serveur Libre and Berlios).

GNU-Darwin for the x86. The GNU-Darwin Project has been busy for a while, developing a GNU-based userspace on top of Apple's Darwin kernel (which, in turn, is based on FreeBSD and Mach). The idea, of course, is to build an entirely free system. Much progress has been made in that direction. As of this week, it's possible to try out the results of this project's efforts on an Intel-based system: the GNU-Darwin x86 port is now available. Interested users can do an installation over the net, or from a CD image.

Once upon a time, running any sort of Unix-like system on consumer-level hardware was difficult and expensive, when it was possible at all. Now, instead, the situation is rather different. Users can choose between the BSD variants, the GNU HURD (someday), GNU-Darwin, and, of course, an unbelievable number of Linux distributions.

There does appear to be a solid level of interest in free systems which are not based on the Linux kernel. One might well wonder why people would go to the trouble of building a new, GNU-based system on a new kernel, when Linux works so well. What's the payoff?

One benefit, certainly, is the joy of working with new and cool software. Not everybody likes the design decisions built into the Linux kernel, and many of those people are attracted to Mach-based systems. Linux runs on much Apple hardware, but users of that hardware will certainly see some appeal in running a kernel supported by the vendor. And, of course, it's a fun toy.

Then, some users have other reasons for wanting a free system without the Linux kernel. The Free Software Foundation has long felt that Linux has stolen much of its credit. The battle to rename it GNU/Linux has not gone all that far, and resentment remains. The same spirit that causes FSF developers to push forward with HURD development also draws their attention to other, non-Linux alternatives.

The interesting thing is that, at the user level, the tools are the same. Very few users have an attachment to the Linux kernel itself; they want a free system that reliably does what they need. Perhaps, in the future, the vision of a system called "GNU" will be realized, with multiple kernels provided as installation options.

This LWN.net weekly edition comes out one day early so that the LWN staff may enjoy the (U.S.) Thanksgiving holiday. We'll return to our normal publishing schedule next week.

Linux Kongress 2001 will be held November 28-30 in Enschede, The Netherlands. LWN editor Jonathan Corbet will be present and speaking on 2.5 kernel development. A good time should be had by all; see the Linux Kongress web page for details on the event.

Inside this LWN.net weekly edition:

• Security: Quickstart security guides; OpenSSH 3.0.1.
• Kernel: Synchronous file operations; devlinks
• Distributions: Whither Progeny?; SuSE Linux 7.3 is news.
• Development: Psyco, the Python Specializing Compiler, Ganymede 1.0.8, OpenNMS 0.9.0, Evolution 1.0 rc2, Gnumeric 0.76, Python 2.2b2, Jext 3.0.
• Commerce: Alan Cox a candidate for Technology Review 100; The resurrection of OpenMail.
• History: UserFriendly launched; LWN at Comdex.
• Letters: Kernel development; dealing with bugs.

This Week's LWN was brought to you by:

• Jonathan Corbet, Executive Editor

See also: last week's Security page.

Security

News and Editorials

Hal Burgiss Introduces Linux Security Quick-Start Guides. LinuxSecurity.com has published an interview with Hal Burgiss, who has just produced a couple of quick-start Linux security guides (linked from the interview). "While there is a wealth of security related information around, there is not so much addressed to the new user who might be coming from another platform. It's one thing to say 'turn off all unneeded services', but quite another if you don't know what's 'needed' and what's not. Or how to know what services are actually running, and where they are getting started."

OpenSSH 3.0.1 released. OpenSSH 3.0.1 has been released. It includes a fix for a couple of security problems; both appear to be minor and difficult (or impossible) to exploit, but an upgrade is probably a good idea anyway.

Security Reports

Memory exhaustion vulnerability in Postfix. The Postfix mailer has a vulnerability wherein an attacker could run the Postfix daemon out of memory, causing it to crash. A fix is included with the report; no distributor updates have been seen as of this writing.

Trouble with wu-ftpd? A vague message has gone out seeking vendors who ship the wu-ftpd FTP server daemon. It seems there's a remotely exploitable problem in that package, though no details are yet available.

SuSE to discontinue 6.3 support. SuSE has announced that support for its 6.3 distribution will end on December 10. Thereafter, security updates will no longer be available. SuSE Linux 6.4 is still supported for now, until it, too, reaches its two-year anniversary.

A Mandrake Linux update to gnupg. MandrakeSoft has issued an update to gnupg which removes the setgid root bit from the executable. This bit was unnecessary, and, it seems, useful for overwriting files owned by that group. This one appears to be a Mandrake-specific problem.

web scripts. The following web scripts were reported to contain vulnerabilities:

• Cabezon Aurélien has found a couple of vulnerabilities in PhpNuke add-on packages. The Gallery package does not properly check filenames in URLs, allowing any file on the system to be read. And the Net Tool Add-on does not check for shell metacharacters, making it vulnerable to remote command execution exploits.

Proprietary products. The following proprietary products were reported to contain vulnerabilities:

• The Opera web browser has a set of javascript vulnerabilities which could provide undesired access to user information.

Updates

Session hijacking vulnerability in IMP. Versions of the Horde IMP mail system prior to 2.2.7 have a session hijacking vulnerability that is well worth fixing. (First LWN report: November 15, 2001).

This week's updates:

• Caldera (November 22, 2001)

Previous updates:

• Conectiva (November 16, 2001)

This week's updates:

• Mandrake (November 20, 2001)

Previous updates:

• Conectiva (November 6, 2001)
• Red Hat (July 26)
• Yellow Dog (July 25, 2001)

Vulnerabilities in tetex. The tetex package has a temporary file handling vulnerability; this problem was first reported in the July 12, 2001 LWN security page.

This week's updates:

• Mandrake (November 20, 2001) (A mktemp update is also required for 7.x users).

Previous updates:

• Immunix (July 12, 2001)
• Red Hat (October 23, 2001)

Resources

CRYPTO-GRAM Newsletter. Bruce Schneier's CRYPTO-GRAM Newsletter for November 15 is available. The bulk of this issue is an extended version of Bruce's response to Microsoft on full disclosure. "Disclosure does not create security vulnerabilities; programmers create them, and they remain until other programmers find and remove them. Everyone makes mistakes; they are natural events in the sense that they inevitably happen. But that's no excuse for pretending that they are caused by forces out of our control, and mitigated when we get around to it."

Events

Upcoming Security Events.

Date	Event	Location
November 21 - 23, 2001	International Information Warfare Symposium	AAL, Lucerne, Swizerland.
November 21 - 22, 2001	Black Hat Briefings	Amsterdam
November 24 - 30, 2001	Computer Security Mexico	Mexico City
November 29 - 30, 2001	International Cryptography Institute	Washington, DC
December 2 - 7, 2001	Lisa 2001 15th Systems Administration Conference	San Diego, CA.
December 5 - 6, 2001	InfoSecurity Conference & Exhibition	Jacob K. Javits Center, New York, NY.
December 10 - 14, 2001	Annual Computer Security Applications Conference	New Orleans, LA

For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net.

Section Editor: Jonathan Corbet

LWN Resources


Secured Distributions:
Astaro Security
Castle
Engarde Secure Linux
Immunix
Kaladix Linux
NSA Security Enhanced
Openwall GNU/Linux
Trustix

Security Projects
Bastille
Linux Security Audit Project
Linux Security Module
OpenSSH

Security List Archives
Bugtraq Archive
Firewall Wizards Archive
ISN Archive

Distribution-specific links
Caldera Advisories
Conectiva Updates
Debian Alerts
Kondara Advisories
Esware Alerts
LinuxPPC Security Updates
Mandrake Updates
Red Hat Errata
SuSE Announcements
Turbolinux
Yellow Dog Errata

BSD-specific links
BSDi
FreeBSD
NetBSD
OpenBSD

Security mailing lists
Caldera
Cobalt
Conectiva
Debian
Esware
FreeBSD
Kondara
LASER5
Linux From Scratch
Linux-Mandrake
NetBSD
OpenBSD
Red Hat
Slackware
Stampede
SuSE
Trustix
turboLinux
Yellow Dog

Security Software Archives
munitions
ZedZ.net (formerly replay.com)

Miscellaneous Resources
CERT
CIAC
Comp Sec News Daily
Crypto-GRAM
LinuxLock.org
LinuxSecurity.com
Security Focus
SecurityPortal

See also: last week's Kernel page.

Kernel development

The current kernel release is still 2.4.14. Linus's prepatch series is up to 2.4.15-pre7. Very little beyond basic bugfixes has been added to the prepatch in the last week; it appears to be stabilizing. The 2.4.15 kernel may have been released by the time you read this.

Where are the "ac" patches? One user asked when Alan Cox would resume making patches that tracked the 2.4.15-pre Linus tree. The answer would appear to be "not anytime soon." Quoted in full:

Right now I've fed all the stuff I feel makes sense to Linus for 2.4.15. Once 2.4.15 is out I'll send some more bits to Marcelo, and also some bits to Linus that are 2.5 material (eg PnPBIOS). The only "-ac" patch as such would be for 32bit quota and other oddments so I don't think its worth the effort.

Among such "oddments," of course, is the virtual memory implementation that the "ac" series has been using...

How synchronous should Linux be? One day, as Andrew Morton was wandering around the filesystem code, he noticed a seeming inconsistency. While Linux, like most operating systems that are concerned with performance, buffers filesystem writes in the kernels, it does provide a couple of ways for the user to request synchronous behavior:

• The "sync" option, used with the mount command, will request synchronous writes for every file in the filesystem.

• The chattr +S command can request synchronous updates for a single file or directory.

It turns out, though, that there are two types of opinion regarding synchronous writes of file data. Linux has never, in the past, had that behavior. The claim in the mount man page ("All I/O to the file system should be done synchronously.") is simply incorrect. Fully synchronous behavior is very expensive, leading to horrible performance, and is, according to some, rarely needed. It is better, according to this camp, to expect applications to use the fsync() system call to explicitly force synchronous behavior when it's needed in a specific situation. Rather than implement synchronous file writes, these folks (as typified by Stephen Tweedie) propose instead to limit implicit synchronous behavior to directories.

On the other side, Jeff Garzik argued that implementing synchronous file writes is the correct thing to do. Users sometimes need that behavior, and it is impractical to hack up applications and scripts to call fsync() explicitly. A separate dirsync mount option could provided to request synchronous semantics for directories only.

Amusingly, Andrew appears to have been won over by the first point of view, but his patch (implementing the second) found its way into 2.4.15-pre5. Unless something changes, fully synchronous behavior will be the way of things in 2.4.15.

Proposed feature: devlinks. Access to and naming of devices looks like it could be one of the truly divisive issues in 2.5 kernel development. The current system (static nodes in /dev using device numbers) is showing a few signs of strain:

• The static /dev directly is mismatched with the increasingly dynamic nature of hardware. Almost any type of peripheral can come and go without notice, but /dev just sits there.

• As more types of devices are supported by Linux, that static /dev directory has to hold more and more entries for hardware that might be present on somebody's system. /dev on a modern distribution can contain thousands of useless entries.

• The device number space is running out. Device numbers will be expanded in 2.5, but Linus is determined to move away from that scheme. For that reason, he is no longer allowing new major numbers to be assigned.

One solution to all of these problems, of course, is devfs, which is included in the 2.4 kernel. devfs is still not widely used, for a number of reasons. Its use requires non-trivial configuration changes, and the code contains some race conditions and locking bugs that are only now being sorted out. Its use also changes the way policy issues (device names and access permissions) are handled. The kernel can not remember (or guess) the permissions required for a particular device on a given system. This problem is handled with a user-space daemon, but not everybody likes that solution.

Neil Brown has come up with an interesting way of dealing with some of those issues. His proposal, implementing a feature called "devlinks," puts a static administrative layer in front of devfs, allowing a system administrator to set up system-specific policy while using devfs to get away from device numbers.

A devlink is essentially a new entry point into the devfs filesystem. The mechanism is a little clunky at the moment: the administrator creates a normal symbolic link, then types a magic mknod command that mutates it into a devlink. The devlink then acts as an access point to the devfs device. The crucial point, perhaps, is that the devfs filesystem itself need not be mounted. If devfs is left unmounted, devlinks become the only access path to the device. As such, they can be used to set permissions and device naming policy. And, since they are stored in a normal filesystem, they are persistent.

The devlink proposal does little for the handling of dynamic devices, and a directory full of devlinks could become just as cluttered as the current /dev. The proposal seems unlikely to get into the 2.5 kernel in its current form. But, as an attempt to work toward a solution to the device naming problems facing Linux, it is an interesting beginning.

Other patches and updates released this week include:

• Linux-ABI 2.4.14.0 was announced by Christoph Hellwig. This patch enables the kernel to support binaries built for a number of other operating systems.

• Richard Gooch has released devfs v197, the first full devfs release containing the new, reworked core code.

• Ben LaHaise has posted a new asynchronous I/O patch.

• A new multi-queue scheduler patch has been announced by Mike Kravetz.

• A release of the Scalable Test Platform for the 2.4.14 kernel has been announced.

• Andrew Morton has released a new version of his low-latency patch for 2.4.15-pre kernels.

• Jens Axboe has posted version 18 of his patch enabling DMA to block devices from high memory. This is the "prepare-for-inclusion" version of the patch.

• Jeff Merkey has announced a new version of the NetWare filesystem produced by Timpanogas. There are some doubts out there, however, as to just how Novell will react to this release, so caution is warranted.

• mconfig 0.20, a kernel configuration tool, was released by Christoph Hellwig.

• William Irwin has posted a new version of his tree-based boot memory allocator.

• Eric Raymond has released CML2 1.8.7.

• SGI has announced release 1.0.2 of its XFS filesystem.

• pcihpview, a graphical tool for working with hotplug PCI devices, was released by Greg Kroah-Hartman.

• Release 1.8 of the new kernel build system is out.

Section Editor: Jonathan Corbet

For other kernel news, see:

• Kernel traffic
• Kernel Newsflash
• Kernel Trap
• 2.5 Status

Other resources:

• L-K mailing list FAQ
• Linux-MM
• Linux Scalability Effort
• Kernel Newbies
• Linux Device Drivers

See also: last week's Distributions page.

Note: The list of Linux distributions has moved to its own page.

Distributions

News and Editorials

Whither Progeny?. Progeny Linux Systems has stopped development on Linux NOW and stopped publishing Progeny Linux, but the company remains viable. In this interview with Progeny president Steven Schafer on OSNews, Steve talks about the challenges of running a Linux distribution business, and Progeny's commitment to the Debian Project.

What can you tell us about Progeny's plans to continue promoting Debian and make it a more viable platform for commercial users.

Steve Schafer: Many of our Debian improvements have been submitted to the Debian Project and will appear in upcoming releases. Others are being revised to be Debian generic and will be submitted ASAP. We also continue to offer support for Debian (as well as other varieties of Linux). Since the main criticisms of Debian are ease-of-use and lack of a commercial entity behind it, we hope we are helping to answer both concerns.

EnGarde Secure Professional. Guardian Digital has announced the release of EnGarde Secure Professional Linux, the "enterprise" version of the EnGarde distribution. This version is oriented around providing secure network services; it also features web-based administration and access to the Guardian Digital Secure Network.

Also in the announcement is the "EnGarde Secure Workgroup Suite," which provides WebMail, VPN, and Windows domain controller support.

More counting. There has been a trend lately (at least in this page) to rate the popularity of various Linux distributions. Mandrake forum has an article with that theme. "So, measuered by "recent interest of writers", there RedHat, Debian, and SuSE rank almost equal, closely followed by Mandrake. Once more, Mandrake shows that it managed to "grow up" and become one of "top 4" in very short time: Mandrake share on the web doubles when only last 6 months are taken in accounts compared to the "all times" results!"

SuSE 7.3 in the news. SuSE has announced the availability of SuSE Linux 7.3 via FTP. Be sure to look at the list of mirror sites.

PowerPC users need wait no longer: SuSE has announced that its 7.3 distribution is now available for that platform.

Here are some reviews of SuSE 7.3:

• The Register: SuSE 7.3 rocks Red Hat and flips XP the bird. "Think of it this way: if you should break your sad dependency on Redmond's digital heroin and install something like SuSE 7.3, you'll be able to run your machine pretty much like a Windows box without a struggle from the git go; but on top of that, you might one day find yourself curled up in an easy chair with the documentation, as in some bygone age of elegance and style, and then it might just hit you what a convenient patsy you've been."

• NewsForge: Review: SuSE 7.3 Personal. "For me, getting SuSE 7.3 Personal installed and running was a lot like having a baby -- it was painful and took a long time. But baby, am I ever happy with the result."

• Network Computing Magazine: Special Report: SuSE Queues Up for a Clean Sweep. "Bottom line, SuSE impressed us enough to walk away with the Editor's Choice award in both the server and workstation categories. However, none of the other distributions was particularly shabby, especially on the workstation side, where the margin of victory was less than a point -- just 0.15. Note that the products are listed in order of how they placed in the server tests; on the workstation side the order was: SuSE, Red Hat, Caldera and Mandrake (TurboLinux opted out of our workstation tests)."

Distribution News

Debian News. Here's a freeze update. This is the last week for uploads of base packages.

The Debian Weekly News for November 14 is out. Covered topics include better keywords to help people find the Debian packages they need, SourceForge, and whether documentation licensed under the GNU FDL is free enough for Debian.

Mandrake Linux. Updates have been released for procmail, gnupg, and mktemp.

Red Hat. Bugfix advisories:

• Updated pam and usermode packages available
• Updated print drivers available

Turbolinux 7 To Power IBM NetVista Thin Clients. Turbolinux announced that IBM's new NetVista N2200 Thin Client Linux Express and IBM's newest, most powerful thin client, the N70 will be deployed with the Turbolinux 7 operating system.

Minor Distribution updates

ClumpOS. ClumpOS, a CD-based mini-distribution, released R4 on November 14.

Devil-Linux. Devil-Linux v0.5 beta3 has been released. This version uses version 2.4.14 of the Linux kernel and includes lots more updates and additions.

Section Editor: Rebecca Sobol

Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.

See also: last week's Development page.

Development projects

News and Editorials

"The aim of the Psyco project is to show that it is possible to execute Python code at speeds approaching that of fully compiled languages. The current prototype operates on i386-compatible processors. Preliminary results show potential speed-ups of a factor 10 to 100, which means that we can hope execution speeds closer to fully optimized C than to traditional Python."

The project overview notes that Psyco works by replacing the most inner loop of the standard CPython implementation, which means that it can be integrated into CPython. "The name Psyco, or Python Specializing Compiler, comes from the fact that the emitted machine code is specialized to specific values of the data, not only to the pseudo-code (a.k.a. bytecode) to interpret." There is also a hint that the Psyco code may be useful for speeding up other interpreted languages, it was written with that in mind.

Some of the compatibility issues include missing bytecodes, a number of code assumptions, assumptions that object types won't change, and no support for the Python debugger, among other things. Psyco may not be useful for all of the Python code ever written, but it could be very useful for speeding up certain types of code.

The Psyco code and documentation are licensed under the GPL license.

Directory Management Systems

Ganymede 1.0.8 released. Version 1.0.8 of the Ganymede network directory management system has been announced. This version features changes to the database format for support of larger numbers of data objects, improvements to the XML loader, and other bug fixes.

Embedded Systems

Embedded Linux Newsletter (LinuxDevices.com). The LinuxDevices.com Embedded Linux Newsletter for November 15 is out, with the usual collection of interesting stuff from the Embedded Linux community.

Mail Software

PerlMx 1.2.2 Released (milter.org). Milter.org examines the latest PerlMx mail filtering software. PerlMx version 1.2.2 is a maintenance release with a number of bug fixes.

Network Management

OpenNMS update. After a bit of a break, the OpenNMS project has produced a new development update. They have released OpenNMS 0.9.0, which brings a great many changes and improvements. There is also, now, a commercial support offering available at OpenNMS.com.

Printing Systems

CUPS v1.1.12 released. A new version of the CUPS printing system has been released. "CUPS 1.1.12 adds support for Polish PPD files, adds a missing directory definition to the cups-config script, and fixes bugs in the CUPS-Add-Printer and CUPS-Move-Job operations."

LPRng 3.8.1 available. Version 3.8.1 of the LPRng printing system is available. The CHANGES relating to version 3.8.1 include a number of bug fixes.

Omni printer driver adds more printers. The Omni printer driver now supports 392 different printers, the list of supported printers just keeps growing.

Science

Parsing Protein Domains with Perl (O'Reilly). James Tisdall talks about Perl and Biology software on perl.com. " Biological data on computers tends to be either in structured ASCII flat files--that is to say, in plain-text files--or in relational databases. Both of these data sources are easy to handle with Perl programs."

Web-site Development

ASPSeek v.1.2.6 released. A new version of the ASPSeek web search engine is available. This release features a bunch of bug fixes and some minor tweaks.

Create RSS channels from HTML news sites (O'Reilly). Chris Ball discusses techniques for creating a Remote Site Summary with Perl on O'Reilly's perl.com site. "Even if you haven't heard of the RSS acronym before, you're likely to have used RSS in the past. Whether through the slashboxes at slashdot or our own news summary at use.perl.org, the premise remains the same - RSS, or 'Remote Site Summary' is a method used for providing an overview of the latest news to appear on a site."

The latest news from the Zope Members. This week, the Zope Members' news looks at the following new releases: BlogFace 0.1a, LDAPUserFolder 1.0, CMFLDAP 1.1, Parsed XML 1.2.1. Other Zope news is also featured.

Application Links
GIMP
Mozilla
Galeon
High Availability
ht://Dig
mnoGoSearch
MagicPoint
Wine
Worldforge
Zope

Open Source Code Collections
Berlios
Freshmeat
OpenSourceDirectory
Savannah
Le Serveur Libre
SourceForge
Sweetcode

Desktop Development

Browsers

Galeon 0.12.8 Released. Galeon 0.12.8 has been released. This version is release candidate 3 for Galeon 1.0 and includes more bug fixes.

Desktop Environments

Second Evolution 1.0 release candidate. The second release candidate for Evolution 1.0 is now available. Numerous bugs have been fixed since the first one came out; the developers are hoping to flush out the rest with this version.

A New GNOME Summary. The latest GNOME Summary has been published. Topics include GNOME-print's new True Type support, a new home for GTKSharp, the GNOME Foundation elections, free beer for Gnumeric bug finders and more.

KDE 3.0 Screenshots (KDE dot News). KDE dot News takes a look at the latest screenshots from the upcoming KDE 3.0 release.

Games

PyUI 0.8 released. Version 0.8 of PyUI, a Python based GUI library that was originally developed for game software, has been announced. "The 0.8 release includes many improvements including keyboard navigation, cleaner drawing, a re-designed default theme, text wrapping, GUI callback events and the re-introduction of transparency . The stability and maturity of PyUI have advanced greatly since the 0.7x releases thanks mainly to the code contributions from Peter Freese."

Office Applications

Gnumeric 0.76 released. Gnumeric 0.76 has been released. Almost everything is frozen at this point, with the exception of translations and bug fixes; the developers are aiming for a stable release on December 15.

AbiWord Weekly News #70. Issue number 70 of the AbiWord Weekly News is available. Lots of bugs are being fixed in preparation for the upcoming 0.9.5 pre-release.

Miscellaneous

This week in DotGNU. The This week in DotGNU newsletter for November 17 is out. Covered projects include the IDsec authorization effort, and the list of 20 DotGNU projects.

Programming Languages

Caml

Caml Weekly News for November 20, 2001. The latest Caml Weekly News is out. Topics this week include the first source release of Ocamlnet, pre-releases of OCamlCVS and OCamldoc, and a Debian package for CamlIDL.

The Caml Hump. This week, the Caml Hump also looks at OCamlnet, which is a collection of OCaml modules that provide application-level Internet access.

Lisp

Common Lisp, Typing and Mathematics. Francis Sergeraert has published a tutorial that aims to help mathematicians make use of Common Lisp.

Perl

Birth of the POE Documentation Project (use Perl). The POE (Perl Object Environment) Documentation project has been created. "The aim of the POE Documentation project is to break the POE docs up into manageable topical chunks that make sense to new users."

PHP

PHP Weekly Summary for November 19, 2001. The November 19, 2001 edition of the PHP Weekly Summary is out. Topics this week include the Sablot extension, reports from the PHP conference, PHP licensing, the PHP 4.1.0 countdown, a new porter extension, PHP 4.1.0 RC2, a new file_md5() function, a new RTF extension, and more.

Python

Python 2.2 beta 2. The second (and probably last) beta of Python 2.2 has been released. There's a few small new features, but this release is mostly dedicated to bug fixes, as one might expect.

This week's Python-URL. Dr. Dobb's Python-URL for November 16 is out, with the latest from the Python development community.

Python Projects (FreshMeat). Ryan Kulla pushes Python in an article on FreshMeat. "When I found what Python had to offer, I was amazed. I could write big applications very quickly, and the source code was always easy to read because of how Python is built. Best of all, Python is so easy to learn that you can literally learn it in a weekend just from reading the online tutorial."

Optik: a Python command line parser. Version 1.1 of Optik has been released."Optik is a powerful, flexible, extensible, easy-to-use command-line parsing library for Python. Using Optik, you can add intelligent, sophisticated handling of command-line options to your scripts with very little overhead." Optik is licensed under the BSD license.

Ruby

The Ruby Garden. This week, the Ruby Garden looks at a new Ruby parser from Markus Liedl.

Tcl/Tk

This week's Tcl-URL. Here's Dr. Dobb's Tcl-URL for November 20 with the latest from the Tcl/Tk community.

XML

XML::LibXML - An XML::Parser Alternative. This week's featured Perl tool for working with XML is XML::LibXML. Kip Hampton takes a look on O'Reilly's XML.com. "Expat and XML::Parser have proven themselves to be quite capable, but they are not without limitations. Expat was among the first XML parsers available and, as a result, its interfaces reflect the expectations of users at the time it was written. Expat and XML::Parser do not implement the Document Object Model, SAX, or XPath language interfaces (things that most modern XML users take for granted) because either the given interface did not exist or was still being heavily evaluated and not considered 'standard' at the time it was written."

XML::SAX::Expat Released (use Perl). Meanwhile, use Perl looks at XML::SAX::Expat. "XML::SAX redefines XML processing in Perl. It frees you from the chains of SAX parser details. It elevates your soul. It even freshens your breath. [think: DBI for XML]"

Basic XML and RDF techniques for knowledge management (IBM developerWorks). Uche Ogbuji shows how to add semantic knowledge to an RDF application with WordNet synonym sets in the third article in a series on IBM's developerWorks. "With the added knowledge of the WordNet lexical database, you can search a set of RDF data for related concepts, not just one keyword at a time. As the demonstration issue-tracker application shows, that means searching once for instances that fit within the concept of 'selection' rather than searching individually on 'vote,' 'choice,' 'ballot,' and 86 other related terms."

Miscellaneous

Jext 3.0 programmer's editor released. A new version of Jext has been released. " Jext is a powerful 100% pure Java programmer's text editor. Mainly written for programmers, Jext was designed from the ground up to suit your needs. From beginner to skilled coder, everyone should find what they need in this editor." Jext features syntax colorizing for ASP, C, C++, Eiffel, Python, Java, JSP, Perl, PHP, HTML, TeX and XML. The latest release features improved PHP support. Jext has been released under the GPL license.

Section Editor: Forrest Cook

See also: last week's Commerce page.

Linux and Business

IBM white paper on clusters. IBM has posted a white paper on Linux clusters. It covers clusters in general, and also discusses the new IBM cluster products in detail. "As did parallel RISC systems in HPC, Linux clusters are moving from the early adopter stage into the mainstream stage. This should be enabled by technologies such as high performance file systems, high availability software, and the like. As the Linux cluster systems become mainstream, the business opportunities should increase proportionately."

Alan Cox a candidate for Technology Review 100. Red Hat has put out a press release proclaiming that Alan Cox is an candidate for listing among the "Technology Review 100."

Caldera Volution Messaging Server. Caldera International has announced the release of the "Caldera Volution Messaging Server." Touted features include full Outlook compatibility, GUI administration, an OpenLDAP directory server, and spam filtering.

Caldera also announced the Caldera Volution Manager has won Network World's prestigious annual Category-Breaker Award.

The resurrection of OpenMail. Samsung SDS has announced that it has licensed the OpenMail code from HP, and will be offering it as an ongoing product with Linux support.

Dell installing Red Hat 7.2. Dell has announced that it will be offering Red Hat Linux 7.2 preinstalled on its entire line of "Precision" workstations and "PowerEdge" servers.

SuSE offers VMware Workstation 3.0. SuSE has announced that it is now offering VMware Workstation 3.0. You, too, can run Windows XP on your Linux box.

EBIZ Enterprises filing 10KSB (Annual Report). For those who are interested, EBIZ, the home of LinuxMall.com and other Linux-oriented businesses, has filed its annual report. Much of the report has to do with how the company will deal with its bankruptcy situation.

Linux Stock Index for November 15 to November 21, 2001.
LSI at closing on November 15, 2001 ... 29.91
LSI at closing on November 21, 2001 ... 28.54

The high for the week was 29.91
The low for the week was 28.54

Press Releases:

Open source products

• LinuxWorld Conference & Expo (FRAMINGHAM, Mass.): Open Source Product Excellence Awards Return to LinuxWorld; Deadline for Submissions is December 17, 2001.

Proprietary Products for Linux

• Cybermation Inc. (TORONTO): Cybermation Develops ESP Agent Technology for Linux on eServer zSeries.

• Meetinghouse Data Communications, Inc. (PORTSMOUTH, N.H.): Meetinghouse Data Communications Releases New 802.1X Authentication Software.

• SurfControl (SCOTTS VALLEY, CA): Powerful Web Filtering for Enterprise Linux Platforms.

Products and Services Using Linux

• Turbolinux Inc. & Egenera, Inc. (SAN FRANCISCO & MARLBORO, Mass.): Turbolinux and Egenera Join Forces To Automate Server and Application Deployment, Lowering Cost of Ownership for Enterprise-Class Data Centers.

Products With Linux Versions

• BakBone Software (SAN DIEGO, CA): BakBone Releases Backup/Restore for MySQL.

• BOXX Technologies (AUSTIN, Texas): BOXX Unveils Juggler Render Management Software, Offers Free Full-Featured Version on the Web; Powerful New Network Rendering Solution for Maya Streamlines Digital Workflow.

• Dell and MigraTEC, Inc. (AUSTIN, Texas and DALLAS): Dell and MigraTEC Team to Port Customers to Itanium Platform.

• Interlink Networks (ANN ARBOR, Mich.): Interlink Networks Earns IBM ServerProven Validation; Access Control Software Offers Security Solution for Wireless LANs.

• Not a Number (): Blender Publisher Completes 3D picture on all O/Ss.

Java Products

• ScheduleOnline (SAN DIEGO): ScheduleOnline Ships Java Based ScheduleOffline Application.

Books & Training

• LinuxCertified.com (Cupertino, California): Linux System Administration Bootcamp W/free Linux laptop!.

• Network Appliance, Inc. (SAP TechEd 2001 Vienna Conference): Network Appliance to Present "Simplifying Administration of mySAP.com with Linux and Network-Attached Storage" November 27, 2001.

• Open Network Architecture (): OpenNA offers Securing & Optimizing Linux: The Ultimate Solution.

• Red Hat, Inc. (RESEARCH TRIANGLE PARK, N.C.): Red Hat Introduces Expanded eLearning Course Curriculum.

Partnerships

• Codehost Inc. (Los Angeles, CA): Samsung Electronics partners with Codehost Inc. to add Linux Support to Printer Lines.

• Sendmail, Inc. (EMERYVILLE, Calif.): Sendmail, Inc. Appoints C'QUEST as Distributor in South Korea; Signs Contract with Korean Air to offer Sendmail Solutions for Linux on IBM's eServer z900.

Investments and Acquisitions

• Envenergy Inc. (SANTA BARBARA, Calif.): Envenergy Receives $13.4 Million to Fund Company Growth.

• Get2Chip Inc. (SAN JOSE, Calif.): Get2Chip Closes Latest Round of Funding; Capital Will be Used to Expand R&D Effort, Worldwide Key Account Program.

Personnel & New Offices

• MontaVista Software, Inc. (SUNNYVALE, Calif.): MontaVista Apppoints VP Sales Asia Pacific.

Other

• OpenOSX.com (SWALL MEADOWS, Calif.): OpenOSX Office 0.9, Now Shipping for Mac OS X; includes AbiWord, Gnumeric, GIMP and more..

Section Editor: Rebecca Sobol.

See also: last week's Linux in the news page.

Linux in the news

Recommended Reading

Knowledge Center Special Report: Server Operating Systems (ComputerWorld). ComputerWorld has put up a large series on server operating systems which includes several articles on Linux. "One of the other critical features that open-source Linux allows is broad customization for Cendant's hotels. That flexibility, for instance, allowed modifications to make the virtual private network code work with the existing central reservation system. It also allowed modifications to the operating system kernel to remove unneeded features at each hotel. That essentially protects hotel workers from inadvertently making system changes and causing problems..." (Thanks to Peter Link).

IP conference: copyright law has gone too far (Register). Here's a report in The Register from the Cato Institute's "The Future of Intellectual Property in the Information Age" conference. "The 'go to jail' panel addressed issues close to the hearts of many in the Open Source community, including the DMCA-inspired lawsuits against webmasters who posted the DeCSS code that allows Linux users to decode and play DVDS, and the arrest in the United States of visiting Russian programmer Dmitry Sklyarov for creating a program that strips copy controls from e-books."

Chewing up and spitting out our leaders (Advogato). Here's an article on Advogato on the public resignation of Christoph Pfisterer from the Fink project, and how the free software community treats its leaders in general. "Instead of giving examples, I'll just call attention to the current drought of leaders. Many of the 'big names' who would have been listed as leaders a couple of years ago are no longer very active in actual free software development, and there isn't much in the way of new blood. Thank God we've still got Linus."

phpGroupWare is leaving SourceForge (NewsForge). NewsForge covers the departure of the phpGroupWare project from SourceForge. "All of this makes me nervous... what happens if their business model doesn't work, and they run out of money? What happens to SourceForge and all of the data on there? Would we want to face that situation and have to deal with the flood of other projects that are also in a panic to find a new home?"

Companies

Dell begs for mercy after ditching desktop Linux (Register). The Register gives us a cynical look at Dell's open letter regarding Linux support. "So there you go. It's not an alternative to Windows at all, it's a 'migration platform' for customers who need to get their apps away from 'proprietary Unix platforms.' All it needs is for Dell to precede it with 'And now for a word from our sponsors.'"

IBM and Linux: The Dinosaurs and the Penguin (IT-Director). Here's an IT-Director article on how Linux has helped IBM's mainframe business. "Legend has it that several IBM executives got to know about the [S/390] Linux project and advised the developers involved to desist. They didn't, it just turned into a skunk works. They got Linux working and demonstrated the running of thousands of Linux instances on the mainframe. Because the educational world became interested, IBM executives changed their minds. Then, IBM looked at the Linux market and decided that it wanted in and suddenly mainframe Linux became part of the strategy."

CEO's Exit Caps Wild Year for Lineo (Salt Lake Tribune). The Salt Lake Tribune looks at Lineo and its troubles over the last year. "Nearly a week after stepping down without explanation, former Lineo Inc. chief executive Bryan Sparks remains mum about the role he will play at the software company he founded in 1998."

Travel ASP takes Linux down the road to success (ZDNet). ZDNet looks at Viata, Inc., an application service provider which uses Linux for its entire operation. "The payoffs were equally real, however. Viata saved about $170,000 in software costs during the first six months of using Linux, according to Phillips. Viata also saved on hardware, as it was able to avoid purchasing the high-end machines it would have needed to run Windows. Administration is cheaper, since most functions are performed centrally and can be automated." The article has several parts, and is a good business case study.

Business

Open-source approach fades in tough times (News.com). News.com tells us that companies are losing interest in open source as they try to come up with ways to actually make some money. "'It's interesting to see these companies coming around to what has been our business model since the very beginning,' added Pete Beckman, Turbolinux's vice president of engineering. Turbolinux sells Linux in combination with proprietary software of its own and from partners like Oracle."

Reviews

Introducing ext3 (developerWorks). IBM's developerWorks has an introduction to the ext3 journaling filesystem, which will be in the 2.4.15 stable kernel release. "Thanks to the fact that ext2 and ext3 use identical metadata, it's possible to perform in-place ext2 to ext3 filesystem upgrades. Yes, you read that right. By upgrading a few key system utilities, installing a modern 2.4 kernel and typing in a single tune2fs command per filesystem, you can convert your existing ext2 servers into journaling ext3 systems. You can even do this while your ext2 filesystems are mounted. The transition is safe, reversible, and incredibly easy, and unlike a conversion to XFS, JFS, or ReiserFS, you don't need to back up and recreate your filesystems from scratch."

Interviews

Why tech innovation is under threat (News.com). News.com interviews Lawrence Lessig. "[Programmers] need to do a better job in showing us the values that are built into the code they're writing. The point of both my books is that the architecture had certain values build into it. The people changing them should do a better job of making us aware of how the values change with the code."

Section Editor: Forrest Cook

See also: last week's Announcements page.

Announcements

Resources

DesktopLinux.com launches. A new site, DesktopLinux.com, has hit the net. It's run by the same folks who do LinuxDevices.com, but is aimed at the desktop market.

Network Scanning (O'Reilly). Chris Coleman examines several network scanning tools on O'Reilly's OnLamp site. "Hackers have access to utilities to scan your servers, but so do you. We know that hackers are scanning our servers for open ports. We can scan our servers first, and know what the hackers will see and close any ports that shouldn't be open. The two tools we need are nmap and ethereal."

Linux Managers mailing list. Bill Bradford has set up a new mailing list called "Linux Managers." It's patterned after the venerable Sun Managers list; the intent is to provide a forum for those who manage Linux systems. See the Linux Managers page for signup information and list archives.

Events

SDL Game Development Contest. No Starch Press is holding a contest for Linux game developers. Get your entries in by December 1, 2001 to be eligible for winning prizes.

Events: November 21, 2001 - January 16, 2001.

Date	Event	Location
November 25, 2001	The Business of Open Source Software(BOSS)	(Ottawa Public Library)Ottawa Ontario, Canada
November 28 - 30, 2001	Linux-Kongress 2001	(University of Twente)Enschede, The Netherlands.
December 7 - 9, 2001	PLUTO MEETING 2001	Terni, Italy
December 10 - 12, 2001	Linux Bangalore 2001	Bangalore, India

Additional events can be found in the LWN Event Calendar. Event submissions should be sent to lwn@lwn.net in a plain text format.

Section Editor: Forrest Cook.

Software Announcements

The Alphabetical List and Sorted by license

Our software announcements are provided courtesy of FreshMeat

See also: last week's Linux History page.

This week in Linux history

The comic strip User Friendly was launched.

Three years ago LWN was on vacation, but we do know that Eric S. Raymond announced the launch of the Open Source Initiative.

Two years ago LWN took a much needed vacation, so apparently nothing of importance happened.

One year ago (November 23, 2000 LWN): LWN editors Forrest Cook and Rebecca Sobol went to Comdex and wrote a detailed report. Here's Rebecca with the SuSE chameleon.

Doc Searls also went to Comdex and wrote about it in Linux Journal.

In most cases, the companies didn't even give me reasons why they built their boxes with Linux. It was like I asked why they used a TCP/IP stack or plastic in their cases. Clearly, embedding Linux is getting to be less of a brainer every day.

There were rumors that Corel might sell its Linux operation to some other company. The rumors were finally proved to be true last September when Xandros Corporation (backed by Linux Global Partners) signed a strategic licensing agreement with Corel Corporation, giving it access to Corel's Linux desktop OS and related technologies.

Celeste Amanda Torvalds, daughter of Linus and Tove Torvalds, was born on November 20. Happy 1st birthday, Celeste.

The current development kernel release was 2.4.0-test11, which contained a great many fixes, including one for a longstanding PCMCIA problem.

Section Editor: Rebecca Sobol.

LWN Linux Timelines
1998 In Review
1999 In Review
2000 In Review
2001 In Review

See also: last week's Letters page.

Letters to the editor

From:	 Rahul Siddharthan <rsidd@online.fr>
To:	 letters@lwn.net
Date:	 Thu, 15 Nov 2001 11:06:54 +0100

Dear LWN,
This is with reference to your editorial this week (Nov 15), where
you talk about the problem of a long stabilisation period for the 2.4
kernel and a lack of a development branch, and suggest the Debian
model where releases happen more slowly but are more stable, while
the unstable branch continues.

It seems to me that the BSDs, all of them, have got this right.  They
make stable releases frequently  (much more rapidly than Debian),
while continuing work on the development branch.  Although I started
with using linux and still read lwn regularly, I now use FreeBSD
almost exclusively; it seems quite competitive with linux for new
features, hardware support, etc while being extremely stable and,
reportedly, often having much better performance even today.  (It's
hard to tell on a desktop machine, though.)  While the release date of
FreeBSD 5.0 was pushed far into the future because of its ambitious
agenda, new features get backported to the 4.x branch regularly, after
first being thoroughly tested in the 5.x branch.

I'm not a developer myself, but the evidence suggests that this system
works (and works very well).  Though FreeBSD's first (dot-zero) stable
releases are often marked for early adopters, 4.0 in fact was already
good enough for general production use, which is more than can be said
even for linux 2.4.9 (or for 2.2.x for x<7 or so).  In fact, one
usually comes to no harm when syncing one's sources to just about any
point on the -stable branch.  It's even more impressive when you
consider that the BSDs maintain the entire base userland -- libraries,
utilities, and all -- apart from the kernel.  Surely such a system
could work for linux too?  Perhaps the major factor here is the
cvs-based approach of the BSDs, which Linus dislikes so much. 

Rahul 

From:	 nn@broadcom.com
To:	 lwn@lwn.net
Subject: The 2.5 kernel is coming
Date:	 Wed, 14 Nov 2001 21:37:23 -0800

> Many kernel developers have had no target for new code in a year. 

A kernel should not be a dumping ground for every feature
that an undergraduate might consider.  The job of a kernel
is to provide some simple layers of abstraction over the
underlying hardware and get out of the way.
A kernel should be a pencil, not a word processor.

> The 2.4 kernel has been a very long time in stabilizing. 

Which is not surprising considering the huge amount of SMP
and NUMA big iron feature and algorithm complexity that
has been applied over the past two years.      
Plus a new VM.

neal nuckolls
nn@techie.com

From:	 ketil@ii.uib.no
To:	 letters@lwn.net
Subject: Microsoft's "threat"
Date:	 Thu, 15 Nov 2001 09:10:53 +0100 (MET)

In his (as usual) very good article, Bruce Schneier wonders:

> What [Culp] did was to rail against the publication of vulnerabilities,
> and ask researchers to keep details under their hats. Otherwise, he
> threatened, "vendors will have no choice but to find other ways to
> protect their customers," whatever that means. 

I cannot help but think that the most obvious "other way" is to actually
fix the bugs.  Some threat.

-kzm

From:	 Mark Bainter <mark-spamx@firinn.org>
To:	 letters@lwn.net
Subject: Re: bug reporting in noncommercial software
Date:	 Thu, 15 Nov 2001 10:18:32 -0600

I would have to agree with Seth's assessment of the situation.
It takes someone really dedicated to take the time and write 
a usefull bug report.  I don't think any automated system can
replace that.  But, I do agree that an automated system could
help to eliminate a lot of the smaller bugs that often go 
unnoticed because it isn't worth the time and effort to report
it.  

I would propose an alternate solution however.  Instead of having
a standard system for doing bug reporting, (i.e. one app that 
handles it for all apps) I would suggest having the standard be
some permutation of the applications name + bug.  For example
vimbug, or etermbug.  These would be provided by the application
writers to gather relevant data about the system and compose an
email message for the reporting person to then puruse, edit, 
and submit along with a description of the problem.  

The reason I suggest this instead is that each app is different.  
Vim doesn't generally need to know what version of window manager
you are running, or even which one you are running.  Eterm doesn't
care what version of modutils you are using.  Let the developers
decide what information is most usefull and have it gather all that
background data, so all the user has to do is make sure they are
ok with the information being submitted, and add in the actual 
description of the problem.  

--