[LWN Logo]
[LWN.net]

Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise news for all interests


Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

Other LWN stuff:
 Daily Updates
 Calendar
 Linux Stocks Page
 Book reviews
 Penguin Gallery

 Archives/search
 Use LWN headlines
 Advertise here
 Contact us

Recent features:
- RMS Interview
- 2001 Timeline
- O'Reilly Open Source Conference
- OLS 2001
- Gaël Duval
- Kernel Summit
- Singapore Linux Conference
- djbdns

Here is the permanent site for this page.

See also: last week's LWN.

Leading items and editorials


Playing with Evolution. The second release candidate for Evolution 1.0 was announced last week. Evolution is at the core of Ximian's effort to produce a better Linux desktop, so we thought it was worth a close look. Here's a first set of impressions.

Evolution is an integrated tool handling a number of desktop tasks:

  • Electronic mail
  • Calendar management
  • Contact management
The idea is, of course, that these three activities are closely tied to each other, and the supporting tools should reflect that.

The first time a user runs the application, a short series of dialog windows is presented, allowing the user to configure the application. Mostly it has to do with how to send and retrieve mail. Evolution can handle POP/IMAP servers, local mail spools, and qmail "maildir" directories. It can also import mail setups from elm or Netscape, and address information from GnomeCard. It would be nice if it could bring in calendar entries from ical, if that capability does exist, it isn't obvious how to access it.

The mail client is fully featured, at least from the point of view of certain classes of users. The interface is completely graphical, of course, with lots of mousing required to do most tasks. The usual mail client activities - reading, sending, foldering, printing, etc. - are well supported.

MIME mail, of course, is thoroughly implemented, helpful for those of us who get lots of family pictures in the mail (screenshot). Also supported is HTML mail - your spam never looked better. The Evolution designers felt that HTML mail support was crucial, but they have taken a cautious approach to it. The client will not send HTML mail unless explicitly configured to do so; there is also a feature in the contact manager which can enable or disable HTML mail on a per-recipient basis. If you chose to send HTML mail, there is a set of basic formatting options available.

The HTML mail display is also, wisely, configured to never load images off the net; to do otherwise opens up the user to a number of privacy problems.

Other features include a threaded mail display (screenshot) and the ability to sort messages by a number of criteria. There is also a built-in filtering capability with, of course, a graphical window for defining filters. The feature to set up a filter based on the current message is a nice one. Filters can be set up to run automatically, or in response to an explicit command

The message search and "vfolder" capabilities make it easy to organize and find messages. If you're forever trying to figure out where you put that important note from six months ago, Evolution may make your life easier.

On the other hand, a number of features that long-time Unix mail users are accustomed to are still missing. If there is any way to feed a message to a shell command, it's not easy to find. The "burst" capability from MH is a nice way to read digests, but Evolution does not have it. The ability to "redistribute" a message with its original headers is missing - though some, certainly, would consider that to be a positive feature. And, of course, there is no non-graphical mode - a pain for people who have to get at their mail over slow network links.

The calendar client (screenshot) is pretty much what one would expect. It has the usual features, including nice support for recurring events (though it can be a bit hard to find the first time). There are hooks for sharing your availability information to a group, thus allowing others to schedule your time without asking you. What fun.

The contact manager (screenshot) is a fairly straightforward address book database. It comes thoughtfully preloaded with Ximian's contact information. It is possible to transfer contact information from email messages by right clicking on email addresses within the mail client.

A few glitches remain. There appears, for example, to be no deterministic way of knowing when Evolution will actually figure out that new mail has arrived. It also has shown a bit of a tendency to leave behind stray processes, with names like "wombat," when it exits. But, as a whole, it seems quite solid and well developed. It may not be the Linux guru's preferred mail system, but the pointy-haired boss will probably like it. Evolution is a high-quality contribution to the free software community.

Dmitry Sklyarov update. Remember Dmitry? He's still in trouble.... A case conference was held on November 26, with a few outcomes of interest. In particular, it appears that the defense will be mounting a constitutional challenge against the DMCA, among other tactics. That increases the importance of this case (except, of course, for Dmitry and family, who certainly found it important enough already). A successful constitutional challenge could go a long way toward eliminating the DMCA problem.

It will take a while to find out, though, as the wheels of the justice system grind slowly along. The pre-trial hearings start in March, 2002; if the case continues, the date for the real trial will be set on April 15. So a real resolution of this case (without appeals and such) isn't likely before the (northern hemisphere) summer.

Inside this LWN.net weekly edition:

  • Security: Open Web Application Security Project, Postfix fix, wu-ftpd fixes, pmake format string bug.
  • Kernel: The new development series begins.
  • Distributions: BRaiLleSPEAK; OpenNA Linux.
  • Development: GNU Scientific Library 1.0, High Availability Summary, BusyBox 0.60.2, Boodler sonic wallpaper, Galeon 1.0, KDE 2.2.2, Python books.
  • Commerce: We speak about free software; Red Hat's answer to the Microsoft settlement offer.
  • History: No history this week.
  • Letters: GNU-Darwin for the x86, SourceForge, Bug Reports, Stallman, The folly of slowing down.
...plus the usual array of reports, updates, and announcements.

This Week's LWN was brought to you by:


November 29, 2001

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

See also: last week's Security page.

Security


News and Editorials

Open Web Application Security Project. The Open Web Application Security Project has announced its existence. OWASP has as its goal helping people develop secure applications for the web. Sub-projects include the development of attack components and an application testing framework.

Security Reports

Postfix session log memory exhaustion. Conectiva and RedHat have come out with what appear to be the first postfix updates fixing a denial of service vulnerability in Postfix 20010228 and some earlier verions.

Cyrus SASL library vulnerability. A format string bug in the authentication API for mail clients and servers may be remotely exploitable. This week both SuSE and Caldera released updates to cyrus-sasl to address the problem.

Buffer overflow in wu-ftpd. There is a nasty file flobbing heap corruption vulnerability in wu-ftpd which impacts many Linux distrubutions. RedHat, SuSE and Caldera have issued updates. This is probably the problem alluded to in the "vague message" about a possible vulnerability in wu-ftpd reported by LWN last week.

Format string bug in pmake 2.1.33 and below. Format string and buffer overflow problems in pmake may lead to a local root compromise when pmake is installed suid root.

Mandrake Linux kernel security updates. Mandrake has issued new security updates for the 2.2 and 2.4 kernels adding a fix for the syncookies vulnerability. As always with kernel updates, read the instructions carefully...

Mandrake distribution specific packaging problem. MandrakeSoft has issued a security update for expect (distribution-specific packaging problem that could lead to a root exploit).

SuSE update to susehelp. SuSE has put out an alert for a remote command execution vulnerability in susehelp.

Mandrake alerts for telex and mktemp. Mandrake has released an alert for a problem with tetex which can lead to elevated privileges. Mandrake 7.x users need to apply this update to mktemp first.

web scripts. The following web scripts were reported to contain vulnerabilities:

Updates

Directory indexing and path discovery in Apache. Versions of Apache prior to version 1.3.19 are vulnerable to a custom crafted request that can cause modules to misbehave and return a listing of the directory contents by avoiding the error page. (First LWN report: September 20, 2001).

This week's updates:

Previous updates:

Session hijacking vulnerability in IMP. Versions of the Horde IMP mail system prior to 2.2.7 have a session hijacking vulnerability that is well worth fixing. (First LWN report: November 15, 2001).

This week's updates:

Previous updates:

Corrupt RPM query vulnerability. RPM 4.0.2-7x, and probably also earlier 4.0.x versions, allow arbitrary command executing on query of corrupt RPM files. (First BugTraq report: October 25, 2001).

This week's updates:

Denial of service vulnerability in squid-2.4STABLE1. The squid server can be out of service for a few seconds when it reloads after a crash caused by a burst of certain FTP requests. See the September 18th bug report for details.

This week's updates:

Previous updates:

Resources

Quarterly CERT summary. CERT has put out its quarterly summary of ongoing security problems. The list is dominated by Windows vulnerabilities, but the old SSH problem is in there as well.

Events

Upcoming Security Events.
Date Event Location
November 29 - 30, 2001Computer Security MexicoMexico City
November 29 - 30, 2001International Cryptography InstituteWashington, DC
December 2 - 7, 2001Lisa 2001 15th Systems Administration ConferenceSan Diego, CA.
December 5 - 6, 2001InfoSecurity Conference & ExhibitionJacob K. Javits Center, New York, NY.
December 10 - 14, 2001Annual Computer Security Applications ConferenceNew Orleans, LA
December 27 - 29, 200118th Chaos Communication CongressBerlin, Germany

For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net.

Section Editor: Dennis Tenney


November 29, 2001

LWN Resources


Secured Distributions:
Astaro Security
Castle
Engarde Secure Linux
Immunix
Kaladix Linux
NSA Security Enhanced
Openwall GNU/Linux
Trustix

Security Projects
Bastille
Linux Security Audit Project
Linux Security Module
OpenSSH

Security List Archives
Bugtraq Archive
Firewall Wizards Archive
ISN Archive

Distribution-specific links
Caldera Advisories
Conectiva Updates
Debian Alerts
Kondara Advisories
Esware Alerts
LinuxPPC Security Updates
Mandrake Updates
Red Hat Errata
SuSE Announcements
Turbolinux
Yellow Dog Errata

BSD-specific links
BSDi
FreeBSD
NetBSD
OpenBSD

Security mailing lists
Caldera
Cobalt
Conectiva
Debian
Esware
FreeBSD
Kondara
LASER5
Linux From Scratch
Linux-Mandrake
NetBSD
OpenBSD
Red Hat
Slackware
Stampede
SuSE
Trustix
turboLinux
Yellow Dog

Security Software Archives
munitions
ZedZ.net (formerly replay.com)

Miscellaneous Resources
CERT
CIAC
Comp Sec News Daily
Crypto-GRAM
LinuxLock.org
LinuxSecurity.com
Security Focus
SecurityPortal

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

See also: last week's Kernel page.

Kernel development


The current development kernel release is 2.5.0. For the first time since January, there actually is an official development kernel. As development kernels go, it's a relatively boring start - it's the same as the (allegedly) stable 2.4.15 release. A 2.5.1-pre1 prepatch exists, but it's limited to a couple of small updates and, of course, the 2.4.15 filesystem corruption fix. A 2.5.1-pre3 prepatch was released shortly before press time, with a few more cleanups.

The current stable kernel release is 2.4.16. This release, the first by Marcelo Tosatti, contains little beyond the filesystem fix. This release does seem to deserve the name "stable," though there are still some persistent complaints about interactive response in the presence of heavy I/O. The culprit appears to be the disk I/O scheduler; a real fix for that problem could be long in coming. The 2.4.17-pre1 prepatch contains a number of items including a new USB maintainer and a devfs update.

Those of you in the very old world may be interested in 2.0.40-pre3, released by David Weinehall.

The new development series begins - on a bit of a sour note. Linus pushed out 2.4.15 just before the Thanksgiving holiday, and made a copy called 2.5.0. Unfortunately, a late filesystem tweak broke the systems unmounting code, meaning that users found corrupt filesystems the second time they booted the new systems. Not the best beginning.

How could such a mistake happen? Linus's explanation is that he doesn't like doing maintenance.

The fact that I've held on to 2.4.x for too long, mostly due to the VM problems, really doesn't help. That just makes me _less_ likely to be careful. Especially when the last known VM problem was fixed (ie the Oracle highmem deadlock), I had a very strong urge to just "get the d*mn thing out to Marcelo".

He predicts that 2.4 releases will be of higher quality now that Marcelo is handling them.

Amusingly, there were arguably more complaints about the name Linus chose for this release: 2.4.15-greased-turkey. Linus's reasoning:

It's a worthy follow-up to the 2.2.x "greased weasel" releases, but as yesterday was Thanksgiving here in the US, and a lot of turkeys offered their lives in celebration of the new 2.5.0 tree, the 2.4.x series got christened a "greased turkey" instead of a weasel.

The extended version number caused things (like loadable modules) to be installed in a surprising place, and a few people didn't like that. Others suggested that "2.4.15-dead-duck" was a more appropriate name. Then, a patch was submitted for those vegetarian users out there...

Meanwhile, people are interested in how to avoid this sort of embarrassment in the future. Marcelo, evidently, is going to put out special "release candidate" prepatches before a stable release; these will be available for people to pound on for a period of time. If a particular release candidate appears solid, it will be turned directly into the stable release; otherwise a new release candidate will be made. Linus has not said whether he will follow the same convention, but, then, development kernels are supposed to be broken sometimes.

The prepatches move on kernel.org. There is a move afoot to better standardize the locations of prepatches on the kernel.org mirror system. It seems that each kernel release directory (i.e. .../kernel/v2.4/) will have a testing subdirectory under it. The upper-level testing directory will go away. Linus and Marcelo are already using this scheme for the 2.5 and 2.4 prepatches, respectively. It looks like Alan Cox will do the same for version 2.2, and David Weinehall will follow suit with 2.0.

A new USB maintainer. Greg Kroah-Hartman has been the acting maintainer of the USB subsystem for a couple of months. Now previous maintainer Johannes Erdfelt has made it official: Greg is the real, official USB maintainer.

Meanwhile, discussion has started on a set of 2.5 development goals for the USB subsystem posted by Brad Hards.

System calls or /proc files? Ingo Molnar recently posted a patch adding a new set of system calls which will bind a process to a subset of the available CPUs on a system. Ingo has also posted chaff, a tool for changing processor affinities of running processes. Nobody seems to doubt that this is a useful thing to be able to do. Binding processes can improve cache behavior. If a process is handling data from a busy device, attaching that process and the device's interrupt handler to the same processor can also help improve performance.

While the idea has been accepted, there are some complaints about the implementation. In particular some people think that new system calls should not be added for this sort of feature. Instead, the kernel should just set up some files in /proc which provide access to affinity settings. Robert Love has, indeed, provided a patch which implements this approach to affinities. The advantages, it is said, are a reduction in the size of the system call table and an easy ability for command-line tools to work with affinities.

Of course, not everybody likes the /proc approach either. Some systems do not have /proc enabled at all; if affinities are controlled only through that interface, they will not be available on systems without /proc. And, to some, anything that dumps more stuff into /proc is bad news. /proc is already messy enough as it is.

No resolution has been reached in this particular case. There is a bigger issue to be resolved here, however: how, exactly, should new kernel features be made available to user space? Should every capability be made available via a system call? Or are filesystem-based approaches the proper solution? At some point, the kernel hackers are going to need to come to a policy decision on this issue.

Other patches and updates released this week include:

  • Pavel Machek has posted a new software suspend patch against 2.4.14. "Warning. This probably corrupts memory."

  • modutils 2.4.12 has been released by Keith Owens.

  • Also from Keith is release 1.9 of the new kbuild code. It still doesn't support CML2, however.

  • Speaking of which, Eric Raymond has posted CML2 1.9.0.

  • Richard Gooch has posted devfs v198. He's looking for people to test out the new code...

  • Rusty Russell has posted a new version of his patch changing how modules handle initialization, shutdown, and parameters. (See the September 6 kernel page for the discussion of this patch).

  • Jens Axboe's latest block highmem patch is available.

  • Perhaps not the most exciting patch of the week: Padraig Brady has a large patch which strips trailing whitespace from the kernel source.

  • Version 2.5.1 of the NetWare filesystem patch was posted by Jeff Merkey.

  • Jeff Dike has released User-mode Linux 0.52-2.4.15.

  • Willy Tarreau has released a version of kmsgdump for 2.4 kernels.

  • Andre Hedrick has posted a proposal for a new storage model. Support for all "real spindle devices" (i.e. disks) would be expected to follow this plan.

  • Momchil Velikov has posted a new page cache implementation which is intended to be more scalable. It turns out that Ingo Molnar has a patch of his own which tries to improve page cache performance. Ben LaHaise, meanwhile, thinks both patches are wrong, and has proposed a solution of his own.

  • ethtool 1.4 was released by Jeff Garzik.

  • Jari Ruusu has posted version v1.4h of the loop-AES file crypto package.

  • Linux-ABI 2.4.15.0 was announced by Christoph Hellwig.

Section Editor: Jonathan Corbet


November 29, 2001

For other kernel news, see:

Other resources:

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

See also: last week's Distributions page.

Note: The list of Linux distributions has moved to its own page.

Distributions


Please note that security updates from the various distributions are covered in the security section.

New Distributions

BRaiLleSPEAK. BRaiLleSPEAK has been around since Tuesday, November 20th 2001. It is a mini (UMSDOS) Linux distribution, with braille and speech support built in. It comes with a pre-configuration tool, and an auto-compiler function for the Braille driver, so it can be easily installed and run by blind users. This is one of those "born fully formed" distributions, already at 7.0-1. BRaiLleSPEAK is also available from its mirror site.

OpenNA Linux. OpenNA Inc. announced BETA1 of OpenNA Linux, a highly secure and fast Linux operating system for servers.

Distribution News

Debian News. The Debian Weekly News for November 21 looks at bug searches in source packages, spell checked package descriptions, Debian on OS X, and much more.

Anthony Towns is trying to get the new libsdl1.2debian packages into woody, so expect some packages to disappear from woody in the next few days.

For more information about the Woody freeze, here's the November 29 freeze update.

Mandrake Linux Community Newsletter. The Mandrake Linux Community Newsletter for November 27 is now available. The top story this week is about the MandrakeSoft Business Survey.

Slackware Linux. Slackware has some new updates to the -current tree on the FTP site, including KDE-2.2.2, OpenSSH-3.0.1p1, and more. See the changelog for more details.

SuSE Linux 7.3 for SPARC. SuSE has announced the release of its 7.3 distribution for the SPARC architecture.

Minor Distribution updates

Devil-Linux. Devil-Linux 0.5 Beta 4 has been released. Lots of additions and changes in this release.

Redmond Linux. Redmond Linux announced build 42, RC3; the last Release Candidate, with more bug fixes and a ton of improvements. The final release is scheduled for December 1.

Sorcerer GNU/Linux. Sorcerer GNU/Linux 20011128 has been released. Changes include an update to Linux 2.4.16, default support in Sorcery for simultaneous downloading and casting, and improved detection and fixing of broken installed spells.

Distribution Reviews

Conectiva Linux 7.0 (Duke of URL). Here's a good review of Conectiva Linux 7.0. "Conectiva also shares much in common with several other distributions, such as Red Hat, which it is based upon. Still, with version 7.0 we are starting to see the emergence of a unique distribution that has its own characteristics, strengths, and weaknesses. With this release Conectiva is definitely poised to stand on their own."

Mandrake 8.1 offers superior server platform (ZDNet). Mandrake Linux 8.1 receives a favorable review on ZDNet. "If Linux is to make serious inroads in mission-critical server environments, it must offer journalized file system (JFS) support. A JFS is important for mission-critical business environments, as it provides a high level of data integrity and helps to reduce downtime due to data corruption or hardware failure. While other vendors of Linux operating systems have been slow to adopt journalized file systems, Mandrake 8.1 supports several, including Ext3, ReiserFS, XFS and JFS. Such support gives IT managers who are evaluating Mandrake versus other Linux OSes (or Windows) an additional reason to chose Mandrake as a mission-critical server OS."

Linux rivalry heats up (InfoWorld). This article compares Red Hat 7.2 to SuSE 7.3. They liked both.

If your business relies on Linux servers to perform important tasks and you're concerned about minimizing downtime (who isn't?), then Red Hat Linux 7.2 may be just what you've been looking for. The new release contains a plethora of new features designed to provide faster performance, greater reliability, and less downtime.

...

Linux may have earned its reputation as a mysterious, arcane OS reserved only for technical masterminds, but if SuSE 7.3 is any indication, the penguin is quickly becoming housebroken.

Online Only: Locked Down Out of the Box (Network Computing). Here's a look at some secure Linux distributions. "Although these efforts have gone a long way toward improving the security of Linux, most mainstream vendors still don't address the needs of those who require a high level of security or need a bulletproof server at installation time. Enter security-enhanced distributions. Of the many vendors offering this type of secure solution, two offerings, Engarde Secure Linux and Immunix, caught our favor as the most polished and ready for prime time."

Section Editor: Rebecca Sobol


November 29, 2001

Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

See also: last week's Development page.

Development projects


News and Editorials

GNU Scientific Library 1.0 The first major release of the GNU Scientific Library (GSL) has been announced.

"The GNU Scientific Library (GSL) is a collection of routines for numerical computing. The routines are written from scratch by the GSL team in ANSI C, and present a modern Applications Programming Interface (API) for C programmers, while allowing wrappers to be written for very high level languages." The GSL is being distributed under the GPL license. It has been tested on a wide variety of Unix platforms as well as OS/2. GSL also builds under Microsoft Visual C++.

A team of eight authors are responsible for the project.

The initial release already covers a wide variety of scientific applications including:

  • Complex Numbers
  • Roots of Polynomials
  • Special Functions
  • Vectors and Matrices
  • Permutations
  • Sorting
  • BLAS Support
  • Linear Algebra
  • Eigensystems
  • Fast Fourier Transforms
  • Quadrature
  • Random Numbers
  • Quasi-Random Sequences
  • Random Distributions
  • Statistics
  • Histograms
  • N-Tuples
  • Monte Carlo Integration
  • Simulated Annealing
  • Differential Equations
  • Interpolation
  • Numerical Differentiation
  • Chebyshev Approximation
  • Series Acceleration
  • Discrete Hankel Transforms
  • Root-Finding
  • Minimization
  • Least-Squares Fitting
  • Physical Constants
  • IEEE Floating-Point
The Online Reference Manual includes library build information, coding examples, debugging techniques, as well as documentation for the many functions.

If you prefer to work in languages other than C, GSL includes Wrappers for Python, Perl, and C++.

Several projects based on GSL are already being distributed, GSL should be a useful foundation for many more.

For those who are working on scientific software projects, GSL looks to be a great way to gain a huge step forward. Resourceful professors could use GSL as the basis for a number of different courses. (Thanks to Brian Gough.)

Clusters

Linux High Availability Summary. The latest Linux High Availability Summary has been published. Among other things, version 0.4.9.1 of the heartbeat node monitoring package has been released. Downloads of heartbeat are available here.

Directory Management Systems

Mailing lists for Ganymede. Two new mailing lists have been announced for the Ganymede directory management system. One list is for development questions, and the other is for general help.

Documentation

LDP Weekly News for November 27, 2001. The November 27, 2001 edition of the LDP Weekly News is available. This issue discusses a move of the LDP database and ScrollServer 0.6, and includes new releases of the Firewall Piercing mini-HOWTO and the Linux MP3 CD Burning mini-HOWTO.

Education

SEUL/edu Linux in Education Report. The SEUL/edu Linux in Education Report for November 26 is out. Covered topics include journal publishing, the Distributed Encyclopedia of Sciences, and more.

Embedded Systems

Embedded Linux Newsletter for November 22, 2001. The November 22, 2001 edition of the Embedded Linux Newsletter is out. This week's issue covers a number of different Linux PDA issues.

BusyBox 0.60.2 released. A new version of BusyBox, a toolkit of Unix utilities for embedded systems, has been released. Version 0.60.2 is considered stable, and features several bug fixes, backtick handling in msh works better now.

Mini-libc Builder 1.0. IBM has recently released Mini-libc Builder 1.0, a tool that builds a minimal version of the C library with memory constrained systems in mind. Mini-libc Builder has been released under the GPL license.

Web-site Development

mnoGoSearch 3.2.3 released. A new release of the web site search engine mnoGoSearch is available. the release notes list a number of additions and bug fixes.

The latest Zope Members News. The latest Zope Members News includes a number of articles on zwiki, announcements for CMFLocalizer 0.2 and Redirector 1.2, as well as other Zope news.


November 29, 2001


Application Links
GIMP
Mozilla
Galeon
High Availability
ht://Dig
mnoGoSearch
MagicPoint
Wine
Worldforge
Zope

Open Source Code Collections
Berlios
Freshmeat
OpenSourceDirectory
Savannah
Le Serveur Libre
SourceForge
Sweetcode

   

 

Desktop Development


Audio Applications

GSMP, the General Sound Manipulation Program. A new, early release of GSMP, the General Sound Manipulation Program is available. "We currently focus on building a complete and open-source Virtual Studio environment for Linux. This General Sound Manipulation Program will consist of a normal Wave-Editor and an application where wave and MIDI unite to a full Virtual Studio environment." The latest version features an OSS plug-in and bug fixes.

Boodler: a programmable soundscape tool. Boodler, an application that appears to be a sonic wallpaper generator, is being developed by Andrew Plotkin. "Boodler is a tool for creating soundscapes -- continuous, infinitely varying streams of sound. Boodler is designed to run in the background on a computer, maintaining whatever sound environment you desire." Work is being done to tie Boodler to X10 remote motion detectors, so your soundscape can vary according to what room you are in. The code can be downloaded here. Boodler is licensed under the LGPL license.

Browsers

Mozilla 0.9.6 released. Mozilla 0.9.6 is available. The release notes indicate a number of changes including page icons in the URL bar, better support of .BMP and .ICO images, a new print preview feature, a new Search For capability, and more.

Galeon zips while Mozilla slips (Register). The Register reports on the Galeon 1.0 release. "Other Galeon addicts swear by the fine-grained font scaling, others are partial to the cookie management. And unlike Netscape, it loads the same day. But it's the tabs that keep us coming back to Galeon, even though KDE's file manager Konqueror is a first class browser in itself." Galeon 1.0 is available here.

Desktop Environments

The latest GNOME Summary. The GNOME Summary for November 17 through 23, 2001 is out. Topics include the Mozilla team and bug squashing, a Rodney Dawes interview, Overflow 0.6.0, the new GNOME 2 porting document, Java-GNOME 0.7.1, and more.

KDE 2.2.2. KDE 2.2.2 has been released. There are a number of new features, performance improvements, and a few security fixes. See the announcement for the full list.

People of KDE: Matthias 'Kalle' Dalheimer. The "People of KDE" series returns with this interview with Matthias Dalheimer. "Today, I mostly have the role of 'elder statesman': I help younger developers find their way into the project, handle press contacts, give talks at conferences and give my opinion when asked (and sometimes even when not asked :-))."

KC KDE #26 Is Out. The November 23, 2001 edition of Kernel Cousin KDE is out. "Read about how Linux father, Linus Torvalds, is also a model KDE user and bug reporter, LISa the new Lan Browsing Wizard, Kinkatta plugins, the Boson real-time strategy game, a KDE Script Interface, news of a kdeedu module, the KDE3 beta1 week delay, and much more."

Xfce 3.8.12 is released. Version 3.8.12 of the Xfce desktop environment has been released. This version includes bug fixes, an improved look and feel, and an updated xftree utility. (Thanks to Joe Klemmer.)

Games

Gnomoku: First GTKmm 1.3 app. Gnomoku, which appears to be a tic-tac-toe game on steiroids, is the first test application for the recent GTKmm 2 efforts. GTKmm is the C++ wrapper for the GTK+ libraries.

Building Freeciv: An Open Source Strategy Game (O'Reilly). Howard Wen looks at Freeciv, an open-source game that is modeled after Civilization.

Civil 0.60 released. A new version of Civil just came out. "Civil is a cross-platform, real-time, networked strategy game, developed using Python, PyGame and SDL--allowing players to take part in scenarios set during the American Civil war." The new version includes a working framework for game sound, better scoring, and improved exit screens. (Thanks to Gareth Noyce.)

Graphics

Gimp Print 4.2.0 released. A new, stable version of Gimp Print has been announced. This version supports many new printers and includes updated manuals, improved print quality, more language translations, and improved packaging.

GSview 4.1 released. A new version of GSview, a PostScript previewer, has been released. Version 4.1 is primarily a bug fix release but it also has a few new features, including the ability to specify page sizes on the command line, and translations to Dutch and Greek.

Office Applications

AbiWord 0.9.5 released. Release 0.9.5 of the AbiWord word processor has been announced. This version features a number of new features and some bug fixes. "Highlights include: Command Line Printing, Normal Mode, Thesaurus ,Dictionary support, All image type support (these last three via plugins) , Header/Footers for first/last/facing pages, Dynamic Toolbars (drag and drop toolbar icons) for Unix/Gnome. Plus lots of other stuff and bugfixes."

AbiWord Weekly News #71. Issue number 71 of the AbiWord Weekly News is out.

Miscellaneous

This Week in DotGNU. The This Week in DotGNU Newsletter for November 24 is out. Covered topics include phpGroupWare (which has joined DotGNU), the new GNU Common C++ release, and more.

Overflow 0.6.0 released. A new version of Overflow has been released. "Overflow is a free (GPL/LGPL) "data flow oriented" development environment. It can be use to build complex applications by combining small, reusable building blocks."

gFTP 2.0.9 released. Version 2.0.9 of the gFTP ftp client has been announced. This version adds support for sshv2, gtk+ >= 1.3.8, and more. Downloads are available here.

 
Desktop Environments
GNOME
GNUstep
KDE
XFce
XFree86

Window Managers
Afterstep
Enlightenment
FVMW2
IceWM
Sawfish
WindowMaker

Widget Sets
GTK+
Qt
   

 

Programming Languages


Caml

Caml Weekly News. The November 21-27, 2001 issue of the Caml Weekly News is out. Check it out for the latest in the world of Caml.

This week on the Caml Hump. The latest Caml Hump listings include a look at mlglade, a Glade to OCaml compiler, Report, an XML structure tool, Zoggy, an interface builder, and Maple-MuPad which converts Maple code to MuPad.

Haskell

Haskell Communities and Activities Report. The first edition of the Haskell Communities and Activities Report has been announced.

Java

Java-GNOME 0.7.1 released. A new version of Java-GNOME is available. "This release has focused on stability and completeness of the bindings. New classes and methods have been added to achieve very close to complete coverage of GDK, GTK, libgnomeui, and libgnome."

Perl

Developing coding guidelines (IBM developerWorks). Teodor Zlatanov discusses Perl coding guidelines on IBM's developerWorks. "The most common mistake a programmer can make is not in the list of bugs for his program. It is not a function of the programmer's age or language of choice. It is, simply, the assumption that his abilities are complete and there is no room for improvement."

New CPAN Distributions for November 27, 2001 (use Perl). The use Perl site highlights a bunch of new Perl modules that have recently been added to CPAN.

POOP Module Comparison (use Perl). Use Perl points out some documentation on Perl Object-Oriented Persistence, or POOP that was in need of some better publicity.

PHP

PHP Weekly Summary for November 26, 2001. The November 26, 2001 edition of the PHP Weekly Summary is available. Topics include the definition of a final RC, PHP 4.1.0 RC 3, a new ImageMagick extension, PHP documentation, the GD extension, debugging Apache and a new PHPdoc.

Python

This week's Python-URL. The Dr. Dobb's Python-URL for November 26, 2001 is out with coverage of new extension proposals, and an interesting paper by Andrew Kuchling.

Updating your Python reading list, Part 2 (IBM developerWorks). David Mertz updates his Python Reading List on IBM's developerWorks. "This installment provides new comparative reviews of recent Python titles (or titles missed in the last roundup)"

Reviews of 15 Python books. If the previous article doesn't give you enough Python reading material for your Christmas wish list, Ron Stephens also reviews 15 Python Books.

Tcl/Tk

This week's Tcl-URL. The Dr. Dobb's Tcl-URL for November 26, 2001 is out, with the latest from the Tcl/Tk community.

XML

Kawa-XQuery. Kawa-XQuery is a partial implementation of the W3C draft XML Query language. XQuery is a high-level expression, XML generation, and SQL-like xquery language that includes XPath as a sub-set. This implementation achieves high performance because a query is compiled down to Java bytecodes using the Kawa framework. The latest release adds servlet support, namespace support, line numbers in stack traces, and more optimizations.

Miscellaneous

Lightweight Languages (O'Reilly). Perl guru Simon Cozens covers the recent Lightweight Languages Workshop held at MIT. "Bringing together the academic and commercial sides of language design and implementation was the interesting premise behind last weekend's Lightweight Languages Workshop, LL1, at the AI Lab at MIT, and I'm happy to say that it wasn't the great flame-fest you might imagine."

Open64 Forum. There will be an Open64 Forum at the upcoming MICRO34 conference. "Open64 is a suite of optimizing compiler development tools for Intel Itanium(TM) systems running Linux. The Open64 project is the continuation of the SGI Pro64(TM) compiler suite which was released under the GNU General Public License (GPL) . The Open64 compiler suite currently includes compilers for C, C++, and Fortran90/95 compilers for the IA-64 Linux ABI and API standards."

Section Editor: Forrest Cook

 
Language Links
Caml
Caml Hump
Tiny COBOL
Erlang
g95 Fortran
Gnu Compiler Collection (GCC)
Gnu Compiler for the Java Language (GCJ)
Guile
Haskell
IBM Java Zone
Jython
Free the X3J Thirteen (Lisp)
Use Perl
O'Reilly's perl.com
Dr. Dobbs' Perl
PHP
PHP Weekly Summary
Daily Python-URL
Python.org
Python.faqts
Python Eggs
Ruby
Ruby Garden
MIT Scheme
Schemers
Squeak
Smalltalk
Why Smalltalk
Tcl Developer Xchange
Tcl-tk.net
O'Reilly's XML.com
Regular Expressions
   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

See also: last week's Commerce page.

Linux and Business


We speak about free software. Here's a posting on the FSF Europe site defending the superiority of the term "free software." "Examining the development of the Open Source Initative after three years, it becomes apparent that the reasons to prefer the term Free Software have become even more true." It's endorsed by a number of European free software companies. (Thanks to Bernhard Reiter).

Red Hat's answer to the Microsoft settlement offer. Red Hat has issued a press release with its response to Microsoft's offer to donate computers and software to schools. Red Hat has offered to throw in its own software, allowing Microsoft to spend more money on hardware instead... "Unlike the Microsoft proposal, which has a five-year time limit at which point schools would have to pay Microsoft to renew their licenses and upgrade the software, the Red Hat proposal has no time limit."

Red Hat and IBM Deliver Linux Solutions for IBM Servers. Red Hat announced it will deliver packaged and customized solutions for the entire IBM eServer product line.

Opera 6.0tp1 released. The "Technology Preview 1" release of Opera 6.0 has been announced. There's a number of new features; see the announcement for details.

Draft pricing comparison from Cybersource. Cybersource has put together a draft pricing comparison between Linux/Open Source technologies and Windows/Microsoft's technologies for sample organizations of size 50, 100 and 250 staff. They feel that with the current belt-tightening within the IT industry, management should be spending more money on IT staff payroll (even hiring more staff) rather than ever-spiraling Microsoft licenses. Cybersource welcomes comments and feedback on this document. There is a bzipped image and a PDF document available here. You can also grab the PDF document from mirror1 or mirror2.

VA Linux Reports Results for First Fiscal Quarter, 2002. VA Linux Systems has announced its latest quarterly results. The company brought in $5.6 million, but it's really only $3.9 million after you take out the last bits of the discontinued hardware business. The company lost $8.7 million over the quarter (if you don't count things like restructuring costs), leaving it with $71 million in the bank. There are no great promises of profitability: "We see business conditions for us stabilizing, and expect to see continued declines in our cash usage combined with modest bottom line improvements over the remainder of this fiscal year" is as good as it gets.

Linux Stock Index for November 24 to November 28, 2001. LSI at closing on November 24, 2001 ... 29.15
LSI at closing on November 28, 2001 ... 30.18

The high for the week was 31.03
The low for the week was 29.15

Press Releases:

Open source products

Proprietary Products for Linux

Products and Services Using Linux

Products With Linux Versions

Java Products

Books & Training

Personnel & New Offices

Linux At Work

Other

Section Editor: Rebecca Sobol.


November 29, 2001

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

See also: last week's Linux in the news page.

Linux in the news


Recommended Reading

Pretrial Hearings in Sklyarov/ElcomSoft case to begin March 4, 2002 (PlanetPDF). This Planet PDF article is the first we've seen about Dmitry Sklyarov's hearing today. "According to Associated Press' reports, defense attorneys 'intend to challenge aspects of the Digital Millennium Copyright Act (DMCA) and whether prosecutors here have jurisdiction' over the Russian defendants."

Here, also, are a few notes from the hearing taken by Henry Schwan of the EFF.

Torvalds says Linux still growing (News.com). News.com looks at the Linux kernel's growing pains. "With Linux, things are more difficult because the OS is relatively young, and is still changing quickly. "The real solution is to make fewer fundamental changes between stable kernels, and that's a real solution that I expect to become more and more realistic as the kernel stabilizes," Torvalds wrote."

Linux app makes Xbox net gaming a reality (Register). The Register looks at the Xbox Gateway, a Linux-based router system allowing Xbox users to play each other over broadband links. "Bill is no doubt absolutely ecstatic about this, but he can console himself with the thought that at least all the work XboxGW has put into the system is on the outside - the box itself remains unsullied by viral GPL-related stuff."

New application takes Xbox online (ZDNet). A group of software developers have created a Linux-based application that they claim lets Xbox users play system-link games over the Internet.

Nixed for Linux (CIO). CIO Magazine is carrying a brief story on how Industrial Light and Magic is moving from SGI systems to Linux. "The irony here is that SGI has helped the Linux cause in the past by serving up some of its own proprietary Unix code to the open-source community. Now Linux seems to be biting the hand that fed it."

Despite a Tough Road, Linux Has Never Been More Popular. Here's a San Jose Mercury article on how Linux is doing well, even if Linux companies are not. "While the flightless bird may have been booted off Wall Street, it is being welcomed on Main Street as a dependable substitute for more expensive software sold by competitors such as Microsoft and Sun Microsystems. From auto dealers in Florida to grocery stores in the Arctic Circle, companies are using Linux to run Web sites, power databases, track inventory and balance the books."

What are you thankful for? (Scripting News). For those who are amused by this sort of stuff, here's Dave Winer's reaction to Richard Stallman's co-winning the 2001 Takeda Award. "Do you work really hard to make good software? I do it every day. Does Stallman push the envelope? I haven't seen any evidence of that. Imho, the economy is still rewarding the wrong people."

Famed Lab Seeks Big Grid (Wired). Wired looks at a computing initiative at CERN. "CERN, the famed Swiss high-energy particle physics lab, has a problem. It's about to start generating more data than any computer or network anywhere in the world is able to analyze. That prospect has led CERN to drive a major European project to create a vast 'grid' research network of computers across Europe. When completed, the 10 million euro, Linux-based endeavor called DataGRID, will become a principal European computing resource for researchers of many disciplines."

Companies

What Makes Google Good (The Dallas Morning News). Google is something of a Linux success story. "Within three years, the Google team had come up with the first public versions of PageRank. Running on cheap, lean Linux computers, it combined the standard search engine "spider" technology, which combs public Web pages for key words, with the company's own database of heavily linked pages."

Red Hat trumps MS poor kids offer (Register). Here's the Register's take on Red Hat's school offer. "If Red Hat really wants to help the indigenous poor, why doesn't it pay for free breakfasts for all children of primary school age in poor areas?"

Red Hat shares ride on IBM deal (News.com). Red Hat stock climbs following the announcement of an IBM deal. "Red Hat shares were up $1.10, or 18 percent, to $7.10 in morning Nasdaq trading and helped lift badly battered shares of other Linux-oriented companies. Caldera rose 19 percent, or 10 cents, to 62 cents; and VA Linux Systems rose 8 percent, or 19 cents, to $2.70."

Business

Open-source fans welcome French government move (CNN). CNN covers a report from the IDG News Service on the adoption of open source software by the French government. "The French government also wants to encourage a decentralized software industry by allowing small companies to work on open-source government projects, rather than the concentrated software development that tends to result from proprietary products, [EuroLinux Alliance spokesperson Jean-Paul] Smets added."

Germany speaks out for open source (ZDNet). Here's a ZDNet article on the German government's opposition to software patents. "However, experts say that the opposition to broader software patents voiced by the German government, open-source advocates, software developers and others is likely to make little difference to the outcome of the EC's plans. Europe is moving towards broader software patents as a way of putting Europe on the same footing as the United States, which many businesses feel is necessary to enable them to compete."

Who's going to sort out Linux? (IT-Director). Here's an analysis of the downturn in Linux businesses. "The downside is that there are not many Linux businesses capable of making it, simply because there is no money being put into them. Red Hat, Caldera and IBM are probably the leading proponents of Linux and all of these know very well that a revenue-free environment is never going to work."

Interviews

Interview: Theo de Raadt (KernelTrap). KernelTrap interviews Theo de Raadt, creator of OpenBSD. "We have a six month cycle for many reasons. First off, and most important to me personally, it is just the right length so that I do not kill myself. The holidays are nicely spaced for me. Since I am project leader, I must not be permitted to go insane."

Interview: Linux darling Caldera states its case (IT-Director). IT-Director talks with Ransom Love. "The problem here is that we have been leading the market from inception and focussing very clearly on the business needs. As it happens, business demands are very different to those of the Linux community. But I do think that the community recognises that we work very hard on Linux."

Interview: Rodney Dawes (LinuxPower). LinuxPower interviews GNOME hacker Rodney Dawes. "Free software isn't entirely intended to be a 'Submit a patch' hack it yourself deal. It's meant to make a better alternative to the proprietary software systems. If we limit ourselves to a single architecture, we're doing no better than the proprietary people. So, let's make this work without having everyone hack their own copy."

Miscellaneous

RMS tagged as Gnomewhere man in board elections (Register). Here is the Register's take on the GNOME Foundation Elections, focusing mostly on who didn't win. "But a spare a thought for fellow nominee, MIT undergraduate Rhett Creighton, who in his manifesto said he "wanted to use the position to impress chicks". Creighton received just one vote in the final ballot, and finished twenty fifth out of twenty five candidates."

Section Editor: Forrest Cook


November 29, 2001

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

See also: last week's Announcements page.

Announcements


Resources

Using the xinetd program for system administration (IBM developerWorks). Teodor Zlatanov explains xinetd on IBM's developerWorks. "The classic inetd daemon has been around for a long time. There are several ways to replace its functionality, but the most flexible and easiest way seems to be xinetd. Xinetd does all the things inetd can do, and a lot more. TCP wrapping, modular configuration, connection redirection, and load limits on incoming connections are just a few of the features that make xinetd a nice choice for system administrators."

Andy Oram on the implications of Open Source. O'Reilly editor Andy Oram has published the text of a talk he gave in Japan under the title A summary of research on social and organizational relationships in open source software projects. It's worth a read. "The most inspiring aspect of open source development, and perhaps the most fruitful for social science research, is the transparency it fosters - a form of instantaneous and supremely honest communication. No one can hide a bad decision because source code can be examined by experts everywhere. Furthermore, these expert reviewers risk nothing by reporting problems and disagreeing with the project managers. Contrast this to the employees of a commercial firm, who are constrained by their desire to look good to superiors."

Practical PostgreSQL PDF available online. Command Prompt, Inc has announced a pre-production version of the book Practical PostgreSQL, which is available for download in PDF format.

Events

Events: November 29 - January 24, 2001.
Date Event Location
November 29 - 30, 2001Linux-Kongress 2001(University of Twente)Enschede, The Netherlands.
December 7 - 9, 2001PLUTO MEETING 2001Terni, Italy
December 10 - 12, 2001Linux Bangalore 2001Bangalore, India

Additional events can be found in the LWN Event Calendar. Event submissions should be sent to lwn@lwn.net in a plain text format.

Web sites

New Linux Journal site. The Linux Journal has put up an all new web site built with PhpNuke. It includes a bunch of new features (i.e. discussion groups) as well as extensive archives.

Section Editor: Forrest Cook.


November 29, 2001

   

 

Software Announcements


Here are this week's Freshmeat software announcements. Freshmeat now offers the announcements sorted in two different ways:

The Alphabetical List and Sorted by license

 

Our software announcements are provided courtesy of FreshMeat

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

See also: last week's Linux History page.

This week in Linux history


Due to circumstances beyond control, there is no history section this week. This week in Linux History will be back next week. We apologize for any inconvenience.

Section Editor: Rebecca Sobol.


November 29, 2001

LWN Linux Timelines
1998 In Review
1999 In Review
2000 In Review
2001 In Review

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

See also: last week's Letters page.

Letters to the editor


Letters to the editor should be sent to letters@lwn.net. Preference will be given to letters which are short, to the point, and well written. If you want your email address "anti-spammed" in some way please be sure to let us know. We do not have a policy against anonymous letters, but we will be reluctant to include them.

November 29, 2001

   
From:	 Leandro Guimarães Faria Corsetti Dutra <leandrod@mac.com>
To:	 letters@lwn.net
Subject: GNU-Darwin for the x86
Date:	 Wed, 21 Nov 2001 13:16:19 -0200

"The battle to rename it GNU/Linux has not gone all that far, and 
resentment remains. The same spirit that causes FSF developers to push 
forward with HURD development also draws their attention to other, 
non-Linux alternatives."

	Attribution of motives and sentiments is never good journalism.

	The FSF and the GNU project supporters feels that calling GNU/Linux just 
Linux does a disservice to the philosophical struggle for free software, 
and it is hoped that the Hurd will be a superior kernel to the GNU system.

	But never in RMS writings or in anything published by the FSF or GNU 
project developers I've seen resentment towards whomever call GNU/Linux 
just Linux.  And the naming issue was never the reason behind the 
development of the Hurd; instead, it is believed that the microkernel 
with multiple servers architecture of the Hurd will make for a more 
flexible kernel for developers, testers and users, enabling the Hurd to 
progress more quickly and orderly than the Linux kernel after the Hurd 
reaches critical mass and a stable release.

	Please please please don't put words in other people's mouths.



-- 
   _
  / \  Leandro Guimarães Faria Corsetti Dutra    +55 (11) 5685 2219
  \ /  http://homepage.mac.com./leandrod/        +55 (11) 9406 7191
   X   Orange Telecom                            +55 (43) 322 89 71
  / \  Fita ASCII contra correio eletrônico HTML             BRASIL

   
From:	 Mark Bainter <mark-spamx@firinn.org>
To:	 letters@lwn.net
Subject: Editorials
Date:	 Mon, 26 Nov 2001 00:04:23 -0600

I appreciated the editorial regarding sourceforge.  Particularly
since it brings to voice concerns I've had privately of late.  Not
only for sourceforge, but also for freshmeat.  Both of which are
extremely valuable resources to the open source community.  Having
not only one in a precarious position like that, but both worries
me and smacks of poor design.  But as you said, it's not like there
is a line of companies looking to relieve valinux of the burden
they have so gladly (or so it seems to me) born for us.  
That said, I appreciate all VALinux has done, and is doing
for us.  I hope I don't sound like an ingrate.  ;-)  Here's
hoping another company steps up to help provide resources to
keep sourceforge/freshmeat alive.  If we could make their 
survival independant of any one companies existance I know 
I'd feel a lot better.

However, the Darwin editorial, while interesting and informative
at first devolved rather quickly into another annoying whine about
GNU/linux.  This is a topic that I (and I think many others, though
I can only speak for me) am really sick of hearing about.  I don't
see the people who make the tools used to build cars lining up to
whine about their names not being on the cars built with them.  I 
don't see lumber companies complaining because the companies building
houses don't include the name of the lumber mill in the name of the 
subdivision being built.  

Linux is it's own product.  The fact that GNU tools are used to 
build it, or were used to write it or (the more common argument)
are used to build a complete OS generally called "Linux" is really
not relevant.  I mean, if solaris suddenly started shipping gnu tools
as part of Solaris instead of their own would everyone be clamoring
to have Solaris renamed to GNU/Solaris?  I'm not a big BSD user,
but don't at least some of the *BSD distros use gnu tools?  Is no-one
going to complain that it should be renamed GNU/BSD?  Doubtfull.  

Come on.  Most everyone in the linux world knows who GNU is.  It's 
all over the place here, and I think most people do truly appreciate
the contributions the GNU foundation has made, and is making.  Can't
we move on?  Hasn't this horse endured enough abuse?  

It's dead Jim, stop beating it already.

   
From:	 Chris Lawrence <lawrencc@debian.org>
To:	 letters@lwn.net
Subject: bug reporting in noncommercial software
Date:	 Thu, 22 Nov 2001 01:52:12 -0600
Cc:	 Mark Bainter <mark@firinn.org>, Seth LaForge <sethml@ofb.net>,
	 David.Kastrup@t-online.de

As the author of Debian's reportbug, I'd like to thank Seth for his
comments about reportbug in the 11/15 LWN.  I'd also like to respond
to Mark's comments about bug reporting in general.

Mark says that each package should include its own bug reporting
frontend.  While laudable in theory, this introduces a number of
problems:

1. Lots of additional bug reporting tools.  On my Debian box, I have
bug reporting tools for mutt, libc, KDE, GNOME, and a few other
programs.  If everyone did it, we'd have a veritable raft of bug
reporting tools.

2. Lots of version skew.  In the case of mutt, its bug reporting tool
is a fork of Debian's "bug" command (reportbug's older, sh-script
sibling).  If we find bugs in "bug", their fixes have to be propogated
over to mutt's tool.

3. No real prescreening of bug reports.  Most people get their
software through distributions.  Probably 1/3 to 1/2 of problems
people have with software are distribution-specific issues (why didn't
X pull in library Y when I installed it, etc.).  If the libc people
say "report all libc bugs using glibcbug", they'll get a large number
of reports that are Debian's or Red Hat's or SuSE's fault.

Mark does raise a valid issue about what sort of information should be
included in bug reports.  A standard reportbug report includes:

- The package and version
- The specific file mentioned by the submitter (if specified)
- A severity tag used by the BTS and maintainers for triage
- The body text written by the user
- The output of uname -a and a few locale settings (LANG, LC_CTYPE)
- The first-level dependencies of the package, with versions
- Any modified configuration files (optional)

However, reportbug (and bug) include hooks for allowing them to report
additional information about the package.  Not many packages take
advantage of this, however (perhaps because it's poorly-publicized).
This allows what Mark wants: package-specific data collection, or even
an interactive troubleshooter.  For example, a picture viewer might
include a bug script requesting that the user try different X or
framebuffer settings, or identify whether the problem only affects
certain image formats.

reportbug also includes hooks supporting submission to different types
of bug tracking system; GNATS support was added for the now-no-longer
Progeny distribution, for example.

I'll be the first to admit reportbug isn't perfect... it really is
newbie unfriendly in places, for example, something I'd like to work
on.  But it definitely is something a "universal" free reporting tool
could be based on, and I'd be happy to add code to separate it from
its Debian-centricity (easy enough to do, really... just figure out
what distro it's running on and behave accordingly).


Chris
-- 
Chris Lawrence <lawrencc@debian.org> - http://www.lordsutch.com/chris/
   
From:	 Richard Kay <rich@copsewood.net>
To:	 dave@userland.com
Subject: RMS
Date:	 Sun, 25 Nov 2001 21:08:44 -0500
Cc:	 rms@gnu.org, letters@lwn.net

In http://scriptingnews.userland.com/backissues/2001/11/21 
   dave@userland.com  wrote:
> Do you work really hard to make good software? I do it every day. Does
> Stallman push the envelope? I haven't seen any evidence of that. Imho,
> the economy is still rewarding the wrong people. At one time if you
> pushed for excellence in software, you could build a nice business. I
> still believe that. But it's disheartening to see so much money go to
> support Stallman's theories. I believe this works against software
> breakthroughs, even software progress.

Richard Stallman (RMS) has probably done more than anyone to promote 
software reuse. In this respect his GPL represents one of the most 
effective works of software engineering ever written. Being able to 
modify a world-beating functional system (GNU/Linux) to suit my own 
needs such that I only have to focus on the coding which
modifies it to make it suit my own requirements ( e.g. see 
http://copsewood.net/shared-mailbox/shared-mbox.html ) has
largely been made possible by RMS's ground-breaking work. The
technical achievements of those working on the Linux kernel
and compatible free-software application infrastructure has
also been made possible, in no small part, due to RMS's direct work
earlier on the GNU C compiler and Emacs editor. There have
also been much greater indirect benefits through the
improvements for free sofware brought about by the difference
between BSD style licenses, which allow for the tragedy of
commons arising from the theft and distortion of free software 
by commercial interests who are obliged to give nothing back, 
and the GPL which encourages a more open and community-oriented 
style of software development.

> Something to think about. Would the $830K have been better used to
> support SourceForge?

Probably not. While SourceForge has given practical help to very
many projects, there are many willing to host such projects and
it is probably undesirable to have too many free-software
projects hosted un-mirrored on a single centralised server, subject
to whatever legislation a single nation's government and lobbyists 
might dream up. The potential benefits of promoting free-software
are very likely to outweigh supporting what should become a
profitable and self-supporting Internet business. 

It is possible that the same argument could be used to say
that supporting free software, if it is as useful as I suggest,
could also be carried out on a commercial footing. I have to 
disagree with this counter-argument, as the moral benefits of 
free software probably far outweigh the practical and commercial 
ones, in the sense that free software can act as a potentially 
liberating and democratising influence in areas other than just 
ICT, e.g. in areas as diverse as privacy, integrity of electronic voting 
systems and the ability of musicians, writers and artists to 
bypass corporate distributors who have traditionally controlled most 
intellectual property rights. These benefits should not be
lost and distorted through legislation sponsored by commercial 
interests such as the DMCA and SSSCA.

The papers which I have written and published on http://copsewood.net/ 
which are concerned with the potential for a more democratic,
sustainable and decentralised society are unlikely to have become
possible without the influence which has derived directly from
RMS's work.

Richard Kay
Senior Lecturer/Technologist
Technology Innovation Centre,
University of Central England,
Birmingham, UK.
   
From:	 Richard Stallman <rms@gnu.org>
To:	 rich@copsewood.net
Subject: Re: RMS
Date:	 Mon, 26 Nov 2001 04:48:45 -0700 (MST)
Cc:	 dave@userland.com, letters@lwn.net

Thank you very much for speaking up in my defense.  I would like
to correct one factual point about the prize itself.

$830k (actually a little less with current exchange rates) is the
total sum.  Since it is being shared by three people, I will get 1/3
of that--after taxes, perhaps $170k.  It's a nice sum of Hanukkah
gelt, and will make a difference for me, but it wouldn't support an
organization like Sourceforge for long.

   
From:	 "Jay R. Ashworth" <jra@baylink.com>
To:	 letters@lwn.net
Subject: Dave Winer and RMS
Date:	 Sat, 24 Nov 2001 14:03:44 -0500

Well, here we go again...

You know, it's funny.  Dave Winer used to be one of my favorite people.

I was lost in the world of Macintosh, back in 1992 -- I was helping
start a cool TV network called MOR Music TV, now, sadly, defunct --
when Frontier was in about release 3.something, and I fell in love with
it.  Given the lack of a command line on a Mac, Frontier was about the
closest you could get, and I liked the outliner-based approach to the
whole thing.  A lot.  Same reason I like Zope -- or I think I would, if
it would stop moving long enough for me to figure it out.  (Friendly
big Zope site administrators cheerfully solicited...)

Even though it's one of the best examples of "when all you have is a
hammer, everything looks like a nail", it worked, and it worked pretty
well.

And then I actually tried *interacting* with Dave.  I wrote to him, having
become a regular reader of his Scripting News weblog -- it was even my
browser homepage for some time -- and suggested that he might want to
look into Linux, and even maybe doing a port of Frontier to Linux.

He called me every kind of a mother-fscker, and several I think he made
up on the spot.  And then, less than a year later... he fell in love
with Linux.

So it shouldn't be any surprise that I take most of what Dave says with
a grain of salt (even though Doc Searls, whose opinions I respect
highly, doesn't).  But I think that his comments on RMS, quoted in this
week's LWN are particularly off base, and I'll tell you why.

"It's disheartening," Winer says, "to see so much money go to support
Stallman's theories."

I disagree -- although you probably had already figured that out by
now.  I've watched "open source" software for a very long time; I go
back to at least 1982 on Usenet, and a bit before that in working with
Unix, Xenix, and their ilk.  I am right here to tell you that the
driving force behind the creation and expansion of large,
multi-programmer projects in that arena has been Stallman's General
Public License.

I can't see anything else that could have made possible projects like
perl5 and 6, PostGreSQL 7, and, indeed, the Linux kernel itself --
RMS's insecure grumbling about why it's not referred to as "GNU Linux"
notwithstanding...


I also spend a fair amount of time working with the HylaFAX
(http://www.hylafax.org) fax server software package.  Originally written
by SGI's Sam Leffler, and mostly maintained by him up til about it's 4.0
release, the package got sort of stagnant for some time.  It now has 5 or 6
pretty sharp people working on it, and it's moving along again
nicely... but I can't help but wonder: is the reason that it has trouble
attracting even more people motivated enough to work on it that it is *not*
licensed under the GPL, but rather, under a license roughly equivalent to
the BSD license (which doesn't protect potential contributors from
commercial entities making off with their hard work without any recompense,
credit- or otherwise)?


General George C. Marshall, US Army Chief of Staff during WWII, and
author of the "Marshall Plan" -- which helped rebuild Europe after the
war and gained him a Nobel Peace Prize -- is most generally credited
for the observation that "there's no limit to what a man can achieve if
he isn't concerned whether or not he gets the credit for it". 

The GPL is my favorite example of this, with the delightful twist of
irony that it works almost precisely by preserving the credit due to
those people who write the code released under it -- which is all it
preserves.  The only person whose credit isn't really that well
preserved is RMS's.


So, for putting up with 20 or 25 years of the lifestyle engendered by
the beliefs that gave us the GPL and, hence, the OS running on the
laptop I'm writing this letter on, hell yeah, I think RMS is entitled
to the prize he's been awarded.

There's nothing wrong with asceticism... except for that class of
problems that money is all it takes to fix.

---

On a final note, I find it amusing that Winer snipes at Danny O'Brien,
of NTK.  O'Brien is sitting there, in front of Linus and everybody,
asserting that Winer's also done something worth rewarding, and Dave
gets pissy over it.

Some people just think too much, I think.

But who knows; maybe it's just me.

So many things are just me.

Cheers,
-- jra
-- 
Jay R. Ashworth                                                jra@baylink.com
Member of the Technical Staff     Baylink                             RFC 2100
The Suncoast Freenet         The Things I Think
Tampa Bay, Florida        http://baylink.pitas.com             +1 727 804 5015

   "If you don't have a dream; how're you gonna have a dream come true?"
     -- Captain Sensible, The Damned (from South Pacific's "Happy Talk")
   
From:	 Micah Yoder <micah@yoderdev.com>
To:	 letters@lwn.net
Subject: Future of SourceForge
Date:	 Wed, 28 Nov 2001 00:58:14 -0500

Hi,

There seems to be a sentiment out there that SourceForge is in danger of 
being shut down by VA Linux.  As you said in your 11/22/01 front page,

> SourceForge is an expensive gift from VA Linux to the free software 
> community; if VA continues to bleed cash and continues to move toward 
> proprietary software, the company will eventually be forced to look at 
> ending that gift.

Frankly, I don't think we have anything to worry about, at least for a couple 
years.  SourceForge (the now proprietary software) is the cornerstone of the 
new VA Linux business model.  They are focusing on selling this software for 
use in Global 2000 companies.  But how are they going to inspire confidence 
in those companies and sell their software as a solution?  How are they going 
to prove that their main product is useful and scalable?

Right!  SourceForge.net!

In addition to being proof that their primary product works and 
enterprise-ready, SF.net also ensures that there are thousands (nearly 
300,000 actually) of users who are familiar with their product, based on 
their Open Source work hosted at SF.net.  Many of these users will then, 
supposedly, recommend SourceForge Enterprise to their employers.

The bottom line is that VA Linux cannot possibly afford to take SF.net down.  
It would be suicide!  I am therefore convinced that it will be around as long 
as VA is in business.  (Unless they change their business model again, but we 
won't get into that!)

That brings up another question:  How long will VA be in business?  According 
to their recent annual report, they had $60 million in cash as of July 28.  
Granted, they had $123 million a year prior, but 1) they now have fewer 
employees and 2) last year involved some enormous expenses involving their 
changed business model.  They should be able to last AT LEAST another year 
without making a dime.  But they already have some enterprise customers, and 
hopefully they will get more this year.

So don't worry about SourceForge.net.  It won't be disappearing anytime soon.

Micah

-- 
Like to travel?                        http://TravTalk.org
Micah Yoder Internet Development       http://yoderdev.com

   
From:	 "Jonathan Day" <jd9812@my-deja.com>
To:	 letters@lwn.net
Subject: The folly of slowing down
Date:	 Wed, 28 Nov 2001 07:59:07 -0800

Dear editors,

  I have to disagree with Linus Torvalds (gasp!) when he argues that there
need to be fewer fundamental changes. The problem is that "stable" code is
also stagnant code, which means that as the dependencies age, it becomes
"unstable, but intractible" code.

  This is one of the genuine problems that is half-jokingly referred to as
"bit-rot". Of course, the bits don't actually decay with time, but the
assumptions on which they are built -do-. And that can kill an OS.

  What we need are far MORE fundamental changes between stable
releases. Keep EVERY element of the kernel alive. If there is a single line
of actual code older than a year in the kernel, then someone is being
slack. Either the maintainer isn't refining their skill set (and thereby
rotting, in themselves), or the code isn't being scrutinised nearly often
enough for potential bugs, security holes, etc.

  Replacing the virtual memory system took over 170 patches, if I
understand correctly. Far too many. A sign that the code isn't being
actively worked on, nearly enough. Why? Because no sane coder would develop
code that hard to maintain, if they were actively thinking about it. You
just can't keep track of 170 fragments of code as easily as you can one
self-contained unit.

  IMHO, 2.5.x needs one gigantic, fundamental change, if it is to survive
another 10 years.  It must be ripped apart, and sewn together, as many
times as it takes to seperate out entangled code. (The IPv4/IPv6/IGMP
entanglement is positively horrible! IPv6 development is now -years- behind
other Linux IPv6 stacks, we STILL don't have IGMPv3, it's not possible to
have an IPv6-only box, IPv6 netfilter can't do a quarter of the things
IPv4's can, and those are just the problems I've noticed.)

   The day Linux is allowed to stagnate is the day Linux will die. I know
this is personifying it slightly, but oh well. Linux lives to grow, and
grows to live. It is, in a sense, a living thing. You feed it and nurture
it, it'll thrive. Cut it down, to "preserve" it, and all you have is a dead
thing.  Is that what we want?  Really?

Jonathan Day


------------------------------------------------------------
--== Sent via Deja.com ==--
http://www.deja.com/
   
Eklektix, Inc. Linux powered! Copyright © 2001 Eklektix, Inc., all rights reserved
Linux ® is a registered trademark of Linus Torvalds