[LWN Logo]
[LWN.net]

Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise news for all interests


Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

Other LWN stuff:
 Daily Updates
 Calendar
 Linux Stocks Page
 Book reviews
 Penguin Gallery

 Archives/search
 Use LWN headlines
 Advertise here
 Contact us

Recent features:
- RMS Interview
- 2001 Timeline
- O'Reilly Open Source Conference
- OLS 2001
- Gaël Duval
- Kernel Summit
- Singapore Linux Conference
- djbdns

Here is the permanent site for this page.

See also: last week's LWN.

Leading items and editorials


Linux Kongress mini-summary. The 8th Linux Kongress was held on November 28 to 30 in Enschede, the Netherlands. This event is one of the oldest Linux gatherings still around, and it was the site of Linus's first talk on his new creation. It remains a small, technical, and kernel-oriented meeting, with developers making up much of the attendance.

Much of the interesting talk happened before the conference itself started. A well-attended clustering workshop nailed down a detailed plan for the creation and implementation of the "Open Cluster Framework," a set of standards intended to help the development of cluster-based applications. The shape of the Framework architecture is beginning to emerge; details will be put up on the new web site at opencf.org, which, as of this writing, is not yet available.

The Netfilter team also gathered to discuss the future of firewalling with Linux. Perhaps the best news is that it appears, for the first time in a while, that the Linux firewalling implementation will not be replaced wholesale in the 2.5 development series. A lot of work is still planned, however; some of it will be covered in a future LWN kernel page.

The conference itself was made up of a solid set of technical talks. The real value in these events, however, is in getting that many developers into the same room and letting them talk about what they are doing. It is clear that the community needs these occasional opportunities to meet and socialize. As money gets tighter, however, these opportunities could prove harder to come by. Let us hope that our companies and governments see the advantages in continuing to support developer meetings.

Those who are interested can have a look at the slides from LWN editor Jonathan Corbet's talk on upcoming kernel developments. See also: Martin Schulze's writeup of the event.

Evolution, again, and proprietary offshoots. Our review last week of the Evolution 1.0 release candidate drew a fair amount of mail. Most pointed out that there is, indeed, a way to generate a contact entry from a mail message; one simply clicks on the sender's address with the right mouse button. It's good that the feature exists, but the difficulty of finding it points out the need for continued usability testing for Linux desktop software. Desktop software, after all, really should be sufficiently user friendly that even an LWN editor can figure it out. Without a serious commitment to usability testing, the Linux desktop will continue to be a second-tier offering.

Meanwhile, Ximian has released the final version of Evolution 1.0. It's available for free download, or for purchase as a boxed product. Expect it to show up in your favorite distribution before too long.

The 1.0 release is significant, but more attention seems to have been drawn to the announcement of "Ximian Connector." Connector's purpose is to turn Evolution into a full Microsoft Exchange client. Unlike Evolution, it is a proprietary product with a per-seat charge. Also, in the best proprietary software tradition, it's vaporware; Connector is not actually available until sometime "early next year."

A year or two ago, the Connector product would have drawn a great deal of criticism. After all, Ximian is supposed to be about free software. The relatively muted nature of the complaining shows that, perhaps, times really have changed. Nobody assumes that Ximian will be able to survive just by virtue of cranking out useful code. The money has to come from somewhere.

The choice of Connector as a proprietary add-on was clever. Connector's purpose is to ease the integration of Evolution into proprietary environments. People who are concerned about running only free software will, in general, have no use for Connector, and will not be affected by its proprietary nature. The only people who will have to pay are those who are already running proprietary systems.

If this plan works out, a number of things will be accomplished. The Linux community will have a top-quality, graphical mail (and more) client that will continue to see serious development. Linux will become a more viable desktop system in corporate environments, and its adoption will grow. That, in turn, will lead to more Linux applications and more resources for Linux development in general. And Ximian will have succeeded in showing that it is possible to make major contributions to the free software community and, simultaneously, thrive as a business.

Difficult days for DMCA opponents. Shortly after last week's LWN weekly edition came out, a couple of rulings were handed down in outstanding cases challenging the Digital Millennium Copyright Act. The news was not good.

In the 2600 DVD case, the appeals court upheld entirely the initial ruling that posting (or linking to) the DeCSS code was illegal. Those who are interested can go read the full ruling. Essentially, the court agreed that code is speech, but that the government still had the authority to regulate it. Fair use concerns were brushed aside with a note that the Constitution does not actually protect fair use.

The only remaining course of action in this case is an appeal to the Supreme Court; it has not yet been decided whether that step will be taken or not.

The Felten case, which is actively challenging the DMCA, was thrown out of court on motions from the U.S. Department of Justice and the Recording Industry Association of America. This ruling does not appear to be online; the EFF plans to appeal this decision.

See this issue of EFFector for more information from the EFF on both cases, as well as a motion that has been filed to dismiss the Bunner DVD case.

Inside this LWN.net weekly edition:

  • Security: Fun with wu-ftpd; OpenSSH updates.
  • Kernel: Thrashing the block I/O layer; integrating kbuild and ALSA.
  • Distributions: A mini review of KRUD 7.2; SnapGear offers uClinux distribution.
  • Development: The Python IAQ, Pear::DB, Snort 1.8.3, WaveSurfer 1.2, Mpg321 0.2.3, 4st Attack 1.0, Python Checkbook Manager 0.5, Pan 0.11.1 Newsreader, TinyCOBOL 0.55, Jython 2.1b1, GDB 5.1.
  • Commerce: Richard Stallman wins Takeda Award; LinuxWorld NY conference program; HP's blade server announcement.
  • History: "Jikes"; Linus Torvalds guest of honor in Finnish Presidential Palace; Andover.Net went public.
  • Letters: Evolution; SourceForge.
...plus the usual array of reports, updates, and announcements.

This Week's LWN was brought to you by:


December 6, 2001

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

See also: last week's Security page.

Security


News and Editorials

Fun with wu-ftpd. As reported last week, a new, remotely exploitable vulnerability has been found in wu-ftpd. This server seems to have had more than its share of difficulties; one can only hope that we are coming to the end of the list.

The people publicizing this hole really tried to do the right thing: they gathered together a list of vendors shipping wu-ftpd, and set up a coordinated release date for updates. The idea was that everybody would have a fix available when the word got out that there was a problem. It almost worked, except that somebody at Red Hat slipped up and sent an alert out early. Red Hat undoubtedly should have been more careful, but, given the number of vendors involved, it's not surprising that somebody made a mistake. Coordinating that many groups is never going to be easy.

Most of the top-tier distributors have been quick to get their updates out there; the full list appears in the "updates" section, below. There are a couple of glaring exceptions, however. Turbolinux, in particular, is notable in its absence. In fact, according to the Turbolinux "Security Center," that distributor has not issued a single update since last June. Either Turbolinux has found an amazing way to avoid vulnerabilities, or that company is failing its customers with regard to security.

Meanwhile, the most important thing is for the wu-ftpd patch to be applied as widely as possible. This is the worst sort of vulnerability, the kind that wide-ranging, destructive worms are made of. Exploits for this vulnerability will be widespread before long; sites running the vulnerable code will have reason to regret it before long.

(See also: CERT's advisory on this vulnerability).

OpenSSH 3.0.2 released. OpenSSH 3.0.2 has been released. It includes a security fix for the "UseLogin" option; sites which enable UseLogin are vulnerable to certain types of local attacks. UseLogin is not enabled by default, however, so most installations are probably not vulnerable.

Security Reports

A Red Hat OpenSSH update. Red Hat has issued a new OpenSSH update with some new fixes. One is for the restricted command vulnerability first reported in the September 27 LWN security page; despite the passage of almost two months, this is the first update we have seen for this particular problem. Also fixed is a bug in the code which attempts to frustrate passive analysis attacks.

More OpenSSH updates. Both Debian and Red Hat have updated OpenSSH to fix the (obscure) UseLogin vulnerability. Both appear to have backported that particular fix from OpenSSH 3.0.2 to earlier versions. This Red Hat update supersedes the one mentioned above.

Other updates from Debian. Another set of alerts has come from Debian, including fml (cross-site scripting vulnerability in this mailing list manager), icecast-server (several remotely exploitable holes), and xtel (symlink attacks). The icecast update, in particular, looks like one that should be applied.

Problems with libgtop_daemon. The libgtop_daemon package, a GNOME program which makes system information available remotely, has a format string vulnerability which is remotely exploitable. This bug is fixed in version 1.0.13. Unfortunately, this package also has a buffer overflow problem which remains unfixed as of this writing (there is a patch in the advisory, though).

Buffer overflow in frox. The "frox" FTP proxy has a buffer overflow problem that could be exploited by a hostile server. The fix is to upgrade to version 0.6.7.

web scripts. The following web scripts were reported to contain vulnerabilities:

  • The PGPMail script, version 1.31, has a vulnerability that can allow execution of commands by a remote attacker. A patch is included in the advisory.

Updates

wu-ftpd buffer overflow. The wu-ftpd FTP server contains a remotely exploitable buffer overflow vulnerability; anybody running this package should already have upgraded. Versions up through 2.6.1 are vulnerable, as are 2.7.0 testing snapshots. (First LWN report: November 29).

This week's updates:

Previous updates:

OpenSSH restricted host vulnerability. Versions of OpenSSH prior to 2.9.9 have a vulnerability that can allow logins from hosts which have been explicitly denied access. The fix is to upgrade to OpenSSH 2.9.9. This problem first appeared in  the October 4 LWN security page.

This week's updates:

Previous updates:

Postfix session log memory exhaustion. Postfix 20010228, and some earlier verions, have a denial of service vulnerability. The SMTP session log could grow to an unreasonable size. (First LWN report: November 29, 2001).

This week's updates:

Previous updates:

Cyrus SASL format string vulnerability. A format string bug in the Cyrus SASL authentication API for mail clients and servers may be remotely exploitable. (First LWN report: November 29, 2001).

This week's updates:

Previous updates:

Directory indexing and path discovery in Apache. Versions of Apache prior to version 1.3.19 are vulnerable to a custom crafted request that can cause modules to misbehave and return a listing of the directory contents by avoiding the error page. (First LWN report: September 20, 2001).

This week's updates:

Previous updates:

Resources

MandrakeSoft launches security web site. MandrakeSoft has announced the launch of a new web site, MandrakeSecure.net, dedicated to Linux security. It is mostly of interest, of course, to those working with the Mandrake Linux distribution.

Newsletters from LinuxSecurity.com. Here's the latest Linux Advisory Watch and Linux Security Week from LinuxSecurity.com.

Secure distribution list. Here's a list of secure Linux distributions put together by Deepak Kumar Gupta.

Events

Upcoming Security Events.
Date Event Location
December 6 - 7, 2001Lisa 2001 15th Systems Administration ConferenceSan Diego, CA.
December 6, 2001InfoSecurity Conference & ExhibitionJacob K. Javits Center, New York, NY.
December 10 - 14, 2001Annual Computer Security Applications ConferenceNew Orleans, LA
December 27 - 29, 200118th Chaos Communication CongressBerlin, Germany

For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net.

Section Editor: Jonathan Corbet


December 6, 2001

LWN Resources


Secured Distributions:
Astaro Security
Castle
Engarde Secure Linux
Immunix
Kaladix Linux
NSA Security Enhanced
Openwall GNU/Linux
Trustix

Security Projects
Bastille
Linux Security Audit Project
Linux Security Module
OpenSSH

Security List Archives
Bugtraq Archive
Firewall Wizards Archive
ISN Archive

Distribution-specific links
Caldera Advisories
Conectiva Updates
Debian Alerts
Kondara Advisories
Esware Alerts
LinuxPPC Security Updates
Mandrake Updates
Red Hat Errata
SuSE Announcements
Turbolinux
Yellow Dog Errata

BSD-specific links
BSDi
FreeBSD
NetBSD
OpenBSD

Security mailing lists
Caldera
Cobalt
Conectiva
Debian
Esware
FreeBSD
Kondara
LASER5
Linux From Scratch
Linux-Mandrake
NetBSD
OpenBSD
Red Hat
Slackware
Stampede
SuSE
Trustix
turboLinux
Yellow Dog

Security Software Archives
munitions
ZedZ.net (formerly replay.com)

Miscellaneous Resources
CERT
CIAC
Comp Sec News Daily
Crypto-GRAM
LinuxLock.org
LinuxSecurity.com
Security Focus
SecurityPortal

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

See also: last week's Kernel page.

Kernel development


The current development kernel release is still 2.5.0. Linus's current prepatch is 2.5.1-pre5. With recent prepatches, life has gotten interesting; we have a true development kernel once again. Things that have gone into 2.5.1 so far include:
  • The new driver model implemented by Patrick Mochel. This code implements a system-wide tree of all devices which will be helpful for system configuration and power management tasks; it was covered in the October 25 LWN kernel page.

  • The beginnings of the block layer thrash-up (see below).

  • Richard Gooch's new devfs core code. The end result of this work should be a more stable devfs, but it's giving some people difficulties at the moment; approach with care.
In general, it pays to be careful with the 2.5.1 prepatches. Some of the changes are truly disruptive, and a bit of instability is to be expected for a while yet.

The current stable kernel release is 2.4.16. Marcelo ("the wonder penguin") has released 2.4.17-pre4, which contains a relatively lengthy list of fixes and updates. Here, too, the new devfs code is causing difficulties for some users.

On the 'design' of Linux. For those who haven't yet seen it elsewhere, here's Linus's 'Linux wasn't designed' message that was widely circulated. In another message, Linus talked further on how he thinks software gets built:

It's "directed mutation" on a microscopic level, but there is very little macroscopic direction. There are lots of individuals with some generic feeling about where they want to take the system (and I'm obviously one of them), but in the end we're all a bunch of people with not very good vision.

And that is GOOD.

It does seem that quite a bit of progress can be made, even with poor vision.

Ripping up the block layer. It has been long understood that the 2.5 development series would include major changes to the block (disk) I/O layer. The block code has no end of performance problems, especially on high-end systems; it's also quite ugly in a number of places. So, the integration of Jens Axboe's new block I/O code, while highly disruptive, is a good thing.

Since 2.2, much of the block I/O subsystem has worked with a single spinlock, called io_request_lock. If the system was trying to figure out how to merge a request into a very long queue, or if a block driver was slow in figuring out what it wanted to do, all other block operations would have to stop and wait. This lock was serializing operations which had nothing to do with each other, and was an obvious scalability bottleneck.

With 2.5.1, that lock is no more; instead, each request queue (which, in well-written drivers, corresponds to each device) has its own lock. This kind of change can be scary, since some drivers will have depended on the global serialization enforced by io_request_lock; its removal has the potential to create subtle and nasty bugs. It may be a little while before all the block drivers are known to be safe.

Another problem with the old block code was its use of the "buffer head" ("bh") structure as the building block of the request queue. Higher-level code would go to some lengths to create large, contiguous block I/O requests, which would then be fragmented into a large number of single-block requests, each with its own buffer head. The elevator code then had the task of trying to merge the request back together again.

Buffer heads are now a thing of the past, at least as a visible part of the block I/O interface. Block I/O requests are now described by a new bio structure which, in turn, contains a list of bio_vec structures describing the data to be transferred. The bh structure included a virtual pointer to the data to be transferred; the new structures, instead, contain struct page pointers directly into the system memory map.

Much of the kernel has moved toward working with page structures, often as a result of the challenges of dealing with high memory, which has no virtual mapping into kernel space. Block drivers will now have to deal with high memory directly, but support code has been provided to make that easier. The advantages of working with page structures are worth the trouble; in particular, handling large, clustered requests from the raw I/O layer (or the pending asynchronous I/O patch by Ben LaHaise) will be much easier.

Also included are the block-highmem patches, which enable DMA operations directly to and from high memory. With the 2.4 kernel, such operations require copying data via "bounce buffers" in low memory. Bounce buffers can create severe performance problems on large-memory systems, and they are (usually) entirely unnecessary.

Finally, a whole set of support code has been added which hides much of the structure of the request queue from block drivers. Included is a nice routine for setting up DMA requests easily. The result is that all block drivers must be updated, but the resulting code should be simpler.

The block work is far from done, however; quite a bit of work is still pending. Jens has already stated his plan to break all of the block drivers again shortly. Upcoming changes include moving the building of SCSI-like commands into the generic block layer, and running ioctl() operations through the request queue so that they are automatically serialized with the I/O operations.

For more information, see Jens's writeup of the block I/O changes so far, and Suparna Bhattacharya's notes on the LSE web site.

Merging the new kbuild. Back at the Kernel Summit, it was agreed that one of the first things to happen in 2.5 would be the integration of the new kbuild code. Block I/O has jumped in first, but kbuild remains on the agenda. To push things forward, Keith Owens has proposed a schedule for the merging of kbuild. It calls for the new build code to be added in 2.5.2-pre1, and the old system to be ripped out in -pre2. The original plan called for deferring the integration of CML2 until 2.5.3, but Eric Raymond was less than thrilled with the idea. So a revised version of the timeline has CML2 going in simultaneously with kbuild. There's just a couple of obstacles to overcome, like the fact that the two do not currently work together. One assumes these little details can be dealt with.

There has been little comment on the plan to integrate the new kbuild; it does not appear to be a controversial change (though there is a little grumbling about the new kbuild being slower).

Most speakers, when giving a talk, try to be well tuned to signals from the audience. So, when your editor was addressing folks at Linux Kongress about 2.5 changes, the sound of vomiting from the seats got his attention. The subject at hand was, of course, CML2. This development remains controversial, and the talk of integrating it with kbuild started up the same old flame wars.

Said wars have been covered in this space in the past, and there is very little to add. In theory, Linus has said he will merge CML2 and the topic should be moot. Eric Raymond did not help things, however, with his statement that he plans to try to get Marcelo to integrate CML2 into the 2.4 tree as well. This idea, at least, is not controversial - almost nobody seems to think it's a good idea. The 2.4 kernel just does not need that sort of change.

With regard to 2.5, the main stumbling point still appears to be the use of Python 2 as the implementation language. One would think people could just install Python and be done with it, but it's apparently not so simple. Most of the dissenters are just grumbling, but there are a couple of other efforts out there. Greg Banks has a CML2 in C project going, though progress has pretty well stopped in recent months. Jan Harkes, instead, has put together a patch which ports the CML2 code to Python 1.5. Since the older Python is available on more older systems, one would hope this patch might help reduce the complaining somewhat.

But, then, as devfs shows, some developments never seem to reach a point of being accepted by everybody. (Current versions of these patches are kbuild 1.1.0 and CML2 1.9.4).

Eliminating sleep_on. For years, the standard way to put a process to sleep within the kernel is with the sleep_on() function or its variants. sleep_on() simply blocks the calling process until somebody explicitly wakes it (or, in some cases, a signal or timeout happens). On SMP systems, however, sleep_on() has a serious problem. Consider a typical usage:

    if (something not ready)
        sleep_on(&my_wait_queue);
If the "something" becomes ready between the two lines of code, the wakeup event will be missed and the process may sleep for much longer than intended.

Workarounds for this problem have existed for a long time. The wait_event() macros handle this case without races; often semaphores or the newish "completion event" interface can be used. If all else fails, a relatively complicated "manual sleep" can be coded. All of these techniques are used in the kernel, but code that calls sleep_on() still exists.

The plan for some time has been to remove sleep_on() in the 2.5 series, on the theory that there is no safe way to call it. Now that patches are going in, people have begun to ask when this removal might take place. The answer, for now, is a patch from David Woodhouse. It does not yet go so far as completely removing the function; instead it adds some checks which detect (and complain about) unsafe calls. It is a gradual approach, but the intent remains the same: eventually sleep_on() and friends will go away, and any code that still calls them will have to be updated.

Incremental prepatches. H. Peter Anvin has announced a much-requested feature for the kernel.org archives: incremental prepatches. Posted prepatches are relative to the last official kernel release; users wishing to go from one prepatch to another have to restart with a clean kernel, or explicitly back out the previous prepatch. With the new scheme, it is necessary only to download the (usually smaller) incremental patch and apply that. The incremental patches will also make it easier to see exactly what has changed between prepatches.

Integrating ALSA. The Advanced Linux Sound Architecture project has been working since early 1998 to build a better sound subsystem for the Linux kernel. Some people were surprised that ALSA was not integrated into 2.4, but the fact is that the project never proposed its code for that release. The ALSA hackers have been taking their time and trying to get it right.

Now, however, it appears that the time has come. ALSA maintainer Jaroslav Kysela has indicated that he and the code are ready, and Alan Cox has encouraged him to submit it. The last call belongs to Linus, of course, but chances are good that ALSA will find its way into a 2.5 kernel before too long. It will probably live alongside the OSS drivers for a while, but, in the long term, it seems certain that OSS will eventually be removed.

Other patches and updates released this week include:

  • Peter Braam has released version 1.0.6-test1 of the InterMezzo filesystem. There is also an InterMezzo roadmap available for those interested in where this distributed filesystem is going.

  • Larry McVoy has posted a partial description of his long-standing "ccCluster" idea. Worth a read for a different approach to multiprocessor systems.

  • Christoph Rohland has posted a document for the tmpfs filesystem, intended for the kernel documentation directory.

  • IBM has released version 1.0.10 of the JFS journaling filesystem.

  • Richard Gooch has released a pile of devfs updates, including devfsd-v1.3.20, devfs-v99.21 (for 2.2 kernels), devfs-v199.3 (for 2.4) and devfs-v203 (for 2.5).

  • Davide Libenzi has posted a patch which implements "task struct coloring." This coloring is the spreading of task structure alignment so that they do not all sit on the same cache line (which is currently the case). The result should be improved kernel performance, especially on SMP systems. A later version of the patch also adds kernel stack coloring.

  • Bert Hubert has posted a set of documents describing the kernel's network traffic control capabilities. Traffic control has been present since 2.2, and it provides some very nice features, but lack of good documentation has limited its usage. This work is a welcome step in the right direction.

  • Version v1.13 of the Dolphin PCI-SCI driver has been released by Jeff Merkey.

  • Keith Owens has released kdb v1.9 for the 2.4.16 kernel.

  • ext3 0.9.16 for 2.4 kernels was released by Andrew Morton.

  • The international kernel patch is back: a beta version for 2.4.16 was announced by Herbert Valerio Riedel.

  • Nathan Scott has posted a new version of the extended attributes interface.

  • A patch improving the performance of kernel statistics counters was posted by Ravikiran G Thirumalai.

  • Ian Stewart has announced a new release of the AC'97 "linmodem" driver.

Section Editor: Jonathan Corbet


December 6, 2001

For other kernel news, see:

Other resources:

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

See also: last week's Distributions page.

Note: The list of Linux distributions has moved to its own page.

Distributions


Please note that security updates from the various distributions are covered in the security section.

News and Editorials

A mini review of KRUD 7.2. KRUD is an acronym for Kevin's Red Hat Uber Distribution. An initial installation of KRUD looks just like a typical Red Hat Linux installation. But with a modest subscription to KRUD, you also get a monthly CD with all the errata and package updates for your Red Hat Linux installation. KRUD is produced by tummy.com.

So when I decided that my work system needed an upgrade, I decided to get some KRUD. I initially installed KRUD 6.2, it didn't take very long and then I had a stable system, but the 7.2 discs beckoned and I went for it. The anaconda installation was smooth. I was able to easily configure my network. Before long I had the newly upgraded system I'd been looking for, with Nautilus, a Mozilla browser, ext3 filesystem, and lots of other good stuff. And, I didn't have to go browsing all over the net to get the latest security updates, those get installed as the system is built. Check this space next week for a better list of KRUD features.

SnapGear offers uClinux distribution. SnapGear has announced the availability of a new uClinux distribution which supports several microprocessors and embedded system configurations. There is a choice between the 2.4.10 or 2.0.39 kernels; FreeS/WAN and PPTP are included as well.

New Distributions

DyneBolic. DyneBolic is a GNU/Linux based live bootable CD-ROM. Leave the MS Windows on the disk, if you must. DyneBolic runs off the CD and won't effect your hard drive. (Thanks to Joe Klemmer).

KNOPPIX. KNOPPIX is a complete GNU/Linux installation which runs from CD, with automatic hardware detection and configuration for many graphics and sound cards, SCSI devices, and peripherals. KNOPPIX can run as a Linux demo, as a training CD, as a rescue system, or as a platform for commercial software product demos. There is no need for any installation on the host system's fixed disk. The KNOPPIX disk hosts up to 2 gigabytes of executable software via transparent decompression of the disk image. Thanks to Karsten M. Self for the pointer and for this translation of the German web site.

Distribution News

Mandrake Linux. MandrakeSoft has announced the availability of Mandrake Linux 8.1 for the Itanium architecture.

Check out the Advent Calendar, based on stories of how Mandrake Linux is being used in businesses.

The "Mandrake Linux Users Club" has been launched. This is a nice way to show your support for Mandrake Linux.

Another new web site launched at MandrakeSoft is MandrakeSecure. Find out what you need to know about Mandrake Linux security.

You know that Mandrake is cooking up a PPC version, right? Well now there's a hands-on guide to Mandrake PPC Cooker.

Red Hat. RLX Technologies announced that Red Hat Linux 7.2 is available immediately pre-installed on energy-efficient, ultra-dense RLX ServerBlades.

Red Hat has release bug fix advisories with updates for gdb and also up2date and rhn_register.

Slackware. LinuxSalute.com is looking for several persons interested in participating in the beta test of its collection of binary packages for Gnome on Slackware systems.

There have been several changes to the Slackware-current Intel branch. See the ChangeLog for details.

Tim Patterson told us about UserLocal.com and we are passing it on. Here is Tim's Installing Apache, PHP4 and MySQL On A Slackware 7.x or 8.x Linux Server How-To!

Minor Distribution updates

Coyote Linux. The Coyote Linux web site had some problems recently, but it's now back on line with more bandwidth than ever before.

DragonLinux. DragonLinux has released the DragonLinux v2r2 pre-release. This version has a more up to date base system, but was released with much less testing and documentation changes. Handle with care.

Engarde update for imap. Engarde Secure Linux has issued a bug fix advisory that addresses a problem with imap certificate files. "The default certificate for the simap and spop3 services expired on Tuesday, November 27, 2001. This update re-issues those certificates."

Gentoo Linux. Gentoo Linux is an x86-based Linux distribution geared towards developers and network professionals. Version 1.0_rc6-r11 was released December 1, containing mostly minor bugfixes.

Linux From Scratch. The Linux From Scratch project is intended for Linux users who want to build their own custom Linux system. Version 3.1 was released December 3.

Mindi-Linux. Mindi-Linux uses a skeleton ramdisk and your kernel, modules, and tools to build a boot/root disk set. Version 0.46, released November 29, contains minor bugfixes.

Distribution Related Interviews

DesktopLinux.com interviews Redmond Linux CTO Joseph Cheek. Rick Lehrbaum interviewed Redmond Linux founder and CTO Joseph Cheek, to learn more about the company, its new Linux distribution, and its future plans. "RL: How did Redmond Linux begin? When and how did you begin the project?

Cheek: A year and a half ago. Everyone I tried to explain Linux to had a difficult time if they didn't have lots of computer and Linux experience. It was hard for new users to pick up. I wanted to change that."

DebianPlanet: Interview with Adam Di Carlo (of Debian-Boot). This interview with Adam Di Carlo investigates the past, present and future of the Debian installation system.

What does the future hold for the installer beyond woody?

Well, after woody, the boot-floppies package will be removed; we're changing over to a new system called 'debian-installer'.

It should be noted here first that the boot-floppies system is a very ancient code base. I believe there still some lines in there from Eric Raymond! It has some very deep design flaws, the worst being overall fragility and too much "coupling" in the technical parlance. It is very sensitive to changes in the base system of the Debian archive. The build process is a monster. And the installer itself isn't modular and doesn't do the right thing when it fails.

Section Editor: Rebecca Sobol


December 6, 2001

Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

See also: last week's Development page.

Development projects


News and Editorials

The Python IAQ: Infrequently Answered Questions Peter Norvig and a group of Python experts have published The Python IAQ, a list of Infrequently Answered Questions. "A question is infrequently answered either because few people know the answer or because it is about an obscure, subtle point (but a point that may be crucial to you)."

Here's the current list of the questions that are answered:

  • Can I do ++x and x++ in Python?
  • Can I use C++'s syntax for ostreams: cout << x << y ... ?
  • Is there a better syntax for dictionary literals? All my keys are strings.
  • Is there a similar shortcut for objects?
  • That's great for creating objects; How about for updating?
  • Hey, can you write code to transpose a matrix in 0.007KB or less?
  • How do I do Enumerated Types (enums) in Python?
  • Why is there no ``Set'' data type in Python?
  • Should I, could I use a Boolean type?
  • Can I do the equivalent of (test ? result : alternative) in Python?
  • What other major types are missing from Python?
  • How do I do the Singleton Pattern in Python?
  • Is no "news" good news?
  • Can I have a history mechanism like in the shell?
  • How do I time the execution of my functions?
Explanations and example code are provided for all of the questions. Check it out and boost your understanding of Python esoterica.

Audio Projects

ALSA 0.5.12a driver released. The 0.5.12a release of the ALSA sound driver is available. This version fixes problems between ALSA and 2.4.14+ kernels.

Databases

Pear::DB Primer (O'Reilly). O'Reilly is running an article by Joao Prado Maia on Pear::DB. "People start out thinking that platform A is the best one and out of the blue, a business need or a strategic partnership necessitates a change to the project plan. Most of the source code will need to be reviewed to check for problems caused by the database switch.

That is, unless the project was designed to work with any database server that has a significant market share. This is the objective of the PEAR::DB library, which is a part of the PEAR project."

Directory Management Systems

Ganymede 1.0.9 available. Version 1.0.9 of the Ganymede directory management system has been released. This version includes an important fix for an XML parser error that showed up in the previous release.

Software for Disabilities

Programming in the dark. Hans Schou talks about the development of Linux device drivers for several Braille data terminals. "There was not a Linux driver for this terminal, to be found on the net. We know the rules: either you make one yourself, or you are lucky to get help from someone on the net who knows how to do it. We were lucky - Dave Mielke wrote a new driver within only two days and it was working right out of the box.

It might have been easier for Dave Mielke, if he actually had the hardware in front of him. But as Dave Mielke lives in Canada and we in Denmark (Europe) and he had no device, he had to do it in blind - so to speak. Well, Dave Mielke is actually 100% blind, so the C program really was written in the blind."

Documentation

Linux Documentation Project Weekly News. The LDP Weekly News for December 4 is out. The main topic is interesting: apparently most of the LDP document collection carries a license that is not 100% free, with the result that it will soon be removed from the core Debian distribution. A call has gone out for LDP document authors using the old LDP license to relicense their work in the near future to avoid this occurrence.

Embedded Systems

Embedded Linux Newsletter for November 29, 2001. The November 29, 2001 edition of the LinuxDevices Embedded Linux Newsletter is out. This week features a look at Red Hat's embedded Linux developer suite, a look at some new Linux PDA games, and more embedded Linux news.

Mail Software

Python milter 0.3.8 released. A new version of the Python Milter (mail filter) is available. Version 0.3.8 adds the ability to handle malformed Content_type headers.

Network Management

Snort 1.8.3 available. A new version of the Snort network monitoring tool has been released. Version 1.8.3 includes a number of bug fixes and a new command line option for dealing with IP translations. These packages are available for this version.

Printing Systems

LPRng-3.8.2 released. Version 3.8.2 of the LPRng print system has been released. The CHANGES in this release include new configuration capabilities among other things.

Web-site Development

Zope 2.5 Beta 1. Zope 2.5 Beta 1 has been announced, with a whole bunch of new features.

Zope News for December 3, 2001. The December 3, 2001 edition of the Zope News is out. Topics include the new Zope 2.4.3 and 2.5.0b1 releases, new Zope books, a beta new.zope.org, and more.

The latest Zope Members' News. The latest news from the Zope Members includes a discussion of jcNTUserFolder 0.2.1, ZBabel support in LDAPUserFolder and CMFLDAP, availability of a few free Zope sites, a Paul Everitt interview, and more.

PHP Review 1.0.3 released. Version 1.0.3 of PHP Review is available. This version allows the importing of books and publishers from the PHP Review site.

Miscellaneous

This week in DotGNU. The This Week In DotGNU newsletter for December 1 is out. Learn about "Curse of Frogger" - a C#-based game written for the Portable.Net structure - and more.


December 6, 2001


Application Links
GIMP
Mozilla
Galeon
High Availability
ht://Dig
mnoGoSearch
MagicPoint
Wine
Worldforge
Zope

Open Source Code Collections
Berlios
Freshmeat
OpenSourceDirectory
Savannah
Le Serveur Libre
SourceForge
Sweetcode

   

 

Desktop Development


Audio Applications

WaveSurfer 1.2 released. Wavesurfer 1.2, a sound visualization and manipulation package, has been released. The changes in this release include a new dataplot plug-in, real time pitch analysis, and other improvements and bug fixes.

Mpg321 version 0.2.3 released. A new version of the mpg321 audio file player has been announced. This release comes with numerous bug fixes and a few new features.

Browsers

The latest from Mozdev. This week, the Mozdev site lists several new projects including Banner Blind, BrowserG!, and XULmine. Mozilla 0.9.6 now works under FreeBSD.

Desktop Environments

People of KDE: Rob Kaper. The "People of KDE" series interviews Rob Kaper. "[KDE] once locked me up in a gym in South Germany for a couple of nights during LinuxTag 2001. That's probably the meanest thing that happened so far."

Kernel Cousin KDE #27. Issue 27 of Kernel Cousin KDE is available. Topics include Qt 2.3.2 problems, removing desktop icons, KAccel, Dialogs stealing focus, .desktop files, KEdit class improvements, the aRts Linux kernel module, and more.

KDEPrint Site Goes Live. KDE.News has announced the new printing.kde.org site, which covers development and operation of the KDEPrint module in KDE.

This week's GNOME Summary. Here's the latest GNOME Summary. Covered topics include the GNOME Foundation election results, Galeon 1.0, and more.

Games

4st Attack 1.0 released. The Pygame site reviews 4st Attack 1.0, a game that involves arranging stones.

Interoperability

The latest Wine Weekly News. The most recent edition of the Wine Weekly News includes articles on 3D Studio Max, MIDL and COM, screensaver settings, Wine growth stats, loading mmsystem, and shlwapi upgrades.

Samba 3.0alpha0 released. The Samba site lists a new 3.0 alpha release of Samba. Testers are needed. See the release notes for all of the details.

Office Applications

Ximian releases Evolution 1.0. Ximian has announced the release of Evolution 1.0. (LWN reviewed the second Evolution release candidate last week).

Also announced by Ximian is the "Ximian Connector," which will make Evolution behave like a true Microsoft Exchange client. Connector is a proprietary product which will be available "early next year."

Python Checkbook Manager. Version 0.5 of the Python Checkbook Manager has been released. It's a lightweight financial application for those who do not need all the features of an application like GnuCash.

Kernel Cousin GNUe for December 1, 2001. The December 1, 2001 edition of Kernel Cousin GNUe is available. GNUe is the GNU Enterprise, a suite of tools for use in business.

AbiWord Weekly News #72. The latest edition of the AbiWord Weekly News is out, AbiWord version 0.9.6 is coming soon.

Miscellaneous

Pan 0.11.1 newsreader. A new version of the Pan newsreader has been announced. This version features a number of bug fixes, a new filter, and the ability to collapse and expand selected threads.

 
Desktop Environments
GNOME
GNUstep
KDE
XFce
XFree86

Window Managers
Afterstep
Enlightenment
FVMW2
IceWM
Sawfish
WindowMaker

Widget Sets
GTK+
Qt
   

 

Programming Languages


Caml

Caml Weekly News for December 4, 2001. Here is the latest edition of the Caml Weekly News. Topics include a pre-release of Mlglade, a discussion on glade, a call for O'Caml interns, and OCaml license conditions.

COBOL

TinyCOBOL version 0.55 released. A new version of TinyCOBOL is available. Downloads and release notes are available here.

Java

Programmatically choose threads for notification (IBM developerWorks). Peter Haggar explains portable, deterministic thread execution in an IBM developerWorks article. "The cross-platform nature of the Java platform is one of its major benefits. However, certain behaviors of the platform are less than desirable. One problem is the inability to consistently rely on which thread from a set of waiting threads will execute after a call to the notify() or notifyAll() method."

Lisp

Free the X3J Thirteen! for November, 2001. The November, 2001 edition of Free the X3J Thirteen! is out. Topics include the merge between ECL-Spain and ECL (ECoLisp), the cl-utils small utilities project, a new Lisp dialect called Arc, the latest from the CMU CL and SBCL projects, and more.

Perl

2001 Perl Advent Calendar. The 2001 Perl Advent Calendar is now up and running, with insights into a new Perl module being offered every day until Christmas.

New CPAN Distributions (use Perl). The use Perl site has posted a large number of lists of new Perl modules that are available on CPAN. See use Perl for all of the details.

First (beta) release of CPANPLUS (use Perl). The first beta of CPANPLUS, a replacement for the Comprehensive Perl Archive Network (CPAN), has been announced.

An Introduction to Testing (Perl.com). Chromatic discusses Perl debugging on O'Reilly's Perl.com site. "Someday, you'll be dubiously blessed with the job of maintenance programming. You might need to add new features or to fix long-standing bugs. The code may be your own or the apparently disturbed mutterings of a long-disappeared agent of chaos."

PHP

PHP Weekly Summary for December 3, 2001. The December 3, 2001 edition of the PHP Weekly Summary is available. This week's topics include the upcoming PHP 4.1.1, PHP 4.1.0 RC 3, the GMime extension, C++ extensions, debugging Apache, nested comments, and more.

Python

This week's Python-URL. Dr. Dobb's Python-URL for December 3 is out, with the latest from the Python community. Covered topics include the list of infrequently asked questions (the IAQ) and the OSI's approval of the Python license.

OSI approves Python Software Foundation License. The OSI has approved the Python Software Foundation License. The new license has also received a stamp of GPL compatibility from Richard Stallman.

Dr. Dobb's Python-URL!. The Python-URL for November 28 is out.

Jython 2.1b1 released. The first beta release of Jython 2.1 has been announced. Jython, of course, is the Java implementation of the Python language - Python code is compiled down to Java byte codes, allowing it to be run on a Java virtual machine.

Pybliographer 1.0.10 released. Version 1.0.10 of the Pybliographer tool for managing bibliographic databases has been released. This version "provides a direct interface to query the medline database, can output keys of entries to an editor using copy/paste, is able to format for APA publications, and fixes some bugs. It does not brew coffee yet, see emacs for that."

Ruby

An Interview with the Creator of Ruby (O'Reilly). Bruce Stewart interviews Yukihiro Matsumoto, the creator of the Ruby language. "I wanted a scripting language that was more powerful than Perl, and more object-oriented than Python. That's why I decided to design my own language."

The latest from the Ruby Garden. This week, the Ruby Garden features new articles on regexp handling and the Joy language. "If Ruby is Smalltalk-meets-Perl, then Joy might be described as Scheme-meets-Forth."

Tcl/Tk

This week's Tcl-URL. Dr. Dobb's Tcl-URL for December 4 is out, with the latest from the Tcl/Tk community.

Debuggers

GDB 5.1 released. GDB 5.1 was released a few weeks ago. Changes include a number of new native configurations, some new target processors, removal of some old targets, conversion of the source code to ISO C, and lots more.

Integrated Development Environments

Announcing Anjuta 0.1.8. A new version of Anjuta, an open source integrated development environment for C/C++, has been announced. Version 0.1.8 is considered a stable release, see the announcement for all of the details.

KDevelop Gains Cross-Platform Compilation Support (KDE.News. KDE.News covers the latest KDevelop capabilities. It is now possible to use KDevelop to build applications for StrongARM based machines, including several palmtops.

Miscellaneous

Jext 3.0.2 programmer's editor. A bug fix release of the Jext programmer's editor has been announced. Downloads are available here.

Peer-to-Peer for Academia (O'Reilly). Andy Oram writes about peer-to-peer computing on O'Reilly's openP2P site. "Academic environments are ideal for experimenting with peer-to-peer and benefiting from peer-to-peer. You have an open attitude toward information, well-educated staff who can adapt to new tools, a variety of projects that require information exchange, and a willingness to expend time and effort in order to save money."

Communication using sockets on Linux and Windows (IBM developerWorks). IBM's developerWorks features an article by Dr. Edward G. Bradford on socket programming, with an emphasis on writing code that compiles on both Linux and Windows platforms.

Section Editor: Forrest Cook

 
Language Links
Caml
Caml Hump
Tiny COBOL
Erlang
g95 Fortran
Gnu Compiler Collection (GCC)
Gnu Compiler for the Java Language (GCJ)
Guile
Haskell
IBM Java Zone
Jython
Free the X3J Thirteen (Lisp)
Use Perl
O'Reilly's perl.com
Dr. Dobbs' Perl
PHP
PHP Weekly Summary
Daily Python-URL
Python.org
Python.faqts
Python Eggs
Ruby
Ruby Garden
MIT Scheme
Schemers
Squeak
Smalltalk
Why Smalltalk
Tcl Developer Xchange
Tcl-tk.net
O'Reilly's XML.com
Regular Expressions
   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

See also: last week's Commerce page.

Linux and Business


Richard Stallman wins Takeda Award. Here's a press release from the Free Software Foundation announcing that Richard Stallman has won the 2001 Takeda award. It also mentions, rather less prominently, that Linus Torvalds was also a winner of this award. "As with the MacArthur award, Stallman will invest the Takeda award to pay his future living expenses, so that he can work full time promoting software freedom and coordinating the GNU project. Stallman receives no salary nor travel expenses from the FSF and assumes a modest living style to facilitate his continued work championing the cause of free software."

LinuxWorld NY conference program. IDG has announced the program for the New York LinuxWorld Conference and Expo, which starts on January 29. Speakers include many of the usual suspects: Perens, Raymond, de Icaza, etc.

HP's blade server announcement. Here's the press release from HP on its new blade server offerings. "Because Linux is very lightweight, has lower memory requirements and makes better use of CPU power, it is an ideal operating system for blade servers, which require flexibility and scalability in highly constrained environments due to heat restrictions."

Rainbow and Guardian Digital join forces. Rainbow eSecurity and Guardian Digital have announced a deal wherein a version of EnGarde Secure Linux will be integrated with Rainbow's "CryptoSwift eCommerce Accelerator" to produce a fast, secure e-commerce system.

Toshiba to sell Linux pre-installed Libretto for mobile desktop. Toshiba has announced plans to sell their Libretto L3 laptop as a dual boot system running Linux and Windows 2000.

Caldera previews Volution Manager 1.1. Caldera International has announced a publicly available preview version of Volution Manager 1.1. The full release will happen in the first quarter of next year.

Trolltech Launches Zaurus SL-5000D developer contest. Trolltech has announced a developer contest for the Sharp Zaurus SL-5000D PDA. Prizes include the PDA itself, and $10,000 cash.

Adobe SVG viewer Linux. An SVG file viewer is available for Mozilla under Linux. SVG (Scalable Vector Graphics) is an XML based graphics file format and web development language. Users must accept the Adobe license terms.

LPI-News: LPI Level 2 certification. The Linux Professional Institute has published the November, 2001 edition of its LPI News. Take a look for the latest Linux training and certification news. A new Level 2 certification program has been announced.

Netcraft Web Server Survey for November, 2001. The November 2001 Netcraft Web Server Survey is out.

Linux Stock Index for November 29 to December 05, 2001.
LSI at closing on November 29, 2001 ... 31.27
LSI at closing on December 05, 2001 ... 32.26

The high for the week was 32.26
The low for the week was 30.34

Press Releases:

Open source products

Proprietary Products for Linux

Hardware running Linux

Products and Services Using Linux

Products With Linux Versions

Java Products

Books

Partnerships

Personnel

Financial Results

Linux At Work

Other

Section Editor: Rebecca Sobol.


December 6, 2001

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

See also: last week's Linux in the news page.

Linux in the news


Recommended Reading

Constructing A Windows-Less Office (CRN). Computer Reseller News built a Windows-free office network with Linux and reported on the results. "After constructing a practical solution, the Test Center reached the following conclusion: Linux and associated Linux applications can accomplish many of the same tasks as the Wintel standard at a much lower initial cost,in this case, for 93 percent less than the software cost of a similar Windows-based network,and without many of the licensing hassles presented by traditional software platforms."

Copyright Law Foes Lose Big (Wired). Wired reports on the adverse rulings in the 2600 and Felten cases. "Now, all of a sudden, repealing the reviled DMCA through First Amendment litigation seems altogether unlikely. Nor, given how much Washington politicians adore the law, is Congress likely to alter it."

US courts kowtow to entertainment industry (Register). The Register looks at recent US court decisions concerning the DMCA. Cases involving Eric Corely (aka Emmanuel Goldstein) and Edward Felten have both suffered setbacks. CNET also covers the situation.

Linus Says: Linux Not Designed; It Never Was (KernelTrap). KernelTrap provides some excerpts from a thread on the Linux kernel mailing list. "A thread on the lkml started innocently enough about proper spacing in source code, then grew and grew into a somewhat philosophical debate about evolution and code design."

Waiting for Linux, Waiting for Godot (DesktopLinux). Malcolm Dean writes about the position of Linux in computing history from a Windows user's perspective on DesktopLinux. "There's one thing about Linux: it's downright frustrating. It's unfamiliar, it requires a new vocabulary, and it's simply hard to figure out what it really means." Some of us still feel that way about Windows.

Marcelo the Wonder Penguin (CrackMonkey). Here's a brief look at the new maintainer of the 2.4 kernel, Marcelo Tosatti. "If you are the 700th journalist to wonder why Alan and Linus handed over the 2.4 kernel to an 18-year old man from Brazil, please keep in mind that Marcelo will be busy working on the 2.4 kernel, so please contact the people from Conectiva's marketing department instead of preventing Marcelo from doing his work."

Companies

HP's Blade strategy isn't so dense (Register). The Register reports on HP's new Blade servers. "Surprisingly the first offerings will be Linux-only, with Windows and HP-UX to follow. Red Hat, SuSE and Debian - chalk one up for HP's Linux advisor Bruce Perens - are the favoured distros."

Business

Special Report: Are We There Yet? (Network Computing). This article looks at the current state of Linux in the enterprise, and looks back to where it was 17 months ago. Though Linux support is available, a perceived lack of support remains an issue. "Companies such as Linuxcare, Mission Critical Linux and Multi-User Solutions offer non-distribution-specific 24x7 critical support services for companies wishing to select a non-distribution-specific entity for their support needs. Perceptions of Linux support may not have changed much over the past year and a half, but the availability of support has definitely risen."

Leading the Linux Bird (osOpinion). John Lederer comments on Linux in an article on osOpinion. "In a recent survey regarding Linux adoption, the principal impediment to adoption, cited by 35 percent or more the respondents, was a lack of knowledgeable staff.

This is a lead problem. It suggests that management has, once again, screwed up."

Reviews

Ximian Evolution 1.0 links Linux to Exchange (Register). The Register looks at the Evolution 1.0 release. "As you go over the feature list for Evolution, it becomes clear that it is intended to become the Outlook/Outlook Express for Linux and Unix. Except in regard to security, of course."

Device profile: ZapMedia ZapStation (LinuxDevices). LinuxDevices.com has put up a profile of the ZapMedia ZapStation, which runs embedded Linux, of course. "The ZapStation is an audio/video jukebox that digitally stores and plays music and video files transferred from CDs and the Internet, plays DVDs, allows for Internet surfing, and provides daily news from USAToday. The ZapStation connects directly to TVs and stereo receivers, and provides high quality multimedia playback at the touch of a remote control."

Pogo Linux Altura Athlon XP Workstation reviewed. The Duke of URL Reviews the Pogo Linux Altura Athlon XP Workstation.

Interviews

Paul Everitt Interview (Zopera). The Zopera site has posted an interview with Zope Corp. founder Paul Everitt. "There has always been a tension between whether Python is Zope's greatest asset or its greatest liability. At some point, you have to decide that Python is Zope's greatest asset. Because, if you look, there are many Java application servers out there. And if you take the category of people who don't believe in Java, Zope is there for them. And it has not got any strong competitor in the Python world."

Section Editor: Forrest Cook


December 6, 2001

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

See also: last week's Announcements page.

Announcements


Resources

DesktopLinux.com launches Windows-to-Linux FAQ Project. DesktopLinux.com has launched a new "frequently asked questions" list targeting computer users who want to switch from Windows to Linux as their desktop operating system.

Events

Linux Bangalore/2001 program. Linux Bangalore/2001, held in Bangalore, India, starting on December 10, has posted its conference program. There is an impressive list of over 65 talks on numerous topics. Evidently a national television channel will be recording the whole thing for national distribution early next year. It looks like a worthwhile event.

Events: December 5, 2001 - January 31, 2002.
Date Event Location
December 6 - 15, 2001II Unix Internacional Meeting(UMeet2001)Online
December 7 - 9, 2001PLUTO MEETING 2001Terni, Italy
December 10 - 12, 2001Linux Bangalore 2001Bangalore, India
January 28 - 29, 2002The Conference on File and Storage Technologies(FAST 2002)Monterey, CA
January 29 - February 1, 2002LinuxWorldNew York, NY

Additional events can be found in the LWN Event Calendar. Event submissions should be sent to lwn@lwn.net in a plain text format.

Web sites

FreeGO!. The folks at Prosa have started FreeGO!, a free software news site in the Italian language.

Japanese PostgreSQL site moves. The Japanese PostgreSQL site has moved to a new location.

Section Editor: Forrest Cook.


December 6, 2001

   

 

Software Announcements


Here are this week's Freshmeat software announcements. Freshmeat now offers the announcements sorted in two different ways:

The Alphabetical List and Sorted by license

 

Our software announcements are provided courtesy of FreshMeat

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

See also: last week's Linux History page.

This week in Linux history


Three years ago (December 10, 1998 LWN): IBM released its "Jikes" Java compiler under an almost-open-source license. The first DB2 beta was also put up for free download. Sun announced its support for Linux on the Sparc, SGI announced support for Samba, and joined Linux International as well.

Linus Torvalds was a guest of honor in the Finnish Presidential Palace for the Independence Day celebration. This photo of Linus and Tove is still available online.

ZDNet shows us that some things never change...

Linux is awesome in many ways, but no matter how you slice it, it's still basically an evolved port of a 20+ year-old operating system, and with that age comes a certain amount of baggage. Linux may be far more efficient than Windows, but it still carries the past on its shoulders, and (more importantly) lacks many of the futuristic technologies built into BeOS from the start.

Two years ago (December 9, 1999 LWN): Andover.Net went public on December 8, at an initial price of $18 per share; it quickly rose to $63. When the December 9 LWN hit the press, the VA Linux Systems IPO was still looming; check this space next week if you don't know what happened.

Sometime later this week, another Linux-related company, called VA Linux Systems, will go public under the ticker symbol LNUX. It will probably double or triple in price while market pundits criticize it for being another overhyped IPO.
-- Business Week.

Both Cosource.com and SourceXchange officially launched. One year later both were still around. Now both are gone.

Corel found itself at the center of a controversy again when it refused to allow minors to download its distribution.

Sun announced the release of Java 2 for Linux. The announcement contained no mention of the Blackdown Linux team, which actually did most of the work for this release.

KDevelop 1.0 was released. The XFree86 team announced that XFree86 4.0 would not be out before the end of the year.

Red Hat announced more deals with Dell, including one in which Dell systems would come with 90 days of Red Hat support - which replaced the Linuxcare support that Dell was offering before. O'Reilly, meanwhile, launched the O'Reilly Network.

One year ago (December 7, 2000 LWN) looked at a few examples of how misrepresentations of Linux reflect a misunderstanding of what we are about, and how they can be damaging. First there was this story in Wired News about a Windows virus that told its victims to run Linux.

It also creates a text file "c:messageforu.txt," that contains the following words of wisdom: "Hi, guess you have got the message. I have kept a list of files that I have infected under this. If you are smart enough just reverse back the process. I could have done far better damage, I could have even completely wiped your hard disk. Remember this is a warning & get it sound and clear... -- The Penguin"

"The worm's pro-Linux message isn't a huge surprise," said Pirkka Palomaki, director of product marketing at F-Secure. "Most people who are capable of programming a virus are also Linux fans. Which is not to say that all Linux users are computer crackers.

Whew! It's nice to know that we are not all crackers.

This News.com article criticized Red Hat for dropping Sparc support in version 7.0, comparing the Linux provider with Microsoft. It doesn't bother to mention the many other flavors of Linux with continuing Sparc support.

The move parallels the gradual decline in the number of CPUs that can run Windows NT. Initially, Microsoft's higher-end operating system was intended to run on PowerPC, MIPS, Alpha and Intel CPUs, but minimal interest led Microsoft to cut back just to Intel chips.

Bruce Perens got a new job with Hewlett-Packard. The Meta Group called it "cheap insurance" in this News.com article.

Hewlett-Packard is taking out cheap insurance with its hiring of open-source advocate Bruce Perens, just in case Linux becomes more of a force in the marketplace than anyone expects. Users negotiating with HP can use this new commitment to Linux as a ploy in negotiations, but they should not expect HP to develop Linux into a replacement for HP-UX.

Conectiva Linux 6.0 was released.

Mandrake Linux moved to the 2.4 kernel in its Cooker (development) version. An official 2.4 had not yet been released, of course. The latest version was 2.4.0-test12-pre7.

Section Editor: Rebecca Sobol.


December 6, 2001

LWN Linux Timelines
1998 In Review
1999 In Review
2000 In Review
2001 In Review

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

See also: last week's Letters page.

Letters to the editor


Letters to the editor should be sent to letters@lwn.net. Preference will be given to letters which are short, to the point, and well written. If you want your email address "anti-spammed" in some way please be sure to let us know. We do not have a policy against anonymous letters, but we will be reluctant to include them.

December 6, 2001

   
From:	 Eric Kidd <eric.kidd@pobox.com>
To:	 letters@lwn.net
Subject: Evolution notes
Date:	 29 Nov 2001 12:24:18 -0500

First, a minor nit:

"There does not, however, appear to be any straightforward way of
creating a contact entry from a mail message; one must start from the
beginning and type it all in."

Right click on an e-mail address and you'll be pleasantly surprised. :-)

Now, on to some arguably more substantial thoughts.

I've abandoned a highly customized Mutt setup (among other things, I'm
the author of Emacs mutt-mode), and switched to Evolution.  Why?

The Drawbacks of Mutt
---------------------

* Mutt can't handle big folders efficiently.  I have some mail folders
with 25,000 messages or more, and mutt insists on rebuilding the indexes
every time I switch folders.  And since mail files tend to be highly
fragmented, this can take close to 30 seconds on a 1.4 GHz box.

* Mutt is inherently modal.  I can't, say, compose two messages at once,
read a third, and poke around in a mailbox at the same time.

* Mutt can't search message bodies.

* Mutt can't read the HTML-only e-mails that some people insist on
sending me through Hotmail, unless I screw around with mimecap files. 
And even then, it's pretty clunky.

The Advantages of Evolution
---------------------------

* Serious support for huge quantities of mail: lightening full-text
search, virtual folders based on queries, support for mailboxes with
tens of thousands of messages.

* Support for receiving HTML e-mail.

* Excellent integration between the mail reader, contact database, and
my Pilot.

The main drawbacks of Evolution are poor integration with the
traditional Unix environment, and mediocre PGP support.

In particular,  evolution (1) is bad at noticing PGP errors, (2) doesn't
support rules like "always encrypt mail to so-and-so" and (3) replies to
encrypted messages with quoted, unencrypted bodies by default (a
*serious* security hole that it shares with Mutt).

I hope some of these bugs get fixed in 1.x.  But it's a dynamite mailer
in many ways.

Cheers,
Eric

   
From:	 tom poe <tompoe@renonevada.net>
To:	 letters@lwn.net
Subject: SVG and ADOBE
Date:	 Fri, 30 Nov 2001 21:19:34 -0800

Hi:  Just saw the announcement for Mozilla and Adobe and SVG.  

Criteria for Letters to the Editor:
Short, to the point, and possibly well-written.  

These criteria don't leave much room for "What the h%^&  is our W3C.org 
standards committee trying to pull?"  rants.  By all means, folks, go over to 
Adobe and download their proprietary product so you can view Open Source 
Standards on Linux, because our W3C.org standards committee thinks SVG should 
be a proprietary standard for all.  What happened to Batik?  Oh, that's 
right.  Adobe views Batik as second class citizens, and has no interest in 
Open Sourcing their work in collaboration.  Maybe someone has a clearer 
understanding as to why anyone would want to use proprietary products as a 
standard for Open Source.  thanks, Tom
   
From:	 Christopher Browne <cbbrowne@cbbrowne.com>
To:	 letters@lwn.net
Subject: SourceForge Concerns
Date:	 Wed, 05 Dec 2001 14:02:22 -0500

The concerns about Sourceforge.net are hardly new; people have long expressed 
all sorts of paranoia about all sorts of unfortunate possible scenarios.

I'm not overly concerned, but commend that people make sure that they're not 
putting "all their eggs in one basket."

There certainly are a number of negative outcomes that could lead to 
significant inconvenience.  I always like to characterize it with the idea of 
a large meteoroid striking Silicon Valley, as that takes a certain amount of 
"sting" out what might otherwise become accusations.  (The Python people have 
their classic line about Guido getting hit by a bus; same sort of story; I 
guess I am more into bad Sean Connery movies :-).)

Whatever the potential reasons for a loss of service, it is very important for 
people to have some backup plans should a "Big Gulp" happen.  It is already 
highly likely that interesting CVS archives will be widely mirrored, simply 
because ocean-crossing links can be slow.

Those that are running projects that they consider important should certainly 
seek to mirror the code elsewhere.

The following are a whole bunch of possible alternatives:
Savannah, GBorg, Berlios.de, Tuxfamily.org, Serveur Libre, SunSITE.dk, Vhffs, 
Subversions - GNU Project, SEUL: Hosted Projects, freepository, Lusis.org,
SourceFubar, tigris

It would seem logical for those projects that are actually active (most 
Sourceforge projects are NOT active) to consider mirroring at one or another 
of these sites.

Note that such mirroring is also systematically useful for keeping the folks 
at Sourceforge.net from being tempted to "do ill."  I remember many arguments 
taking place yesteryear with just _extreme_ paranoia that Red Hat (the typical 
"punching bag" for paranoid concerns) might be just about to do something 
horribly proprietary.  The presence of alternatives that are conspicuously 
free of "we might try to take this private" interests represents a powerful 
quencher of temptation.  Debian is a crucial alternative, in the distribution 
arena; even if you never use it, the fact that it's out there helps to keep 
Linux distributions freely available.

If you care about your project, mirror it, and the risks dissipate.
--
(concatenate 'string "cbbrowne" "@ntlug.org")
http://www3.sympatico.ca/cbbrowne/linux.html
Any programmer who fails to comply with the standard naming, formatting,
or commenting conventions should be shot.  If it so happens that it is
inconvenient to shoot him, then he is to be politely requested to recode
his program in adherence to the above standard.
-- Michael Spier, Digital Equipment Corporation


   
Eklektix, Inc. Linux powered! Copyright © 2001 Eklektix, Inc., all rights reserved
Linux ® is a registered trademark of Linus Torvalds