Other LWN stuff:
 Daily Updates
 Calendar
 Linux Stocks Page
 Book reviews
 Penguin Gallery

 Archives/search
 Use LWN headlines
 Advertise here
 Contact us

Recent features:
- RMS Interview
- 2001 Timeline
- O'Reilly Open Source Conference
- OLS 2001
- Gaël Duval
- Kernel Summit
- Singapore Linux Conference
- djbdns

Here is the permanent site for this page.

See also: last week's LWN.

Leading items and editorials

The changing perception of Linux. It has been interesting to watch, over the years, as the way Linux is seen outside the community has evolved. When LWN started publishing at the beginning of 1998, the few people who had actually heard of Linux dismissed it as a hobbyist's toy. Things are different now; it's worthwhile to look at just how different.

Those wondering if Linux is being taken seriously in the business world might well find their answer in the absurd vision of Sun CEO Scott McNealy in a penguin suit. A better example, however, may be found by looking at the treatment of IBM and its commitment to Linux. A year and a half ago, we could read things like this Gartner pronouncement: But the Linux movement is fraught with potential hazards if companies such as IBM act too hastily. For example, the lack of standards, frequent releases, and variety of Linux distributions on Intel and various RISC implementations will increase the complexity of support. In addition, the earlier investment craze over Linux has died out, and most Linux-only companies are struggling financially.

Now fast-forward to a couple of weeks ago, and consider this interesting (but subscription-only) article in the Economist about Sam Palmisano taking the helm at IBM:

Mr. Palmisano was also involved with another of IBM's cunning strategic moves: its embrace of Linux, the free, open-source operating system that is maintained by a vast collective of programmers who collaborate online.

That which was once "fraught with potential hazards" is now seen as a "cunning strategic move." Linux is now seen, from far away, as a smart business strategy for a large, established technology company. The world has changed.

Something interesting has happened over the last six months or so. Many people clearly expected Linux to disappear with much of the dotcom economy; Microsoft explicitly compared Linux with dotcom business models. Many of the dotcoms are long gone at this point, and people are beginning to notice that Linux is not only still around, but it has gotten stronger. Linux (and free software in general) were never just another dotcom fad of the month. They not only have great value to offer; they are also well insulated from the fortunes of any particular company that chooses to work with them. Free software is now taken seriously, but we still have only begun to see where it will go.

Sun wakes up. Many in the Linux community have wondered when Sun would figure out that Linux isn't just going to go away. The company seems to be opening its eyes at last; here's Sun's press release on its new Linux strategy. Interestingly, this announcement happened the week after LinuxWorld.

The points in the announcement are vague and interesting. The first of those is that Sun "will ship a full implementation of the Linux operating system." That looks very much as if Sun is getting into the distribution business. We asked Sun's PR people what company was up to, only to be told "we're not clarifying." We'll have to wait and see what really comes out.

A Sun distribution could be an interesting force in the market. Sun, of course, has recently lost a number of high-profile customers to Linux in a very public way. Perhaps the company feels that, if its customers are going to switch to Linux, maybe they will be inclined toward a distribution with the Sun brand. A path which makes it easy to stick with the same vendor and to integrate Linux and Solaris systems might help Sun retain a number of those customers.

It is a bit of a stretch to imagine Sun as a major Linux distributor, however. There are many established players in that market whose support of the system seems rather more wholehearted than Sun's.

Next, Sun will be expanding the Cobalt line of Linux appliances, and adding a set of "low-end general purpose Linux/x86-based systems." In other words, Sun is getting into the cheap, commodity Linux systems business that has proved so difficult for a number of other vendors. The Sun name should help, but it still is a hard business to be in. If Sun envisions extending its Linux support to its higher-end SPARC systems, however, it might get somewhere.

Finally, there is a vague promise to offer "key components" of Solaris to the Linux community. Once again, the company refused to tell us just what those components might be, or what sort of licensing would be used.

So we will have to wait and see what Sun really has in mind - it's mostly words at the moment, and vague words at that. Sun played a large part in the commercialization of Unix, and it may yet have a large role to play in the Linux world as well. It will be interesting to see how it plays out.

Dave Whitinger joins LWN.net. We are pleased to announce that Dave Whitinger, co-founder of Linux Today, has agreed to join the LWN staff. His official title is "Director of Business Development," but he will be handling a variety of tasks from arranging partnerships to posting content on the site. Dave brings a wide variety of talents and a lot of ideas to LWN.net; expect to see a great many improvements as he makes his presence felt.

Inside this LWN.net weekly edition:

• Security: Multiple security problems with SNMP
• Kernel: Preemptible kernel patch merged; ALSA to be merged; How synchronous should sync() be?
• Distributions: Sun Linux?; The return of Halloween & DragonLinux.
• Development: The jack Audio Connection Kit, Standalone ZODB 1.0, Aide 0.8 GNU FDL 1.2 draft, GNOME 1.4.1rc1, GSview 4.2, new Gimps, Gnopher 0.2.
• Commerce: HP Issues Statement on Compaq Merger; E*TRADE Migrates to Linux; IBM launches low-end eServer.
• Letters: Counting security updates; system auditing.

...plus the usual array of reports, updates, and announcements.

This Week's LWN was brought to you by:

• Jonathan Corbet, Executive Editor

See also: last week's Security page.

Security

News and Editorials

The SNMP vulnerabilities were discovered by the Oulu University Secure Programming Group (OUSPG) of Oulu University, Finland. This is the same group which uncovered a wide variety of vulnerabilities across several LDAP products last year.

OUSPG developed and applied the PROTOS Test-Suite: c06-snmpv1 as a primary investigation tool. The test-suite's purpose is to "evaluate implementation level security and robustness of ... SNMP implementations." Licensed under version 2 of the GNU GPL, OUSPG encourages widespread use of the test-suite for the evaluation and development of SNMPv1 products.

Simple Network Management Protocol (SNMP) is routinely used in installations all over the Earth for monitoring and controlling systems that include printers, routers, ATM switches, servers of all kinds and workstations. Designed in the late 80's and widely deployed in the 90's, SNMP is the most popular protocol in use to manage networked devices. It has been so successful that finding a practical alternative for a network of even moderate complexity, that can quickly and easily be put into service, is unlikely.

CERT has received reports of SNMP port scanning and, as yet unverified, reports of exploitation of these vulnerabilities. If you are responsible for a network which uses SNMP for monitoring and control, you are strongly encouraged to read the CERT advisory.

Security Reports

Debian security update to CUPS. The Debian project has released a security update to the CUPS printing system fixing a buffer overflow vulnerability in that package.

Debian security update to faq-o-matic. The Debian Project has issued what appears to be the first update from a Linux distributor for the cross-site scripting vulnerability in faqomatic. (First LWN report: February, 7th).

Debian update to wmtv. Debian has released new packages that fix a symlink vulnerability in wmtv.

Autoresponder vulnerable to spamers. Autoresponder is a script for answering mail. Put it in your .forward or .qmail file, and it will reply to all incoming messages with a specified response. On Friday, 11 January 2002, someone reported on Bugtraq that autoresponder package "...could be tricked by spamers to send unsolicited mail to victim's address if option reply with copy of original message attached to response is enabled in autoresponder's configuration." The problem is fixed in version 1.15.0, and later, available from the MeepZor Free Software page.

GNU Ada compiler (GNAT) advisory. CERT has issued this advisory for handling of temporary files in an unsafe manner by the GNU Ada compiler. All POSIX multi-user systems running GNAT-compiled binaries which use Ada language facilities for creating temporary files are affected. GNAT versions known to have this defect are 3.12p, 3.13p and 3.14p. The advisory also notes that "the unreleased version of GNAT from the GCC CVS fixes this security defect on GNU/Linux, but introduces another one. Its use is strongly discouraged until this problem has been addressed."

Updates

This week's updates:

• Eridani Linux (February 22, 2002)

• Debian (January 16, 2002)
• Debian (January 18, 2002) (first update did not fix the problem).
• Mandrake (January 18, 2002)
• Red Hat (February 7, 2002) (update to the original advisory, issued January 22, 2002, to fix a Red Hat 6.2 specific problem)
• Red Hat (January 22, 2002) Red Hat Linux 7.2 is not vulnerable; earlier releases are.
• Slackware (January 22, 2002)
• SuSE (January 16, 2001)
• Yellow Dog (January 27, 2002)

Buffer overflow in groff. The groff package has a buffer overflow vulnerability; if it is used with the print system, it is conceivably exploitable remotely.

This week's updates:

• Mandrake (February 7, 2002)

Previous updates:

• Red Hat (January 14, 2002)
• Trustix (January 18, 2002)
• Yellow Dog (January 27, 2002)

Flaw in OpenLDAP. OpenLDAP versions 2.0.0 through 2.0.19 do not properly check permissions when using access control lists and a user tries to remove an attribute from an object in the directory by replacing it's values with an empty list. Schema checking is still enforced, so a user can only remove attributes that the schema does not require the object to possess. Please note that in 2.0 versions prior to 2.0.8, this flaw is not restricted to authenticated users (i.e., anonymous users can abuse the flaw as well).

This week's updates:

• Caldera (January 16, 2002)
• Mandrake (February 11, 2002)

Previous updates:

• Conectiva (January 28, 2002)
• Red Hat (January 22, 2002)

Remotely exploitable security problem in mutt. Most of the major distributions have provided updates for this buffer overflow vulnerabilty which was fixed in mutt versions 1.2.5.1 and 1.3.25.

This is a remotely exploitable hole; applying the update is a very good idea. It was first mentioned in  the January 3rd LWN security page.

This week's updates:

• Caldera (January 25, 2002)

• Conectiva (January 7, 2002)
• Debian (January 2, 2002)
• Debian (January 3, 2002) (Sparc architecture)
• Mandrake (January 8, 2002)
• Red Hat (January 7, 2002)
• Slackware (January 8, 2002)
• SuSE (January 7, 2001)
• Trustix (January 4, 2002)
• Yellow Dog (January 27, 2002)

This week's updates:

• Caldera (January 24, 2002)
• Conectiva (January 25, 2002)
• Debian (February 3, 2002) (note: if you applied the original update, which broke rsync, you need to update again.)
• EnGarde (January 25, 2002)
• Mandrake (January 28, 2002)
• Red Hat (January 30, 2002) (note that this alert was updated; if you applied the original version you should update again.)
• Slackware (January 26, 2002)
• SuSE (January 25, 2002)
• Trustix (January 28, 2002)
• Yellow Dog (January 27, 2002)

Multiple vendor telnetd vulnerability. This vulnerability, originally thought to be confined to BSD-derived systems, was first covered in the July 26th Security Summary. It is now known that Linux telnet daemons are vulnerable as well.

This week's updates:

• HP (February 12, 2002)

• Caldera (August 10, 2001)
• Conectiva (August 24, 2001)
• Debian (August 14, 2001) (SSL version)
• Debian (August 14, 2001) (Update for Sparc version)
• Mandrake (August 13, 2001)
• Mandrake (December 17, 2001) (kerberos version)
• Progeny (August 14, 2001)
• Red Hat (February 7, 2002) (Update, for Red Hat 5.2, 6.2, 7.0, and 7.1, to the original advisory, issued August 9, 2001.)
• Red Hat (August 9, 2001)
• Red Hat (August 9, 2001) (kerberos version)
• Slackware (August 9, 2001)
• SuSE (September 3, 2001)
• Yellow Dog (August 10, 2001)
• Yellow Dog (August 10, 2001) (kerberos version)

New updates:

• Debian (February 8, 2002) (update to the original advisory issued September 24, 2001.)

• Caldera (September 7, 2001)
• Conectiva (September 11, 2001)
• Debian (September 24, 2001)
• Mandrake (September 21, 2001)
• Progeny (October 5, 2001)
• SuSE (October 31, 2001)

Resources

Events

Upcoming Security Events.

Date	Event	Location
February 15 - 17, 2002	CODECON 2002	San Francisco, California, USA
February 18 - 22, 2002	RSA Conference 2002	San Jose, CA., USA
February 25 - March 1, 2002	Secure Trusted OS Consortium - Quarterly Meeting(STOS)	(Hyperdigm Research)Chantilly, VA, USA
March 11 - 14, 2002	Financial Cryptography 2002	Sothhampton, Bermuda
March 18 - 21, 2002	Sixth Annual Distributed Objects and Components Security Workshop	(Pier 5 Hotel at the Inner Harbor)Baltimore, Maryland, USA
March 18 - 20, 2002	InfoSec World Conference and Expo/2002	Orlando, FL, USA
April 1 - 7, 2002	SANS 2002	Orlando, FL., USA
April 5 - 7, 2002	Rubicon	Detroit, Michigan, USA
April 7 - 10, 2002	Techno-Security 2002 Conference	Myrtle Beach, SC
April 14 - 15, 2002	Workshop on Privacy Enhancing Technologies 2002	(Cathedral Hill Hotel)San Francisco, California, USA

For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net.

Section Editor: Dennis Tenney

LWN Resources


Secured Distributions:
Astaro Security
Castle
Engarde Secure Linux
Immunix
Kaladix Linux
NSA Security Enhanced
Openwall GNU/Linux
Trustix

Security Projects
Bastille
Linux Security Audit Project
Linux Security Module
OpenSSH

Security List Archives
Bugtraq Archive
Firewall Wizards Archive
ISN Archive

Distribution-specific links
Caldera Advisories
Conectiva Updates
Debian Alerts
Kondara Advisories
Esware Alerts
LinuxPPC Security Updates
Mandrake Updates
Red Hat Errata
SuSE Announcements
Turbolinux
Yellow Dog Errata

BSD-specific links
BSDi
FreeBSD
NetBSD
OpenBSD

Security mailing lists
Caldera
Cobalt
Conectiva
Debian
Esware
FreeBSD
Kondara
LASER5
Linux From Scratch
Linux-Mandrake
NetBSD
OpenBSD
Red Hat
Slackware
Stampede
SuSE
Trustix
turboLinux
Yellow Dog

Security Software Archives
munitions
ZedZ.net (formerly replay.com)

Miscellaneous Resources
CERT
CIAC
Comp Sec News Daily
Crypto-GRAM
LinuxLock.org
LinuxSecurity.com
Security Focus
SecurityPortal

See also: last week's Kernel page.

Kernel development

Update: 2.5.5-pre1 was released just as this page was going to "press." It includes the ALSA sound system (see below), the new input driver scheme, the X86-64 merge, and a bunch of other stuff.

Dave Jones's latest prepatch is , which adds a number of fixes to the 2.5.4 release. This one should compile for most people.

Guillaume Boissiere's has been updated for 2.5.4.

The current stable kernel release is still 2.4.17. The first 2.4.18 release candidate was released on February 13; if all goes well it will become the next stable release.

Alan Cox's latest is 2.4.18-pre9-ac3; it adds the latest reverse mapping virtual memory patch, an updated DRM implementation, and a number of fixes.

Those who prefer a development-oriented 2.4 kernel can see 2.4.18-pre8-mjc from Michael Cohen. It adds the reverse mapping VM, the preemptible kernel patch, the new 2.5 scheduler, User-mode Linux, and many other things.

The preemptible kernel patch was merged into 2.5.4-pre6, thus ending, by fiat, a long debate on whether it was a good idea or not. This patch was discussed in detail almost a year ago on this page; it has evolved since then, but the basic idea remains the same.

There is still some nervousness about this patch. Anything that changes one of the basic assumptions of the kernel programming environment (that kernel code runs to completion unless it explicitly yields the processor) does need to be looked at carefully. The fact that kernel code will not be preempted when it holds a spinlock reduces the problem to something similar to the SMP situation - but not quite.

In particular, there is an increasing amount of processor-specific data used by the kernel. Limiting access to a specific data structure to a single processor brings some significant performance benefits - that data stays in a single processor's cache. It was also possible, until now, to work with single-processor data without locking; since no other processor will try to access that data, there is no need to lock the other processors out. If kernel code is preemptible, however, processor-specific data is no longer safe; other measures must be taken.

The preemptible kernel patch has been well tested over the better part of a year, and the obvious glitches have been worked out. Even so, chances are that a surprise or two remain - though there have been few complaints so far. Preemption makes the kernel more responsive, and is worth having. But it is a good patch to have integrated early in the 2.5 cycle.

Here comes ALSA. Jaroslav Kysela announced the availability of an Advanced Linux Sound Architecture patch for the 2.5.4 kernel. The announcement showed a certain degree of frustration - apparently Linus had not been answering mail from the ALSA maintainers, and they were not sure what the situation was.

Things have since settled out. Here's : My main reason for being silent on it has been that I've been doing other things. I'll be merging ALSA in the not too distant future, but it's not been a high priority for me like some of the other stuff I have spent my time on.. And that, of course, is what happened; ALSA is in the first 2.5.5 prepatch.

ALSA will not immediately amaze Linux users with lots of new capabilities. For the most part, the only thing people should notice in the short term is that sound on their systems works as always. What ALSA brings is a new and more coherent design, a nice kernel API (which is normally hidden behind the well-defined library API), support for professional hardware, and better MIDI sequencing and routing support. A thorough emulation layer ensures that old OSS sound applications will work as always, but quite a few applications also support the ALSA native API.

In the longer term, the combination of ALSA and the low-latency work should help ensure that Linux is capable of handling the most demanding audio tasks.

How synchronous should sync be? Andrew Morton has posted fixing a perceived problem with the sync() system call: as long as processes keep generating data, sync() will keep flushing it to disk. The result is that a sync command can take a long time to execute - as in several minutes. Andrew's patch changes sync() to just ensure that all data to be written when the call is made gets out - buffers generated thereafter may not be written immediately.

This patch, of course, changes a fundamental assumption made by many who use sync - that, upon completion, all data has been written to disk. In fact, according to the Single Unix Standard, this behavior is permissible: "The writing, although scheduled, is not necessarily complete upon return from sync()" It is, regardless, not the behavior that many expect.

There's no real consensus on what the proper behavior is. Unless Linus takes the patch, the current sync behavior will remain.

Other patches and updates released this week include:

Core kernel code:

• Christoph Hellwig has a new version of his kthread interface, which attempts to rationalize the creation and management of kernel threads.

• Here's the latest version of Rusty Russell's patch implementing easy per-CPU data areas.

• Rik van Riel has released version 12e of his reverse-mapping virtual memory patch.

• The 2.5.4 Linux security module patch is available.

Development tools:

• of the Linux Test Project test suite has been released.

• of the patch enabling the gcov test coverage tool to be used with the kernel has been posted by Hubertus Franke.

Device drivers

• A new has been posted by Greg Kroah-Hartman. "It differs from my previous patches, in that this one works well."

• Jens Axboe has posted a patch implementing queue barriers in the block I/O layer. Barriers allow higher level code (such as a journaling filesystem) to require that all data queued before the barrier is written to disk before any data after the barrier. A 2.4 version of this patch was posted by Chris Mason.

Filesystems:

• The University of Michigan has announced the first release of its NFSv4 implementation. This patch still has some rough edges, and only works with the 2.4.4 kernel (yes, 2.4.4 - a 2.5 port is in the works).

• Andrew Morton has posted a patch implementing the "dirsync" option on the ext2 and ext3 filesystems.

• Neil Brown has posted his linux.conf.au paper on the future of authentication in the kernel NFS daemon.

Kernel building:

• Anuradha Ratnaweera has the release of kernelconf 0.1.3. See if you would like to know where to actually get the code.

Miscellaneous:

• Denis Vlasenko has posted a new list of kernel maintainers.

• has been released by Thomas Capricelli. Zeta is a port of Linux to a virtual platform, done as an exercise in learning the internals of the system.

• James Bottomley has a new version of his port to the NCR Voyager architecture.

• Kernel Traffic for February 11 is available.

Section Editor: Jonathan Corbet

For other kernel news, see:

• Kernel traffic
• Kernel Newsflash
• Kernel Trap
• 2.5 Status

Other resources:

• L-K mailing list FAQ
• Linux-MM
• Linux Scalability Effort
• Kernel Newbies
• Linux Device Drivers

See also: last week's Distributions page.

Distributions

News and Editorials

Sun Linux?. A recent announcement from Sun Microsystems said, in part, "... Sun announced it will ship a full implementation of the Linux operating system." Is this a hint that Sun Linux will be released, along with the next generation of Sun Cobalt appliances? Little actual information is available at this time, so all we have is wild speculation.

Of course this announcement could mean that Sun will encourage the major distribution vendors to release versions tailored to Sun hardware, just as IBM has done. There are many versions of Linux to choose from, including several good Sparc ports.

We will go out on a limb and predict that Sun Linux (or SolLinux) will be a unique distribution, with versions supporting the spectrum of Sun and Sun Cobalt hardware. It will favor a GNOME desktop, of course. It will be able to run Solaris applications.

The return of Halloween & DragonLinux. Two more "lost" distributions have been found by alert LWN readers. These two distributions are now back in the LWN List bringing the total number of "active" distributions to 228.

DragonLinux was found for us by Hans Lunsing, and has returned to our list under DOS/Windows install.

Halloween Linux was found for us by Kay Marquardt. Halloween is German localized version of Red Hat, so it's been added to the Country Specific category.

New Distributions

GenDist. GENDIST (the Linux Distribution Generator) allows you to create your own special mini-distribution. It creates a makefile-based build system for your distribution, and helps you to automate the following three tasks: maintaining your root filesystem, maintaining your "CD filesystem" (in case you create a bootable CD), and packaging everything on media. GENDIST 0.9.4 (Stable) was released February 10, 2002.

Securepoint Firewall & VPN Server. The Securepoint Firewall & VPN server is a high end firewall and VPN solution for protecting your Internet gateway. Securepoint can also be used with existing firewalls and to protect interconnected locations or divisions and lets you create and manage VPN tunnels.

Distribution News

Debian News. The Debian Weekly News for February 6 is out, with coverage of one more Debian 2.2 release, handling donations, getting fixes into testing, Debian Jr., and more.

Join the Woody Bug-Squashing Party, on the third weekend of February: Friday 15th to Sunday 17th.

Mandrake Linux News. Here's the Mandrake Linux Communtity Newsletter for February 6, 2002. This issue covers 8.2 Beta Articles at MandrakeForum; New Support Plans for IA64; Report from N.Y. LinuxWorld Expo; and much more.

A second ML 8.2 beta is available now. This MandrakeForum article has information about what needs testing and how to report problems.

MandrakeSoft has also announced the availability of a new support offering for IA-64.

MontaVista to Enhance Embedded Linux for Intel's Next-Generation Wireless Platform. MontaVista Software announced that MontaVista Linux 2.1 (formerly Hard Hat Linux), will support the new Intel(R) PXA 210 and Intel(R) PXA250 Applications Processors.

Red Hat. Red Hat has updated printing packages available to fix minor bugs.

Slackware. A bug was fixed in installpkg which caused it to not actually install packages if the -menu option was used. Pkgtool works again. See the changelog for more information.

Trustix Secure Linux. Trustix has issued several bug fix advisories for TSL 1.5. Package cleanup occurred in LPRng, vixie-cron, and rp-pppoe. There were also minor bugfixes in ncurses and initscripts.

Minor Distribution updates

ClumpOS. ClumpOS has released R5.0 on February 12, 2002. This version contains major feature enhancements including a kernel update to Linux 2.4.17 and MOSIX 1.5.7 for 2.4.17.

Familiar Linux Distribution. The Familiar Project has released v0.5.1. Situation dependent bootstraps are now provided in this release, dependencies were fixed in various packages, bootloader splash screen and buttons are supported on H3100, H3600, H3700, and H3800, and the included kernel was updated to 2.4.16-rmk1.

LinuxFromScratch. LinuxFromScratch has released development version 3.2-rc1.

Mindi-Linux. Mindi Linux released v0.58 on February 11, 2002. This is a minor bugfix release.

Rock Linux 1.5.13. A new version of Rock Linux is planned for release at the upcoming FOSDEM conference. Rock Linux guru Stefan Koerner will be present at FOSDEM.

Distribution Reviews

BSD operating systems: Perspective (ZDNet). This ZDNet article looks at the flavors of BSD operating systems. "BSD implementations have retained commonality but also diverged into over 100 different distributions, four of which are prominent."

Section Editor: Rebecca Sobol

Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.

Distribution Lists:
LWN List
DistroWatch
ibiblio
Linux.com
LinuxLinks
Woven Goods

See also: last week's Development page.

Development projects

News and Editorials

The jack project aims to provide a low-latency audio server for connecting multiple audio applications together under Linux.

According to the Jack FAQ, Jack used to be called LAAGA, which stands for Linux Audio Application Glue API. The LAAGA concept was defined on the linux-audio-dev mailing list.

A LAAGA is supposed to solve the following problem: "Let's say you are using a multi-track recorder/mixer. It's working nicely on your Linux box. You can record and mix without problems. But now you've found a couple of interesting new apps, let's say a software synth and a virtual drum machine. They seem to work great, so why not use them in your recordings? But how to connect them to the multi-track recorder?" Jack was designed to perform that function.

The jack documentation is still in an early state of development. The project is seeking volunteers to help fill that out.

A number of audio applications already work with jack. Among them is the audio player AlsaPlayer, the audio processor ecasound, and the multi-track recorder Ardour. More applications are under development.

Developers should check out the jack API to get an idea of how it all goes together.

Update: we've received a note from the Jack developers that clarify some inaccuracies that were originally in this article. We regret the errors.

CORBA

Help with Designing or Debugging CORBA Applications (Linux Journal). Linux Journal is running an article by Frank Singleton on CORBA application design and debugging. "This article explores how I have added some useful extensions to an open-source protocol analyzer in order to allow the extraction of OMG IDL (interface definition language) defined data types from TCP/IP traffic (using GIOP/IIOP). I also discuss the development and use of a helpful tool (idl2eth) that can take your own OMG IDL file(s) and generate protocol analyzer plugins, and lead you through the steps of creating your own plugin for the CORBA project you are working on."

Databases

Standalone ZODB 1.0 released. The 1.0 release of the stand-alone Zope Object Database has been . The ZODB part of Zope is interesting in its own right, and it has many applications that have nothing to do with web serving; it's worth a look for Python programmers building complex and/or distributed applications.

New SAP DB Documentation. New online documentation is available for the SAP DB database.

Electronics

New stuff on the gEDA site. The gEDA site features new versions of Icarus Verilog, Gerber Viewer, and gEDA/gaf, a collection of tools which includes gschem, libgeda, gnetlist, gsymcheck, and associated utilities.

Embedded Systems

Embedded Linux Newsletter for February 7, 2002. The February 7, 2002 edition of the LinuxDevices Embedded Linux Newsletter is out with the latest embedded Linux news. This week features lots of new stuff from the LinuxWorld conference.

Embedded Development with Qt/Embedded (Dr. Dobb's). Dr. Dobb's Journal features an article on writing Qt applications for embedded Linux systems. "When developing software for handheld computers such as the iPAQ, Palm, and Visor, you often face challenges that are at odds with each other. On one hand, users expect applications with resource-hungry GUIs that can be manipulated via stylus, virtual keyboard, and the like. On the other hand, you must contend with the space and processing constraints that are normal in the embedded world. In part due to issues such as these, Linux is increasingly becoming the preferred platform for embedded devices such as handheld computers."

Mail Software

rbl-milter 0.1 released. The first release of rbl-milter, a spam filter that works with sendmail, has been released. Rbl-milter has been released with the GPL license.

Network Management

Aide 0.8 released. Version 0.8 of Aide, the Advanced Intrusion Detection Environment, has been announced. This release adds cleaner reports, syslog reporting, dead symlink warnings, bug fixes, and more.

Peer to Peer

Distributed Systems Topologies: Part 2 (O'Reilly). Nelson Minar covers Distributed Systems Topologies in the second part of a series on O'Reilly. "In this second part, I describe seven characteristics of distributed systems that are commonly used when talking about system design and then analyze each characteristic for each of the topologies." If you want to start from the beginning, Part 1 of the series is here.

Printing Software

LPRng 3.8.6 released. Version 3.8.6 of the LPRng print spooler has been released. The CHANGES include a number of bug fixes and documentation updates.

Web-site Development

The latest Zope Members News. This week's entries on the Zope Members News include new releases of NuxWidgets, ZCoMIX, Emil, and ManageInZODB and more.

Python Conference, Day One (ZopeZen). Zopista writes about Zope at the Python conference. "The conference kicked off with a talk from Andrew Koenig. Andrew has been programming for 5 years more than I have been alive and talked about languages he has used prior to Python."

Documentation

GNU FDL 1.2 draft available. A draft of version 1.2 of the GNU Free Documentation License (FDL) has been announced.

LDP Weekly News for February 5, 2002. The February 5, 2002 LDP Weekly News is out. News includes the release of documentation in the Plucker format for viewing on PDA devices. New documents include "How to Develop Accessible Linux Applications", and the "Linux Crash HOWTO".

Application Links
GIMP
Mozilla
Galeon
High Availability
ht://Dig
mnoGoSearch
MagicPoint
Wine
Worldforge
Zope

Open Source Code Collections
Berlios
Freshmeat
OpenSourceDirectory
Savannah
Le Serveur Libre
SourceForge
Sweetcode

Desktop Development

Audio Applications

AlsaPlayer 0.99.53 released. A new version of the AlsaPlayer audio utility has been released. The project ChangeLog file lists improved support for Jack (see above), and some bug fixes.

Web Browsers

BugDays Are Back! (MozillaZine). Join the Mozilla developers for another BugDays event on February 14 and 15, 2002. "Join us this Thursday and Friday as we work to clean up the bug database, weeding out duplicate reports, confirming or resolving bugs, and adding comments and testcases to assist developers working on difficult issues. We're getting very close to Mozilla 1.0."

Desktop Environments

KDE Core Services: Trouble In Paradise. The KDE site has been having a few problems lately. As a result, the KDE 3.0 beta has been delayed.

First GNOME 1.4.1 release candidate. The first release candidate for GNOME 1.4.1 has been announced. A great many fixes and improvements have been worked into this release.

Graphics

GSview 4.2 Released. Ghostgum Software Pty Ltd has released version 4.2 of the GSview PostScript previewer. "This release works with the new Ghostscript 7.04 security updates. It includes a Swedish translation and a number of bug fixes." GSview has been released under the Aladdin Free Public License.

Gimp 1.2.3 and 1.3.3 released. Stable version 1.2.3 of the Gimp is available here. This version features a number of bug fixes.

Development version 1.3.3 of the Gimp is available here. "This release is targetted for developers and curious users. Don't use it for your daily work."

Interoperability

Wine contemplating a license switch to LGPL. The leaders of the Wine project have announced a plan to change the Wine license to the LGPL. "However, with some recent events I cannot disclose, it is clear to me that the opportunity for Wine to be used in a proprietary product is too tempting and has caused some harm to the Wine project. Based on experience, I feel strongly that the potential for harm is great enough that CodeWeavers needs to take two actions. First, we would like to release all new code we develop under an LGPL style license. Second, I would like to open another call for a license change and thereby strongly add my voice to Alexandre's." (Thanks to Dan Kegel.)

Wine Weekly News. The latest Wine Weekly News covers Wine 20020122, LindowsOS and Wine, a new SDL driver, Wine version numbers, and more.

Office Applications

Gorilla Released. Gorilla, a vector-icon based theme for Nautilus, has been released. Gorilla is also discussed on the Gnotices site.

Pan 0.11.2 released (Gnotices). Version 0.11.2 of the Pan news reader has been released. This version features bug fixes, performance improvements, and user interface tweaks.

Miscellaneous

Gnopher 0.2 released (Gnotices). Version 0.2 of Gnopher, the GNOME Gopher client, has been released. Gnopher claims to be the "first fully themeable Gopher client ever." See the Release Notes for all of the details.

Programming Languages

C

GCC now runs on the SuperH SH5. Support for the SuperH SH5 64-bit RISC microprocessor has been added to GCC, the Gnu Compiler Collection.

Caml

Caml Weekly News for February 12, 2002. The February 12, 2002 edition of the Caml Weekly News is out. Topics include a new OCAML beginner's list and OCamldoc 3.04 +1.

Java

DML Statements (O'Reilly). Jason Price writes about the SQL Data Manipulation Language (DML) on O'Reilly's OnJava site. "DML statements may be used to retrieve and modify the contents of database tables. In this article, you will also learn how to process database null values and handle database exceptions."

Ease your multithreaded application programming (IBM developerWorks). Joseph Hartal and Ze'ev Bubis discuss the Consumer class on IBM's developerWorks. "Multithreaded applications often make use of the producer-consumer programming scenario, wherein repetitive jobs are created by a producer thread, passed to a job queue, and processed by a consumer thread. While this programming method is very useful, it often results in duplicate code, which can be a real problem to debug and maintain."

Lisp

Two Lisp Books Available Online. Two Lisp books are now available online. On Lisp by Paul Graham, and The Common Lisp Cookbook, a collaborative work that aims to be the Lisp equivalent of the Perl Cookbook.

CL-PDF 0.41 released. CL-PDF 0.41, a Common Lisp library for generating Adobe Acrobat documents, has been released. This version adds support for internal PDF data compressin as well as new drawing primitives. The software is available here. CL-PDF is released with a FreeBSD style license.

Perl

An SVG Histogram (O'Reilly). J. David Eisenberg writes about using Perl and scalable vector graphics (SVG). "In this article, we'll generate a graphic from existing data. Specifically, we'll write a Perl program that draws a graph of the distribution of file sizes in a directory and its subdirectories."

Optimizing Your Perl (O'Reilly). Robert Spier offers some tips on Perl code optimization. "Is your Perl program taking too long to run? This might be because you've chosen a data structure or algorithm that takes a long time to run. By rethinking how you've implemented a function, you might be able to realize huge gains in speed."

This Fortnight on Perl 6 (O'Reilly). The latest Perl 6 Porters covers a Parrot problem, Unicode strings, the Regex Engine, Perl 6 On Mono, and more.

PHP

PHP Weekly Summary for February 10, 2002. The latest PHP Weekly Summary looks at a bug involving negative indices, talk of the addition of case sensitivity to PHP, manual translations, a new build system, and more.

Python

Dr. Dobb's Python-URL!. The of the Dr. Dobb's Python-URL! is out with all of the latest Python news.

The IPC10 Python Gathering (O'Reilly). Mark Lutz writes about the IPC10 Python Gathering. "First, and foremost to me, there is a tangible 'back to work' mindset in the Python world at large. People are busy having fun with Python again, whether they are getting paid for it or not. Really, there never was much of a pause. Most of what happens in Python has always been a labor of love, and so Python is by and large immune to Wall Street shenanigans."

The Daily Python-URL. This week's entries on the The Daily Python-URL looks at a Python based art project, the Python Routing Toolkit, the pyirclib IRC library for Python, the Frowns chemoinformatics system, coverage of the Python conference, and more.

Ruby

This week on the Ruby Garden. This week's Ruby Garden features articles on Advanced Programming Language Design, the Coerce-ability of bitwise operators, Obfuscated Ruby, the Radical 0.4 web framework, and more.

The Ruby Weekly News. The Ruby Weekly News for February 11, 2002 features software for generating libraries from XML schemas, and expert system shell with a TK front end, a Ruby task distribution system, OpenSSL for Ruby, and more.

Tcl/Tk

Dr. Dobb's Tcl-URL!. This week's has been published. Check it out for all of the TCL news.

XML

Embed binary data in XML documents three ways (IBM developerWorks). Gowri Shankar writes about embedding binary data in XML. "Originally, HTML was supposed to handle only text, but today it is commonly used to refer and mark up non-text data as well. So it is quite natural that XML followed suit. Because XML does not follow a specified syntax (as HTML does) and is more extensible than HTML, people use it in any way they wish to mark up all types of data."

Second Generation Web Services (O'Reilly). Paul Prescod discusses the evolution of Web Services. "In fact, I believe that second generation web services will actually build much more heavily on the architecture that made the Web work, using the holy trinity: standardized formats (XML vocabularies), a standardized application protocol, and a single URI namespace."

Section Editor: Forrest Cook

See also: last week's Commerce page.

Linux and Business

HP Issues Statement on Compaq Merger. HP has issued a statement that discusses some internal issues as well as the company's business plans. "Mr. Hewlett does not understand the linkages between our businesses and the importance of profitability, growth and market leadership in our industry. For example, among his latest assertions is the suggestion that we exit the PC business and shut down PC manufacturing plants. The fact is we have already outsourced our PC manufacturing. This suggestion underscores the absence of a real plan and illustrates his disregard for the strategic, financial and human consequences of such a decision."

HP's plans for Linux are also outlined: "While HP is today a leader in UNIX servers, a market growing at 5-7 percent a year, the new HP also will be No. 1 in Windows servers, a market growing at more than 20 percent, and No. 1 in Linux servers, a market growing at more than 30 percent. Customers want freedom of choice and demand all three operating systems for price performance, flexibility and reduced time to market."

Danese Cooper replaces Chip Salzenberg on OSI board. We got a note from Russ Nelson stating that Chip Salzenberg has resigned from the Open Source Initiative board to pursue other interests. In his place will be Danese Cooper of Sun Microsystems.

E*TRADE Migrates to Linux. According to E*TRADE this press release E*TRADE is taking advantage of the cost and reliability benefits of open-source software. "By using open, standards-based architectures, E*TRADE continues its strategy of maintaining technology cost-efficiencies while providing a superior service experience for its customer households."

IBM launches low-end eServer. IBM has announced its new eServer product, which is very directly aimed at Sun's low-end servers. Among other things, IBM claims that the eServer uses half the electricity of Sun's offerings. It runs Linux, of course.

Linux NetworX Unveils ClusterWorX Lite and Releases ClusterWorX 2.1. Linux NetworX announced the unveiling of ClusterWorX Lite, an entry-level version of its cluster management software with limited functionality, designed for cluster systems with 16 nodes or less. ClusterWorX 2.1, the latest version of the company's cluster management software, is also being released with enhanced features.

Linux Stock Index for February 08 to February 13, 2002.

LSI at closing on February 08, 2002 ... 28.87
LSI at closing on February 13, 2002 ... 28.96

The high for the week was 28.97
The low for the week was 28.64

Press Releases: