Other LWN stuff:
 Daily Updates
 Calendar
 Linux Stocks Page
 Book reviews
 Penguin Gallery

 Archives/search
 Use LWN headlines
 Advertise here
 Contact us

Recent features:
- RMS Interview
- 2001 Timeline
- O'Reilly Open Source Conference
- OLS 2001
- Gaël Duval
- Kernel Summit
- Singapore Linux Conference
- djbdns

Here is the permanent site for this page.

See also: last week's LWN.

Leading items and editorials

• The Ottawa Linux Symposium is back for the fourth time; this year's event will be happening on June 26 to 29. Stephen Tweedie is the keynote speaker, and the conference schedule shows a long list of interesting talks. Attendance at OLS is limited, and the show is about halfway sold out. Folks who are thinking about attending probably want to get signed up before too long.

• Registration has opened for the O'Reilly Open Source Convention, to be held in San Diego, California on July 22 to 26. Keynotes by Lawrence Lessig and Richard Stallman should be interesting, to say the least, and the technical program looks solid - especially in areas of traditional OSCON strength, such as Perl.

• One of the longest-running Linux events is Linux Kongress; the ninth Kongress is scheduled for September 4 to 6 in Cologne, Germany. The call for papers has gone out, with a deadline of June 14 for submission of initial abstracts.

• Looking a little further ahead, the fourth Linux.conf.au will be held in Perth, Australia on January 22 to 25, 2003.

One occasionally hears complaints that the LinuxWorld Conference & Expo (ah, yes, August 12 to 15, San Francisco), has wiped out the more community and developer oriented events. Certainly some of the traditional gatherings (Linux Expo, ALS) are hurting or dead. But a look at the above list shows that the technical Linux conference is alive and well.

This is more than a good thing. Glitzy trade shows have their value, but the Linux and free software communities have a strong need for events that bring together developers and users. No amount of email and IRC can take the place of in-person gatherings, discussions, and beer. Technical conferences make high-bandwidth communications possible, and, crucially, they help to knit a worldwide band of developers and users into a community.

So the continued health of international technical events is a good thing; let us hope it stays that way. Many of these events are heavily dependent on corporate and/or governmental sponsorship for their continued existence - development conferences are not able to bring in vast amounts of money through fancy exhibit floors and "visionary" keynotes from corporate marketing VP's. So far, many of the companies that work in the free software realm have understood that development conferences are an important part of the ecology that they depend on. With luck, this trend will continue.

Lindows, source, and preview releases. This story has come around more than once: a company builds a product using GPL-licensed software. As part of the development process, preliminary versions of the product are distributed to beta testers - without source. The company claims that the source release requirements do not apply to beta versions, and that all will be made well when the official release happens.

The company in the news this time around is Lindows.com, which is working toward the release of its "LindowsOS" distribution. For $99, it is possible to join the "Lindows Insiders" and get preview versions of LindowsOS now; the company, of course, wishes to get feedback from its "Insiders" on how to improve the product. All this makes sense so far - though many folks, doubtless, will balk at paying $99 for the privilege of helping a company find its bugs.

But, it was noticed that the LindowsOS preview release did not come with source. That is where people started to get upset. If a company hands some software to a person who has paid $99 to get it, it seems clear that the company is "distributing" the software. And the GPL is clear that, when you distribute GPL-licensed software, you must also make the source available.

Lindows's failure to make source available caused concern at the Free Software Foundation and elsewhere. Bruce Perens sent an open letter to Lindows CEO Michael Robertson asking him to live up to the GPL. This request was not an attempt to create difficulties for Lindows, contrary to the opinion seemingly held by some. It was, instead, an attempt by copyright holders to uphold the terms under which they released their code.

The simple fact is that labelling a release "beta" or "preview" does not somehow magically suspend the terms of the GPL. If you use code which is licensed under the GPL, you agree to those terms and are expected to live up to them. The GPL has no provision allowing the withholding of source for certain kinds of releases; if you are distributing the software, you are distributing it.

We exchanged some email with Mr. Robertson, and it would appear that this particular situation has been resolved:

I did have a chance to have a friendly chat with Bradley Kuhn and Eben Moglen of FSF. I told them that if they had concerns, we would do our best to address them. We changed our NDA after their input and put up the source code - even for this early, unstable version.

This appears to be one of many situations where calm discussions are far superior to any amount of flaming. Lindows, after all, is not out to rip off the free software community. The company is, instead, trying to build a product that, with luck, will greatly increase the adoption of Linux in the marketplace. It is in Lindows's interest to maintain good relations with the developer community, and the company knows it. Lindows has met its obligations for now; we're looking forward to see how well they do.

The EFF Pioneer Award winners. The Electronic Frontier Foundation has announced the winners of this year's Pioneer Awards. They are:

• Dan Gillmor, for his technology reporting,
• Beth Givens, for her privacy work, and
• the DeCSS authors, as personified by Jon Johansen, for bringing DVD playback to Linux systems.

Inside this LWN.net weekly edition:

• Security: Are 1024 bit RSA keys secure?; mod_python and fragroute releases
• Kernel: IDE cleanups questioned; VM patches in 2.5.
• Distributions: Sorcerer != Sorcerer GNU/Linux (or does it?); Bdale Garbee is the new Debian Leader.
• Development: Quixote 0.4.6, Google API, mod_python 2.7.7, two new Zopes, GTK#, FLTK 1.1.0b13, Gnumeric 1.0.6, CMU Common Lisp 18d, Parrot 0.0.5, PHP 4.2.0 rc4, Python 2.1.3 and 2.2.1.
• Commerce: HP to Provide U.S. Department of Energy Laboratory One of World's Fastest Supercomputers; Mammoth PostgreSQL released.
• Letters: iSCSI, patents, free lunches.

This Week's LWN was brought to you by:

• Jonathan Corbet, Executive Editor

See also: last week's Security page.

Security

News and Editorials

RSA Laboratories, Dan Bernstein himself and Bruce Schneier do not predict any immediate threat to the security of 1024 bit RSA keys based on this research. When choosing a key size, RSA Laboratories considers the table of proposed key sizes offered for discussion at NIST's key management workshop in November 2001 (PDF format) to still be "reasonable general guidelines".

CRYPTO-GRAM Newsletter. Bruce Schneier's CRYPTO-GRAM Newsletter for April is out. He looks at ways of thinking about security, corporate liability for security vulnerabilities, and more. "If security has a silly season, we're in it. After September 11, every two-bit peddler of security technology crawled out of the woodwork with new claims about how his product can make us all safe again. Every misguided and defeated government security initiative was dragged out of the closet, dusted off, and presented as the savior of our way of life."

Security Reports

mod_python 2.7.7 released. Version 2.7.7 of mod_python has been announced. "This release (as far as I could tell adequately) addresses the security issue whereby a module indirectly imported by a published module could then be accessed via the publisher." Upgrades are recommended.

Debian security update to xpilot. The Debian Project has sent out a security alert for xpilot regarding a buffer overflow vulnerability which could be remotely exploitable.

Squid vulnerable to a DNS server based attack. The vulnerability exists in Squid-2.x up to and including 2.4.STABLE4. "A malicous DNS server could craft a DNS reply that causes Squid to exit with a SIGSEGV." MandrakeSoft has released what appears to be the first security update from a distributor to fix the problem for ML 7.1, 7.2, 8.0, 8.1, 8.2, Corporate Server 1.0.1, and Single Network Firewall 7.2.

Webalizer is also vulnerable to a DNS server based attack because of a buffer overflow bug. This unofficial patch to fix the problem was posted on Bugtraq. This one sounds nasty. If reverse DNS lookups are enabled in webalizer, "an attacker with command over his own DNS service, has the ability to gain remote root acces to a machine."

Multiple vulnerabilities in the Melange chat system were reported by Leon Harris. "Melange is a chat system written in C and java which is freely available under GPL. It is quite a nice system, and has been my pleasure to work with it. It was also coded nearly five years ago, at a time when people were not quite so security conscious. Its author has indicated that he is not currently maintaining it, due to other commitments."

web scripts. The following web scripts were reported to contain vulnerabilities:

• Guestbook and xNewsletter from x-dev.de were reported to have multiple vulnerabilities including cross site scripting and "Arbitrary Command Execution under certain circumstances."

Proprietary products. The following proprietary products were reported to contain vulnerabilities:

• IBM Informix Web DataBlade SQL injection and related auto-decoding HTML vulnerabilities were reported by Simon Lodal. When contacted by LWN, IBM Informix Support stated that a fix is being tested and is expected to be released "soon."

Updates

Cross-site scripting vulnerability in Horde/IMP. Version 2.2.8 of IMP has been released, it fixes some vulnerabilities. "The Horde team announces the availability of IMP 2.2.8, which prevents some potential cross-site scripting (CSS) attacks. Site administrators should consider upgrading to IMP 3 (our first recommendation), but if this is not possible, IMP 2.2.8 should be used to prevent these potential attacks." (First LWN report: April 11, 2002).

This week's updates:

Previous updates:

• Debian (April 16, 2002)
• Caldera (April 16, 2002)

Format string exploits in libsafe Libsafe versions prior to 2.0-12 are vulnerable to format string exploits. "Libsafe protection against format string exploits may be easily bypassed using flag characters that are implemented in glibc but are not implemented in libsafe." The current version is libsafe 2.0-13. Steve Beattie pointed out that the Immunix FormatGuard tool is not vulnerable to these kinds of attacks. (First LWN report: March 28, 2002).

This week's updates:

• Mandrake (April 11, 2002)

rsync supplementary groups vulnerability. Ethan Benson reported that rsyncd fails to remove supplementary groups (such as root) from the server process after changing to the specified unprivileged uid and gid. "This seems only serious if rsync is called using "rsync --daemon" from the command line where it will inherit the group of the user starting the server (usually root)." (First LWN report:  March 14th, 2002).

This week's updates:

• Caldera (April 3, 2002)
• Conectiva (March 14, 2002)
• EnGarde (March 11, 2002)
• Mandrake (March 13, 2002)
• Mandrake (April 17th, 2002) (Mandrake 8.1/ia64)
• Red Hat (March 21, 2002)
• Slackware (March 12, 2002)

Resources

Keyed-Hash Message Authentication Code standard. The US NIST has published FIPS 198, The Keyed-Hash Message Authentication Code. FIPS 198 "became a [US] Federal standard on March 6, 2002 [...] The standard describes a keyed-hash message authentication code (HMAC), a mechanism for message authentication using cryptographic hash functions."

Linux security week. The publications from LinuxSecurity.com is available.

Events

Upcoming Security Events.

Date	Event	Location
April 18 - 19, 2002	The Twelfth Conference on Computers, Freedom & Privacy	(Cathedral Hill Hotel)San Francisco, California, USA
April 18 - 19, 2002	InfoSec 2002	UniNet IRC network (irc.uninet.edu) - channel #infosec
April 23 - 25, 2002	Infosecurity Europe 2002	Olympia, London, UK
May 1 - 3, 2002	cansecwest/core02	Vancouver, Canada
May 4 - 5, 2002	DallasCon	Dallas, TX., USA
May 12 - 15, 2002	2002 IEEE Symposium on Security and Privacy	(The Claremont Resort)Oakland, California, USA
May 13 - 14, 2002	3rd International Common Criteria Conference(ICCC)	Ottawa, Ont., Canada
May 13 - 17, 2002	14th Annual Canadian Information Technology Security Symposium(CITSS)	(Ottawa Congress Centre)Ottawa, Ontario, Canada
May 27 - 31, 2002	3rd International SANE Conference(SANE 2002)	Maastricht, The Netherlands
May 29 - 30, 2002	RSA Conference 2002 Japan	(Akasaka Prince Hotel)Tokyo, Japan
June 17 - 19, 2002	NetSec 2002	San Fransisco, California, USA

For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net.

Section Editor: Dennis Tenney

LWN Resources


Secured Distributions:
Astaro Security
Castle
Engarde Secure Linux
Immunix
Kaladix Linux
NSA Security Enhanced
Openwall GNU/Linux
Trustix

Security Projects
Bastille
Linux Security Audit Project
Linux Security Module
OpenSSH

Security List Archives
Bugtraq Archive
Firewall Wizards Archive
ISN Archive

Distribution-specific links
Caldera Advisories
Conectiva Updates
Debian Alerts
Kondara Advisories
Esware Alerts
LinuxPPC Security Updates
Mandrake Updates
Red Hat Errata
SuSE Announcements
Turbolinux
Yellow Dog Errata

BSD-specific links
BSDi
FreeBSD
NetBSD
OpenBSD

Security mailing lists
Caldera
Cobalt
Conectiva
Debian
Esware
FreeBSD
Kondara
LASER5
Linux From Scratch
Linux-Mandrake
NetBSD
OpenBSD
Red Hat
Slackware
Stampede
SuSE
Trustix
turboLinux
Yellow Dog

Security Software Archives
munitions
ZedZ.net (formerly replay.com)

Miscellaneous Resources
CERT
CIAC
Comp Sec News Daily
Crypto-GRAM
LinuxLock.org
LinuxSecurity.com
Security Focus
SecurityPortal

See also: last week's Kernel page.

Kernel development

Note that Linus warns: "The TCQ stuff is definitely experimental, you should probably configure it out for now."

No 2.5.9 prepatches have been issued as of this writing.

The latest patch from Dave Jones is 2.5.8-dj1; it fixes a number of problems but Dave has not dug too deeply into the patch queue yet.

Guillaume Boissiere's latest 2.5 status summary was released on April 17.

The current stable kernel release is 2.4.18. The latest 2.4.19 prepatch from Marcelo (produced when he wasn't busy getting thrown out of the U.S.) is 2.4.19-pre7; it adds a very long list of new fixes and upgrades, but no major changes.

There were no 2.4 prepatches from Alan Cox this week.

The right way to clean up the IDE code. Working on the IDE subsystem seems to be a difficult and thankless task - especially if you are not always concerned about the troubles you create for some users. Martin Dalecki found himself on the firing line again after releasing his IDE 36 patch, which included the following:

Remove sector data byteswapping support. Byte-swapping the data is supported on the file-system level where applicable. Byte-swapped interfaces are supported on a lower level anyway. And finally it was used inconsistently

There was only one problem: some people use and rely on that byte swapping feature. Filesystems can handle byte swapping in some situations - especially with their own metadata - but sometimes it is necessary to deal with a disk where everything is swapped. In particular, it seems that disks from TiVo systems require swapping to be readable on a Linux box.

It can be dangerous to interfere with hackers trying to play with their TiVo systems.

Despite the complaining, nobody is standing up for the old byte swapping implementation. It only worked in the (slow) programmed I/O mode, and could, in especially unlucky situations, lead to disk corruption. This feature clearly needed to be fixed in some way. But a number of people would have rather seen a replacement be provided before the old implementation was yanked.

Linus, however, does not agree:

The fact is, many things are easier to fix afterwards. Particularly because that's the only time you'll find people motivated enough to bother about it. If you were to need to fix everything before-the-fact, nothing fundamental would ever get fixed, simply because the people who can fix one thing are not usually the same people who can fix another.

In other words, a better byte swapping implementation simply is not going to happen until somebody really has to do it.

This better implementation, in fact, will probably not live in the IDE subsystem, and, thus, will probably not be done by Martin. The consensus seems to be that full byte swapping belongs in the loopback driver, where it can be slotted in when needed. No implementations have been posted, but it should not be that difficult for somebody to do.

Where are the VM updates for 2.5?. Mike Fedyk asked:

Why haven't any of the -aa VM updates gone into 2.5? Especially after Andrew Morton has split it up this is surprising...

Given the amount of VM work that happened just before the 2.5 fork, and given that Andrea's changes are said to improve performance and stability in a number of ways, it is interesting that VM development seems to have stopped in 2.5. Appearances can be deceiving, though: Andrew Morton's buffer management and I/O work certainly affects memory management. Rik van Riel, William Lee Irwin, and others have gotten VM-related patches into 2.5. Nonetheless, not much VM work is happening in 2.5. Andrew Morton posted a few reasons why that might be, including:

• Not much work is happening with 2.5 VM. The VM hackers are mostly still working with 2.4; the job there is incomplete, and it provides a more stable platform for VM developments (such as Rik van Riel's reverse mapping (rmap) code).

• Other work, such as the buffer management changes, tends to conflict with extensive VM changes.

• The general direction of VM development in 2.5 is still unknown. For example, no decision has been made on the inclusion of rmap in 2.5. There isn't even a 2.5 rmap patch yet.

Andrea Arcangeli, meanwhile, would like to see his changes in 2.5:

The fact is that in all the feedback I got so far I didn't seen anything that surpasses my vm-33 updates, certainly not mainline without them, certainly not the rmap patch either, and this is why I'm assuming vm-33 is the right thing to merge at this point in time into both 2.4 and 2.5.

Andrea also states that he is done with 2.4 work unless a problem comes up.

Linus has not chimed in with his view of where the VM work should go, so there is really no way of knowing what might get merged when. This could be cause for a bit of concern. The 2.3/2.4 experience demonstrated, clearly, that VM changes should not be left to the end of a development cycle. VM work can take a very long time to stabilize, so any big changes should be in place well before one even begins to think about stable releases.

The Linux Trace Toolkit is now available for the 2.5 kernel. LTT allows for detailed, dynamic tracing of the kernel; it can be invaluable for tracking down obscure, timing-related problems. LTT is shipped by some vendors (especially embedded Linux companies), but is not part of the standard kernel. Karim Yaghmour, author of LTT, would like to change that:

In the past, many have shown interest and support for LTT's inclusion in the standard kernel tree. I won't fill this mail with names, but Alan Cox, for instance, is one of them

LTT is a useful tool for looking inside the operation of the kernel. There is no word, of course, on whether it will eventually be merged into the mainline kernel; it remains, however, just one patch away.

Other patches and updates released this week include:

Kernel trees:

• Shawn Starr: 2.4.19-pre6-rmap-12i-xfs-shawn11. a combination of 2.4.19-pre6, the rmap patch, and XFS.

• Paul P Komkoff Jr: 2.4.19-pre5-ac3-s45. Includes some patches that maybe should not be there.

• J.A. Magallon: 2.4.19-pre7-jam1.

Core kernel code:

• Zlatko Calusic: port of sard I/O accounting patch to 2.5.8-pre3.

• Rik van Riel: helper macros for VM code.

• Robert Love: CPU affinity system calls for 2.4.

• Daniel Phillips: mm.h header splitup allowing some low-level macros to be changed to inline functions. "I didn't fix any of the mistakes that were exposed by compiling with the inlines, e.g., passing ulong to virt_to_phys instead of (void *). It's arguably better to observe firsthand the kind of cruft that the inlines are able to expose."

• Randy Dunlap: bounce and swap stats for 2.5.

• William Lee Irwin: per-zone pte_chain freelists.

• Eric W. Biederman, x86 boot enhancements: 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, and 11.

Development tools:

• Yumiko Sugita, Linux Kernel State Tracer 1.0.

Device drivers

• Martin Dalecki: IDE subsystem cleanup patches: 32, 33, 34, 35, and 36.

• Jens Axboe: IDE tagged command queueing #4.

• Jeff Merkey: Dolphin PCI-SCI drivers for 2.5.7.

• Richard Gooch: devfs v210 (for 2.5.8) and devfs v199.13 (for 2.4.19-pre7).

• Rob Radez: watchdog driver updates.

• Greg Kroah-Hartman: Lineo's USB device implementation (discussed last week). Note that this support will likely be renamed "USB client," and Linus is unimpressed by the patch.

• Justin Gibbs: AIC7xxx driver 6.2.6 for 2.4.

• Michael Clark: SAFTE SCSI enclosure monitor.

Kernel building:

• Keith Owens: updates to kbuild 2.5.

Miscellaneous:

• Kernel Traffic for April 15 is available.

• Jari Ruusu: Loop-AES file/swap crypto package v1.6b.

Networking:

• Dmitry Kasatkin: Affix 0_99.

Ports:

• James Bottomley: NCR Voyager support, now with SMP support.

Section Editor: Jonathan Corbet

For other kernel news, see:

• Kernel traffic
• Kernel Newsflash
• Kernel Trap
• 2.5 Status

Other resources:

• L-K mailing list FAQ
• Linux-MM
• Linux Scalability Effort
• Kernel Newbies
• Linux Device Drivers

See also: last week's Distributions page.

Distributions

News and Editorials

Sorcerer != Sorcerer GNU/Linux (or does it?). On March 28 this column followed the birth of two forks of Sorcerer GNU/Linux (SGL) as the parent seemed to self-destruct. At that time SGL founder Kyle Sallee was lying low, not getting involved with either branch. Now he's back and there is once again a distribution at the old web site, this time called Sorcerer (dropping the GL). Sorcerer is not backward compatible with older releases of SGL. An initial version was made available for download and public testing on April 14, 2002.

Meanwhile, the fork previously identified as Sorcery is currently using the Sorcerer GNU/Linux moniker. There's a vote for a new name in progress. This young distribution, currently at version 0.1.3, has released spells for KDE 3.0 beta.

The third branch of this sorcerous triangle, originally identified as Lunar-Penguin, has also undergone a name change. It seems that Lunar-Penguin is actually a development group. Lunar-Linux is the group's first product. The latest ISO (codename: PETRO) was released April 9, 2002.

Distribution News

Bdale Garbee is the new Debian Leader. The election for the Debian Project Leader is over, and, according to the results page, the winner is Bdale Garbee. For those curious about what this could mean for Debian, here is Bdale's campaign platform.

Candidate Raphael Hertzog has posted a concession message congratulating Bdale and proposing moving forward on a number of his campaign issues anyway. It's an ambitious list of projects.

More Debian News. The Debian Weekly News for April 10 is out; covered topics include the Project Leader election, Woody boot floppy status, Debian Conference 2, the Woody release (scheduled now for May 1), the free status of the FDL, and more.

There has been a bit of a snag in the Woody release process. The "move postgresql from non-US to main" part of the "crypto-in-main" transition was harder than expected due to a library package rename. It's mostly done now, though.

Debian SID packages are available for the Midgard Application Server.

Debian-Med is an internal Debian project to support people in medical care. The goal of Debian-Med is to build a complete system for all tasks in medical care, using only free software. The latest Debian-Med news introduces the new web site, along with a German translation, and mentions some of the project's goals for the near future.

Mandrake Linux Community Newsletter - Issue #38. The Mandrake Linux Community Newsletter for April 10, 2002 looks at Mandrake in the news; the latest activities at MandrakeClub and contains 8.2 software updates; among other things.

For an informative update on Mandrake's participation in CeBIT read "MandrakeSoft at CeBIT - the REAL story". "Now, believe it or not, in spite of all the the "liquid" and "two-legged" temptations, we really got a lot of work done in Hanover!"

Red Hat Linux Bug Fixes. Red Hat has released a bug fix for the GNU C Library. Updated packages are available which fix several bugs that have been discovered in glibc.

Slackware-current 8.1-Beta2 !!. A new version of Slackware Linux is under way. The announcement for Slackware-current 8.1-Beta2 slipped out quietly in the change log, and was subsequently announced on UserLocal.com. There is a lengthy list of changes for this week, including a big GNOME update leading to the beta2 announcement.

LinuxQuestions.org launches Slackware Forum. LinuxQuestions.org has announced a new Slackware Forum.

Unofficial SuSE FAQ. The Unofficial SuSE FAQ is compiled from the SuSE Linux English language mailing list and tries to provide answers to Frequently Asked Questions (FAQ). This is an unofficial document, maintained voluntarily. It has been recently revised to include KDE related lists.

Turbolinux Releases Second Linux Server OS for IBM eServer iSeries. Turbolinux, Inc. announced a Turbolinux 7 Server for IBM eServer iSeries, a fully supported Linux distribution for iSeries. This latest release is based on the 64-bit kernel and also includes IBM's Java 1.3.1 and an ODBC driver for connectivity to OS/400's DB2/400 database.

Minor Distribution updates

2-Disk Xwindow System. The 2-Disk Xwindow System has released v1.4rc09 with minor bug fixes.

Blue Linux. Blue Linux (or BlueEDU) has released v1.0RC2 with minor bug fixes.

CRUX. CRUX has released v0.9.3 with major feature enhancements.

Embedded Coyote Linux. The Fury IP Load Balancer, the next product that will use the Embedded Coyote Linux core has been branched off of the base ECL tree. This project's goal is to design and implement an IP load balancing solution as an alternative to products such as Cisco's Local Director or F5's BIG-IP. More information will be posted on the product homepage.

A new authentication system known as CLAD (Coyote Linux Authentication Daemon) has been written to provide a more robust authentication system from Embedded Coyote Linux products. Currently, the PPTP support in Wolverine is being used to test this new authentication facility.

Gibraltar. Gibraltar has released v0.99.3a with minor feature enhancements.

Mindi Linux. Mindi Linux has released v0.62 with minor feature enhancements.

Vine Linux 2.5 released. Version 2.5 of Vine Linux has been released. "Project Vine officially released the latest version of their Red Hat based stability-oriented Japanese distribution, Vine Linux 2.5, which is their first major release including 2.4 (2.4.18) kernel." (Thanks to Maya Tamiya.)

Distribution Reviews

Red Hat 7.3 beta: A Product Review (Linux Journal). Linux Journal reviews the beta version of Red Hat Linux version 7.3 (Skipjack). "My personal interest in Skipjack arose mainly because this release includes a test version of KDE 2.99, which is really KDE 3.0 Release Candidate 3. I was so excited about this release because there have been claims of great performance improvements. In fact, the final version of KDE 3.0 was announced on April 3."

Review of Gentoo Linux 1.0 (OS News). OS News checks out Gentoo, a source based Linux distribution. "After the basic configuration had finished, I rebooted and, with a single command "emerge kde", Gentoo fetched off the web KDE and all its dependancies (XFree, assosiated libraries etc). And then, I left the machine compiling everything from source (with the optimization flags on), and I went to sleep. The time was already 1 AM. Next morning, the compilation had finished and I was ready to really use the machine as a workstation."

Linux for the masses (MSNBC). MSNBC reviews the Lycoris Desktop/LX. "I found one of the OS's most interesting features is Lycoris' network browser. It's a browser operated version of Windows' network mapping, a great idea for any Linux distribution that's trying to appeal to users of the world's most popular operating system. It also doesn't hurt that to delete unwanted items you move them to a 'trash can'. Everyone can relate to that."

Redmond Linux (RadSoft.net). RadSoft.net is running a short letter praising Lycoris Desktop/LX. "Grand total: 26 minutes. She installed an operating system and an office suite, patched them, learned the basics of the GUI, and was able to start using the office suite in less than half an hour."

OEone HomeBase Offers Computing, Simplified (Open For Business). Here is a review of the OEone Homebase distribution. "For the most part, OEone erred on the side of stability by including older, better tested versions of its key packages such as XFree86 (4.0.3) and Mozilla (0.9.3). On the other hand, HomeBase uses the recent Linux 2.4.17 kernel, which was a very good choice considering some of the problems with the early 2.4-series kernels."

The future of Xandros: Installation is nice, more features expected (NewsForge). NewsForge test drives Xandros Desktop 1.0. "The hardware support was particularly impressive, figuring out the identity of all the off-brand equipment on my test box on the very first try. Up until that moment, the only other operating system that was able to pull that off was Windows. If the installer is as reliable at detecting name brand hardware as it was with my bargain basement system, then Linux users will have a good option for hardware detection, which was once a Linux pipe dream."

Section Editor: Rebecca Sobol

Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.

Distribution Lists:
LWN List
DistroWatch
ibiblio
Linux.com
LinuxLinks
LDP English-language GNU/Linux distributions on CD-ROM
Woven Goods

See also: last week's Development page.

Development projects

News and Editorials

The Quixote design goals are:

• "To allow easy development of Web applications where the accent is more on complicated programming logic than complicated templating."
• "To make the templating language as similar to Python as possible. The aim is to make as many of the skills and techniques learned from writing regular Python code applicable to the task of writing Web applications."
• "No magic. When it's not obvious what to do in a certain case, Quixote refuses to guess."

Quixote is plugged into a web server via the CGI directory, it can use CGI, FastCGI, SCGI, and mod_python.

Versions 0.4.5 and 0.4.6 of Quixote have been released recently, both are mainly bugfix releases. See the CHANGES file for information on the latest features.

Quixote is licensed under the CNRI (Corporation for National Research Initiatives) Open Source license agreement.

Education

SEUL/Edu Report #68. The April 15, 2002 edition of the SEUL/edu Linux in education report is out. Topics include software for managing grade books, an open lesson plan site known as LessonForge, LinuxFund winter grants, and several new free educational software releases.

The SEUL/Edu Report is now also available in Spanish.

Embedded Systems

Embedded Linux Newsletter. The LinuxDevices.com Embedded Linux Newsletter for April 11 is available, with the usual roundup of happenings in the embedded Linux community.

Optimizing Embedded Linux (Dr. Dobb's). Todd Fischer illustrates how to tune an embedded Linux application on Dr. Dobb's Embedded Systems site.

Mail Software

New Mail Filters. The Milter.org site lists a few new mail filtering utilities, j-chkmail and Smtpblock.

Web-site Development

Google API Released, Full of SOAPy Goodness (use Perl). Google has released an API to their search engine using SOAP.

mod_python 2.7.7 released. Version 2.7.7 of mod_python has been announced. "This release (as far as I could tell adequately) addresses the security issue whereby a module indirectly imported by a published module could then be accessed via the publisher." Upgrades are recommended. (Thanks to Giorgio Zoppi.)

Midgard installation notes for Debian. Installation instructions that detail the installation of Midgard on the sid version of Debian GNU/Linux have been announced. (Thanks to Henri Bergius.)

Zope 2.4.4 beta 2 and Zope 2.5.1 beta 2. Two new versions of Zope have been released, stable version 2.4.4 beta 2 and development version 2.5.1 beta 2. See the CHANGES files for version 2.4.4 beta 2 and version 2.5.1 beta 2 for all of the details.

Installing mod_perl without superuser privileges (O'Reilly). Stas Bekman shows how to install mod_perl on O'Reilly's perl.com site. "As you have seen from my previous articles, mod_perl enabled Apache consists of two main components: Perl modules and Apache itself. While installing Apache without root privileges is easy, one should know how to install Perl modules in a nonsystem-wide location. In this article, I'll demonstrate ways to complete this task."

The NemeinRCS revision control library for Midgard. The NemeinRCS revision control library has been released for download. "NemeinRCS is a revision control library for the Midgard application server. NemeinRCS can be used for adding revision control capabilities for custom administration interfaces and content management tools built using the Midgard framework." (Thanks to Henri Bergius.)

Web Services

Universal Description, Discovery, and Integration Part 1 (O'Reilly). Tyler Jewell and David Chappell introduce UDDI on O'Reilly's onJava site. "UDDI -- Universal Description, Discovery and Integration -- is a key Web services technology. In this series of excerpts from Java Web Services, you'll learn how to program UDDI services. Part one here provides a basic understanding of UDDI and how Java works with it."

Documentation

LDP Weekly News. The April 16, 2002 edition of the LDP Weekly News features new HOWTO documents on Game Servers, Russian Tea (yes, the kind you drink), and a new Linux Cookbook.

Miscellaneous

A Fast Start for openMosix. Dr. Moshe Bar recently announced the creation of openMosix, a new Open Source project. The project has attracted a team of volunteer developers from around the globe and is off to a very fast start. openMosix, is an extension of the Linux kernel.

Application Links
GIMP
Mozilla
Galeon
High Availability
ht://Dig
mnoGoSearch
MagicPoint
Wine
Worldforge
Zope

Open Source Code Collections
Berlios
Freshmeat
OpenSourceDirectory
Savannah
Le Serveur Libre
SourceForge
Sweetcode

Desktop Development

Audio Applications

WaveSurfer 1.3.1 released. Version 1.3.1 of the WaveSurfer sound visualization and manipulation tool is available. The changes include documentation updates and bug fixes.

Web Browsers

Mozilla Independent Status Reports. The MozillaZine Independent Status Reports page lists a number of new developments including updates to the Optimoz, mozdev, and Beonex projects.

Desktop Environments

The People of KDE: Lukàs Tinkl. This week's People of KDE features Lukàs Tinkl, co-maintainer of kde-i18n, among other things.

KDE Print: Developer Tutorial Now Available. KDE.News has an announcement for a tutorial on using the KDEPrint module. "The tutorial is intended for application developers who wish to make use of KDEPrint within their applications."

Hey, Mom, I did GNOME!. Now you can see who's working on GNOME by checking out the gnome-stats project.

First C++ interfaces for Bonobo (Gnotices). A new C++ interface has been announced for Bonobo. "The gtkmm team have released a first version of libbonobouimm, with a working example. So C++ coders should soon have a sensible way to work with the whole GNOME toolkit."

Games

Tetris meets the Java bean (IBM developerWorks). Scott Clee shows how to implement the Tetris game using Java beans. "IBM Software Engineer -- and gamer at heart -- Scott Clee provides a simple way to take the Tetris game model and wrap it up as a reusable Java bean component. Once the game elements have been broken down into Java objects, they can be reassembled to form the complete game model bean, enabling it to be plugged into virtually any Tetris GUI."

GUI Packages

First Public Release of GTK#. The first public release of Gtk#, the C# language binding for the Gtk+ toolkit, has been announced. "Right now, all we're sure it does is run a Hello World app and a simple Button pressing demo app. We invite you to kick the tires and send us lots of bug reports, if you are the type that likes to adopt technologies long before they do much of anything useful."

FLTK version 1.1.0 b13 released. A new version of FLTK, the Fast Light ToolKit, is available. See the CHANGES file for information on what's new.

Multimedia

Ogg video CODEC released under the LGPL. The VP3 open source video CODEC has been released under the LGPL. The CODEC is to be integrated into the Ogg Vorbis framework, volunteers are needed.

Office Applications

AbiWord Weekly News #87. Issue #87 of the AbiWord Weekly News is out. Topics include the 0.99.5 release of AbiWord, a nifty plot of active and fixed bugs, and more.

Kernel Cousin GNUe #24. Kernel Cousin GNUe issue #24 is out with all of the latest developments from the GNU Enterprise project.

Gnumeric 1.0.6 released. Version 1.0.6 of the Gnumeric spreadsheet has been announced. This version features lots of bug fixes.

Programming Languages

BASIC

It BASICally Works (use Perl). The Perl Parrot compiler now supports BASIC. "Yep, we have a full-featured BASIC interpreter for Parrot in CVS."

Caml

Caml Weekly News. The April 16, 2002 edition of the Caml Weekly News looks at iox-1.00 b3, the Cryptokit library for OCaml, a re-implemented Queue module, Caml data structures, and more.

The Caml Hump. This week's new Caml Hump entry is the Coq proof assistant, which is used for the solution of mathematical proofs.

Java

Create native, cross-platform GUI applications (IBM developerWorks). Kirk Vogen writes about portable Java GUI design on IBM's developerWorks. "The Java language has flourished in the server-side and applet spaces, but when it comes to end-user applications, it isn't usually a player. But it doesn't have to be this way. Using Linux, the GNU Compiler for Java, and the Standard Widget Toolkit, you can create fast, native GUI applications programmed in the Java language."

Jython Tips for Python Programmers O'Reilly). Noel Rappin introduces Jython on O'Reilly's ONLamp site. "For somebody already familiar with Python, the greatest attraction of using Jython is the ability to use any of the wide range of existing Java libraries and tools while being able to still use Python as the programming language."

Lisp

CMU Common Lisp version 18d released. Version 18d of CMU Common Lisp has been announced. This version adds support for the OpenBSD/x86 platform, and features many new improvements.

Perl

Parrot 0.0.5 Released Into the Wild (use Perl). Version 0.0.5 of the Perl 6 Parrot compiler has been released. New features include Perl Scalar support, array and hash types, an EMACS editing mode, support for BASIC, a regular expression compiler, and more.

PHP

PHP 4.2.0 rc4. PHP version 4.2.0 release candidate 4 has been announced. This version features experimental support for Apache 2.0.35, and lots of bug fixes. PHP 4.2.0 is scheduled for release on April 22.

PHP Weekly Summary for April 15, 2002. The April 15, 2002 PHP Weekly Summary is out. Topics include forking of the GD library, EXIF headers, a fix for ZE2 and OpenSSL, a new DOM-XML extension, PHP 4.2.0 RC 3, a fix for Apache 2, and more.

Python

Python 2.1.3 released. The Python Software Foundation has announced the release of Python 2.1.3. "'We're happy to offer this maintenance release. This is not the latest and greatest version of Python, but it introduces several important improvements for people who prefer to continue running Python 2.1,' said Guido van Rossum, creator of Python and president of the Python Software Foundation." (Thanks to Stephan R.A. Deibel.)

Python Software Foundation Announces Python 2.2.1. The Python Software Foundation announced the release of version 2.2.1 of the Python programming language and standard libraries.

Dr. Dobb's Python-URL! for April 15. The Dr. Dobb's Python-URL! is available, with all the weekly Python news and links for the week of April 15.

The Daily Python-URL. New this week on the Daily Python-URL, are articles on Zeo 1.0 final, Zope lessons, the Python foundry Wiki, Pyrex, the sociology of language evolution, extending Jython, and more.

Ruby

The Ruby Garden. This week's Ruby Garden looks at constructor initialization, type checking, iterator variable reuse, argv security issues, and more. The April 15, 2002 edition of the Ruby Garden's Ruby Weekly News features Ruby/Google 0.1.0, REXML 2.1.2, and SOAP4R 1.4.3.

Scheme

The latest Scheme News. MJ Ray has sent us the latest Scheme News. Topics include a new Scheme Request for Implementation, reaffirming the IEEE language standard, several new Scheme modules, and more.

Tcl/Tk

Dr. Dobb's Tcl-URL! for April 16. The Dr. Dobb's Tcl-URL! is available with all the weekly Tcl news and links for the week of April 16.

XML

What's New in XSLT 2.0 (O'Reilly). Evan Lenz explores the new features in XSLT version 2.0. "In this article, we'll take a look at some of the new features specific to XSLT 2.0, as outlined in the latest working draft. Again, this assumes that you are familiar with the basics of XSLT/XPath 1.0."

SOAP::Lite 0.55 Released (use Perl). Paul Kulchenko has released SOAP::Lite version 0.55.

Integrated Development Environments

GNUstep Weekly Editorial. The April 4, 2002 GNUstep Weekly Editorial covers AppTalk 0.1.0 for integration of StepTalk scripting into applications, and mentions the GSFTP user application.

Miscellaneous

MLton Standard ML compiler. Version 20020410 of the MLton Standard ML compiler has been released. This version adds Cygwin/Windows support, and is SML 97 compliant.

Section Editor: Forrest Cook

See also: last week's Commerce page.

Linux and Business

HP to Provide U.S. Department of Energy Laboratory One of World's Fastest Supercomputers. The Department of Energy's Pacific Northwest National Laboratory announced that it has ordered an 8.3TF Linux-based supercomputer from Hewlett Packard Company to be installed in the Molecular Science Computing Facility in the William R. Wiley Environmental Molecular Sciences Laboratory, a DOE scientific user facility at PNNL.

PNNL will be posting job openings for senior kernel programmers to work on this new supercomputer. The jobs.pnl.gov site should have the listings starting April 20, 2002.

Mammoth PostgreSQL released. Command Prompt has announced the release of "Mammoth PostgreSQL," a commercially-supported version of the PostgreSQL database.

Linux Stock Index for April 12 to April 16, 2002.
LSI at closing on April 12, 2002 ... 23.80
LSI at closing on April 16, 2002 ... 24.57

The high for the week was 24.93
The low for the week was 23.80

Press Releases: