Linux Weekly News

Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise news for all interests
Published February 26, 1998

Sections:
Linux articles
Security
Kernel news
Distributions
Ports
Software Development
Tips
Announcements
Links of the week
Feedback and corrections

Other stuff:
The LWN Archives
Our Linux links page

Leading items

Linus Torvalds and Richard Stallman are recipients of the 1998 "pioneer award" from the Electronic Frontier Foundation. They are awarded for having created Linux via their separate efforts, a pairing that is certain to please the GNU folks. Congratulations to both, it is certainly well deserved. See the EFF award page for more.

Eric S. Raymond is at it again: his latest writing entitled "The Economics of Open-Source Software" gives his vision of how free software will take over the world. Some of his assumptions are open to question, but it is certainly a good extrapolation of how things could go, and how one could make money in this new world. Very much worth a read. Late-breaking note: this article has been moved out of the above site (a pointer remains) and put into the opensource.org web site.

Some have raised this question: if free software is so great, and is more competitive than commercial packages, why is it that clearly worthwhile projects like WINE seem to languish forever? It seems that maybe the Bazaar model is not always as good as it could be when it comes to prioritization. There are a number of gaps, such as the Windows API, office suites, and such that will need to be filled before free software can achieve the stated goal of world domination.

Netscape has put out a "free source" FAQ. It can be found here. They reiterate that Linux will be one of the initial platforms for their source release.

A Linux CPU Farm in Malaysia? Check out this proposal. To quote, "Malaysia -- where sandy beach, rubber trees, paddy fields and the Linux CPU farms live next to each other!" The idea seems to be to set up a multi-hundred CPU computing system to rent out to folks with Titanic-sized problems. Contact Liang-Shing Ng if you're interested ...

Party on Linux? Here's the report from UNSW's recent Linux party.

Sun integrating linux features? That's been recommended, particularly /proc/scsi. Will they? They've thought about it. When? Maybe soon, maybe never. Here's the comment from comp.unix.solaris.

Got some feedback, some news to publish, or something else you would like to tell us? lwn@eklektix.com is our address.

Or would you like to be notified when new editions of the Linux Weekly News are published? Click here and send a blank message.

Please see our contact page for other contact information.

Here is the permanent site for this page.

    
[Articles]

Linux in the news

Antisoft? The folks at Network World Fusion propose a coalition of sorts to turn Linux into a true competitor. An interesting article...along lines that we've been seeing ever more frequently. Worth a read. Note that this article is on a site requiring registration; the usual "cypherpunks / cypherpunks" login will get you in, though.

Urban legends department. Infoworld carried a rumor that Cisco tried to convert its print services over to Windows NT, then ended up returning to Linux. A number of postings from folks claiming to work with Cisco's print system claim that this isn't true. But the truth is close: apparently a lot of their print system has always been made up of NT machines; these are being phased out in favor of Linux boxes. The motivation seems to be mostly the ease of remote administration.

PCWeek Online ran a favorable review of the Cobalt Microserver. They were especially pleased by the web-based administration interface.

Infoworld did an equally favorable review of the VarStation YMP.

Two French-language articles on Linux can be found in Nomade and France-Info. The latter predicts a good future for "Cet étrange système"; the former talks generally about "le code source" and le "licence publique générale".

OK, so it isn't Linux, but it's too good to pass up. Certainly we all want to be first in line to see Microsoft Extreme, a two-hour theater presentation on Windows 98. Can somebody please start an "open celluloid project" to get Linux footage into the theaters? We're falling behind here.

 
    
[Security] Here is a report on how the "not-so-dangerous symlink bug" can be turned into a cute, powerful weapon. The author then provided patches for the mildly paranoid and the strongly paranoid.

In response, a posting to bugtraq stated that any time a filename is created atomically, whether a symlink, a fifo, or a regular file, such a vulnerability can be created.

From Italy comes word of reproducible bug in some ATX motherboards. The description comes with code for Linux to see if you can reproduce the bug on your own card.

A bug in Squid (a software package that offers high performance proxy caching for Web clients) has been confirmed which allows bypassing of Squid ACLs. The original posting was followed by a confirmation from the Squid developers, which contains patches for Squid 1.1.2 and 1.2beta15.

The tetex-0.4pl8 package (and previous ones) contains a world-writable/readable database file, /usr/lib/texmf/texmf/ls-R, which can be exploited. This is addressed in the teTeX Instalation and Maintenance Guide. Chapter 3.2, and can be prevented.

There is a security problem with the pseudo nfsd of cfs-1.4.0beta2. Here is the original posting, but the patch it included contained a typo. A correct posting followed.

Some people have reported a serious bug in the radius dialup authentication software which can cause a crash. However, testing by others has found it difficult to reproduce in other environments. Check out the bugtraq postings if you are interested, there are a lot of them ...

A resource starvation attack on the setuid root passwd(1) program is demonstrated here , on Red Hat Linux, passwd-0.50-7 program without shadowing.

Quake fans take note, Quake 2 Linux 3.13 should not be installed setuid (recommended by the install notes). If you do, it is fairly easy for a user to get a root shell. In addition, keep an eye out on sunsite for Q2-wrapper, It makes Quake 2 safer and allows users to have their own config and save files while leaving Quake in blissful ignorance ...

 
    
[Kernel] The current development kernel release is 2.1.88. A 2.1.89 pre-patch already exists, though, so it will likely be official by the time you read this. 2.1.89 should contain the big kernel swapping patch (see below), and the usual set of fixes. If you grab 2.1.88, note that it had a couple of compile-time problems of the typographical nature.

There has been a fair amount of talk recently about strange crashes with 2.0.33. Doug Ledford dod some investigation, and put together a summary of kernel configuration options that can minimize the problems. Others have noticed a correlation between the use of xntp (a seriously useful time synchronization protocol) and the crashes. One possible solution seems to be to use the 2.0.34pre2 patch, which has a *lot* of fixes in it.

On the development side, recent 2.1 kernels continue to have problems with TCP connections stalling. Some folks are working on it, so we can hope to see a fix before too long, but nobody has posted any serious thoughts on what the cause could be yet.

Last weeks "Ultra sound driver" has become this week's Enhanced Linux Sound Architecture. Jaroslaw Kysela posted an announcement which gives the new name and announces the 0.0.3 release of a new sound driver. Still no coordination with the other sound driver project in the works, unfortunately.

An occasionally recurring FAQ: how do I get a running system to recognize a new SCSI device? On 2.1 systems, if you write a message (with 'echo', say) like:

  scsi add-single-device Host Channel Id Lun
to /proc/scsi/scsi, it will do the trick (replace Host, Channel, etc. with the correct values, of course). Of course, nothing in the kernel can make it safe to hot-swap hardware that wasn't meant for it. Trevor Johnson has put together a long web page of discussion on this topic for those who are interested.

Stephen Tweedie put in a patch that makes some big swapping changes. Swapping now uses much of the paging mechanism for caching and such; this brings a number of advantages, including a major simplification of the locking mechanism. Perhaps the biggest win is the ability to swap shared pages, and have them remain shared. See his announcement for more. Linus has said that this patch will probably go into 2.1.89.

The big fight this week, though, was over whether to include the General Graphics Interface (GGI) in the kernel. It is somewhat ironic, in that the GGI folks don't feel that they are ready to go into the kernel distribution yet, and have not asked to be put there. Nonetheless, one luckless person asked when he might see GGI in the kernel, and set off a storm.

If you're interested in this debate, a good place to start would be the GGI web pages. The GGI folks are reworking the current console, keyboard, and graphics interfaces. They have a number of goals:

  • Create a more robust means for access to the video hardware, such that SVGA or X crashes don't bring down the machine, different applications using different modes can get along with each other, and root access is not needed for direct graphics access.

  • Implement a standard API for accelerated graphics operations, with hardware-specific kernel modules used to provide access to specific accelerated functions.

  • Allow top-speed graphics, for games and other such crucial applications.
Much of their work seems to be oriented toward the support of direct OpenGL rendering on cards that will support such operations. This goal has led some people to assume that the GGI folks want to implement OpenGL in the kernel; everybody (including the GGI team) agrees that this would be a Bad Idea.

Opposition to GGI rests on several points (or opinions):

  • People fear that major kernel bloat would result from the inclusion of GGI. A subset of these people seem to resent that the GGI code would be part of the source, even if they configure it out of their kernel; this one is a bit hard to understand.

  • There are objections that the GGI patches change far too many things in seemingly unrelated parts of the kernel. There are also claims that GGI duplicates a lot of existing code.

  • Some feel that the approach is completely wrong, that it is better to go with the simple 'fbcons' interface (originally in the m68K port, present on i386 starting with the 2.1.8x kernels) and have setuid applications deal with accelerated cards entirely in user space.

  • Some complain that the current GGI implementation is slow.
The GGI team responds that the kernel part of GGI ("KGI") is small; that all supported hardware has drivers in the kernel, video and input should be no different; that they changed other parts of the kernel because they had to, and that the project as a whole should not be written off just because the current implementation is far from perfect. They remind us that they have never claimed to be ready for prime time, or even for the development tree yet.

Linus has remained mostly out of the debate, saying only that he has not heard of enough people using GGI yet to make it worth considering for inclusion into the kernel. No real conclusion has been reached, though some hard attitudes seemed to be softening recently. The point is moot until the 2.3 series begins in any case; GGI, even if it were ready, is far too large a change to go into 2.1 at this late date.

Since we're a weekly publication, chances are we'll be behind a rev or two on the kernel release by the time you read this page. Up-to-the-second information can always be found at LinuxHQ.
    
[DISTRIBUTIONS]

Caldera

OpenLinux Standard 1.2 and OpenLinux Base 1.2 starting shipping Monday, February 23rd! Here is the announcement and here are some comments from a pretty happy beta tester.

People using other Linux distributions can get a special price on 1.2 standard of $149, via one of Caldera's channel partners. This has raised some concern that current Caldera users might also be required to pay $149 to upgrade from 1.1 to 1.2. Hopefully Caldera has a different, lower price in mind which they will announce soon to appease some concerned supporters.

Caldera is looking for mirrors for its ftp site. Here is a list of steps to follow, if you are interested.

Caldera has started selling a small business appliance for NetWare which uses NDS and has an OpenLinux-based software backbone. This has annoyed some of their VARS, who expected an integration of NDS into OpenLinux but have been presented instead with a potentially competing product. Apparently OpenLinux Deluxe, with NDS, is still expected in the 2nd quarter.

Caldera's COAS project (Caldera Open Administration System) has announced a pre-alpha release, COAS 0.10. Sign up on the COAS mailing list if you want to check this product out.

For those curious about Caldera OpenLinux 1.2 innards, we hear that it will be shipping with XFree86 1.2 and that the VirgeDX and Millenium cards will be handled within the SVGA server. No major changes to FastTrack reported and RPM is at version 2.4.7. All information is subject to change, of course, since only beta copies were seen before this information was posted.

Debian

Rumour has it that there are less than four weeks left until the Debian 2.0 code freeze. That should give people a time estimate for a Debian 2.0 release. Of course, all of these bugs must be fixed before the release. Feel free to volunteer to help if you want to speed things up!

The renaming of "deity" (the successor to dselect) is underway. The name "trove" (as in treasure trove) has been suggested, meeting, as usual, with both people who hate it and who like it. Suggestions range from keeping deity, to others like dfine, packman, and more.

Here is information on docs for deity.

Debian has joined MAPS, the Mail Abuse Protection System. This is a network of system administrators that agree to voluntarily refuse e-mail from sites that support spammers or have poor anti-spam policies. Their web site is at http://www.vix.com/. Given the large number of spams we've seen recently on almost every Linux mailing list, MAPS sound wonderful.

Red Hat

The Tutorial on How to become a Linux-based ISP has been updated to include RedHat 5.0.

Red Hat has multi-pack licenses available. They appear to offer 10-20% savings.

SEUL

The editor site showing various options for the default SEUL editor(s) is pretty much done. Check them out and post to seul-project to express your opinion. Remember, they don't need a repeat editor-war, just help choosing good editors for potentially inexperienced Linux users.

S.u.S.E.

Another resource for english-speaking S.u.S.E. readers is the S.u.S.E. english support database. Apparently a lot of updated articles have been added recently. On the other hand, if you speak German, apparently the German version is more extensive.

S.u.S.E. responded promptly to a post by one user who detailed place after place where the installation could be made smoother and more intuitive for the user. The information is being forwarded to the YaST development team, who are already working on a YaST redesign. Detailed feedback, immediate response. Good going!

 
    
[Ports]

Alpha

Hugo van der Kooij went through a lot of troubles getting C++ compiles to work on his RH 5.0 Alpha box. In the end, a lot of them were fixed by putting in a new 2.0.33 kernel. His instructions on how to do this, along with patches, are available on his web site.

Sparc

The current development version for Sparc will go into the 2.1 kernel this week according to Jakub Jelinek. The stock 2.1 kernel hasn't been buildable on Sparc machines for quite some time, requiring bleeding-edge Sparc enthusiasts to work from the vger CVS repository instead. The 2.1 kernel, in addition to all the other cool stuff it has, should help to reduce significantly the slowdown problems that people have been seeing on Sun4c machines.

68K

Paul Coene got inspired by the no-MMU work for the 68K, so he started playing with it with an aim towards making it work on his old Atari ST. He claims success; see his Linux/68000 page to see how he did it.

An unofficial port of Red Hat Linux to the 68K may be found on sunsite.auc.dk in /pub/os/linux/680x0/redhat. It contains RPM's built against both libc5 and glibc. Debian, of course, has been working on a distribution for some time, which should be available on any of their mirror sites.

 
    
[Software Development] The "Kaffe" runtime Java environment is a vital piece of a free Java implementation for Linux. The future of Kaffe became a little clearer with this post from its authors, outlining their plans. They have formed a new company, Transvirtual Technologies, with the intent of furthering, and making money from, the Kaffe system. Kaffe, seemingly, will remain free for Linux-based users, but may not be free in other environments (they seem to be targetting embedded systems). A new release, with a completely new AWT implementation, will be forthcoming.

There has been silence recently on the linux-ha list (high availability), but an explanation was recently posted and an initial design document is in the works.

A first crack at a LayoutManager to end all LayoutManagers has been made. The author is looking for some java hackers to check it out.

First reports on Uncle George's alpha-version of JDK 1.1.5 (on Red Hat 5.0) mention incredible speed and some cosmetic problems ...

One way to bug Sun about the need for a Linux port of the java server is to vote for bug id 4097810 ("PLEASE Port Java Server to Linux!!!") on bugparade. Of course, such voting has already moved it to the top-10 list...

There was a problem with the .tar.gz package for C-Forge 1.0 (the rpm version was and is okay). A repaired package is now available. C-Forge apologized for the inconvenience and stated, for the record, that C-Forge is a Unix application and will never run on 95/NT.

Truth or Safety? The question came up whether the default user agent for junkbuster, under which the proxy identifies itself to web servers, should be set to a name that includes "Linux" or not. Here are arguments pro and con.

Picked up as a rumor, third-hand reports speak of a Sybase developer, excited about Linux, who has management support to begin experimentation or completion of a port to Linux ...

 
    
[Articles] Reading a linux partition from your dual-booting machine when it is currently running Windows 95 is possible; check out fsdext2. It is a work-in-progress and the author is looking for feedback.

Since we've talked a lot about StarOffice recently, perhaps people will be interested in a comparison of StarOffice and Applix on a notebook. Both have their strengths.

 
    
[Announcements]

Software

Package Version Description
Anacron 2.0 Runs commands periodically
angela! 1.15beta a graphical graph editor
apache 1.3b5 The server that makes the web work
blackjack 1.1 blackjack game for X/Qt
Comanche 0.3a A tcl/tk Apache configurator
DosLinux 53 small linux distribution for dos systems
Fortify 1.2.1 Strong encryption add-on for Netscape
KDat 1.01 GUI front-end to tar
KFourier 1.1 An Image processing app
kerberos V5R1.0.5 Strong authentication suite
KMid 0.4.1 midi/karaoke player
KPPPLoad 1.01 PPP Load monitor for KDE
libretto 1.7 a free C library of generic container types
logwatch 1.0-1 Analyzes system logs (for RHL5)
Mirrordir 0.9 backs up directories using a minimal set of changes
MIT Kerberos V5 R1.0.5 Bug fix release of the Kerberos software
mixer 2.0 command line mixer program
MyNMS Monitor network interfaces
netaudio n/a access server cd-rom drive, sound cards or floppy
nmh 0.23 New development tree for the MH mail system
ObjC 1.8.8 Objective-C precompiler for Linux
pcmcia-cs 3.0.0 Linux PCMCIA Card Services
redhatplipks 1.0 patch and howto for installing RedHat on multiple machines with predefined configurations
Remind 3.0.18 Sophisticated calendar/alarm program
rinetd 0.4 TCP redirection server
rpm2html 0.60 a tool to generate Web pages from RPM packages
SJChat 1.0 Simple Java Chat system for WWW pages
Synaesthesia 1.3 visual representation of music from CD
UrlGet n/a a command-line HTTP/FTP/GOPHER client
vnc Remote displays between Unix/Linux/Windows machines
WCD 1.8.2 Powerful chdir for DOS and Unix, w/C src
Windy City Pains n/a CRPG game for Linux (amusing announcement
wgetrel 1.0 intellgent www information robot
WebMailFolder 1.0.1 mail folder to html converter
WML 1.6 Website META Language, off-line HTML generation toolkit
Xcoral 3.14 X text editor
xpmbrowser 2.0 X file browser program
xmrm 2.0alpha Morphing Program for XWindows
yaab 0.1 Yet Another Address Book

Projects

Simplicity for Java(TM) is in beta-release and Data Representations is looking for beta-testers.

A guy out there wants to create a home finance package along the lines of Quicken, but under the GPL. It would be called "GnoMoney". A quick blurb is up for those who are interested.

Resources

A new "Webstore" has opened in the U.K. providing a variety of Linux products.

Linux Systems Labs is now shipping a CD containing Linux Slackware 3.4, Netscape 4.0 and a 14-day free trial of Wordperfect version 7.

Ultra cheap Linux CDROMs are available in Germany/Europe. The announcement is primarily in German.

GPL Redhat Linux 5.0, the copy-lefted portion of the Redhat 5.0 distribution, is available from Canadian Linux Distribution.

The fifth issue of "Linuxove noviny", the Czech and Slovak Linux and Free Software magazine, has been announced.

Events

Linux Expo!. Torvalds, Cox, Hall, Perens, Raymond, Miller, de Icaza, Warzenius, Jelinek, and many more. May 28-30, Durham, NC. Announcement here.

The 9th International Rexx Symposium for Developers and Users will be held in Raleigh, North Carolina during the period May 11 through 13, 1998. Here is the call-for-papers.

The United Kingdom UNIX User Group will running a one day technical conference in Manchester on Saturday 27 June 1998.

Web sites

A web-page dedicated to the collection of information about a Debian based firewall system has been announced.

Mailing lists

A mailing list for the port of JMF to Linux has been announced.

A mailing list has been created for people who have Micron XKE laptops, and want to install/use Linux on it.

User group meetings

Linus Torvalds will speak at the Silicon Valley Linux Users Group (SVLUG) meeting, March 4, 1998.

Starting March 7, 1998, The Uruguay Linux Users Group (UYLUG) will meet weekly every Saturday at the Seminar Colleage in Montevideo, Uruguay. Here is their email address.

Here is the announcement for the February 27th meeting of the Linux User Group Darmstadt. Please note that the announcement is in German.

The next meeting of the Toronto Linux Users Group will be held on Tuesday, February 24th, 1998.

The Eustis Linux User Group (ELUG), serving Central Florida Linux enthusiasts, will have their second meeting on Tuesday, 3 March 1998.

 
    
[Links]

Linux links of the week

This month's Linux Journal article got me to finally look at SANE. SANE, or "Scanner Access Now Easy" is a package for interfacing to scanners, or to any other sort of digital image source (cameras, for example). These folks have thought things through well; this is one nice bit of software. Now all we have to do is to get a scanner...

OK, so this has nothing to do with Linux, but it's too cool to not mention. The complete text of R. Buckminster Fuller's Synergetics has been put on the web for free access. This is free software of a different type, source code for how the universe works.

 
    
[Feedback]

Feedback and Corrections

Brett Etter throws his two-cents worth in on the side of "Open Source Software" or at least "Open Something Software", rather than "Free Software".

The PEAL project, "Project to Equip Astronauts with Linux", has changed its name to LEAP, "Linux-Equipped Astronauts Project", and the URL is now http://www.cantrip.org/leap.html.

One reader checked out the 182 reported "Linux sucks" sites (from the Operating Systems Sucks-Rules-O-Meter page that was listed in our Links section in the February 19th edition). 105 of the 182 reported Web pages listing "Linux Sucks" were from logs of a FreeBsd irc session. 56 were the "Code of the Geeks" page and its 55 mirrors which use the term humorously and lovingly. That leaves only 21 presumably negative pages ...

 
    
Eklektix, Inc. Linux powered! This page is produced by Eklektix, Inc.