Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise
news for all interests
Sections: Main page Linux in the news Security Kernel Distributions Development Commerce Announcements Back page
Other stuff:
Here is the permanent site for this page.
|
Leading itemsBig business is showing increasing interest in Linux and free software. Consider, for a moment, Some of this week's events:
This is quite an array of announcements for one week. It is time to say that the industry has not only discovered Linux and free software, but it is beginning to actively embrace them. Mitsubishi and Compaq have received an order for a 130-processor Beowulf cluster from the Japanese Institute of Physical and Chemical Research, according to this brief Nikkei Net article. That's 130 Alpha nodes, of course; this is going to be one fast machine. [Update: this article no longer claims that the machine in question will run Linux; it has been changed to Digital Unix instead. Oh well.] An electronic petition is being "circulated" which requests that the U.S. government more strongly consider the use of open source software. In particular, the petition asks for "...evaluation of Open Source applications and operating systems by the Federal Government, and especially by the Federal Technology Service of the General Services Administration (GSA), whenever they are procuring or upgrading operating systems for personal computers, workstations, servers, microcomputers, or minicomputers..." Linus Torvalds was a guest at the Finnish presidential palace for their Independence Day celebration. For some pictures, see this article (in Finnish), and (especially) this picture. Finally, this article (in Swedish) in Hufvudstadsbladet talks a bit about the Linux connection: "Everybody wanted to talk to Linus Torvalds. In the crowds, heat, and noice at this year's independence ball, our Finnish computer genius in Silicon Valley was one of the most popular persons." (Translation courtesy of Thomas Widman; this article, unfortunately, will probably go away after Monday, December 14). Remember that you can receive email notification when LWN is published. It's certainly easier than polling the site for each week's news... The mailing list is used once a week to say that the new version is out there, and for no other purpose - no spam. See our contact page for subscription information. |
December 10, 1998
|
Sections: Main page Linux in the news Security Kernel Distributions Development Commerce Announcements Back page See also: last week's Security page. |
SecurityAccording to this Wired News article, the Clinton administration has convinced the thirty three countries involved in the Wassenaar Arrangement to impose similar restrictions on cryptography as those adopted by the United States. Check out the website for the Wassenaar Arrangement for links to the various countries involved and their National Export Controls. Note that Finland, Australia and the Netherlands are part of the Wassenaar Arrangement. John McDonald reported a remote vulnerability in bootpd . However, many operating systems are not affected by this problem, including tested versions of Linux and FreeBSD. Exploits have been written for OpenBSD and BSDI. OpenBSD released a patch for the problem on November 28th. Irwin Tillman noted that unpatched versions of CMU dhcpd 3.3.7 had the same problem, since it traces its origin to bootpd. Princeton patch 6 is reported to have fixed the problem. Salvatore Sanfilippo has written hping, a tcp-based ping command for those of you that can find a use for such a tool. As with the original ping command, it is vulnerable to a sigalrm bomb attack, so it should not be setuid root. It is open source and GPL code. Another source code offering, cheops, is a network "swiss army knife", offering a point and click interface to a network using a combination of several different network tools. The announcement also mentions ways to possibly tell if someone tries to use cheops as a scanning tool against your site. On the distribution front, Debian has released a new version of fte to fix a problem where fte does not drop its root privileges correctly. This is a large security hole, allowing users to "read and write files with root priviliges, and execute all programs as root." Debian recommends upgrading the package immediately. Chip Christian reported an interesting vulnerability in SecurID. It seems that if you have it configured to use NIS, but NIS is unavailable, SecurID will default to providing a root shell for logins. Note that the software he used is over three years old. Security Dynamics has been notified. A Call for Papers for the Symposium "Architectures, Tools and Algorithms For Networks, Parallel and Distributed Systems" has been released. This will be held during the ISAS Conference, in Orlando, Florida, U.S.A from July 30th to August 3, 1999. Robert M. Slade posted reviews of three cryptography books to the ISN mailing list. From the ISN archives, here are his reviews of The Information Systems Security Officer's Guide, the Cryptography and Network Security and Java Cryptography. |
December 10, 1998 |
Sections: Main page Linux in the news Security Kernel Distributions Development Commerce Announcements Back page See also: last week's Kernel page. |
Kernel developmentThe current development kernel release is 2.1.131. This version (announcement here) is likely to remain the current official release for a little while, since Linus is vacationing in Finland and hobnobbing with the President. Meanwhile, Alan Cox's "ac" patch series becomes the closest thing we have to an official development line. That series has been active, releasing versions 2.1.131ac2, ac3, ac4, ac5, and, as of press time, 2.1.131ac6. These patches, as always, are available from Alan's FTP site. (There was a hint of I2O support in ac5, but that support is not yet available; its presence as a configuration option was a mistake). The next series of 2.0 prepatches has begin with the announcement of 2.0.37 prepatch 1. At this point, the prepatch consists mostly of driver patches. What does it take to use 1GB or more of memory on Intel systems? The current kernel tops out at 960MB; older 2.0 versions can crash in nasty ways if an attempt to boot a system with more memory than that is made. In response, evidently, to some customer queries, Leonard Zubkoff made available a patch which raises the ceiling to 2GB. Due to addressing limits in the IA32 architecture, making this change requires that the maximum amount of virtual memory available to any individual process be reduced to just under 2GB. That, of course, will not cramp most people's style too much, but there's always somebody... The first beta of the lm_sensors package has been released. This package (see the home page) provides an interface to hardware status sensors (temperature, fan speed, etc) that some newer machines provide. With a package like this, your remote server can tell you that its fan has died before the whole thing turns into a molten slag heap. Speaking of hardware monitoring, a set of patches to allow monitoring of disk activity and throughput has been made available by Stephen Tweedie. Here's his note on the matter. These patches will not be integrated into the mainline kernel until the 2.3 series, since it's waiting for some data structure changes there. |
December 10, 1998
Since we're a weekly publication, chances are we'll be behind a rev or two on the kernel release by the time you read this page. Up-to-the-second information can always be found at LinuxHQ. |
Sections: Main page Linux in the news Security Kernel Distributions Development Commerce Announcements Back page See also: last week's Distributions page. |
DistributionsTrinuxMatthew Franz has composed a list of Development Goals for Trinux. This list is also available on the Trinux website.DebianIn response to claims that his proposed changes to the Debian Free Software Guidelines (DFSG) are motivated by a desire to "spite Qt and KDE", Ian Jackson posted this note. In it, he states that he believes the new Qt license will be compatible with what he calls the DFSG2. This will be a hotly debated topic, but in our opinion, Ian is quite believable. He has not proposed these changes to spite anyone, but because he has a strong belief that the changes are the right thing to do. Not every one agrees with his belief, but he is certainly entitled to hold it.Note that any actual change to the DFSG will come about only by a vote of the developers, not by Ian's personal decision, and it is clear that many developers prefer either to leave the DFSG alone or to modify it slightly rather than replace it. The outcome is definitely still open. For more insight on Ian's motivations, you may want to check out his talk on `Why is software freedom useful, and what does it mean ?, available in postscript format. On a related front, Troll's version 0.91 of their draft license for Qt 2.0 is now available. Reports in the Debian groups indicate that the new version is considered to be GPL compatible. Eric Delaunay has provided new bootdisks for Debian Sparc. His announcement mentions that diskless support is now included, the 2.0.35 kernel is used and apt support is now in place. Initial reports are that the new bootdisks are excellent and work better than any prior disks. However, note that Jeffrey Ebert tried out the new bootdisk and reported a possible SILO problem with certain hardware/PROM combinations. Check out his note for information on how he got around this. MkLinuxMkLinux 2.0.36 has been announced. The new version is still considered a development release.Meanwhile, the support of MkLinux by the Open Group has ended. From their website, you can see their notice, which states " Status as of November 1998: This page is no longer being maintained, since The Open Group Research Institute is no longer active in MkLinux development." However, this note from David Gatwood indicates that development is progressing, nonetheless. The change does not appear to have made much impact on the mailing lists, though, of course, the loss of good developers is always a sad thing. Elgin Lee reported that an overview paper that describes the original Linux/Mach design for MkLinux is available. PowerPCMark Wielaard dropped us a note to report that we missed reporting the Beta Release of Linux PPC r5. The LinuxPPC website indicates that r5 will premier the week of January 4th, 1999, at the MacWorld Expo in San Francisco.Red HatMany people have been asking on the lists this week about where to find rpm files for XFree86 3.3.3. They are available on Red Hat's Contributor Network at this URL.Robert Tennent reposted an article by Gene Czarcinski which contains the basis for mini-HOWTO on Installing/updating a new kernel on Red Hat Linux. It definitely has some useful tips in it. S.u.S.E.The first beta of the English version of S.u.S.E. 6.0 is now available for download. No support is available, but for the brave, they will happily accept your bug reports.StampedeThe Stampede Linux distribution for the Alpha architecture is nearing readiness. Of course, no release date has been set at this point. However, if you would like to serve as a tester for this new distribution, please drop Dan Powell a note. |
December 10, 1998
Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed. |
Sections: Main page Linux in the news Security Kernel Distributions Development Commerce Announcements Back page See also: last week's Development page. |
Development toolsJavaAs we mentioned on our primary page, IBM has released the "Jikes" Java compiler under an open source license. Pointers to more information can be found there.Sun's JDK 1.2 is officially shipping. It has been renamed the Java 2 Platform. In addition, Java 3D is finally out of beta; Java 3D 1.1 has been released. In response to repeated requests for a rough time estimate of when the Linux version of JDK 1.2 would be available, Kevin Goode commented, "The Linux port of the Java 2 platform is being handled in conjuction with a 3rd party vendor, we will notify you as soon as we have an exact date for the release." No further information is currently available. PerlMakepatch 2.00 has been released. It contains "a pair of programs to assist in the generation and application of patch kits to synchronise source trees."PythonThis week's Python-URL! is available.Should Python 2.0 be written in C++? Here is an advocacy posting arguing strongly in the affirmative. Gary Strangman announced the release of his stats.py module, containing basic statistical functions and some "not-so-basic" functions, such as non- parametric t-tests, various correlations, within/between-subject ANOVAs and more. Tcl/tkExtended Tcl (TclX) version 8.0.4 has been released. The announcement indicates that the new version provides compatibility with Tcl 8.0.4 plus assorted minor bug fixes.Lindsay F. Marshall has released Frink 1.2p35, a new version of his tcl prettifier. Tcl-URL!, the weekly guide to Tcl resources for December 7th is available. Mark Roseman reports an assortment of goodies, including news on the next Tcl/tk conference, AxTCL, and much more. Tom Poindexter published announcements for Mpexpr-1.0 and Sybtcl-3.0b2. |
December 10, 1998 |
|
Development projectsEmacspeak, support for the blind under Linux and other Unix operating systems has been chosen as a Smithsonian Institute Case Study, to be "preserved in the Smithsonian Institution's Permanent Research Collection on Information Technology so that future generations may learn about the Information Age from the men and women who are creating this current day revolution." Hans Zoebelein dropped us dropped us a note about the honor and mentioned some interesting tidbits that will be forthcoming in the next New Scientist ... ErlangErlang is a programming language developed at the Ericsson Computer Science Laboratory. On December 8th, the source code to Erlang was released, along with the source code to Mnesia, a distributed Database Management System suited to telecommunications applications. The license for the software is a derivative of the Mozilla license that has been tweaked to fit the laws of Sweden.Erlang is the primary language used to develop Eddie, a set of applications useful for building "robust and scalable server farms." This language is a bit different; check out this bit of the Eddie source for an example of how it looks. Erlang is based on a functional model. GTKA new mailing list for the "discussion of the internationalization and localization of GTK+ itself and of GTK+ applications". The list is called gtk-i18n-list@redhat.com and subscription information is available. High AvailabilityThe High Availability HOWTO has been updated.ZopePaul Everitt reports that the Beta 2 release of Zope will be out tomorrow, Friday, December 11th. It will contain pre-compiled binaries and some more examples and documentation. Information on zope can be found at the Zope website. | |
Sections: Main page Linux in the news Security Kernel Distributions Development Commerce Announcements Back page See also: last week's Commerce page. |
Linux and businessA very brief mention in the Nordic Business Report says that Linux may become the most popular operating system in Finland "some years after 2000". A new company called Loki Software put out this press release stating their intent to start porting commercial games to the Linux environment. Details - such as exactly which games - are scarce at the moment, but they say they'll have their first release out in the first quarter of 1999. Washington University has announced a deal wherein a company called Object Computing, Inc. will commercialize and distribute the software goodies created at the University - all under an open source license. The first thing to go out will be their "ACE" Object Request Broker (ORB). This is another attempt at funding open source software development; let's hope it goes well. Troll Tech has put out a new version of the QPL (the new license for Qt). The biggest change in the new versionseems to be that people who distribute patches to Qt can distribute them under a license different from the QPL. The wording of the license is a bit ambiguous; one interpretation is that patches which are not released under the QPL themselves need not be available for Troll to incorporate into proprietary products. One could also read it to say that Troll has the right to ignore the license under which a patch is released in incorporate the patch regardless. Presumably the next version will clarify that point. In any case, if Troll does incorporate patches, they must then be released by Troll under the QPL. Penguin Computing has announced a new associates program. Their press release explains how their program can earn members referral fees. Membership is not restricted in any way, but they hope the program will help fund "Linux User's Groups, Linux websites, and lots of Open Source developers and advocates." Hitachi plans to start selling Linux-installed systems, according to this Nikkei Net article. These systems would start shipping sometime in 1999. (Thanks to Bruce Harada). Press Releases:
|
December 10, 1998 |
Sections: Main page Linux in the news Security Kernel Distributions Development Commerce Announcements Back page See also: last week's Linux in the news page. |
Linux in the newsOK....here's some of the recommended reads for this week:
And here is a remaining mixture of introductory articles, etc.
|
December 10, 1998 |
Sections: Main page Linux in the news Security Kernel Distributions Development Commerce Announcements Back page See also: last week's Announcements page. |
AnnouncementsResourcesA new version of the Linux/Alpha FAQ is available. Check it out on the AlphaLinux.org site.A low-cost Red Hat 5.2 is now available in Australia. Check out this announcement for more details. EventsThe Linux & Open Source Software Conference & Exposition will be held Wednesday, January 20th, 1999, at the Commonwealth Institute in London. For more information, check out their website. Also, this note from Eddie Bleasdale lists some of the highlights planned.The Call for Papers for the 1999 USENIX Annual Technical Conference has been extended a final time, to December 15th, 1998. Here's your chance to provide more information to the Unix community about Linux and why they should care. The folks organizing The Bazaar have put out a press release about the conference. The Bazaar, held in New York on March 13-15, 1999, is all about free software. User Group NewsGulliver (Groupe des Utilisateurs de Linux et des Logiciels Libres en Ille et Vilaine et dans les environs de Rennes) has been formed, and is having its first meeting on December 12.
|
December 10, 1998
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Software Announcements
|
Our software announcements are provided courtesy of FreshMeat | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Sections: Main page Linux in the news Security Kernel Distributions Development Commerce Announcements Back page See also: last week's Back page page. |
Linux links of the weekInternet Meta-Resources is a new site devoted to Linux and programming resourses. It's a well organized site with pointers to a lot of good stuff. Check out Themes.org for everything you wanted to know about cool desktops. Download a theme and wow the folks in the office. |
December 10, 1998 |
|
Letters to the editorLetters to the editor should be sent to editor@lwn.net. Preference will be given to letters which are short, to the point, and well written. If you want your email address "anti-spammed" in some way please be sure to let us know. We do not have a policy against anonymous letters, but we will be reluctant to include them. | |
Date: Wed, 09 Dec 1998 18:34:58 -0600 From: "David M. Stoner" <dms@atlantis.utmb.edu> To: editor@lwn.net Subject: Software Without Shenanigans? A caveat needs to be added to John Martellaro's claim, in a "Mac Opinion" column, following Linus Torvalds, that only open source software can produce "software without shenanigans". Ken Thompson, one of the original creators of Unix, has shown that even complete access to the source code cannot guarantee the absence of shenanigans. See http://www.acm.org/classics/sep95. He demonstrated in some detail that a back door can exist which is completely invisible in the source code. His conclusion: "You can't trust code that you did not totally create yourself." I agree that access to the source code does and should increase our confidence in the system it generates, but it should not be thought that it provides an absolute guarantee of trustworthiness. David Stoner dms@atlantis.utmb.edu | ||
From: "Kenneth Y.K. YOUNG" <kyoung@kyoung.net> To: <lwn@lwn.net> Subject: Eirik's (President of Troll Tech) post to the Harmony List Date: Fri, 4 Dec 1998 02:22:42 -0500 I haven't read any news item among the Qt hoopla that points out the following: Eirik's (President of TT) unwillingness to guarantee not to sue Harmony involves several very deep opensource issues: (1) He is wrong on one score: Harmony is LGPL'ed, and therefore can never be embraced-and-extended by any Redmond companies. (2) There is a deep problem concerning Qt making money off Harmony patches, and/or loosing revenue due to a competitive opensource clone. (3) If TT one day does decide it is loosing revenue to a opensource clone and sues, who is it suing and how can it sue? I would like to see some concrete answers to these questions. ===================================================== Quoting Eirik, President of Troll Tech, in his post to the Harmony list: >We are not lawyers, we are developers, and we do not want >to sue people. On the other hand I cannot guarantee that we will >never sue the Harmony project. Who knows what will happen >in the future. If e.g. some Redmond based company starts >pumping funding into Harmony to "embrace and extend" >Qt we might consider suing." | ||
Date: Thu, 3 Dec 1998 12:10:05 -0800 (PST) From: James Ramsey <jjramsey_6x9eq42@yahoo.com> Subject: Misuse of Troll Tech quote To: editor@lwn.net On the front page of LWN you excerpted the following quote from Troll Tech's president: "On the other hand I cannot guarantee that we will never sue the Harmony project." Although you provided a link to the full article, you made it appear as if a suit by Troll Tech of Harmony was a looming threat. The quote was way out of context. The following is a more complete excerpt: "We are not lawyers, we are developers, and we do not want to sue people. On the other hand I cannot guarantee that we will never sue the Harmony project. Who knows what will happen in the future. If e.g. some Redmond based company starts pumping funding into Harmony to "embrace and extend" Qt we might consider suing." Now the "Redmond based company" is obviously an oblique reference to Microsoft, and the likelihood of Harmony's developers accepting money from Microsoft is pretty remote. The implication seems to be that it would be unlikely that Troll Tech would sue, except under unusual circumstances, such as some gross dirty trickery on the part of the Harmony project of the sort mentioned above. It doesn't sound to me like much of a threat at all. ----I am a fool for Christ. Mostly I am a fool.---- | ||
Date: 03 Dec 98 13:07:55 -0800 From: (anonymous) To: editor@lwn.net Subject: Comments on TrollTech QT, QPL Dear Editor, As you know, Linux has recently received high praise from press after some heavy weight commercial companies have announced strong support for it. For Linux to thrive and grow and become a household name, support from commercial industry is vital. My main concern of making QT to be a standard toolkit to base all free software is based on its disregard for commercial software industry. If QPL is perceived is an Open Source compatible and if almost all of the free apps are written in QT, then most commercial companies would also like to write their apps using QT so as to create common look and feel and just to keep easier and greater compatibility with the other free apps (like KDE desktop etc). However, this is a dangerous situation. What if sometime in future, some Microsoft buys TrollTech and keeps the QT free license essentially same, but changes commercial license drastically (let us say $50000 per developer per year). Microsoft can further discourage others in using Linux (or even Unix) by making the Windows version of QT essentially free for commercial developer. Further, MS can allow QT at essetially throw away price to commercial companies which agrees to get no less than let us say 70 to 75 % revenue from Windows software. Note, that they would least bit concerned, if developers frustrated by this license, leaves Linux/Unix and starts using Windows. The above scenario, however improbable, is definitely possible. This would also almost kill commercial development of Linux-Unix software and would be very harmful to those companies which invests heavily on QT toolkit and helps it become a commercial standard. Unless the QPL can take care of these concerns, it seems to me that the commercial vendors would be better off using Motif. This will create separation between commercial apps and free apps. I would strongly advise the Linux community to take these concerns into account before stopping their work on Harmony and GNOME projects. In your previous article (http://www.lwn.net/1998/1203/a/jd-harmony.html) Joel Dillon writes, "...if Trolltech were to go bust because of Harmony then companies would see nothing to gain in cooperating with the free software movement...". This is quite unlikely. Even after the Linux has come in the market, we have not seen Sun going bust, neither LessTif, has done harm to Motif, nor Wine has done any harm to MS. Also in the same article Joel Dillon writes, "...at worst, if Trolltech were to be bought out by Microsoft and raised their commercial prices sky-high then some work would be involved in keeping gtk or another toolkit 100% KDE-compatible...." This is simply impossible. What happens to the code already written in QT but becomes incompatible with the the future libraries being distributed. This would mean that either I as a developer renew my QT license or ask my user to keep multiple version of QT lib on their machine. Couple of my own suggestions about QT: * Make QT as a published standard. The free software community strictly adhers to this published standard (once the published standards are there, it would be difficult for TrollTech or any future owner of QT to create any unreasonale distributions (e.g. Java). * Divide QT into QT Free ane QT Pro as two separate products and QT Free to be released under QPL but with the exceptions that the commercial vendors get the same right as the free software developer. This would allow the commercial vendors to remain compatible with the rest of the free software community without getting locked into one company. | ||