[LWN Logo]
[LWN.net]

Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise news for all interests


Sections:
 Main page
 Linux in the news
 Security
 Kernel
 Distributions
 Development
 Commerce
 Announcements
 Back page

Other stuff:
Contact us
Archives/search
Links
Calendar
Daily Updates

Recent features:
Alan Cox interview 1998 Timeline

Here is the permanent site for this page.

Leading items


How quickly does Linux really respond to security problems? This week serious security holes were found in the Pine mail reader and a couple of FTP daemon implementations (see the security section for details). The Pine bug was exposed on February 8, ftpd on February 9. As of this writing, only one vendor (Red Hat) has made updates available to fill these holes. A particularly disappointing case is Caldera's security updates page, which was last updated in November 1998. SuSE has no security updates page at all. They claim to have a security alerts list, but clicking on the archive link on their mailing lists pageyields a "page not found" error.

And, lest one think that Red Hat has its act entirely together, it is worth pointing out that their updates site (updates.redhat.com) has been impossible to get into since the alerts came out, and none of the mirror sites that we have checked (and we've checked many) yet have the updates. For all practical purposes, updates are not available for Red Hat either.

These security holes are guaranteed to be the source of a highly public string of breakins over the next few months. One would think that it would be in the interest of the distributions to try to head this off as much as possible. Given that one of the advantages of free software is supposed to be quick turnaround on fixes - especially security fixes - it really seems that we should be doing better than this.

We at LWN are happy to suggest work for other people. In our opinion, every distribution should set a goal of getting security fixes out within 24 hours of notification that a problem exists. Each distribution should have information on security updates available on the front page of their web site. If Linux is truly to be better than the other operating systems out there, it must get its act together on security. Otherwise we're just making more empty promises.

(Information received later on updates for these security problems is available on the daily updates page.)

Monday, February 15, is Windows refund day. This is the day to take your unused version(s) of Windows back to Microsoft to ask for your money back, as provided for in Microsoft's own end user license agreement.

This event has the potential to be a crucial turning point in free software history. The purpose here is not to slap at Microsoft, or to make opinions known on their products. The point is the freedom to buy a computer without being compelled to buy one vendor's operating system if that system is not needed. Users of free software should not have to buy proprietary software that they do not want.

While organized refund efforts are happening in some areas, it is a bit disappointing that there are not more organized groups out there. A big rally in Silicon Valley will certainly draw attention to the cause. Rallies nationwide (or worldwide) would draw much more. The relative lack of organized gatherings certainly does not mean that people can not show up at their local Microsoft offices to ask for their refunds. Go for it, every body helps.

For more information, see the Windows refund home page, the timeline and press coverage page, or the Open Directory Project Windows refund page. Readers in France may want to check out the Centre de Détaxe Windows page.

The pre-installed Linux system market is getting more crowded, as witnessed this week by the arrival of Dell, and Indelible Blue (a long-time OS/2 reseller) on the scene. If this TechWeb article is to be believed, IBM will be announcing PowerPC systems running Linux on the first of March. Compaq has also reaffirmed its Linux stance with this Linux systems page.

The larger vendors are all pushing server systems for now; they evidently see less demand for desktop computers running Linux. They may well be surprised. A fairly safe prediction is that the hardware vendors will wake up in much the same way that the database vendors have: demand for Linux products will strongly exceed their predictions and they will quickly expand their lines.

The Linux system VARs that want to survive the entrance of the big boys need to firmly establish themselves almost immediately, or else find a niche that they can retreat into. That business is going to get much more competitive in a hurry. It is an unfortunate fact that, in this industry, the companies that create a market are often not the ones that profit from its maturity.

One interesting niche that seems empty at the moment is that of systems costing less than $1,000. Linux VARs seem to aim for the high end. But, along with all its other advantages, Linux does come cheap. It should be possible to build rock-bottom end systems with a very competitive price, due to the absence of the "windows tax." The first vendors into this area may find that they do better than they expect, even in a niche with such small margins.

It turns out that out discussion of Linux engineer certification in the February 4 issue of LWN missed one provider our own back yard. The University of Colorado at Denver offers a network administration course which results in, among other things, a "NACSE-LINUX NCLA (NACSE Certified Linux Administrator) Certificate." Lucky attendees get trained toward an MCSE test at the same time... (Thanks to Chuck Morrison, who heard a radio ad for the course).

If this issue of LWN seems a little thin (or grumpy) that's because it is. We're short-handed this week due to illness. With luck we'll be back to full strength next week.


February 11, 1999

   

Sections:
 Main page
 Linux in the news
 Security
 Kernel
 Distributions
 Development
 Commerce
 Announcements
 Back page

See also: last week's Security page.

Security


News

Nasty holes of the week: a couple of unpleasant ones came around this time.
  • There is a bug in Pine (a mail reader) which can allow the execution of arbitrary code contained within a carefully constructed mail message (details here). The ramifications of this one are extensive.

  • Both the WU and ProFTPD FTP daemons suffer from overflow problems which can lead to the usual sorts of unfortunate things. This problem was publicized via this release from a company called Netect.
Thus far, we have seen updates come out only from Red Hat; see their notices for Pine and ftpd.

CERT has put out an advisory about trojan horse problems. The advisory (available here) contains little new information for readers of these pages. (Although, perhaps, many Linux users were unaware of the fake Internet Explorer upgrade...) It does contain a good summary of the situation and tells how to recognize trojaned versions of some systems.

The "Hurwitz Group" has uncovered that buffer overflows are a security problem and issued this press release to alert the world. "Buffer overflow will continue to be a security problem until all system vulnerabilities are revealed and solutions are put in place..." The product being advertised with this alert evidently works by randomizing the stack address; this approach works against a number of simple attacks, but is far from being a comprehensive solution.

Security Reports

There is a buffer overflow problem in the version of 'lpc' that is shipped with the PLP printer system. Most Linux systems do not use PLP; however, SuSE distributions at 5.2 or earlier did. Thus, folks with an older SuSE installation may wish to consider an upgrade.

Resources

Alpha 7.1 of the NRL IPv6+IPSec package has been made publicly available. This is a full implementation of these protocols, and it supports Linux. (They claim it works with the 2.1 kernel; one assumes that 2.2 will work as well). See NRL's web page for more information. The license is of the BSD variety; however, encryption support is only available within the U.S.

Network Associates announced a version of their "CyberCop" scanner for Linux; see their press release for more. For an alternative point of view on the value of their announcement, see this note from the ISN moderator...


February 11, 1999

   

Sections:
 Main page
 Linux in the news
 Security
 Kernel
 Distributions
 Development
 Commerce
 Announcements
 Back page

See also: last week's Kernel page.

Kernel development


The current kernel release remains 2.2.1. People who are desperate to compile a new kernel can play with the 2.2.2 prepatch put out by Linus, or, alternatively, with Alan Cox's 2.2.1ac5. A true 2.2.2 release is likely sometime soon, once a couple more obnoxious problems get tracked down and fixed.

Interface stability in the Linux kernel has been the topic of discussion for a couple of weeks now. It all started with this note from a staff member at MIT complaining about how another incompatible interface change had happened, and describing, in detail, the sorts of difficulties such changes can cause when many thousands of machines are in use. It seems to be generally agreed that, while incompatible changes occasionally need to be made, they should be kept to a minimum, especially within a single stable release series.

The discussion shifted to the kernel module interface, where there is less consensus on how things should be done. Kernel modules, by their nature, have much more direct access to the internal workings of the kernel, and are thus much more easily affected by changes. Usually, but not always, all that is required is a recompile to make a module work again after a change has happened.

Unfortunately, "recompile the module" is not a recipe that sits well with users of binary-only modules. Recent victims here have included users of the AFS file system - often large universities with a lot of systems. Linus's responses to the complaints varied from quite unsympathetic to completely dismissive. Further on he explained his reasoning in a bit more detail. The executive summary could be that while he allows binary-only modules to be inserted into the kernel, he does not much like them and would not be terribly upset if they simply went away.

There are good reasons behind this position, but it will certainly cause problems for Linux users who can only get support for something they need via a binary module. This, in turn, can only lend support to the critics who claim that Linux is immature, not "enterprise ready," and that it suffers from far too many versions. This is exactly the sort of issue that could force users to one of the other free unix systems, or perhaps cause an eventual fork in kernel development.

UltraPenguin 1.2 will not allow 64-bit user code to run, due to a couple of hardware bugs in some UltraSparc processors. The exact nature of the bugs is unclear, but it seems that they allow any user to halt the processor, not a desirable thing. The real problem is that, according to David Miller, Sun will not release information about the bugs without a nondisclosure agreement in place. Since an open workaround in the UltraPenguin kernel would disclose the bug, no fixes can be had via that path. Thus the problem remains unfixed - and 64-bit user code remains unrunnable - until somebody can figure out the problem via some other means.

Here is your chance to own the entire kernel release history on CD. Riley Williams, who put together the Kernel version history archive is now packaging the whole set up and is considering making the CD's available for a small fee. See his announcement for details.

FTape 4.x has been ported forward to the 2.2 kernel, though it is still considered to be unstable at this time. Details and a download address can be found in the announcement.


February 11, 1999

Since we're a weekly publication, chances are we'll be behind a rev or two on the kernel release by the time you read this page. Up-to-the-second information can always be found at LinuxHQ.

   

Sections:
 Main page
 Linux in the news
 Security
 Kernel
 Distributions
 Development
 Commerce
 Announcements
 Back page

See also: last week's Distributions page.

Distributions


Caldera

If you want to try the 2.2 kernel on OpenLinux 1.3, check out this message from Caldera's Erik Ratcliffe and start FTPing. Some caveats apply, of course. The upgrade packages were created by a Caldera VAR as a public service; it they have no official stamp of approval, and nobody warrants that they won't explode in your face and fill the office with nasty black smoke.

Debian

[Contest entry] The Debian logo contest is ongoing, with many entries received thus far. (See the contest announcement if you've not encountered it yet). The entries received thus far can be found on the Gimp contest page.

There has been some grumpiness resulting from the requirement that all logos be created using only the Gimp. This requirement is unsurprising, since the contest is sponsored by the Gimp people. But the Debian folks do not want to rule out other submissions created with free software. It seems unlikely that the Gimp folks will change their rules, so there's not much to be done...

The slink release is getting closer. Here are a couple of lists of bugs that have to be fixed before the release can happen: one from the automatic reporter, and the other one put out by Brian White.

Is postilion free enough? Postilion is a mail reader designed after a NextStep application; it has a number of pleased users. Problems came up when the package maintainer noticed a change in the license that comes with the 0.9.0 release. Under the new license, the various graphic image files that come with the program can only be used with postilion; they can not be used in any other context.

There seemed to be a general feeling that this license was non-free, and a note was sent off to the postilion developer describing the difficulties. This developer, after some discussion, came back with a revised licensewhich addressed the concerns. Seemingly everybody will live happily ever after.

Meanwhile, interestingly, Richard Stallman came in with an opinion of his own: he thinks the original license qualified as free. He also thought it was undesirable and essentially unenforcable.

Debian en Français. A new project has been formed to translate the debian distribution - programs, documentation, and all - into French. See the announcement (surprisingly, in French) if you would like to participate.

Mandrake

Mandrake 5.3 has been released. This release ("Festen") is still based on Red Hat 5.2, but there have been enough goodies coming out (XFree86 3.3.3.1, KDE 1.1, Kernel 2.2.1, etc.) that they decided to make a new release. Also included is a new "Installation and Use Guide" document. See the announcement for details.

MkLinux

A new bug reporting address and bug reporting web page have been set up for MkLinux.

SuSE

Does SuSE not have its act together in North America? A number of SuSE users seem to think so after the distribution got stomped in one of those highly scientific Slashdot polls. Complaints range from distributions for the U.S. coming late and with problems, to the slowness of updates in the U.S. SuSE web page. In general there seems to be a feeling among U.S. SuSE users that SuSE, while providing a superior distribution, is being outmarketed on this side of the pond.

TurboLinux

TurboLinux users wishing to upgrade to the 2.2 kernel series may want to check out this note, which explains where all the necessary updates are to be found.

February 11, 1999

Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.

   

Sections:
 Main page
 Linux in the news
 Security
 Kernel
 Distributions
 Development
 Commerce
 Announcements
 Back page

See also: last week's Development page.

Development tools


Java

The wait for JDK 1.2 under Linux continues. The latest status report is positive, saying that the threads problem have been essentially overcome (but by using "green threads," instead of Linux native threads). Still no release date given, of course. "...rest assured we are all working hard to get this thing out the door as soon as possible"

The first release of GNU Classpath is out, see the announcementfor details. Classpath is a project to produce a free set of class libraries for Java as a replacement for Sun's libraries.

Version 0.07 of the Japhar virtual machine is out, or so we're told, even though their web page still talks about 0.06.

Python

Starship Python is on the net, and the new site at starship.python.net is looking great. It's evidently the first of many dedicated Python sites which will appear in the python.net domain.

One of the things you'll find on the starship is Christian Tismer's tutorial on COM and Python which he gave at the 7th Python Conference. Here's your path to accessing all that office data in those legacy formats... See the announcement for details.

A new version of gnome-python is out. This package (announcement here) is an interface to the GNOME libraries, making it easy to fit Python programs into the GNOME system. Included are GTK bindings, making it possible to do graphical stuff without Tk.

Here's this week's Python-URL, full, as always, of Python goodness.

Other Python announcements:

  • 4DOM, implementation of the Document Object Model.
  • Grapher, a program which makes machine state graphs.
  • Sketch, a vector drawing program in Python.
  • Xmlproc, XML parser.

Tcl/tk

Scriptics is looking for ways to promote Tcl and they are asking for help in the form of Tcl success stories. Drop them a note if you've got a good one.

Just released: Will's Guide to Creating Object Commands. It's, well, a guide to creating object commands. The author is looking for feedback, drop him a note if you can help out.

Here's this week's Tcl-URL.


February 11, 1999

   

 

Development projects


General Accounting System

The General Accounting System is a new project which intends to bring a high-quality GPL'd accounting system into being in time for a Christmas delivery. As is usually the case, this project is looking for help. Check out the web site, and give them a hand if you can

GTK+

Version 1.2 of the GTK+ toolkit is nearing release. In preparation, the GTK+ Tutorial has been updated to match the upcoming release. It's a good piece of free documentation on how to use this toolkit; check it out.

GNOME

The GNOME folks put out another flurry of announcements this week, headed up by the Skillful and Conspicuous Cow release of the core code (aka 0.99.7). Other announcements include: The cow, according to Miguel de Icaza, "...is just a hint of all the technology we are packaging in Gnome. Up to four stomachs and applets for processing the very same input."

KDE

KDE 1.1 was announced this week, see their news page for the details.

PowerPC folks may want to have a look at the KDE for PowerPC page put together by Jonathan Singer. He's trying to gather together PowerPC packages for a full set of KDE applications to make life easier for everybody else. (Unfortunately this site is hosted on Tripod, meaning readers get to play "whack-a-mole" with the popup ads).

Samba

The Samba team released version 2.0.1, and advised everybody to upgrade to it. Shortly thereafter a bug of the "brown paper bag" variety turned up, so out came version 2.0.2. They recommend that everybody upgrade to this version, and this time you probably should.

Zope

A pre-release version of Zope 1.10 has been announced, details may be found in the announcement. Lots of new features are available in this release, a list can be found in the changes file on the Zope site.

A new version of ZServer has also been released. This version adds some security, bug fixes, and more.

The Zope web site has been enhanced with the addition of a set of user testimonials and Case Studies. There is also an initial set of ISP's which are beginning to offer Zope hosting; see this list for details.

An article about Zope was published in Web Techniques this month. The article, written by Amos Latteier of Digital Creations, is, of course, quite positive. "Digital Creations' Open Source Web application platform promises to play an interesting role in the Web application-server market. Its open technology and proven engineering combined with its innovative development model could be a potent combination."

 
   

Sections:
 Main page
 Linux in the news
 Security
 Kernel
 Distributions
 Development
 Commerce
 Announcements
 Back page

See also: last week's Commerce page.

Linux and business


Penguin affiliates. Penguin Computing has put out a press release describing their new "Online Associates" program. Put their banner on your page, and they'll give you a commission on any sales that result from users coming in via that banner

Yet another Linux-based "thin server" product has been announced. This one is "TEAM Internet" from Apexx technology. It's claim to fame seems to be that it includes web filtering software along with the usual functions.

More electronics design support is on the way: Green Mountain Systems will be releasing a Linux version of its VHDL simulator later this month, according to this EE Times article. "...the Linux version runs 'slightly faster' than the Windows NT model and has better memory performance."

AsiaBizTech writes about the "CUTE 2000," a Linux-based server being marketed in Japan. This one is based on the Debian distribution.

Also in AsiaBizTech: a Japanese version of Interbase 5 has been announced

Press Releases:


February 11, 1999

   

Sections:
 Main page
 Linux in the news
 Security
 Kernel
 Distributions
 Development
 Commerce
 Announcements
 Back page

See also: last week's Linux in the news page.

Linux in the news


OK...here is this week's recommended reading:
  • Feed Magazine is doing a big special on open source software, consisting mostly of discussions with various developers and other interesting folks. Not all of the pieces are there yet, but you can see the introduction, a discussion with Richard Stallman, Eric Raymond, and Eric Allman, and a comprehensive list of related readings. (Thanks to Phil Austin).

  • Linux gathers critical mass needed to compete with NT says Network World Fusion. The article is a roundup of business activity around the system. "If you've been trying to convince your management that Linux is the right technical choice for a server platform, perhaps it's time to play the business angle trump card. Linux is inexpensive to acquire, can be purchased from multiple sources, has a growing number of applications, is endorsed by the industry's major technology players, has ready sources of technical support and is preferred by technology managers around the world." (NW Fusion is a registration-required site; "cypherpunks" works as usual).

  • The next time somebody says that Linux developers are an unruly bunch, point them at this PC Week article about the difficulties in getting Windows NT together. It mentions Linux as a problem, but points out that most of the difficulties are internal. "Further complicating matters, Windows 2000 contains 35 million lines of code and requires 64MB to 128MB of memory -- which doesn't make for a nimble consumer operating system, developers note."

  • Here's an article in the Orange County Register about the city of Garden Grove and its use of Linux. "Garden Grove's public works department became the guinea pig. Linux passed that test. Then came the Police Department, your basic round-the-clock operation that doesn't suffer frozen computer screens well. Police brass wanted a new $100,000 system. [City engineer] Shingledecker said Linux could do it for $2,000. Guess who won out?" (Thanks to Christopher Pereda).

There was a resurgence of introductory articles this week, and the quality was generally better than usual. Even experienced Linux folks may want to give some of these a glance.

  • The "Daily Yomiuri" has put out a lengthy introductory article with a strongly positive bent. "...perhaps most importantly, Linux remains largely untested as a platform suitable for so-called mission-critical applications such as managing bank transactions, airline reservations and others. But then again, so does Windows NT."

  • Here's an introductory article in Scientific American. "...if text-editing software built by hackers for hackers (such as Emacs) is any guide, average consumers and programmers may have almost antithetical ideas of what elegant, useful programs and documentation look like. If the current stylistic distinctions between open-source and commercial software persist, an open-software revolution could lead to yet another divide between haves and have-nots: those with the skills and connections to make use of free software, and those who must pay high prices for increasingly dated commercial offerings."

  • Another highly positive introductory column appeared in Information Week. "Sure, [Linux is] a utopian, communal, hippie kind of idea. But it's one that makes business sense. How much of a competitive advantage has your operating system given you lately? How much more of a competitive advantage would you have had if you had spent money on hardware, applications, or more developers, instead of on operating system licenses? It's thoughts like those that make the most hardened capitalist into a hippie."

Quite a few business-oriented articles, as usual:

  • PC Week has an article about SuSE's new cluster systems. "S.u.S.E.'s clustering technology should be ready next month in Europe; however, it could be several more months before it's rolled out to the U.S."

  • Wired News coversthe rollout of LinuxCare's support program. "LinuxCare will also support major software distributions, including Red Hat Software, Caldera Systems, Debian, LinuxPPC, Linux-Mandrake, Pacific HiTech, SuSE, and Slackware Linux." (Thanks to "llornkcor").

  • Here is an InfoWorld article which is also about the upcoming launch of LinuxCare. "Perceptions of Linux as a rebel at the gates may be receding soon, with the March 1 launch of LinuxCare, a comprehensive, diagnostic, Linux support organization."

  • ComputerWorld has put out an article about the use of Linux in Jay Jacobs stores. Here's a quote for the "no comment" section: "Because Linux isn't burdened with a graphical interface, its performance is often faster than that of Windows NT on low-end hardware, said William Peterson, an analyst at International Data Corp..."

  • Nathan Cochrane's Openline column in The Age this week is about the increasing business interest in Linux. "But the nature of open source means that once it permeates a company, elements of previous proprietary intellectual capital are likely to leak back into the community. This may result, in SGI's case, in enhanced open source graphics and visualisation tools to complement the likes of GIMP, a free competitor to Adobe's cash cow, PhotoShop." (Found in LinuxToday.

  • Folks wanting Quicken under Linux will be disappointed, according to this ZDNet article. "The maker of Quicken financial planning and tax preparation software, Intuit, currently has no plans to port its applications over to the open-source platform, says a company official." Since a number of Linux ports have been preceeded by an official denial (i.e. Oracle, Lotus), the cynical among us might plan on Quicken sometime around early summer... (Thanks to Joerg Fehlmann and an anonymous tipster as well).

  • This article in News.com is about the recent surge in corporate-oriented Linux offerings, and about Pacific HiTech in particular. "Pacific Hi-Tech will announce the Enterprise Server Edition at the LinuxWorld conference March 1, along with a less expensive, freeware-oriented little brother called the Server Edition , Miller said. The Server Edition will cost about $199; pricing for the Enterprise Server Edition hasn't yet been set, but will probably be more than $2,000."

  • PC Week tells us that the big PC vendors will not be making Linux desktop systems anytime soon. "The problems, they say, are the lack of customer demand for the Linux desktops, the dearth of desktop apps for the open-source operating system and a less-friendly user interface."

  • Maybe Linux should be your next desktop OS says CNN in an article reprinted from PC Week. It's actually mostly about VA research. "Does [VA Research President] Augustin's mother use Linux? 'Not yet,' he says. Still, he's optimistic: 'Intuit's looking to port (Intuit) Quicken,' he says."

  • ZDNet evaluates Microsoft's "Linux defense." They are not impressed. "If Microsoft really believed Linux would knock them off their perch, why wouldn't they be rushing to move their applications to Linux? They'd have the advantage of being first to market that way." (Found in Slashdot).

  • Yet another VA Research article can be found in Internet Week. "With the forthcoming release of new servers based on the new Linux 2.2 kernal, released last week, Augustin believes Linux is ready for prime-time corporate use."
Various types of reviews:
  • CPU Review has put together a detailed review of Red Hat 5.2. It's almost entirely positive, with occasional suggestions for improvements.

  • InfoWorld reviews DB2 for Linux and finds some glitches. "With its beta issues resolved, IBM DB2 Universal Database 5.2 for Linux -- together with the Linux kernel update Version 2.2 -- looks promising as an enterprise-grade database solution."

  • Jeff Alami at 32bitsonline has started up a new daily Linux column called "Linux Journeys." The first column is a light overview of personal finance software.

  • Also in 32bitsonline: a detailed comparison of several Linux distributions.

Just in case anybody hasn't seen enough "Windows refund" articles yet:

  • Here's an index (in French) to a bunch of Linux articles in Le Monde; there is an emphasis on the Windows refund. Babelfish translation available here. (Found in NNL).

  • Here is a lengthy article in the San Francisco Examiner about open source stuff, with an emphasis on the Windows refund, VA Research, and a couple of other topics. "It's pretty clear that Linux users and Linux-oriented companies mean business. It's also clear that individuals and businesses that buy Linux systems from VA Research won't have to participate in Windows refund day because the price tag on VA Research machines includes no fee for Microsoft software licenses." (Thanks to Michael Wittman)

  • The Raleigh News & Observer ran a longish "windows tax" article. "Computer vendors such as Gateway and Dell, hyping choice, allow users to pick features from monitor size to processing power. But when it comes to the software that will run it, the choice is Windows 95 or Windows 98 -- Microsoft or Microsoft." (Thanks to John Thacker).

  • There is an article (in French) in Libération about the Windows refund activities in France. It mentions a French law which prohibits the forced coupling of products which could bolster the case of people seeking refunds in that country. (Babelfish translation available here). (Thanks to Stéfane Fermigier).

  • See also: ABC News, the (Christchurch, NZ) Press, or the Detroit News.

And here's the rest of the press:

  • MSNBC has put out a personality piece on Linus, seemingly based on a reading of linux-kernel messages. "Dozens of messages reveal a 'legend' who is accessible to anyone, as long as you're willing to share a snippet of code that might improve Linux. But that doesn't mean he'll be polite about it."

  • Linus Torvalds is interviewed by the readers of Libération (in French). There are some interesting questions. Also readable in English (sort of) via Babelfish. (Found in NNL).

  • Nicholas Petreley has handed out his 1998 Down to the Wire Awards. "The award for the Most Effective Promotion of Linux goes to Microsoft..."

  • Here is a ZDNet UK story about an Irish ISP (connect.ie) that got shut down by politically-motivated crackers. Their solution to the problem? Replace their servers with Linux machines. (Thanks to David Killick).

  • A note (in French) was sent out on the NNL list pointing to this lengthy hatchet job (also in French) one the site of one Daniel Martin. It's an impressive read. One can only echo the words of NNL author Jerome Kalifa: "90% de ce qui est ecrit est parfaitement faux (difficile de ne pas laisser echapper un hurlement d'indignation toutes les dix lignes)..." (Editor's poor translation: "90% of is written is completely false (it is difficult not to let out a scream of indignation every ten lines)." The document is far too long for Babelfish, unfortunately; it just laughs if you try.

February 11, 1999

   

Sections:
 Main page
 Linux in the news
 Security
 Kernel
 Distributions
 Development
 Commerce
 Announcements
 Back page

See also: last week's Announcements page.

Announcements


Resources

LinuxToday has added a new jobs page to connect people with Linux skills and employers. See their announcement for details.

Steve Rader has made available the Linux disk mirroring cookbook. Therein you will find step-by-step instructions for setting up disk mirroring with raidtools 0.42. Never let a disk failure stop you again!

Events

Here is a transcript of the chat session with Linus Torvalds which appeared on MSNBC Tuesday. Note that Linus was not actually typing, he was speaking over a telephone to a transcriber. Evidently not everything got through exactly as he said it.

If you are wanting to make a submission to the O'Reilly Linux Conference (August 21-24, Monterey, CA), you're running out of time. This reminder just went out; the deadline is next Monday, February 15. It looks like a great gathering, here's your chance to be a part of it.

Linux Expo has announcedthat the technical keynote speaker for the conference (in May) will be Jim Gettys, currently of Compaq. This should be an interesting talk; Jim has a long history with free software, including being a driving force behind the X window system in its early days.

The LinuxWorld folks are looking for open source projects that will be at their conference to feature in their "Tapping the Source" supplement. See their announcement for details.

The Bazaar has announced a partner and a change of date. The conference - oriented around free software development - was originally scheduled for March in New York. The new date is likely to be in July. See this Slashdot topic for a bit more information.

Web sites

A new site for Linux on the PowerPC has been set up. Content currently is in German, but they intend to add English language stuff as well.

OverNews is a new Linux news site in French.

User Group News

A new user group is forming in Colorado Springs, CO. The Pikes Peak LUG will have its first meeting on March 5. See the announcement for details.

Yet another Linux Tea Party will be held by the Southern New Mexico LUG on February 18. See their web site for details.


February 11, 1999

   

 

Software Announcements


Package Version Description
4DOM 0.7.0 A CORBA-aware implementation of the W3C's Document Object Model in Python
Aegis 3.9 Transaction-based software configuration management system
afbackup 3.1.3 Client-server backup system
AfterStep 1.6.10 Window manager for the X/Windows environment with NeXT look and feel
Apache Control Center Control Win32 Apache from System Tray
APE 0.0.16 (0.1-pre1) APE Portable Environment for C++ Threads, Sockets, etc...
Applixware 4.41 Integrated suite of desktop productivity tools.
Artistic Style 1.7.4 Indentation and reformatting filters for C, C++, Java
asp2php 0.62 Converts Active Server Pages (ASP) to PHP3 scripts
AtDot 2.0pre2 Web based e-mail system
audit 0.1 beta Check files in home directory for strange permission, ownership, etc.
aumix 1.16 Color text mode sound mixer with GPM support
Autobuse snap918416038 Log monitoring and reporting tool
BeroFTPD 1.3.3 FTP server program based on WU-FTPD
Bind 8.2 Beta (T5) Berkeley Internet Name Domain
bk2site 0.3.1 Transforms Netscape bookmark file into yahoo-like website.
Blender 1.56 Extremely fast and versatile 3D Rendering Package
Bochs 990127d Portable x86 PC emulation software package
Calamaris 2.20 Statistic tool for Squid, NetCache and relatives
cccd 0.3beta3 A CDDB capable CD player using GTK+
CD-Keeper 2.2b Organizes your CD collection
cdda2wav 1.0b A CD ripping application
chpp 0.3.5 General purpose preprocessor
class.Logger.php3 1.0 A PHP class to create and maintain log files within your programs
class.Validator.php3 1.0 A PHP class with common data validation routines.
coda 5.0.1 Full featured network filesystem
Crescendo 1.0-pre1 Gnome front-end to the TinyFugue mud client.
curl 5.5.1 Tiny command line client for getting data from a URL
CVSup 16.0 CVS-Aware Network File Distribution System
Dancer 4.14 IRC defense bot, protects your channel and your users
DECnet for Linux 1.03 DECnet socket layer and applications
DLC 0.1 small library for loading C++ classes at runtime
DoME 3.2 CASE toolkit for building domain models
E*Reminders 0.2 Web-based reminder software
ECLiPt Roaster 1.0 GTK Interface to MkIsoFs and CDRecord for writing CDs on the fly
ECLiPt-Mirror 2.0 final Full-featured mirroring script
Enter3D Project 0.01 Large-scale multiuser persistent real-time 3D world
Eraserhead RPG 0.0.3 RPG/II, RPG/III Compiler
esh 0.4 New Unix shell
eSquire 0.9.9.4 Web based Majordomo replacement and autoresponder manager
flwm 0.15 The Fast Light Window Manager
fonteditor 0.01 Program for editing console fonts.
fookb 0.6 Xkb state indicator
FREEdraft 0.3.6 2D mechanical cad project
Galway Html Editor 0.0.5 Guile-gtk HTML Editor
Gamora 0.64.0 Java based server construction, hosting, and adminstration architecture.
ganesha 0.4 GTK program to locates multiple download sites for ftp.
gEdit 0.5.0 GTK+ based text editor
gfontview 0.0.7 Font Viewer
gFTP 1.11 A multithreaded ftp client for X Windows
Giram 0.0.5 Giram is a modeller, written in GTK+
glFtpD 1.15.3 FTP Daemon for Linux. Great program for an ISP or anyone!
GLib 1.1.15 The GLib library of C routines
gMOO 0.2.7 GTK+ based MOO (and MUD) client
gmysql 0.3.2 A GTK+ front-end to MySQL databases
GNOME 0.99.7 GNU Network Object Model Environment
gnome-python 0.99 Python interfaces to gnome-libs
GNU C library 2.1.0 The GNU C library is used as the C library in the GNU system
GNU Classpath 0.00 Free implementation of the Java core class libraries
GoldED 3.0.1 Mail/newsreader for Fidonet and Internet
GPL Argument Analyser 1.5 Utility to manage the arguments of your programs
gpsd 0.95 Listens to a GPS and provides clients with the data.
GQ 0.1.8 GTK LDAP client
Graphic Counter Language 1.00 Programming language for the development of web counters
GRASS 5.0 beta Public Domain GIS software
grepmail 3.5 Searches a normal or gzipped mailbox for a given regularexpression
gRun 0.9.2 GTK based Run dialog
gShMap 0.1.1 GTK/Linux 2.2 Shared Library Monitor
GTalk and QTalk 0.04 GTK+ and QT Squeak Smalltalk
GTimer 1.1.0 Scheduler for your personal activities
GTK+ 1.1.15 Library for creating graphicaluser interfaces
GtkAda 0.5 Ada95 binding of Gtk+ version 1.0.4 and 1.0.5.
GtKali 0.1.9 Gtk+ interface to Kali.
GTKWave 1.0.18 Wave viewer for Verilog simulation
GTKYahoo 0.7 GTK based Yahoo! Pager client
Gwydion Dylan 2.2.0 Compiler for Dylan, an dynamic, efficient, object-oriented language
gxTar 0.0.7 Gnome/GTK+ front-end to tar/gzip/zip
HCP 0.1.11 A protocol for every form of human communication over networks
HoserFTPD 0.0.1 Light-weight, high-performance FTP server
ht://Dig 3.1.0 Complete world wide web indexing and searching system
icewm 0.9.33 Window Manager designed for speed, usability and consistency
intel2gas 1.0 A converter between the NASM and GAS asm format (Intel/AT&T)
irssi 0.5.0 GTK+ based IRC client with GNOME panel support
jEdit 1.4pre2 Powerful text editor
jukebox 0.7 Jukebox for mp3-files with html-interface and playerdaemon
jvSQL 0.0.2 A java application that makes database modulation easy!
kbquery 0.06 Command-line search util for the linux knowledge base
kcmdhcpd 0.2.0 A configure program for the ISC DHCP-Server for the KDE-project.
KDE 1.1 Powerful graphical desktop environment for Unix workstations.
Keystone 0.50.01 Web-based problem tracking system, rewrite of an older system called PTS
kmpg 0.4.3 A mp3 player for the K Desktop Environment.
KMySql 1.1.1 A MySql client for KDE.
KNewKDE 0.1 Puts the What's New from KDE's page in your KDiskNav
Krabber 0.3.1 KDE audio cd grabber and mp3 encoder front-end
KRunning 0.0.19a A database manager for your private running events
ksidplayer 0.52.1 KDE frontend to sidplay, the music player and C64 SID chip emulator
KSniffer 0.1.4 KDE Network Sniffer/Monitor and Stats Collector
Kticker 0.2.7 News ticker widget that downloads news headlines and displays them periodically
ktop 0.9.9 KTop: The KDE Task Manager
ku 1.1p2-3 Autmp based shell admin utility for maintaining shell logins
KuickShow 0.6.3 A fast, comfortable and easy-to-use image viewer/browser
kuser 0.8.0 User-Administration-Tool for the KDE-Desktop
KWebHeadlines 1.3 Displays Web Headlines in the KDE root menu
KXicq 0.3.0 The KDE ICQ clone
Launcher 0.60 One-stop filetype/application mapping solution
Linuxconf 1.13r13 Sophisticated administrative tool
Listar 0.117a Mailing list managementsoftware
lq-text 1.15 A command-line oriented text retrieval package for Unix
Manix 1 X11 game (pacman style)
mdate 0.5.2 A freely-available mayan date program
Melange Chat Server 0.99b Chat server written in C including a Java-client
MetaKit for Tcl 1.0.6 Cross-platform, highly dynamic database extension for Tcl
Midnight Commander 4.5.11 Unix file manager and shell
minordomo 0.6.1 A minimalistic mailing list manager
Mixer.app 1.3.0 Mixer.app is a mixer utility for Linux/FreeBSD systems. It is designed to be doc
mod_dtcl 0.4.3 Apache server-parsed Tcl module, inspired by PHP
mod_ssl 2.2.2-1.3.4 Apache Interface to SSLeay
mp3tools 0.3 Utilities for managing MPEG audio files
Net::RawIP 0.05b Perl module for easy manipulation of raw IP packets directly from Perl
nettest 0.8 Notifies you if your network connection goes down audibly or through email
NFTP 1.50 Powerful, full-featured FTP client
nmap 2.07 Full featured, robust port scanner
nmh 1.0 Enhanced version of the MH electronic mail system.
notify 1.01 Notify (website) visitors of changes to your site.
OpenMap 3.1.2 JavaBeans tool kit for building applications/applets with maps
Pack install monitor 1.1.1 Pack install monitor
PAiN Linux Loader 19990202 Linux Loader for the PAiN diskmag
pgp4pine 1.47 Interactive program for using PGP with email programs, specifically Pine
phpMyAdmin 1.4.1 Handles the basic adminstration of MySQL over the WWW
PIKT 1.2 An innovative new systems administration paradigm
Pine 4.10 Tool for reading,sending, and managing electronic messages
pircd Alpha Nine An IRC daemon, written in Perl.
Pollera 1.00 A www poll system meant to be run via CGI.
psntools 2.4 Administrative tools for large numbers of accounts
PyGTK 0.5.10 A set of bindings for the GTK widget set
QtVu 0.3.19 An image viewer heavily inspired by ACDSee
Queue 1.12 Innovative load-balancing/batch-processing system and rsh replacement
Qui-ne-faut 0.5 Optical Character Recognition
Quotes 1.3-0 Financial Quotations and Linux headlines
rc.virt 2.42 perl script to automate adding ips for ip aliasing
rio-linux 0.1.1 linux support in C for the Diamond Rio
Rocks'n'Diamonds 1.3.0 Arcade style Boulderdash/EmeraldMine clone for X11 with stereo sounds
rungetty 1.2 Minimal virtual console getty capable of running arbitrary programs
Samba 2.0.2 Allows clients toaccess to a server's filespace and printers via SMB
sb1kinst 1.4 Linux SURFboard 1000 driver auto-installer
scrEamer 0.1 esd->SHOUTcast streamer
Sendmail 8.9.3 Powerful and flexible Mail Transport Agent
settrans 1.3 A Simple Program To Set Your Terminal Translation
Sketch 0.5.3 Vector drawing program, implemented in python
SkyeQuery 0.15 A Finger client written in Java 1.1.
SmartInst 1.2-0 A smart install wrapper script
splitfmnews 0.2.1 Splits the freshmeat newsletter digest into individual messages.
ssh 2.0.12 Remote Login Program
stamp 1.2 Adds a graphical timestamp to a jpeg image
Staticky.com DynDNS 1.0 Client for staticky.com's free Dynamic DNS service
STk 3.99.4 Scheme with TK bindings
Swift Generator 0.3 Dynamic Flash content generator.
Sympa 1.4.2 An efficient multilingual Mailing List Manager.
TeamWave Workplace 4.1.1 Shared Internet places for any-time collaboration
Ted 2.2 Ted, an easy rich text processor for Linux.
Terraform 0.2.4 Interactive digital terrain (height field) editor/viewer
tgif 4.0.13 Vector-based draw tool
The Gimp 1.1.2 The GNU Image Manipulation Program
The Guild 0.1.86 A fully 3d-rendered / raytraced first-person interactive adventure
The Internet Junkbuster 2.0.2 The Internet Junkbuster v2.0.2
think 0.1.1 Outliner and project organizer
TiK 0.57 Tcl/Tk version of AOL Instant Messenger
TiMidity++ 1.3.1 Experimental MIDI to WAVE converter
TkNotepad 0.4.9 A simple notepad editor written in Tcl/tk
tkRunIt 0.92 A simple, but featureful run dialog box for executing commands without an xterm
TkSTEP 8.0.4-1 Scriptics' Tk for Tcl, modified to adopt NeXTSTEP(R) look and feel
TkX10 0.9beta Perl/Tk frontend for HEYU X10 control
TkX10 0.9beta Perl/Tk frontend for HEYU X10 control
traffic-vis 0.30 Network analysis tool
TWIG 0.1pre1 A web-based IMAP client written with PHP3
Universe 0.10.1 Space Strategy game
ViPEC 1.04 Network analyzer for high frequency electrical networks
VM 6.67 Emacs-based mail reader
weather.PHP 1.0 Get, store and subsequently display current US Cities Weather Information.
Wisio 0.12 An experimental project for a graphical windowing system
WMHeadlines 1.3 Put web-news headlines in your Window Maker root menu.
WMint 0.8 Dockable interrupt monitor for x86 Linux boxes
WMLmMon 1.5 Lm78/75 monitor applet for WindowMaker
wmtune for bttv 1.0 window maker radio tuner applet for bttv based TV/radio cards
X-Chat 0.5.3 GTK+ Based IRC Client. Alot like AmIRC (Amiga).
X-GnuDIP2 1.0 GTK client for the GnuDIP dynamic dns project
x11amp 0.9 alpha2 Mp3 player for Xwindows
XML Parser, Java Edition 1.1.14 XML Parser & Generator for Java
Xproc 1.2 GTK-based system information program
Xwhois 0.3.2 Small and fast GTK+ X11 client for the internet whois network services.
 

Our software announcements are provided courtesy of FreshMeat

   

Sections:
 Main page
 Linux in the news
 Security
 Kernel
 Distributions
 Development
 Commerce
 Announcements
 Back page

See also: last week's Back page page.

Linux links of the week


The Beowulf Underground is a new news site dedicated to events around Linux clusters. It's a useful source of information on this crucial area of Linux development.

Stokely Consulting's Unix Sysadm Resources is a comprehensive site full of good stuff for administrators of any Unix-like system, including Linux.


February 11, 1999

   

 

Letters to the editor


Letters to the editor should be sent to editor@lwn.net. Preference will be given to letters which are short, to the point, and well written. If you want your email address "anti-spammed" in some way please be sure to let us know. We do not have a policy against anonymous letters, but we will be reluctant to include them.
 
   
Date: Fri, 5 Feb 1999 02:02:28 -0500 (EST)
From: cph@martigny.ai.mit.edu (Chris Hanson)
To: editor@lwn.net
Subject: Structure vs purism

OK, I see that someone else has chosen to speak up about gotos in the
kernel, so I'll chip in too.  I agree that more context should have
been given.

Where I disagree, and very strongly at that, is in the implication
that goto's are somehow "unprofessional".  Goto is simply a tool, and
its use can be either beneficial or harmful, depending on the
programmer.  A skilled programmer uses language constructs to provide
a clear expression of the program; goto is appropriate in many
circumstances because it captures the intent of the program more
accurately than other available constructs.

Goto got an undeserved bad rap from the structured programming
movement of the 70s, which was epitomized by Pascal.  Pascal lacked a
goto statement, which meant that if the control structure of a program
was not cleanly expressed by the available iteration constructions,
you were SOL.  I've written a fair amount of code in Pascal, and I can
say from experience that I missed the goto statement when programming
in that language; at least C _has_ a goto statement, and I use it when
I think it is appropriate.

It's also kind of funny that this conversation comes up in the context
of Linux.  To me, one of the strengths of the Linux community is its
attention to freedom.  Goto was originally denigrated by people who
decided that the way to prevent bad programmers from writing bad
programs was to reduce the expressive power of the languages --
specifically by eliminating goto.  (Of course, bad programmers will
_still_ write bad programs, even without goto.)  Now why would someone
who believes in freedom want to _reduce_ expressive power?

Now, you may be wondering why I feel so strongly about this.  The
answer is that I'm a Scheme programmer.  In Scheme, there is only one
iterative control construct: the tail-recursive procedure call, which
is just a goto with arguments.  So by denigrating goto, you indirectly
denigrate my favorite language, in which I write many beautiful and
elegant programs, each filled to the brim with "gotos".

So please, have a little respect for goto, and those of us who like to
use it.
   
Date: Mon, 08 Feb 1999 11:23:58 +0000
From: Mark Lamb <dragon@freedom.org>
To: lwn@lwn.net
Subject: A Plea for help

Finally managed to carve out some time to play with 2.2; am now trying
to wrap brain around new routing code in particular. The ipchains and
ipmasqadm have decent man pages; the iproute2+tc stuff has only BNF-ish
descriptions of the syntax.

Anybody got any idea how to use any of these bright shiny new toys? I'm
taking hints, for (possibly delayed) publication, via email at 

	dragon@snafu.freedom.org

I'm hoping to write some coherent docs; until I get the time I'll post
anything sent raw for the good it might do others. It'll all be at 

	http://snafu.freedom.org/linux2.2/

Along with copies of some of the packages I've downloaded to get a
RedHat 5.2 system ready for 2.2 et al. This includes the latest iproute2
package (as of Jan 23) from
	ftp://ftp.inr.ac.ru/ip-routing/
Which seems to have been down for the last several days.


-- dragon@snafu.freedom.org (Mark Lamb)
I won't cry for the wasted years cuz' you ain't worth the salt in my
 tears.
   
Date: Wed, 10 Feb 1999 22:40:43 -0700
From: Jeffery Cann <linuxguy@ix.netcom.com>
To: editor@lwn.net
Subject: Zope License

(Slightly modified version sent to Digital Creations)

Greetings.

As I see a Zope advertisement on the LWN site, I am concerned that the
Zope development environment is "Open Source" branded.  Specifically,
the third clause in their latest license version (0.9.7) continues to
troubles me.

Initially, Digital Creations (www.zope.org) wished to require
attribution when web sites were produced using Zope.  More recently,
they have come closer to freeing their code.  IMHO, the point of section
3 is still works against the rationale of freeing software, whether
"open source" or via the GNU Public License (or similar licenses).  The
point of releasing source code is so that the community may share it,
improve it, test it, etc.  The benefits received by Digital Creations
will outweigh any concerns with attribution.

Let me draw on the Apache web server (and license) as an example, since
the Zope Public License (ZPL) is based on it.  The Apache web server is
the most popular and most used web server in the world.  It became so
because their software was continuously improved by a
community of developers.  Eventually, it overtook the reliability of
competing proprietary products, such as Microsoft's IIS or Netscape's
web servers.

Apache does not require or even ask that attribution be given to the
Apache development group.  Yet, amazingly, every technical person who
develops web content knows that Apache is the web server of choice.  The
reason every one knows this is because Apache is technically superior
server.  It is the most popular due to its technical merits, not because
they required or pleaded for attribution.

If Zope is a real alternative to Cold Fusion, then why still ask for
attribution?  Why not let the product stand on its technical merits?  I
guarantee you that if Zope is better or equal to Cold Fusion, it won't
take too long for the web developer community to figure this out and
free attribution will follow.  It didn't take long for Apache to become
the number one server.

Finally, I must quote the Chinese philosopher Lao Tsu  -- "Who does not
trust enough will not be trusted."  Freeing source code is about trust
-- trust between the person(s) or company who wrote the original code
and those in the community who use it and contribute it.

I appreciate the efforts of Digital Creations to refine the ZPL.
Hopefully, they will drop clause 3 altogether so I can start using the
Zope development environment.  Until then, I am happy to continue to
hack perl, gimp and htmlpp for my web site development efforts.

Sincerely,
Jeffery Cann


   
Eklektix, Inc. Linux powered! Copyright © 1999 Eklektix, Inc., all rights reserved
Linux ® is a registered trademark of Linus Torvalds