Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise
news for all interests
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page
Other stuff:
Contact us
Recent features: Here is the permanent site for this page.
|
Leading items and editorialsWho do you sue? Few readers will need to be told about the "ILOVEYOU" virus/worm turned loose upon the net by somebody with a strange idea of fun. Millions of people were evidently affected, with damages estimated in the billions of dollars. Even accounting for a certain amount of overhype by the press, "ILOVEYOU" has been a disastrously expensive episode. One would think that people would be wondering about how it could be possible - and how to keep it from being possible in the future. Microsoft disclaims any responsibility - its customers are evidently beating down its doors screaming for software that is insecure by design. But wasn't one of the shortcomings of free software supposed to be that there is nobody to sue when things go wrong? Billions of dollars of damages generally are a clue that something, somewhere has gone wrong. Microsoft's denial of any responsibility puts the lie to the claim that proprietary software comes packaged with somebody to go after for damages. It also guarantees that this all will happen again - as it has happened other times. The whole thing is pathetic to a degree that defies belief; no wonder that Phil Agre was moved to write that "Microsoft shouldn't be broken up. It should be shut down." Events such as this tend to bring out smugness and condescension in Linux users. We don't have those sorts of problems, after all. It is fair to say that no self-respecting open source project would intentionally put out software which would run code from random users on the net. And when such a problem is found, free software developers almost always take (moral, though not financial) responsibility quickly and race to get a fix out as soon as possible. We live in a different world, and can only look in confused wonder at people who tolerate an environment where viruses are a routine problem. Thus MandrakeSoft puts out an advisory on how Linux-Mandrake (and all other distributions) are not vulnerable. "Software viruses are programs that can infect poorly-secured computer operating systems and applications. Machines running the Linux operating system have never been infected by a virus yet." And Evan Leibovitch writes in ZDNet: "How many times do users of Windows need to be kicked in the head? It's as if we have a community of people who, upon discovery of 'kick me' signs attached to their backs, do nothing -- and then complain when they eventually do get kicked." But life is not quite that simple. It is true that Linux is highly unlikely to be caught by such a simple, email-borne bit of nastiness. But nobody would claim that Linux systems are 100% free of vulnerabilities. A suitably talented malware author who wanted to shoot down some of those smug Linux people would not have that hard of a time creating an embarrassing incident. Consider, for example, the vulnerabilities in bind 8.2. Fixes were available back in November, but, according to this CERT advisory from last week, there are many sites on the net which have not applied those fixes. Many of those are likely to be systems where the administrators do not even realize that bind is installed and running. There are certainly numerous people out there who are sufficiently talented and malevolent to write a worm which would exploit those holes and propagate itself over the net. It would not catch any site with aware administrators or a decent firewall, but it could still make a large splash. It could put Linux advocates on the defensive in a hurry. So we're best off remaining humble. We have a far better platform, one which will never support a whole anti-virus industry. But perfect security will continue to elude us for the foreseeable future. Best to keep working in that direction and let the results speak for themselves.
Feature: Beyond free software in Japan. Thanks to ChangeLog founder Maya Tamiya, we have this feature article looking at two Japanese projects which stretch the traditional boundaries of open computing. The The Open Hardware Palmtop Computing Association has developed a palmtop system with the entire design being available under the GPL. It runs Linux, of course. Then, for something completely different, there is the Open Source Toys Project. After all, cuddly penguins are interesting to more than just Linux hackers... Red Hat changes direction. When Red Hat filed for its IPO just under a year ago, one thing that was emphasized in its business plan was its web portal. Selling Linux CDs wasn't where the real money would be - instead, it would emphasize other things, like services and the web. Recent events show that things seem to not be working out in quite that way. For starters, Red Hat has laid off most of the staff from its Wide Open News site, and will cease doing original writing there. Instead, Wide Open News will simply repackage content from its partner sites (such as Salon). So the news business appears not to be going very well. Meanwhile, about the only other "portal" element to have come online is the Red Hat Marketplace, which has been up for less than a month. A year after the IPO filing, the Linux web portal turf looks to be strongly held by companies like VA Linux Systems, rather than Red Hat. Instead, according to this press release, Red Hat is now in the venture capital business. "Red Hat Ventures" will make investments of $500,000 to $2 million in new, open source-related companies; investments have already been made in Sendmail, Inc., Rackspace.com, and e-smith. The more cynical among us could say that Red Hat, rather than figuring out a way to make money from its investors' capital, is hoping that some of these younger companies can do it instead. It's also true, however, that such investments can help improve the value of Linux (and Red Hat's distribution), give Red Hat early access to cool new developments, and pave the way for later acquisitions. Meanwhile, Red Hat continues to sell lots of Linux CDs and related products. Some things haven't changed. Inside this week's Linux Weekly News:
This Week's LWN was brought to you by:
|
May 11, 2000
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Security page. |
SecurityNews and editorialsWidespread, scary web security problem. The folks at Digital Creations have turned up a problem in how the web handles authentication that has widespread implications. Hostile web pages can be crafted which can cause your browser to take actions under your name on web sites where you have authenticated yourself. Various types of authentication-oriented services - such as web mail, web administration, brokerages, etc. - can be vulnerable to this problem. Obvious fixes are not in sight. Please see this LWN feature for an overview of the problem and how it works. The Nexus Project initial release. The Nexus Project, being a "maximum security" distribution which grew out of the Kha0s project, has announced its first public release. Nexus seems to be taking a very server-oriented approach; the distribution does not emphasize desktops or ease of use. They intend to produce a capability-based system, perhaps they will be one of the first Linux distributions to really use capabilities. They also apparently plan to distribute software primarily in source format, rather than use a binary package system. How apache.org was cracked. Here is a description of how apache.org was cracked this last week. The summary, for those who have not already seen it: the site was cracked though some poor configuration choices for its FTP server. The apache server itself was not compromised. (Found on Kuro5hin). Security Reportspam_console. Michal Zalewski and Benjamin Smee pointed out problems with the pam_console PAM module which can allow a user to sniff passwords, execute commands as the user on the console and more. This will impact any PAM-based distribution and has been confirmed on Red Hat 6.0-6.2. No fix for the problem has been reported as of yet. glibc resolver weakness?. One thread this week on BugTraq started with a report of a weakness in the glibc resolver code. Salvatore Sanfilippo reported that the resolver routines in glibc versions 2.0 through 2.1.3 generate a random ID which is used to match requests with queries. This random ID turns out to be fairly predictable In addition, the resolver routines silently discard non-matching IDs. This leaves the server open to, potentially, a variety of DNS-based attacks, though those attacks are currently theoretical. DBMan. The shareware, cgi-based DBMan script from Gossamer-threads.com provides a full featured database manager built on a flat-file ASCII database with a web interface for adding, removing, modifying or viewing records. A design error in the script allows it to be used to improperly display environment and setup variables. Check the relevant Security Focus vulnerability database entry for more details. BSD reportsNetBSD unaligned IP panic.NHC Research posted an advisory to BugTraq reporting that NetBSD 1.4.2 and prior versions could be remotely crashed by the receipt of a packet with an unaligned IP Timestamp option, making them vulnerable to a remote denial-of-service attack. NetBSD has responded with a confirmation of the problem and kernel patches for NetBSD 1.4.1 and 1.4.2. Note that this problem only impacts the Sparc and Alpha platforms; other platforms such as i386 and m68k are not affected. FreeBSD reports. Three FreeBSD advisories were released this week, involving the following "ports". Workarounds or fixes are provided/recommend for each. Commercial vulnerabilitiesListserv mailing list manager. An exploitable buffer overrun has been reported in the Listserv web archive software. Listserv is a popular commercial mailing list manager that runs on a variety of platforms, including Linux. An exploit has been published and an update to Listserv is reported to be available from L-Soft. Send email to support@listserv.com for more information. Vulnerabilities have been reported with the following hardware:.
Updatesopenldap tmplink vulnerability. A tmplink vulnerability was reported in openldap. Check the April 27th LWN Security Summary or Red Hat Bugzilla ID 10714 for more details.This week's reports: Previous reports:
gpm improper permissions handling. Improper permissions handling in gpm was discussed in the March 30th LWN Security Summary.This week's updates: Previous updates:
piranha. Issues with the piranha packages were covered in the main editorial of the April 27th LWN Security Summary.This week's updates: Previous updates:
lisa. LISA, Caldera's non-graphical systems administration tool, contained several tmpfile handling problems in versions prior to 4.1. An upgrade is recommended. Note that this advisory was posted on April 26th, but not previously reported in an LWN security summary.
ircii buffer overflow. This week's updates: Previous updates:imapd buffer overflow. New imap-4.5 packages containing a backport of the buffer overflow fixes in imap-4.7 were uploaded into the Debian stable tree. ResourcesSecureBSD 1.0 Preview Release. The initial announcement for the SecureBSD 1.0 Preview Release calls it "Kernel-based security enhancements for FreeBSD". Check this description for more details. siphon. A beta release of siphon, a passive network mapping tool, has been announced. EventsFIRST conference reminder. May 12th is the registration deadline for the 12th Annual FIRST conference, if you want the early registration discounts. FIRST is being held June 25th through the 30th in Chicago, Illinois, USA. May/June security events. May 14-18, 2000. EuroCrypt 2000, Bruges (Brugge), Belgium. May 14-17, 2000. 2000 IEEE Symposium on Security and Privacy, Oakland, California, USA. May 22-25, 5000. SANE 2000, Maastricht, The Netherlands. June 12-14, 2000. NetSec 2000, San Francisco, California, USA. June 25-30, 2000. 12th Annual First Conference, Chicago, Illinois, USA. June 27-28, 2000. CSCoRE 2000, "Computer Security in a Collaborative Research Environment", Long Island, New York, USA. Section Editor: Liz Coolbaugh |
May 11, 2000
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Kernel page. |
Kernel developmentThe current development kernel release is still 2.3.99-pre6; there has not been a mainstream kernel release since April 26. In the "testing" area, however, things have been active - the preprepatch for 2.3.99-pre7 is in its ninth revision as of this writing. It contains the new configuration option controlling whether devfs is automatically mounted at boot time, the new devfs FAQ, a whole new PowerPC 8620 ethernet/serial driver contributed by MontaVista Software, a number of ethernet driver, USB, and PCMCIA updates, a new Specialix RIO driver, and a new "PPP over ethernet" driver. This prepatch also contains a significant rewrite of the mount/superblock handling code; things are not stabilizing quite yet. The recent development kernels still appear to have severe memory management problems - at least for some users. Reports of the kswapd thread using 70% or more of the CPU are common. There is increasing interest in simply backing out a number of the recent memory management changes in the hope that things work better again for the short term. Meanwhile a number of hackers are working toward better memory management in the future. In particular, Andrea Arcangeli's classzone patch has gotten a number of good reviews. (Andrea, by the way, will be speaking at the May 16 Bay Area LUG meeting in San Francisco). The current stable kernel release is 2.2.15, released on May 7. Alan Cox has moved forward with 2.2.16pre2, which contains quite a few fixes and updates already. Andrea Arcangeli, meanwhile, has released 2.2.15aa1, which enhances the 2.2.15 kernel with quite a few goodies, much of which (big memory, large file support, raw I/O) is backported from the 2.3 series. What's in your kernel? The Linux kernel is said to be the grand unifying factor which keeps all Linux distributions at least somewhat the same. But, as it turns out, the distributors do not ship kernels direct from Linus - each applies its own patches and tweaks. Last week we looked at the Linux-Mandrake 7.0 kernel; this week instead we grabbed the kernel source package for Caldera's eDesktop 2.4. Here's what we found:
Caldera's kernel is thus relatively lightly patched. The one thing there that's perhaps unique is the streams patch, for which most Linux distributions (and users) have little use. Should USB require devfs? Universal Serial Bus devices are by their nature dynamic - they come and go whenever the user inserts or removes a plug. The USB development team has implemented the USB device filesystem (or "usbdevfs") as a way of keeping up with what the user is doing. Usbdevfs is a dynamic filesystem which tracks the state of the USB; as devices are added, a corresponding entry shows up in usbdevfs (customarily mounted on /proc/bus/usb). Some readers may have noticed that usbdevfs sounds much like devfs, which is now part of the 2.3 development tree. The USB folks noticed that too, and have been merging usbdevfs into devfs with the goal of having just one dynamic device filesystem. It's an idea that would seem to make some sense. Except that not everybody is thrilled with the idea of needing devfs to be able to use USB devices. Devfs remains controversial at best. But, more importantly, it is not at all clear when the distributions will start shipping kernels with devfs enabled. Even when they go with the 2.4 kernels, distributors may shy away from devfs for a while. Running devfs requires that a system be reconfigured in a non-trivial way; distributors will hesitate before requiring that of their users. The merge of usbdevfs and devfs will probably continue. But there's also likely to be some sort of short-term hack that will allow systems to function with USB in the absence of devfs. The final destination seems to be clear, but not everybody wants to get there at the same speed. Meanwhile, the latest USB 2.3.99 jobs list has been posted by Randy Dunlap. Other patches and updates released this week include:
Section Editor: Jonathan Corbet |
May 11, 2000
For other kernel news, see: Other resources: |
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Distributions page. |
DistributionsPlease note that security updates from the various distributions are covered in the security section. News and EditorialsUniversity Linux distributions unveil. Boston University unveiled BU Linux this week, a private Linux distribution based on Red Hat that has been tailored for the Boston University environment, with Kerberos, OpenSSH and other features preconfigured. Within moments of our mention of this distribution on the daily page last week, we received a note from Michael Katz-Hyman, pointing out Carnegie Mellon's Andrew-Linux. Andrew-Linux has been available since April of 1999, according to the documentation. The installation document for Andrew-Linux still refers to Red Hat 4.2. A third University Linux distribution is CAEN Linux, from the College of Engineering at the University of Michigan. Similar to the other two, it is Red Hat-based. They've got a list of frequently asked questions and answers that is worth checking out. CAEN Linux was created and is supported by Chris Wing, also known for his work on 32-bit UID support for the Linux 2.4 kernel series. One difference between these distributions: their public availability. Andrew-Linux is definitely available only internally to Carnegie Mellon. BU Linux is currently only available internally, but they have hopes that will change. CAEN Linux is available now. To further discussion of University Linux distributions, Boston University is hosting a mailing list on the topic. To subscribe, send your request to uni-linux-l-request@bu.edu and put "subscribe" in the body of your message (majordomo). We will certainly have to give up keeping a list of distributions in the right-hand column of this page if each and every University publishes their own version ... and they likely may, since it is a time savings for any major organization to tailor their distribution of choice to their own needs and then duplicate that exactly, rather than risk having a slightly unique version of Linux on each and every PC. VA-enhanced Red Hat Linux 6.2. VA Linux, which has been known to distribute Debian Linux CDs in the past, has now announced a VA-enhanced Red Hat Linux 6.2. DaLinuxFrenchPage (in French) reports that the VA-enhanced version includes all the updates, plus cluster support, the watchdog kernel patch, and the latest version of Enlightenment. VA sports a comparison page where you can quickly see the additional packages, updated packages, kernel patches and bug fixes that they've added. This does not necessarily mean a diminished support for Debian; VA has enough customers that may require Red Hat to justify their support of their own version. Making that enhanced version more widely available is certainly a reasonable step to take. Number of Linux Distributions Surpasses Number of Users (BBSpot). This brief article from BBSpot takes a humorous look at the number of Linux distributions. "'We've been expecting it for some time,' Merrill Lynch technology analyst Tom Shayes said, 'but this is a little sooner than most expected. We've seen explosive growth in the number of Linux distributions, in fact my nephew just put out Little Tommy Linux 1.1 last week.'" (Thanks to Paul Hewitt)
The Embedded Debian Project. Announcing... the Embedded Debian Project. As the name suggests, this project seeks to help get the Debian distribution into embedded applications. It's not officially part of the Debian project, but plans to work closely with them. Their first project will be to put together a guide to embedding Debian as it stands today; thereafter they will head into extending the distribution to better address embedded tasks. China Backs Red Flag Linux, It's Unofficial (IT-Director.com). We get occasional mail asking us for more information on Red Flag Linux and whether or not it has been officially chosen by China as the national Linux distribution. This IT-Director.com article tackles this question with an ironic answer. "This year the level of Linux usage in China is expected to double and it will be the home grown Red Flag Linux that prospers. In a very Chinese manner, the Chinese government is encouraging the use of Linux, while at the same time pretending not to." In other words, don't expect an official answer any time soon ... but draw your own conclusion. Caldera OpenLinuxUpdates for Caldera eDesktop 2.4. New packages for both dump and lisa have been posted to the Caldera update directory. The lisa update is reported to also fix problems with COAS under 2.4. Caldera and Pervasive Bundle Tango. Caldera and Pervasive Software have announced plans to bundle Tango with Caldera OpenLinux eServer 2.3. The combination of the Tango commercial web infrastructure software and eServer is intended to give an easy-to-deploy, remotely manageable web platform. Tango includes the Pervasive.SQL 2000 Server database engine for Linux. Conectiva LinuxConectiva Linux Server 5.1 beta. Conectiva has announced the first beta of "Conectiva Linux Server Edition 5.1." It has a number of goodies, including a 2.2.15 kernel with the logical volume manager and ReiserFS patches, LDAP support, Stackguard-protected servers, and more. Debian GNU/LinuxDebian Weekly News (May 2nd). This week's Debian Weekly News talks about Debian's first Testing Cycle, a possible new source package format, and a long thread on what to do next. Debian at LinuxTag 2000. Debian is planning a booth for LinuxTag 2000, coming up June 29th - July 2nd, in Stuttgart, Germany. GNU/HurdKernel Cousin Debian Hurd. The May 10th edition of the Kernel Cousin Debian Hurd reports the auto-builder is now up and running, an important hurdle, the Hurd conference in Paris is on schedule for June 17th with over 150 people expected and a "fatfs" file system translator may be on the way. LinuxPPCJason Haas returns to LinuxPPC. Jason Haas dropped us a note this week to let us know he was recovering well from his car accident and back to work at LinuxPPC. To prove it, we've started getting brief status messages from him. The latest: LinuxPPC has their new SSL certificate in place. "There was a slight delay between the time when our old SSL certificate expired and the new one renewed. However, users (buyers) can be assured that warnings about expired certificates were largely meaningless and that all connections made were still completely secure. The new certificate is now in place." Slackware LinuxChangelog-current report. Due to problems with gcc-2.95.2 and the Linux 2.2.15 kernel, gcc-2.95.2, which was installed the week before, was removed this week in favor of egcs-1.1.2. The remainder of work this week included small bug fixes and upgrades for util-linux, biff+comsat, bsd-finger, gnu-pop3d, nettools and netkit packages. Section Editor: Liz Coolbaugh |
May 11, 2000
Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Development page. |
Development projectsOrbiten Free Software Survey. The first Orbiten Free Software Survey is out. They looked at some 25 million lines of free software code, trying to get a feel for what its developer community looks like. They turned up some 12,000 developers working on more then 3,000 projects. The largest "developer" turns out to be the Free Software Foundation, with some 11% of the total; as the survey points out, the FSF got there because it tends not to credit its individual developers. The top 10% of the developers accounted for 72% of the code overall. First public BitKeeper release available. According to the development status page for the BitKeeper source management system, the first public release of the code is now available. BitKeeper promises some good things for software management, and may well end up being used to manage the Linux kernel source. It's not 100% "open source" software, however; see this 1999 LWN feature on BitKeeper for details on its licensing. (Thanks to Jay R. Ashworth). Li18nux draft globalization specification available. The Linux Internationalization Initiative has announced that its "Draft Globalization Specification" is now available for public review. They plan to have a final version out by August, and to have the distributions shipping with standard internationalization by the end of the year. Browsers and mail clientsCSCMail 1.6 is out. A new stable version of CSCMail has been announced. CSCMail is a GPL'ed graphical mail client. Some of the responses from people who tried it out were quite positive. "Yup, I can agree to some comments, CSCMail rocks ! I tried StarOffice, Mahogany and some other's (i need a graphical one), but CSCMail beats 'em all.. " MozillaZine news. Top headlines from MozillaZine this week include how to get involved in Mozilla Quality Assurance (QA) and a browser comparison chart from XML.com. DatabasesPostgreSQL 7.0 released. PostgreSQL 7.0 contains a large list of new features; see the announcement for the whole thing. It includes implementation of foreign keys, an optimizer overhaul, lots of fixes and cleanups, and much more. Open source start-up to take on database market (News.com). PostgreSQL joins the list of Linux, Apache, PHP and other open source software products to be the primary product focus of a new company, in this case, a new subsidiary of Landmark Communications, Great Bridge. "The new company is trying to integrate smoothly with the open-source community responsible for the development of PostgreSQL, [Great Bridge CEO Al] Ritter said--in particular the six people at the core of the project. 'We don't want to take over the project. In our view, the real strength of open source is that the project is independent' of any one company, he said." The Mystery of mySQL (O'ReillyNet). The O'Reilly Network looks at why people use MySQL. "One of the benefits of MySQL is simplicity. It doesn't carry with it some of the overhead of commercial databases. There's not as much to learn and not a lot of unnecessary features." EducationLPI Weekly News (May 5th). This week's edition of the LPI Weekly Newsindicates that work on the Level II certification exam has begun and includes a new FAQ section. Check there for the status on non-English exams (not anytime soon), the beta testing cycle and what a Linux newbie can do to prepare for their first exam. SEUL/edu Linux in Education report. This week's SEUL/edu Linux in Education Report looks at scientific applications and a number of other education-related issues. Embedded LinuxMontaVista announces real-time scheduler for Linux. MontaVista has announced the release of a new scheduler for Linux which enables real-time performance in the standard kernel. A beta version is available now from MontaVista's web site. Note that this scheduler drops transparently into the Linux system. "The MontaVista scheduler, which executes before the standard Linux scheduler, optimizes Linux process/thread scheduling by only examining and dispatching the highest priority real-time entity that is ready to run. Unlike the Linux scheduler, overhead for process selection is fixed, yielding extremely high performance. If no real-time entity is available for execution, or none has been specified as real-time, then scheduling falls through to the standard scheduler and fairness-based scheduling proceeds apace." GamesReview: Heavy Gear II (LinuxGames). LinuxGames took a look at Loki Software's release of Heavy Gear II for Linux. "As has been pointed out before, Heavy Gear II has pushed, further than any other game, the limits of Linux as a gaming platform. It incorporates the hardware video acceleration, joystick support, and cross-platform networking. The result is a very solid conversion, and is in fact the first Direct3D game ported to Linux." (From Meerkat). InteroperabilityWine Weekly News. The Wine Weekly News for May 8th mentions the release of a new Wine book: Wine Administrators Handbook by Michele Petrovsky and Tom Parkinson, plus the usual list of new features, bug-fixes and discussions. Kernel Cousin Samba. The May 4th edition of the Kernel Cousin Samba is out; it includes a first look at Samba 2.0.7. LawReady, Set, Post! (Law.com). Law.com ran this article about the OpenLaw project. "Of course, there's an obvious pitfall to public brief drafting -- the other side knows the arguments in advance. But Department of Justice lawyers who worked opposite [Lawrence] Lessig in the copyright case say that they were not regular visitors to the center's site." (Thanks to Jay R. Ashworth). MedicineGuatemalan Hospital to Run Linux. LinuxMedNews reports that Antigua's all-volunteer Hermano Pedro hospital will soon have its own Red Hat-based Linux network. Note that updates from Guatemala are being posted on the progress of the installation. "he hospital was built in 1680 and I'm writing this outside of the surgical suite which has stone arches to my right and a door opening onto a garden courtyard on my left. The first order of business will be to run Class 5 cabling throughout the building which by the looks of it will be tough going because everything seems to be made of stone." NetworkingOpenNMS update 1.7. This week's OpenNMS update reports the status of this project (which is building network management software) and indicates that the debate between using an Object database or a Relational database is still ongoing. Their wish list this week is for some database experts to join the project, presumably to help get this issue settled correctly. Also included was a great quote of the week:
"Upon going in to the local computer store and telling the customer
service
dude that my recent purchase didn't work, his surprised response:
'Did the sales guy tell you that this was supposed to work?'
Oooh. Guess I forgot to ask that question. Kinda thought that basic
functionality would be included at no additional charge, but then again...
Office ApplicationsLyX Development News. A new edition of the LyX Development News is now available. Check it out for information on the upcoming LyX developers meeting June 8 through the 12th in Stokke, Norway, a report on Allan Rae's LyX Presentation at the Queensland Chapter of the Australian Unix and open source Users Group Conference (QAUUG 2000), tips for presenting with acroread and more. Lyx is an open source document processor. Abiword Weekly News. This week's Abiword Weekly News talks about QNX Development, focus fixes, code cleaning, and RTF import/export fixes. Blurred Vision - Gimp's Blur Filters (Graphics Muse). Michael J. Hammel has written a Graphics Muse tutorial on how to use the various blur filters that will be packaged with gimp 1.2. "Pixelize does to an image what a bottle of tequila does to your head - makes things all blocky. Technically, pixelize is a low pass filter that operates on the color components of a region bounded by the width specified that is centered on the current pixel." Gimp News reports .... The Gimp News reports that the Gimp Plug-in Registry now has a plug-in for saving psd files, an important capability for anyone that needs to share layers that can be imported into Adobe PhotoShop. They also provide a link to Carey Bunk's archive of public domain photos, a useful resource. On the DesktopKDE Development News. Here is the latest KDE Development News, by Bill Soudan. It covers many areas, including the 2.0 release: expect it sometime around September. This week's GNOME summary. Here is this week's GNOME summary, by Havoc Pennington. Top of the news this week is the availability of GNOME application templates in KDevelop... evolution alpha available?. Dominator pointed out on gnotices that a pre-release of evolution appears to be available on the helixcode ftp site, though no official announcement has been seen as of yet. KDE.com goes live. KDE news reports that the new KDE.com site went live on May 9th. In spite of the domain name, this is not a commercial site, but instead a community resource, providing searchable mailing lists, documentation, KDE headlines and other portal-like capabilities. Web site DevelopmentApache 2.0 alpha 3 released. The third alpha release of Apache 2.0 is out. It is still considered a developer's release, but it may be of interest to those who want to see what the next major release of Apache has to offer. The First Year of Midgard. Henri Bergius has drafted a look at the first year of Midgard. "It is now a year since Midgard 1.0 was first released on May 8th 1999. While the project has obviously been going on for a longer time than that (first mention of the project is on Bergie's personal Web site, dated April 25th 1998), the 1.0 launch was when the project became public." Midgard Weekly Summary. This week's Midgard Weekly Summary came out a day early in order to mark the editorial transition from Henri Bergius, who has been the primary editor since its inception, to Ken Pooley, Emiliano Heyns and Ron Parker. The format of the newsletter has been changed to include short interviews, links to relative articles and discussions and a feature article exploring a Midgard-served web site. XFree86A new rendering model for X. Keith Packard has published a paper for this year's Usenix entitled "A New Rendering Model for X". It engendered a lot of enthusiasm from KDE's mosfet, who looks forward to the beneficial impact on KDE (and presumably other desktops ...). "Unlike current solutions, it is to be implemented on the X server without shared memory and does not require rendering inside the application then transferring the entire image to the server - a mess to do, slow, and not something I'm interested in. This is definitely the right way as far as I'm concerned, and will provide the backbone for an advanced canvas and anti-aliased text (font smoothing) for KDE. " Section Editor: Liz Coolbaugh |
May 11, 2000
|
|
Development toolsPython and Perl for the IA64 processor. ActiveState, in partnership with Intel, has announced beta versions of Python and Perl for the Intel Itanium processor. ActiveState will also be provided support to early adopters. JavaSun's JAVA 2 version 1.3 released. Version 1.3 of Sun's JAVA 2 platform was announced on May 8th. Currently, though, the only platforms available run on Microsoft systems. Both the Solaris and Linux versions are in beta, with an expected release date "in June". Check out last week's Development Summary for a reference to IBM's early release version of JAVA 2 v1.3.0. Developers Critique IBM's JDK 1.3 (LinuxMall). Here's a look at reactions to IBM's latest Java release on the LinuxMall.com site. "IBM has released its latest Java developer kit (JDK) for Linux, and early response on the development site suggests its popularity may soon obscure Sun's version. Sifting through the specs, and pondering the kit's various changes is not a light read, but probably is an important one to Linux developers and Java thrill seekers" Perlperl5-porters digest. The perl5-porters digest for May 1st through 7th indicates that a flame war this week has re-ignited the proposal to introduce light moderation to the list. No final decision has been made, yet. An guide to the p5p list has also been posted. Meanwhile, perldoc and indexing was the most hotly debated topic of the week. PHPPHP News. Zend Technologies put out a brief PHP news summary, announcing the availability of PHP 4.0 RC2, now available for download from php.net and a new beta of the Zend Optimizer which is compatible with the PHP RC2 release. Notes from the php.net site indicate that the RC2 release has CGI binary and ISAPI module included and MySQL support built-in. PythonThis week's Python-URL. This week's Dr. Dobb's Python-URL is out, with the usual great roundup of interesting events in the Python world. Looking for a new maintainer for the Python Linux distribution. This discussion thread announces the need for a new maintainer for the Python4Linux distribution, while simultaneously asking if people still think there is a need for a separate Linux distribution to properly support Python. The post received only one direct reply, from someone who definitely used and appreciated the Python4Linux distribution, but was unable to volunteer to support it. (From Daily Python-URL). Tcl/tkDr. Dobbs' Tcl-URL. This week's Tcl-URL contains the usual round of announcements and discussions from comp.lang.tcl. Section Editor: Liz Coolbaugh |
Language Links Guile Haskell Blackdown.org IBM Java Zone Perl News PHP Daily Python-URL Python.org JPython Smalltalk |
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Commerce page. |
Linux and businessLSB and LI18NUX join to become Free Standards Group. The Linux Standard Base (LSB) and Linux Internationalization Initiative (LI18NUX) announced that they have incorporated as the Free Standards Group. Why does Linux need standards? Anyone who has ported applications from one type of system to another knows that it can be painful. Even supporting an application across several different Unix platforms is not seamless. Linux will fragment in that Beowulf clusters are very different from the small embedded devices. It should not fragment in such a way that an application written for one distribution will not run on any other distribution, given a similar hardware configuration. The Linux Standard Base has been working to increase compatibility among Linux distributions since 1998. The Linux Internationalization Initiative has focused on software and application portability and interoperability in the International context. Together they can help to ensure that that application that you love will run on any Linux distribution anywhere in the world.
Members of the Free Standards Group's list of supporters include: SCO put out this press release announcing their participation. New Contracts for Linuxcare. Linuxcare may be reeling from their recent woes, but then again, maybe not all that much. They announced a couple of new contracts, this one with PFU Ltd. to provide in-depth Linux technical support for PFU engineers and expand PFU's suite of multi-vendor support and service offerings, and this one with Hitachi to jointly provide in-depth technical support in the development of Hitachi's Linux solutions. VA Linux Professional Services Expands. VA Linux has announced the addition of over 40 engineers and managers to their professional services team. Part of the expansion appears to be from last week's acquisition of Precision Insight. LinuxOne in Spain. LinuxOne has been awfully quiet lately...but they have just turned up in Spain. They are offering pretty much the same products and services - but in Spanish. (Found in BarraPunto). New alliances this week.
DSP development under Linux. Hunt Engineering in the U.K. has unveiled its Linux for DSPs package, which supports Linux-based DSP code development for several boards. "The new package is expected to result in extensive deployment of Linux-hosted DSP systems." (Thanks to Lalith Panditharatne). IA-64 Details On the Internet. Intel Corporation has released the Itanium Processor Microarchitecture Reference. Press Releases:
Section Editor: Rebecca Sobol. |
May 11, 2000
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Linux in the news page. |
Linux in the newsStandards ComputerWorld has put up this article about the merger of the Linux Standard Base project and the Linux Internationalization Initiative. "Some industry observers have long predicted a splintering of Linux into incompatible versions, but most analysts agree that there have been few signs of that so far. There have, however, been some serious compatibility problems - the most notable when Linux was switched to a different set of C libraries a few years ago." ILOVEYOU - Apache Hack CNN has reprinted a Nicholas Petreley article from LinuxWorld on the ILOVEYOU virus. "Put bluntly, most developers in the Linux community would not be stupid enough to create a program as insecure and dangerous as Outlook. And if anyone were foolish enough to do so in the open source community, such a design would not be likely to survive the peer review it would receive." (Thanks to Jay R. Ashworth). Focusing primarily on the recent Apache hack and ILOVEYOU virus, Raju Mathur talks about the downside of standards, at least as far as security is concerned. "For example, the teardrop, boink and other ping of death attacks were so successful precisely because they exploited a standard: the Internet Protocol (IP, commonly mis-referred to as TCP/IP) stack." News.com covers the break-in at apache.org. "Because of the comparatively mild damage and the fact that the intruders told Apache how their attack worked, Apache termed them 'white hats'--helpful hackers, not the more malicious 'black hat' category." Legal Issues Lawrence Lessig talks about the value of open source and the questionable value of software patents in this interview, subtitled The Democratic Promise of Open Source and the Patents that Might Drag it Down . "It is true that there hasn't been a legal test to GPL, but it is not fair to suggest that GPL is vulnerable to a legal test. One reason the absence of a legal test is a good sign is that in fact GPL does rest upon a pretty good legal foundation, which the Free Software Foundation, founded by Richard Stallman, has prepared a legal defense for." (Thanks to Phil Austin.) Bruce Perens has put up an editorial on Technocrat about how free software will be hurt by those using tools like Napster to bootleg music. "...the widespread bootlegging of music by Napster users justifies, in many people's eyes, the way we're being prosecuted over our free software DVD players... I compare it to Tiananmen square. We are enjoying the short dance of freedom before governments come in with heavy weapons. And the worst thing about it is that we are giving them a good reason to do so." This brief Newsbytes article looks at the ongoing battle between the Electronic Frontier Foundation and MPAA over DVD encryption. "While the MPAA and others say that the DVD encryption codes are trade secrets and should be treated as such, the EFF contends that not only do the DVD protocols not meet the minimum standard for 'trade secrets', but that the Website postings are a clear example of constitutionally protected free speech." Linuxcare Tim O'Reilly writes about the Linuxcare layoffs; the result is a lengthy article on how he thinks the free software services business will really go. "Linuxcare's initial business model involved a great deal of reliance on phone-based tech support and other low level services; they are now repositioning themselves for higher-level professional services such as creating private label versions of Linux. They are absolutely right to think bigger. The service opportunity is immense, but it isn't necessarily in the obvious places." Upside reports on the layoffs at Linuxcare. "Such a purge was hardly unexpected, especially given last month's pulled IPO following the surprise dismissal of CEO Fernand Sarrat and resignation of chief information officer Doug Naussaur. With prospects of outside investment dwindling, executives need to minimize overhead or risk running out of cash." Here's an E-Commerce Times article about the end of Linux stock mania, with an emphasis on events at Linuxcare. "Some analysts have pointed out that although Linux-related stocks have returned to more appropriate levels, Linux market share has actually continued to grow. Once Linuxcare gets its house in order, it could still expect a strong offering." (Thanks to Jay R. Ashworth). LinuxPlanet has chimed in with this column on the troubles at Linuxcare. "Within the Linux community there is sometimes an outright dismissal of sales as an important component of every commercial concern. There are some who feel that Linux and Open Source is above such mundane concerns; something so superior like Linux and Open Source shouldn't be sullied by the muck of the commercial world. But guess what: the bazaar actually exists, and a company like Linuxcare needs to realize that it needs to play by the rules of the bazaar, not by the rules of the cathedral." Here's a Reuters article on the Linuxcare layoffs. "Linux industry sources said that the company's venture capital firm, Kleiner Perkins Caufield & Byers, is shopping the company, with the two most likely purchasers speculated to be Red Hat Software Inc. and VA Linux Systems Inc." News.com reports on the layoffs at Linuxcare. "The layoffs affected all parts of the company except the core programming 'gurus,' Pat Lambs, head of the office of the chief executive, said in an interview today. No future layoffs are planned, she added." Embedded Linux The O'Reilly Network looks at Linux tools for the Palm Pilot. "The tools included in the pilot-link package over many different services, all command-line oriented. Be aware that some of them are experimental, so it's a really good idea to back up your Palm before using them." Also on the O'Reilly Network: this article about the "Yopy," a Linux-based PDA that is supposed to come out real soon now. "The derivation of the name Yopy is as nebulous as the device itself. One reporter claims it is Korean slang for 'young and full of cash.' The official GMATE web site says that it means 'spirit of young and intelligent who want speedy usage of multimedia function through a PDA.' You decide for yourself."
Here are two articles from the Wireless Developer Network: News.com covers Lynx Real-Time Systems' name change to "LynuxWorks." "Changing names, though, will take less time than changing the company's business model. It will be at least two or three years before the company's revenue from Linux surpasses that of the proprietary LynxOS, chief executive Inder Singh said in an interview." LinuxDevices takes a look at the transformation of Lynx Real Time Solutions into Lynux. "According to Singh, some customers who are initially interested in LynxOS move to BlueCat Linux, some go the other way, and some actually decide to use both. The result of this dual-OS strategy, says Singh, is the ability to meet the needs of more applications and, consequently, more customers." Upside ran this look at Lineo. "For the last six months, the Caldera Inc. spinoff has played corporate Pac Man, gobbling up smaller companies at a pace of one acquisition per month. Lineo, which makes Embedix, is pushing to broaden its technology and engineering base." The Salt Lake Tribune writes about the recent investments in Lineo. "Lineo has hired more than 140 people since September and now employs about 160. It also has bought six small Linux companies, including one in Japan and one in France, so far this year." Business Here's a LinuxMall.com article looking at the cutbacks at Wide Open News. "VA Linux and Red Hat are not the only Linux companies clipping on press passes to attract visitors to their site. LinuxMall.com, the largest online retailer of Linux distributions, applications and various merchandise, started an original content news site in March and intends to spin that news content site off as a separate but affiliated news site, LinuxNews.com." Red Hat has laid off most of the "Wide Open News" team, according to this News.com article. "The Wide Open site will remain on the Web, but in a less ambitious form. The site will be populated with stories from a handful of syndicated news partners..." Here's an article on LinuxMall.com about a supercomputing project in Sweden. "[Terrence] Brown's group has a multifaceted approach aimed at tying clustering efforts together. 'We are creating a new Linux distribution (and tools) that will allow anyone to easily create a general purpose supercomputer--a Vanilla Beowulf--without being a Linux programming expert,' Brown said." ComputerWorld reports on software smugglers - people who slip unapproved operating systems into corporate settings. "At first glance, many information technology managers from traditional backgrounds recoil in horror at the thought of open-source operating systems. The freewheeling exchange of source code seems like a recipe for total chaos, and every IT manager knows that preventing chaos is the most important part of the job." Here's a Reuters article casting doubt on the chances of the Corel/Inprise merger happening. "'I would guess that there is a less than 50 percent probability the deal will go through,' said Duncan Stewart, fund manager at Tera Capital Corp." This ZDNet article looks at whether a split-up Microsoft would port Office to Linux. "Many Linux supporters said they doubt whether an applications spin-off from Microsoft, given its Windows-oriented corporate culture, would be willing to port Office to a rival operating system." Resources LinuxDevices has published a whitepaper by Cornelius "Pete" Peterson, President and CEO of NETsilicon, Inc., on the coming of age of universal device networking. "Highly integrated system-on-chip (SOC) integrated circuits, low-cost networking, Linux, and the Internet are key enablers of what surely represents a significant "phase transition" in the evolution of modern technology." SecurityFocus takes a look at Network Address Translation (NAT), and the firewalling features present in Linux to build a basic Linux firewall. "The latest versions of the Linux kernel are not necessarily the most stable and reliable versions that have been made available. If your machine does not need the latest drivers, download and install a reliable, stable, well tested kernel; kernel 2.0.38 is known to be all three." Joseph Pranevich addresses the reports that the 2.4 kernel is late in this LinuxToday column. "The traditional world of commercial software loves release dates and release announcements. Often, products are announced months (occasionally, years) before they are actually released with dates and feature lists that are occasionally wholly inaccurate. Open Source projects, as a general rule, don't make these kinds of announcements." LinuxPapers has a new article on Installing Linux. "Installing Linux has for a long time been considered 'difficult'. This is due mainly to its history: the first Linux distributions had extremely basic installation tools, that pre-supposed a substantial amount of technical knowledge, especially about hardware. Fortunately, today the situation is drastically different. " This week's Linuxcare Dear Lina column talks about setuid shell scripts. "For instance, if any temporary files are created or read, a malicious user could exploit a race condition, change the contents of the file, and take control of the script. Another potential danger can arise if the shell programmer becomes careless with command arguments. In this case, dear, the script could accidently spawn an interactive shell. Eek!..." Machine Design has put up an introductory article, which is available in PDF format only. It's reasonably positive, though it dwells overly on "fragmentation" issues. There's also a survey of available design software. (Thanks to Robert K. Nelson). Reviews and Interviews
Mark Minasi has written a book entitled, "The Software Conspiracy: Why
Software Companies Put Out Faulty Products, How They Can Hurt You, and What
You Can Do About It". Bryan Pfaffenberger takes a look at the premise of
the book in this LinuxJournal
article. "Flash back to the 1950s, and take a look at the average
new car produced by one of Detroit's "Big Three" auto makers (GM, Ford, and
Chrysler). You'd see lots of cool features: big, gutsy V-8 engines, flashy
chrome bumpers, and (in 1957, anyway) fins that made the cars look like
low-flying rockets. If you owned one of these monsters, though, you'd
discover another, less-appealing characteristic: shoddiness. The cars were
riddled with defects and needed frequent repairs. They weren't safe,
either, and they were murder on the environment. AboutLinux reviews IBM's TopPage for Linux. "I originally intended this review to be fairly short; but the more I used TopPage the more I wanted to write about it. I had to stop myself before this review turned into another manual for TopPage; after all, the one provided by IBM is already pretty good :-) If you are getting the impression that I liked TopPage for Linux, you would be right." SunWorld has finally gotten around to looking at The Cathedral and the Bazaar. "The paper is fascinating, but the slight trouble with it is that Raymond is a tribesman. In that sense, Raymond tries to be as factual as possible, but he can't be objective. He can't help but assume as background that hacker culture is inherently superior to its opposite, the culture of Dilbert-like programmers in big commercial companies. However true that may be, Raymond is unable to rise above his prejudices, which weakens the paper just that little bit." (Thanks to Cesar A. K. Grossmann). Olinux.com.br interviews Steffen Seeger of the General Graphics Interface (GGI) project. "LibGGI is useable already. As far as KGI is concerned, the KGI console subsystem is quite useable already, though there are still some known bugs, so this part of KGI could be labeled being in beta testing state. The KGI drivers, however, are still alpha or early development."
zocks.de has an
interview with Mathieu Pinard from Tribsoft, Inc. about porting
Jagged Alliance 2 to Linux. (English text follows the German text.)
"When did you start thinking about porting to Linux? LinuxMall.com talks with Greg Lindahl, the engineer behind the "Jet" cluster. "We saw a particular bid, the one at the Forecast Systems Lab, as a potential breakthrough for a Linux-based cluster supercomputer. The FSL bid was fairly unusual because FSL has a history of taking risks, and the procurement process itself looked very fair and focused on buying a system with the highest possible performance on FSL's weather codes." Section Editor: Rebecca Sobol |
May 11, 2000 |
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Announcements page. |
AnnouncementsUCITA-Colorado Home Page. The UCITA-Colorado Home Page and the corresponding UCITA-Colorado email list have been created to be lobby and information resources against possible UCITA legislation in Colorado, USA. "Kevin Cullis spoke with Anthony Navarro at the Colorado State Attorney General Office. He stated that they have the document in hand, but nothing is being proposed at the moment. That's doesn't mean that it's not being worked, it's just that they have not heard, at this time, of anyone proposing it." SystemLogic.net Weekly Rant Contest SystemLogic.net is planning a new column entitled "SystemLogic.net's Weekly Rant by ________" That blank space will be filled in by someone that they pick in a contest giveaway. ResourcesMay LinuxFocus available. The May issue of LinuxFocus is available, with articles on the vi editor, making PDF from DocBook, and many other topics. Italian Linux FAQ The Linux FAQ and News in Italian (formally known as FAQ for the newsgroup it.comp.linux) was first mentioned in LWN in 1998. It has now been rewritten. Parts have been rewritten and integrated in Ziobudda's FAQ (see LWN for April 27). The new FAQ can be downloaded at http://www.pippo.com/linux.html. The old FAQ is still available at ftp://ftp.pippo.com/pub/linux-faq/it.comp.linux/. HostedForums.com A new Linux forum site, at HostedForums.com, has been launched. It contains discussion groups on a number of Linux topics, from specific distributions through to the kernel, PPP, and MySQL. EventsSome ALS submissions lost. Those who submitted a paper for the upcoming Atlanta Linux Showcase may want to have a look at this notice. It seems that some of the submissions got lost, due to a software problem somewhere. If you submitted a paper, you may want to check with the conference organizers to see if they really got it. Journees du Libre IIIeme Edition Strasbourg-Illkirch, France, will host Journees du Libre IIIeme Edition (in French), on May 12th and 13th, a no-entrance-cost event sponsored by Le LUG de Strasbourg. "This event is an attempt to gather during two days free software actors, developers, users, advocates and hobbyists. Several conferences and demos are planned and available to anyone interested in free software." (Thanks to Guy Brand.) 2nd Braunschweig Linux-Days The 2nd Braunschweig Linux-Days will be held the 13th and 14th, May 2000, in Braunschweig, Germany. Last year's event attracted over 800 people and 30 speakers. This year's event contains four tracks and over forty talks, spread over two days. Looks like fun ... best of luck, folks! Oracle iDevelop2000 Oracle announced it will kick off its 24-city Oracle iDevelop2000 conference series on May 16, 2000, at the Oracle campus in Redwood Shores. Oracle instructors will provide in-depth information on using the Java, Linux and Extensible Mark-up Language (XML) capabilities within Oracle's latest software. Supercomputing Week Supercomputing Week "High Performance Clusters" will be held in Mexico City at the National Autonomus University of Mexico (UNAM), May 29th - June 2, 2000. The first meeting of the Open Source Health Care Alliance (OSHCA), formed as a result of the Practice Management Summit in Toronto last fall, will be held 1-2 June, 2000 in Rome, Italy. It is being sponsored by the Minoru Development Corporation. Embedded Linux Expo & Conference (ELEC) The RTC Group and LinuxDevices.com released the technical program for the first Embedded Linux Expo & Conference (ELEC) to be held June 22nd, in San Jose, Calif. PC EXPO This year's PC EXPO features the LinuxMall.com Summit and the Linux Pavilion, sponsored by Linux Journal. June 27-29, 2000 Jacob Javits Convention Center, New York. GNU/Linux Curitiba report Conectiva has put out coverage of the GNU/Linux Curitiba event, held April 30th in Curitiba, Brazil. Talks were given by Richard Stallman, Rik van Riel and others ... Web sitesLinuxViews@Lansystems.com Tre of Lansystems.com has recently come to an agreement with Ed of Linuxguy.net, for Lansystems.com to provide a web archive for Ed's "LinuxViews" Mailing List/E-Zine, to be known as LinuxViews@Lansystems.comThe articles cover Linux related issues from configuring Samba to optimizing lan performance. The Archive program can be found at www.lansystems.com/linuxviews New articles are estimated to appear about 2 to 4 times a month. User Group NewsThe Linux Users' Group of Davis The Linux Users' Group of Davis is meeting Monday May 15, 2000. The topic will be "LINUX FOR SCIENTIFIC COMPUTING," presented by Bill Saphir of the Lawrence Berkeley National Laboratory.Linux User Group in Groningen The local Linux User Group in Groningen, the Netherlands is meeting on May 17, 2000. |
May 11, 2000
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Software Announcements
|
Our software announcements are provided courtesy of FreshMeat
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Back page page. |
Linux links of the weekKuro5hin is another open-source related news site on the net, superficially similar to a number of others. It gets an interesting mix of stories, however. Perhaps that is a result of its interesting editorial setup: registered users of the site can look at pending stories and vote on which ones should actually make it onto the front page. Another approach has been taken by Advogato, which has been up and running since last November. Advogato carries a certain number of free software and freedom-related stories; it also hosts diaries for its readers. A look at the site on any given day will show new diary entries from a number of well-known Linux personalities. There is also an interesting "certification" mechanism which establishes a reputation value for each member. Section Editor: Jon Corbet |
May 11, 2000 |
|
Letters to the editorLetters to the editor should be sent to letters@lwn.net. Preference will be given to letters which are short, to the point, and well written. If you want your email address "anti-spammed" in some way please be sure to let us know. We do not have a policy against anonymous letters, but we will be reluctant to include them. | |
Date: Tue, 9 May 2000 20:18:39 +0200 From: Ragnar Hojland Espinosa <ragnar@macula.net> To: lwn@lwn.net Subject: http://www.lwn.net/2000/0504/ Kerberos protocol - sort of. You can only get the information in the form of a self-extracting executable file, which puts up an intimidating "click wrap" license first. It seems that the Kerberos That's not true. You just have to open the file with winzip and, oh lookie, a pdf :) -- ____/| Ragnar Højland Freedom - Linux - OpenGL Fingerprint 94C4B \ o.O| 2F0D27DE025BE2302C =(_)= "Thou shalt not follow the NULL pointer for 104B78C56 B72F0822 U chaos and madness await thee at its end." hkp://keys.pgp.com Handle via comment channels only. | ||
Date: Fri, 5 May 2000 13:26:51 -0400 From: "Jay R. Ashworth" <jra@baylink.com> To: letters@sptimes.com CC: trigaux@sptimes.com, asp@baylink.com, letters@lwn.net Subject: LoveBug worm I'm quite disappointed to see that none of today's coverage of this topic points out that the reason this worm spread so far so fast is that -- as it always has -- Microsoft has chosen to favor convenience over security in the default configurations of most of its operating system and applications software. In many cases, poor Outlook users didn't even *have to open* the attachment, Outlook would be "helpful" and do it for them. This is not the first time this has happened... but it's also not the first time the *general* press has failed to make it clear that the fault lies as much with Microsoft as it does anywhere else. The technical press seems to do a slightly better job of getting it right, although they're not perfect either. In any event, until people (by which I mean the highly paid network administration staffs of Fortne 500 companies just as much as individual PC owners) start to think security -- or switch from Microsoft software to better designed programs (like Eudora and Netscape Messenger) and operating systems (like Linux and the Mac OS), this sort of thing will continue to occur... and people will continue to find out the hard way that stupidity is supposed to be expensive. Cheers, -- jra -- Jay R. Ashworth jra@baylink.com Member of the Technical Staff The Suncoast Freenet Tampa Bay, Florida http://baylink.pitas.com +1 888 806 1654 | ||
Date: Thu, 4 May 2000 14:47:11 -0700 From: Nathan Myers <ncm@nospam.cantrip.org> To: editor@lwn.net Cc: bad@kitenet.net Subject: Tucows download stats In this week's LWN, while discussing Tucows download statistics, Liz observes: The really startling note from the three months worth of data, still a small sampling, is the lead that the two RPM-based distributions have on the rest of the pack. It will be an interesting trend to watch. Considering that Corel and Stormix are basically Debian plus some add-ons, it's worth looking at the statistics with the three combined. February Linux-Mandrake 46% Red Hat 27% Debian+ 18% SuSE 3% Slackware 3% Caldera 3% March Debian+ 36% Linux-Mandrake 31% Red Hat 14% Caldera 6% SuSE 5% FreeBSD 4% Slackware 1% April Red Hat 31% Debian+ 29% Linux-Mandrake 29% Caldera 4% FreeBSD 3% SuSE 3% Slackware 2% Yellow Dog Linux 1% Here we have the Debian/Apt-packaged family easily keeping up with the more heavily-promoted commercial distributions. March is interesting in that Debian downloads far exceed Mandrake's much-hyped popularity. Perhaps once Potato is out, Debian will just take over the world; then all those people working on proprietary distros can go home and do something productive instead. :-) Nathan Myers ncm@nospam.cantrip.org | ||
Date: Thu, 4 May 2000 15:37:24 +0100 (BST) From: Dunstan Vavasour <dunstan@grenville.co.uk> To: letters@lwn.net Subject: Kernel Releases, Feature Creep, etc. The process Sun use for developing OS releases (so a fairly reliable source told me) is to have two development teams, each producing alternate releases. So the team which had just released Solaris 2.4 immediately started work on the new stuff to go in Solaris 2.6, while the other team worked on Solaris 2.5. Then when Solaris 2.5 was released, that team then merged in the new features which were already included in the upcoming 2.6, and moved on to develop Solaris 2.7. By contrast, when the feature freeze comes down on a Linux development kernel tree, it means that excluded features won't be in a production kernel until perhaps two years down the road. If, on the other hand, the new development kernel started when the "near production" kernel hit feature freeze then it would take off the pressure to cram features under the wire. All that then leaves is the need for people to work on the latter stages of the kernel development rather than the more exciting earlier stages, but I would guess that the "near release" kernel would be more widely used and deployed, giving it the usage and testing which is needed at that stage, while the early stage kernel might attract more developers where more effort is needed. When the 2.4 (say) kernel is released then the 2.7 development kernel would start, either with the 2.4 code base, and the new stuff in the 2.5 kernel being merged in, or it would take the current 2.5 kernel (unstable) and add features while the 2.5 kernel is stabilised for release as 2.6. Clearly the two development teams would need to share bug fixes, but they could work with a large degree of autonomy without being a code fork. The need to talk like this shows just how important the Linux kernel now is. Dunstan Vavasour dvavasour@iee.org | ||
Date: Thu, 04 May 2000 00:31:45 -0700 From: David Clatfelter <dclatfel@pacbell.net> Subject: Where is the 2.4 kernel? To: letters@lwn.net In your May 4th edition, you noted a number of articles which have begun to ask the question - Where is the 2.4 kernel? Let me state first that while I am not a developer, I think I agree with most Open Source developers, that software is like fine wine - it should never ship before its time. But what I find most humorous is that these authors have chosen to question the release schedule of the kernel. I mean, how many of them will be consciously aware of the benefits of 2.4? Is it just me, or is it somewhat absurd to compare the release of 2.4 to something like the release of Win2K? Why aren't these authors clamoring about the release date of KDE 2.0 or the next version of GNOME? That seems like the more apt comparison, but nobody ever seems to make it. Anyway, thanks for letting me voice my opinion. David Clatfelter | ||
Date: Thu, 4 May 2000 10:31:35 -0400 (EDT) From: Clemmitt Sigler <siglercm@alphamb2.phys.vt.edu> To: letters@lwn.net Subject: Open Source software release schedule. Hi Jonathan and Elizabeth, The solution to the problem of Open Source release "delays" that you addressed on last week's front page seems really simple to me. But given the nature of Open Source hacking, it may be hard to achieve. In the case of the Linux kernel, when 2.4 comes out Linus and Alan and other kernel "fathers" need to sit down on IRC or in person and decide just one thing: Which new features should be included in the 2.5 development kernel series. This needs to be planned _before_ hacking on 2.5 starts. The list of features to be included should be short, high priority, high feature win, and achievable. Then comes the hard part -- having the discipline to stick with it. Some modifications to the list are to be expected, but inclusion of totally new features not planned should be forbidden. We know the nature of Open Source hacking is to code what you love as much as what needs to be done. This makes such discipline hard, and might even lead to the dreaded "code fork" if someone gets extremely frustrated that his/her pet project won't be included in the kernel. So it seems to me to be a choice between the current long development cycle, or losing/redirecting hacker interest in the Linux kernel. It would be nice if there was a common ground somewhere in between these two extremes, but this can't be easy to find. Clemmitt Sigler | ||
From: nride@us.ibm.com To: letters@lwn.net Date: Fri, 5 May 2000 13:32:29 -0600 Subject: 2.4 -- What's the big deal? No one who matters made any promises and as always the kernel will get done when it gets done. Open source development isn't in the death march that commercial shops are in and if commercial acceptance of Linux is going to require us to get into that mode, I'd as soon give the various companies the finger. We're not shipping a piece of software with 64 thousand bugs in it, here. We have our reputations to think about, after all. If you need a newer kernel, the dev kernels have been relatively stable (I'm running one at home right now.) I fail to see what the big deal is, or who finds it a big deal. I assume some crack smoking marketroid. The marketroids always choose (usually unreasonable) deadlines over quality. Well I got news for you, one of the biggest reasons to use Linux is because of its quality -- the number one reason people quote for using it over windows is that it never crashes. I know that the important people (The Kernel Developers) are smart enough to know that this is a non-issue and pay it the attention that it truly deserves. I wish the rest of the Linux media would follow suit. -- Bruce Ide nride@us.ibm.com IBM PSC Software Developer | ||
Date: Thu, 4 May 2000 14:42:20 -0400 To: letters@lwn.net Subject: Software testing in the Open Source world From: Zygo Blaxell <zblaxell@genki.hungrycats.org> > In 20 years of development, having worked for 7 different > companies ranging in size from a 5 man startup to the behemoth that is > Samsung, this is the first time I've seen software released to the world with > no formalized testing applied. I wish I could read the rest of this article, but the web server is returning error messages to me at the moment. In 8 years of development, having worked for 6 different companies ranging in size from a 5 man startup to a behemoth that I won't name, only one of those companies released software to the world _with_ formalized testing applied, and that company's policy was to ship the revision of the product with the lowest number of known severe defects when the release date arrived. The same company also had no plans to correct the software after shipment even when the problems were severe, corrections were available, their application to existing systems in the field was feasible, and ongoing support was paid for by the customer--an inconvenience which usually outweighed the small quality benefit from the pre-release testing in practice. Your mileage may vary, I guess. This perception be the result of different semantics surrounding the word "formalized." All of the companies maintained some level of defect tracking, ranging in complexity from stacks of paper with handwritten bug reports to a customized cross-platform client-server database application, and in all cases at least one employee spent part of their time documenting defects as they were found. To me, this is not "formalized testing"--it's "informal testing" at best, and IMHO it's a stretch of the meaning of the words to even call the behavior of some of these companies "testing" at all. Contrast with e.g. CVS, EGCS, Perl, or Tcl, all of which have significant formalized (and mostly automated) test suites. In particular the CVS and EGCS projects publish their test results on mailing lists where anyone who wants to know can see exactly how well the developers are doing. Also contrast with the Linux kernel and the Debian distribution. Formalized testing definitely does occur on subsets of these projects, as sophisticated end users and even a few developers run their own test suites and benchmarks on each new revision, although the code coverage is by no means complete. To say that no testing exists in open-source software at all is a gross overstatement. Opinions expressed are my own, I don't speak for my employer, and all that. Encrypted email preferred. Go ahead, you know you want to. ;-) OpenPGP at work: 3528 A66A A62D 7ACE 7258 E561 E665 AA6F 263D 2C3D | ||