Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise
news for all interests
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page
Other LWN stuff:
Archives/search
Recent features: Here is the permanent site for this page. See also: last week's LWN.
|
Leading items and editorialsWhen is the right time to release free software? Red Hat has taken some grief recently for releasing development versions of the compiler and C library with Red Hat 7. One reason (of many) that has been put forward to explain this decision is that Red Hat is seeking to help stabilize the development of gcc 3.0 by increasing the development version's user base. By increasing the number of testers (also known as "users"), Red Hat 7 will flush out the remaining bugs and provide motivation for the gcc team to get 3.0 out there. This situation reminds one of the infamous 5.0 release, which was the first mainstream distribution to include glibc2. Then, too, Red Hat justified its action as helping to bring about the stability of the C library. The interesting thing is: Red Hat is almost certainly right. Until Red Hat 5.0 came out, few people outside the development community had tried to use glibc2. By including glibc2 in Red Hat 5.0, the company increased glibc2's user base by at least an order of magnitude. Those of us using the system can attest that quite a few bugs were found. The library soon stabilized. For a while, anyway. The lore of free software says that no software is released before its time. By avoiding deadlines, free software developers give themselves the freedom to hold back a release until it is truly solid. That is the source of the extraordinary reliability of free software. It appears that the lore has left out a step. It seems that the development community can only reach a certain degree of stability; thereafter it's necessary to spring the software on people who are trying to use it to get real work done. Only that level of testing can have a realistic hope of nailing down the last remaining serious bugs. Thus Red Hat - and its users - may be doing the community a real favor by pushing out software relatively early. The pain suffered by Red Hat users allows all those smug Debian and SuSE administrators to have their rock-solid systems that much sooner. Part of the dues we pay for our free software is being part of the bug-finding crew. That's just how it works. But an awful lot of people don't get into bug-flushing duty until the software is presented to them as being ready, or nearly so. Development projects are catching on to this dynamic; why else do we have a development kernel called 2.4.0-test9, rather than 2.3.70-something? Of course, it is not only free software which operates this way. Proprietary software, which rarely comes in development versions, is often even farther away from stability when it is presented to its users. Anybody who attempted to install Solaris 2.0 understands this very well. Free software users, at least, get their bugs fixed more quickly. Perhaps it would be appropriate to recognize this need for last-round testing more formally and visibly. That would certainly be preferable to surprising users with something that is supposed to be a stable release. In the end, helping get the last bugs out is a pretty small price to pay for the benefits of free software. The StarOffice source is out. Right on time, Sun released the source for StarOffice - now renamed OpenOffice. There is obviously interest in this release - the download traffic on the first day was such that Sun's server evidently crashed from the load. At this point, a new distribution scheme via Akamai has been set up, and downloads are now fast. At least, as fast as one could hope for. The source distribution weighs in at almost 80MB (370MB unpacked) - StarOffice was never a lightweight beast. The source consists of almost 35,000 files in over 2100 directories. Even so, it's not the full thing - some of StarOffice was built from third-party code and can not be redistributed under the GPL. These parts include little details like printing and spell checking. Those wanting to dig into this source will have a daunting task ahead of them. "The source code is not as comprehensively commented as we'd like." says the OpenOffice source overview page in a rather understated way. If you do find comments in the code, they may just turn out to be in German. The build instructions are hard to find (there's no README file), terse, and incorrect. But, more importantly, consider that the code is in rapid and massive development, and the plan is to make major changes (i.e. to turn it all into GNOME components). Sun has a large number of engineers working on the project, and they will likely be the bulk of the developer community for some time. In other words, OpenOffice looks an awful lot like Mozilla. So it should not surprise anybody if this project takes a very long time to get to its first truly stable release. Then again, interesting things could happen much sooner. Consider this article on the KDE Dot News site which looks at how OpenOffice might be helpful to KDE - despite the fact that it's supposed to be a GNOME project. It seems the KDE folks see quite a few things that they could snarf out of OpenOffice to improve KOffice; the LGPL licensing of OpenOffice allows them to do that, of course. The end result could be truly ironic: KOffice may push ahead even faster as a result of the OpenOffice release while GNOME goes without a stable office suite for a long time. After all, OpenOffice will be a while until it's ready for prime time, but its release has taken some of the wind from the sails of AbiWord - the previous GNOME office suite project. Feature Article: Sharing the Dream of Flight. For those of you who add a love of flying to your love of Open Source, we have the perfect present for you: an Open Source project that is working to build the best flight simulator ever seen. The project is called FlightGear. Liz Coolbaugh got a chance to investigate this project at the FlightGear booth during LinuxWorld San Jose 2000. As a result of that contact, we're now extremely pleased to provide you with this feature article about FlightGear, Sharing the Dream of Flight, written by FlightGear developer Alexander Perry. "The FlightGear project is aiming to achieve "best of breed" by avoiding short-cuts and incorporating the best implementations of each aspect of the simulation. We are using open-source technology to achieve this goal. In fact, what makes the FlightGear project unique is that we are pioneering the use of "Open Source technology" towards improving flight simulation and making it more accessible, more usable, and more affordable than ever before." Inside this week's Linux Weekly News:
This Week's LWN was brought to you by:
|
October 19, 2000
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Security page. |
SecurityNews and EditorialsData privacy and the file that wouldn't go away. Most of you are already familiar with the idea that files don't really disappear when you delete them. They get "dereferenced", e.g., the space on the disk where they were stored becomes available for writing new data, but the old data doesn't automatically go away. Normally, this is not a critical issue for the average user. In fact, many utilities have been written over the years to take advantage of this feature -- allowing an unwary user to "undelete" that file that they really hadn't meant to delete in the first place. However, in a security-critical facility, everything changes. It is absolutely critical to know that a file, once deleted, is really, really gone. This problem isn't specific to computers, of course. Paper shredders were created to deal with this same issue in the paper office. Recovering information from a piece of paper that has been burned is an old trick in the detective/mystery writer business. If you're really, really serious about it, you dissolve the paper with acid, then mix with other fluids, then flush the results down the toilet -- everyone knows that, right? No, but presumably if you're in a business where the issue is important, you've learned. So someone in a sensitive industry using the computer also knows that something extra must be done to "really" delete a file. There are a variety of options for this under Linux. One program to do this which was shipped with Red Hat Linux 6.2 is called "shred". The man page describes it as a utility to "Delete a file securely, first overwriting it to hide its contents." Unfortunately, it turns out that shred doesn't do a very good job. In fact, shred is so bad at what it does that its own author has abandoned the program, asking archive sites to remove it entirely. If you've been using shred, guess what, the files you thought you deleted may still be wandering around your disk. The news isn't all bad; another program called Wipe is available to do the same thing and appears to be much more highly regarded. However, to demonstrate just how difficult the job is, Wipe's home page starts out with a warning that even Wipe won't be effective unless you disable the write cache on your disk and, under Linux, mount your filesystem with the "mand" option (to get kernel-enforced mandatory file locking). That's just the beginning, though, as noted by Alfred Perlstein, who pointed out that data logging filesystems, transactional filesystems, filesystems that perform online defragmentation (FreeBSD-FFS+reallockblks) and filesystems that offer snapshot capabilities may all interfere with the intentions of programs like shred and wipe. If you've checked for all of those issues, don't forget one more: backups. You could spend a lot of time making sure your file has been deleted from your disk only to discover one or more perfectly good copies on your backup media (you do backups, right?). Face it, we've optimized disks, filesystems and operating systems to prevent accidental loss of data. As a result, making sure that data really goes away is not easy to do. For most of us, that isn't a problem. For those of you in security-critical environments, be sure to check out your procedures carefully. There is a lot of margin for error. Sen. Edwards Intro's 'Spyware Control Act' (Newsbytes). Senator. Edwards, a Democrat from North Carolina, introduced a new bill into Congress to address software privacy issues, the "Spyware Control and Privacy Act". Newsbytes covered the new bill and its potential impact. "Under S. 3180, the "Spyware Control and Privacy Protection Act," manufacturers that build spyware into their products must give consumers clear and conspicuous notice - at the time of installation - that the software contains spyware. Such a notice would describe what information would be collected and to whom it would be sent. The spyware would then be forced to lie dormant unless the consumer chooses to enable it." Redress amounts up to a half million are allowed under the current format of the bill. Note, however, that some of the teeth of the bill is removed by exceptions for technical support and licensing issues. Maybe I Should Be Afraid of Linux? (SecurityPortal). SecurityPortal looks at Linux and security. "In any case, this is a serious strike against Linux's security as a server operating system. Linux seems to have become the 'number 1 target.' The bulk of the new exploit code is coming out for Linux, even for vulnerabilities present in all Unices." Overall the article is quite positive. (Thanks to Cesar A. K. Grossmann). This month's CRYPTO-GRAM newsletter. Bruce Schneier's CRYPTO-GRAM newsletter for October is out. It covers the rise of "semantic attacks," web privacy policies, and the selection of Rijndael for the AES standard. There is also a brief mention of the CueCat fun. Security ReportsFormat string vulnerabilities in PHP. Multiple format string vulnerabilities in PHP 3 and PHP 4, including one involving the use of syslog, were independently reported by two separate parties. Here is the report from Jouko Pynnönen and the advisory from @stake, Inc. These vulnerabilities can be exploited remotely to execute arbitrary code under the web server's identity. The PHP team was notified and has released new versions both PHP 3 and PHP 4 to fix these problems.Here is the announcement for PHP 4.0.3, the corrected version of PHP4. PHP 3.0.17, the corrected version of PHP 3, is also available for download. This week's updates: GnuPG false signature verification. The Gnu Privacy Guard is a complete and free private/public key encryption system. Jim Small reported to BugTraq a problem in how GnuPG handles multiple signatures within a single message. It turns out that GnuPG 1.0.3 and earlier only check a single signature within a message for validity, even if the message contains multiple signatures.Werner Koch, from the GnuPG development team, posted an acknowledgment of the problem. GnuPG 1.0.4 has, since then, been released and contains the fix for this problem. Anyone using GnuPG will want to upgrade their package as soon as possible. As another data-point for the need for pro-active auditing for security problems, Werner commented, "This problem has been in GnuPG since the beginning but Jim seems to be the first one who noticed that. We need better auditing folks!" XFree86 3.3.X Xlib buffer overflow. Another buffer overflow in Xlib in XFree86 3.3.X was reported on BugTraq by Michal Zalewski. It appears that this problem was fixed in XFree86 4.0 over a year ago, but the fix was never backported to XFree86 3.3.X. Ramifications of this vulnerability appear to be limited. No official response or patch has been provided as of yet.muh IRC bouncer format string vulnerability. muh, a GPL'd IRC bouncer, contains a remotely-exploitable format string vulnerability that can allow the execution of arbitrary code under the identity of the muh user. The problem was reported in this FreeBSD advisory but would affect any system with muh installed. The advisory indicates that the vendor has been contacted and an updated version of muh released. However, information from the muh homepage indicates that only a source patch for the problem is currently available.NIS/ypbind format string vulnerability. A format string vulnerability has been reported in NIS/ypbind. ypbind is used to request information from a NIS server which is then used by the local machine. The logging code in ypbind-3.3.X is vulnerable to a printf formatting attack which can be exploited by passing ypbind a carefully crafted request. As a result, ypbind can be made to run arbitrary code as root. This is a bad vulnerability; an immediate upgrade is strongly recommended.The SuSE update below makes interesting reading as it describes the problems that have come up with various versions of the ypbind daemon. As a result, SuSE has not released a fix for ypbind-3.3.X, but instead has updated ypbind-mt (default for SuSE 7.0) and recommends that all customers upgrade to the SuSE 7.0 base and then apply this fix. This week's updates: Kondara MNU/Linux update to pdnsd. pdnsd is a small name-server optimized for caching. Kondara MNU/Linux put out an advisory reporting that pdnsd terminates unexpectedly after receiving an illegal packet, opening up a potential denial-of-service attack. They provide pdnsd 1.0.11 packages which contain a fix for the problem. Meanwhile, pdnsd 1.0.12 has been released as well (according to the pdnsd home page), promising more hardening against denial-of-service attacks and "additional security enhancements". curl buffer overflow. The Debian Project has issued a security update to curl, fixing a buffer overflow problem in that package. Debian has released patched versions of curl and curl-ssl 6.0-1. Meanwhile, curl 7.4.1 has also been announced and includes a fix for a "possible buffer overflow" as well, presumably the same one.Buffer overflows in ping. Red Hat has issued a security update to ping fixing two buffer overflows and modifying the manner in which ping handles sockets. Note that there are multiple free software versions of ping floating around; the one fixed today was Alexey Kuznetsov's ping, which is part of iputils, as opposed to the ping included in netkit. Chris Evans found most of the problems and worked with Alexey to get them fixed. Presumably, any other distribution that is using Alexey's ping will also need to put out an update.FreeBSD update to fingerd. FreeBSD has issued an update to fingerd to fix a security problem specific to FreeBSD. Authentication failure in cmd5checkpw 0.21. cmd5checkpw is an authentication module that implements the CRAM-MD5 authentication mode. Designed to work with qmail, it can be used by other programs as well. Javier Kohen has reported an input validation error in cmd5checkpw which, when used in conjunction with a version of qmail-smtpd that has been patched to add SMTP AUTH support, can cause a segfault when a non-existent username is used. In turn, the patch to qmail-smtpd will interpret this segfault as a successful validation. cmd5checkpw 0.22 fixes the error in the authentication module and qmail-smtpd-auth 0.26 fixes the problem in the qmail patch. Web scripts. The following web scripts were reported to contain vulnerabilities:
Commercial products. The following commercial products were reported to contain vulnerabilities:
Updatesgnorpm tmpfile link vulnerability. Check last week's LWN Security Summary for more details.This week's updates: Previous updates:
GNU CFEngine format string vulnerability. Root access can be obtained on a local system by exploiting CFEngine's use of syslog and its related format string vulnerability. Check last week's LWN Security Summary for more details.This week's updates: Previous updates:traceroute local root access. A local user can exploit vulnerabilities in traceroute to gain root access. For more information, check the October 5th LWN Security Summary.This week's updates:
Apache mod_rewrite vulnerabilty. Files outside the document root can be accessed, if the mod_rewrite module for Apache is in use. For more details, check last week's LWN Security Summary.Apache 1.3.14 was released this week and contains fixes for this problem. Note, however, that it also broke configurations that use RewriteMaps, because the lookup key is no longer expanded. A patch to fix this has also been released. People upgrading to 1.3.14 will want to make sure that this patch has been applied. This week's updates: Previous updates:ncurses buffer overflow. Check last week's LWN Security Summary for the initial report of this problem. It is surprising that Caldera has produced the only set of package updates for this problem so far.This week's updates: ssh/OpenSSH file transfer vulnerability. Check the October 5th LWN Security Summary for the initial report of this problem. Last week, Linux-Mandrake issued updated ssh packages that removed the setuid bit from OpenSSH under the mis-apprehension that this would mitigate this security problem. This week, they've announced the withdrawal of that security update, since removal of the setuid bit did not fix anything and broke some forms of authentication.LPRng, LPR format string vulnerabilities. Format string problems in LPRng were reported in late September. Updates for LPRng and lpr (for a related problem) continue to be published.This week's updates: Previous updates:
xpdf symlink race condition. Check the August 31st Security Summary for the original report.This week's updates: Previous updates:
tmpwatch fork bomb denial-of-service vulnerability. Check the September 14th LWN Security Summary for details. A local root compromise problem turned up as well last week; this is fixed in all of the updates below as well.This week's updates: Previous updates:
usermode inherited environment variable vulnerability. Check last week's LWN Security Summary for details.This week's updates: Previous updates:
ResourcesRFPolicy 2.0. An updated version of RFPolicy (Rain Forest's Policy) has been released. This is a widely-discussed full disclosure policy is well worth reading for those of you new to security reporting (as well as those of us who aren't new). Of course, no organization enforces this policy, but it does outline widely-accepted practices for both vendors and people who have found security problems and wish to report them. Updated security tools. Here are some Open Source security tools which were announced, released, or for which minor updates have been made available in the past week:
EventsSummercon 2001 - Request for Proposals. Summercon 2001 has issued its Request for Proposals for their next event, schedule June 1st through the 3rd, in Amsterdam, the Netherlands. "For those of you who do not know about Summercon, it is the oldest of the living security/hacker conferences. Its origins are well tied to the early years of Phrack Magazine." Upcoming security events.
Section Editor: Liz Coolbaugh |
October 19, 2000
| ||||||||||||||||||||||||
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Kernel page. |
Kernel developmentThe current development kernel release is 2.4.0-test9. The -test10 prepatch is currently in its fourth revision. This patch contains the usual pile of assorted fixes. It also has one new feature: the "frame divertor." This gadget can be used to perform transparent proxying and gatewaying across networks; essentially it puts an interface into promiscuous mode and vacuums up packets to be copied to another network. Your editor's subjective impression is that the -test10 prepatch is one of the more stable of the recent kernels; -test8 and -test9 were rather rough in spots. The latest 2.4 jobs list was posted by Ted Ts'o at ALS. The current stable kernel release is 2.2.17. The stream of 2.2.18 prepatches has resumed with 2.2.18pre16. Among other things, this version of the patch contains the NFSv3 server patches, completing the integration of the new NFS code. There is much rejoicing in NFSland. There is also a large M68k update that didn't get put in entirely correctly, leading to some header files going into the wrong place. Presumably pre17 will fix that little problem. How to get a faster kernel update cycle? The 2.4 kernel is late, the press is giving us grief, and people are wondering how the stable kernel release cycle could be sped up. The situation feels very similar to two years ago, when everybody was wondering where the 2.2 kernel was. 2.6 will probably be the same. Alan Cox did post an interesting suggestion. In his scheme, there would essentially be two stable kernel release tracks. Once 2.4 comes out, the 2.5 development series would go off as usual. At some point, however, the developers would stop and decide which of the new features could be backported to the 2.4 kernel in a stable manner. That port would be done, with the result being 2.6. The 2.5 series would then be renamed 2.7, and the whole thing would eventually be stabilized as 2.8. The idea would be to get a lot of the interesting new features out more quickly, while allowing the deeper changes to mature over a longer period of time. Doing all of that backporting sounds like a lot of work, but the simple fact is that it happens now. Much of what has gone into recent 2.2 releases has been brought back from the current development series. It could well make more sense to create a new stable series to accept the backports; that way the current stable series could truly be maintained in a bugfix-only mode, which would help it to remain stable. Jeff Merkey, instead, proposes that the kernel go to a much more modular architecture. Then the core kernel could be released independent of what is happening with, say, the device drivers. This mode of development might well lead to faster release cycles, but it would also require the kernel developers to freeze the interfaces between modules in a much more formal way. The developers have fiercely defended their ability to change the internal API as needed during development cycles. The alternative is to be slowly buried in backwards compatibility cruft. An example would be the block driver interface, which is showing some age and is likely to be severely thrashed in 2.5. An attempt to freeze the internal interfaces in a stronger way would block that sort of change and is likely to meet a high degree of resistance. It may well be, in the end, that it really takes two years to do a proper development cycle on the kernel. If that proves to be the case, the best thing to do might be to find a way to get the important changes (such as device support) back to the users quickly while giving the deeper changes the time they need to mature and stabilize properly. Network drivers and randomness. The Linux kernel includes a random number generator. It is used for a number of tasks, mostly security related, both inside and outside the kernel. As anybody who has studied the topic knows, generating random numbers with software can be very hard. Software, being deterministic, will tend to produce predictable numbers. So the kernel looks to other sources for its randomness. Much of this randomness ("entropy") comes from device drivers and their interrupts. The timing of interrupts from the keyboard, disk drives, and so on is variable enough to make the random numbers truly random. Oliver M. Bolzer was looking at the code to convince himself of its strength and noticed that few drivers participate in the creation of entropy for the random number generator. In particular, he asked, why don't the network drivers take part in the entropy generation process? It's a good question. After all, packet arrival times will certainly exhibit a certain kind of randomness. The problem is that the arrival of packets is also under external control. A suitably determined attacker could conceivably aim packets at the system in a way that would subvert the random number generator and weaken the security of the system as a whole. It would be a most difficult attack, no script kiddies need apply. But, rather than leave a potential opening in a crucial part of the system, the kernel developers are likely to keep the network drivers out of the entropy business. On kernels and compilers. Occasionally a Red Hat 7 user, or somebody else with a too-new version of gcc, runs into trouble when compiling the kernel. It's worth remembering that the kernel has a well-defined set of compilers that it is supported with; for 2.2 and 2.4 both it's either gcc-2.7.2.* or egcs-1.1.2. For this reason, distributions which include newer compilers also provide a special "kernel gcc" package, often called kgcc. It's important to install and use that version of the compiler for building kernels. The problem here is almost never with the compiler itself. The kernel code uses no end of tricks for performance reasons, and operates in a much more volatile environment than most applications. Successive versions of the compiler tend to be more aggressive and better at optimization; every now and then a new optimization breaks some kernel code, leading to very strange bugs. Over time these get ironed out and the newer compiler becomes "certified" for use with the kernel. Until that time, the only people who should be using newer compilers to build the kernel are those who actively want to find the problems. The hunt for undefined code. Here's one kind of problem that a new compiler can turn up. Most C programmers learn early on to avoid code like: a[i] = i++;The results of this kind of code are undefined; the array assignment could happen either before or after the value of i is incremented. Bernd Schmidt looked through the kernel source for this sort of code, and found quite a bit of it. He has submitted a patch to fix up the things he encountered; as he puts it, "in some cases, it wasn't entirely clear what the code intended, so I had to guess." This patch went into 2.4.0-test10-pre4, so we may well find a spot or two where he guessed wrong. The effort is a good one, though. This kind of code is a time bomb waiting to go off; it needs to be cleaned up sooner rather than later. Other patches and updates released this week include:
Section Editor: Jonathan Corbet |
October 19, 2000 For other kernel news, see: Other resources: |
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Distributions page.
Lists of Distributions |
DistributionsPlease note that security updates from the various distributions are covered in the security section. News and EditorialsNew distribution: Madeinlinux. Out of Italy comes this announcement for a new distribution called Madeinlinux. It comes in both workstation and server versions, includes ReiserFS and XFree86 4.0. In keeping with modern fashion, the first release is "Madeinlinux 4.0." There are a couple of interesting features of this new distribution. The obvious one, of course, is its tight market definition. This is a Linux distribution tailored for Italians. To bolster its appeal in that market, they have extended "Italian support" past the installation menus, Gnome menus and man pages, to include the use of Italian in the shell and in the boot and error messages. More extensive documentation has been provided in Italian as well. In addition, though no specific details have been provided on what they changed, they promise that Italian law has been taken into consideration and the distribution tailored to adhere to it. As Linux develops and spreads, it will be interesting to see how well such nationalized distributions do against distributions that are working hard to set an international standard, such as Red Hat, SuSE, Linux-Mandrake, etc. Meanwhile, one of the other emphases of Madeinlinux is the inclusion of a modest set of packages, designed to only include the five to ten applications that an individual is likely to use constantly, plus all the software needed to support those applications. As a result, the workstation and server versions each fit onto their own CD. To achieve this, they've made choices for the customer, instead of providing a range of options and allowing the customer to choose. This is becoming a common theme among many of the new distributions we are seeing. While Debian's packages continue to expand almost infinitely, and even Red Hat expands to multiple CDs after years of holding on to a single CD for the base operating system, new distributions are choosing a different path. In order to differentiate themselves from the older distributions and to make Linux less daunting for newcomers, they are willing to make hard choices, even politically difficult choices, as to what packages will or will not be included by default. Of course, if you don't like their choices, you can download the software you prefer. However, newcomers to Linux are less likely to do this. As a result, they are likely to choose a distribution that supports the packages that have been recommended to them and, once they learn a specific package (such as an email client), they are likely to stick with it, unless faced with an overwhelming reason to change. From the history we have so far, we know that distributions tend to expand over time. They have to continue to include packages that people are actively using, yet they need to include the latest and greatest new packages as well. New distributions can take a different tack, starting from scratch and without existing customers to offend. If they do a good job, they'll attract new customers. Meanwhile, their workload for maintaining, supporting and improving the distribution is decreased. Will that also help them survive in such a crowded market? We'll have to wait a year or two to tell. For more information on Madeinlinux, check out their response to the LWN Distributions Survey. Other New DistributionsFirst version of Ute-Linux available. The first version of Ute-Linux has been released. Ute-Linux comes out of the Timpanogas Research Group, and is intended to be a platform for their NetWare and clustering technologies; it's built with Red Hat and OpenLinux packages. See the announcement for a long description of the distribution and how it's built. JBLinux -- 'Just the Best of Linux'. JBLinux is a new distribution promising to offer speed and stability. Echoing this week's editorial theme, it also promises to include only the "most essential software" for Linux. The website also warns that it is not recommended for beginners. JBLinux 1.1beta 6 was announced on October 16th. In addition, in response to requests, the author has also provided a package list for the latest version. JBLinux is currently only available in ISO format.General-Purpose DistributionsTurboLinux ships Workstation Pro 6.1, cluster server. TurboLinux has announced the release of TurboLinux Workstation Pro 6.1. This release includes an IA-64 version; TurboLinux thus claims to have the first commercial IA-64 Linux. The company has also announced the release of "TurboLinux Cluster Server 6." It's a high-availability clustering system, aimed at web servers. Interestingly, the PR points out that the cluster server can be installed on top of Red Hat's distribution. Debian News. This week's Debian Weekly News covers VA Linux's announcement of new servers pre-installed with Debian, Debian GNU/Hurd CD images that are available for the first time and a milestone in the port of Debian to the HP-PA RISC architecture. The October 12th Debian Kernel Cousin covers eight threads from debian-devel, including the installation of packages in non-standard directories, a new version of lintian and more. It is a nice way to keep up with Debian development issues without pouring through several hundred mail messages a week. The latest issue of the Kernel Cousin Debian Hurd shows increased development activity, now that the summer months are over. Progress has been made getting XFree86 3.3.6 up and running under the Hurd. A memory leak has been reported and is still being investigated. New Caldera FAQs. Caldera has added several new FAQs to their support knowledge base. Topics covered include Samba, printers and hardware-specific installation questions. Linux-Mandrake news on AvantGo. For you Palm users out there: MandrakeSoft has announced that Linux-Mandrake news is now available via AvantGo. FTP version of SuSE 7.0 available. SuSE has announced the availability of the FTP version of its 7.0 release. (Scroll down in the announcement to get the English version). Mini/Special Purpose Distributionse-smith server and gateway. A new version of e-smith server and gateway has been announced. e-smith server and gateway 4.0 is based on Red Hat 6.1 and promises "more modular design, improved dialup support, user groups, email forwarding, virtual domains, network time server support, IMAP support, printer sharing, bootable CD-ROM, and incremental upgrade". e-smith server and gateway is from e-smith, inc. and is used on their line of Internet appliances.Minor distribution updates. Here are some minor updates to distributions that have been announced this past week:
Section Editor: Liz Coolbaugh |
October 19, 2000
Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Development page. |
Development projectsBrowsersGaleon 0.7.7 released. Version 0.7.7 of the Galeon Web Browser has been released. This version features improved mime type handling, better key handling, and many bug fixes. Galeon's motto is "The web, only the web"; the browser is small, fast, basic, and very effective. Currently, the installation is somewhat tricky and involves installing the Mozilla browser, along with recent versions of gnome-libs. A one-step installation process would be a welcome change. Mozilla Milestone 18 released. The Mozilla project has released Mozilla M18. This version includes improvements to the Mail-News system and better response time. Learning the ways of Mozilla (Upside). Upside Today has run an article on Learning the ways of Mozilla. The article discusses the efforts of two Mozilla designers, David Boswell and Ian Oeschger, in documenting the process of working with the Mozilla development project. Project Update: Mo-Zilla not Less-Zilla (LinuxNews). Linux News' Michelle Head looks at the Mozilla development effort. The Mozilla project schedule and licensing issues are discussed. According to Mozilla's Mitchell Baker: "Linux is one of Mozilla's core platforms; we build and test on Linux constantly. Code that doesn't support Linux is not welcome in our source tree." DatabasesOratcl 3.1 announced. Version 3.1 of Oratcl (no, that isn't a typo!) is now available. "Oratcl is an extension to the Tcl/Tk language that utilizes Oracle OCI calls to provide Oracle access via tcl." EducationFreeduc Zone (Ofset.org). The Ofset organization has a project known as Freeduc, the FREe EDUCation software database that aims to build a catalog of educational open-source software projects. If you are working with Linux and education, check it out. "Until now - and probably for a while in most heads - the GNU/Linux system at school has been perceived as a good replacement of other proprietary servers. However the server is probably the least important things in term of freedom in a school network. It doesn't allow a teacher to share a workstation software with students. Supporting GNU/Linux in the workstation side can grant higher sharing freedom between users in school. At the same time several group has built list of free edu soft. OFSET has setup Freeduc, a tool to help to list, to evaluate and to package free - non GPL exclusive - edu soft." Embedded SystemsSecond deepLINUX Embedded Toolkit release candidate. The second deepLINUX Embedded Linux Toolkit (dELT) release candidate has been announced. It fixes a fairly serious problem that prevented the first one from working for a lot of people. SiS boots PC BIOS out of the system (Linux Devices). Linux Devices reports on an announcement from SiS, which claims to have the first System On a Chip to boot Linux without a BIOS. The system performs device initialization directly from the Linux kernel and speeds the booting process considerably. InteroperabilityWine Weekly News for October 9 and 16, 2000. The Wine Weekly News for October 16 is out. A new version of the Winecfg tool, version 0.32b, has been released. Last week's Wine Weekly News showed up somewhat late. News included a recent $1.8 million investment from CodeWeavers to fund Wine development, an upcoming Wine release, and discussion of the effect that Microsoft's purchase of Corel stock may have on Wine. Open-source angst: Fear of forking (ZDNet). ZDNet discusses the recent fork in the Samba project. One fork will emphasize the basic Samba functionality and the other fork will work on W2K interoperability and other cutting-edge support. See the original announcement about the SAMBA_TNG fork from Samba.org. Network ManagementOpenNMS Update. The latest OpenNMS update, Vol. 1 Issue 30, has been forwarded to LWN. This issue includes some highlights from the ALS show in Atlanta this past week. Office ApplicationsGnumeric 0.57 Released. Version 0.57 of the Gnumeric spreadsheet has been released. Numerous bugs have been fixed and improvements have been made to international character set support. Interestingly, this version now sports a working Applix importer. GnomeICU 0.94.1 released. The Gnome ICU project is back on track after a brief hiatus and has released GnomeICU 0.94.1, an ICQ protocol based internet communications program. This release has some important bug fixes and adds a few new features. LyX Development News for 20001018. Allan Rae has posted the latest edition of the LyX Development News. Lyx is a graphical front-end for Donald Knuth's TeX typesetting language. Lots of information on CVS and release scheduling is covered here, along with plenty of information for the upcoming 1.6 release. On the DesktopGNOME With Goodies (Linux Magazine). Linux Magazine reviews Helix GNOME in a feature article by Jason Perlow. "In addition to having many updated software applications that the official GNOME doesn't have, Helix GNOME is also a lot more polished and "feels" more like a commercial product -- it has a lot more desktop themes to choose from and the pre-loaded menu icons have a more professional look." The people behind KDE: David Faure. The "people behind KDE" series continues with this interview with David Faure. "The funniest thing about meeting KDE or Linux developers in general is that everyone is always younger than you first imagine." KDE Desktop 2.0 Final Release Candidate Available. The (hopefully) final release candidate for KDE 2.0 has been announced. The project plans to freeze the release on October 16, so now is the last chance to find and report any showstopper bugs. KDE and OpenOffice. Here's an editorial on KDE Dot News on how the OpenOffice release will benefit KDE. "In contrast, KOffice, was built from the ground up for KDE[2], and is fully integrated with native KDE component and related technologies. It may actually be easier to import useful code and technology from OpenOffice to KOffice than to rewrite OpenOffice." KDE Linux Packaging Project taken down. KDE Dot News reports on the demise of the KDE Linux Packaging Project due to lack of time and "one person" who was making life difficult. An interesting discussion about dealing with this kind of problem in an open-source project follows. SciencePyClimate 1.0 released. Version 1.0 of PyClimate, a climate variability analysis toolset, has been released. PyClimate has been released under the GPL license. Web-site DevelopmentApache 1.3.14 released. Apache 1.3.14 has been released. The mod_rewrite security problem and a few other bugs have been fixed. A new directory-based configuration scheme has been added. If you plan on using the new version, however, you'll want to apply this patch. Without it, sites that use RewriteMaps will likely break. Zope Weekly News. This week's Zope Weekly News is out. It covers the first reactions to the Zope book, as well as providing updates on the latest happenings in Zope development. Section Editor: Forrest Cook |
October 19, 2000
|
|
Programming LanguagesAdaAda for Linux. If you are working with the Ada language, you should check out the Ada for Linux Team page. This group is working on an open-source Ada compiler and associated development tools. C/C++Internet C++ alpha release. The alpha release of Internet C++ has been announced. Internet C++ is intended to be an open alternative to both Java and C#; it's essentially C++ which runs on a portable virtual machine. They have even ported Doom to the new system... JavaA proposal for fixing the Java programming language's threading problems (IBM). IBM's Developer Works has published an article by Allen Holub that discusses Java's threading problems. " Allen Holub suggests that the Java programming language's threading model is possibly the weakest part of the language. It's entirely inadequate for programs of realistic complexity and isn't in the least bit object oriented. This article proposes significant changes and additions to the Java language that would address many of these problems. " JavaUnix 1.0 released. Version 1.0 of JavaUnix, a portable extension API for the Java platform that provides access to Unix environment and filesystems, has been released. JavaUnix is distributed with an "Open Source" license. PerlLarry Wall gives ALS Keynote. Larry Wall gave a keynote speech at the Atlanta Linux Showcase entitled Camel Lot #6 where he discussed Perl's future directions. Nathan Torkington transcribed Larry's talk and Larry's slides from the talk are available. An audio recording of the talk is available in mp3 format from Dr. Dobb's. University of Perl daily journals (Use Perl). Nathan Torkington continues his series of jornals from the University of Perl class. Here are the notes from day 1.1 and day 1.2. PHPPHP 4.0.3 Patch Level 1 available. PHP 4.0.3 Patch Level 1 is available for download. This version fixes a bug with Apache php_value and .conf files and plugs a memory leak in module versions of PHP. PHP Conference Material Site. If you are interested in enhancing your PHP web publishing skills, you might want to check out the PHP Conference Material Site which has numerous slide sets from talks on PHP. The slides cover a wide range of PHP topics from introductory to advanced level. PythonThis week's Python-URL. Here is Dr. Dobb's Python-URL for October 17, full of goodies from the Python development world. This issue was evidently written just a little too soon to catch the Python 2.0 release (see below). Those who are interested in what's in 2.0 should most certainly check out What's New in Python 2.0 by A.M. Kuchling and Moshe Zadka. It covers the new features in detail; worth a look. Python 2.0 released. Guido van Rossum has announced the release of Python 2.0. This release contains a number of new features, some of which were explored in last week's LWN development page. Congratulations to the Python team! Python Web Modules Overview. Paul Boddie has published a list of Python Web Modules. This is a good site to check out if you want to get an overview of the various Python based web projects. Zope and its derivatives are not covered in the list since they are documented elsewhere. Tcl/tkThis week's Tcl-URL. Here is Dr. Dobb's Tcl-URL for October 16 with the usual collection of interesting tidbits from the Tcl development community. Section Editor: Forrest Cook |
Language Links Caml Caml Hump Tiny COBOL Erlang g95 Fortran Gnu Compiler Collection (GCC) Gnu Compiler for the Java Language (GCJ) Guile Haskell IBM Java Zone Jython Free the X3J Thirteen (Lisp) Use Perl O'Reilly's perl.com Dr. Dobbs' Perl PHP PHP Weekly Summary Daily Python-URL Python.org Python.faqts Python Eggs Ruby Ruby Garden MIT Scheme Schemers Squeak Smalltalk Why Smalltalk Tcl Developer Xchange Tcl-tk.net O'Reilly's XML.com Regular Expressions |
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Commerce page. |
Linux and BusinessScientific Computing Associates and Cluster systems. Scientific Computing Associates (SCA) has been around since 1980. From the start they have focused on high-performance, distributed computing. To get into the Linux market, SCA has established strategic partnerships with several Linux companies. Earlier alliances had one or both of the SCA products - Linda and Paradise - included with a Linux distribution, including Red Hat 6.2 and Terra Soft Solutions' Yellow Dog and Black Lab releases. Now Atipa has announced the availability of a new line of Beowulf cluster systems. The "Ascendance" series, aimed at high-end number-crunching applications is priced starting at $13K. Found in this press release is this statement about Atipa's partnership with SCA. "As a result of Atipa's strategic partnership with Scientific Computing Associates (SCA), the Ascendance clusters come bundled free-of-charge with a 4-node Linux version of Linda(R), SCA's powerful enabling program that allows Atipa's customers to more easily "parallelize" their existing applications, saving both time and money." In a related press release Atipa announced that it has joined "The Linda Club", a new partnership initiative for Beowulf resellers sponsored by (SCA). SCA's most recent partnership is with TurboLinux, announcing that SCA will distribute and support TurboLinux's clustering products. Eric Raymond's Open letter to Carly Fiorina. Eric Raymond has sent out an open letter to Carly Fiorina, CEO of Hewlett-Packard. "Whether you [switch to Linux] or open-source HP-UX itself won't be an easy decision. The community would accept either choice; but I suggest to you that joining the Linux coalition certainly represents HP's best chance of maintaining a market position free of Microsoft's strangling grip." Red Hat, North Carolina State Univ. establish open source university. North Carolina State University in Raleigh will be standardizing their entire college of engineering on open source technologies, according to a joint announcement made by the University and Red Hat. Red Hat bigwigs Erik Troan and Donnie Barnes are NC State alumni. Lutris releases Enhydra Wireless. Lutris has announced the release of Enhydra Wireless, a version of its open source application server aimed at mobile users. New Lineo S-1 filing. It looks like Lineo's IPO process may be picking up again. The company has filed an amended S-1 registration form (1.3MB of legalese), which suggests that the offering date is getting closer. For the most part it's just an updating of the information from the first time around. They now state an intention to raise $60 million; they are up to 265 employees; revenue was $3.8 million in the first nine months of the year, and they lost $14 million in that time. A couple of interesting new things to be found in there this time around: they are working on a Crusoe port of Embedix, and they now list Caldera Systems as a potential competitor. There is also now mention of a directed share program, but no information on how it might work. Helius patents satellite-to-LAN communications. Helius, owned by the Canopy Group, has announced that the US PTO will allow it to patent its satellite Internet router technology. The announcement is somewhat vague at this point, and the patent does not yet appear in the public databases, so it's hard to say what the situation really is. "'We extend congratulations to Helius on the official ownership of this intellectual property,' said Ransom Love, president and chief executive of Caldera Systems, Inc." Accelr8 offers OpenVMS migration toolkit. Anybody out there still using VMS? The folks at Accelr8 have announced the availability of the "MIGR8 OpenVMS" conversion toolkit for Linux just for you... Press Releases:Open Source ProductsUnless specified, license is unverified.
Commercial Products for Linux
Products Using Linux
Products with Linux Versions
Java Products
Books and Training
Partnerships
Investments and Acquisitions
Personnel
Linux At Work
Other
Section Editor: Rebecca Sobol. |
October 19, 2000
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Linux in the news page. |
Linux in the newsRed HatRed Hat keeps Linux under control (Computer Weekly). Computer Weekly talks with Bob Young, mostly about Red Hat 7 and the Red Hat Network. "Although Red Hat has grown in line with Linux take-up, Young now believes that Linux is in danger of falling victim to its own explosive growth. The open nature of its software development could also affect Linux take-up, unless something is done to make it more manageable." (Thanks to Alan J. Wylie). An Analysis of The Red Hat Network - Part 2 (LinuxToday.au). The Australian LinuxToday site continues its look at the Red Hat Network. "Next, the issue of having a system profile of your machine stored on Red Hat's servers. This would not be an issue, except for the fact that having any information about a server in your company, stored on other people's servers outside your company, is inherently a security risk. I don't recommend doing it, and I don't recommend that you take this issue lightly." A question of leadership (ZDNet). Evan Leibovitch writes about the controversies around Red Hat 7 in this ZDNet column. "The inevitable question is, then: who's in control of glibc and gcc? The GNU Project or Cygnus? The Red Hat page on glibc still says it's GNU. Yet the GNU website information is ancient and its release recommendations are ignored." It's not easy being Red Hat (Upside). Here's an article in Upside about Red Hat's recent glitches. "From a plummeting stock price to exaggerated reports of buggy code to growing outcry over the company's perceived attempts to set itself apart from the rest of the Linux distributor community, Red Hat has been buffeted by nothing but bad news in recent weeks." StarOfficeIs StarOffice Sun's 'Survivor'? (ZDNet). This ZDNet column takes a dim view of the StarOffice release. "Is it just me or does this seem a like putting 450 rugged individualists on a ship and launching them to sea, while we stand on the dock waving our Linux flags -- never expecting to see them again? More casualties of war and adventure. I hope they at least have fun." Sun Launches Star Office Into Open Source (ZDNet). ZDNet covers the StarOffice release. "As with just about every commercially backed open-source project these days, there are some caveats for those interested in the code on Openoffice.org. Not only do interested parties have to agree to the GNU Public License terms, they also must agree to adhere to the Sun Industry Standard Source License (SISSL). Under the terms of SISSL, licensors must agree to adhere to Sun-specified application programming interfaces and compatibility tests." StarOffice open-source code released (InfoWorld). InfoWorld covers Sun's release of the StarOffice source code. "By 8:45 a.m. Eastern time, just 45 minutes after going online, the servers used to host the long-awaited open-source code Web site, www.OpenOffice.org, were overloaded by download requests, causing a crash that was not fully repaired until 3 p.m. The number of hits to the site was not disclosed, but analysts and officials said the deluge of downloads demonstrates the potential popularity of the StarOffice software and open-source code development in general." Corel/MicrosoftU.S. giant can tap Ottawa company's talent (Ottawa Citizen). The Ottawa Citizen has run this article about the Corel/Microsoft deal. "The answer, according to detailed filings with U.S. regulators, appears that Corel has become the insurance policy that Microsoft needs to ensure it won't be left behind if the Linux operating system takes off." Government filing hints at Microsoft's Linux plans (News.com). News.com looks at Corel's SEC filings on its investment from Microsoft. "As spelled out in a regulatory filing issued by Corel on Wednesday, Microsoft has the option of directing Corel to translate some or all of the .Net framework from its Windows operating system to Linux." Microsoft .Net for Linux? (ZDNet). ZDNet looks at Microsoft's investment in Corel. "But, according to the SEC document, it was Microsoft that was poised to sue Corel for patent infringement. The three patents in question involved Microsoft's equation editor, table formatter, and spelling and grammar checker." CompaniesTurboLinux Smells IPO (InternetNews.com). Here's an article on InternetNews.com about the latest round of funding at TurboLinux. "A source close to the company told InternetNews.com Wednesday it would be going public in the next few weeks, saying that the funding, which consists of many of its original financiers, was a 'kind of top-off round.'" Uncertain times for TurboLinux, Linuxcare (Upside). Upside is carrying a story on the state of TurboLinux and Linuxcare. "As most Linux investors are painfully aware, stock performance in the Linux sector has been extremely rocky. April's market slump put a damper on both companies' IPO plans. To get themselves through the tough times, both have cut staff, hired new management and survived on what little money remained in their corporate war chests." Open-source angst: Fear of forking (ZDNet). Samba, Inc. announced plans to fork a SAMBA_TNG tree from the Samba mainline. ZDNet covered the announcement in their Computing section: "A number of open source advocates claimed the Samba fork would not actually amount to a fork, since the development team said it had no plans to commercialize the Samba TNG results but planned to incorporate the code back into Samba 3." BusinessLinux Group Seeks to Enhance Portability (InternetNews.com). InternetNews.com reports on the release of the Linux Development Platform Specification. "The LDPS is intended to address fragmentation, an issue which has dogged UNIX for years and threatens to make versions of Linux released by different vendors incompatible with each other. That could bring the adoption of Linux to a grinding halt, as corporations -- frustrated by technical incompatibilities between Linux applications and various distributions of the Linux OS -- might turn to other solutions." Will App Specs Achieve What Unix Couldn't? (LinuxToday.au). The Australian LinuxToday looks at Linux standards. "In my view, Linuxspace is one of computing's last easy-going, freewheeling frontiers. The freedoms on offer lead to creativity, not just in coding but also in developing new business models and groundbreaking ways of working. Sure a tight specification would make life even easier for developers, but it would almost certainly stifle innovation. I reckon the critics are closet techno-fascists who can't come to terms with the real meaning of open source. Software needs to evolve; it can't do that in a straightjacket." Without aggressive leadership, Linux Standard Base is doomed to irrelevance (InfoWorld). Nicholas Petreley takes the Linux Standard Base to task in this InfoWorld column. "I am also calling for the Linux community to shame the mother organization Free Standards Group into either hiring a solid leader to get LSB moving, or for the existing leadership to get off its bum and produce a comprehensive specification and a self-hosting sample implementation in our lifetime." Software patents: will Europe roll over for the multinationals? (Register). The Register has a lengthy editorial on software patents in Europe; worth a read. "In the past, the national patent bodies and the EPO have had little supervision and have not previously been the focus of political machinations: they have tended to be something of a graveyard for civil servants and a rather boring place to work... What is now happening is that these bodies are trying to expand their domain in a play for more power and more money. The EPO and national patent bodies are being encouraged by big multinationals, especially IBM and Cisco, who are lobbying intensively to burn software patents into EPO law." (Thanks to Stéfane Fermigier). Linux gains ground in emerging Korean SmartPhone market (LinuxDevices.com). LinuxDevices.com looks at the "SmartPhone" market in Korea. "MIZI Research and Palmpalm Technology are the major Korean companies currently developing SmartPhones based on Embedded Linux." Growing pains slow Linux cycle (ZDNet). ZDNet looks at the delays in the 2.4 kernel release. "How long this arrangement can be sustained is the subject of heated debate. Some developers have argued that as Linux gains ground in the enterprise, it's essential that the release of new kernels conform to a formal schedule. Others argue that technological innovation and stability cannot be held hostage to release deadlines." By any other name... (ZDNet). ZDNet has posted a column by Richard Stallman on the GNU/Linux name issue. "Is it important whether people know the system's origin, history, and purpose? Yes -- because people who forget history are often condemned to repeat it. The Free World which has developed around GNU/Linux is not secure; the problems that we developed GNU to solve are not completely solved, and they threaten to come back." ResourcesLinux at work - Stupid dd Tricks (or, Why We Didn't buy Norton Ghost) (Signal Ground). This success story shows how some enterprising grunts used Linux with dd and a few other common tools to make hard disk copies for machines they ship. "The problem lies in Ghost's licensing. If you want to install in a situation like ours, you have to purchase a Value-Added Reseller (VAR) license from Symantec. And, every time you create a drive, you have to pay them about 17 dollars. When you also figure in the time needed to keep track of those licenses, that adds up in a hurry." LinuxDevices.com Embedded Linux Newsletter. The LinuxDevices.com Embedded Linux Newsletter for October 12 is out with the usual comprehensive summary of happenings in the embedded world. Installing Yellowdog Linux On an IMAC DV SE (LinuxNewbie.org). LinuxNewbie has added a new "Newbieized Help File" (NHF). This one covers the installation of Yellowdog Linux on an IMAC DV SE. "Expect problems. This is still leading- to bleeding-edge technology". ReviewsBeing the Perfect Host (Web Techniques). Web Techniques online has a review of two Linux based server platforms: the FullOn 2x2 from VA Linux Systems and the 1U Server from Penguin Computing Systems. "A system like the 1U Server would be a very nice system for smaller sites. The FullOn with its faster CPU and SCSI drive will handle more hits, but it takes twice as much vertical rack space, and that could mean a bigger monthly bill from your ISP." Book Review: Linux Hardware Handbook (Signal Ground). Signal Ground reviews the Linux Hardware Handbook by Roderick Smith. "You'll be disappointed if you want to learn how AMD's Duron/Thunderbird processor handles Linux since the material only makes mention of the original Athlon. There is also no mention of the Socket A mainboard or Intel's Celeron II. The time constraints to get a book published can make the information contained within seemed dated by the time it surfaces." (Thanks to Tom Moran). Libranet Linux 1.8.1 (DukeOfUrl). The DukeOfUrl reviews Libranet 1.8.1. "What I found was a distribution like no other. At only version 1.8.1, Libranet has really done some exceptional things to Debian-things that certainly make Corel's and Stormix's additions look rather meager." InterviewsLicensing, Open Source, and the Rest (DukeOfUrl). The DukeOfUrl talks with Nick Triantos of NVidia. "Basically, NVIDIA's drivers cannot be open sourced. They contain several components which are licensed technology, and we have no rights to share that source code with anyone. We do not even provide source code to OpenGL or our kernel module to our board customers." Linux Online: Interview with Shawn Gordon. Linux Online has an interview with Shawn Gordon, CEO of theKompany.com, a company that produces development tools and application software for Linux such as PowerPlant. "... We are selling convenience, and some value add. In the case of our PowerPlant product, you have hundreds of various languages, ide's, libraries, databases and such that help the development process. We are like a mini distribution, but PowerPlant is meant to be a compliment to any RPM or DEB based distribution, not replace it. It would take you a long time to download a gig or more of the applications and source found in PowerPlant. Then we have the value add and include a fully licensed version of Erics Ultimate Solitaire as well as a half dozen demos from Loki." Linux world: It's an alternative (Jerusalem Post). An introductory piece with a little more class than most, this article from the Jerusalem Post covers the world of Linux and open source through an interview with Jon "maddog" Hall. The article also has a little more optimism than most: "While most of the 60,000 work only part time on Linux, this vast number means that almost all bugs have been caught and corrected, and the system is consistently being improved". Almost all? Well, maybe not that many. MiscellaneousTwice Snubbed, Linux Users Fire Back (TechWeb). This is TechWeb's followup to an article they ran last week about the lack of Linux at the Digital Dividends Conference. (See the last week's LWN for more information.) "This time, Linux companies will be there -- but they'll be outside in the rain carrying signs, handing out free Linux software, and waving the mascot Penguin at attendees.." (Thanks to Tim Hanson) Pope, Protestants Open Source Bible (BBSpot). BBSpot covers a new sort of open source documentation project. "The biggest complaint about the Bible has been about the numerous variations of the book. Therefore the project's main goal is to unify the different versions of the Bible into one coherent work." Not for the humor-impaired or easily offended. (Thanks to Paul Hewitt). Section Editor: Rebecca Sobol |
October 19, 2000 |
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Announcements page. |
AnnouncementsResourcesSSLUG says: Software patents - No thanks!. The Skåne Sjælland Linux User Group has put up a document describing in detail their opposition to the granting of software patents in Europe. It's available in English, Swedish, Danish, and Spanish. "The Amazon patent constitutes a crime of theft from society as a whole because the inventors of the basic web technologies at the heart of the Amazon one-click technique have put them at the disposal of everyone free of charge." Unix Web Application Architectures document. Samuli Kärkkäinen has made available a white paper on how to write web application servers. It covers a number of the technologies that are available and contains a lot of good information. EventsSummary of Linux2000. Erik Hensema attended the Linux2000 conference in Ede, The Netherlands; he has sent us this writeup of what transpired there. It looks like a good time was had by all. Apachecon Europe 2000 registration. Online registration for Apachecon 2000, an event run by the Apache Software Foundation, will be available till Friday, October 20th. Call for Participation: O'Reilly P2P Conference. O'Reilly has sent out a call for participation for it's Peer-to-Peer Conference focusing on the Technical, Legal, and Business Dimensions of Peer-to-Peer Computing, Distributed Computation and Web Services. October/November events.
Additional events can be found in the LWN Event Calendar. Event submissions should be sent to lwn@lwn.net in a plain text format. Web sitesLinuxFreeSupport Joins the ShowMeLinux Team. ShowMeLinux announced the recent addition of LinuxFreeSupport to their team of contributors. LinuxFreeSupport will be authoring ShowMeLinux's 'Support Line', a column offering answers to questions posed by readers. User Group NewsLinux Start-up Rep to Speak At LUG Fest. Justine tenZeldam, a PR consultant for Open Country, Inc., will speak at the Simi Conejo Linux Users Group LUG Fest III on October 28, 2000. Her topic will be "Emerging Computing Trends And Opportunities For Women/Minorities". LUG Events: October 19 - November 2, 2000.
Additional events can be found in the LWN Event Calendar. Event submissions should be sent to lwn@lwn.net in a plain text format. |
October 19, 2000 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Software AnnouncementsHere are this week's Freshmeat software announcements. Freshmeat now offers the announcements sorted in two different ways: |
Our software announcements are provided courtesy of FreshMeat
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Back page page. |
Linux Links of the WeekLinuxQuestions.org is a new site aimed at helping people get their questions answered. Thus, its central feature is a forum area where these sorts of conversations can take place. The eXtensible Name Service (XNS) is an ambitious project which is trying to put together a specification and open source implementation of a scheme for personal information exchange. They seem to be saying all the right things about privacy, you can check their white paper on spam filtering for an example of what XNS can do, and they hope to provide a lot of conveniences. See the XNS in a nutshell page for an overview of the project. Section Editor: Jon Corbet |
October 19, 2000 |
|
This week in historyFive years ago: The Linux Laptop Home Page hit the net. Five years later, it remains a definitive reference for those wanting to use Linux on laptop systems. Two years ago (October 22, 1998 LWN): Jonathan Postel, one of the founding fathers of the Internet, died from complications from heart surgery. LinuxWorld went online. Microsoft went on the offensive with an open letter in France: Linus Torvald [sic] left the university last year to join a Californian company. The development of Linux since slowed down considerably. In the same way, the maintenance of each functionality of Linux depends on the mobilization of the teams. Thus, certain functionalities have not known updating for two years. In other words, delays in the delivery of new stable kernels are not particularly new... (LWN ran a full English translation of the letter). Gaël Duval announced plans to form a corporation around Linux-Mandrake. Two years later, MandrakeSoft is doing well. One year ago (October 21, 1999 LWN): The first signs came out of the U.S. administration that crypto export laws would be relaxed somewhat. Only now, a year later, are we beginning to see distributions shipping (in the U.S.) with crucial software like ssh. LinuxToday was acquired by Internet.com. Co-founder Dave Whitinger then left, later to turn up at Atipa. | |
|
Letters to the editorLetters to the editor should be sent to letters@lwn.net. Preference will be given to letters which are short, to the point, and well written. If you want your email address "anti-spammed" in some way please be sure to let us know. We do not have a policy against anonymous letters, but we will be reluctant to include them. | |
From: Peter Samuelson <peter@cadcamlab.org> Date: Fri, 13 Oct 2000 05:24:17 -0500 (CDT) To: letters@lwn.net Subject: Stop the colors already! In the beginning there was Red Hat Linux. OK, not quite in the beginning, but dial back to 1995 or so when Red Hat emerged as a market leader in the then-uncrowded field of Linux distributions. I heard of Red Hat and thought, "Cool name." Then Terra Soft came on the scene with Yellow Dog Linux. Cute, I thought -- obviously a play on Red Hat's name, but different. I didn't start getting suspicious until a few more entries trickled in. Black Lab Linux. Red Flag Linux. Blue Cat Linux. Then I began to wonder: is this an LSB recommendation I missed? "A compliant Linux distribution SHOULD be named ``{color name} {noun} {Linux}''. Vendors MAY, if desired, combine the color name and the noun into one word." So now, according to the LWN sidebars, we have the five mentioned above plus Black Cat Linux, BluePoint Linux, White Dwarf Linux and Green Frog Linux, not to mention the variations Darkstar Linux, Red Linux, Redmond Linux, Think Blue Linux and the Red Escolar Project. Oh, and don't forget the ones that incorporate the Red Hat name directly, like VA/Red Hat and KRUD. The whole thing actually reminds me of open-air markets in the third world where one can buy a cheap watch made by "Ceiko". People! Give us a break here! I am no Red Hat fan, but this is ridiculous. Please tell me we don't yet live in a world where one must "sound sort of like Red Hat" to be seen as legitimate. I know the distro market is getting crowded, but surely there are still some good non-color-related brand names out there. I happen to think the names "Slackware" and "tomsrtbt" are absolutely inspired -- why can't a more recent distribution come up with a clever name like those? (The rant about almost everyone using the same old Ewing penguin mascot has been saved for another day....) Peter | ||
Date: Thu, 12 Oct 2000 13:25:34 -0400 From: "Jay R. Ashworth" <jra@baylink.com> To: jon@lwn.net Subject: "What would conference organizers think..." Based on that list of names, the answer is obvious: they'd think it sucked. They're not in it to help the developing nations, they're in it to make money. It's not *their* fault; if they *don't* act like money grubbing assholes interested only in raw profit, their stockholders will sue them out of their jobs; we asked for it, we got it, Toyota. Cheers, -- jra -- Jay R. Ashworth jra@baylink.com Member of the Technical Staff Baylink The Suncoast Freenet The Things I Think Tampa Bay, Florida http://baylink.pitas.com +1 727 804 5015 | ||
Date: Thu, 12 Oct 2000 10:14:37 -0700 From: Dan Stromberg <strombrg@nis.acs.uci.edu> To: lwn@lwn.net Subject: kde and gnome and pr and licensing I don't think it was Gnome's good PR, so much as KDE's bad licensing, that led to KDE's lack of popularity with people who have what's best for linux at heart. KDE has fixed their license problem finally, but it's probably (hopefully) too late for KDE to recover from Gnome getting the critical mass of developers. I'm not asking you to sell out your preference for KDE to proselytize for Gnome alone, but I do hope that your reporting on KDE vs Gnome will be a little more even handed in the future. -- Dan Stromberg UCI/NACS/DCS | ||
From: "Nicholas Lee" <nj.lee@plumtree.co.nz> To: <letters@lwn.net> Subject: Debian back ports are often easy Date: Thu, 12 Oct 2000 22:57:34 +1300 It should be noted that because of Debian's well integrated developer enviroment that often 'back porting' or simply recompiling of recent packages is easy. It is possible to hand rebuild unstable pacakges in stable. For instance just this week I wanted the latest version of gnupg for my potatoe system. As you can see from http://packages.debian.org/gnupg there is 2 point releases between the stable (1.0.1-2)and unstable (1.0.3-2) versions of gnupg in Debian at present. [*] Although I downloaded the dsc, orig.tar.gz and diff files directly from the web page I could have easily said (after adding the unstable src location lines to the apt/sources.list conf file) : $ apt-get source gnupg From that point its as simple as: $ dpkg-source -x gnupg_1.0.3-2.dsc # If you've downloaded these files directly, rather than by apt $ (cd gnupg-1.0.3 ; fakeroot debian/rules build) $ sudo dpkg -i gnupg_1.0.3-2.deb This process does require the Debian developer tool set to be installed, but with apt-get this is again a reasonible simple operation. These are at the least the debmake, debhelper and fakeroot packages. [*] Note the fact that 1.0.3-2 depends on the latest unstable libc6 package meant I wasn't about to install the straight unstable gnupg package. Having been through the last update from glibc 2.0 to 2.1 with unstable potatoe while in the middle of an important development effort with Blackdown jdk, I've learnt my lesson. Nicholas | ||