Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise
news for all interests
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page
Other LWN stuff:
Archives/search
Recent features: Here is the permanent site for this page. See also: last week's LWN.
|
Leading items and editorialsFreeDesktop.org Window Manager Spec 1.0 released. FreeDesktop.org has announced the release of version 1.0 of the Extended Window Manager Hints Specification. This spec describes how the window manager interoperates with graphical applications; it is essentially an extension of the venerable ICCCM (Inter-Client Communication Conventions Manual). The actual contents of this specification are pretty dry. Have a look if you're fascinated on how virtual desktops should best be implemented, or if you have a burning need to know how shading is handled. Most of our readers, we suspect, have little interest in the details of how these things work, as long as they work well. What makes this specification interesting is that it was developed jointly by the GNOME and KDE projects. Both the kwin and sawfish window managers implement the conventions in this specification. We have moved one step closer toward cooperation and interoperability between the two primary Linux desktop projects. A few more developments like this one and even the most sensationalist media outlets will have a hard time continuing to beat the drums of "holy war." There is no war, just two projects that are trying to make the best desktop they can in their own ways. There will be many times when cooperation is the best way forward, and, at least some of those times, that is what will happen. This is how the two projects will deal with each other; "holy war" has nothing to do with it. Biting off small pieces of the open source space. Some announcements this week show that the Linux business community is more active than ever. There are a few interesting business models being tried out; sooner or later the best ways of making an open source business work will be worked out. Meanwhile, it is worthwhile to look at what some companies are up to. The original Linux businesses tended to be based around distribution building; they had names like Yggdrasil, Red Hat, Caldera, SuSE, and Pacific HiTech, WGS. Somebody still tries to get into that business occasionally, but it's a hard place to get started in this stage of the game. What we are seeing instead is businesses that carve out a smaller piece of the free software landscape and attempt to sell services around that. Many examples exist: Sendmail Inc. (sendmail), Gnumatic (gnucash), Helix Code (GNOME), theKompany.com (KDE tools), and many others, including Cygnus (development tools), which may well be the first company to have operated in this arena. A couple of relatively new companies made their moves this week. One is Great Bridge. This company's turf is the PostgreSQL relational database management system. Great Bridge has gone about hiring PostgreSQL hackers, including three of the six members of the "Global Steering Committee." This week Great Bridge announced the availability of its commercial, boxed version of the database. But the company's real hopes are clearly based around its service offerings, which include support contracts, developer services, consulting, and training. Great Bridge (and PostgreSQL) are not without competition, however. NuSphere also chose this week to announce its own set of products and services, all based around MySQL. These include, yes, a boxed version of the MySQL database, developer support, consulting, and training. NuSphere's offerings appear to be aimed at a more price-sensitive market than Great Bridge's, but the idea is the same. Great Bridge and NuSphere might just be onto something. The commercial database market is dominated by large systems with even larger price tags. If PostgreSQL and MySQL can prove themselves capable of playing in that league, they may find no end of willing buyers. That is a big "if," though. Companies tend to be conservative about their database systems. Also this week, CodeWeavers put out an announcement of the "Preview Edition" of CodeWeavers Wine. Wine, of course, is the long-awaited utility that allows Windows applications to run on Linux. CodeWeavers, too, has been out snarfing up hackers; its team includes Alexandre Julliard and a number of other prominent Wine developers. Like Great Bridge, CodeWeavers sees Wine as the vehicle which will carry it to success. There will doubtless be a "Wine in a box" offering once the 1.0 release is out. But, again, the real emphasis appears to be on services. CodeWeavers offers training, support, development and porting services, and even marketing. The intended customer base is not people who want to run Wine; instead, CodeWeavers is going after software companies that have a product they would like to sell to Linux users. For these customers, the available services go from basic consulting through to the "Caribbean Option": You provide us with all of the materials we need to build your product for Linux and retire to a Caribbean Island. We evaluate the product and create a certified Linux native version. Through our partnerships, we can even arrange product sales and support. A few months later, we mail the checks to the Caribbean island you've retired on! If the next wave of Linux users hits as expected, there's likely to be a great many companies with products to port, quickly, to Linux. CodeWeavers could find itself busy. An entirely different approach could be characterized as "invest a great deal of money and make some high-profile sales demonstrating that you are a total Linux solution provider." Along those lines, see this week's Linux in Business page for coverage of IBM's latest moves.
Interview: Eric S. Raymond. Maya Tamiya, creator of the Japanese Linux site ChangeLog.net, recently had an opportunity to interview Eric Raymond while he was at the Linux Conference 2000 Fall in Kyoto. Maya has now graciously provided the English version of the interview to LWN as a feature article. Have a look for a far-ranging discussion on events in the Linux world, software patents, Linux on the desktop, Linux stocks, running an open source project, and more. (Note that this feature contains a lot of pictures of Eric. For those with slow connections or a lack of interest in the photography, there is a low-image version available). Inside this week's Linux Weekly News:
This Week's LWN was brought to you by:
|
December 14, 2000
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Security page. |
SecurityNews and EditorialsIs it moot?. m-o-o-t is an interesting security project in a nascent phase. The project is based in the UK and spurred on by the passing of the RIPAPart3 law, which gives the government broad power to demand plaintext copies or cryptographic keys for deciphering encrypted content. Between this type of law and activities such as the US FBI's Carnivore, people are quickly finding the truth of the old saying, "the only safe place is inside your head". Well, even if the m-o-o-t project had a working prototype, we can't say it would be everyone's cup of tea for every day activity. M-o-o-t would be burned to a CD, from which the system would be rebooted in order to use it. No data would be written to the local disk, only to RAM. Transmitted information would be entirely encrypted and only stored in "off-shore havens", data storage facilities located in areas where the laws did not interfere. Even there, the safe havens would only be allowed to store portions of the data, in case a given off-shore haven is compromised. Given such restrictions, m-o-o-t is likely to be used only when you really, really care. Some of their starting concepts should be examined closely. For example, a m-o-o-t system must connect to another m-o-o-t system in order to work. As part of this, they intend to build protection into the CD so that on this end, you can tell whether or not the remote side is really using a valid m-o-o-t CD. After all, if the remote system has been compromised, you've gained no security. That's true, but verifying that the remote CD is the real thing could be as difficult as, well, preventing a DVD from being transferred from a CD to a disk, for example. In addition, they envision only producing a type of m-o-o-t CD every three years or more -- hmm, they aren't anticipating potential security problems or programming errors, are they? It won't be compatible with any other kind of security software -- say what? Then they'll be reinventing the wheel and using software that won't be heavily used, audited or vetted by other security experts, greatly increasing the potential for as-yet-undiscovered security flaws. We repeat again, though, that this project is in a design phase, prior to the development of a prototype. They're asking for feedback and we certainly hope that the community will provide it. Whether it is this tool or another, software to enhance the privacy of people's communication is a good thing. Cross-site scripting issues exemplified. This week, an alert went out regarding security problems with Charles Schwab's on-line trading system. The security issue at hand is an application of cross-site scripting, a security problem that we've discussed several times this past year. Although Apache and other web browsers have provided patches to make cross-site scripting more difficult, security experts have always known that this security issue has not gone away. The current example at Charles Schwab can result in an attacker taking control of a user's on-line trading session or possibly tricking a user into taking an action they did not intend to take. Charles Schwab should not be singled out in this case; similar problems were reported with E*Trade's system in the recent past. The likelihood is high that other systems will eventually be found vulnerable as well. So what is a cross-site scripting vulnerability and why is it so difficult to prevent? A cross-site scripting vulnerability is based on the unsanitized use of provided input. A server is vulnerable to cross-site scripting when it runs programs that generate dynamic webpages without checking their data sources carefully enough. As a result, the server can be tricked into generating malicious HTML. CERT provided an advisory on this problem in early February. Prevention of cross-site scripting vulnerabilities lies upon the applications programmer, someone who may or may not be trained to thoroughly understand security issues. As a result, every dynamic web-based application has the potential for problems, if not properly designed and implemented. In this case, however, it appears that Charles Schwab took close to five months to respond to the initial security report. Given the large sums of money involved, this is totally unacceptable. Just like any bank, on-line brokerages will fail if they cannot maintain the trust of their customers. The security of their web-based systems is a growing portion of that trust. Meanwhile, everyone developing a web site of any kind needs to be aware of this issue and program defensively to handle it. For those interested, here is some commentary from Elias Levy on the topic. Norwegian Carnivore. Norway is facing its own "Carnivore-style" controversy as information surfaced recently that Norwegian military, police intellicence and the country's top 15 companies have been cooperating in internet surveillance for some unknown length of time -- without the knowledge of the Norwegian National Assembly. As usual, the initial claims about the purpose and capabilities of the system are relatively benign, but the secrecy of the collaboration and the potential capabilities are wide enough to have generated demands for review of the system. Yet more fun ... and another spur for international cooperation to enhance individual privacy. CERT advisory on LPRng. Format string vulnerabilities in LPRng were first reported in this Security Summary in September. Now, CERT has issued an advisory about the problem. As usual, this means that they are continuing to see active exploitation of this vulnerability. If you have not yet upgraded your version of LPRng, don't put it off any longer. Updates are available for most flavors of BSD and Linux. Check our October 19th edition for our most extensive list of updates. Security ReportsZope security update. All Zope versions up through 2.2.4 have a security vulnerability that could allow anonymous users (i.e. anybody on the net) to do things inside the server that they should not be able to do. A security update has been issued by Digital Creations; it is highly recommended that people running Zope apply this fix.This week's updates: KTH Kerberos vulnerabilities. Multiple vulnerabilities have been reported in KTH Kerberos, the implementation of Kerberos used in FreeBSD and OpenBSD. Note that one of these vulnerabilities may also impact the MIT version of Kerberos, popular in Linux distributions, but that has not been confirmed. An upgrade to KTH Kerberos 4 version 1.0.4 should resolve the problems. Check BugTraq IDs 2090, 2091, 2092 and 2093 for more details.DNS-based IRC server denial-of-service vulnerabilities. Multiple IRC clients, including BitchX 1.0c17-2 and earlier, are vulnerable to both a denial-of-service attack and possibly remote access by someone in control of their own reverse DNS mapping, due to a buffer overflow in the resolver code included in the clients. Check the original report or BugTraq ID 2086 and BugTraq ID 2087 for more details.This week's updates: rp-pppoe denial-of-service vulnerability. Roaring Penguin Software's PPPoE client (a user-space PPP-over-ethernet client) contains a boundary condition exception that can be exploited to cause the connection to drop when a malformed TCP packet is received. rp-pppoe 2.5 has been released to fix the problem. Check the problem report, BugTraq ID 2098 or the Roaring Penguin home page for more details.
APC apcupsd denial-of-service vulnerability. apcupsd is a daemon provided by APC with its UPS products. It is used to monitor the UPS and start system shutdowns upon power failure. Its key configuration file is world-writable by default, allowing a local user to modify it and use it to crash other portions of the system. An upgrade to apcupsd Version 3.8.0 will fix the problem (as will, presumably, modifying the permissions on the configuration file). Check the original problem report by Mattias Dartsch or BugTraq ID 2070 for more details. This week's updates: pico symbolic link vulnerability. Joining the ranks of joe, tcsh, bash and other long-time Unix/Linux commands, this week pico was found to contain a symbolic link vulnerability as well. Pico is a very basic text editor from the University of Washington. Note that this has also been reported as a pine vulnerability, but the vulnerable component is still pico, not pine. Check BugTraq ID 2097 for more details.ssldump format string vulnerability. ssldump is an SSLv3/TLS network protocol analyzer. A format string vulnerability in ssldump was reported to BugTraq on December 8th. This vulnerability could be exploited to execute arbitrary commands. No fix for this has been reported, as of yet. Using tcpdump to capture packets and then running ssldump off-line was recommended unofficially as a workaround.Oops buffer overflow. Oops is a GPL'd proxy server. A buffer overflow in oops 1.4.22 and earlier was reported this week, which can be exploited to execute arbitrary commands under the uid of the oops server. Version 1.5.1 has been released with a fix for this problem.Multiple vulnerabilities in bftpd. Both a format string vulnerability and multiple additional buffer overflows were reported in the bftpd server this week. bftpd 1.0.13 was released with many bug fixes, including, hopefully, fixes for all of these problems. An upgrade is strongly recommended. Check BugTraq ID 2120 for more details.Lexmark MarkVision printer driver local root vulnerability. Secure Reality Pty Ltd put out an advisory warning of a local root vulnerability introduced via buffer overflows in the Lexmark MarkVision printer drivers. Note that, though these are distributed by Lexmark, they are included automatically in a number of Linux distributions, such as Red Hat and Caldera (as well as other Unix systems). An upgrade to version 4 of the drivers will resolve the problem. Check BugTraq ID 2075 for more details.cgi-bin scripts. The following cgi-bin scripts were reported to contain vulnerabilities:
Commercial products. The following commercial products were reported to contain vulnerabilities:
Updatespam_localuser buffer overflow. A buffer overflow was reported in the pam_localuser module last week.This week's updates: Previous updates:
ezmlm-idx cgi vulnerability. Reported last week, ezmlm-idx contains a script, ezmlm-cgi, which, if installed setuid to a user other than root, can be exploited to execute arbitrary code under that user id.This week, ezmlm-idx author Frederik Lindberg posted a security advisory for the problem, which includes a patch for ezmlm-cgi for those who wish to run it setuid to a user other than root. Note that it disables support for the execution of banner programs. Alternately, run ezmlm-cgi in its default mode, setuid root. ed symlink vulnerability. Originally reported on November 30th, Alan Cox noticed that GNU ed, a basic line editor, creates temporary files unsafely. The problem has subsequently been fixed in ed 0.2-18.1.This week's updates: Previous updates:
bash tmpfile vulnerability. Check the November 30th LWN Security Summary for the original report. This is similar to the tmpfile problems reported in /bin/sh and /bin/tcsh.This week's updates: Previous updates:
ghostscript vulnerabilities. Two vulnerabilities were reported in ghostscript the week of November 30th. Both could potentially lead to elevated privileges.This week's updates: Previous updates:
cons.saver/mc file overwrite vulnerability. Maurycy Prodeus reported a problem in cons.saver which can be used to write a NUL character to the file given as its parameter. This was originally reported in our November 30th edition. The problem has been fixed in mc version 4.5.42-11.This week's updates: Previous updates:
joe symlink vulnerability. Check the November 23rd LWN Security Summary for the original report.This week's updates: Previous updates:
tcsh symlink vulnerability. A /tmp symbolic link vulnerability was reported in tcsh on October 29th. Check BugTraq ID 1926 for more details. This week's updates: Previous updates:
diskcheck 3.1.1 symlink vulnerability. Check the August 10th LWN Security Summary for the original report of this problem. This week's updates:
ResourcesReal World Linux Security: Intrusion Prevention, Detection and Recovery. Bob Toxen kindly dropped us a note announcing the publication of his book, "Real World Linux Security: Intrusion Prevention, Detection and Recovery", by Prentice Hall PTR. "Most of the problems raised in Bruce Schneier's new book, "Secrets and Lies: Digital Security in a Networked World", are addressed in my book and solutions are offered and explained". Eric Raymond has reviewed the book and written the foreword for it: "You have in your hands a book I've been waiting to read for years -- a practical, hands-on guide to hardening your Linux system which also manages to illuminate the larger issues in Unix security and computer security in general." We're looking forward to the chance to review it ourselves. Best of luck, Bob. Overwriting the .dtors section. Juan M. Bello Rivas posted a description of a new technique for exploiting buffer overflows based on overwriting the .dtors section of gcc-compiled programs. This technique has the advantage of getting past stackguard-style non-executable stacks, but has a strong disadvantage: an overwrite that severe is very likely to put an end to the attacked process before it gets far enough to run the destructors. EventsUpcoming security events.
For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net. Section Editor: Liz Coolbaugh |
December 14, 2000
LWN Resources | |||||||||||||||
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Kernel page. |
Kernel developmentSubstitute editor's introduction. Watching the linux-kernel mailing lists is a task left to those with an interest in which bits fly across an ether, not whether or not those bits look green or blue (as we desktop nerds prefer). So when Jon asked me to fill in for him on the Kernel page this week I felt a tang of distaste. Wondering whether BIG_BUF_OVERFLOW_MASSIVE_CRASH_HELP is supposed to be an unsigned long or int in the scheduler is tantamount to a master chef asking me if a teaspoon or two of salt belongs in the Quiche. Me, a man who spends most of his fine dining at McDonald's and The New Emperor's Chinese All You Can Eat Buffet and spends weekends popping excessive amounts of salt tablets after rather exhausting rounds of Putt-Putt golf. I stand emphatically and pronounce "Make it an unsigned long" and walk away proud to know that I will never know if it made a difference or not. It had no color. It wasn't important. Unfortunately, on this page, for those millions of loyal readers of Jon's weekly summaries and analysis - and for those who know it really did have color - it does matter. And so I'll taste the Quiche (and check which bits have been twiddled) once again. Bleck. The current development kernel release is 2.4.0-test12. Linus posted 2.4.0-test12, the latest in the pre-2.4.0 series, on Monday. The first prepatch for 2.4.0-test13 is out; it is a small patch consisting entirely of makefile changes. The current stable kernel release is 2.2.18. Alan Cox has posted the release notes for the 2.2.18 kernel release. The major thrust for the i386 line has been support for processors running in excess of 2GHz, support for the CyrixIII processor and also basic support for the Pentium IV. A slew of memory leaks were also cleaned up, including some in the popular bttv driver (the primary driver used for PC-based TV cards). That driver was also updated to allow subwindow clipping. Looking forward to 2.2.19, Alan Cox has indicated that he will look at incorporating some virtual memory fixes. Evidently the (much improved) 2.4 VM has impressed him, but he plans to make 2.2 be even faster. Linus took the challenge: "You and me. Mano a mano." It should be fun... Disk corruption problems found? Andre Hedrick, maintainer of the IDE subsystem, has evidently found the cause of occasional disk corruption reports. It appears there is a "feature" in the IDE DMA implementation that stops a DMA operation if there is a delay of one microsecond or more. The current crop of large drives may be more inclined toward this sort of delay, and may be behind some of the current complaints. Fixing the problem may take some work; Andre has three possible alternatives. The third one, however, is "give up and go to bed," which may not appeal to all users...
Pentium 4 and Linux Distributions. An article posted on C|Net News.com (from an original posting on LinuxGram) noted that support for Intel Pentium 4 processors was not being included in most current Linux distributions, with Red Hat and TurboLinux being the exceptions. The problem wasn't with Intel, however - that company had provided the appropriate CPUID information to the major distributors some time back. Instead, the distributors had decided, for one reason or another, not to include support for that processor. Caldera's [vice president of engineering Darren] Davis basically agreed with [Intel's P4 spokesman George] Alfs' characterization, noting that "Intel gave us all the (Pentium 4) information we needed." Interestingly enough, the release notes for the 2.2.18 release from Alan Cox included this bit of information about the Pentium IV: Unfortunately Intel chose to ignore all precedent in model numbering via cpuid and report a family of '15'. This sudden jump broke assumptions in the kernel tree without any warning. Intel have failed to provide good reasons for their change. We have chosen to continue to report the Pentium IV as a '686' class processor. The full family data is provided via cpuinfo. This sort of makes you wonder just who had the information, who actually wanted the information and why, if it really was available, it really wasn't used. Not long after noting the C|Net News.com article on the LWN.net Daily Page, we received the following note from a SuSE employee: SuSE provides an updated installation floppy image at It was unclear whether News.com had contacted SuSE (or any other distributions) to clarify the issue. Rule Set Based Access Control (RSBAC). On Monday, Amon Ott posted the announcement of the release of version 1.1.0 of the Rule Set Based Access Control (RSBAC). RSBAC is an open source security extension for current Linux kernels. It is based on the Generalized Framework for Access Control (GFAC) by Abrams and LaPadula and provides a flexible system of access control based on several modules. Essentially, RSBAC interposes a central decision maker between an application and the system calls it makes; rules may be applied to any system call which determine whether the call is actually allowed to execute or not. In the current RSBAC version (1.1.0), eight modules are included:
kORBit - the Linux kernel CORBA ORB. Here is one of the more interesting kernel patches we have seen go by for a while: kORBit is a CORBA object request broker (ORB) which runs in the Linux kernel. It allows kernel extensions to be written as CORBA objects. Possible applications, from the announcement, include:
Other patches and updates released this week include:
Section Editor: Michael J. Hammel |
December 14, 2000 For other kernel news, see: Other resources: | ||||||||||||||||||
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Distributions page.
Lists of Distributions |
DistributionsPlease note that security updates from the various distributions are covered in the security section. News and EditorialsConectiva ports apt to RPM. Apt is the Debian package management tool. Although it was developed for Debian GNU/Linux as a front end to Debian's dpkg package installer, the design was deliberately made independent of the underlying package manager. After reviewing the alternatives, Conectiva chose to write an RPM backend for apt, rather than to support alternatives such as autorpm, rpmfind, drake or other RPM-based alternatives. As a result, both rpm-based and .deb-based systems now have the option of using the same front-end package management tool. The article itself does a great job of explaining the reasons for their choice. There are some good comments as well; if you want more, check out the Slashdot coverage as well. In the meantime, we rejoice to see the free software working the way it should, providing free choice between multiple alternatives and the possibility for both diversification and unification. New Distributions to the LWN Distribution ListsDan Barber dropped us a note and pointed out that CClinux was missing from our list of single-floppy distributions. "The best and easiest I've ever used". It has now been added; enjoy.General-Purpose DistributionsDebian News. The Debian project will be running a booth at this year's LinuxFEST in Belgrad, Yugoslavia. LinuxFEST 2000 takes place from December 15th to December 18th at the main hall in Dom Omladine in Belgrad, Yugoslavia. The latest issue of the Debian Weekly News covers the release of Debian GNU/Linux 2.2r2, which includes security fixes and other high-priority bug fixes. The main Debian archive is now in a package pool; the move of non-US went smoothly, but this move is expected to be more challenging. Joey Hess provided an FAQ about package pools, for those that are interested. Red Hat News. The silkhat 2.2.18 rpms are a set of kernel RPMS based on Red Hat 7.0's kernel, with a few modifications. The large memory patch has been pulled and some other patches have been added, including Andre Hedrick's IDE drive update patch, the alsa sound card drivers 0.5.10, reiserfs 3.5.28, Lennert Buytenhek's bridging patch and a few others. This is probably mostly of interest to people who have been following kernel development closely, want to use one or more of these patches on a Red Hat 7.0 system, but would prefer not to patch the kernel themselves. Slackware News. An on-line archive has been added for the slackware-announce and slackware-security mailing lists. BSD News. NetBSD 1.5 has been released. This release includes several new ports (NetBSD's specialty), much of the groundwork for SMP support in the future, loadable module support, IPv6 support, filesystem performance improvements, ext2 filesystem support, a transition to the ELF executable format, and much more. FreeBSD 4.2 is reviewed comparatively with Linux and FreeBSD 4.1.1 in this article from the Duke of URL. "While FreeBSD isn't exactly as easy to use as Windows, it's pretty darn close to Linux at least. One big advantage it has over Linux is how the directories are structured, because Linux tends to spread source and other files all throughout the system. Adjusting to FreeBSD just may be easier than Linux because things like this are simplified." Hurd News. The December 13th issue of the Kernel Cousin Debian Hurd is out. Activity seems to be increasing and tips were posted this week on installing the Hurd from either SuSE Linux or FreeBSD. Embedded DistributionsLineo and Transvirtual Technologies announce alliance. Lineo and Transvirtual have announced an alliance based around Transvirtual's PocketLinux distribution. Lineo will begin distribution of PocketLinux early next year. MontaVista Offers Easy VxWorks-To-Linux Transition. MontaVista Software, Inc., developer of the Hard Hat Linux operating system for embedded applications, announced the availability of a "virtual machine" environment for porting of VxWorks code from Wind River Systems to a Linux platform. For more information, LinuxDevices also put out a an interview with Jim Ready, CEO of MontaVista, to talk about this new product. "Emulating and/or translating all of the approximately 1500 API (application program interface) functions of VxWorks would have presented a severe challenge. However, MontaVista developers determined that it would be sufficient to limit their focus to roughly fifty of the most commonly used VxWorks APIs." Mini/Special Purpose DistributionsCoyote Linux v1.23 released. A new stable version of Coyote Linux, v1.23, was announced yesterday. The new edition has been upgraded to Linux 2.2.18, plus a new PPPoE client and other bugfixes. Check this week's security section for information on a security issue with rp-pppoe; we do not know whether or not this is the PPPoE client that has been upgraded. Coyote Linux is a single floppy distribution that turns a PC into a simple masquerading router/firewall in order to share an Internet connection among computers on a LAN. e-smith 4.1-beta now available. The beta version of the latest e-smith distribution is now available for the intrepid and/or foolhardy (otherwise known as developers). The official announcement indicates that e-smith 4.1 is based on Red Hat 7.0. "e-smith 4.1 contains several new features, including SSL, SSL-enabled Webmail, OpenSSH, better anti-spam protection, and improved packet filtering on the external interface. It also includes new support for PPP over Ethernet for ADSL via the external interface, and includes support for many additional ethernet cards." SmoothWall Linux 0.9.6. A new development release of SmoothWall Linux has been announced, version 0.9.6. "This release includes a revised front-end with new menu access, multiple ISP support, additional Windows DHCP domain support, code and functionality changes, and also SSH access and admin via the SmoothWeb interface added." SmoothWall takes a 486 PC and turns it into a fully-operational firewall with support for ISDN, ADSL, Cable, and more. Vector Linux 1.8. A new version of Vector Linux has been released, version 1.8. Vector Linux is a small, disk-based Linux distribution, requiring 16MB of memory and no more than 200MB of disk space. "This distribution of VectorLinux should be of interest to many MS Windows users who want to try Linux using a minimal amount of system resources. The results will be a dual-boot environment with the ICEwm windows manager providing a multi-desktop environment, and the revered multi-user, multi-processing, high uptime OS, Linux." Thanks to Gene Schiavone for forwarding the announcement to us. He also passed on the news that Vector Linux has now been translated and mirrored in Poland, Russia and China. Section Editor: Liz Coolbaugh |
December 14, 2000
Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Development page. |
Development projectsNews and EditorialsPalmtop Linux MachinesThe world of PDA based Linux has been growing rapidly in the last year. Linux is a natural for this environment with its reliable kernel, suitability for embedded systems, and well-tested networking capabilities.A welcome addition to the playing field is the MyLinux PDA project, which is putting together an open PDA hardware platform that is designed to run Linux from the start.
Featuring PCMCIA and CompactFlash slots, an HR-TFT Active Matrix LCD panel capable of displaying 64K colors and a whopping 256 MBytes of super fast SDRAM, this unit aims to fulfill the needs of even the most demanding Linux Advocate. Scheduled for early release to Linux Developers worldwide in April with full production planned in August 2001, this project brings the full power of 32-bit RISC processing home in this incredibly portable form factor. With a list of big-name sponsors including Hitachi, Xilinx, Sharp, Micron and Epson, this completely Open Source project seeks your active involvement. A limited number (200) of the units will be made available to developers. Along those same lines, LinuxDevices.com is starting a new series by Jerry Epplin on Exploring Linux PDA software alternatives. The series explores the use of Linux on PDAs and handheld devices: For several years, Linux advocates have predicted that Linux will become a significant factor in the embedded market. In addition to its virtues as a full-featured modern operating system, it is inexpensive to duplicate, an especially important factor for embedded systems. Others, coming from a more traditional embedded device development background, have been more skeptical, contrasting the compactness of older, more primitive software environments like VxWorks, QNX, or Lynx, to the relative bloat of Linux.
One of the biggest challenges that PDA based Linux systems designers face is zeroing in on a common graphical user interface that application designers can rally around. Despite all of its complexities, the X Window System has been a major unifying force in the Unix world. The Linux PDA arena needs a similar unifying platform. Hopefully, as time marches on, the best of the palmtop GUIs will rise to the top and get adopted by the masses. A situation where there are several competing systems, as with Gnome and KDE, would probably make for some healthy competition and keep the designers on their toes. LinuxDevices.com recently published a large list of possible choices for embedded window systems. There are currently ten open source projects and six commercial projects listed. In the long run, it is likely that only a few of those will ever see wide use. Several of the projects are X Window System derivatives, those will certainly have a big advantage in being able to use existing applications with little or no modification. X Window System based systems would also have the advantage of remote displays. Imagine plugging your palmtop into your LAN, connecting to it from your desktop via ssh, and running full-sized applications from your desktop machine using a real keyboard. The idea is not that far-fetched. The lightweight window systems would have advantages in the form of a smaller memory footprint, more speed, and possibly better battery life due to lower computational requirements. If only there were a standard system with a big pile of applications to go with it. Fortunately, in an open-source environment, it may become possible to choose from both X and a smaller GUI on the same PDA. These new toys will certainly be fun to play with. BrowsersA browser renaissance (ZDNet). Mozilla is not the only option in the open source browser market, according to this opinion piece from ZDNet. "Open-source software invites developers to dive in to address weaknesses. Browsers such as Galeon and SkipStone have jettisoned the mail-reading and page-making cruft in favor of smaller and faster browsers that still have most of Mozilla's browsing strengths. Rounding out this category of speedy browsers we have the Opera browser, now free, and the Links browser (not to be confused with its predecessor Lynx), one of ZDNet's most popular open source downloads." Mozilla 0.6 released. Version 0.6 of the Mozilla browser has been released. See the Release Notes for more info. "Mozilla 0.6 is a milestone release based on the same branch as Netscape 6. It is aimed at developers who wish to create products that extend Netscape 6 or who wish to port it. " Embedded SystemsEmbedded Linux Newsletter - December 7th, 2000. The latest issue of the Embedded Linux Newsletter has been published. New features include updates to the Embedded Linux Quick Reference Guides, an interview with Greg Haerr and the usual assortment of device profiles. InteroperabilityWine Weekly News for December 11, 2000. The December 11, 2000 edition of the Wine Weekly News is out. News includes a large DLL / X11 separation effort, Linux joystick input, and fixing game startup deadlocks. Network ManagementFully automated installation for Linux clusters. Version 1.4.1 of a package called FAI (Fully Automated Installation) has been released. This package permits the unattended installation of a cluster of Debian GNU/Linux systems. OpenNMS Update, Volume 1, Issue 38. The latest edition of the OpenNMS Update has been published. Topics in this issue include updates on project status, documentation problems, and a wish list. Office ApplicationsGimp 1.1.30 developer release. Version 1.1.30 of the Gimp is available for download. This is a developer's release. On the DesktopKDevelop 1.3 Released (KDE Dot News). The KDevelop Team announced the release of KDevelop 1.3, an Integrated Development Environment (IDE) based on KDE for the C and C++ Programming languages. KDE Gets Digital Camera Support (KDE Dot News). The Digital Camera application gPhoto2 has been integrated with KDE by theKompany.com. The integration added kio_slave to gPhoto2, allowing any application that uses the kio facilities to access a digital camera through gPhoto2. Linux Online interviews David Faure. KDE's David Faure talks about KDE2, Konquerer and more in this Linux Online interview. Linux Online: You've just released KDE 2. If you've been using the KDE 1+ builds, what important improvements are built into KDE 2?
KDE.themes.org Needs Your Help! (KDE dot News). KDE dot News reports that the kde.themes.org site needs help to maintain the site. They are looking for people with intimate knowledge of the KDE theme system. OSF/Motif bug database. ICS has placed the OSF/Motif bug database online at their MotifZone web site. Balsa 1.0: Mail in the GNOME Environment (LinuxPlanet). LinuxPlanet reviews Balsa 1.0. "Balsa is stable, configurable, and integrates well with the overall GNOME environment. It's very easy to use and configure, and if there's any feature that I'd complain about missing, it's the as-yet-to-be-completed filtering tools, which would give the project parity with kmail, Netscape Messenger, and others." Gaby 1.9.95 released. Version 1.9.95 of the personal database manager, Gaby has been released. "Gaby is a small personal databases manager for Linux using GTK+ and Gnome (if available) for its GUI. It was designed to provide straight-forward access to databases a 'normal' user would like while keeping the ability to easily create databases for other needs." Web-site DevelopmentZope 2.3.0 Alpha 1. Zope 2.3.0 Alpha 1 is now available. New to this release are built-in Python scripts, a fixed initial-user account process, and a security assertion system. An online Zope Book has also been released, this version of the book is up to date with the current release. Finally, a new cache management system for Zope has also been announced, it requires either the CVS version of Zope or the upcoming 2.3 Alpha 2 release. Take the Free Way (ZDNet). ZDNet has published a quick look at Zope, PHP and Tomcat - three open source solutions for web site development. "Zope, from Digital Creations, is another open-source application server project, with strengths in content management. In fact, some of the technology in Zope is used for online versions of major newspapers. Internally, it's built in an object-oriented language called Python, but you develop for Zope using its Document Template Markup Language (DTML) scripting tags." Midgard Weekly Summary, December 6th, 2000. The December 6th issue of the Midgard Weekly Summary has been published. Features include a holiday season release for version 1.4 and the early stages of Midgard 2.0. Section Editor: Forrest Cook |
December 14, 2000
|
|
Programming LanguagesC++A C++ open source library for quantitative finance.
The
QuantLib project is
working to build an open-source library for financial calculations.
"
The QuantLib project is aimed to provide a comprehensive software framework
for quantitative finance. The goal is to provide a
standard free/open source library to quantitative
analysts and developers for modeling, trading, and risk
management in real-life.
QuantLib plans to offer tools that are useful for both
practical implementation, with features such as market
conventions, solvers, PDEs, etc., and advanced
modelling, e.g., exotic options and interest rate
models. ERLANGStand Alone Erlang. Stand Alone Erlang is an add-on to the current Erlang R7B release that allows ERLANG applications to be condensed into as few as two files. This allows code written in ERLANG to be distributed to non-development machines. PerlTwo-Way Telephone Interaction (Webreference.com). Jonathan Eisenzopf writes about using Perl to talk to a voice modem. The article covers dialing, sending voice messages, recognizing touch-tones, and dialing extensions. Interesting stuff with lots of potential uses. Fun With Jabber. DJ Adams has written several articles on working with the NET::Jabber Perl module. He includes code for mail notifiers and an RSS Headline delivery program. Perl 5 Porters for December 10, 2000. The December 10 issue of Perl 5 Porters has been published. Topics include implementing Unicode on EBCDIC machines, Unicode on hash keys, and Unicode and PerlIO. PythonDr. Dobb's Python-URL! - December 12th, 2000. Dr. Dobb's weekly Python-URL! has been posted. Featured topics this week included mutual dependencies between modules, a C version of the Weak Reference Module, and the introduction of PyHTML. Ninth International Python Conference. The Ninth International Python Conference will happen March 5-8, 2001 in Long Beach, California. The keynote speakers will be Guido Van Rossum and Bruce Eckel, the conference includes tracks on Zope and Python applications among other things. Conference Registration is now open. Python Programming Tutorial. Richard G. Baldwin has published an online Python Programming Tutorial. Check it out for a tour of the Python language. Boost C++ Python Library. The py_cpp project has been renamed the Boost C++ Python Library. With the new name comes a new web site, www.boost.org. The library allows C++ code to be integrated into Python. Python 2 Efficiency. Eric Raymond posted this letter to the Kernel mailing list concerning code reduction and Python 2. "Using Python 2.0 rather than 1.5.2 lets me cut close to 600 lines out of the CML2 system, a bit more than 10% of the 5334 lines of code in this version." Tcl/tkDr. Dobb's Tcl-URL! - December 12th, 2000. Dr. Dobb's weekly Tcl-URL! has been posted. Featured topics this week include using Tcl to manage X.25 channels and FIFOs, an example of the BWidgets notebook in use, and the case for a new nroff-based documentation standard. Tix 8.1.1 released. Version 8.1.1 of the Tix widget set has been released. This version fixes some Python integration bugs. Moodss Version 12.1 released. Version 12.1 of the Moodss system monitoring tool has been released. This version adds threshold alerts via email, and includes various other features and bug fixes. Section Editor: Forrest Cook |
Language Links Caml Caml Hump Tiny COBOL Erlang g95 Fortran Gnu Compiler Collection (GCC) Gnu Compiler for the Java Language (GCJ) Guile Haskell IBM Java Zone Jython Free the X3J Thirteen (Lisp) Use Perl O'Reilly's perl.com Dr. Dobbs' Perl PHP PHP Weekly Summary Daily Python-URL Python.org Python.faqts Python Eggs Ruby Ruby Garden MIT Scheme Schemers Squeak Smalltalk Why Smalltalk Tcl Developer Xchange Tcl-tk.net O'Reilly's XML.com Regular Expressions |
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Commerce page. |
Linux and BusinessIBM has changed its attitude quite a bit over the last couple of years. An article from the 'The Star Online' in Malaysia was quoted in the May 28, 1998 edition of LWN. The link is gone now, but at the time they said "IBM has no plans for Linux." Now, of course, IBM is embracing Linux and all things open source. Irving Wladawsky Berger, IBM's vice president of technology is quoted in this News.com story as saying that the company already has invested about $1 billion in Linux, "and you can expect that to grow in 2001." Its worthwhile to keep in mind at this point that IBM is not a philanthropic organization. What they invest now they expect to get back many times over. Clearly in May 1998 the company did not see how to make money in the open source arena. Just as clearly, now they do. People have worried that VA Linux might suffer from competition by companies like Dell and Gateway. IBM is going after the sorts of Linux server sales that VA lives on. This makes IBM much more of a threat to companies like VA Linux. From the 1960's into the early 1980's IBM dominated the computing arena in the same way that Microsoft does today. It didn't always play nicely with others in the past, and although it is playing nice now, that could change in the future. For now, at least, Linux and the open source movement are basking the largesse of an enormous company with resources far beyond the dreams of most developers. So far IBM is sticking to a multi-distribution approach. IBM used SuSE on the IBM S/390 for the the Telia installation (covered last week.) An informed source told us that the company will use Red Hat Linux for the Shell International Exploration & Production B.V. facility's new supercomputer. Will IBM decide to write its own distribution? Probably not. The company undoubtedly realizes that Linux is not a "one-size-fits-all" sort of operating system, and distribution's alone are not money makers. As long as IBM can pick and chose among distributions and find one that works for the company and its customers, there is little incentive for them to write a distribution of their own. IBM's Linux offerings can be found at the Linux at IBM page. Here's another new announcement detailing the company's latest "e-infrastructure software for Linux." The most interesting part may be the announcement of a version of the DB2 database management system for Linux clusters. Also announced was DB2 and WebSphere for the S/390. Keio University Network To Use Red Hat Linux, IBM's Netfinity Servers. For now at least, Red Hat, Inc. and IBM are working together on several fronts. We already mentioned the Shell project. This announcement from Red Hat about the Keio University project is another example. Red Hat is supplying the operating system and the support and service. IBM is suppying IBM Netfinity 4500R servers, from Japan IBM Corporation. The servers will run Red Hat Linux 7, each having minimum capacity of 5 terabytes. Other Red Hat News. Red Hat has announced an expansion of its e-commerce offerings, centered around Apache and the Stronghold web server. The US Army, through Rymic Systems, will be using Red Hat's uClinux for a prototype Internet devices that will diagnose ground vehicle performance for the US Army. Kasenna MediaBase Available for SGI Linux Servers. SGI announced that Kasenna MediaBase is now available for Linux OS-based SGI servers. Kasenna MediaBase provides streaming, content management and content transfer supporting formats such as MPEG-1, MPEG-2, RealVideo, RealAudio, QuickTime and MP3. New Opera beta available for Linux. Opera Software has released a new beta version of their Web browser for the Linux operating system. It uses Qt for its interface, but statically linked versions are available so you won't need to download Qt itself if you don't have it or want to get it. The feature set for this release appears more complete than the last one, with far fewer listed annoying problems. One annoying problem remains, however: the release is a timed beta. The package remains fully functional only for 30 days. LPI certificates ship. It has taken far longer than anybody might have expected, but the Linux Professional Institute is finally sending out certificates to people who have passed both of the Level I exams. At this point, less than 100 certificates have gone out, but they are widely distributed: there are recipients in the USA, Germany, Austria, the UK, Belgium, Taiwan, Italy, and Ethiopia. More Than 400,000 Linux Fans Choose Oracle. Oracle is reporting in a press release that over 400,000 users have downloaded Oracle products for Linux over the past three months. Linux-based Browser Development Kit For Embedded, Non-PC Applications. ACCESS Co., Ltd. introduced the NetFront 2.6 Linux Software Development Kit (SDK) for the integration of ACCESS' NetFront browser into Linux-based Internet appliances and other non-PC applications. Sun completes acquisition of Cobalt. According to a press announcement on the Cobalt web site, Sun's acquisition of the server maker has been completed. Cobalt shares were exchanged 1 to 1, adjusted for the upcoming 2 for 1 split of Sun shares. (Thanks to Steven C. Den Beste) Press Releases:Open Source ProductsUnless specified, license is unverified.
Proprietary Products for Linux
Products and Services Using Linux
Products with Linux Versions
Java Products
Books and Training
Partnerships
Personnel
Linux At Work
Section Editor: Rebecca Sobol. |
December 14, 2000
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Linux in the news page. |
Linux in the newsRecommended ReadingWhy software still sucks (Upside). Jaron Lanier, pioneer in the field of virtual reality and general supporter of the open source movement, laments the state of software today in this interview from Upside, and wonders how Unix - repackaged as Linux - could be the saving grace it is. "How I hated Unix back in the '70s -- that devilish accumulator of data trash, obscurer of function, enemy of the user," he writes. "If anyone had told me back then that getting back to embarrassingly primitive Unix would be the great hope and investment obsession of the year 2000, merely because its name was changed to Linux and its source code was opened up again, I never would have had the stomach or the heart to continue in computer science." IBMIBM to spend $1 billion on Linux in 2001 (News.com). News.com looks at IBM's plans to invest in Linux. "[IBM CEO Louis] Gerstner questioned whether three or four years from now any proprietary version of Unix, such as Sun's Solaris, will have a leading market position. He noted that Linux is growing at twice the rate of Microsoft's Windows NT and that the Unix variant looks increasingly likely to become more prevalent than NT. IBM has about 1,500 developers working on Linux, Gerstner said." IBM Keeps Backing Linux (Motley Fool). The Motley Fool considers Linux investments in light of IBM's latest moves. "While today's news clearly indicates Big Blue's efforts to combat its slowing growth against competitors like Microsoft and EMC in software and storage, respectively -- and the biggest pain of all, Sun Microsystems -- perhaps the more interesting question is to examine what all of this means for the Linux companies, such as Red Hat and VA Linux." Gerstner's $5 billion spending spree (ZDNet) . IBM is set to invest $1 billion in Linux in 2001 and another $4 billion in 'e-sourcing' over the next three years, according to this ZDNet report on IBM Chairman Lou Gerstner's keynote at the ebusiness Expo and Conference in New York. "Gerstner made no bones about the fact that IBM's decision to bet big on Linux also is an attempt to slow the growth of IBM competitors Microsoft Corp. (Nasdaq: MSFT), Sun Microsystems Inc. (Nasdaq: SUNW) and EMC Corp. (NYSE: EMC), three companies which have distanced themselves from Linux." Shell Will Use Linux Supercomputer for Oil Quest (Reuters). IBM just keeps rolling with its Linux supercomputers - this time Shell is opting for an IBM supercomputer-scale cluster of 1024 Linux-based IBM X-Series servers, the largest such installation to date, to run seismic and other geophysical applications. IBM Linux mainframe chosen by European telecom (News.com). News.com reports on Telia's purchase of an IBM mainframe to replace Sun systems. "Using 'partitioning' software, a mainframe can be split into several independent computers that share the same hardware. IBM and others have demonstrated running tens of thousands of Linux computers on a single mainframe. At Telia, a G6 mainframe with more than 1,500 virtual Linux servers will replace 70 existing Sun Unix servers..." IBM pulls off Linux coup with Telia (ZDNet). Here's another ZDNet article on the Telia installation. "Steve Solazzo, IBM's vice president of Linux strategy, said in an interview that the implementation represents Europe's first major commercial enterprise infrastructure based on Linux. The Linux software will be provided by SuSE Inc. of Germany." Red HatRed Hat rocks the cradle, with Linux/eCos combo (LinuxDevices.com. Red Hat has been selected by Cradle Technologies to create a suite of tools, based on their embedded distributions and packages including eCos, for Cradle's new UMS processor chips. "The Cradle UMS chips will combine multiple RISC and DSP engines on a single chip -- 'on the order of fifty' in a single device, according to [Cradle CEO Satish] Gupta. The result will be a highly parallel system microarchitecture. But that should prove no serious challenge to Linux developer Red Hat, which already has substantial Linux clustering experience. Red Hat, it seems, will be supporting the combination of its open source eCos real-time kernel coexisting with embedded Linux." Army to try Red Hat embedded Linux (News.com). Red Hat has been selected by Rymic Systems for prototype Internet devices that will diagnose ground vehicle performance for the US Army. "Rymic Systems has chosen a small "embedded" version of Linux for use in prototype Internet devices that will diagnose vehicle performance and predict if failure might be imminent, the company said." VA LinuxVA Linux's SourceForge forges cash (ZDNet). ZDNet looks at VA's new "rent a SourceForge" service. "Agilent Technologies, a large spinoff of Hewlett-Packard Co, is the first subscriber to the service, called SourceForge Onsite, said VA vice president of strategic planning John Hall. 'It's absolutely a strategy to grow our customer base into the Fortune 500,' Hall said. VA is interested in this demanding but lucrative customer segment and believes the need for collaborative programming tools will be VA's foot in the door." Can VA Linux get out of hot water? (Upside). Upside reports on VA Linux Systems' new SourceForge OnSite offering. "Ironically, as Linux companies' fortunes have faltered in the market, the number of established software companies looking to incorporate various elements of the open source design model into their own proprietary projects has grown." U.S. authorities focusing on VA Linux in IPO probe (Reuters). Here is a Reuters article stating that the U.S. government is looking into the VA Linux Systems IPO. It seems that there are some questions on just how the shares in that IPO were allocated, with some investors paying "unusually large commissions" to participate. The DesktopLinux moves slowly onto the desktop (News.com). C|Net's News.com does a nice overview of the Linux desktop world as it is currently evolving, and why some players (like id Software) are not as interested as they once were. "Linux on the desktop is a complicated matter. For one thing, there's nobody really in charge of the Linux desktop user interface. Linus Torvalds exercises some control over Linux's kernel--the core parts of the operating system--but leaves user interface issues to others." CompaniesLast of the independents (Upside). Upside has run this article on Bruce Perens' move to HP. "In a move that in many ways reflects the current chilly tech market, one of the Linux community's last unsigned marquee players has decided to take a break from free agency and join an established corporate team." Oracle Expands Developer Services (ZDNet). ZDNet sees Oracle's expanded Oracle Technology Network as a response to other services like CollabNet and VA's SourceForge. "In some respects, Oracle's moves were those of a large commercial company's following the lead of such pioneers in online development as VA Linux Systems' SourceForge, O'Reilly & Associates Publishing and Hewlett-Packard's SourceXchange and CollabNet's www.collab.net. All three provide collaborative development tools and hosted services for open source code projects." Open-source MP3 project continues after parent's demise (News .com). With parent company iCast folding the future of Ogg Vorbis, the open source replacement for the patent-restricted MP3 format, is in question. The answer, of course, is to keep on rolling. "With the demise of iCast, a casualty of CMGI's recent round of belt-tightening, the Vorbis programming team was cut loose. It was allowed to keep all rights to its work, a provision that was part of its original deal in joining iCast, the programmers say. But the lack of a corporate sponsor has left the team, at least temporarily, without funding and without the prospect of a high-profile showcase for its work." BusinessOpen-source backers: Are you afraid? (ZDNet). ZDNet's Mary Jo Foley suggests that folks should be worried about the increasing corporate involvement in open source. "I am not implying that big corporations have nothing positive to contribute to Linux and open source. Indeed, the nearly 300 IBMers who are dedicated to working on open-source projects are 300 more warm bodies working for the betterment of open source. But what kind of financial and strategic benefits do big companies receive from their increasingly public love affair with open source? Is this topic off limits?" Report on Linux progress in the German automation industry (LinuxDevices.com). An updated from Robert Schwebel, producer of Linux-Automation.com, on how Linux is being used and developed in the German industrial automation industry. "National Semiconductor's Geode chip was the heart of a small embedded board [from IBS] which can be used in customer-specific applications as well on standardized PC/104-Plus boards. At the booth, a Linux-based demo application was shown." Hitachi launches Transmeta-based Internet appliance (News.com). C|Net's News.com is covering the new Hitachi Flora-ie 55mi, a Transmeta Crusoe based, Linux powered combination of a notebook, a handheld and a cell phone. "The device can be used on a desktop with a keyboard or removed from its docking cradle for roaming. Besides the keyboard, a stylus can be used to input data, like on a Palm. The device also contains a mobile phone interface for calls." The press release from Hitachi announcing the Flora-ie 55mi says the battery life is up to 7 hours and runs a "mobile Linux operating system", though it doesn't say if it's an in-house version or one of the well known embedded OS's. MasterTrade Linux roll-out gives system room to grow (Stuff NZ). It's slowly becoming more commonplace - a major retailer or business rolls out a large Linux installation replacing an existing Microsoft or Sun infrastructure. This time the retailer is New Zealand based MasterTrade and the Linux system count is 300. "After trialling Windows 2000, MasterTrade found difficulties with 'middleware', which communicates between MasterTrade's central inventory database in Christchurch, and the PCs in its 50 branches. 'Linux removed all middleware, and all the difficulties that went with it' [noted MasterTrade data processing manger Neil Helson].' The problem, of course, is that KDE is neither a Linux distributor nor based in America. "Staff will have access to suppliers' websites through X-Windows software from American Linux developer KDE, which lets staff use graphical applications." So while retailers now get it, it appears some news sites still don't. (Thanks to Ian McDonald) Will Linux Save Microsoft? (CNBC). CNBC examines the future of Microsoft and how it could, if the 800 pound gorilla gets hungry enough, use Linux to stay alive. "Microsoft doesn't talk about its Linux strategy very much. But it is an open secret in Silicon Valley that the company could rather easily steal the thunder from faddishly popular Linux firms, such as Caldera Systems Inc. and Red Hat Inc., at just about anytime it chooses." ResourcesWhat Is P2P...And What Isn't? (O'Reilly). Defining P2P literally suggests that Alexander Graham Bell was a P2P engineer, according to an article on th O'Reilly Network. "P2P is a class of applications that takes advantage of resources -- storage, cycles, content, human presence -- available at the edges of the Internet. Because accessing these decentralized resources means operating in an environment of unstable connectivity and unpredictable IP addresses, P2P nodes must operate outside the DNS system and have significant or total autonomy from central servers." LinuxMonth Issue # 4. The 4th issue of LinuxMonth has been published. Article topics in this issue include using sudo, an interview of John Ousterhout, open source licenses explained, and security tips for Red Hat distributions. 28 abstracts and papers on real-time Linux (LinuxDevices.com). LinuxDevices.com has posted the abstracts and, in most cases, links to the PDF versions of the talks from the second annual Real-time Linux Workshop, held in Orlando, Florida on November 27-28, 2000. Linux on the loose (ZDNet). In this article, ZDNet talks about what can be expected in the soon-to-be released Linux 2.4 kernel. "Torvalds is planning to include the ReiserFS journaling file system in the 2.4.1 release, expected within two weeks of 2.4's release." ReviewsFirst Looks at Nautilus 0.5 (Signal Ground). Signal Ground takes a brief look at Nautilus 0.5. "Installation of Eazel's Nautilus 0.5 from Debian packages went without a hitch. And the next thing I knew, I had a Nautilus menu item in my Gnome menus. After selecting it, the wizard screen shown above appeared. The wizard asks a few questions, including asking you to pick a skill level." VMware 2.0.3 for Linux Review (LinuxLookup). The VMWare 2.0.3 installation and feature set are examined in this review by LinuxLookup. " Currently there is only a X86 version of VMware and only the ability to run X86 based guest operating systems. All Microsoft Windows operating systems are now supported (including 2000 Professional/Server and ME), FreeBSD 2.2.8 and 3.X, most Linux distributions although the 2.X and above kernels are recommended, and MS-DOS 6.X." Section Editor: Rebecca Sobol |
December 14, 2000 |
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Announcements page. |
AnnouncementsResourcesIT University launches LinuxLab.dk. The IT University of Copenhagen launched LinuxLab.dk, one of Denmark's biggest Open Source initiatives. IBM is the founding sponsor of the laboratory. Help WantedLinear Logic Systems is looking for a Linux kernel hacker.EventsDecember/January/February events.
Additional events can be found in the LWN Event Calendar. Event submissions should be sent to lwn@lwn.net in a plain text format. User Group NewsLUG Events: December 14 - December 28, 2000.
Additional events can be found in the LWN Event Calendar. Event submissions should be sent to lwn@lwn.net in a plain text format. |
December 14, 2000 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Software AnnouncementsHere are this week's Freshmeat software announcements. Freshmeat now offers the announcements sorted in two different ways: |
Our software announcements are provided courtesy of FreshMeat
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Back page page. |
Linux Links of the WeekThe NymIP Project has set itself the task of designing a set of IP-based protocols which will facilitate the use of controlled anonymity and pseudonymity on the net. The standards and their implementation are both intended to be open and freely available. If they get there, this project will have helped to protect privacy in electronic communications. Not satisfied with using emacs to edit files, read mail, chat on IRC, partition disks, be psychoanalyzed, and edit images? Well, the emacs webring is back in action and ready to connect you with more cool stuff to satisfy your elisp needs. Section Editor: Jon Corbet |
December 14, 2000 |
|
This week in historyTwo years ago (December 17, 1998 LWN): IDC reported that Linux's market share rose 212% in 1998, giving it 17% of the server operating system market. Work continued toward the 2.2.0 stable kernel release. Linus, meanwhile, addressed the topic of raw I/O in Linux: Quite frankly, nobody has EVER given me a reason that makes any kind of sense at all for supporting raw devices in any other way than we already do. Nobody sane uses a disk without a filesystem, and the insane people that do I feel we can and should ignore. Insanity has a way of dying off over time, when Darvin [sic] starts to look into it. (2.4.0, of course, will include a Linus-approved raw I/O implementation). The Debian Project adopted its constitution, which describes how the project operates. The project was smaller then; all of 86 votes were counted (once was sufficient) in the decision on the constitution. The first project leader election began, with Joseph Carter, Ben Collins, and Wichert Akkerman running as candidates. Red Hat, meanwhile, launched its training and certification programs.
The GNOME project aims to emulate what is best about existing interfaces. "Microsoft did some things very well, and we're trying to learn from them," [Miguel] de Icaza says. At the same time, the project seeks to avoid some of Windows' annoying design peculiarities. GNOME users, de Icaza promises flatly, will not turn off their computers by clicking a button labeled "Start."
The Linux Mall announced the availability of the first stuffed Tuxes. "A huggable pal to have around, or a great bed partner." IBM released the first version of Wietse Venema's "Secure Mailer," otherwise known as Postfix. One year ago (December 16, 1999 LWN) saw, of course, the initial public offering of VA Linux Systems. The company's stock shot up to close at almost eight times its (already increased) initial value, setting a record which remains unchallenged a year later. It was the high point of the Linux stock mania. One year later, VA's stock stands at about 5% of its first-day peak, and the IPO is being investigated by the U.S. government (which is more concerned with the underwriter's actions than VA's). LWN predicted a flood of Linux-related IPOs to follow. Needless to say, things have not worked out that way.
VA had indeed gone out on NASDAQ -- and I had become worth approximately forty-one million dollars while I wasn't looking. Well, that didn't last long. In the next two hours, VA dropped from $274 a share to close at $239, leaving me with a stake of only thirty-six million dollars. Which is still a preposterously large amount of money.
The Bazaar, a free software conference, was held in New York. Attendance was light, and the event has not been repeated. At the conference, Miguel de Icaza was awarded the Free Software Foundation Award for his work with GNOME. Bastille Linux 1.0.0 was released. Debian 2.1r4 came out. MandrakeSoft proclaimed that Linux-Mandrake 6.1 was Y2K compliant. Stormix released Storm Linux 2000. Linus released development kernel 2.3.33 with the comment: "We're obviously not going to have a 2.4 this millenium [sic], but let's get the pre-2.4 series going this year, with the real release Q1 of 2000." He was flooded by those who claim the millennium wouldn't end for another year, and responded: The fact that our forefathers were Pascal-programmers, and started counting from one does not mean that we have to continue that mistake forever. We've since moved on to C, and the change from 1999->2000 is a lot more interesting in a base-10 system than the change from 2000->2001. Of course, it looks like no 2.4.0 by the end of the millennium even by the reckoning of Pascal programmers... Applix acquired CoSource.com, just a few days after the latter's official launch. Linuxcare closed a large investment round. But Linuxcare wants to get its business in better shape before it goes public. The company isn't profitable and won't be for the next year as Linuxcare pays for aggressive hiring and expansion, [CEO Fernand Sarrat] said in an interview. Shunning the method pioneered by Internet companies, Sarrat is focusing on building up the business before Linuxcare goes public, instead of using the proceeds of an IPO to fund that expansion. Of course, Linuxcare filed for its IPO just one month later... | |
|
Letters to the editorLetters to the editor should be sent to letters@lwn.net. Preference will be given to letters which are short, to the point, and well written. If you want your email address "anti-spammed" in some way please be sure to let us know. We do not have a policy against anonymous letters, but we will be reluctant to include them. | |
From: "Post, Erik" <epost@exch.hpl.hp.com> To: "'letters@lwn.net'" <letters@lwn.net> Subject: Red Hat != Linux? Date: Thu, 7 Dec 2000 11:42:39 -0800 Dear LWN editors, one small piece of the 'fun with the press' topic on the December 7th issue caused me to write this letter. It isn't a really big issue, but still. My comment pertains to the part in which you talk about the CNet article about RedHat not supporting Sparc anymore, and the CNet author's comparison with Windows NT's decline in the number of supported CPUs. You conclude that CNet made the mistake of assuming Red Hat = Linux. However, I fail to see the point where the author of the CNet article makes the fault of assuming Linux = RedHat. The author talks about a specific company (Red Hat), with a OS product (Red Hat Linux), and compares it with another OS product (Windows NT) from a specific company (Microsoft). Besides, (and I quote) "finding a distribution that supports the Sparc is not hard", especially if you bothered to read beyond the first five paragraphs of the article. I'm afraid that LWN fell for the very same thing it is warning people about: assuming Red Hat = Linux. Best regards, Erik Post | ||
Date: Wed, 13 Dec 2000 00:10:32 -0900 From: Fielder George Dowding <fgd@mailhost.alaska.net> To: lwn@lwn.net Subject: Those who live in glass houses ... To whom it may concern: I read with some interest the December 7, 2000, "Fun with the press" under the headline, "Leading items and editorials." The piece labeled "This Upside article about Plan 9" sufficently interested me to pursue the source. My conclusion is you should not cast stones at a fellow writer for lack of research. I will grant that the opening paragraphs were excessive in the use of literary techniques for holding the attention of the reader. The real culprit, assuming the author reported accurately, is the CEO of Vita Nuova, Mr. Michael Jeffrey. Mr. Jeffrey's cpu requires a bug fix in its logic unit. All of what he is quoted as having said is almost pure marketing flack. It is clear to me he does not understand business or the Internet development model. He and his company will be trampled by the Hurd. Thank you for leading me on to this situation, but please, a little more research. Cheerio! -- Fielder George Dowding, dba Iceworm Enterprises fgd@alaska.net iceworm@customcpu.com 909 Chugach Way Lot 35, Anchorage, Alaska 99503-5667 US | ||
Date: Tue, 12 Dec 2000 17:02:26 +0000 (GMT) From: <S.Xenitellis@rhbnc.ac.uk> To: <letters@lwn.net> Subject: About FrameMaker and Adobe I was partly surprised when I read two weeks ago that Adobe is dropping the Linux version of Framemaker+SGML. A lot of people do not consider typesetting to be such an exciting area of work and show too little interest. (I personally find typesetting quite interesting). The fact that it is not generally an interesting area is evident from the lack of opensource applications that can be used to create SGML documents and generate output formats. Currently, if someone wants to use DocBook (an SGML "application" suitable for technical documentation) to generate output PDF/PS output, s/he has only two solutions, each of them giving not so good results. There are to use "JadeTeX" or "PassiveTeX", both from Sebastian Rantz. "JadeTeX" was a hack and is not developed anymore (table support in JadeTeX is not good) while "PassiveTeX" appears to be the right way to do things and is being developed. However, at the moment, PassiveTeX does not appear to be able to generate all sorts of documents. (this is not an accusation on Sebastian) From what it appears here, there is currently no globally acceptable editor to write SGML (DocBook) documents and the document generation does not offer too much sophistication. Adobe could have had the chance to invest into a simple GUI product that can aid in a) the writing/editing of SGML documents b) generation of all sorts of PDF/PS output Projects like KDE and GNOME make extensive use of DocBook and most other OS documentation is converted into DocBook as well. My recommendation to Adobe is that when they consider entering the Linux market, they should think primarily in capturing the market and getting the money latter from services by companies who make commercial use of the product. Linux is stuck with no complete (easy to use, supporting all features of standards, supporting many local languages) typesetting tools. Thanks, Simos Xenitellis | ||
From: Peter Samuelson <peter@cadcamlab.org> Date: Fri, 8 Dec 2000 00:55:02 -0600 (CST) To: jra@baylink.com Subject: Re: Universal RPMs. [Jay Ashworth] > In general, anytime that part of an installation involves "put this > file in the right place" or "change this [parameter in] this system > control file (inittab)", there should probably be a program that does > the work, the call to which can be standardized across systems, and > the underlying actions can be specific to a distribution. Hey, you're describing Debian: $ ls {,/usr}/{,s}bin/update-* ls: /bin/update-*: No such file or directory /sbin/update-modules /usr/bin/update-menus /usr/bin/update-ppd /usr/sbin/update-alternatives /usr/sbin/update-dlocatedb /usr/sbin/update-fonts-alias /usr/sbin/update-fonts-scale /usr/sbin/update-inetd /usr/sbin/update-ispell-dictionary /usr/sbin/update-mime /usr/sbin/update-passwd /usr/sbin/update-rc.d /usr/sbin/update-vfontcap /usr/sbin/update-xaw-wrappers Now granted, a few of these are Debian-specific ("update-alternatives" manages the alternatives system by which you can have both nvi and vim installed, either of which (but not both) can have a /usr/bin/vi symlink) but many of them -- update-inetd, update-rc.d, update-passwd, update-mime -- could easily be applied to other distributions. There is actually a Debian package 'file-rc' which replaces the SysV runlevel symlink tree with a single 'runlevel.conf' file -- and thanks to the update-rc.d abstraction layer, it works transparently, without any changes to other packages. Peter | ||
To: letters@lwn.net Subject: Re: Universal RPMs From: Marc Lefranc <mlefranc@libertysurf.fr> Date: 07 Dec 2000 23:01:29 +0100 Dear Editors, I would first like to thank you for the best Linux news source in the world. In the issue of LWN dated Dec. 7, 2000, Jay R. Ashworth complains that the Red Hat distribution does not provide a simple user interface for starting and stopping SysVinit services. He notes that he created a simple script, called svc, which provides a wrapper around the script located in /etc/rc.d/init.d. I would just like to point out that: 1) It has been some time since RH has been shipping such a user interface. Just look at.../sbin/service which does exactly what the above-mentioned svc does. 2) starting with RH 7, there is a symbolic link /etc/init.d -> /etc/rc.d/init.d, which makes the /etc/init.d valid on RH, Debian, most certainly Mandrake (not checked), and probably soon most other distributions. This implies that /etc/init.d/script start might be even simpler that calling the svc|service interface. Marc Lefranc | ||
Date: Thu, 7 Dec 2000 14:58:58 -0500 (EST) From: Joseph J Klemmer <klemmerj@webtrek.com> To: "Jay R. Ashworth" <jra@baylink.com> Subject: Re: Universal RPMs. > The files on a Red hat distribution (among others) in the > /etc/rc.d/init.d directory constitute a sort of "service manager > interface", in conjunction with SysVinit, they're one of the few > ideas stolen from NT that I like. But, while many Linux > distributions provide the "chkconfig" command for setting services in > this directory to be enabled or disabled in specific runlevels, that > command doesn't provide a user interface for turning something on or > off, or restarting it, *right now*. I created my on, called svc: > > /etc/rc.d/init.d/$1 $2 > > Real complicated, right? People do that all the time, right? So why > hasn't RH already added that to the distro? FWIW, there's a little known utility called "service" on RH (don't know if it's on any of the others) that does exactly what you're referring to. It seems to be an undocumented little thing but, as it's a shell script, it shouldn't be to difficult to figure out. Just try this as root: [root@billy /root]# service Usage: service < option > | --status-all | [ service_name [ command ] ] The script is in /sbin and makes it real handy to do things like - service httpd restart service sendmail stop Just thought you'd like to know. :-) --- There are just 25 days till the beginning of the 21st century and the next millennium! | ||
Date: Thu, 07 Dec 2000 13:42:15 -0500 From: Pierre Baillargeon <pb@artquest.net> To: letters@lwn.net Subject: Elevator algorithms Hi, Just a comment about the conclusion Thomas Sippel - Dau (t.sippel-dau@ic.ac.uk) reached about the elevator algorithm. When you strip down the math notation from his letter, you get the simple claim that applying two sorting algorithms in succession is wasteful because only the last one will prevail. This is patently false. A sorting algorithm does not need to affect all elements. An example of such algorithm is the stable sort: equal elements are not moved. This algorithm is useful to sort by two criteria in succession: for example sorting mails first by sender then by date, so that letters received on a single day will be sorted by senders. Using a single sorts would not produce that result. Elevator algorithm are part of such breed. Only the elements that meet certain criteria will be moved around. So the effort is not wasted. The kernel can optimize with the criteria it consider important, and the disk controller will sort them with its own optimizing criteria. The second flaw of the argument is the assumption that both the kernel and the disk controller see the same set of requests. This is not necessarily so. In fact, the elevator algorithm is there to provide the most cohesive set of requests to the controller, so that its own internal algorithm can do an effective job. | ||
Date: Thu, 7 Dec 2000 13:03:15 -0500 From: "Jay R. Ashworth" <jra@baylink.com> To: letters@lwn.net Subject: Disk Elevators redux In last week's letters column, Thomas Sippel made an excellent point about OS-based disk elevator transfer-reordering algorithms: disk controllers with onboard cache reorder transactions themselves, anyway. I wanted to make a different point, and it's still valid, so I will. :-) It wouldn't matter if the drives were uncached, anyway: the Cylinder, Head and Sector address information with which the drive talks to the outside world has been fictional for many years, anyway. Many, and I'm tempted to say all, but can't back it up, drive use translation mappings such that the sectors on one "cylinder" do not all reside on the same physical cylinder. This alone would seem to make OS-based elevators not only useless, but in some cases, the pessimal solution to the problem at hand, no? Cheers, -- jra -- Jay R. Ashworth jra@baylink.com Member of the Technical Staff Baylink The Suncoast Freenet The Things I Think Tampa Bay, Florida http://baylink.pitas.com +1 727 804 5015 | ||
Date: Mon, 11 Dec 2000 19:07:26 -0800 From: Thornton Prime <thornton@jalan.com> To: mfoley@zdnet.com, letters@lwn.net Subject: Re: Open-source Backers Dear Ms. Foley, I know as an avid industry watcher you recognize the enthusiasim and growth of open source projects. Open source is clearly already an important force in the market, and will continue to be as long as individuals find rewards in the model. At the same time, though, I submit that the financial interests for a corporation that actively contributes to open source projects is substantially greater than any reward available to individuals. >From your article posted at http://www.zdnet.com/zdnn/stories/comment/0,5859,2662295,00.html I see that you have wondered about how companies can gain from participation in open source projects. I am writing to offer you what I believe to be reasons why companies in some parts of the IT industry should consider participation in open source projects. I see six basic financial interests in corporate sponsorship of open source projects. Most of these depend on a particular business model, but all apply to a company as large as IBM which is pursuing multiple business goals simultaneously: 1. Contributing to open source projects is absolutely essential for any hardware company hoping to make sales in the rapidly growing open source operating system market. To guarantee the best driver support for your hardware, you need to write your own drivers. To guarantee equal protection and treatment of your drivers in a community like Linux, these drivers need to be open. For companies like IBM and Compaq, investing in open source is investing in a substantial investment they have made in CPU development. They are guaranteeing future markets for their PPC and Alpha processors. Smaller hardware manufacturers stand just as much to gain. 2. Contributing to an open source project enables a company that sells associated services or projects to guarantee computability and help shape future directions of a software that is key to their future. IBM again provides a great example of a company that benefits in this way. By participating in the Apache product, they guarantee compatibility with WebSphere. they have also substantially moved forward the Apache Group's next generation server, moving it from a forking Unix codebase to a model that provides multiple multi-process architectures, including threads, pre-forking and a hybrid. 3. Contributing to open source projects helps develop internal expertise and enhances the credentials of a company who provides consulting services for the software or a related product. IBM, by contributing performance patches to Apache has demonstrated themselves as an authority on Apache and web servers in general. 4. Developers come and go. Open source developers remain loyal to their code and support it after they have left. IBM licensed the postfix mail server under their open source license. The developer, Wietse Venema, continues to actively improve and enhance his code, even though the license remains IBM's. While it started as a research project it has turned into a secure and stable alternative to sendmail now used by Compaq and many other companies around the world. IBM continues to enjoy a return on their research investment even though the principal author is no longer in their employ. 5. Good systems get better faster when they are open. If there is no real market for a software project, open sourcing it can create a market and create opportunities. Once code is available to the public it matures more quickly and at less cost than a comparable commercial project as long as there remains good management of the project. Developers outside of an organization offer abilities and enhancements that often are unthought of within a company of origin. Again, I use the example of postfix. IBM had less than a snowball's chance in hell of penetrating a mail server market dominated by Sendmail, Lotus, Novell, and Microsoft when Mr. Venema started his project. Still, developing the expertise internally was critical to other business processes. While the code had no value commercially, releasing it publicly opened competition to Sendmail and created a new market. The code improved dramatically, gaining database and LDAP support, while increasing in security and performance once other developers had an opportunity to contribute and once system administrators deployed, tested, and suggested enhancements. Another good example of this is Mozilla and Netscape. While many proclaim Netscape as an example of a failed open source project, I think few would contest the fact that Microsoft's growth in the browser market was only halted once Netscape open sourced their browser and created Mozilla. While Mozilla may not be the best example of an open source product that creates opportunities, it is a clear example of a move that saved a dwindling market share from dwindling further. In the end Mozilla may turn around the browser market when and if AOL adopts Mozilla as the core of their product. In fact, because Mozilla is available on so many platforms it may help AOL enter markets they probably never considered, including Linux, Be, and the embedded browser markets. 6. Most open source developers code for two simple reasons: ego and fun. In an increasingly tight job market, both of these motivations can be key to employee acquisition and retention. Companies like IBM, who only a few years ago were considered too buttoned-up for most developers, are now able to make attractive employment offerings to a market that seems less concerned with money and more concerned with fringe benefits. Thornton Prime | ||