[LWN Logo]
[LWN.net]

Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise news for all interests


Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Back page

Other LWN stuff:
 Daily Updates
 Calendar
 Linux Stocks Page
 Book reviews
 Penguin Gallery

 Archives/search
 Use LWN headlines
 Advertise here
 Contact us

Recent features:
- RMS Interview
- 2001 Timeline
- O'Reilly Open Source Conference
- OLS 2001
- GaŽl Duval
- Kernel Summit
- Singapore Linux Conference
- djbdns

Here is the permanent site for this page.

See also: last week's LWN.

Leading items and editorials


Graphics presents under the tree. With very little fanfare, and in a slipped-release schedule matched only by the Linux kernel itself, GIMP 1.2 was released to the masses on Christmas day, a gift to the starving artists who have been waiting patiently for a reprieve from the stranglehold of Adobe, the pains of Corel's PhotoPAINT-on-WINE and the limitations of GIMP 1.0.

[GIMP 1.2] Ok, so it's not that dramatic. But if you haven't been using the developers releases for the past year and a half, then you're in for a big suprise. GIMP 1.2, which was referred to in the announcement posted to the developers mailing list as "the Hadjaha release" (just who is in charge of code names anyway?), takes the graphically-addicted users of the Linux world to regions most Linux desktop naysayers dared not admit were possible.

While still lacking real color matching features needed for serious print work, GIMP 1.2 is the digital artist's dream machine. Most serious users have found the Perl scripting interface the most important new feature. Repetitive processes on extensive frames of video can be automated using that interface - and that makes GIMP 1.2 a popular tool in Hollywood.

But there is much more in GIMP 1.2 than scripting. Extended tablet support allows greater control through Wacom drawing tablets, thanks to proper X Input support in both XFree86 and GTK+. All drawing tools - including all of the new ones like Smudge and Dodge & Burn - include support for drawing tablet pressure and sensitivity features. New brush types provide both color and varying stroke styles (known as Brush Pipes). A large number of new filters have been added and old ones improved - the old Transform Tool got a big facelift and is much more interactive and easier to use on low memory systems. Best of all are the vastly improved print services which, at least for the Epson Stylus Color 740, produce extremely high quality prints on a variety of media.

The best news is that GIMP 1.2 has few dependencies that won't be satisfied by most recent Linux distributions. One exception to that may be dependencies for some of the Perl scripting interface code. The new GIMP uses GTK+ 1.2.8, a GUI library that's been available since March 2000. RPMs were posted to the web site but at the time of this writing, they had not made it to the public FTP site. You can expect them soon.

Why is GIMP 1.2 so important? The biggest reason is desktop viability for Linux. GIMP shows that professional packages can be created for this environment targeted at non-technical users. It makes efficient use of available resources. It provides numerous extensibility features, from plug-ins to modules to extensions (all of which are slightly different). Though some users have complained that the interface is a little difficult to use, most Photoshop users have been able to jump in and become productive with GIMP very quickly. GIMP 1.2 is a real production-quality tool. And even though color matching may not be available, the GIMP can be used to produce high quality images destined for print - from posters to CD covers, from magazine covers to glossy advertisements.

The GIMP is also one of the most visible Open Source tools being ported to non-Linux platforms. Ports are available for most Unix systems as well as Windows. Ports to BeOS and the Mac are in various stages of completion. While Linux sits in backrooms grinding out web pages with Apache and mail with Sendmail, GIMP takes Linux (and Open Source) and puts it in front of many eyeballs. It's the visible flag waving Open Source needs.

With 1.2 now available, developers will start to turn their attention to 2.0 (or possibly 1.4, if such a release becomes necessary). Major changes are planned for 2.0 which will bring GIMP to a new level of sophistication - changes the special effects industry is requesting that will stun the typical user. All we can hope is it won't take 2 more years for 2.0. But then, it will most likely be worth the wait.

Linux 2.4.0-prerelease: a present for the New Year. On the last day of 2000, Linus Torvalds sent out a note announcing Linux 2.4.0-prerelease. Linus and the rest of the kernel team had hoped to get the final version of Linux 2.4.0 out in December, but development issues and some critical bugs decreed otherwise. Nonetheless, Linus has decreed that enough is enough. After a busy week, with three test kernels quickly released, the last bug considered to be a show-stopper was stomped, driver updates from Alan Cox were integrated and Linus released the official 2.4.0-prerelease with a strong promise that there would be no more test kernels. The next kernel release should be 2.4.0.

Don't expect it to come out tomorrow, though. Linus specifically indicated that he would provide some lag time so that non-Intel architectures could bring themselves up-to-date with the latest features and bug-fixes in the Intel tree (most kernel development is done initially on the Intel architecture).

Linus' announcement is good news for the Linux community, of course, but it also provided, by its timing, a present for the news media. The Christmas season is generally a time with a relatively slow news feed, at least pertaining to computer issues. The media finished out 2000 with stories picking on the lack of a 2.4.0 release, calling it "vaporware". The 2.4.0 prerelease allowed them to pick up the topic again, producing a larger media coverage than most beta kernel releases.

The hoopla aside, remember that even the release of 2.4.0 will not generally be a signal for everyone to jump on board and start using the new kernel. The various Linux distributions are eager to start shipping it, but they will want it to be stable enough for production use. That means more testing, by a broader audience, and more bug fixes before you start seeing the new kernel shipped by default with all the major Linux distributions.

When it comes, it will bring faster performance in most cases, particularly for large database sites, multiple-cpu machines, large memory systems and other enterprise-scale needs. For those that don't need it, though, the Linux 2.2.X kernel will continue to be supported for the foreseeable future.

Upcoming Linux Events. With the new year comes a new line-up of Linux events. This month, the linux.conf.au will be running January 17 - 20, 2001, for those of you "Down Under" and those of you not down under but lucky enough to make it out. This looks like an extremely fun, highly technical event. The speaker line-up is extremely impressive, including a list of kernel hackers and developers that has to be read to be believed:

Alan Cox (Wales): kernel guru, outlining secret plans for 2.4
Dave Miller (USA): kernel networking guru
Andrew Tridgell (Australia): creator of samba, rsync,, hacking TiVo
Wayne Piekarski (Australia): Augmented reality on Linux wearables
Rik van Riel (NL, in Brazil): kernel memory management
Craig Southeren (Australia): OpenH323 videoconferencing
David Huggins-Daines (USA): Linux on the PA/RISC architecture
Stephane Eranian (USA): IA64 Linux hacking
Anton Blanchard (Australia): got Linux running on the Sun E10k !
Richard Gooch (Australia, in Canada): devfs, and a new init system
Andrew Morton (Australia): Low Latency Linux
Martin Pool (Australia): rproxy -- rsync caching over http
Rusty (Australia): netfilter, apt-proxy, gzip --rsyncable
Horms (Australia, in USA): distributed content & high availability
Rasterman (Australia, in USA): Enlightenment, hardware accelerated X11
John Ryland (Australia): Qt/Embedded
George Lebl (USA): Bonobo (the GNOME component model)
Dave Sifry (USA): Calendaring (GCTP, OpenFlock)
Matthew Wilcox (USA): Leases & Directory notification
John Goebel (USA): Cluster administration, Global filesystem
Daniel Phillips (Germany): The Tux2 failsafe filesystem
Neil Brown (Australia): Linux RAID
Manish 'yosh' Singh (USA): Gimp 2.0 internals (GEGL)
Wichert Akkerman (Netherlands): Debian project leader
All we can say is, we wish we were going to be there.

Later in the month, the LinuxWorld Conference and Expo 2001 New York will be happening. LWN will have two editors there, both Liz Coolbaugh and Michael Hammel. We surely look forward to meeting as many of our readers there as possible. We won't have a booth, though, so you'll have to look for us roaming the floor or haunting the talks. We'll also be providing conference coverage.

Welcome to 2001! Don't ask us why, but it just feels different. We expect an interesting year as well.

Inside this week's Linux Weekly News:

  • Security: Are GTK+ modules safe?, Shockwave overflows, Emacs vulnerabilities
  • Kernel: Generic deferred file writing for VFS, Makefile redesign for 2.5
  • Distributions: Debian Jr. Update, LinuxNewbie reviews Debian installation, Slackware.com compromised.
  • Development: Perl Journal troubles, the Ruby language.
  • Commerce: World domination in 2001?, Hungry Minds and Red Hat Create Red Hat Press.
  • Back page: Linux links, this week in Linux history, and letters to the editor.
...plus the usual array of reports, updates, and announcements.

This Week's LWN was brought to you by:


January 4, 2001

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Back page

See also: last week's Security page.

Security


News and Editorials

GTK+ Modules - are they secure?. An extended discussion on BugTraq brought up the issue of whether GTK+ modules (and modules in other widget sets) are a security risk. The problem lies in whether or not a setuid or setguid program which tries to run a bogus module should know whether or not this is safe.

Owen Taylor, one of the primary developers for GTK+, posted a response stating that the official GTK+ position is that setuid and setguid programs are, essentially, a bad idea for GUI toolkits and are not supported by the GTK+ toolkit.

"In the opinion of the GTK+ team, the only correct way to write a setuid program with a graphical user interface is to have a setuid backend that communicates with the non-setuid graphical user interface via a mechanism such as a pipe and that considers the input it receives to be untrusted."

Their argument is that setuid/setguid programs need to be small and specific, not large and generic like the GTK+ library itself.

Workarounds for the current state of GTK+ were also posted for this discussion, such as checking the effective id against the real id in gtkmain.c itself, a simple patch which is not addressed directly by the GTK+ teams response. However, such patches in general are considered the wrong solution by the GTK+ team according to their official stance on this issue.

It can be argued that GTK+ should force an abort if the program using that library is running as setuid or setguid. But this is the wrong way to handle this issue. Libraries shouldn't enforce policy - if you want to shoot yourself in the foot, you should be able to do so. What GTK+ could do is provide hooks for applications to request this enforcement, but not enable it by default. What if, for example, an individual wants to run applications as setuid root on his box which is not connected to any other system and is used only in the field for data acquisition? Should you deny this option within the GUI library? Of course not. The user should have control of their system and should not be controlled by the libraries upon which their application depends.

Shockwave Flash buffer overflow. A report was posted to BugTraq this past week regarding yet another buffer overflow problem. While the problem (buffer overflow) is rather mundane (where haven't we seen this sort of problem?) and the reported effects rather modest (can potentially crash a browser or perhaps corrupt image data), the real issue is the widespread effect. Shockwave plug-ins exists for nearly all desktop platforms, including Windows, Mac, and Linux based systems and all are based on a single source code implementation. While the author of the report achieved crashes and corrupted data, he also believes that a multi-platform self modifying virus may also be possible here.

Unfortunately, the report came via trial and error and not by code inspection. The actual code for the plug-ins can be found online at Macromedia's web site (under their specific source code license) and further examination is necessary to determine just how problematic this particular buffer overflow issue really is.

Of course, this seems to explain why all Flash sites crashed my version of Netscape. Time to remove that plug-in....

Sendmail 8.11.2 released. Sendmail, Inc. posted to BugTraq that version 8.11.2 of their mail transfer agent, sendmail, has been released. This version addresses a number of security issues and general bugs found after 8.11.1 was released.

Security Reports

Security Enhanced Linux buffer overflow vulnerability. A buffer overflow was reported in NSA Security Enhanced Linux's implementation of libsecure. An updated release of NSA Security Enhanced Linux has been made available with a fix for the problem. Check BugTraq ID 2154 for more details.

Web scripts. The following cgi-bin or other web scripts were reported to contain vulnerabilities:

  • ikonboard's register.cgi contains an input validation error that can be exploited by a remote user to gain local access to a system running ikonboard. A patch to fix the problem has been made available.

  • Two vulnerabilities have been reported in Informix Webdriver 1.0, the web interface for the Informix database. The first is a symlink-based vulnerability that can be exploited to arbitrarily delete files owned or writable by 'nobody'. The second can be exploited to gain access to the system's administration functions, allowing file deletion or database modification. No vendor response has been posted so far.

Updates

GnuPG web of trust circumvention. A couple of new GnuPG security problems were covered in the December 21st LWN Security Summary. A security patch against gnupg-1.0.4 was also issued.

Note that the original discussion mentioned two vulnerabilities but only discussed one of them, a problem with trust circumvention. Also fixed with the security patch was a problem with detached signatures, which could cause false-positive verifications.

This week's updates:

Previous updates:

fetchmail AUTHENTICATE GSSAPI bug. Check the November 16th Security Summary for the original report.

This week's updates:

Previous updates:
  • Red Hat (November 16th, 2000)
  • Red Hat, Alpha packages added for RH7 (November 30th, 2000)

GNU emacs inadequate PTY permissions vulnerability. Check the June 22nd, 2000 LWN Security Summary for the initial report of this problem, affecting GNU emacs 20.6 and earlier. GNU emacs 20.7 contains a fix for the problem.

This week's updates:

Previous updates:

Events

Upcoming security events.
Date Event Location
February 7-8, 2001. Network and Distributed System Security Symposium San Diego, CA, USA.
February 13-15, 2001. PKC 2001 Cheju Island, Korea.
February 19-22, 2001. Financial Cryptography 2001 Grand Cayman, BWI.
February 24-March 1, 2001. InfoSec World 2001 Orlando, FL, USA.

For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net.

Section Editor: Liz Coolbaugh


January 4, 2001

LWN Resources


Secured Distributions:
Astaro Security
Castle
Engarde Secure Linux
Immunix
Kaladix Linux
NSA Security Enhanced
Openwall GNU/Linux
Trustix

Security Projects
Bastille
Linux Security Audit Project
Linux Security Module
OpenSSH

Security List Archives
Bugtraq Archive
Firewall Wizards Archive
ISN Archive

Distribution-specific links
Caldera Advisories
Conectiva Updates
Debian Alerts
Kondara Advisories
Esware Alerts
LinuxPPC Security Updates
Mandrake Updates
Red Hat Errata
SuSE Announcements
Turbolinux
Yellow Dog Errata

BSD-specific links
BSDi
FreeBSD
NetBSD
OpenBSD

Security mailing lists
Caldera
Cobalt
Conectiva
Debian
Esware
FreeBSD
Kondara
LASER5
Linux From Scratch
Linux-Mandrake
NetBSD
OpenBSD
Red Hat
Slackware
Stampede
SuSE
Trustix
turboLinux
Yellow Dog

Security Software Archives
munitions
ZedZ.net (formerly replay.com)

Miscellaneous Resources
CERT
CIAC
Comp Sec News Daily
Crypto-GRAM
LinuxLock.org
LinuxSecurity.com
Security Focus
SecurityPortal

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Back page

See also: last week's Kernel page.

Kernel development


The current development kernel release is 2.4.0-prerelease. Linus announced the prerelease on Sunday, December 31st, his last official action for the year 2000. This will be the only prerelease; he promises that the next release will be 2.4.0. There will be a period of time before that release, of course, both for bug-fixes and to allow non-Intel architectures to "catch up" to all the latest features and fixes.

In the week leading up to the prerelease, development was hot and heavy. Test releases pre5, pre6 and pre7 all came out, and the dirty page lists issue was (hopefully) cleaned up. Fixes for problems in the prerelease, of course, are already pouring in.

One major change in the past week, preparing for the prerelease, was the integration of most, though not all, of Alan Cox's patches to the development kernel. These are generally driver updates, though some other features tested in the 2.2 kernel have been ported forward. Alan put out a merge status report, to bring people up-to-date on what has or has not been merged. After that, of course, he continued with his patches against the new prerelease, the most recent of which is 2.4.0-prerelease-ac4.

The current stable kernel release is still 2.2.18. Alan's latest prepatch is 2.2.19pre6.

Generic deferred file writing for VFS. Due to recent patches made to the kernel while tracing down the dirty page lists issues, Daniel Phillips noted that generic deferred file writing in the VFS was very close to being supported in the current kernel. Currently the kernel already does deferred data writing, meaning that modified data is not immediately written to the disk, but is instead deferred until a later time to allow optimization of writes, etc. With generic deferred file writing, applicable only under VFS, not just writing the data but the writing of the file itself could be deferred, including the disk mapping. The intent of this is to prevent metadata blocks (containing disk mappings) from hanging around in cache waiting for data. Instead, both the disk mapping and the data writing would be deferred, then done in a single flush, allowing for better optimization.

There are potential disadvantages, of course. Linus pointed out that proper error handling for common problems such as detection of quota overflows or even "out of space" messages is broken by this scheme. Unfortunately, the overhead in handling these issues correctly may negate the potential performance advantages. In a further post, he summarized his stance, "Don't get me wrong: I like the notion of deferred writes. But I'm also very pragmatic: I have not heard of a really good argument that makes it obvious that deferred writes is a major win performance-wise that would make it worth the complexity". The one exception he made to this was the possibility of making deferred writes a mount option, so people could choose to either support deferred writes and accept improper error handling as a consequence or, by default, not to use deferred writes.

None of this, of course, is under discussion for inclusion in the 2.4.0 kernel series. All of it is more fodder for the 2.5 development series.

Makefile redesign for 2.5. Keith Owens posted a long description of plans to redesign the kernel Makefile system. The current system has become unwieldy, performs poorly and is too easily broken. Some of the changes planned for the new system include the elimination of recursive makes and "make dep", the use of read-only source (allowing compilation from read-only media), proper reporting of errors and warnings, improved speed and overall simplication. Since a lot of delays over the last few months have involved Makefile fixes, this redesign will be welcomed.

Kernel Traffic issues release #100. Issue 100 of Kernel Traffic came out this week. We join in the congratulations; many thanks for this very valuable resource. For those of you unfamiliar with Kernel Traffic, it provides discussion summaries from the linux-kernel mailing list.

Other patches and updates released this week include:

  • Keith Owens released modutils 2.3.24 this week.

  • Keith also released ksymoops 2.3.6 with a note that the same version will be re-packaged as ksymoops 2.4.0 when the 2.4.0 kernel comes out.

  • An updated version of the stackguard patch, which enable the Stackguard version of gcc to compile the kernel, has been released for use with 2.4.0-prerelease.

Section Editor: Jonathan Corbet


January 4, 2001

For other kernel news, see:

Other resources:

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Back page

See also: last week's Distributions page.

Lists of Distributions
distrowatch
ibiblio
Kernelnotes
Linux.com
LinuxLinks
Woven Goods

Embedded Distributions:
3ilinux
Bifrost

BluePoint Embedded
Compact Linux
Coollinux
DSPLinux
ELinOS
ELKS
Embedded Debian
Embedix
Etlinux
FlightLinux
Hard Hat Linux
Jailbait
Linux/Coldfire
LEM
Midori
NeoLinux
OnCore Systems
PeeWeeLinux
RedBlue Linux
RedIce-Linux
Royal Linux
RTLinux
Tynux
uClinux
White Dwarf Linux

Handhelds/PDAs
Agenda-VR
Familiar (iPAQ)
Intimate (iPAQ)
Linux DA
PocketLinux
PsiLinux

Secured Distributions:
Astaro Security
Castle
Engarde Secure Linux
Immunix
Kaladix Linux
NSA Security Enhanced
Openwall GNU/Linux
Trustix

Special Purpose/Mini
2-Disk Xwindow System
Mindi Linux
SmoothWall

Floppy-based
Brutalware
BYLD
Coyote Linux
DLX
Fd Linux
Fli4l (Floppy ISDN/DSL)
floppyfw
Floppix
FREESCO
Linux in a Pillbox (LIAP)
Linux Router Project
LOAF
muLinux
Nuclinux
Proxyfloppy
ShareTheNet
Small Linux
Tomsrtbt
Viralinux_II

CD-based
BasicLinux
BBLCD Toolkit
CDLinux
Crash Recovery Kit
DemoLinux
Devil-Linux
Finnix
Gibraltar
innominate Bootable Business Card
Linuxcare Bootable Business Card
LNX-BBC
MkCDrec
RunOnCD
Sentry Firewall
SuperRescue
Timo's Rescue CD
Ututo
Virtual Linux

Zip disk-based
NBROK
ZipSlack

Small Disk
hal91
MicroLinux
--> Peanut Linux
PKLinux
Relax Linux
TA-Linux
Tomukas
ttylinux
VectorLinux

Wireless
Bambi Linux
Flying Linux

Hardware-specific
(ARM)
ARM Linux
(Beowulf)
Scyld Beowulf
(IBM)
Think Blue Linux
(Oracle's NIC)
NIC Linux
(PA-RISC)
PA-RISC Linux
(Playstation)
Runix
(PowerPC)
Black Lab Linux
LinuxPPC
MkLinux
Yellow Dog
(Sparc)
Splack
UltraLinux
(Older Intel)
ClarkConnect
Monkey Linux
TINY

DOS/Windows install
Armed Linux
DragonLinux
Phat Linux

Diskless Terminal
GNU/Linux TerminalServer for Schools
K12LTSP
LTSP
Pygmy
Xdenu

Distributions


Please note that security updates from the various distributions are covered in the security section.

News and Editorials

Debian Jr. Update. We've mentioned before the Debian Jr. project, which strives to make Debian an OS that children of all ages will want to use. The initial focus is children up to 8 years of age. Ben Armstrong has sent out a Debian Jr. update, with the current status of the project. Work is beginning on child-oriented menus, minimum system requirements are being ironed out, and categories for package lists are coming together.

Distribution Reviews

LinuxNewbie reviews Debian installation. This LinuxNewbie.org review looks at .deb packaging and the apt installer. "One of the reasons that Debian is such a cool and intuitive distribution is because of it's packaging system (*.deb). The installation uses a program called apt to download and install programs from cds, nfs, ftp, or http. Because of this, you can install an entirely current system from an old installation cd. The most remarkable thing about apt, however, is that it checks and maintains dependencies for you, so you do not need to go around hunting for libraries that you need before installing your favorite programs. Once you select a program to install, apt will check to see what other software is needed for it to work and then offer you the option of downloading and installing what else is required as well. This NHF should work for Debian, Stormix, Corel, and Libranet (I think)."

General-Purpose Distributions

Slackware.com compromised. Slackware announced that their main web site - slackware.com - was compromised on December 25th, forcing a shutdown of that site. A complete audit was performed, and backup files were restored. The break in appears to have been due to an older version of imapd, which had known security holes that have since been fixed. Slackware neglected to upgrade imapd on that system, but has now addressed the problem.

Debian Weekly News for January 2nd, 2001. Following the traditionally slow holiday season, an abbreviated Debian Weekly News has been published. The important notes this week include security updates for the dialog, stunnel and gnupg packages.

Kernel Cousin Debian #16 For 29 Dec 2000. Here's the Kernel Cousin #16, with some discussion of Debian package namespace conflict, Debian usability vs Mandrake and other topics.

Kernel Cousin Debian Hurd #73 For 27 Dec 2000. And here's the Kernel Cousin Hurd #73. Topics include Threading In The Hurd and the Status Of Hurd CD Installation Tools.

Debian bug report for December 29, 2000. Here's the current Debian Bug stamp-out list. Help stamp out bugs. Speaking of bugs, here's a good reason not to do source only uploads.

LinuxPPC 2000 Q4. The newest version of LinuxPPC has been released. LinuxPPC 2000 Q4 is the company's first three CD-ROM set.

New home for Vine Linux. Thanks to Bruce Harada we have a new url for Vine Linux. Visit Vine Linux in Japanese or Vine Linux in English.

Embedded Distributions

Coyote Linux embedded. Coyote Linux has been around as a floppy-based distribution for some time. Now here's a draft proposal for Coyote Linux embedded.

Mini/Special Purpose Distributions

VA Linux Sponsorship for Linux Router Project. The Linux Router Project (LRP) acknowledged VA Linux' generous support to help further LRP development, including funding and servers.

Section Editor: Rebecca Sobol


January 4, 2001

Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.


Leading
Caldera OpenLinux
Debian GNU/Linux
Linux-Mandrake
Red Hat
Slackware
SuSE
TurboLinux

Also well-known
ASPLinux
Best Linux
Conectiva Linux
e-smith

Progeny
Rock Linux

Non-technical desktop
easyLinux
Icepack Linux
Independence
LibraNet
Redmond Linux
WinSlack

Education
Boston University
kmLinux
LinuxFromScratch
OpenClassroom
Red Escolar

General Purpose
Alzza Linux
aXon Linux
Bad Penguin Linux
BearOps
Black Cat Linux
BluePoint Linux
BYO Linux
CAEN Linux
Cafe Linux
ChainSaw Linux
Circle MUDLinux
cLIeNUX
Complete Linux
Console Linux
Corel Linux
CRUX
Darkstar Linux
DLite
easyLinux
Elfstone Linux
ESware Linux
Eurielec Linux
eXecutive Linux
Fried Chicken
FTOSX
FullPliant
Gentoo
Go!Linux
HA Linux
Halloween Linux
HispaFuentes
IceLinux
Ivrix
ix86 Linux
J-LINUX
JBLinux
Jurix
KRUD
KSI-Linux
Lanthan Linux
Laonux
LASER5
Leetnux
Linpus Linux
Linux Cyrillic Edition
Linux MLD
LinuxOne OS
LinuxPPP
Linux Pro Plus
Linux-SIS
LNX System
LoopLinux
LSD
Lute Linux
MageNet
Mastodon
MaxOS
minilinux
MSC.Linux

NoMad Linux
Omoikane GNU/Linux
PingOO Linux
Plamo Linux
PLD
Project Ballantain
PROSA
Rabid Squirrel
Repairlix
Root Linux
Scrudgeware
Serial Terminal
Sorcerer
spyLinux
Stampede
Stataboware
TechLinux
TimeSys Linux/RT
Tom Linux
Trinux
Turkuaz
Ute-Linux
VA-enhanced Red Hat
Vine Linux
Virtual Linux
WholeLinux
WinLinux 2000
XTeamLinux
ZipSpeak

Country-specific
Argentina
GNU/Linux Ututo
Britain
Definite Linux
Eridani
China
COSIX
Red Flag
France
Linux/MNIS
Italy
LinuxEspresso
Madeinlinux
Vedova
Spain
Linux Esware
Thailand
Kaiwal Linux
Thai Linux Extension

Related Projects
Chinese Linux Extension

Historical (Non-active)
Dualix
Gentus
Giotto
MCC Interim Linux
OS2000
Storm Linux


   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Back page

See also: last week's Development page.

Development projects


News and Editorials

Revive an Old Project. The beginning of the new year provides a great excuse to step back and look over an old project, to evaluate the project's status and consider its future directions.

Like rooms full of physical stuff, over time, software projects have a tendency to end up with directories full of musty, seldom-used files. Now is a good time to pick up an old project, go in and stir things up, clean out the cobwebs and organize the old piles -- or would that be files?

Spend some time on that old project, go over all of the component pieces, clean out the old cruft, and add some new comments to the code that is no longer obvious. Simplify the code, and put some life back into the project. Remove parts that are no longer in use; consider removing support for DOS and VMS should it exist. Clean up the Makefiles. Consider adding the GUI that you've always wanted the program to have.

With a little bit of meta-work, you should be able to turn your dusty old program into a shiny new one.

Finally, don't forget to make the code available to the Open Source community.

Happy New Year!

Browsers

Galeon 0.8.3. Galeon version 0.8.3 is available. This version has several critical bug fixes, and a number of new features.

Education

SEUL/edu Linux in Education Report #36. The SEUL/edu group has released issue #36 of the Linux in Education report. Topics include more on tools for mathematical graphing, work on Debian-jr, and an introduction to Gunnar Stefansson's tutor-web project which is: "A unified system to replace my PowerPoint presentations, class handouts in Word or TeX, student quizzes, homework and mid-terms and a few other things."

Embedded Systems

Embedded Linux Newsletter for Dec 28, 2000. This week's Embedded Linux Newsletter is out, topics include hacking the Compaq iPAQ, an article on providing real-time services by Lineo's CTO Tim Bird, and more.

2001 Embedded Linux Market Survey. LinuxDevices.com has a survey for the 2001 Embedded Linux Market. "The survey asks developers of Linux-based embedded systems and intelligent devices to anonymously provide information about their applications, their embedded Linux OS requirements and preferences, and the perceived advantages and disadvantages of using Linux in embedded applications."

Network Management

OpenNMS Update Volume 2 Issue 1 (January 2nd, 2001). The latest issue of OpenNMS Update has been published. Along with updates on coding projects, topics include information on the CVS check-in procedures and an update to the Wish List.

On the Desktop

KDE Tutorials For Windows Converts?(KDE.News). KDE.News has published a discussion about the need for KDE Tutorials for Windows Converts. This sounds like a good thing in general, we look forward to some friendly competition in this area from the Gnome camp.

Do Interoperability Technologies Help or Hurt KDE Development?. In this article at Kuro5hin.org the author considers the implications of some recent developments -- namely, XParts and QGtkWidget.

10 questions with Miguel de Icaza (Linux Orbit). Linux Orbit interviews Helix Code's Miguel de Icaza. de Icaza: "To me, Helix was a continuation of the GNOME project. There are some tasks in the GNOME project that are not fun to do (like packaging of software, software updates, delivering the latest technologies) that are not easy to do with volunteers (Debian is a project that actually has managed to do this very well, but when we tried to do this within the GNOME project, we never managed to get this off the ground). Other large scale projects can be developed faster, and give our platform an advantage over proprietary software if they are done within the framework of a commercial company. "

Science

PDAMD: Why PDA? (LinuxMedNews). Linux Med News is predicting that the emerging Linux-based PDAs will become available in 2001 and will fill a void for PDA-based Open Source medical software.

Section Editor: Forrest Cook


January 4, 2001


Application Links
GIMP
Mozilla
Galeon
High Availability
ht://Dig
mnoGoSearch
MagicPoint
Wine
Worldforge
Zope

Open Source Code Collections
Berlios
Freshmeat
OpenSourceDirectory
Savannah
Le Serveur Libre
SourceForge
Sweetcode

   

 

Programming Languages


Java

Log4j delivers control over logging (IBM developerWorks). IBM's developerWorks takes a look at Log4j, in an article by Ceki Gulcu. "Log4j, an open source project, allows developers to control which log statements are output with arbitrary granularity. It's fully configurable at runtime by using external configuration files. Best of all, log4j has a gentle learning curve."

Perl

The Status Of The Perl Journal (Slashdot). Earthweb's recent sale of many of its properties to Internet.com, and its recent decision to stop the presses on The Perl Journal issue #20, have caused a lot of rumors and concerns. In truth, it appears we won't know the final outcome for a while. For the best information currently available, check Jon Orwent's status update, posted to Slashdot. "Since the future of the magazine is in doubt, I can't in good conscience greenlight proposals; I will not encourage an author to spend weeks writing an article when I know that it might never be printed. So I've told people who've asked what I know about the current situation: while EarthWeb has sold many of its properties to internet.com so that it can focus on "career services", it has not sold TPJ. However, EarthWeb has also made it clear that they don't want to publish TPJ any more".

Perl w3.pm module for cgi security. Tommy Butler has posted an announcement concerning his new Perl module, w3.pm, that aims to improve the security of Perl cgi-bin scripts by solving recurring parameter-passing problems. If you can contribute to this effort, please join in.

PHP

Apache Module Report (Security Space). Security Space has published a list of the modules used by Apache web servers and their frequency of use. It looks like PHP is on top with around 36% of the servers using it.

PHP Weekly Summaries for December, 2000. All four of the December, 2000 PHP Weekly Summaries have come out in one group. Check them out for the latest in the world of PHP, including the release of PHP 4.0.4.

Python

Dr. Dobb's Python-URL! for January 3rd, 2001. This week's Dr. Dobb's Python-URL! includes links to a number of articles from Alex Martelli that cover MediaPlayer, htmllib, classes and object oriented programming and gmpy 0.8. Other linked topics include practical HTML/SGML parsing in Python, regular expressions, an xreadlines implementation, the announcement of the 9th International Python Conference and sniffing HTTP traffic.

Python-dev summary, December 16-31, 2000. Here's the last Python-dev summary for the year 2000. The Python 2.1 release plans are discussed, as are module autoconfiguration and the need for help in bringing the Python FAQ up to date.

Jython 2.0 beta 1 released. Version 2.0 beta1 of Jython, the implementation of Python in Java, has been released. Some new installation features have been added and a few bugs have been fixed.

Ruby

Programming in Ruby (Dr. Dobbs). Dave Thomas and Andy Hunt introduce the object-oriented scripting language Ruby. "Take the pure object orientation of Smalltalk, but remove the quirky syntax and reliance on a workspace. Add in the convenience and power of Perl, but without all the special cases and magic conversions. Wrap it up in a clean syntax based in part on Eiffel, and a a few concepts from Scheme, CLU, Sather, and Common Lisp. You end up with Ruby."

Smalltalk

Making Smalltalk (Linux Gazette). Linux Gazette has published an introductory article on Smalltalk by Jason Steffler. "The target audience for this series are people new to OO or new to programming altogether. The intent is to not only introduce OO programming, but to also spread the fun of Smalltalking."

Tcl/tk

Dr. Dobb's Tcl-URL! for January 2nd, 2001. The weekly Tcl-URL! summary is now available. This week topics included using oval buttons, hints at combining Tcl with Qt, using Tcl with proprietary databases, and a tutorial on Tk graphing.

Section Editor: Forrest Cook

 
Language Links
Caml
Caml Hump
Tiny COBOL
Erlang
g95 Fortran
Gnu Compiler Collection (GCC)
Gnu Compiler for the Java Language (GCJ)
Guile
Haskell
IBM Java Zone
Jython
Free the X3J Thirteen (Lisp)
Use Perl
O'Reilly's perl.com
Dr. Dobbs' Perl
PHP
PHP Weekly Summary
Daily Python-URL
Python.org
Python.faqts
Python Eggs
Ruby
Ruby Garden
MIT Scheme
Schemers
Squeak
Smalltalk
Why Smalltalk
Tcl Developer Xchange
Tcl-tk.net
O'Reilly's XML.com
Regular Expressions
   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Back page

See also: last week's Commerce page.

Linux and Business


World domination in 2001?. Probably not. But in 2000, we've seen that Linux is taking over the server market becoming increasingly entrenched in the embedded market and in the high-end, high-availability, super-computing arena. So what's left? The desktop, of course.

Now the desktop for a personal computer is more than just a nice GUI interface, a good browser, office suites and other applications. It's all that and much more. In particular, it is an interface to good games. Many people who buy PCs do so just as much for the games as for the more practical applications. So, as we head into 2001, we'd like to take a look at the state of games for Linux.

Every good desktop needs a good solitaire package. The games included with KDE and GNOME provide that but, if that is not quite enough for you, check out the Open Source (GNU GPL) package PySol which should fill the gaps. Check out this GeekComics strip as well.

For those that want to purchase Linux games, we suggest checking out Tux Games. In early January 2000, they announced their decision to dedicate themselves to selling Linux games on-line and they are still out there with the same purpose. There are other outlets for Linux games, but few are as focused.

What games are available to purchase for Linux? Loki Software has ported or is working on porting several popular games to Linux, including "Heavy Gear II", "MindRover: The Europa Project", "Kohan: Immortal Sovereigns", "Myth II: Soulblighter", "Quake III Arena", "Sim City 3000 Unlimited" and many more. Of course, Loki is not the only developer of Linux games. It is becoming more common for game developers to make a Linux version of their new games available.

So far though, the number of titles available for Windows still dwarfs the titles available for Linux. Games may seem unimportant to some, but Linux will never achieve world domination until we are a true competitor in the gaming arena as well.

Hungry Minds, Red Hat Create Red Hat Press. Red Hat and Hungry Minds, the company formerly known as IDG Books Worldwide, have announced a joint title publishing agreement to produce books for Red Hat products.

Red Hat One of the Fastest-Growing Technology Companies. Red Hat announced that the company ranked Number 193 on the Deloitte & Touche Technology Fast 500, a ranking of the 500 fastest-growing technology companies in North America. Rankings are based on five-year percentage revenue growth from 1995-1999.

Perl WebStats from Gallant Technologies. Version 3.0 of Perl WebStats was released on New Year's day by Gallant Technologies. This is a major release and includes various object oriented feature enhancements, support for both GIF and PNG, a reduction in dependencies on external programs and a new template engine. Perl WebStats is licensed under the GPL.

Press Releases:

Proprietary Products for Linux

  • OTG Software (BETHESDA, Md.) announced DiskXtender for Linux, new storage software that supports the Red Hat Linux platform.

Products and Services Using Linux

  • eSniff, Inc. (DENVER) announced the availability of the eSniff 1100 Linux-based appliance, a plug-and-play hardware device designed to end the problem of computer network abuse.

Products with Linux Versions

  • Central Command Inc. (MEDINA, Ohio) announced that within the last 45 days more than 475,000 people have downloaded AVX virus protection software. The press release doesn't say how many are Linux versions.

  • Dirig Software (NASHUA, N.H.) announced that it has released a new Specific Application Manager (SAM) for proactively managing ColdFusion, the Web application server solution from Allaire Corporation.

  • Merlin Software Technologies (BURNABY, B.C.) announced the public release of Communicado FAX 4.0. This is a beta version, available for download.

  • The SCO Server Software Division (SANTA CRUZ, Calif. and SANTA CLARA, Calif.) and Allegrix, Inc., the ASP (Application Service Provider) infrastructure provider for the channel, announced the availability of the Allegrix ASP-in-a-Box Program for the SCO SSD reseller channel.

Java Products

  • Inprise Corporation (SCOTTS VALLEY, Calif.) announced that the most recent version of its cross-platform development environment written in entirely in Java, JBuilder 4, was selected as a finalist in the Software & Information Industry Association (SIIA) Codie Awards in the Best Application Development Product category.

Personnel

  • LynuxWorks, Inc. (SAN JOSE, Calif.) announced Albert McCabe has been promoted to vice president of worldwide sales.

  • NetSilicon, Inc. (WALTHAM, Mass.) announced that Richard C. (Dick) Andersen has been appointed Vice President of Engineering & Product Marketing. In this role, Andersen will direct strategy and product development efforts for NetSilicon's NET+Works solutions. Andersen, 51, will be responsible for expanding NetSilicon's product leadership in embedded systems, as well as developing and implementing NetSilicon's open source initiatives.

Linux/Open Source At Work

  • Jabber.com, Inc. (DENVER) announced that open source Jabber has been selected as the instant messaging service for the iWon portal.

Section Editor: Rebecca Sobol.


January 4, 2001

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Back page

See also: last week's Linux in the news page.

Linux in the news


Recommended Reading

IPOs will feel the chill in 2001 (Upside). Will the IPO market rebound enough to impact Linux? Upside took a look at IPOs in 2001. "High-tech's best picks in 2001 probably will be all about bandwidth, mobility, infrastructure, software and services that enhance e-commerce, Internet security, privacy protection and the like, says Manuel Fernandez, head of SI Ventures in Fort Myers, Fla., and chairman of the Gartner Group." Linux and Free Software will certainly be part of that mix.

Linux gaining with mission-critical systems (CNN). CNN carried a story this past week from CIO Magazine on the gains Linux has made in mission critical systems. "Within a week and a half, VA Linux had rewritten the kernel, and the data center has worked flawlessly since. And because Linux is open source, the improvement was made available to all Linux distributions. As such, it can benefit every Linux user, present and future. Of course, startup Netledger had the luxury of building from scratch -- not always an option for large brick-and-mortar companies. And while Durkee knows he took a risk with an unproven technology, he thinks his success has served as a proof of concept for established companies that are reluctant to take a chance with Linux on their mission-critical systems."

Pirates Beware: We're Watching (Wired). At midweek, Wired examined what movie and music companies are up against in trying to prevent file sharing ala Napster. "If you flip every bit in the MP3 (just invert it), then they wouldn't be able to recognize it. On the other end, just flip 'em back. Piece of cake to do; they'd have to update their software to check for the flipped bits," [spoke software programmer David Weekly.]

While the system might sound difficult, Weekly said that public key cryptography applications like Napster and Gnutella could build the encryption into upgraded versions. So users would have a seamless experience of file-trading, while the network tracking systems wouldn't know that infringing files had crossed the network."

Companies

Slackware.com compromised. After more than a week of silence, Slackware announced on Wednesday that their main web site - slackware.com - was compromised on December 25th, forcing a shutdown of that site to do a complete audit. That audit was completed on Wednesday prior to the announcement and backup files were restored. The break in appeared to have been due to an older version of imapd, which had known security holes that have since been fixed. Slackware neglected to upgrade imapd on that system. The site was up and running again at the time of their announcement.

Business

Transmeta to help AMD push into servers (News.com). According to C|Net's News.com, AMD is looking to Transmeta's Crusoe chip and a special version of their code morphing software to give software developers a jump start in porting applications to AMD's upcoming SledgeHammer chip. "The Sledgehammer simulator is crucial to AMD's plans to break into the lucrative server market. With a software simulation of the chip, developers can tweak their programs so they can release products when Sledgehammer emerges commercially in the first half of 2002. AMD will also come out with a version for desktop computers called ClawHammer, the company has said."

Resources

Linux fans still waiting for new kernel (News.com). C|Net recounted the planned releases for 2.4 over the past 2 years. "Torvalds said in June 1999 that Linux 2.4 would be done by last fall. In May 2000, Torvalds acknowledged that likely it would be October 2000 before 2.4 saw the light of day, since developers were attempting to cram more new, high-end features into the final release. On Oct. 6, at Frankfurt's LinuxWorld, Torvalds was quoted as saying Linux 2.4 wouldn't be launched until December at the earliest."

Reviews

Y2K and the Desktop Experience (Linux Orbit). This Linux Orbit piece looked at the Linux Desktop, how it changed in 2000 and how it might change in 2001. "As I stare into my GPL'd crystal ball, I see the new market of less-tech savvy, but more spend-happy, Linux converts driving the shape of desktop Linux to come. Basic economics will tell you that supply and demand are what drives an industry, and the new blood of the Linux community will drive development toward a more end-user friendly, less technical Linux. End users want ease, and are willing to pay for it. The companies that will have the most success will be the ones catering to that market."

Linuxiso.org reviews "The Process of Network Security". The book The Process of Network Security : Designing and Managing a Safe Network by Thomas A. Wadlow was reviewed by Linuxiso.org. "This book is written for network managers and administrators. Readers should also be familiar with computing and network processes and terminology. Divided into 16 chapters, this book has a good flow about it. The focus is on helping the reader to understand just what security is, what to do when a system is compromised, and how to protect these systems in the future."

The Linux Internet Dream (OS Opinion). This OS Opinion article discussed the widespread acceptance of Linux on the desktop. "Linux is currently going through the same stages the Internet did. It started off as a geeks-only area, but some very smart companies -- IBM and so forth -- saw the potential for the OS, just like very smart companies -- Netscape -- saw the potential for the Internet. These companies are the ones that are going to bring Linux to the home user. This business method has much in common with those early adopters that brought the Internet to the home user."

Abit KT7-RAID MotherBoard Review (LinuxLookup). Here's a review from LinuxLookup that ran this past week on the Abit KT7-RAID MotherBoard running Linux. "With Socket A motherboards now being almost a dime a dozen, Abit steps in with its contender, the KT7-RAID. This board packs a killer punch, and there is no question it is one of the top boards for Socket A processors. In the past, Abit has been quite innovative with its products, and the KT7-RAID continues this tradition. Lets see how this baby shapes up under Linux."

Socket A Boards Revisited: AOpen's AK73 Pro and Soyo's 7VTA-B (Signal Ground). Signal Ground posted an article on using Socket A motherboards with Linux. "It's unfortunate that UDMA66 and UDMA100 don't work "out of the box" on these boards yet, but that's hardly the fault of the Linux developers. It'd certainly be helpful if the specs were available to the general public (Vojtech told us that if they were, he'd have updated his driver already), but sometimes you can't have it all."

People

Reader's Digest European of the Year. Linus Torvalds was named the Reader's Digest European of the Year for 2000. "Torvalds had done something remarkable: he had created the kernel of a new computer operating system-the brains of a computer which controls the hardware and organizes the programs. Not only that, he had then given it away free, a decision akin to the Coca-Cola company publishing the formula for Coke, or MI5 releasing its top-secret files." (Thanks to Richard Storey)

Miscellaneous

The year of predicting dangerously? (ZDNet). ZDNet's Mary Jo Foley searched for a good prediction for Linux in 2001. "When I asked Stacey Quandt, Linux analyst at Giga Information Group, for her two cents, she proposed that 2001 be designated the "Year of Managed Services" for Linux. Hmmmm. It's plausible, although hardly sexy. Kind of like calling 1984 (and 1985, 1986, 1987... who's counting?) the 'Year of the LAN.'".

So Many Predict So Much (Wired). Here's a set of New Year's predictions which came from Wired News this past week. "Larry Sanger, editor-in-chief of Nupedia:
I believe the 'open content' concept is going to enter the public consciousness more fully this year. Currently, the concept is understood by only a handful of people online; by the end of the year, 'open content' could be nearly as much a common buzzword as 'open source' is now.
"

Linux Gazette #61 (Jaunary 2001) available. The January 2001 issue of the Linux Gazette was published earlier this week. Featured articles for January include

  • Linux On Your Desktop: Setting Up GNOME
  • Using the Wireless Modem Ricochet
  • Setting Up a Linux Laptop With No CD-ROM Drive
  • Plus other articles, the MailBag and News Bytes.

Servers: When I'm 64 (bit) (ZDNet). AMD will be looking to Linux for support of its 64-bit family, according to this ZDNet article. AMD is promising to debut its x86-64 platform, with four and eight way multi-processing, in the first half of 2002. "Microsoft isn't likely to build an operating system for these chips, so AMD is looking elsewhere -- namely to the Linux community for a 64-bit version of that operating system".

Section Editor: Michael J. Hammel


January 4, 2001

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Back page

See also: last week's Announcements page.

Announcements


Resources

DukeOfUrl Linux Buyer's Guide #7. This issue of the DukeOfUrl's Buyer's Guide looks at graphics cards.

Events

Less than 2 weeks until linux.conf.au. Early bird discounts have been extended until January 6.

RT and Embedded Linux Session. There will be a Linux Interest Group meeting devoted to Real-time and Embedded Linux at the next meeting of The Open Group's Real-time and Embedded Systems Forum on February 6th in San Jose. Speakers include Victor Yodaiken, Rick Lehrbaum and George Anzinger.

January/February events.
Date Event Location
January 17 - January 20, 2001. linux.conf.au University of New South Wales, Sydney, Australia.
January 21 - January 23, 2001. First Annual International Linux Plug Fest Sponsored by Linuxcare, Inc. Embassy Suites Hotel, Burlingame, CA.
January 23 - January 24, 2001. Linux Expo - Amsterdam Amsterdam, Netherlands.
January 23 - January 24, 2001. EuroZopeCon Amsterdam at Linux Expo Amsterdam, Netherlands.
January 29, 2001. New York Mozilla Developer Meeting CollabNet office, New York, NY.
January 30 - February 2, 2001. LinuxWorld Conference & Expo Jacob Javits Convention Center, New York, NY.
January 31 - February 2, 2001. Linux Expo Paris Paris, France.
February 3 - February 4, 2001. Open Source and Free Software Developers' European Meeting Brussels.
February 6 - February 8, 2001. Real-time and Embedded Systems Forum Doubletree Hotel, San Jose, California.
February 14 - February 16, 2001. O'Reilly Peer-to-Peer Conference Westin St. Francis Hotel, San Francisco, California.

Additional events can be found in the LWN Event Calendar. Event submissions should be sent to lwn@lwn.net in a plain text format.

Web sites

ShowMeLinux January edition. ShowMeLinux explores recent trends for some countries in Europe and Asia, as they boycott MS, and start to look at open-source media such as Linux as an alternative. The January edition also takes a look at the past, present and future of women in the IT field and ponders the current state of Linux training.

User Group News

LUG Events: January 4 - January 18, 2001.
Date Event Location
January 4, 2001. Edinburgh Linux Users Group (EDLUG) Holyrood Tavern, Edinburgh, Scotland.
January 5, 2001. Israeli Group of Linux Users (IGLU) Compaq building in Raanana, Israel.
January 8, 2001. Baton Rouge Linux User Group (BRLUG) The Bluebonnet Library, Baton Rouge, LA.
January 9, 2001. Victoria Linux Users Group(VLUG) University of Victoria, Victoria, British Columbia, Canada.
January 9, 2001. Long Island Linux Users Group (LILUG) SUNY Farmingdale, NY.
January 10, 2001. Toledo Area Linux Users Group (TALUG) University of Toledo, Toledo, OH.
January 10, 2001. Columbia Area Linux Users Group (CALUG) Topic: Computer Security Capita Technologies Training Center, Columbia, MD.
January 11, 2001. Phoenix Linux Users Group (PLUG) Sequoia Charter School, Mesa, AZ.
January 11, 2001. Boulder Linux Users Group NIST Radio Building, Boulder, CO.
January 13, 2001. Route 66 Linux Users Group La Verne, California.
January 15, 2001. Linux Users' Group of Davis (LUGOD) Z-World, Davis, CA.
January 16, 2001. Kansas City Linux Users Group (KCLUG) Kansas City Public Library, Kansas City, MO.
January 16, 2001. Bay Area Linux User Group Chinatown, San Francisco, California.
January 17, 2001. Linux User Group of Groningen Groningen, Netherlands.
January 17, 2001. Central Iowa Linux Users Group (CIALUG) West Des Moines, IA.
January 17, 2001. Arizona State University Linux Users Group (ASULUG) Tempe, AZ.

Additional events can be found in the LWN Event Calendar. Event submissions should be sent to lwn@lwn.net in a plain text format.


January 4, 2001

   

 

Software Announcements


Here are this week's Freshmeat software announcements. Freshmeat now offers the announcements sorted in two different ways:

Sorted by section and Sorted by license

 

Our software announcements are provided courtesy of FreshMeat

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Back page

See also: last week's Back page page.

Linux Links of the Week


When not to be good!. Need one final chuckle for the Christmas season? Check out this joke from Verlag Heinz Heise GmbH. Here is a translation in advance that you will need:

Have you all been good?

No!

Never!

Not at all!

Not a bit good!

Thanks to Fred Mobach for sending this in.

Section Editor: Forrest Cook


January 4, 2001

   

 

This week in history


Two years ago (January 7, 1999 LWN): The 2.2 Linux kernel pre-release series began; the stable release was pushing towards version 2.0.37. The Linux Kernel Archive mirror system was started with two mirror sites. There are now hundreds of Linux kernel archive mirror sites all around the world.

Numerous people predicted that Open Source software would be big in 1999; these predictions turned out to be accurate.

Info World speculated that "Linux will become just another Unix. The Internet lost its charm when big business discovered it. The same will happen with Linux. Linux will wipe out SCO and Unixware and gain ground against NT, but will lose its soul in the process". Well, they got the SCO part right, but Linux continues to have almost as much soul as James Brown.

Red Hat was getting lots of attention with its corporate expansion and potential of being a threat to the Microsoft empire.

The first issue of the Debian Weekly News came on-line; that project is still going strong.

Aladdin Ghostscript was released under a GPL license.

One year ago (January 6, 2000 LWN): Linux survived the Y2K bug with a few minor bugs here and there; so did the rest of the world. Several Linux distribution vendors came out with some additional Y2K bug fixes.

The cracking of the DVD encryption format was big news; Eric Raymond wrote a letter to LWN entitled DVDCA and the Big Lie.

The stable kernel was version 2.2.14, which was a bit long in coming. The development kernel was version 2.3.35. With Y2K concerns out of the way, the Unix Year 2038 bugs were beginning to get a look.

The first of many SEUL/edu Linux in Education reports came out; this group continues to produce good information concerning Linux in the schools.

Numerous commercial entities announced the open-sourcing of projects; among them were InterBase from Inprise, the CompactPCI networking package from MontaVista, and several device drivers.

VA Linux introduced its now-highly-successful SourceForge site which provided a home to many open-source projects. Apple announced the roll-out of its Mac OS X, a Free BSD based platform.

 
   

 

Letters to the editor


Letters to the editor should be sent to letters@lwn.net. Preference will be given to letters which are short, to the point, and well written. If you want your email address "anti-spammed" in some way please be sure to let us know. We do not have a policy against anonymous letters, but we will be reluctant to include them.
 
   
Date: Thu, 28 Dec 2000 23:06:22 -0700
From: Eric B <ewbish@theriver.com>
To: letters@lwn.net
Subject: MSNBC Thinks Microsoft is the underdog!

In the article: http://www.msnbc.com/news/508942.asp on MSNBC's website
the author states the following in regards to his top tech predictions
for 2001:  

 		   "Microsoft comeback: The Redmond giant
                   could become the thought leader on the Web as
                   it was for PCs. Microsoft will finally have most
                   of its .Net architecture in place next spring.
                   Based on what I've seen, it will have all the parts
                   in place for a viable platform for the
                   next-generation Web. It may take 12 to 18
                   months, but don't be surprised to see Microsoft
                   take the leadership role away from Sun, Oracle
                   and the Linux crowd. Click for more."

Apparently we already won and nobody told us.  I guess now we are
fighting to stay on top!
Eric Bueschel
-- 
Windows:  A 32 bit shell for a 16 bit operating system, originally
written for
an 8 bit processor on a 4 bit bus by a 2 bit company that can't stand 1
bit of
competition!
   
From: Anton Ertl <anton@a0.complang.tuwien.ac.at>
Subject: Yet more on Elevator algorithms and write ordering
To: letters@lwn.net
Date: Fri, 29 Dec 2000 12:54:25 +0100 (MET)

Matt Dillon writes:
>I'm afraid there is considerable confusion over write ordering in a
>filesystem.  The confusion stems from an assumption that dependant
>operations are queued to the disk device all together.

No, there is no such assumption involved.

>This assumption
>is not true of FFS with softupdates.  FFS with softupdates turned on will
>queue all *NON* dependant buffers to disk all at once and doesn't care
>in the least whether the kernel, the disk device, or the physical disk
>itself reorders the writes.  Dependant buffers are not queued until
>non-dependant buffers have completed their I/O's.

I would say "buffers they depend on" instead of "non-dependent
buffers", but otherwise, yes, that's how file systems currently try to
enforce write ordering constraints.

The problem is: how do they know that the I/O for a buffer is
completed?  A disk with write-caching enabled happily reports that it
has completed the I/O for a block when it has the block in its RAM
cache.  The disk driver and buffer cache then report I/O completion to
the file system, which submits the next batch of blocks.

These blocks may arrive at the disk while much of the earlier batch is
still in the cache, and then the reordering optimization of the disk
may write the blocks in an order that results in a file system
inconsitency.

You can see this effect with
http://www.complang.tuwien.ac.at/anton/hdtest/.  With write caching
disabled on the disk, the blocks are written in-order (i.e., the Linux
buffer cache does not reorder these accesses).  With write caching
enabled on the disk, the two disks I tested delayed writing one block
for as long as I tested (several seconds).  I wrote this test in order
to check some assumptions necessary for a log-structured file system I
was involved with.  I was not pleased with the result.

- anton


   
Date: Fri, 29 Dec 2000 10:02:45 -0800 (PST)
From: Matt Dillon <dillon@earth.backplane.com>
To: Anton Ertl <anton@a0.complang.tuwien.ac.at>
Subject: Re: Yet more on Elevator algorithms and write ordering

:I would say "buffers they depend on" instead of "non-dependent
:buffers", but otherwise, yes, that's how file systems currently try to
:enforce write ordering constraints.
:
:The problem is: how do they know that the I/O for a buffer is
:completed?  A disk with write-caching enabled happily reports that it
:has completed the I/O for a block when it has the block in its RAM
:cache.  The disk driver and buffer cache then report I/O completion to
:the file system, which submits the next batch of blocks.
:
:These blocks may arrive at the disk while much of the earlier batch is
:still in the cache, and then the reordering optimization of the disk
:may write the blocks in an order that results in a file system
:inconsitency.
:
:You can see this effect with
:http://www.complang.tuwien.ac.at/anton/hdtest/.  With write caching
:disabled on the disk, the blocks are written in-order (i.e., the Linux
:buffer cache does not reorder these accesses).  With write caching
:enabled on the disk, the two disks I tested delayed writing one block
:for as long as I tested (several seconds).  I wrote this test in order
:to check some assumptions necessary for a log-structured file system I
:was involved with.  I was not pleased with the result.
:
:- anton

    This will depend heavily on whether you are running SCSI disks or
    IDE disks.

    SCSI disks have an explicit bit that can be set to enable write
    acknowledgement prior to completion of the write.  I don't know about
    Linux, but FreeBSD turns that bit off.  The bit is usually off by default.

    SCSI disks also have an explicit ordering tag.  However, the ordering
    tag has been depreciated in the latest SCSI working standard.  Many SCSI
    disks ignore this tag anyway (which is probably why it is being
    depreciated). 

    IDE disks have historically shipped with this bit turned on... because
    IDE ops are serialized (tagged IDE ops are possible, but not really
    reliable).  In other words, IDE disks tend to lie about write completion.
    We found this out years ago when Kirk McKusick ran a bunch of filesystem
    tests with IDE and was tring to figure out why IDE drives seemed to beat
    out SCSI drives for certain tests.  The manufacturers are more interested
    in getting good benchmark results from the rotten IDE protocol then in
    filesystem recovery.  I'm not sure whether it is possible to turn the
    bit off for an IDE drive but since IDE is essentially a munged SCSI
    protocol over a substandard physical layer, it should be possible.

    This is one reason why nobody in their right mind uses IDE drives on
    critical production systems, not unless the drives are in a RAID cabinet
    with backup power and non-volatile ram.

						-Matt

   
Eklektix, Inc. Linux powered! Copyright © 2001 Eklektix, Inc., all rights reserved
Linux ® is a registered trademark of Linus Torvalds