![[LWN Logo]](http://old.lwn.net/images/lcorner.png)
![[LWN.net]](http://old.lwn.net/images/bigpage.png)
|
|
|
Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise
news for all interests
 Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page
Other LWN stuff:
Archives/search
Recent features: Here is the permanent site for this page. See also: last week's LWN.
|
Leading items and editorialsThe 2.4.0 kernel is out, finally. In a move timed to conflict badly with LWN's weekly edition publication cycle, Linus Torvalds announced the release of the 2.4.0 kernel on January 4. It has been a long wait, but the end product was well worth it. Much has been said about what's in this release: fine-grained locking (and thus better SMP scalability), Itanium support, 64GB memory support, devfs, completely rewritten firewalling, raw I/O, greatly increased device support, etc. Those looking for a comprehensive list of new features may want to have a look at Joseph Pranevich's Wonderful World of Linux 2.4 document. Some people have questioned whether this kernel is really ready for a stable release, considering that patches were going in at a steady rate right until the end. The answer to that question, simply, is that it is as ready as it could be made to be. All of the major problems which could be found by people who run development kernels have been found. There are certainly problems remaining in this kernel, but it is going to take a new, larger community of users to flush them out. Last October, LWN wrote about the need to get the user community involved in testing of software releases. There is a price to pay for the benefits of free software, and helping to find the last glitches is part of that price. But many people won't do that testing until they see a real release. Linus has explicitly recognized the need to widen the testing community in this way: But that's very different from having somebody like RedHat, SuSE or Debian make such a kernel part of their standard package. No, I don't expect that they'll switch over completely immediately: that would show a lack of good judgment. The prudent approach has always been to have both a 2.2.19 and a 2.4.0 kernel on there, and ask the user if he wants to test the new kernel first.
So 2.4.0 may not be perfect, but it was released at this stage for a reason. When the first silly problem turns up some will probably complain that it was rushed out for PR reasons, but that is certainly not the case. 2.4.0 was not "rushed" in any way. And it is quite stable for almost all those who try it.
--- jmc --- Linux, PDAs and the consumer. The Personal Digital Assistant - PDA - has become the indispensable device for the new millennium that the Apple II was to the spike haired world of the 1980's. Linux users are constantly on the prowl for ways to use their favorite OS with the latest portable device, from the popular Palm Pilot to the Compaq iPAQ handheld to the G.Mate Yopy. All of these devices come with standard notepads, address books, and calendaring tools. Some, like the iPAQ and Yopy, run either with Linux as their OS or can be installed with Linux while others, like the Palm, simply have various Linux-based tools for syncing data between the device and a Linux PC. Finding a PDA that runs Linux turns out to be simpler than finding software for syncing data between the PDA and the PC. The reason is not because syncing is hard to do - with the Pilot it's rather simple - it lies in the fact that marketing is only concerned with hardware sales. Software is free, and syncing to Linux-based PDAs often requires nothing more than the use of existing network tools. So how do we find out which PDAs will be preinstalled with Linux? You can start with the newly announced Linux/PDA Quick Reference Guide from LinuxDevices.com. This guide provides information on PDAs that use Linux as their internal operating system, Linux-based operating system packages that support multiple PDAs, plus a list of relevant articles for further reading. They also carry older articles on the same subject:
And what about news this week, you ask? Well, earlier this week Conversay announced they will incorporate their speech recognition and text synthesis engine into the Yopy. The completed product is expected to be released in the first quarter of 2001. And Agenda Computing, Inc. announced it would demonstrate its $199 Agenda VR3 Linux-based handheld during the Consumer Electronics Show this past week. Finally, Wired's look at the Consumer and Electronics Show (CES) in Las Vegas suggested that there is yet another Linux-based PDA on the horizon. The StrongARM based Linia, which sports 16MB of memory and 8MB of flash memory, runs Linux and comes from Royal Electronics. With all these PDA's floating around, where is the syncing software? You know, that software that lets you keep your PC in sync with your mobile data. For most Palm users the answer is simple: the Pilot-Link software tools handle the chore manually but gracefully. This is a set of command line tools, one each for Memos, Todo lists, and for transferring Palm database and program files in general, plus a lot of extras. The package is not very user friendly - no graphical interfaces. Fortunately, a slew of GUI-based tools also exist: JPilot, KPilot, GNOME-Pilot, and XNotesPlus, to name a few. Information for using the Psion is also available online. Most Linux-based PDAs (those which run Linux as their OS) tend to use regular network tools (rsync, ftp, and so forth) to transfer files to and from the device, so special software really isn't necessary. In fact, on some devices (like the Agenda) you can remotely log in to the system. The PocketLinux project will provide even more seamless integration between PC and PDA using Linux on the PDA along with Java (Kaffe) and XML. But what exactly does a PDA do? PDAs are simply mobile data folders. The data there still eventually ends up on your PC. That situation will remain for the foreseeable future, at least until internet appliances have reached a much larger level of acceptance by the general public. This week, a few more tentative steps were taken towards reaching that acceptance. The developers of the empeg car radio, JB Design of Petworth (United Kingdom) were selected to produce the PenguinRadio internet appliance for PenguinRadio, Inc. While satellite bandwidth may bring in higher quality audio streams, it remains to be seen if radio stations will be allowed to play them. In the true consumer mode, where the consumer will never know they have Linux, DaimlerChrylser showed us what cool will look like in the future. The auto maker introduced its newest concept car - the Dodge Super8 Hemi - at the North American International Auto Show. The buzz: Its Linux based multiple-PC Infotronic system is running Red Hat 6.2. "Each computer contains a miniature (PC/104 based) PC compatible computer board running Red Hat Linux 6.2. At the moment, the concept car prototypes contain large amounts of system RAM (128MB) along with multi-gigabyte disk storage, in order to ease the pain of the software developers." Linux and PDAs are good partners for many reasons, but for the consumer it's a toss up. On one hand the devices running Linux are plentiful, but on the other hand they aren't in production. On one hand software to sync devices exist, but on the other hand manufacturers don't explicitly support that software. That's too many hands, but then who ever said the Linux world didn't offer options? --- mjh --- Interview: Bruce Momjian. Thanks, once again, to Maya Tamiya of ChangeLog, we are happy to present this interview with Bruce Momjian, conducted at the Linux Conference 2000 Fall in Kyoto, Japan. Bruce, of course, is one of the PostgreSQL core developers and is also the Vice President of Database Development at Great Bridge. The interview covers a wide range of topics, including the current state of PostgreSQL, licensing issues, Great Bridge and corporate involvement with PostgreSQL in general, and much more. For those with low-bandwidth connections, there is also a low-image version of the interview available. The Filesystem Hierarchy Standard v2.2 is coming. The FHS is part of the the Linux Standard Base project; its purpose is to define the proper locations for files in the system. Application writers need to know where to find (and put) things if they are to write programs which work on multiple distributions, so this effort is important. The 2.2 revision specifies more things, cleans up some obsolete things, fixes mistakes, and generally is a more comprehensive standard. It is still far from complete, however; but completeness may not be a reachable goal. For example, there is still no specification of where boot-time initialization scripts should live - a major incompatibility between distributions, currently. At one point the LSB planned to resolve this kind of issue by specifying an "install init script" command instead of a file location. That is a perfectly good solution, but it does point out the need for a complete Linux Standard Base. The FHS is a good standard as far as it goes, and it has brought about some consistency between distributions. But it can't do the whole job. (See Rusty Russell's FHS page for information on the changes going into 2.2, or to download the entire document). Berlios software repository. LWN suggested that alternatives to Sourceforge - for the sake of competition - would be a good thing. Well, recently a new project at at the German GMD Institute has appeared, called Berlios (in German). According to our source, this project is the result of discussions between open source developers and government officials at the 1999 Wizards of OS conference. For more information in English, check the developer site instead. (Thanks to Florian Cramer). Technocrat.net shuts down. Bruce Peren's online magazine Technocrat.net is closing down. For the past year and a half the site has focused on technology policy in an attempt to educate policy makers as well as the general public on how technology should be viewed and how it should be used. It has developed a small but strong following; its founder, however, was evidently hoping for more. According to Bruce: I've not had enough time to run the site, and plans to fund a professional staff for the site fell through. Readership has gone low enough that there's no longer much reason to keep the site alive. Thus, I will no longer be accepting new articles or comments, and will take the site down in a week or so.
Technocrat was a valuable resource, and it will be missed. Inside this week's Linux Weekly News:
This Week's LWN was brought to you by:
|
January 11, 2001
|
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Security page. |
SecurityNews and EditorialsFree Intrusion Detection Software. Snort developer Martin Roesch sent us a note on the snort 1.7 release, bringing it to our attention because, with the new release, he felt snort now had a feature set competitive with commercial Intrusion Detection Systems (IDS). His note inspired us to go out to take a look at snort, its commercial IDS competitors, and other free software IDS systems. The commercial IDS systems we examined included products from Symantec, Cisco and ISS, just to get an overview of the common features included in these systems. Then we went back to snort, checking out its features, both old and new. With the addition of dynamic rules, a Statistical Anomaly Detection preprocessor, Oracle database support support (MySQL and PostgreSQL have been supported for some time) and more, we had to agree that snort is now comparable to its commercial competitors. What about free software competitors? We took a long walk through various software databases (Freshmeat, Appwatch, etc.) looking for free software intrusion detection systems other than snort. We found that the term "intrusion detection system" has many meanings. One common interpretation was monitoring data integrity: the detection of modifications to files on a system, which was pioneered by Tripwire. There are a lot of projects in that arena, samhain, AIDE, claymore and Toby IDS, to name a few. Then there was a scattering of others, such as LIDS, the Linux Intrusion Detection System. LIDS is actually a patch to the Linux kernel which brings Mandatory Access Control to Linux, allowing fine-grained control of file permissions (e.g., even root can't modify or delete files without the proper permissions), process permissions and more. LIDS 1.0.4 was announced this week, providing support for the just-released Linux 2.4.0 kernel. Various other projects termed "intrusion detection systems" provide monitoring of login behaviors, syslog replacements and other functionalities. So what definition of intrusion detection fits snort? From our reading of the webpage (and that of the similar commercial products we mentioned), snort is intended to detect network-based security attacks. Given this definition, it does not have many free software competitors. Worthy of note, however, is FreeVeracity. FreeVeracity claims to provide both data integrity (like Tripwire) and network intrusion detection. It is actually a version of the commercial product Veracity, from Rocksoft, released under the Free World License, a controversial topic in and of itself. Its intent is to provide a method whereby commercial companies can provide source code for their software freely to Linux and BSD users, yet restrict its use (and their licensing revenue) on commercial operating systems. Since it restricts the systems on which the covered software can be used, the FWL is not a free software license. So, take a look at your personal ideology. For the purists, snort is available and now more full-featured than ever. If you agree with the intent of the FreeWorld license (to promote free operating systems over commercial ones) and can live with its use of a Point-and-Click contract, you may also want to check out FreeVeracity. If neither yet meets your needs, then you'll need to continue using a commercial product, at least for now. Security ReportsReiserFS long-file-name vulnerability. Extremely long directory names under ReiserFS have been reported to cause the Linux kernel to crash. This bug is also potentially exploitable to gain local root access, though that has not yet been confirmed. In fact, the vulnerability itself has proven very difficult to reproduce. Nonetheless, both ReiserFS and VFS are getting an audit for this and possibly other buffer overrun problems. Patches to temporarily disable long directory names (just in case) have been made available. Check our coverage of this problem in this week's kernel page for more details and expect an update on the problem next week.Immunix reports tmp file race problems in twelve packages. Immunix sent out an advisory covering potential temporary file race conditions in twelve different packages that they uncovered as a result of a new warning message from glibc whenever mktemp(), tempname(), etc., is used. Affected packages include:
This week's updates: IBM HTTP Server denial-of-service vulnerability. A denial-of-service vulnerability has been reported in the IBM HTTP server, which is based on Apache. In turn, IBM's WebSphere product is based on the IBM HTTP server and is reported to also be vulnerable. The problem lies in the Apfa cache used in the IBM HTTP server. Disabling the Apfa cache is one work-around to the problem. Since Apache does not use the Apfa cache, it should not be affected. Check BugTraq ID 2175 for more details.cgi-bin scripts. The following cgi-bin scripts were reported to contain vulnerabilities:
Commercial products. The following commercial products were reported to contain vulnerabilities:
UpdatesSecure Locate buffer overflow. Check the November 30th, 2000 LWN Security Summary for the original report of this problem.This week's updates: Previous updates:
xchat URL handler bug. Originally reported in the August 24th, 2000 LWN Security Summary. Versions of xchat from 1.3.9 through and including 1.4.2 can allow commands to be passed from IRC to a shell. Check BugTraq ID 1601 for more details.This week's updates: Older updates:
perl/mailx. Check the August 10th, 2000 LWN Security Summary for details. This week's updates: Previous updates:
Red Hat umb-scheme permissions problem. Red Hat reported a file permissions problem with umb-scheme, believed to be Red Hat specific, in the August 10th, 2000 LWN Security Summary.This week's updates: Previous updates:
man/makewhatis vulnerability. A /tmp file vulnerability was reported in makewhatis versions 1.5e and higher. Check the July 6th LWN Security Summary for the original report.This week's updates: Previous updates:
GNU emacs inadequate PTY permissions vulnerability. Check the June 22nd, 2000 LWN Security Summary for the initial report of this problem, affecting GNU emacs 20.6 and earlier. GNU emacs 20.7 contains a fix for the problem. xemacs was not affected.This week's updates: Previous updates:
wu-ftp vulnerability. Check the June 15th, 2000 LWN Security Summary for the original report of this problem. An upgrade to wu-ftpd 2.6.1 should fix the problem.This week's updates: Previous updates:
openldap tmplink vulnerability. A tmplink vulnerability was reported in openlap the week of the April 27th, 2000. Check Red Hat Bugzilla ID 10714 for more details.This week's updates: Previous updates:
piranha. Issues with the piranha packages were covered in the main editorial of the April 27th LWN Security Summary.This week's updates: Previous updates:
ircii buffer overflow. On March 10th, a remotely exploitable buffer overflow was reported in ircii, an irc client, with all versions prior to 4.4M. Check the April 6th LWN Security Summary for our first report of this problem or BugTraq ID 1046 for more details.This week's updates: Previous updates:
gpm improper permissions handling. Improper permissions handling in gpm, the virtual console cut and paste utility and mouse server, was discussed in the March 30th LWN Security Summary.This week's updates: Previous updates:
ResourcesAnalysis of Auditable Port Scanning Techniques. Guido Bakker posted his whitepaper examining port scan methods, in particular, analysis of auditable techniques. EventsSummercon 2001. The announcement for this year's Summercon 2001 event has been released. Summercon 2001 will be held June 1-3, 2001, in Amsterdam, the Netherlands. This is the first year that Summercon will be held outside of the United States. In addition, a small fee for entrance will be charged and the press will be allowed to attend. Summercon is one of the oldest living security/hacker conferences, with origins tied to early years of Phrack Magazine. Upcoming security events.
For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net. Section Editor: Liz Coolbaugh |
January 11, 2001
LWN Resources | |||||||||||||||||||||||||||||||||||||||
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Kernel page. |
Kernel developmentThe current development kernel release is, well, actually, there is no development kernel release, and there will not be for some time (see below). Now that 2.4.0 is officially "stable," where is one to look for the bleeding edge? Options include 2.4.1, for which there is one prepatch release as of this writing. It is a very small patch which fixes problems seen by a few users. Those looking for something a little more adventurous will probably be more interested in Alan Cox's 2.4.0-ac5; he says: "Handle with care. I think the fs updates are right but I don't guarantee it." This patch contains an astounding number of fixes, many of which may wait some time before getting into 2.4 proper. The current (other) stable kernel release is 2.2.18. The 2.2.19 prepatch is up to 2.2.19pre7. Alan Cox has announced a new policy for 2.2 updates. From this point on, updates to drivers will only be accepted if the same update is also available for 2.4. The current ancient kernel release is 2.0.39, which was announced on January 9. This release was long in coming, and will probably be the last in the 2.0 series. 2.4.0 is out - now what? There is no shortage of kernel developers (and users) who are ready for the end of the 2.4 feature freeze and the beginning of a new development series. Some patience will yet be required, however; Linus doesn't expect to start accepting patches until well into the (northern hemisphere) Spring. In fact, he doesn't even want to see a whole lot of bugfix patches. This posting went out to describe Linus's approach to 2.4 patches: In short, releasing 2.4.0 does not open up the floor to just about anything. In fact, to some degree it will probably make patches _less_ likely to be accepted than before, at least for a while. I want to be absolutely convinced that the basic 2.4.x infrastructure is solid as a rock before starting to accept more involved patches.
The purpose here is to try to get away from a pattern seen with other stable kernels, where stability actually goes down for the first few minor releases. So, this time around, only the most important stuff will go in. There will also be no development series until 2.4 is truly wrapped up and passed on to another maintainer. Linus expects that, as with previous stable kernels, that will not happen for about four months. Says Linus: "In short, I'm hoping for a fairly boring next few months. The more boring, the better."
Zero-copy networking. Some developers are not content with a boring existence, and have started putting out interesting patches for future development kernels. Perhaps the most interesting is David Miller's zero-copy networking patch, which promises to greatly increase the performance of the Linux networking subsystem - which is already fast. Networking in Linux currently involves, at a minimum, copying all data between the kernel and the user process which produces or consumes it. Copying data takes time, of course; it also can clog up the CPU memory cache with useless data. What the zero-copy patch does is attempt to move network data directly between user-space memory and the network interface whenever possible. Such data never passes through the cache and need not be copied by the processor. This patch is a "proof of concept" release; it is not being proposed for inclusion in its current form. Instead, the idea is to get the peer review process going, see what sort of performance improvements really result, and find the problems. The initial indications are good; according to Ingo Molnar, "We can saturate a gigabit link with TCP traffic, at about 20% CPU usage on a 500 MHz x86 UP system." The implementation itself is a bit controversial, however. To do zero-copy I/O, the kernel must locate and lock the user process's data in physical memory. Stephen Tweedie's "kiobuf" infrastructure was developed to handle this task for the raw block I/O subsystem, but the zero-copy networking patch does not use kiobufs. Instead, the developers chose to implement their own subsystem which handles these tasks. Their reasoning is that the kiobuf structure is far too heavy for the needs of the networking code. Network connections are quick, numerous, and transient; the code that handles them also needs to be light and fast. The networking developers concluded that kiobufs did not meet these needs; so they went off and created something they liked better. In the resulting discussion it turns out that Linus does not like the kiobuf interface: And kiobufs can rot in hell for their design mistakes. Maybe somebody will listen some day and fix them up, and in the meantime they can look at the networking code for an example of how to do it. Given the source, this suggests that the kiobuf interface will likely see some major changes in the 2.5 development series, once it gets going. (Note that there is also an updated zero-copy patch for the 2.4.1pre1 kernel available). Security trouble with ReiserFS? A potential security problem with ReiserFS was reported this week. It seems that a buffer overrun problem exists, sometimes, when a directory with an exceptionally long name is created. Not everybody has been able to reproduce the problem, however. The source of the bug has not been positively identified as of this writing. It appears, however, that it may be in the virtual filesystem code, rather than in ReiserFS itself. A definitive fix is thus not available at this time. Chris Mason has released quick and dirty patches (which simply disable long directory names) for ReiserFS 3.5 and 3.6. Those who are especially worried about this problem may want to apply one or the other of the patches to close the vulnerability for now. Other patches and updates released this week include:
Section Editor: Jonathan Corbet |
January 11, 2001 For other kernel news, see: Other resources: |
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Distributions page.
Lists of Distributions |
DistributionsPlease note that security updates from the various distributions are covered in the security section. News and EditorialsThanks to Bernhard Bablok, we have three new CD-based distributions to add to our distributions lists. The first is Timo's Rescue CD set. It provides both a script for building your own Rescue CD and an ISO image, based on Debian 2.2, for those who just want to burn a quick rescue CD.SuperRescue is also a CD-based rescue system, dubbed "the most overfeatured rescue disk ever created". It is based on Red Hat 6.2, with many of the updates applied (but not all). BBLCD, inspired by BYLD, is less a distribution than a toolkit for building your own bootable CD, for whatever purpose, from your favorite distribution, presumably already pre-customized to your preference. It has been tested with SuSE 7.0, Red Hat 7 and Debian 2.2. Distribution NewsDebian GNU/Linux News. The latest edition of the Debian Weekly News has been published. This issue carries information on the first Debian Conference, a warning about Debian's versions of "tar" and "lilo" in the unstable branch, and a discussion on what should be deemed appropriate for the changelogs. In addition, it was noted that Debian's "unstable" tree now sports the new Linux 2.4.0 kernel. As a result, bug reports are starting to come in. Meanwhile, the "testing" and "stable" trees are not yet able to support the latest kernel. This week's Debian Kernel Cousin tracked several interesting conversations this week. Among them, a proposal has been made to make a new top-level package category, "Education", under which education-oriented packages could be stored. This met with fairly strong support, particularly since the Free Software Foundation is also working on a new Education system and the Debian Jr. project can be expected to deliver a lot of new software for this category. Kernel Cousin Debian Hurd for January 10th is also out. Linux-Mandrake News. A version of Linux-Mandrake tailored to run directly off of a CD is now available as Virtual Linux. "It is slower to boot than a normal hard disk installation, but when fully booted, applications work as they should, and you can save things on diskette as usual". For Linux-Mandrake 7.2, note that new versions of MandrakeUpdate and cvs have been made available. The new MandrakeUpdate fixed a bug where the severity of problems associated with updated packages was not properly reported. The cvs update now includes support for xinet by default. Slackware News. userlocal.com has published an article on Getting to know Slackware packaging tools. It looks at explodepkg, installpkg, makepkg, removepkg, upgradepkg and some other things every Slackware user should know. Embedded DistributionsuClinux 2.4 Kernel Now Available. Lineo, Inc. announced the release of the uClinux 2.4 kernel. uClinux is available for download under the terms of the GNU General Public License. Mini/Special Purpose DistributionsCoyote Linux 1.27. A minor update to Coyote Linux, a single-floppy distribution aimed at home users that want to safely share an Internet connection, was released this week. Coyote Linux 1.27 backs out the use of syslinux 1.50 and adds some additional security measures to the default firewall script. Pygmy Linux. A new UMSDOS-based mini-distribution, Pygmy Linux, showed up on Freshmeat this week with the announcement of Pygmy 0.7. We're not sure quite why Pygmy wasn't on our list before, but it has now been added. The latest release is the first update to Pygmy in a year. With it, Pygmy is now updated to use glibc2, ELF binaries and Linux 2.2.16. Pygmy is based on Slackware 7.1 with APM support and the kernel can be updated to use the latest Slackware kernel as necessary. Small Linux 0.7.5. Small Linux is a "micro" distribution, capable of running on a system with 3MB of memory or less. It comes on two or three floppies. Small Linux 0.7.5 is the first new release listed on Freshmeat since October of 1999. The new version uses BusyBox, a collection of tiny versions of common Unix utilities in a single binary, and has added route and ifconfig, along with other features. Note, also, that the home page for Small Linux has changed and it is also now available for download from Sourceforge. Section Editor: Liz Coolbaugh |
January 11, 2001
Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.
|
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Development page. |
Development projectsBrowsersMozilla 0.7 milestone released. According to the Mozilla Web site, the packages for the latest milestone release, Mozilla 0.7, are now available. The most important update here is the new PSM (Personal Security Manager), which is now available on Linux, Windows and the Mac. Additionally, files can now be drag-n-dropped as mail attachments and news reader problems with large newsgroup hierarchies has been fixed. (Thanks to Klaus Krtschil) DatabasesCompaq releases open source database benchmark, OSDB. Compaq has open sourced a database benchmark and placed the project under their Sourceforge hierarchy of open sourced projects. NASA switches from Oracle to MySQL (Federal Computer Week). A group at NASA's Marshall Space Flight Center has made the switch from Oracle to MySQL on their Acquisition Internet Service. "'We noticed an increase in [speed of] performance since the change and have not experienced any problems with the product', Clark said. 'We kept waiting for the other shoe to fall from the time we started investigating mySQL, but it never did.'" Embedded SystemsEmbedded Linux Newsletter for Jan. 4, 2001 (LinuxDevices). The latest edition of the Embedded Linux Newsletter has been published. Featured stories this week include the Philips USB controller, updates on TinyLogin for handling login and authentication on embedded systems, and Lineo's upgrade to its BusyBox utilities. An embedded Linux market survey is also included. GamesHissim History Generator (WorldForge). WorldForge documents the release of Hissim 2.2, a graphical population history simulator for use in game software. InteroperabilityWine Weekly News for January 8, 2001. The January 8, 2001 edition of the Wine Weekly News is out. News includes speed optimizations to the wineserver communications protocol, multimedia architectural changes, work on the DirectSound and DIB sections, and more. Mail SoftwareMailman 2.0.1 released. Version 2.0.1 of Mailman, the GNU Mailing List manager, is now available. "Mailman is software to help manage electronic mail discussion lists, much like Majordomo or Smartmail. Mailman gives each mailing list a unique web page and allows users to subscribe, unsubscribe, and change their account options over the web. Even the list manager can administer his or her list entirely via the web." Mailman is written in Python. Network ManagementOpenNMS Update Volume 2 Issue 2 (January 9, 2001). The latest OpenNMS Update is out. Information on where the OpenNMS group will be over the next month is included, along with the development of a software "road map" and other project status. Office ApplicationsLinuxOrbit reviews AbiWord. AbiWord, the word processing program by AbiSource is reviewed by Linux Orbit. "This article was written entirely in AbiWord, and the experience was overall quite pleasant. It has a familiar interface that allows a crossover user to just fire it up and get right to work, without the unpleasantness of learning a new scheme. Any user familiar with Word, WordPad, KWord or any other word processor for that matter, should not have to climb too steep a learning curve when using AbiWord for the first time." LaTeX: A diamond in the rough (ZDNet). In a Linux Opinion column this week, Evan Leibovitch explains the ever reliable and mature text formatting system called LaTeX (pronounced LAH-tek). "Like a C language program, LaTeX documents are created with your favorite text editor, looking a bit like raw HTML or WordPerfect documents in Reveal Codes mode. These files, when complete, are then run through a processor to create formatted output. The resulting "dvi" (device independent) binary file can be easily churned into PostScript, or PDF files, or X Window displays, or many other printer and typesetting machine formats." OpenOffice Bonobo Integration. OpenOffice.org has posted a white paper on the integration of Bonobo with UNO and the OpenOffice API, with a future consideration of integration with Mozilla's XPCOM. Eazel Newsletter, January 4th, 2001. Eazel has posted the January 2001 issue of their newsletter. Topics in this issue include an update on the Eazel Installer, Sun's adoption of Nautilus for Solaris, the second release of the Eazel Software Catalog, and Dell's interest in all things Eazel. Gimp 1.2.0 RPMs available. If you've been itching to easily try out the latest Gimp, the source and executable RPMs for Gimp 1.2.0 have been made available. The RPMs were built on a RedHat 6.2 machine. A Tutorial for Perl Gimp Users Updated for Gimp 1.2. Dov Grobgeld has sent us a pointer to the latest version of the Perl for Gimp tutorial. Good stuff for those of you who are writing Gimp scripts. On the DesktopWhich GUI To Go With? (ZDNet). Lou Grinzo walks new users through the Linux desktop from X to Eazel in this story from ComputerShopper. "The GUI on a typical Linux system begins with software known generically as X11. This is usually XFree86, a free program that lets applications display information in graphical mode. You can run it by itself, but bare-bones X11 is extremely primitive. Instead, you should run a window manager on top of X11 that offers a slicker appearance with more convenience features" From the Desktop: S Is For Sawfish and Shedding (Linux Planet). Brian Proffitt reviews Sawfish, the favored window manager for the GNOME desktop. "The level of control within the Sawfish Configurator is truly incredible. You can detail nearly every aspect about the look of your desktop--everything from theme selection to what the handle on the bottom right corner of your windows looks like." KDE 2.1 Release Schedule (KDE dot News). KDE dot News has posted a notice from David Faure, the KDE release coordinator, announcing the KDE 2.1 release schedule. The beta version should come out on January 29, 2001, and the official release is scheduled for release on February 12, 2001. Linux Accessibility Conference and KDE (KDE Dot News). There will be a KDE working group session at the Linux Accessibility Conference to be held in March in Los Angeles. Printing SystemsCUPS V1.1.5 updated source code available. An updated version of the CUPS V1.1.5 source code has been made available. This version includes some minor bug fixes and optimizations. ScienceLinux in Science Report #6. After a long absence, the Linux in Science Report has returned. This issue has an update to Chemsuite, Grace (a WYSIWYG graphing program), FREEGIS, and SciGraphica. Pete St. Onge also reports that SEUL is planning on having a booth in the .org pavilion at LinuxWorld Expo in NYC later this month. Web-site DevelopmentMidgard 2.0 development roadmap. Ami Ganguli has sent us the Midgard 2.0 Roadmap Mark II. The Midgard 2.0 system is tentatively scheduled for release in December of 2001. Section Editor: Forrest Cook |
January 11, 2001
|
|
|
Programming LanguagesJavaTechniques for adding trace statements to your Java application (IBM developerWorks). Andrei Malacinski discusses Java debugging techniques in an IBM developerWorks article. "In today's world of tight schedules and the constant demand for more function, developers often don't have the time, or don't take the time, to think about a debugging (or tracing) strategy. There are always more important things to code than debug statements. This article provides developers that strategy for free -- Java source code and all -- relieving them of the need to design and implement one of their own tracing strategies and allowing them to concentrate on their application's main logic. Two techniques are presented in this article, one for development-time tracing and one for run-time tracing." PerlWeblog 1.6 (webreference.com). Version 1.6 of Weblog has been released. "Based on your feedback, Weblog 1.6 includes several bug fixes, simplified installation procedures, better RSS 1.0 support, and better documentation. This tutorial walks through the new installation procedures and supersedes the previous Weblog tutorial." "Weblog is a simple browser-based interface for managing one or more RSS channels. It's also capable of generating HTML, Palm and WML files from the RSS file. Templates are included for HTML, Palm, and WML output so you can customize the output for your channels." Spork, Skud's Perl training Fork. A four day Perl Training class written by Skud, aka Kirrily Robert, is available from Sourceforge. PHPPHP Weekly Summary for January 9, 2001. Issues 18 and 19 of the PHP Weekly Summary are available. Topics include a bug in the array function, standard function naming schemes, Kerberos 5, OpenSSL extensions, and Korean PHP documentation. A new release candidate, PHP 4.0.4pl1 RC1 is also available. PythonHow to Think Like a Computer Scientist, Python version(Andamooka). Allen B. Downey, Jeffrey Elkner and Moshe Zadka have written an online book on learning Python. The book is aimed at beginner level programmers. Tkinter 3000. The Tkinter 3000 project has released a sneak preview of the Widget Construction Kit (WCK) for Python. "The Tkinter 3000 project attempts to create a better (faster, smaller) Tk interface, and provide ways to extend the Tkinter library with new widgets, geometry managers, and more. The new design is mostly compatible with Tkinter, as shipped with Python 1.5.2." The Snack Sound Toolkit v2.0.5 (deja.com). A new release of the Snack Sound Toolkit for Python is available. "Snack adds commands to play, record, and process sound and supports in-memory sound objects, file based audio, and streaming audio. It handles fileformats such as WAV, MP3, AU, AIFF, and NIST/Sphere." Tcl/TkDr. Dobb's Tcl-URL! - weekly Tcl news and links (Jan 8). Dr. Dobb's Tcl-URL! for January 8th has been released. This week's edition includes links to articles on GPLed network administration, how to build Tcl/Tk on Cygwin, and how to change all of the fonts in an application at one time. Tcl Wrapping Utilities. Dennis LaBelle has released freeWrap 5.0 b1, a program that converts Tcl/Tk scripts into a single binary file, and freeDelivery 2.0, a program that uses freeWrap to assemble files for installation on another computer. Software Development ToolsSGI releases dmSDK as open source (Yahoo). According to a press release from SGI, the source for SGI's dmSDK, the Digital Media Software Development Kit, has been released mostly as open source with packages falling under the GPL or LGPL license. Some of the sample programs are released under the SGI open source license. This is version 2.0 of the kit and it is available for both Linux and SGI IRIX. dmSDK is comprised of various SGI predecessor API's including the Video Library (VL), the Audio Library (AL), Digital Media Image Converter (DMIC), Digital Media Audio Converter (DMAC), and the Compression Library (CL). Section Editor: Forrest Cook |
Language Links Caml Caml Hump Tiny COBOL Erlang g95 Fortran Gnu Compiler Collection (GCC) Gnu Compiler for the Java Language (GCJ) Guile Haskell IBM Java Zone Jython Free the X3J Thirteen (Lisp) Use Perl O'Reilly's perl.com Dr. Dobbs' Perl PHP PHP Weekly Summary Daily Python-URL Python.org Python.faqts Python Eggs Ruby Ruby Garden MIT Scheme Schemers Squeak Smalltalk Why Smalltalk Tcl Developer Xchange Tcl-tk.net O'Reilly's XML.com Regular Expressions |
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Commerce page. |
Linux and BusinessTurbolinux to sell IBM Linux-based software. IBM continues to cooperate with the Linux community and expand its own business in the process, as in this agreement with Turbolinux. Under the agreement the companies will market, distribute and support IBM's DB2 database, WebSphere, Lotus Domino, Tivoli Framework and IBM's small business suites for Linux. This enhances Turbolinux' total business package and should increase sales of its hardware and its support packages to customers who want a total business solution. IBM is in the same business and might have gone after these same sales but if they can't sell the complete package, at least they can sell software. Also those customers who get the IBM software products through Turbolinux may turn to IBM for future projects. For the Desktop, SlickEdit, Opera and more. MicroEdge, Inc. announced the availability of Visual SlickEdit v6.0 for UNIX. Supported UNIX platforms include Linux, Solaris (Sparc and x86), Sun OS, AIX, HP-UX, IRIX and SCO. The Opera Communications Manager, Pal Hvistendahl, wrote to let us know that the latest beta release of Opera for Linux, V4 Beta 5, has been released. Debian and RPM based packages are available for both Intel x86 and PowerPC platforms. The Ten Thumbs Typing Tutor 2.2 has just been released by Runtime Revolution Ltd, with new multi-user network capabilities and support for the Linux platform added to the existing support for Macintosh and Windows operating systems. Metro Link, Inc. demonstrated residential gateway and appliance connectivity software that supports the Universal Plug 'n Play (UPnP) standard at the Consumer Electronics Show (CES). VistaSource, Inc., a subsidiary of Applix, announced the release of Anyware 2.0, which includes the seperate Anyware Desktop (formerly Applixware Office) and the Anyware Application Server products. While not desktop software, the new Apple Darwin-based Mac OS X operating system was announced at MacWorld this week. The new desktop OS will officially ship on March 24th, and will be offered at a suggested retail price of $129. Loki to publish Rune, Heavy Metal. Loki Software announced an agreement with videogame publisher Gathering of Developers to bring the PC games Rune and Heavy Metal: F.A.K.K.2 to Linux early this year. theKompany.com Releases BlackAdder. theKompany.com announced the release of BlackAdder, its Windows/Linux GUI development environment for Python. Hitachi, Xybernaut, others to cooperate for WIA. Hitachi, Shimadzu Corporation, Colorado MicroDisplay, Inc. and Xybernaut Corporation announced that they will cooperate to explore business opportunities in the field of Wearable Internet Appliances (WIA). NSA Releases Prototype Security-Enhanced Linux System. The NSA has released an ultra-secure version of Linux. "'If successful in our strategy, the Linux community would assume ownership of this technology and we would continue our involvement with the community that will maintain it,' an NSA spokesperson said." The new release is not based on the newly released 2.4 kernel, but work is being done to bring the security enhancements to the more current kernel. Lineo and Tao Announce Multimedia Networked Client Devices Platform for Embedded Linux. Lineo, Inc. announced a partnership with the Tao Group that will allow Lineo to include high-performance, compact embedded Java solutions for multimedia platforms with Lineo Embedix SDK developer tools. Legend Computer, Cyrus InterSoft Deploy Linux-based Internet Appliances in China. Legend Computer and Cyrus InterSoft, Inc. have announced a formal technology alliance to design and build network appliances using Legend's Happy Linux embedded operating system and Cyrus InterSoft's Internet Operating System, Speiros. SourceForge.net Supports 100,000 Developers in First Year of Service. Open Source Development Network, a division of VA Linux Systems, Inc. announced that SourceForge.net now supports over 100,000 registered users and over 13,000 projects. Linux Stock Index for January 4 to January 10, 2001.
LSI at closing on January 04, 2001 36.45
The high for the week was 37.19
Press Releases:Open Source ProductsUnless specified, license is unverified.
Proprietary Products for Linux
Products and Services Using Linux
Products with Linux Versions
Java Products
Books and Training
Partnerships
Investments and Acquisitions
Personnel
Linux At Work
Other
Section Editor: Rebecca Sobol. |
January 11, 2001
|
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Linux in the news page. |
Linux in the newsRecommended ReadingReview: AMD Duron 750 (SignalGround). The AMD Duron is to AMD's Athlon what Celeron is to Pentium III - fast but cheap. SignalGround took a look this past week at the new value line of processors from AMD and explained - briefly - how to get Linux to make the most of these new processors. "If compiling a 2.2 kernel for the Duron, your safest bet is to choose "Pentium/K6/TSC" for your processor type. When compiling 2.4, you'll find a selection titled "Athlon/Duron/K7". This will enable a flag that tells the compiler to use all of the K7-core optimizations (including 3DNow) that are supported by the compiler." A Roundtable on BSD, Security, and Quality (Dr. Dobbs). Dr. Dobb's reported on a roundtable discussion on BSD held at at the recent USENIX Security Symposium 2000. The participants included BSD luminaries Theo deRaadt (OpenBSD), Todd Miller (OpenBSD), Angelos Keromytis (OpenBSD), and Warner Losh (FreeBSD). Theo deRaadt noted, "As we keep on looking at source code, we find that most people can't write more than twenty lines of code in C. They make mistakes that matter twenty years later, that become security holes, buffer overruns, races, misuses of the API. Misuses of the API is the killer. Calling them and thinking they work one way but they don't. strncpy(), strncat() ... no one knows how they work." Linux 2.4 CoverageLinux 2.4: It's here! Now what? (ZDNet). ZDNet's AnchorDesk UK likened the switch from 2.2.x to the new 2.4 kernel to going from Windows 98 to W98 Second Edition. "Even after Linux 2.4 ages well, most users won't get that much more from it anyway... Besides, if you're serious about business Linux, you need the support of serious Linux vendors. Except for SuSE, they -- Caldera Systems, Red Hat and TurboLinux -- aren't going to be releasing 2.4 kernels for their commercial products for a while yet." Linux 2.4 unmasked (LinuxDevices.com). LinuxDevices.com provided some perspective on the new features contained in the Linux 2.4 kernel, and pondered where Linux is most likely to be five years from now. Linux 2.4 Businesses' Enterprising Plans (ZDNet). ZDNet examined the plans SuSE, Turbolinux, Caldera and Red Hat have for the 2.4 kernel. "2.4 will be at the core of all future commercial Linux operating systems. As a Red Hat representative comments, with 2.4's improved Symmetric Multiprocessors, which enables it to be optimized for machines with up to eight processors, Linux is much "closer to Solaris and HP/UX with a much lower price tag." Linux 2.4 is also the basis of the vendor's efforts to port Linux to Intel's 64-bit Itanium chip." Why We Should All Test the New Linux Kernel (Advogato). This Advogato article encouraged people to test the 2.4 kernel. "A lot of people will have their very first experience with Linux by purchasing a $29 CD distribution 'just to check it out'. For many of them, the brand-new 2.4.0 kernel will be what they get, and it's very important that they have a positive experience with it. Every bug found by an Advogato reader is a bug that's not found by a couple of thousand novice Linux users who might not come back for more." (Thanks to Jay R. Ashworth) Vaporware? Ha! Linux 2.4 Arrives (Wired). Yet another take on the 2.4 release came from Wired Magazine. "[LinuxMall's Mark] Bolzern thinks people need not to fret so much about release cycles. 'What's happening is everyone is being driven by the misperception that's been pushed on them by Microsoft and their ilk of needing to have the latest and greatest,' he said. 'Hardware and software upgrades are driven by the latest whiz-bang features that who uses?'" PC makers prepare to load Linux 2.4 (ZDNet). While anyone can download the newly released 2.4 kernel, consumers wanting pre-installed hardware will have to wait at least 60 days according to this ZDNet article. "Red Hat is our partner for Linux, so as soon as (2.4) is available in Red Hat's Linux distribution, it will be made available to our customers," said David Graves, Dell's spokesman for Linux. Other vendors are expected to follow suit, waiting for their distribution partners to integrate 2.4 with their distributions. In a separate article also on ZDnet, Red Hat's director of corporate public relations Melissa London said it will be a matter of months, not weeks, for a 2.4 distribution. And Turbolinux spokesman Craig Oda says "We don't expect the 2.4 kernel to be really stable for the enterprise until at least version 2.4.4." Kernel 2.4 coverage. And as you might have expected, there was plenty of other news on the 2.4 release this past week. Not surprisingly, not everyone has something original to say. Here is a summary of the other articles we saw.
CompaniesSEC probes IPO of VA Linux (ZDNet). The probe into possible improper transactions related to the VA Linux IPO intensified. Two small investment funds, GLG Partners and Chelsey Capital, are being investigated for possibly having received unusually large shares of the IPO in exchange for higher than normal commissions on other transactions. Why an AMD-Transmeta marriage could work (ZDNet). ZDNet speculates on how an AMD/Transmeta unification could upend the 800-pound gorilla (Intel). "Diversification. The two companies combined would fill some key gaps. AMD is reliant on flash memory (a very volatile market) and PC processors (a cyclical sector). Transmeta is banking on laptop processors initially, but doesn't have a lot of agreements with original equipment manufacturers (OEMs). Transmeta's real meal ticket -- information appliances -- may be years away. A merger would give the combined company diversification, but the type that would still keep AMD out of Intel's way." BusinessDelphi Automotive takes Red Hat's "un-Linux" for a ride (LinuxDevices.com). LinuxDevices.com took a closer look at Delphi Automotive's speech-based PDA/cellphone system known as the Mobile Productivity Center (MPC). The system uses Red Hat's other OS - eCos. Sun makes headway toward StarOffice 6 (ZDNet). StarOffice 6 still lacks a defined schedule, according to this ZDNet piece, but Sun management for the project are hoping for a 3rd or 4th quarter release. StarOffice 6 will include the final XML file format. It will also include Asian language support (completing Sun's "localization" road map) as well as a number of feature enhancements to each of the components. "But exactly what enhancements will be added for this version is still under discussion with engineering," [Iyer Venkatesan, senior product manager for StarOffice] said. Online music distributor turns to Linux for 10TB storage system (ComputerWorld). eMusic.com is storing its vast collection of music on a 10Terabyte Linux-based storage system from BigStorage, Inc. "The technology isn't designed for mission-critical storage needs because it lacks some redundancy features and the high speeds of other storage systems, Bogach said. Instead, it's aimed at large-capacity storage applications in which low cost and ease of use are the priorities." ReviewsGetting to know Slackware packaging tools (UserLocal.com). UserLocal.com took a look at Slackware's packaging tools, from explodepkg to installpkg, from makepkg to upgradepkg. "Both installpkg, removepkg and upgradepkg support an environment variable called ROOT that points to the root directory to use when installing or removing packages. This is not something you'll generally use, but it can be useful if you need to install packages to another hard drive/partition or stuff like that." Review: Terminus (Funky Penguin). Funky Penguin carried a detailed and image intensive review of the multi-platform space simulation game Terminus. "The game world and available technologies are well thought-out, and well documented in the extensive manual. A good deal of the manual explains the history of the game world, the political background of its organizations, the companies that designed the game's fighter ships, and how the market received them." Interviews and PeopleHe created Microsoft's biggest rival - and then gave it away (Readers Digest). Readers Digest made Linus Torvalds its European of the Year. "Linux-the only successful computer operating system yet created outside the US-has become an international phenomenon. Top officials at Bill Gates's Microsoft Corporation worry that it is becoming a direct threat to their company's dominant position in the software market. Torvalds himself is lionized by computer aficionados around the world. To them, he is instantly identifiable, like Madonna or Elvis, by just a single name: Linus. " (Thanks to Luc) Father of Linux is ready to party (ZDNet). Mary Jo Foley talked to Linus Torvalds about the 2.4 release. "The big things that Linux brings, regardless of version, is the fact that you can tailor it to your needs, you're not bound by any particular vendor, and you can rest safe in the knowledge that there are no backdoors, etc. For those big kinds of things, the new release doesn't matter one whit." Mandrakesoft CEO defends Linux (Upside). MandrakeSoft CEO Henri Poole defended his company's product from the suggestion that Linux distributions are bloated in this Upside interview. "We're trying to make it easy for people," Poole says. "Whether it be desktop or servers, there are a lot of people in a situation where they want it to be easy. They're sysadmins. They want a server. They want a set of desktops for their users, and they want to get it up and running quickly. Just because they know how to interface with the computer by command-line, doesn't mean they wouldn't prefer something easier." GNOME in "AntiTrust", the movieGNOME goes Hollywood. In a story that got more airplay than it probably deserved, the trailer to the upcoming movie Antitrust includes screen shots of GNOME in use in the movie. Linux to star on silver screen (News.com). News.com expanded on the story reporting that in the movie film Antitrust, Miguel de Icaza does indeed get a cameo spot in the flick. Originally offered to Jon "maddog" Hall (who had to decline due to prior commitments), the cameo will have Miguel presenting the films hero with an open source award. "Already, members of the open-source community are salivating over the film's release. They've flocked to the official MGM Web site to bash Microsoft and extol the virtues of open-source software. The forums there read more like postings on the open-source news Web site Slashdot than the starstruck opinions that often appear on such sites. Some postings urge people to switch to Linux. Others offer tech support." MiscellaneousScreen Wars (Newsweek). MSNBC carried a Newsweek article comparing Eazel's Nautilus with both MacOS X and Microsoft's .Net interface. Screen shots of all three with short feature descriptions were provided. "What's interesting about Eazel's software, called Nautilus (now in "preview release"), is not how it tries to tame Linux, but the improvements it attempts on the good old GUI. It offers Web-style navigation. It allows varying levels of complexity, from novice to expert. Most striking is the presentation of files, which are displayed in a way that quickly indicates their contents. A folder of music might look like an album cover; view the files inside and they are listed like songs on the back of a CD. And then a pop-up mini-player appears so you can play the songs." Developer Kings (ZDNet). In this opinion piece from ZDNet, developers are said to be the new kings in the IT world, and IT bosses are only reactionary. "It used to be that the corporate Chief Information Officer, the information technology (IT) manager and other blended business/technology managers held the keys to economic power. But they are being cast into a reactive mode as developments on the Internet start to out pace local ideas." Is There An open-source solution? (TechWeb). TechWeb carried an InformationWeek article on the movement of open source into IT departments, often without upper managements knowledge. Mico (an open source Corba implementation) and Squid (a proxy-caching server along with FreeBSD, MySQL and PHP are used as examples. "US West started using Netscape Proxy Server several years ago to allow employees remote access to the company LAN but switched to Squid because it was faster and more reliable. In October, at the third annual Web Polygraph "Cache-Off," a performance-testing event where proxy-caching products are given performance evaluations, Squid compared favorably with a field of mostly far more expensive commercial alternatives." Linux in 2000: Novelty no more (ZDNet). The Anchordesk, featured on ZDNet, took a look at Linux in 2000 and how the upstart OS has matured. "Most of this year's news has been good for those who maintain that Linux (and open source in general) is an acceptable choice for corporate computing. The desktop breakthrough remains distant, even unattainable, despite significant strides. Still, Linux has established itself as more than just a plaything of academics, hobbyists, and dot-coms -- and it's done so without squandering some of its core values such as not releasing a product before it's of acceptable quality. The year 2000 didn't see a major release of a new kernel because, well, it simply wasn't ready yet." Apple Widens Mac OS X Code (Wired). Wired examined the new Apple Public Source License (APSL). "A spokesperson for the Apple Open Source Development team said that the license was rewritten to respond to comments received from developers working on the project, and also to streamline and clarify the wording of the APSL license. " Mojolin employment database adds international support. The Open Source-centric job database, Mojolin, added support for localizing listings of job positions and resumes. Searches can also be done by country, state, and province in the US and Canada. Section Editor: Michael J. Hammel |
January 11, 2001 |
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Announcements page. |
AnnouncementsResourcesRMS Becomes CEO of FreeDevelopers.net. Richard Stallman, philosopher and founder of free software, has accepted the position of Chief Ethics Officer at FreeDevelopers. Runaware and SlashTCO partner to bring Linux-based software to the workplace. Runaware, an "Evaluation Service Provider" for software vendors and consumers, announced a partnership with SlashTCO, a U.K.-based open source services provider, to promote Linux awareness and provide complete education of Linux products through online testing and supplementary resources to help research, evaluate and download Open Source products and applications, backed up by a range of training and support options. LinuxInAfrica mailing list. Johan Hartzenberg has set up the LinuxInAfrica mailing list. This list is intended for anyone in Africa who is using or interested in using Linux. EventsLinuxcare Sponsers Australian Linux Conference. Linuxcare, Inc. has announced its sponsorship of linux.conf.au, coming to Sydney, Australia January 17 - 20, 2001. International Linux Plug Fest. The First Annual International Linux Plug Fest has extended the registration deadline to January 12, 2001. The Plug Fest will be held in Burlingame, CA, January 21 - 23, 2001. Linuxworld Conference & Expo. IDG World Expo released a preview of what attendees can expect at the upcoming LinuxWorld Conference & Expo, January 30 - February 2, 2001 in New York. SGI Global Developer Conference. SGI is hosting a developer conference in March, 2001 on Linux and IRIX development. There will be a discussion of SGI's Linux efforts. March 19 to 22, 2001 in Burlingame, California, USA. XML DevCon Spring 2001. Here's an announcement about the technical program at XML DevCon, coming April 8 - 11, 2001 at the Marriott Marquis, New York City. 1st annual PHP Conference. O'Reilly & Associates announced the 1st annual PHP Conference. The conference will be part of the O'Reilly Open Source Convention alongside the 5th annual Perl Conference at the Sheraton San Diego Hotel and Marina, San Diego, California, July 23-27, 2001. January/February events.
Additional events can be found in the LWN Event Calendar. Event submissions should be sent to lwn@lwn.net in a plain text format. Web sitesMojolin employment database adds international support. The Open Source-centric job database, Mojolin, has added support for localizing listings of job positions and resumes. Searches can also be done by country, state, and province in the US and Canada. User Group NewsLUG email list looking for a home. David Hartley, Coord-Instigator of the Laurel MD USA Linux Users Group is looking for a sponsor to host the LUG email list (and/or web site). Email David at penguin@linuxweb.org if you can help, or know anyone who might be able to help. New home for LUGs Resource Project. Kara Pritchard wrote in to announce that the Linux User Group (LUG) Resource Project has a new home. "The LUGs Resource Project began as a collaboration of efforts at Linux.com in early 1999. With focus of Linux.com changing to editorial, Kara Pritchard decided to start LinuxUsersGroups.org as an independent, non-vendor owned project dedicated to LUG services." LUGOD Meeting: Jeremy Allison on Samba. LUGOD, The Linux Users' Group of Davis, will hold its next meeting on Monday, January 15, 2001. St. Louis LUG meeting. At the next meeting Matthew Schillinger will discuss his experience setting up FreeS/WAN in a distributed corporate environment. January 18, 2001. LUG Events: January 11 - January 25, 2001.
Additional events can be found in the LWN Event Calendar. Event submissions should be sent to lwn@lwn.net in a plain text format. |
January 11, 2001 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
Software AnnouncementsHere are this week's Freshmeat software announcements. Freshmeat now offers the announcements sorted in two different ways: |
Our software announcements are provided courtesy of FreshMeat
 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Back page page. |
Linux Links of the WeekGeekT.org. Have you worn holes in all of your favorite T shirts? Do you want to make a techno-nerd fashion statement? Check out GeekT.org; they are offering "Geek history through T Shirts" with the purpose of immortalizing unusual shirts. Section Editor: Forrest Cook |
January 11, 2001 |
|
|
This week in historyTwo years ago (January 14, 1999 LWN): Creative Labs was in the news concerning the release of information on their Sound Blaster Live card. The company had done a turnaround in policy, starting with the position of not wanting to release its proprietary information and ending with a job posting for a Linux programmer. One can now find a device driver for the Emu10K chip in the Linux kernel source. LinuxWorld.com ran an article on the Gimp and some potential problems due to two principal developers leaving. "If the story of Gimp's development represents an emerging pattern, then all is not well for open source software." With the recent release of Gimp 1.2, it appears that the problems were overrated. The press pundits were predicting that 1999 would be the year of Linux, which it was, as was 2000 and as 2001 will be ... The OpenSSL project was announced. Its goal of creating an open-source full featured secure communications package has been reached, and it is still going strong. The development kernel was version 2.2.0 pre7 with the 2.2.0 release coming soon. Various Linux distributions were readying their systems for the new kernel. Also, the Kernel Traffic newsletter was introduced. In the development world, Gnome 0.99.3, code named Profiling Bonobo was released. Digital Creations opened up the source code to DCOracle, a Python extension to the Oracle database. Corel introduced their Netwinder thin server product which ran Corel's own port of Linux. One year ago (January 13, 2000 LWN): The Uniform Computer Information Transactions Act was attracting opposition. It contained a number of unpleasant components for the customers of commercial software, including remote shutdown code, contracts that could not be read until the box was opened, and transferability restrictions. Reverse engineering was also under attack, something that affected Linux developers. UCITA has since passed in a small number of states in the US and still remains as a threat. Michael Tiemann, formerly from Cygnus, moved into the position of Red Hat's Chief Technical Officer after the acquisition of Cygnus by RedHat. Red Hat also managed to complete a stock split, things were riding high and wild in the world of Linux stocks. The second draft of the US cryptography regulations were discussed, some of the rules were about to be relaxed. This affected Linux in that the kernel could contain more secure versions of the encryption software without the need for user intervention. The development kernel was up to version 2.3.39 with a 2.3.40 prepatch available. Lots of USB changes were in progress along with many other things. The stable kernel was version 2.2.14. In the world of distributions, it was claimed that the Chinese government may have banned Windows 2000 in favor of Red Flag Linux. Copies of Red Flag Linux were impossible to track down though, and its existence was questioned. To top it off, the Chinese government was denying the authenticity of the report. In any case, the security implications of any government relying on closed source operating systems were being scrutinized. The Linux Professional Institute announced free Linux exams and signed up over 300 people in a short time. Caldera filed for its IPO, and was in the process of building up its Linux for Business platform. Caldera succeeded in going public, and later acquired SCO, now renamed Tarantella. Linux One's IPO filing wasn't looking very likely to succeed, people in the financial world were beginning to notice the real lack of technical substance in the company. | |
|
|
Letters to the editorLetters to the editor should be sent to letters@lwn.net. Preference will be given to letters which are short, to the point, and well written. If you want your email address "anti-spammed" in some way please be sure to let us know. We do not have a policy against anonymous letters, but we will be reluctant to include them. | |
Date: Thu, 4 Jan 2001 22:59:55 -0800 To: lwn@lwn.net From: David Fickes <david@advicepress.com> Subject: Lynux IPO filing... One of the issues you mention is the CEO being in debt to the company. This is a very common way to give stock to a key person (or a founder) without triggering all sorts of filing and tax issues. Essentially, the company loans the money and then the money is used to pay for stock at the current valuation level. The assumption is that this is easier and more solid than options (which can be a bar to future private placements and are not tangible) or outright grants (which are a problem with current shareholders. Normally, one cannot sell stock cheaper than the current valuation price without triggering tax issues and also angry current shareholders. This is so common, its almost not worth mentioning. It is interesting because if you follow the money on each of these transactions, you will also uncover the valuation price at the moment each of these events occur. - Usually you can then find out where the various VC and other companies/investors bought in. -d -- David Fickes +1 650 620-9905 ADVICE Press +1 650 620-9906 fax 951 Old County Road Suite 103 david@advicepress.com Belmont, CA 94002 www.advicepress.com | ||
Date: 5 Jan 2001 18:27:27 -0000
From: Eric Smith <eric@brouhaha.com>
To: letters@lwn.net
Subject: setuid and GTK+
Gentlemen,
In the Security section of your 4-Jan-2001 issue, you talk about the
BugTraq discussion of the possibility of insecure GTK+ modules being
used in setuid or setgid programs:
It can be argued that GTK+ should force an abort if the program
using that library is running as setuid or setguid. But this is the
wrong way to handle this issue. Libraries shouldn't enforce policy -
if you want to shoot yourself in the foot, you should be able to do
so. What GTK+ could do is provide hooks for applications to request
this enforcement, but not enable it by default.
Libraries shouldn't *rigidly* enforce policy. But I don't see what would
be wrong with having GTK+ abort by default in dangerous situations, and
require applications to do something special if they want to prevent this.
It is much better to have things be secure by default, and require special
action to make them insecure.
If anything like this is done, there should also be a way for the system
administrator to set a system-wide policy disallowing such applications;
perhaps an rc file in /etc/ would do the job. I'd even settle for a
compile-time option, but most people don't want to recompile their
system libraries.
Of course, a sysadmin that is worried about such things should also
routinely use find to inventory all the setuid and setgid programs,
and make sure that he or she knows *why* those programs are setuid or
setgid:
#!/bin/sh
for fs in `awk '{ if (($3 != "proc") && ($1 != "none")) print $2 }' </proc/mounts`
do
echo "scanning $fs for setuid and setgid programs"
find $fs -mount -perm +6000 -ls
done
On systems I administer, I turn off the setuid bits on many
standard programs, and remove others. For instance, suidperl seems
like an incredibly bad idea to me. I'm not trying to pick on suidperl,
I'm only using it as an exmaple. It may well be the case that the authors
of suidperl have done a thorough security audit, but it's easier for
me to remove it rather than worry about it.
Happy new millenium!
Eric Smith
| ||
Copyright © 2001
Eklektix, Inc., all rights reserved