Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise
news for all interests
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Linux History Letters
Other LWN stuff:
Archives/search
Recent features: Here is the permanent site for this page. See also: last week's LWN.
|
Leading items and editorials'Ramen Worm' attacks Red Hat-based systems. A new worm, dubbed the "Ramen Worm", was spotted on the Internet this week. For those of you unfamiliar with the term, a "worm" is a self-propagating attack, e.g., a script is written to attack a system, copy itself to that system and then automatically go out to find new vulnerable systems and attack them. This differs from the term "virus" in that viruses are attached to or embedded in otherwise innocuous files or programs. Linux is generally (though not theoretically) immune to viruses; it is not immune to a worm, since a worm is simply a specialized case of a successful, usually network-based, attack.Nonetheless, a worm is self-propagating, like a virus, so there are similarities. This particular worm was not an impressive example, at least to security experts. It was cobbled together from pre-existing components and exploits vulnerabilities that are four to seven months old. As such, it is a good example of why we warned back in November, 2000 that the Linux community should not become too cocky about its security record, based on its relative immunity to viruses. Given how easily this one was developed, we can expect to see more of them in the future. The biggest lesson from the worm this week is apply your security updates. The only systems vulnerable to this attack were those with vulnerabilities that had been reported months ago and for which fixes had long since been available. Obviously enough systems fit this criteria to fuel a significant attack. The actual impact of the worm is minimal, restricted to disabling anonymous ftp access and defacing websites. Unfortunately, it could easily be modified to be much more damaging. Confirming the lack of actual malicious intent, the worm has been reported to only attack systems with anonymous ftp enabled and then to close politely close anonymous ftp behind it, essentially preventing the system from being infected again via the same mechanism, unless the local administrator re-enables anonymous ftp without patching the system. (It is worth noting that the scanning traffic created by the worm is causing problems for some networks, especially those which use multicast). The worm found this week specifically targets Red Hat 6.2 and Red Hat 7.0 systems that have not applied security updates for wu-ftpd, nfs-utils and LPRng. Here are the advisories for the applicable security updates, though, of course, it is recommended that all security updates be applied:
Red Hat 6.2:
In addition, although the worm was written to attack Red Hat Linux systems, the vulnerabilities themselves are not specific to Red Hat and therefore the worm could also easily be rewritten to attack other Linux systems. Below are links to our coverage of the involved vulnerabilities, including links to updates from other Linux/BSD vendors:
This ZDNet article provides some interesting information on the worm. For more technical detail, several analyses of the worm have been published, including this one by Daniel Martin. The majority of first-hand information about the worm comes from the SecurityFocus Incidents mailing list, on which the worm was first reported on January 15th.
Signs of the times. Should anybody still doubt that the Linux business climate has changed dramatically over the last year, a couple of events from the last week should help to clarify things:
The current business climate is clearly no fun, especially if your business depends on obtaining funds from investors. Linuxcare, Turbolinux, and Lineo have all attempted to go public; none have yet succeeded. In a world where private investment has dried up, and the IPO market is closed, it is difficult for a startup business to get large enough to firmly establish itself. In such an environment, about the only "get big fast" route that remains open is consolidation. It would not be surprising to see a number of other Linux companies look to mergers as a path to growth. A year from now, there may be a much smaller community of Linux companies doing business. Turbolinux, meanwhile, has long taken the approach that it is a software vendor, and that it is not interested in the services-based plans adopted by distributors like Red Hat. The merger with Linuxcare is obviously the end of that strategy. It is also likely to be the end of Turbolinux's IPO bid, at least for now. Merging with Linuxcare is such a fundamental change that Turbolinux would essentially have to throw out its IPO filing and start over. In a time when the markets are openly hostile to initial offerings, the company is unlikely to bother with a new filing. An interesting question will be whether the merger is the end of Linuxcare's distribution-independent policy. A credible, neutral stance will certainly be harder to maintain when Linuxcare is part of a major Linux distributor. Those interested in speculation might wonder if, instead, Turbolinux is preparing to deemphasize, if not exit, the distribution business in favor of its clustering and other value-added offerings. According to its IPO filing, Turbolinux only derived 37% of its revenue from operating system sales in the first half of 2000. Might Turbolinux have decided that its future lies elsewhere? What the future holds for Lineo is unclear. Failed IPO bids are often followed by reductions in staff; Lineo has grown rapidly through its series of acquisitions and may now find itself needing to slim down a bit. It is also worth noting that the embedded Linux world is highly fragmented, with several companies all competing with each other. Some consolidation in that sector is to be expected. VA Linux Systems puts out another warning. In another sign of the times, VA Linux Systems has put out another warning that earnings will not be up to expectations. Revenue for the second quarter (which ends on January 27) is expected to be $50 million at best, for a loss of $0.24-0.28 per share. Among other things, VA says that the usual January sales upturn has not happened this year, and blames the state of the economy in general. VA has also been facing price pressure: Additionally, the current economic conditions are creating a difficult pricing environment resulting in lower gross margins. Going forward in this economic environment, we intend to focus on higher margin business and to manage expense levels such that we can achieve profitability given our revised revenue expectations.
Of course, "manage expense levels" is PR-speak for "lay people off." The "current economic conditions" aren't getting any better. (VA has legal problems as well; see this week's Linux in Business page for discussion of the class-action lawsuits against the company). Through all of this it's worth remembering that Linux and the businesses that have sprung up around it are two different things. It may not be the easiest of times to run a Linux business (though it's certainly far better than it was even five years ago), but Linux itself is doing great. Adoption and mindshare continue to increase, and the software is just getting better. And many businesses are doing well. For example... There is still money for Linux businesses, at least occasionally. Consider these examples:
Clearly some investors still believe in the future of Linux, even if the stock market is not currently favorable. As Linux and free software in general continue to grow, investors will figure out that their future is still bright. We will, with luck, never see a repeat of the frenzy of a year ago; but we should, at some point, leave the current depression behind as well.
Interview: Larry Wall. ChangeLog.net editor Maya Tamiya has sent us another interview. This time, Maya has interviewed Larry Wall at the Perl/Ruby conference, which was held in Kyoto, Japan at the end of last year. In this interview, Larry discusses a wide range of topics, including his job at O'Reilly, Perl certification, the commercialization of Perl, competition between open source projects, the power of laziness, Perl 6, post-modernism, software patents, documentation, and more. (This interview contains a number of pictures; there is also a smaller version available for those with limited bandwidth). Hardware sales are getting, well, hard. Earlier this week Tuxtops announced that it would be dropping its Linux laptop line in favor of a software product to be announced at a later date. The LWN.net staff immediately began to ponder if there was some real problem with getting Linux to run on laptops, or if making a business out of that was really all that hard. After all, LinuxLaptops and VA have both exited that market. ASL still sells them though the list of small laptop vendors with a Linux focus is dwindling. So, what about the big players? IBM lists 3 ThinkPad models (A20m, T20, and T21) that they ship preloaded with Linux. All are loaded with Caldera OpenLinux eDesktop. While they point out that IBM hardware has been Red Hat certified, a search through Red Hat's certified hardware database, searching for "IBM" and "Notebooks" (any architecture, any Red Hat release), comes up empty. Gateway doesn't make it easy to determine if it sells notebooks preinstalled with Linux from its site. Compaq's support of Linux is well known, but its Linux site has no information on laptops. Dell at least has a Linux specific section on its site, but it only mentions servers and desktop system as preinstalled. No obvious information on laptops is provided. So what's the deal with laptops and Linux? Of course Linux works well on laptops (most of the LWN.net staff uses Linux laptops of one kind or another). The lack of preinstalled support can be the result of a number of issues. First, many of the features that are used to add value to laptops by hardware makers are only now, with the release of the 2.4 kernel, becoming commonly supported: USB, Firewire, DVD, S-Video output, WinModems, and so forth. Since smaller hardware vendors like LinuxLaptops or Tuxtops (though not necessarily Dell, IBM or Compaq) are generally not also Linux distributors, they rely on well-known distributions to support these features. That will happen later this year. For now, these smaller vendors are on their own. So that would leave the larger companies, those with resources to produce drivers for the more modern hardware features commonly found on laptops, to write their own drivers. They can do that, so why the lack of preinstallation? The next issue may be margins. While Linux is inexpensive, laptops are not. Larger companies have to push these machines in volume, though probably not to the levels required for desktop systems. Laptops with Linux preinstalled may not be the high volume market needed to sustain smaller, Linux-focused companies. Of course, all hardware vendors have been hit fairly hard by a slowing economy and weak sales in general. The disappearance of a few smaller vendors is a normal shakeout under these circumstances. But that still doesn't explain why preinstalled laptops from the big three aren't well publicized. While hardware support used to be a viable reason for lack of support, it's hardly the status quo these days. Too many people are writing drivers for new hardware - IBM expects to put $1 billion US dollars into development this year alone. Preinstalled Linux, especially on laptops shouldn't be that hard. So what is the biggest reason Linux isn't preinstalled? Laptops aren't servers. And Linux is still trying to establish itself on the desktop. Hardware makers have everything to gain with preinstalled Linux servers. The value in preinstalled desktops - and laptops - has yet to be measured. Update: A number of readers pointed out that Dell's web site does indeed list preinstalled Linux systems. You just need to look at the sidebar to find the link to the right page. Additionally, David Sifry, CTO of Linuxcare, pointed out that IBM's certifications come through Linuxcare, not Red Hat, despite the way it appears on IBM's site. Looks like the IBM web designers were just told the systems were "Red Hat Certified", and not who did that certification. Inside this week's Linux Weekly News:
This Week's LWN was brought to you by:
|
January 18, 2001
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Security page. |
SecurityNews and EditorialsInterBase backdoor. A special login account and password was found in the Borland InterBase database source code by German software developer Frank Schlottmann-Goedde and reported this past week. Borland's InterBase was released under an Open Source license last July. Non-Borland developers got access to the source code at that time and were the ones to find and report the login/password problem.The backdoor was apparently introduced for programmatic reasons, in order to allow one portion of the database to communicate with another portion that was password-protected. The security hole that was subsequently introduced was either not anticipated or not expected to be a problem, since the source code had not been released. Certainly Borland would not have released the source code in its current state if they had been aware of the backdoor. As a result, their decision to release the source code has done them, and their customers, a service. Of course, media coverage of the discovery also questioned whether or not the release of the source code increased the risk to the customer. This is based on the premise that the source code was available for six months before the problem was found and presumably an attacker might have also found the backdoor without reporting it. While possible, this risk is more than offset by the possibility that the backdoor was discovered without access to source, as many vulnerabilities are (check the list of Microsoft vulnerabilities sometime). The backdoor was apparently introduced in 1994, so there has been considerable time in which that discovery could have been made. If not via an examination of the binaries themselves, anyone who worked on the code during that six years may have had knowledge of the security problem. A disgruntled employee, or one bribed for purposes of corporate espionage, etc., could have used or passed on information about the vulnerability. Now that Borland has issued a patch for the problem (which should be integrated into the next certified release of InterBase 5.X), the issue is moot because the problem is solved. It only took six odd years ... and the release of the source code ... to get it fixed. See also:
Simple administrative issues open up cgi-bin vulnerabilities. This week, Tamer Sahin reported a vulnerability in the Basilix web-based mail system. The issue was the use of ".class" and ".inc" extensions for files that were actually PHP scripts. As a result, any server using the web mail system that did not also modify its web server configuration to properly interpret ".class" and ".inc" files as PHP exposed information inadvertently. Obviously, an administrative fix for this problem is fairly simple. Alternately, the blame could be shifted to programmers who choose to use non-standard file extensions. However, since our goal is to build toward security by default, it might also be reasonable to consider this to actual be a vulnerability in the web server itself, which is shipped by default to display all files and all file extensions. If the default administrative option was the most secure, e.g., only display files with extensions that have been defined in the configuration files, then the addition of non-standard file names that aren't defined in the web server configuration files would not open any security holes. Of course, the new mail server wouldn't work until the extensions had been added, but that should be considered the preferable option when security is a priority. CRYPTO-GRAM newsletter for January. Bruce Schneier's CRYPTO-GRAM newsletter for January is available. It covers a wide range of security-related issues, including the story of alleged mobster Nicodemo Scarfo, whose PGP encryption was defeated by the FBI, which installed a keyboard sniffer on his system. Security ReportsRamen worm. For coverage on this week's network-based Ramen word, please check our Front Page. glibc RESOLV_HOST_CONF preload vulnerability. Charles Stevenson at Terrasoft (Yellow Dog Linux) posted notice of a glibc vulnerability in versions 2.1.9 and higher to BugTraq this past week. The issue is a missing comma in the code, which, as a result, allows the RESOLV_HOST_CONF environment variable to be passed to setuid/setgid programs. This can be exploited to gain local root access.This week's updates: glibc local write/ld.so.cache preload vulnerability. Red Hat issued another update to glibc this week to fix a preload-related vulnerability. In this vulnerability, the glibc preload check was not applied to libraries that had already been loaded into /etc/ld.so.cache. This can be exploited to create/overwrite files without authorization. Check BugTraq ID 2223 for more details.This week's updates: PHP Apache Module bug. Zend.com posted an advisory reporting a vulnerability in the PHP 4.X Apache Module. The per-directory configuration option to disable the PHP engine incorrectly impacts other directories and can be exploited to expose the source code for PHP scripts. An upgrade to PHP 4.0.4pl1 will fix the problem. Check BugTraq ID 2206 for more details.dhcp buffer overflow. Caldera released an advisory this week reporting a format string vulnerability in the error logging code for dhcp. They have provided updated packages for OpenLinux. Presumably, this will impact other distributions as well.SuSE rctab /tmp-related race condition. Paul Starzetz reported a flaw in SuSE's rctab script, provided with SuSE to edit init levels. This flaw can be exploited to overwrite arbitrary files, allowing a denial-of-service attack or, potentially, a local root compromise. Roman Drahtmueller from SuSE confirmed the problem and provided a workaround, along with some corrections to the original report. Updated packages should be forthcoming soon.Oliver Debon's port of the Macromedia flash plug-in. We have previously reported on problems with the Macromedia flash plug-in and responses from Macromedia. This week, the originally-reported buffer overflow has been recreated in Olivier Debon's unofficial port of Macromedia's flash plug-in to to a variety operating systems, including Linux and FreeBSD. This could potentially be used to remotely execute code under the UID of the Netscape user.Note that Macromedia also provides their own version of Flash for Linux. A method for determining which flash player you may have installed is provided in the report. If you are using Olivier's version, you will probably want to disable it or replace it with the version from Macromedia until a fix is provided. jaZip buffer overflow. jaZip, a program for managing Iomega Jazz or Zip drives, has been reported to contain an exploitable buffer overflow. This program is sometimes installed setuid root, increasing the potential impact of the vulnerability, which was tested on TurboLinux systems. For more details, check BugTraq ID 2209.Multiple vulnerabilities in splitvt. Multiple vulnerabilities were reported in splitvt this week, including several buffer overflows and a format string vulnerability. An upgrade to splitvt 1.6.5 should solve the problems. Check BugTraq ID 2210 for more details.tinyproxy heap overflow attack. tinyproxy, a small, GPL'd HTTP proxy server, contains a vulnerability to a heap overflow attack. This can be exploited to cause a denial-of-service. tinyproxy 1.3.3a has been released to fix this problem.exmh symlink vulnerability. A symlink vulnerability in exmh was reported this week. Note that exmh is not a setuid program, so this can only cause a root compromise if root runs exmh directly. However, it could be used by an attacker to cause any user to overwrite a file that they own. No fix for this has been made available so far.ssh 1.2.30 secure RPC vulnerability. A vulnerability in ssh 1.2.30 was reported this week related to the use of secure-rpc to encrypt private keys. A patch to fix the problem has been made available. Check BugTraq ID 2222 for more details.cgi-bin scripts. The following cgi-bin scripts were reported to contain vulnerabilities:
Commercial products. The following commercial products were reported to contain vulnerabilities:
UpdatesMultiple package tmp file race problems. Check last week's LWN Security Summary for the initial report. Immunix reported race conditions in twelve packages: apache, tcpdump, squid, linuxconf, mgetty, gpm, wu-ftpd, inn, diffutils, getty_ps, rdist, and shadow-utils.The response, of course, has been for up to twelve security advisories to come out from each vendor. As a result, we've broken up the responses to this problem according to the package name, to make it easier to see what distributions still have updates pending. apache:
diffutils/sdiff:
gpm:
getty_ps:
inn:
mgetty:
linuxconf:
rdist:
shadow-utils:
squid:
tcpdump/arpwatch:
wu-ftpd: Note that this is not the same wu-ftpd vulnerability currently being exploited by the Ramen Worm. That is an older advisory, covered in more detail below.
Multiple stunnel vulnerabilities. Multiple vulnerabilities in stunnel were reported in December including a potential remote root exploit caused by insecurely-structured calls to syslog and another vulnerability involving the way in which the stunnel process id is logged.This week's updates: Previous updates:
Zope local role and DTML editing vulnerabilities. Check the December 21st, 2000 LWN Security Summary for the initial report of these two vulnerabilities.This week's updates: Previous updates:
bash tmpfile vulnerability. Check the November 30th, 2000 LWN Security Summary for the original report. This is similar to the tmpfile problems reported in /bin/sh and /bin/tcsh.This week's updates: Previous updates:
syslog-ng remote denial-of-service. Check the November 30th, 2000 LWN Security Summary for the original report. Syslog-ng is a syslog replacement with additional functionality. syslog-ng 1.4.9 and higher are no longer vulnerable.This week's updates: joe symlink vulnerability. Check the November 23rd, 2000 LWN Security Summary for the original report.This week's updates: Previous updates:
Hostile server vulnerability in OpenSSH. Check the November 16th, 2000 LWN Security Summary for details. Upgrading to 2.3.0 is recommended.This week's updates: Previous updates:
wu-ftp vulnerability. Check the June 15th, 2000 LWN Security Summary for the original report of this problem. An upgrade to wu-ftpd 2.6.1 should fix the problem.Note that this is the vulnerability that is currently being exploiting by the Ramen Worm. The wu-ftpd updated listed above under "temp file races" is a new and different vulnerability. This week's updates:
ResourcesAdvanced Host Detection. Guido Bakker posted his white-paper on Advanced Host Detection to BugTraq this week. "Advanced host mapping bypasses many forms of intrusion detection systems, filters, and routers, essentially enabling an attacker to map and discover previously unknown firewalled hosts". Passive System Fingerprinting using Network Client Applications. Along a similar vein, Jose Nazario has posted his white-paper on "Passive System Fingerprinting using Network Client Applications". "Passive target fingerprinting involves the utilization of network traffic between two hosts by a third system to identify the types of systems being used". mobileBugs mailing list. Lukasz Luzar has started a new mailing list, mobileBugs, dedicated to discussion of security issues related to cellular phones and other forms of mobile computing. EventsCall-for-Papers extended for the IEEE SMC IA Workshop. An extension to the Call-for-Papers for the IEEE SMC IA Workshop has been posted. The workshop will be held June 5th and 6th, 2001, at West Point, New York, USA and is sponsored by the United States Military Academy (USMA), the University of Virginia Systems and Information Engineering Department, and the IEEE Systems, Man and Cybernetics (SMC) Society. Dr. Gene Spafford from Purdue will be one of the keynote speakers. Upcoming security events.
For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net. Section Editor: Liz Coolbaugh |
January 18, 2001
LWN Resources | |||||||||||||||
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Kernel page. |
Kernel developmentThe current kernel release remains 2.4.0. Linus continues to put out 2.4.1 prepatches; the 2.4.1 prepatch is in its eighth revision as of this writing. It contains a number of small fixes, Jens Axboe's block I/O scheduling improvements, and, as of pre4, the ReiserFS filesystem (see below). See Linus's "half-assed changelog" for a quick list of the contents of this patch. Alan Cox continues to maintain his "ac" series, with the latest release being 2.4.0-ac9. This patch is rather more extensive than Linus's prepatch (7MB, as opposed to just over 1MB for 2.4.1-pre8). Much of what is there is the result of a late kernel code auditing frenzy by a number of people; many questionable things have been cleaned up. Linus's conservative approach to 2.4 patches is creating a large backlog of stuff waiting to go in. There will be quite a job of merging to do once Linus opens things up again. No 2.2 kernel prepatches have come out over the last week. Disk corruption with 2.4.0 and VIA IDE chipsets has been reported by some users. Evidently some VIA chips don't do DMA all that well, leading to unhappy users who, hopefully, have good backups. The maintainer of the driver for VIA IDE is Vojtech Pavlik; his is currently looking for trouble reports in order to be able to pin down just what the problem is. If you have VIA IDE and (1) have seen problems, or (2) are willing to do some testing, consider helping so that this problem can be eliminated. 2.4.1-pre6 also had disk corruption problems due to a mistake in the ReiserFS merge. It was fixed quickly, but it's always good to have an occasional reminder that development kernels can be risky. Those who are interested can read Linus's description of the problem and why he didn't notice it right away: With a gig of RAM, inodes tend to cache really well.
This problem was discussed as part of a thread on the virtual memory performance of the 2.4.1 prepatch series, which is generally considered to be inferior to 2.4.0. ReiserFS is in. Last week, remember, Linus announced that he was going to be extremely conservative in accepting patches for 2.4: In order for a patch to be accepted, it needs to be accompanied by some pretty strong arguments for the fact that not only is it really fixing bugs, but that those bugs are _serious_ and can cause real problems. Some people were thus rather surprised to see a whole new filesystem show up in 2.4.1-pre4. It's hard to make the claim, after all, that the addition of ReiserFS is fixing a serious bug. Linus's answer to this surprise is essentially (1) putting ReiserFS into 2.4.1 has been expected for some time; (2) people have been pounding on ReiserFS for quite some time - SuSE, for example, has included it for a while; (3) ReiserFS does not affect anything outside of the filesystem, and (4) no showstopper bugs have shown up, so there's no need for a pure bugfix release. So what is ReiserFS, anyway? This filesystem, created by Hans Reiser, has attracted interest in recent times due to its journaling capability - it can recover from a crash without the need for a lengthy filesystem checking pass. But journaling was not the original purpose behind ReiserFS - Mr. Reiser has much more ambitious plans than that. For details, have a look at the ReiserFS writeup from the November 11, 1999 LWN Kernel Page. For many, many more details, set aside a block of time and visit the Namesys home page. For those wanting to experiment with ReiserFS, bear in mind that NFS still can not serve files from a ReiserFS partition. There are patches in circulation to remove that limitation, but they have not yet made it into the kernel tree. (Yes, SuSE's 2.2 distribution features a working ReiserFS NFS, but those patches are not currently in the 2.4.1 prepatch). Who's the fastest web server of all? One of the more controversial features of the 2.4 kernel is khttpd - the kernel HTTP (web) server. Not everybody believes that this sort of service belongs in the kernel. If it is there, however, it should produce good results. Christoph Lameter decided to run some tests, using the Zeus benchmark, to compare khttpd's performance with boa, a user-space web server. His results:
Thus, at a first glance, it would seem there's little reason to keep khttpd in the kernel. Of course, the version of khttpd that is in the 2.4.0 kernel does not support persistent connections, which puts it at a disadvantage. But even when persistent connections were disabled for the test, boa came in with 227 requests per second - still more than khttpd. The story does not end there, however. The author of khttpd - Arjan van de Ven - has a patch which enables support of persistent connections; it just has been kept out of the kernel by the persistent feature freeze. Mr. Lameter reran the tests with the patch applied and got a rather different set of results:
With persistent connections enabled, khttpd handles almost twice as many requests as boa; this would, one might think, end the discussion. Except, of course, that there is another kernel web server out there. Ingo Molnar decided it would be fun to run the same benchmark with the (upcoming) TUX 2.0 patch, along with the zero-copy networking patch (discussed last week). His results: 12,658 requests per second. It's worth noting that Ingo's test ran on different hardware. Nonetheless, TUX is looking pretty good... The quotes of Chairman Linux. Reading linux-kernel can be fun at times... Once you realize that documentation should be laughed at, peed upon, put on fire, and just ridiculed in general, THEN, and only then, have you reached the level where you can safely read it and try to use it to actually implement a driver.
and his poor fortune: Oh, well. Not everybody can be as goodlooking as me. It's a curse.
Other patches and updates released this week include:
Section Editor: Jonathan Corbet |
January 18, 2001 For other kernel news, see: Other resources: | ||||||||||||
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Distributions page.
Lists of Distributions |
DistributionsPlease note that security updates from the various distributions are covered in the security section. News and EditorialsNiche Linux Distributions rub elbows with Mac enthusiasts. Linux Distributors LinuxPPC and TerraSoft (Yellow Dog Linux) were present in force at this year's MacWorld. Although the conference was timed to match the release of this InfoWorld review of SuSE 7.0 on the PowerPC, SuSE wasn't present at MacWorld. Though we haven't verified this, we expect that the other major Linux distributors weren't there either, even though some of them offer PowerPC versions of their distributions. Why not? Given the number of conferences and expositions around the world demanding their attention, and the cost of attending them all, it isn't too surprising that they didn't find time to make it to MacWorld. For now, with the exception of LinuxPPC and TerraSoft, it was an Apple and Microsoft-dominated event. In addition, the Mac community is as different from the Linux community as the Microsoft community is. They have their own history, language, and concerns, which may or may not overlap with the concerns of the Linux and Open Source community. We believe the future will overlap more, but for now, there is definitely a gap. Companies like LinuxPPC and TerraSoft form bridges between communities. By choosing to focus solely on the PowerPC architecture, they also form a closer alliance with the Mac world. Not only can they justify the expenditure of funds to mingle at MacWorld, they couldn't possibly justify missing it. Within that statement lies the potential future for these companies. They won't ever take over the entire Linux world but their success, presuming they do survive, will rest on their ability to become a known and understood part of both worlds. After all, if you are a Mac enthusiast looking at Linux for the first time, to whom would you rather talk? A large Linux company that sees the Mac world as just another piece of the pie? Or a small Linux company whose livelihood depends on understanding your unique needs and finding a way to support them? See also:
In Mexico, Net Not a Priority (Wired). Wiring Mexico's schools won't happen at the behest of government - or Microsoft - according to the new President of that country. Instead, it will happen through the private sector, and with open source. "Open source software would solve [the piracy] problem," [Gary Chapman, director of the 21st Century Project] said. "You can get all the functionality without paying the software fees." In fact, Red Escolar, a project that aspires to wire every Mexican school to the Internet, uses free applications Linux and Gnome on its computers, he said. Distribution ReviewsWindows Meets Linux (Duke of URL). The Duke of URL posted a review of WinLinux 2000. "The hardware support is pretty poor and it would be nice for this distribution to hack the kernel like Red Hat and Mandrake do to include terminology, and maybe even include something like the drivers for the Lucent Winmodem -- since people using Windows generally have devices like that. Before WinLinux can be a serious contender, they need to do some kernel hacking." New DistributionsBYO Linux. BYO Linux, otherwise known as "Build Your Own Linux", appears to have borrowed the idea behind BYLD, Build Your Linux Disk. BYLD helps you build your own Linux distribution on a single floppy disk. BYO Linux helps you build your own full-size Linux distribution. The site is nice and heavy on the documentation side. If you've been wanting to build your own distribution but were a bit daunted by how to get started, this will provide an excellent base. Computer science professors might want to take a look ... it would be a nice, though large, assignment to hand out to some truly enthusiastic students. TA-Linux. A new entrant onto our list of small, disk-based distributions, TA-Linux was built by Kaj-Michael Lang. In size, it runs between 65MB and 250MB. "I had a couple of reasons for making TA-Linux. I was not happy with the distributions out there, except Slackware but Slackware had one problem, it's only for x86 (ok, sparc version is available now, but wasn't when I started to work on this) and I wanted to run an identical distribution on all of my linux capable machines." For now, the x86 version is the only one available for download, but an alpha version is also promised. FREESCO. Hoyt Duff dropped us a note to point out the FREESCO distribution, another single-floppy distribution primarily intended to function as a router (FREESCO == FREE ciSCO). They promise that it is "insanely" easy to use. General-Purpose DistributionsDebian News. This week's Debian Weekly News reports the boot of the first Debian IA-64 system, ported by Bdale Garbee and Randolph Chung. Check the details in this post from Bdale. Critical to Debian users and developers, 61 long-orphaned packages are scheduled to be officially removed from Debian unless a new maintainer steps up to shoulder the work. Critical orphaned packages include fnlib, a font-rendering library used by Enlightenment applications, tclx8.0.4 (Extended Tcl), the entire SIAG office suite and more. It would be a good idea to check the list carefully to see if there are any programs that you will miss. For more Debian news, check out this week's Kernel Cousin Debian. For news on the Debian GNU/Hurd project, check out this week's Kernel Cousin Debian Hurd Linux-Mandrake and a fully anti-aliased KDE desktop. Information on how to get XFree 4.0.2, freetype2, libqt2 and more all working together to support fully anti-aliases fonts is the topic of this MandrakeForum article. Strictly for the very brave, but the results appear to be worth it: "You really won't believe how utterly beautiful this is, especially if you haven't spent years with those crappy Linux fonts in front of you". With luck, we'll all be sitting where he is someday. It's nice to know that a more beautiful desktop is definitely getting closer. Note that only a few graphics boards are currently supported in this configuration. In addition, the configuration is apparently quite a CPU and disk hog. Virtual Linux and CCLinux update. Last week, we mentioned the Virtual Linux project, working to provide a CD-based version of Linux-Mandrake. Since then, several of our readers pointed out that the link we provided for Virtual Linux on freshmeat.net was no longer functioning. We checked with Scoop; the project author was having problems getting his software uploaded. Once those problems are fixed, Virtual Linux should return. Similarly, reports came in that our link to CCLinux was no longer functioning either. We checked with CCLinux author FBW who confirmed that there were known problems with the server on which CCLinux is hosted. So CCLinux will be back, but there is no estimate yet on when that will be. Slackware News. Slackware-current has now been upgraded to the Linux 2.2.18 kernel. In addition, glibc 2.2.1 has been installed, replacing the version of glibc 2.2 patched last week due to security issues. Embedded DistributionsiPAQ Handheld Linux. Linux on the iPAQ has been in the news quite a bit lately, but the announcement of the iPAQ Handheld Linux distribution just hit Freshmeat this week. Prosa, EtLinux rise from the ashes (LinuxDevices.com). Former Linuxcare embedded Linux company Prosa may be resurrecting the EtLinux distribution it lost when Linuxcare's European facilities were closed. "At this time, a restart of Prosa and EtLinux is in process, under the direction of Davide Barbieri, who was formerly the General Manager of Prosa Labs and later served as General Manager of Linuxcare Italia following Linuxcare's acquisition of Prosa." Installing Microwindows on the iPAQ (LinuxDevices.com). In part 3 of a series on the history and future of Linux PDAs, Jerry Epplin looks at using Microwindows on the Compaq iPAQ. "Microwindows supports two APIs: the Windows GDI and Nano-X, an X-like API intended for low-footprint applications. On top of Microwindows the toolkit provides FLNX, a version of the FLTK application development environment modified to target Nano-X rather than X." Mini/Special Purpose DistributionsMinor distribution updates. Here are some minor distribution updates released this week:
Section Editor: Liz Coolbaugh |
January 18, 2001
Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Development page. |
Development projectsBrowsersHermes mail access project announced. A new Mozdev project, Hermes, has been announced. "The Hermes project aims to create a means of access that is versatile enough to allow fast and simple access to various web-based e-mail accounts. Currently there is a 'Hermes Hotmail' sidebar tab.. but the aim is to have a better system." Galeon 0.9 pre1 is out. Version 0.9 pre1 of the Galeon Web Browser has been announced. This version features Mozilla 0.7 compatibility, full screen configurability, and bugfixes. EducationSEUL/edu Linux in Education Report. The SEUL/edu Linux in Education Report for January 15 is available. The ups and downs of getting Linux systems installed in a school system are discussed. Ofset packages. The Ofset/Freeduc site has listed several new educational programs for learning chemistry. Embedded SystemsThe Linux-friendly Embedded SBCs Quick Reference Guide. LinuxDevices.com has posted The Linux-friendly Embedded SBCs Quick Reference Guide, a comprehensive overview of single-board computers that can run Linux. If you're contemplating a project that would use one of these products, you probably want to have a look at this page. GamesAcorn 0.3 screenshots. Take a look at the latest screenshots from the upcoming Acorn 0.3 game for some eye candy. Incidentally, Acorn is being developed on the WorldForge Games site and the organization is currently looking for a new home on the web. If you can meet the necessary server requirements you are urged to contact the project leaders. InteroperabilityWine Weekly News for January 15, 2001. The January 15, 2001 edition of the Wine Weekly News is out. News includes the January 12 release of Wine, DirectDraw reorganization, Web Browser DLLs, and more. Network ManagementKannel SMS and WAP gateway v1.0 release, added to Debian. The Kannel project, designed to build an open source SMS (Short Message Service) and WAP (Wireless Application Protocol) gateway, announced the release of version 1.0 along with the news that it was being included in the Debian distribution. SMS and WAP are used for serving data to web-enabled cell phones. Office ApplicationsLyX Developer News for January 17th, 2001. The January 17th issue of the LyX Developer News has been published. In this issue you'll find a brief look back at the history of the LyX GUI, news on the LyX 1.1.6 release and a look at mailing list traffic for the project. (Thanks to John Levon) Gnucash 2.0 development roadmap. Bill Gribble has sent a notice to the gnucash developers list announcing plans for the upcoming Gnucash 2.0 release, which should be out in the second quarter of 2001. There is talk about forking gnucash into two products, one for personal finance and one for small business accounting. On the DesktopThe People Behind KDE: Gregory (Grisha) Mokhin (KDE Dot News). Continuing with its series on "The People Behind KDE", KDE Dot News interviews Gregory (Grisha) Mokhin. IBM and their involvement with GNOME. Linuxpower interviews Daniel Frye, Director of IBM Linux Technology Center about IBM's role in the GNOME Foundation. "DF: We're expecting that GNOME will accelerate Linux innovation and the use of Linux as a desktop. GNOME is one of the major efforts that, when successful, will legitimize Linux as a viable desktop." Helix Code changes name to Ximian. Helix Code, the company headed by GNOME lead man Miguel de Icaza, is changing its name to Ximian, which rhymes with "simian". Spanish translation of the GNOME User Guide. A Spanish Translation of the GNOME User Guide has been released by the Gnome-es Spanish translation group. ScienceLinux in Science Report #7. Pete St. Onge writes to tell us that issue number 7 of the Linux In Science Report is now online. This issue focuses on internationalization, and includes brief updates on the antiword, cactus, Matrix Math, LyX, and WeirdX projects. OIO 0.9.6 released (LinuxMedNews). Version 0.9.6 of OIO, the Open Infrastructure for Outcomes has been released. OIO is a patient record keeping system for the medical industry that is built from Zope, PostgreSQL, Apache, and Linux Web-site DevelopmentMidgard Weekly Summary - January 12th, 2001. The Midgard Weekly Summary for the week of January 12, 2001 is out. Topics include news on the Midgard Web Site, updates on 1.4 and 1.4.1, a revised timetable for Midgard 2 and news on the Midgard IRC channel. Zope 2.3.0 beta1 released. The 2.3.0 beta1 release of Zope is available. New features include a browser preference screen, a new Quick Start system with pointers to high level learning materials, and more. PikiePikie Wiki clone. Steve Pike Has Released PikiePikie 0.1, a Wiki clone written in Python. Section Editor: Forrest Cook |
January 18, 2001
|
|
Programming LanguagesMarkup LanguagesImprove your XSLT coding five ways (IBM developerWorks). IBM developerWorks has run an article by Benoît Marchal on XSLT coding. "Whether you're a beginner with XSLT or a seasoned programmer, you'll surely find that these five tips from Benoît Marchal will improve your coding and give you new ideas. The handful of tips cover using CSS with XSL style sheets (including HTML entities), incorporating client-side JavaScript, working with multiple input documents, and using XSLT to generate style sheets automatically. The article includes sample code to adapt and reuse." Also, on the topic of XSLT, use Perl notes that the Perl XML::XSLT module, version 0.3 is now available. Creating Web Utilities Using XML::XPath (XML.com). Check out this article by Kip Hampton on using XML::XPath which goes into the process of converting HTML to XHTML with Perl. 4Suite 0.10.1 XML tools. The 4Suite 0.10.1 XML tools for Python have been announced. "4Suite is a collection of Python tools for XML processing and object database management. An integrated packaging of several formerly separately-distributed components: 4DOM, 4XPath and 4XSLT, 4RDF, 4ODS, 4XPointer, 4XLink and DbDOM. The matching 4Suite server is also available. PerlJanuary 15 Perl 5 Porters. The January 15 edition of Perl 5 Porters is out. Topics include sigsetjump issues, benchmarks, UTF8 support, Linux large file support, and more. Cultured Perl: Perl 5.6 for C and Java programmers (IBM developerWorks). Teodor Zlatanov has written an article for IBM's developerWorks that introduces Perl to C and Java programmers. "Perl often bewilders even experienced programmers, primarily because it allegedly makes it too easy to write obfuscated code. But the confusion regarding Perl's structure, features, and philosophy is inevitable given that it's such a rich and powerful language, and that it was designed from the start to allow for more than one way to do the same thing." PHPPHP Weekly Summary for January 16, 2001. The January 16, 2001 issue of the PHP Weekly Summary is available. News includes the first O'Reilly PHP Conference to be held July 23-27, 2001 in San Diego, CA, a fix for a PHP security issue, parallel LDAP searching, and more. PythonPython 2.1 Release Schedule. The release of Python 2.1 is scheduled for 19 Jan, 2001 in alpha form, and the official 2.1 release is scheduled for April 1, 2001. This week's Python-URL. Here is Dr. Dobb's Python-URL for January 15. Have a look for a list of recent Python software releases, numerous development tips, and a classified article on the future of the Python Secret Underground. Python 9 Conference Updates. Updates for the 9th Annual Python Conference have been posted. The referred papers Track information has been placed online. PyXML 0.6.3 available. PyXML 0.6.3, the XML toolkit for Python is now available. Jython 2.0 release candidate 1 available. Version 2.0 rc 1 of Jython, the Java implementation of Python, has been announced and may be downloaded here. ImageServer digital photo system. The ImageServer digital photo system has been announced. "Image Server is simple web based digital photo management system. It is used to display, store, annotate, and archive thousands of photos. There are many built-in features to make it easy to display your photos to the world." FreeImage 2.0.0 is out. Version 2.0.0 of FreeImage, a Python based open-source image format converter, is now available for download. Tcl/TkThis week's Tcl-URL. Here is Dr. Dobb's Tcl-URL for January 15 with the latest news from the Tcl/Tk development community. Tcl/Tk FAQ on the web. Charles Vidal has announced the creation of tcltk.free.fr, an online version of the Tcl/Tk FAQ. Section Editor: Forrest Cook |
Language Links Caml Caml Hump Tiny COBOL Erlang g95 Fortran Gnu Compiler Collection (GCC) Gnu Compiler for the Java Language (GCJ) Guile Haskell IBM Java Zone Jython Free the X3J Thirteen (Lisp) Use Perl O'Reilly's perl.com Dr. Dobbs' Perl PHP PHP Weekly Summary Daily Python-URL Python.org Python.faqts Python Eggs Ruby Ruby Garden MIT Scheme Schemers Squeak Smalltalk Why Smalltalk Tcl Developer Xchange Tcl-tk.net O'Reilly's XML.com Regular Expressions |
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Commerce page. |
Linux and BusinessTroubles at VA Linux Systems. On December 9, 1999 VA Linux Systems had a wildly successful IPO. The first day the stock skyrocketed to $320 before closing at $239/share. It was too good to be true for those who bought stock at the opening price of $30. Well, at least for those who sold while the stock was high. As of this writing VA Linux is at $7.12, reflecting the general trend of the Nasdaq since those halcyon days of late 1999 and the recent announcement that the company lowered its expectations for its second fiscal quarter revenue. (Covered on this week's Front Page.) VA Linux has been named in a class action suit for alleged SEC violations along with Credit Suisse First Boston Corporation, and VA Linux execs Larry M. Augustin and Todd B. Schull. Several law firms have announced their participation. Oddly, a number of these law firms make the same mistake in their press releases: VA Linux Systems, Inc. is shortened to simply "Linux". In the worst case, this usage could be seen as a violation of the Linux trademark; at best references to "the Linux IPO" make these law firms seem clueless. Press releases from Milberg Weiss Bershad Hynes & Lerach LLP in New York, Cauley Geller Bowman & Coates, LLP in Boca Raton, Fla., Bernstein Liebhard & Lifshitz, LLP in New York and Seeger Weiss LLP also of New York, all shorten VA Linux Systems, Inc. to "Linux". For the press release containing the most information and one that refers to "VA Linux" rather than "Linux" see this one from Wolf Haldenstein Adler Freeman & Herz LLP of New York. Also involved are Schiffrin & Barroway, LLP of Bala Cynwyd, PA and Charles J. Piven, P.A. of Baltimore, MD. More law firms are sure to jump in as well. There are a number of firms that make their living from cases such as this. The sharks are circling. It is not clear how much VA Linux Systems itself was involved in the alleged violations. VA is charged with filing a false and misleading prospectus, but the suit mostly revolves around the conduct of Credit Suisse with regard to the VA Linux IPO. It will likely be some time before this issue is resolved. All of the law firms are looking for "lead plaintiffs" to help their cause. If you bought VA stock before December 6, 2000 and are inclined toward such things, you may be able to participate. See any of the above press releases for more information. This suit could hurt VA Linux badly. Just how much remains to be seen. It's worth considering, just as a thought exercise, what could happen to VA's community resources (such as SourceForge) should all of those lawyers succeed in dragging the company down. This is ugly stuff.
2.4 Kernel Pre-Production Release Available from VA Linux. VA Linux Systems, Inc. announced the availability of its first pre-production release of the new Linux 2.4 kernel, offered via ftp at ftp://ftp.valinux.com/pub/kernel/, is available as an executable binary compiled and packaged by VA Linux in RPM and DEB formats. IBM and NCSA Create Worlds Fastest Linux Supercomputers in Academia. IBM and The National Center for Supercomputing Applications (NCSA) at University of Illinois at Urbana-Champaign announced that NCSA will install two IBM Linux clusters, containing more than 600 IBM eServer xSeries systems running Red Hat Linux. NCSA's clusters will have two teraflops of computing power and will be used by researchers to study some of the most fundamental questions of science, such as the nature of gravitational waves first predicted by Albert Einstein in his Theory of Relativity. IBM Expands AIX Affinity With Linux. IBM today announced its Linux affinity initiative with the introduction of AIX Toolkit for Linux Applications. Available for download over the Web, the toolkit allows developers to build and package Linux applications for use on the IBM eServer(a) family running AIX. NuSphere MySQL, new version, training offerings. NuSphere Corporation has released version 1.13.5 of its MySQL distribution. NuSphere has also announced that it has been granted exclusive rights to the "official" MySQL training materials. The training program was developed by Polycon and Monty Widenius; courses will be offered in Massachusetts and California. Open Source Infrastructure - A Manifesto for the Coming Big Bang. Deutsche Banc Alex. Brown equity research analyst Phil Rueppel today published an industry report, " Open Source Infrastructure -- A Manifesto for the Coming Big Bang." Additionally, yesterday he expanded his coverage of the Linux Market industry by initiating coverage of Red Hat, Inc. (Nasdaq : RHAT) with a BUY rating ($7.0). "Linux and other Open Source technologies continue to demonstrate the characteristics of strong growth, increased customer penetration, and disruptive change -- all factors that create investment opportunities in our view." Linux Stock Index for January 11 to January 17, 2001.
LSI at closing on 11-Jan-01 38.32
The high for the week was 38.72
Press Releases:Open Source ProductsUnless specified, license is unverified.
Proprietary Products for Linux
Products and Services Using Linux
Products with Linux Versions
Books and Training
Partnerships
Personnel
Linux At Work
Other
Section Editor: Rebecca Sobol. |
January 18, 2001
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Linux in the news page. |
Linux in the newsWhat does "Press" mean? Here at Linux Weekly News we scour the planet each week looking for interesting articles that relate to Linux and the Open Source world. Not all of the articles that we find are meaningful, and unfortunately, many articles each week are simply retreads - older stories retitled and flung out under a different banner of some megamedia giant's slew of online papers. Filtering out the good articles is time consuming, but that's what we do for you, our loyal readers. The stories that we point to in the Linux in the News page are judged by us to have some value to at least some of our readers, but don't necessarily fit into the categories covered by the other LWN pages. Recommended ReadingSuit accuses VA Linux of deceiving investors (News.com). News.com covered the VA Linux investor lawsuit. "The suit, which also names the company's lead underwriter, Credit Suisse First Boston, says VA Linux failed to reveal in its prospectus that Credit Suisse promised shares in the stock offering to investors who pledged to buy more shares in the aftermarket at predetermined prices." Later, Business Wire reported that the law suit was being filed by Cauley Geller Bowman & Coates, LLP on behalf of all individuals and institutional investors - i.e. as a class action law suit. Numerous other law firms posted press releases seeking to take part in the suit as the week progressed. It should be noted that at least one of the suits wrongly refers to VA Linux as simply Linux, see this week's LWN Letters section for more on that. Linux Plus Itanium Equals Whoosh (Wired News). Using Linux clusters for large scale computational science projects was the subject of this article from Wired. "'Because of Linux clusters -- which are cost-effective, scalable and integrate open source software with vendor solutions -- commodity-based supercomputing is now a reality. This allows us to explore nature's most exotic phenomena, such as black holes, with much more detail and at much lower cost than ever before,' Seidel said." Modern Operating System, Interface Are Ripe for Change (Los Angeles Times). In this article from the LA Times, Jef Raskin, original project leader for the Macintosh, said that software developers in both the proprietary and open source worlds need to rethink PARC's 30 year old Altos-styled windowing interface. "People are finally beginning to realize that this interface that was developed back in the '70s and '80s isn't really hacking it," Raskin said, but there's "no revolutionary fervor anymore." CompaniesTurbolinux, Linuxcare heading toward a merger (News.com). News.com carried an article on the apparent merger plans between Linuxcare and Turbolinux. "The merger would be a dramatic change of direction for both companies." See the front page for more news on this issue. Former Compaq execs in server start-up (ZDNet). Here's a ZDNet article on a startup called RLX Technologies, which will be building servers based on Transmeta chips and Linux. "RLX is one of several start-ups designing 'ultra-dense' servers to meet the economics of Web-site hosting. For companies that house and manage thousands of computers for Internet operations, such very small machines allow them to collect more fees per square foot of computer room." Compaq rock stars reunite (Red Herring). The Red Herring reported on the founding of RLX Technologies. "Today, servers based on Crusoe and Linux may pose a similar threat to PC servers. Because Crusoe is smaller than the Pentium, it could eventually cost less to produce than Intel's chip, while providing comparable processing power. Linux is free and rivals the performance of Microsoft's Windows 2000 Server, which retails for as much as $640." Lineo scraps IPO (ZDNet). ZDNet took a look at Lineo's IPO withdrawal. "The canceled IPO is because of drops on the Nasdaq market, not because of problems with Lineo's own business, [CEO Bryan] Sparks said." Prosa, EtLinux rise from the ashes (LinuxDevices.com). The former Linuxcare embedded Linux company Prosa may be resurrecting the EtLinux distribution that it lost when Linuxcare's European facilities were closed. "At this time, a restart of Prosa and EtLinux is in process, under the direction of Davide Barbieri, who was formerly the General Manager of Prosa Labs and later served as General Manager of Linuxcare Italia following Linuxcare's acquisition of Prosa." BusinessIBM-TurboLinux Deal Pushes Windows Alternative (NewsFactor/Yahoo! News). Newsfactor examined the IBM-Turbolinux deal. "In September, IBM announced that it would spend $200 million over the next four years to build seven new Linux development centers. The role of the new Linux hubs, to be erected in Tokyo, Shanghai, Beijing, Taipei, Seoul, Sydney and Bangalore, India will be to work in conjunction with local developers on Linux application software." CollabNet inks development deals with Motorola, Mozilla (News.com). News.com also examined CollabNet's deals with Motorola and the Mozilla project. "CollabNet will host a site to help programmers collaborate on writing software for Motorola's upcoming Java-enabled iDEN cell phones. The site uses CollabNet's SourceCast service, which enables features handy for collaborative work such as mailing lists, bug-tracking and control over programming project updates. SourceCast also is at the heart of a site called Mozdev run for the Mozilla group to house projects related to Mozilla, the open-source version of the Netscape Web browser." Free MP3.com technology takes cue from open-source movement (News.com). MP3.com announced this past week that it plans to provide free access to its extensive online music database and streaming technology to developers. "Web developers who take advantage of the offer could create their own online music locker services without paying any licensing fees, said MP3.com's Oien. In addition, consumer electronics companies could create devices, such as portable MP3 players, that tap into MP3.com's online database." ReviewsInstant Messaging on GNU/Linux, Part 2: ICQ (LinuxOrbit). In the second in a series on instant messaging solutions for Linux, LinuxOrbit reviewed three ICQ clients for Linux: GnomeICU, LICQ, and Kicq. New Linux kernel arrives with little fanfare (Upside). Upside's look at the 2.4 release mentioned the new 2.6 pool, Microsoft's view of Linux as a threat, Corel's likely sale of its Linux division and the name change for Helix Code. "Microsoft president Steve Ballmer officially rated Linux "threat No. 1" among competitors trying to chip away at Microsoft Windows' market share." Traffic analysis almost for free (ZDNet). ZDNet shows how to build a low cost network traffic analysis tool out of a Linux-based PC and the open sourced iptraf package. "Iptraf version 2.3.1 provides network managers with a console-based network statistics utility that is easy to install, a snap to use, and robust enough to win a permanent place in our network management toolkit." InterviewsFree software pioneer hacked over sloppy use of computer terms (Dallas Morning News). The Dallas Morning News ran a profile on Richard Stallman this past week. "Many are irritated by Dr. Stallman's boundless determination to correct the errors of sloppy computer historians and espouse the glory of the Free Software Movement. But as longtime research associate Chris Hanson told Salon magazine last year: 'Richard is a genius, a man with a clear and unusual vision, and like others before him, he comes in a quirky and difficult package.'" Red Hat CTO looks to make running Linux less of a chore (News.com). News.com interviewed Red Hat CTO Michael Tiemann. "I think Red Hat is extremely happy with the quality of people that we've been able to attract and retain at our company. The open-source community is in this relatively unique position compared to the proprietary community in that the open-source developer has complete freedom of choice about what they work on and who they work for. So I think we will continue to hire the people that we need to get our job done, but I don't think it's necessary or necessarily even proper to try to hire the entire open-source community. That's not our strategy, and that's not our plan." MiscellaneousMuch ado about kernels (ZDNet). Evan Leibovitch still thinks there's too much hoopla over the 2.4 release, and that it is just another minor step forward from 2.3. "These facilities have been around for weeks, even months, in the 2.3 development kernels. Nobody who really follows Linux is being taken by surprise, which is another reason why you don't see much rejoicing among real developers and users. If you really want to follow what's happening with the Linux kernel, read the weekly recaps in Kernel Traffic." Frigid but fun times in the open source world (ZDNet). Evan Leibovitch followed with another story stating that the Linux community, at least the commercial side of it, is moving in the right direction. "We have rebounding stock prices, new goodies from the developers, and even indirect help from our adversaries. What more could one ask for?" Further Linux testing in store (ZDNet). eWeek said that more testing of the 2.4 kernel is expected in the near term from the Linux community, in some cases for major new features like journaling file systems. "IBM will be working with the community and contributing to further 2.4.x releases and the 2.5 kernel in the areas of Logical Volume Manager and clustering, including ongoing MOSIX projects such as scalable Web servers, cluster installations for quick configuration of a MOSIX cluster and Network RAM for large processes that span the main memory of several nodes." Linux sails in New Zealand. The New Zealand Herald carried a couple of stories on Linux this week. The first covered one sailmaker who used a Linux cluster to help design a new sail using a new program to calculate air flow around the sail. "The entire cluster [of 8 PCs] cost $15,000. In contrast, the Linux clusters Weta Digital is using to render graphics for the Lord of the Rings films, which use SGI hardware, are costing about $15,000 a processor." In another article, the paper reported on the merger of SCO and Caldera and the Linux marketplace in general. A shop assistant at the Auckland geek haven Dr Floppy noted, "What's hot was the German-made Suse Linux, whose $196 professional version came with six CDs of software. If you can't find what you need in there, you've really got a problem." (Thanks to Andrew Simpson for both pieces) Microsoft Gets Some MacLove (Wired). Wired said that LinuxPPC's booth was empty at MacWorld, compared to the normally unloved Microsoft booth. "This year when Wired News visited, president Jeff Carr was sitting alone at the small booth in the Sci-Tech/Small Business section, tucked away at the back of the hall. His three-foot penguin, the famous Linux mascot, hadn't arrived, and neither had the booth's biggest attraction, a stack of free installer CDs." But Kai Staats replied that Terra Soft Solutions was faring much better. "And now, nearly one third of the booth attendees are repeat customers, upgrading to our latest product or asking technical questions about Yellow Dog." NT remains hackers' favourite (vnunet.com). According to this vnunet.com article, NT is the most attacked server platform on the Internet. "Last year saw Windows NT steaming ahead yet again as the most hacked web server operating system, with the majority of defaced pages sitting on compromised NT boxes." (Thanks to Karl Vogel) Ex-Dell/NCR exec joins Penguin Computing. Penguin Computing announced that ex-Dell and NCR executive Marty Seyer joined the company as the new President and CEO. Founder Sam Ockman remains as Chairman and Chief Technology Officer. Section Editor: Michael J. Hammel |
January 18, 2001 |
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Announcements page. |
AnnouncementsResourcesLinuxUser issue 6. The latest articles from LinuxUser are now available in PDF format. The cover feature is "Linux goes to Hollywood." Linuxloopup.com Tip of the Week. Making really big files... without making really big files using dd. EventsJeff Waugh's Linux.conf.au diary. Linux.conf.au organizer Jeff Waugh has put up an event diary describing the preparations for the conference, which is happening this week. London XML DevCon 2001 Conference to Focus on Global eBusiness and Enterprise XML. XML DevCon Europe Spring 2001, presented February 21-23, 2001 will offer workshops, panel discussions and classes about Web Services, programming XML applications, and global eBusiness initiatives (ebXML and UDDI). German Perl Workshop. The 3rd non-profit German Perl Workshop is open for registration. The workshop runs February 28 - March 2, 2001 in Sankt Augustin, Germany. Early bird registration continues until January 31. LinuxForum 2001. LinuxForum 2001 will be held on March 3, 2001, in Copenhagen, Denmark. This year's presentations include Matthias Ettrich (KDE+TrollTech): Components - Universal Interoperability; Dirk Hohndel (SuSE+XFree86): XFree86 - about People and Technology; Wichert Akkerman (Debian): Debian - what's this then?; as well as Danish speakers on many exciting topics. Embedded Systems Conference San Francisco. CMP Media announced the conference program for the Embedded Systems Conference San Francisco. The twelfth annual Embedded Systems Conference, running from April 9 - 13, 2001 at San Francisco's Moscone Center, provides a total of 171 classes, and 15-full day tutorials, including 95 entirely new sessions. The second Annual Symposium on Pliant Implementation and Concept. (ASPIC) will be held in Paris, France on April 20, 2001. Dedicated to the (GPL) Pliant programming language. Libre Software Meeting. The second annual Libre Software Meeting will take place near Bordeaux, France from July 4 to July 9, 2001. O'Reilly Open Source Software Convention. O'Reilly & Associates announced a call for papers for the 3rd annual Open Source Convention. The Open Source Convention is a five-day event designed for programmers, developers, and technical staff involved in Open Source technology and its applications. The convention will be held at the Sheraton San Diego Hotel and Marina, San Diego, California, July 23-27, 2001. January/February events.
Additional events can be found in the LWN Event Calendar. Event submissions should be sent to lwn@lwn.net in a plain text format. User Group NewsLane Community College Open Source Computer Group. The LCC-OSCG recently announced its existance. They would like to create an open source community at LCC, help students integrate open source tools and philosophy into their education, and connect students with the larger open source community. LUGOD Installfest. The Linux Users' Group of Davis and the UC Davis Computer Club will be holding a Linux Installfest on Sunday, January 21st, from 10:00am - 6:00pm. LUG Events: January 18 - February 1, 2001.
Additional events can be found in the LWN Event Calendar. Event submissions should be sent to lwn@lwn.net in a plain text format. |
January 18, 2001 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Software AnnouncementsHere are this week's Freshmeat software announcements. Freshmeat now offers the announcements sorted in two different ways: |
Our software announcements are provided courtesy of FreshMeat
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Linux History page. |
This week in Linux historyFive years ago: a company called, then, Pacific HiTech (they now call themselves Turbolinux) hawked its latest product: the January '96 Linux Monthly CDROM. It included, among other things, a Python.org snapshot, the 1.3.45 kernel, Postgres95, and the latest Debian boot and root disks. Four years ago: Pacific HiTech release its new product: "Turbo Linux Red Hat 4.0". The "Turbo Linux" distribution has, of course, come a long way since then... Two years ago (January 21, 1999 LWN): ZDNet looked at what Pacific HiTech had in mind: Coming out in March will be Pacific HiTech's new TurboLinux Enterprise Server 3.0, bundled with numerous apps, including five licenses for the Oracle 8 database. [CEO Cliff] Miller, eyeing the higher-end corporate marketplace, is mulling over a starting price of several thousand dollars. Well, it was a nice idea... Samba 2.0 was released after a long development period. Such was the stability of that release that, two years later, the world is running happily with 2.0.7 (though a 2.2 alpha release is available). The "Windows refund" movement got started after a couple of Linux users managed to get their money back for the (unused) Windows software that came with their new computers. Corel sold its Netwinder division to a company called Hardware Canada Computing - since renamed Rebel.com. The current development kernel was 2.2.0pre8 - one of the last steps in the path to the 2.2.0 release. Debian 2.1 ("slink") went into "deep freeze" prior to its official release - which was, of course, longer in coming than expected. TurboLinux 3.0.1 was released. It was the first version of TurboLinux to be sold as a boxed set. One year ago (January 20, 2000 LWN): The first serious enforcement of the Linux trademark came about, in the form of a shutdown of an auction of 250 Linux domain names. These names included useful domains like "LinuxOnSteriods.com" and "ScreaminLinux.com." Alas, Linus shut down the auction and those names remain unused. Linuxcare filed for its initial public offering of stock; interested folks can read our summary of that filing. This IPO never happened, of course, due to a combination of unfriendly markets and internal troubles at Linuxcare. The development kernel release was 2.3.39. It became increasingly apparent that a 2.4.0 release was not going to happen anytime soon after Linus let in a number of major changes. Debian 2.2 ("potato") went into code freeze: "The code freeze for the next Debian release, code named "potato", has begun", says Richard Braakman, current Debian Release Manager. He expects the freeze process to take about two months. 2.2 was actually released in August... Linux-Mandrake 7.0 was released, as was Red Hat 6.1 for the Alpha architecture. The world finally found out what Transmeta was up to. Turbolinux announced the closing of a $57 million funding round. | |
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Letters page. |
Letters to the editorLetters to the editor should be sent to letters@lwn.net. Preference will be given to letters which are short, to the point, and well written. If you want your email address "anti-spammed" in some way please be sure to let us know. We do not have a policy against anonymous letters, but we will be reluctant to include them. |
January 18, 2001 |
To: letters@lwn.net Subject: Pronunciation of LaTeX From: Alan Shutko <ats@acm.org> Date: 11 Jan 2001 15:43:00 -0500 As I have a pet peeve about people declaring the way I pronounce words invalid, I feel the need to point out http://www.tex.ac.uk/cgi-bin/texfaq2html?keyword=&question=9 In other works, it has been mentioned that Lamport would make an effort in talks to pronounce LaTeX in as many ways as possible, so as to avoid any connotation of an official spelling. Why we geeks get in such pronunciation wars is beyond me (reference the GIF saga and old Linux FAQs saying it was permissable either way) but please, leave my Lay-Tek alone! -- Alan Shutko <ats@acm.org> - In a variety of flavors! It's always darkest just before it gets pitch black. | ||
From: veitc <veitc@sovereign.org> Date: Wed, 17 Jan 2001 16:04:44 -0700 To: lwn@lwn.net Subject: Linux trademark concern - VA Linux lawsuit I'm not a lawyer so the following opinion needs a little research. I am just concerned with seeing more discussion on this topic. This is also the best way I could come up with to contact people in the Linux community on this issue. Your story on the VAlinux lawsuit a few days ago was interesting. I looked at the law firms complaint and press release and then sent them mail (which I have attached below). I complained about their use of the trademark 'Linux' as shorthand for VA Linux. Just yesterday I noticed that three more law firms have also initiated class action suits against VA. Apparently all the new lawsuits also use exactly the same abbreviation for VA Linux in their complaints. (It could be cut and paste at its finest or perhaps a conspiracy?) While it isn't my place to decide if these cases have merit, I am very concerned about the way all of these firms have used "linux" as shorthand in the legal docs for "VA linux". Although the use of shorthand is common in legal documents I believe that the use of a trademark in this generic manner is bad for the holder of the mark. The fact that this error has also found its way into the press releases from these firms is damaging to the 'Linux' trademark (held by Linus Torvalds, who is not involved with VA). And perhaps is damaging to the business of other Linux vendors. Whether this is a simple mistake or intentional misuse on the part of these firms is unknown. In any case this reflects badly on the entire Linux community. If the Linux trademark is not protected with legal action of an appropriate sort I suspect it could be destroyed as a trademark and become a generic term. I guess my interest is in seeing some follow-up info. 1. (From someone with real Legal knowledge) Is this really a potential problem? 2. If so, how bad is this situation? 3. Is Linus aware of this, what does he think? 4. Is anyone (perhaps Linus), pursuing action to have these documents corrected and having the involved law firms issue press releases correcting the usage? Regards, Curtis Veit veitc@sovereign.org ------------ My email to Milberg Weiss ---------------------- Please forward to the VAlinux class action staff. To whom it may concern: Your complaint in the VAlinux case has a significant flaw in that you have shortened the name VAlinux to Linux in the document. In most cases a shorthand reference such as this would be acceptable, however in this case 'Linux' is a registered trademark which is not held by VAlinux. (It is held by Linus Torvalds) Its use in this case and in this manner reflects badly on other Linux vendors not implicated in this case. I highly recommend that you review this matter and correct it. This case may become highly visible and could cause harm to these other vendors. If this indeed happens your firm might find itself involved in litigation for this incorrect use. Personally I am not a lawyer but this is offensive to me a a Linux user and as an employee of a firm using Linux. I believe that your error was not intentional, but instead reflects your lack of knowledge of the Open Source software community and the Linux trademark. (I suspect that using 'VA' as shorthand will be less problematic.) I write to you directly because I believe that you may have time constraints on modifying court documents. In case you do not understand the importance of this issue I will be informing a number of these firms that may be harmed so they can pursue legal action should that be appropriate and needed. I am also informing Linus Torvalds as I believe allowing use of a trademark in a public document in an incorrect manner weakens its validity. I hope you find this information useful. I find informal (early) solutions to problems such as these far better than the alternative. Regards, Curtis Veit | ||
To: letters@lwn.net Subject: Palm Pilot Sync From: MJ Ray <markj@luminas.co.uk> Date: 12 Jan 2001 09:37:24 +0000 Just a quick note to say I'm amazed not to see ColdSync in the line up of tools for syncing with Palm. This command-line tool can handle syncing with a single command and start off conduits etc. I'm surprised not to see it used more widely. While I'm writing, I'd just like to praise the authors of GPL'd Palm software (eg CSpotRun) and palmfreeware.com for being great tools! -- MJ Ray Email: markj@luminas.co.uk Director Tel: +44 (0)20 8553 6622 Luminas Internet Applications Fax: +44 (0)870 28 47489 This is not an official statement or order. Web: www.luminas.co.uk | ||
Date: Fri, 12 Jan 2001 08:47:14 -0800 (PST) From: "Roderick A. Anderson" <raanders@altoplanos.net> To: letters@lwn.net Subject: Linux 2.4 - the Real Millenium Edition I, at last, figured out what the true reason for the delay of the 2.4 kernel. Linus wanted a true 'Millenium Edition'. I'll also bet there are far fewer bugs in this then the other ME. Rod -- Roderick A. Anderson raanders@altoplanos.net Altoplanos Information Systems, Inc. Voice: 208.765.6149 212 S. 11th Street, Suite 5 FAX: 208.664.5299 Coeur d'Alene, ID 83814 | ||