Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise
news for all interests
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Linux History Letters
Other LWN stuff:
Archives/search
Recent features: Here is the permanent site for this page. See also: last week's LWN.
|
Leading items and editorialsWho's afraid of the big, blue wolf? One can always count on the Gartner Group for fun pronouncements on Linux. The latest comes from this vnunet.com interview with Gartner analyst George Weiss, where he tries to get us all scared about what IBM might do. From the interview: Weiss said he could see a day when "80 per cent of the revenues, indirect or direct, attributed to Linux will go into IBM coffers unless companies like HP, Red Hat and VA Linux smarten up their act. IBM will have a stranglehold on the community" Mr. Weiss also says: The biggest problem IBM has is that it appears to the Linux community that it is trying to take over the Linux momentum and grab what this OS has to offer
It is interesting that Mr. Weiss has such sense of the Linux community - Gartner has, in general, kept its distance from that community. From LWN's viewpoint, IBM has not yet frightened all that many people. One can always find those who will complain about corporate involvement in Linux, of course. But, in general, IBM's Linux moves have been seen as good news. The more interesting question, though, is this: should we be scared of IBM? Those who look can certainly come up with reasons to worry:
IBM, thus far, has taken great care not to upset the Linux community. It is careful about free software licenses, has been careful to work with multiple Linux distributors (and has not created a distribution of its own), and, in general, has avoided looking like it wants to take the whole pie. These efforts have paid off; IBM's image in the Linux community is pretty good. But IBM is a company like any other, beholden to its shareholders. IBM executives have been very clear that they see free software as a disruptive technology. One can be sure that, given that they believe free software will be highly successful, they want to own a large part of that success. If other Linux companies look like they are threatening IBM's success, IBM will certainly respond in a competitive manner. Companies can not ignore competitive threats and survive. So IBM is likely to work harder, compete harder, and do its best to own a large part of the Linux market. Should the Linux community be worried about a future that is more blue? Certainly Linux companies should be worried - they will face no end of threats over the next few years. But even they could find themselves better off: IBM, in seeking its piece of the Linux pie, has a good chance of making that pie much larger. Billion dollar investments and high-profile deployments will grow the market for everybody. In a few years, many Linux vendors could find themselves with a smaller market share, and a lot more business. The Linux community should have little to fear, as long as IBM continues to play by the rules. Free software will remain free, and nobody will ever be forced to do business with IBM, or any other company, to use it. IBM bears watching, as do all companies working with free software. But it is not a particular threat, even if it is big and blue. Zend launches its PHP products. For years, the PHP language (once "Personal Home Page," now "PHP: Hypertext Preprocessor") has been the engine behind a great many web sites. Its C-like syntax, performance, and database interfaces have all combined to make it, arguably, the most popular server scripting language available. Also for some time now, a company called Zend Technologies has been contributing to the PHP project. Among other things, the high performance "Zend engine" powers the (relatively) recent PHP 4.0 release. Zend has done much to advance the PHP state of the art. Now it's time for Zend to make some money from all this. The company's plans became clear with this press release, which came out on January 23. Zend is offering a whole range of products and services oriented around PHP, including:
A couple of aspects of these offerings jump out at the reader. The first is that the support offerings are clearly not at the core of what Zend is up to. The offerings are minimal, and, at the given price levels ($50/year for "non-commercial" customers, $70/month for the rest), will not generate large amounts of revenue. There are no expensive "we'll do your web site with PHP" offerings, consulting services, or PHP enhancement services. Unlike Great Bridge, NuSphere, and others, Zend is not centering its business around services for free software. Instead, Zend is a proprietary software business which is supporting PHP as the loss-leader platform on which to base its (expensive) products. Those who are in doubt can check out Zend's software license which has the usual proprietary stuff in it - including a prohibition on reverse engineering of the product. It is, of course, entirely within Zend's rights to offer its work as a proprietary product. And even if Zend has not embraced the "all free software" view, the company has certainly done much to support a highly successful free software product. It will be interesting to see if this approach to running a (partially) free software business is successful. Meanwhile, the all-free competition is not standing still. Digital Creations has just put out a press release announcing the (forthcoming) release of Zope 2.3. Among other things, this version of Zope includes its own caching system for dynamic content. It also includes a number of ease-of-use improvements that are intended to mitigate the notorious Zope learning curve. Digital Creations has done well with the pure services model, and thus continues to put its developments under a free software license. LinuxPPC goes non-profit. LinuxPPC, the organization behind the popular LinuxPPC distribution for PowerPC computers, was originally founded in 1997 as a for-profit company. However, their intent was always to become a non-profit organization, with the goal of supporting Linux on the PowerPC platform. Filing as a for-profit company was initially just easier and less expensive. Then came the Linux stock phenomena and the "dot-com" craze. The hoopla distracted them from their original purpose for a while. They turned down a lot of offers, listened to people who told them a non-profit couldn't survive in that kind of environment and slowly build a solid, small business. Once the stock market hype died down, their original plans looked more promising than ever. As a result, LinuxPPC is moving ahead to file as a non-profit corporation. Why? In a word, "Control". No venture capitalists, angel investors or stockholders to drive the mission of the company. The control rests with the users and developers of LinuxPPC. For more details, please check out our interview with Jason Haas, who, along with Jeff Carr, founded LinuxPPC. And don't worry, the LinuxPPC distribution will be here for a long-time to come. On the joys of copy protection. For those who haven't seen it, this posting from John Gilmore on copy protection is certainly worth a read. It is a clear discussion on how numerous companies are attempting to use technology to take away rights that are otherwise guaranteed, and how there's a better way. It's no coincidence that the open source, free software, and Linux communities are among the first to become alarmed at copy protection. They are actively making their livings or hobbies out of eliminating scarcity and increasing freedom in the operating system and application software markets. They see the real improvement in the world that results -- and the ugly reactions of the monopolistic and oligopolistic forces that such efforts obsolete.
The full posting is long but worth the trouble.
LinuxWorld and Linux Expo Paris happen next week. The LinuxWorld Conference and Expo is happening next week in New York. Expect the usual: suits and ties, loud music, corporate hype, wild parties, and, of course, lots of Linux. LWN.net editors Liz Coolbaugh and Michael J. Hammel, as well as LWN.net team member Dennis Tenney will all be there. Stop by and see our talks or look for us in the Exhibit Hall. And keep your browser tuned to LWN, of course, for news from the event. Also happening next week is Linux Expo Paris in, well, Paris. LWN, alas, will not be there, a mistake that we intend not to make again next year. Meanwhile, if SuSE CTO Dirk Hohndel looks tired, be nice to him: he is currently listed as a speaker at both shows... LWN turns 3. The very first LWN weekly edition came out on Thursday, January 22, 1998. Three years later, we're still here - though, hopefully, we've improved a little on the way. We're looking forward to many more years... Inside this week's Linux Weekly News:
This Week's LWN was brought to you by:
|
January 25, 2001
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Security page. |
SecurityNews and EditorialsMulticast impacts from the Ramen Worm. Last week, in our coverage of the Ramen Worm, we mentioned the network impacts of the Ramen Worm, but like many other news reports, we glossed over them quickly. That did not do justice to the most-likely unintended consequences of the Worm; its impact on multicast networks. The Ramen worm was designed to use a binary called "randb" to generate a list of class B networks to scan. That causes the impact of the worm to be somewhat randomly scattered. However, the first byte of the IP addresses generated ranged from 13 to 242 -- a range that includes multicast addresses. On other words, the Ramen worm is also scanning multicast networks, and the results are far from pleasant. What is multicast? Where most Internet traffic is much like a telephone call, directly from one IP address to another, multicast traffic is more like radio or television. All sites that have "tuned in" to the multicast broadcast will receive it - and can broadcast to all other participants as well. The multicast network is designed such that data need cross any network segment only once, even if it is being broadcast to many recipients on the other side. Example uses of multicast include the broadcasting of real-time audio and video from conferences or tuning in on the space shuttle. Check the Multicast over TCP/IP HOWTO for more details. The IP address range for multicast is 224.0.0.0 through 239.255.255.255. This range is thus included in the address space attacked by the Ramen worm. Each scan packet sent by the multicast scan generates a Multicast Source Distribution Protocol (MSDP) Source Availability (SA) message. Bill Owens reported: Unfortunately the scanner being used is very efficient and can cover a /16 in about 15 minutes, generating 65000 SA messages. The SA messages are flooded throughout the multicast backbone and the resulting load on the routers has caused degradation of both multicast and unicast connectivity
For the past nine days, this has resulted in repeated storms of network traffic on multicast networks. The graph reporting statistics over the past month is particularly telling -- the level is flat for the first two weeks, then shows tremendous peaks of traffic, each reprenting a multicast storm. All of this tells us that multicast has been proven vulnerable to a denial-of-service attack. That problem is being heavily discussed on the Internet2 multicast and MBONE mailing lists. As a result, though, the damage from the Ramen worm is much higher than we originally reported. As a side note, Crispin Cowan from Immunix reported that FormatGuard, used by Immunix to prevent format string vulnerabilities, successfully blocked all three of the vulnerabilities exploited by the Ramen worm. French hackers break SDMI, publish results. Two French hackers, Julien Stern and Julien Boeuf, have broken the Secure Digital Music Initiative's watermarking scheme. However, being French, they (1) have declined to sign SDMI's nondisclosure agreement, and (2) are not subject to the Digital Millennium Copyright Act. So they have published their findings, both in French and in English. (Found on Da Linux French Page). Linux Gets Stateful Firewalling (SecurityPortal). SecurityPortal covers Netfilter, the packet filtering system provided by the new 2.4 kernel release, in this article by Jay Beale. "The 2.4 kernel's packet filtering system, Netfilter, is Linux's first stateful firewall. Stateful firewalls represent a major technological jump in the intelligence of a firewall and are present in all serious Enterprise firewalling products. Among many enhancements, this "statefulness" allows Netfilter to block/detect many stealth scans that were previously undetected on Linux firewalls." Security ReportsMySQL buffer overflow. Nicolas Gregoir reported a buffer overflow in the MySQL server that can be exploited remotely to gain access to the system under the uid of the mysql server. MySQL 3.23.31 and earlier are affected. MySQL 3.23.32 fixes the problem. Check BugTraq ID 2262 for more details.
sash readable file vulnerability. Debian released an advisory this work for sash, reporting that versions of sash prior to sash 3.4-4 did not properly clone /etc/shadow, leaving a fully readable file as a result. They have provided updated packages for stable.micq remotely exploitable buffer overflow. Micq is a public domain ICQ clone. Micq 0.4.6 is reported to contain a remotely exploitable buffer overflow that can be used to execute arbitrary code. micq 0.4.6p1 contains a backport of the fix provided by Debian. Check BugTraq ID 2254 for more details.This week's updates: webmin tmpfile vulnerability. Webmin, a perl-and-web-based systems administration interface, is reported to insecurely create temporary files in several instances. webmin 0.84 contains a fix for this problem.This week's updates: kdesu password sniffing. Caldera issued an advisory for kdesu, a KDE2 program that is used to run systems administration commands under the root account. They report that a bug in kdesu will allow any user on the system to steal passwords entered at the kdesu prompt. Sebastian Krahmer (SuSE) and Waldo Bastian (KDE) are also acknowledged for their part in helping to track down this problem. Presumably, any other system shipping KDE2 may also be affected.FreeBSD-specific ipfw/ip6fw vulnerability. FreeBSD issued an advisory reporting a problem with ipfw/ip6fw that is specific to FreeBSD. The ECE flag is incorrectly treated, potentially incorrectly allowing some traffic through the IP filters. Updates for the problem are provided.crontab file access vulnerability. FreeBSD put out an advisory and updates for a problem with crontab(8) which can allow any file on the system that matches a crontab file in format to be read. This also includes any file where every line either begins with a "#" or contains only whitespace.This problem is not FreeBSD-specific. No related reports have been seen. icecast format string vulnerability. A format string vulnerability was reported this week in icecast 1.3.8beta2 and prior. This can be exploited remotely to execute arbitrary code. Exploits for Slackware and Red Hat have been published. icecast is an MP3 server. So far, an updated version of icecast has not been published.This week's updates: bing local root exploit. Paul Starzetz reported a buffer overflow in bing that can be exploited locally to gain root access. bing is a tool designed to help calculate the network bandwidth between two points. bing 1.04 and earlier are vulnerable; bing 1.0.5 has been released to fix the problem.Commercial products. The following commercial products were reported to contain vulnerabilities:
UpdatesPHP Apache Module per-directory and virtual hosts vulnerabilities. Check the January 18th LWN Security Summary for the original report of the problems. An upgrade to PHP 4.0.4pl1 will resolve the issues.This week's updates: ssh1 secure RPC vulnerability. Last week, we mentioned a vulnerability in ssh 1.2.30 secure rpc encryption. This week, Dan Harkless pointed out that the vulnerability applied not just to ssh 1.2.30, but to ssh 1.2.30 and all earlier versions of 1.2.X.glibc RESOLV_HOST_CONF preload vulnerability. Check the January 18th LWN Security Summary for the initial report of this problem, which can be exploited to gain local root access. This week's updates: Previous updates:
glibc local write/ld.so.cache preload vulnerability. Red Hat issued another update to glibc this week to fix a preload-related vulnerability. In this vulnerability, the glibc preload check was not applied to libraries that had already been loaded into /etc/ld.so.cache. This can be exploited to create/overwrite files without authorization.This week's updates: Previous updates:
Multiple vulnerabilities in splitvt. Multiple vulnerabilities were reported in splitvt in the January 18th LWN Security Summary, including several buffer overflows and a format string vulnerability. An upgrade to splitvt 1.6.5 should resolve the problems.This week's updates: jaZip buffer overflow. A buffer overflow was reported last week in jaZip, a program for managing Iomega Jazz or Zip drives.This week's updates: wu-ftpd insecure tmpfile creation. Check the January 11th LWN Security Summary for the original report of twelve packages with tmp race problems, of which wu-ftpd was one.This week's updates:
tinyproxy heap overflow attack. Check the January 18th LWN Security Summary for the initial report. This can be exploited to cause a denial-of-service. tinyproxy 1.3.3a has been released to fix this problem.This week's updates: BIND 8.2.2-P5 denial-of-service. A denial-of-service vulnerability was reported in BIND 8.2.2-P5. Check the November 9th, 2000, LWN Security Summary for the initial report. BIND 8.2.2-P7 contains a fix for the problem.This week's updates: Previous updates:
XFree86 security problems. Check the October 26th, 2000 LWN Security Summary for the original report on multiple security problems in XFree86 3.3.5, 3.3.6 and 4.0. It is well worth noting that updates from other Linux vendors for these problems still haven't been seen. Even the Conectiva announcement only covered one of the reported vulnerabilities. This week's updates:
EventsUpcoming security events.
For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net. Section Editor: Liz Coolbaugh |
January 25, 2001
LWN Resources | |||||||||||||||||||||||||||
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Kernel page. |
Kernel developmentThe current kernel release is still 2.4.0. Linus continues to put together a 2.4.1 prepatch, currently at 2.4.1-pre10. His approach remains conservative, and this patch (especially if you ignore ReiserFS) is relatively small. Those looking for something meatier may want to consider, instead, 2.4.0-ac11 from Alan Cox. This release contains literally hundreds of patches - almost 10MB worth. Cutting out the middleman in data transfers. The discussion started by David Miller's posting of an experimental zero-copy networking implementation (discussed on this page two weeks ago) continues, though it has moved into new areas. One of those is the optimization of data transfers to avoid copying the data as much as possible. Consider, for example, the sendfile() interface that Linux supports now; using sendfile(), an application (a web server, say) can transfer a disk file to a network socket without ever having to read it into user space. There is an obvious performance gain from operating in this mode for certain applications. So, why not extend the idea to its logical conclusion? Why not have a system call that says "copy data from here to there, and optimize as much as possible"? One approach to this mode is Larry McVoy's 'splice' interface, which tries to provide a general way for user space processes to control high-performance copies. It provides "push" and "pull" primitives which handle the destination and source sides of a copy, respectively, and give the application some latitude in how the two are put together. Here's Linus's comments on splice and why it has not been implemented so far. Essentially, sendfile handled the task that most users wanted, the splice interface needed a bit of work, and it didn't fit well into the structure of the kernel at the time. The kernel has since evolved, and Linus's message hints that an implementation of a modified form of splice would be easier now, and that it might even be accepted. One can take the idea further, however: why not, when appropriate, simply tell the hardware to copy the data between devices directly and leave the kernel (and the processor) out of it altogether? According to Linus, that's one of those great ideas that turns out not to be so great in practice. His short response to the idea was: device-to-device copies sound like the ultimate thing.
Further into the discussion, Linus came up with other reasons to avoid direct device-to-device (D2D?) copies. One is that there is very little use for the capability in the end. One can talk, for example, of streaming video directly to disk - but how often will a user be recording video without wanting to look at it too? Another is that very little hardware supports that mode of operation. Linus sees a trend toward connecting hardware with direct, point-to-point links that are not amenable to direct operations between devices. Quoth Linus: "Just wait. My crystal ball is infallible." TCP_CORK or MSG_MORE? Another branch of the same discussion has to do with getting optimal performance from network transfers. Imagine a web server using the sendfile() interface described above. In response to a request for a page, the server will first write out a short set of HTTP headers, then use sendfile() to actually transfer the page data. By the time the sendfile() call is actually made, however, the headers will have gone out on the net as a very short packet. The result is poor performance on both the sending and receiving side. Linux has handled this issue with a TCP option called TCP_CORK. If an application sets that option on a socket, the kernel will not send out short packets. Instead, it will wait until enough data has shown up to fill a maximum-size packet, then send it. When TCP_CORK is turned off, any remaining data will go out on the wire. TCP_CORK does the job reasonably well. Recently, however, a contingent led by Ingo Molnar has been pushing for a new interface which uses a flag called MSG_MORE. Rather than applying to the socket in general, MSG_MORE is attached to a one or more write operations on that socket. It says "there will be more data coming," and the kernel knows to buffer data to get bigger packets. The advantages of this approach are said to be (1) it requires no persistent state on the socket, thus helping, among other things, to avoid programming errors; and (2) it avoids the system call overhead of toggling the TCP_CORK flag. Ingo used MSG_MORE in the implementation of the TUX kernel web server, and is happy with the results. Linus, however, is not convinced. MSG_MORE requires a flag to be set on every transfer, only works on sockets, and requires that the code that is doing the writing be aware of the flag. TCP_CORK, instead, works with programs using the standard I/O package, and it can be set on sockets that are passed to other applications, such as CGI scripts, that are completely unaware of its presence. The TCP_CORK flag preserves a lot more of the standard Unix stream semantics. Conclusion: don't expect to see MSG_MORE show up in user space anytime soon. Fixing the 2.4.0 USB breakage. When 2.4.0 came out, it included a last-minute change to the usb_device_id structure, which is used to find driver modules for specific USB devices. Unfortunately, the form of this change was such that it broke the USB autoloading mechanism entirely. Since then, the USB maintainers, along with modutils maintainer Keith Owens, have been trying to figure out a way to make things work again. The problem is that modutils, which handles the actual module loading process, can not distinguish the new usb_device_id structure from the old one. Making modutils work with the 2.4.0 version of the structure is not a problem - but then it will cease to work for earlier versions. Keith Owens places great importance on backward compatibility, and does not want to break things for any version. So he has produced a kernel patch which adds a version number to the relevant structures. With versioning, changes can be detected and everything can be made to work. Linus, however, does not want to apply the patch. It is, after all, a binary interface change; such changes are generally avoided within a stable kernel series. Besides, the only other kernels which used the USB device table were the 2.4.0-test kernels - that structure was added in 2.4.0-test10. Nobody feels all that bad about breaking the prerelease kernels, in the end. Almost nobody, that is; Mr. Owens is still not entirely happy. He has released modutils-2.4.2 which makes the 2.4.0 format work, but he has done so "under protest." People who want to be able to switch between 2.4.0 and the 2.4.0-test kernels will have to keep two versions of modutils around; everybody else can just install 2.4.2 and USB autoloading will work again. Should the kbuild list move to SourceForge? Michael Elizabeth Chastain has posted a proposal to move the kbuild mailing list (which discusses the kernel configuration and building system) to a SourceForge project. He has a few reasons, but any kbuild reader will know the first one intuitively: spam routinely exceeds real postings on that list. With luck, moving to a site with better spam filtering would help to make the list usable again. The one objection to the move came in the form of this posting, which raised the concern that the free software world is becoming too dependent on SourceForge. But it just concerns me when a single company has the ability to (temporarily) freeze the development of half the world's open-source software just by unplugging a roomful of servers, either voluntarily or not (think "court order").
This is a concern that LWN has raised in the past as well. This time, however, there was a semi-official response in the form of this message from Eric Raymond, who is on the VA Linux board of directors. According to Eric: We're not blind to this problem. We don't want to be a chokepoint; it's in VA's interest for the community to know it's protected against accident or malfeasance. This is why we're developing a network of active mirror sites -- not just to improve performance, but so one of them could take the baton if the SourceForge primary site had to shut down for some reason.
It is good to see an acknowledgement of this concern from VA. SourceForge is a great resource, but it has led to an unprecedented concentration of free software projects in a single place. Other patches and updates released this week include:
Section Editor: Jonathan Corbet |
January 25, 2001 For other kernel news, see: Other resources: |
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Distributions page.
Lists of Distributions |
DistributionsPlease note that security updates from the various distributions are covered in the security section. News and EditorialsGood news for SPARC. Times are good for people wanting to use Linux on the SPARC platform. Both SuSE and Slackware made new announcements this week. SuSE announced the availability of the first beta for SuSE Linux 7.1 for SPARC. The announcement contains a list of known bugs that you'll want to review before you decide to take it for a spin. The Slackware Linux Project announced that the "-current" tree for Alpha machines is now publicly available. This is in a much earlier development stage than the SuSE port, but it is gaining some enthusiastic involvement. For those of you interested in the Slackware port, be sure to check out the Slackware Port-SPARC forum. From it, we gleaned success stories for booting Slackware on a SPARCstation 20, but IPC and ELC users appear to be having a harder time getting started. General-Purpose DistributionsDebian News. This week's Debian Kernel Cousin covers discussions on security issues and quirks with the "man" command and its caching capability. A compromise was reached on how to handle changes to the standard options for the "tar" command. And a huge number of Linux conferences in Germany and elsewhere in Europe were mentioned. Of most importance, though, was a report from Bdale Garbee on bind 9.1.0. For those of you that remember back that far, the bind 8.2 series generated some controversy in September of 1999 due to its implementation of the RSA algorithm, something that almost caused Debian to drop the use of bind and work to develop a free alternative. A compromise was worked out and bind was kept, but relegated to non-free. Bdale now reports that he's been able to work out similar issues with bind 9.0.0 and 9.0.1, which would have made them incompatible with the Debian Free Software Guidelines as well. As a result, the soon-to-be-released 9.1.0 version of bind will be fully compliant with the DFSG -- but will still reside in non-US, due to its cryptographic components. This week's Kernel Cousin Debian Hurd reports on the progress of a project that is developing a set of Hurd installation CDs. While progress is being made, don't expect to see these CDs available anytime soon. Linux-Mandrake News. A look at the Linux 2.4 kernel from a strictly Linux-Mandrake point of view was provided this week. After all, like most major distributions, Linux-Mandrake already uses a heavily customized version of the Linux 2.2 kernel (including ReiserFS support, for example). So why should a Linux-Mandrake user get excited about seeing Linux 2.4 in a future distribution? PCMCIA, USB, Fire-wire and ISA PnP support, NFSv3, improved SMB support, improved network security, stability and speed, video support and more. "Nope, we aren't likely to get bored this year..". Slackware News. Userlocal.com is a new site that is focusing, in particular, on the Slackware community. We always welcome the addition of new sources of information on Slackware and we expect Slackware readers will also. An updated version of SlackReiser, a set of boot and root disks to support installing Slackware on a ReiserFS file system, was released this week. The changes were minor. Although neither a development tree nor a bootable CDROM image is currently available, Chris Lumens is also working on an Alpha port for Slackware. Alpha-related questions can be mailed directly to him. Embedded DistributionsMicrowindows 0.89pre7 released. Greg Haerr posted an announcement for Microwindows 0.89pre7 this week. This is a development release containing some major enhancements, small additions and bug-fixes. Microwindows runs on PDAs, WebPADs and set-top boxes. Support for the G.Mate YOPY PDA has been added and extensive auto-generated documentation is now available. Freetype font caching has been enabled as well. The list is much longer that that, so take a look yourself if you are interested. Mini/Special Purpose DistributionsClarkConnect. Another distribution aimed specifically at taking an older system and turning it into an Internet gateway is now available. ClarkConnect is aimed specifically at home users with broadband Internet connections. It is based on Red Hat 6.2, but trimmed down and secured. Minor distribution updates. The following distributions released minor updates this week:
Section Editor: Liz Coolbaugh |
January 25, 2001
Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Development page. |
Development projectsNews and EditorialsCooperative open-source lab opens doors. The big story of the week in open source development had to be the opening of the new Open Source Development Labs outside Beaverton, Oregon. The labs, funded with $24 million from companies like Hewlett-Packard, Intel, IBM, Computer Associates, NEC, Hitachi, Mitsubishi Electric, Dell Computer and SGI, is intended to be a hotbed for open source development in a commercially productive way. Most of the major Linux companies also are involved, including Red Hat, VA Linux Systems, Caldera Systems, SuSE, Turbolinux, Lynuxworks and Linuxcare. Ross Mauri, vice president of Unix software at IBM, has been appointed president of the lab's governing board, while Brian Behlendorf, chief technical officer of CollabNet and co-founder of Apache, is among the board appointees, according to an ZDNet story on the opening of the lab. Known simply as OSDL, the lab, which was the brainchild of Scott McNeil who was then president of SuSE's American operation, is located near the IBM and Intel facilities in Beaverton and was originally expected to be a subsidized laboratory where open source developers could test and optimize their work on high-end enterprise systems. Unfortunately, not all developers were motivated by the inclusion of commercial interests in their projects. But OSDL is expected to change that. As Nicholas Petreley wrote in LinuxWorld's online magazine, "Until now, companies would have to go to Linus and friends and say, `Please make Linux work better with 32 processors.' Now they are saying, `Here is a machine with 32 processors. Have fun.'" In its new 11,000 square foot building in the high-tech area west of Portland, Oregon, the lab holds a vast array of equipment for both development and testing by both remote and local participants. Hardware includes 4 4-way and 8-way IA-32 servers, 50 2-way IA-32 servers for load generation, 5.1 terabytes of storage, high-speed fiber switches and gigabit ethernet connections, and multiple developer workstations. According to News.com, two projects are under way at the lab: "one for getting Linux to work well on servers with as many as 16 CPUs and another for testing the Jabber instant messaging software with more than 64,000 customers exchanging messages." The opening of this lab will definitely be a boost for commercial hardware vendors hoping to get Linux support for their systems without having to hire the developers to do the work. Who will benefit most from this remains to be seen, but for now all parties seem excited about the possibilities. The question that remains is whether such large scale commercial support can decrease the time to market for new hardware support under Linux. Rasterman's new toy (LinuxToday.au). Reporting from linux.conf.au, this article in LinuxToday.au focused on a talk given by Rasterman, the mastermind behind the Enlightenment window manager, also known as Carsten Haitzler. Raster's topic (and new toy) turned out to be his latest project, which he calls "EVAS". EVAS is what Raster described as a 'canvas', and seems to be the latest exciting development in the Linux window manager world. EVAS provides the possibility for Raster to build a whole slew of features into the up and coming Enlightenment 0.17, as well as demonstrating just how powerful XFree86 can be when integrated well with the OpenGL libraries.
BrowsersMozilla status updates. The Mozilla project posted their weekly status update. Areas that saw activity this past week included the Necko/Imagelib code, XPToolkit, and print related areas within the rendering code. Bluefish HTML Editor Review (Linux Orbit). Bluefish, an HTML editor written in GTK+, was reviewed this week in this article from Linux Orbit. "Experienced coders will appreciate the time saved by these dialogs when creating complex tables, forms, and framesets. The dialog options for creating form elements in particular were very well thought out. To a new user who has never created HTML pages before, getting a page created with forms is a simple task with Bluefish. Some of the other tabs include CSS, Javascript, and WML." DatabasesMySQL 3.23 pronounced stable. The MySQL team announced this past week that, after 2 years of development, the 3.23 release of that package is fit for human consumption. "Apart from being more stable, more optimized and more portable, the MySQL 3.23 release has several major features not present in the 3.22 or 3.21 releases. These include: full-text search, replication between a master and many slaves and several new table handlers that support large files and transactions by using the Berkeley DB library from Sleepycat Software to implement transaction-safe tables." MSQL 3 to be released in February. After almost a year of inactivity, Hughes Technologies has announced plans for version 3.0 of the MSQL database. EducationNews from Linux for Kids. Linux for Kids pointed us to a couple of new projects this week. PyTraffic is python based car game while MCSE trainer is an arcade game that teaches mouse skills. ElectronicsIcarus Verilog. The gEDA project quietly announced this week the release of an Icarus Verilog snapshot. GIMPGIMP News. There have been various bits of GIMP news this month, but we somehow managed to miss them. It's time to catch up:
InteroperabilityWine Weekly News. This week's edition of the Wine Weekly News includes coverage of ports to BeOS and S/390, documentation issues and unicode support. Bind 9.1.0 released. A new version of BIND, an implementation of the Domain Name System (DNS) protocols, has been released. BIND 9.1 has a number of new features as well as numerous bug fixes and cleanups. Network ManagementOpenNMS Updates, Vol 2 Issues 3 and 4. OpenNMS posted two updates this week, one right after last week's LWN Weekly publication deadline and one right before this week's deadline. OpenNMS Volume 2 Issue 3 was published late last week and included news on the changes to the core team, an expanded roadmap, and presentations coming up in Philadelphia and New York. The latest OpenNMS update, issue 4, includes a discussion on a lightweight interface, user interface and SNMP coding projects status, and updates to the teams speaking engagements. Office ApplicationsAethera Messaging Client Beta 1. theKompany.com released its first public beta of Aethera, a groupware and messaging system designed for use in KDE. Linux and the Palm Pilot updated. The Linux and the Palm Pilot page has been overhauled and now includes coverage on GNOME integration along with stand alone applications and development tools. On the DesktopCVSSearch, KDE code search tool (KDE Dot News). According to KDE Dot News, Amir Michail, creator of the CodeWeb data mining tool, is back with CVSSearch, a tool that searches for code fragments using CVS comments. It will eventually index over 350 KDE applications and promises to be very useful. Status report: Java in Konqueror. Wynn Wilkes posted an update on Java support being added to KDE's browser, Konqueror. Among other things, he reports that "applet loading via proxies and over https should work now. Https support is achieved by using the JSSE (Java Secure Sockets Extension) classes. They can be obtained from http://java.sun.com/products/jsse/. " KDE Studio Gold, a development tool for KDE. theKompany.com released a commercial distribution of the open source KDE development tool KDE Studio, which the company calls KDE Studio Gold. The future of GNOME revealed at Linux.conf.au (LinuxWorld Australia). GNOME hackers George Lebl and Maciej Stachowiak presented a paper at LinuxWorld Australia outlining the future of GNOME, including peeks at GNOME 1.4 and GNOME 2.0. "GNOME Office is becoming quite advanced," said Stachowiak. "We are undecided about whether to incorporate the features of OpenOffice into GNOME or to replace it altogether." Sun to host GNOME development meeting. Sun will host a development briefing covering GNOME Application Development for Solaris on February 14th in Menlo Park, California. xml-i18n-tools released. Kenneth Christiansen and company have just released the xml-i18n-tools. This set of translation tools will be used accross a wide range of GNOME applications in order to help bring you GNOME in your local language. Printing ServicesKDE.com Offers Free Docbook Compilation Service. As reported on KDE Dot News: a new "DocBook documentation generator" has been set up on KDE.com. It will generate HTML from the KDE DocBook documentation, thus saving the hassle of making DocBook work on your local system. It's a nice service, but it does highlight just how obnoxious it can be to make DocBook work properly. ScienceLinuxMedNews launches jobs section. LinuxMedNews launched a jobs and classifieds section to their growing web site. They also reported on the upcoming 14th Computer-based Medical System Symposium. Systems AdministrationMailman Made Easy (WebTechniques). WebTechniques took a look this week at installing and configuring the Mailman mail list manager. "Mailman is the free software contender to mail-server products such as Lyris, which feature GUI-driven administration, user-level access to preferences, and built-in archives, digests, and the like. Based on the popular Python programming language, Mailman is intended to be used on UNIX systems, and can be installed alongside Majordomo on the same server, without conflicts." PIKT, Problem Informant/Killer Tool, v1.12.1. PIKT is a cross-platform, multi-functional tool for monitoring systems, reporting and fixing problems, and managing and administering system configurations in a heterogeneous network of workstations. Version 1.12.1, primarily a bug fix release, was made available for download this week. Web-site DevelopmentZope Weekly News for January 19th, 2001. The latest issue of the Zope Weekly News has hit the streets. News this week includes updates on Zope 2.3, documentation issues and the new Zope.org web site. Zope 2.3.0 beta3. The third beta release of Zope 2.3.0 has been released. It includes the new Zope cache manager, the SiteAccess package, and a whole list of other goodies.
Weblog 1.71. A new release of Weblog hit the streets earlier this week. This version includes support for Avantgo and VoiceXML, among other things. Section Editor: Michael J. Hammel |
January 25, 2001
|
|
Programming LanguagesPerlCultured Perl: Perl 5.6 for C and Java programmers (IBM developerWorks). In this look at the upcoming Perl 5.6 release, Teodor Zlatanov shows us the feature differences between Perl and standard languages like C and C++. "Perl often bewilders even experienced programmers, primarily because it allegedly makes it too easy to write obfuscated code. But the confusion regarding Perl's structure, features, and philosophy is inevitable given that it's such a rich and powerful language, and that it was designed from the start to allow for more than one way to do the same thing." This week on perl5-porters (15--21 Jan 2001). This week's Perl5-porters mailing list was rather active, covering topics such as signals, large file support, token parsing and printing, and unicode. A Beginner's Introduction to POE (Perl.com). Perl.com also carried an introduction to POE, the Perl Object Environment. "It's not much of an exaggeration to say that POE is a small operating system written in Perl, with its own kernel, processes, interprocess communication (IPC), drivers, and so on." PHPPHP Weekly Summary for January 24th, 2001. The weekly summary for PHP was posted just as we went to publish this week. News included the announcement of PHPLIB and PEAR merging, discussions on advanced data types for PHP, and the report of a bug in the handling of multi-dimensional forms. PythonPython 2.1a1. Guido van Rossum has announced the release of Python 2.1a1, the first alpha release of Python 2.1. Jython 2.0 released. The release of Jython 2.0 has been announced. Jython is a Java implementation of the Python programming language, which allows Python to be compiled down to Java byte code. Thus, Python code can be run on Java virtual machines anywhere - at least, to the extent that any Java code can. Python-Dev for January 15th, 2001. News from the python development community comes from the Python-Dev weekly summary, which includes this week an update on the 2.1alpha1 release, speed improvements in file.readline, and updates on pydoc. Dr. Dobb's Python-URL! for January 22nd. Dr. Dobb's weekly list of Python-related links has been posted. Some of the links in this week's summary include the announcement for Jython 2.0, an overview of python documentation tools and a preview of Tkinter 3k. RubyUpdated stable snapshot. A new stable snapshot of Ruby was announced this week. Tcl/TkDr. Dobb's Tcl-URL! for January 22nd. Dr. Dobb's weekly list of Tcl-related links has been posted. Some of the links in this week's summary include news on the 8th annual Tcl/Tk conference in San Diego to be held in July and a discussion on why python has surpassed Tcl and related issues. Software Development ToolsLoki releases updates to open source packages. Loki Software has published updates to their Setup, Update Tool, Uninstall Tool and Patch Tools. Section Editor: Michael J. Hammel |
Language Links Caml Caml Hump Tiny COBOL Erlang g95 Fortran Gnu Compiler Collection (GCC) Gnu Compiler for the Java Language (GCJ) Guile Haskell IBM Java Zone Jython Free the X3J Thirteen (Lisp) Use Perl O'Reilly's perl.com Dr. Dobbs' Perl PHP PHP Weekly Summary Daily Python-URL Python.org Python.faqts Python Eggs Ruby Ruby Garden MIT Scheme Schemers Squeak Smalltalk Why Smalltalk Tcl Developer Xchange Tcl-tk.net O'Reilly's XML.com Regular Expressions |
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Commerce page. |
Linux and BusinessLinuxcare launches system administration services. Linuxcare's new Managed Services program provides subscribers with an array of services and support aimed at the ISP market. No doubt Linuxcare will target other markets with similarly comprehensive offerings in the future, if all goes well. Briefly, here's a look at what an ISP can expect for its monthly subscription fee.
Essentially, an ISP can offer Linux hosting services to its customers while outsourcing the administration to Linuxcare. Our experience in the support business suggests that there are quite a few ISPs out there that could benefit from such a service. This offering is similar to the Red Hat Network, but of course it is different too. With Red Hat's offering each subscriber can chose a level of administration support from simple notification when a update or security patch is available to having the update or patch installed remotely. Linuxcare's offering always includes the latter. Red Hat Network also differs by taking a broader approach to the set of potential subscribers. (See LWN for Sept. 28, 2000 for a description of Red Hat Network.) Linuxcare's offering of a tailored Linux distribution is what really sets it apart from similar offerings, though. Linuxcare has the expertise to start with wide array of Linux distribution's for those who want to start with something other than Red Hat Linux. (See also: Linuxcare's announcement.) LinuxWorld Conference & Expo. LinuxWorld takes place January 30 - February 2, 2001, at the Jacob Javits Convention Center in New York City. This is one event which tends to be accompanied by a deluge of press releases. Here are some of the press releases we've seen so far.
Linuxcare Labs Addresses Need for Independent Linux Certifications. Linuxcare, Inc. unveiled a suite of tiered testing services for enterprise Linux deployments. More Linux certification news. Linux Centers USA has opened 12 centers to prepare candidates for Linux+ and Red Hat certification tests. RedFlag Software joins GNOME Foundation. RedFlag, a Linux distribution in China, has joined the Advisory Board of the GNOME Foundation. As part of the membership, RedFlag will work to localize GNOME into Simplified Chinese. Bear River Associates Releases Open Source Framework. Bear River's C++ framework provides UI components, streams, TCP/IP and scanning features. Bear River also released Janx, a server-side Java application framework for developing web sites and web-hosted software. Janx combines Java and XML. Apple Linux Technology Manager Joins Terra Soft. Kevyn Shortell, the former Linux Technology Manager for Apple Computer, has joined the Terra Soft Solutions, maker of Yellow Dog Linux for the PowerPC. Corel's new strategy. Here's the press release from Corel on its new strategy. It's clear as mud... "Corel will leverage its solid foundation as a global technology leader with over 15 years of experience to enhance its relationships with existing customers while targeting new customers in emerging markets fueled by the rapid expansion of the Web and the increasing demand for graphics-rich visual communication." It does say that the Linux division will be sold off, eventually, and that Corel will continue to sell Linux versions of its products. Announcing....Linux Weekly?. A company called "SYS-CON Media" has put out an announcement for a new publication called "Linux Weekly." It is to be a print publication, and the first issue is due out in March. There will be a version ("Linux Woche") for German-speaking Europe as well. We do hope there will not be confusion with LWN.net (also known as "Linux Weekly News") which has been using that name for three years. Linux Stock Index for January 18 to January 24, 2001
LSI at closing on January 18, 2001 41.38
The high for the week was 42.08
Press Releases:Open Source ProductsUnless specified, license is unverified.
Distributions and Servers
Proprietary Products for Linux
Products and Services Using Linux
Cross-platform Products
Products with Linux Versions
Java Products
Books and Training
Partnerships
Financial Results
Personnel
Other
Section Editor: Rebecca Sobol. |
January 25, 2001
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Linux in the news page. |
Linux in the newsRecommended ReadingVirus patches aren't being applied (ZDNet). An interesting piece on why applying security patches is something everyone has to worry about in the Internet age comes from ZDNet today. "Failing to responsibly patch computers led to 99 percent of the 5,823 Web site defacements last year, up 56 percent from the 3,746 Web sites defaced in 1999, according to security group Attrition.org." IBM'Linux Lou' and IBM (TechWeb). TechWeb looks at the growing alliance between the Big Blue Behemoth and the upstart Linux community. " Of course, Linux is getting something from its relationship with IBM. Many doors to the largest corporate data centers were locked to Linux, but now IBM is opening those doors. The value to the Linux community is a wider array of software and even more smart minds contributing to the greater good." IBM is taking Linux -- and running (Upside). Gartner Group analyst George Weiss thinks IBM's push into Linux may give the impression IBM is pushing for control of the community. "Large competitors such as Hewlett-Packard (HWP) are still a few months behind IBM in demonstrating full commitment to the Linux market. As for smaller competitors such as VA Linux and Red Hat, these companies have their own obstacles. Given the investment community's continued displeasure with Linux-related companies, neither can rely on surging market capitalization." SunSun shines on Linux too! (FreeOS.com). Herb Hinstorff, heads of Sun's program office for Linux and Open Source, discusses Sun's position on Linux and why they feel Linux takes them back to their roots. "We are working with the Internationalization part of the Linux and organizations like the University of Michigan. We are contributing code back to Linux. We have contributed code to NFS (Network File System) version 4.0. We have also opened up the Internationalization framework in Solaris and are contributing to the X consortium." (Thanks to Trevor Warren) Sun to lose key player in Web software push (News.com). Ex-StarDivision head and current open source ambassador for Sun Microsystems Marco Boerries is leaving that company effective January 26th. No word on the reason for his resignation or his plans for the future. Are Boerries and Sun parting ways? (Upside). Upside examines the history of the relationship between StarDivision founder Marco Boerries and that companies eventual buyout parent, Sun Microsystems. " Boerries rejected early buyout offers from Sun, until the company's heated rivalry with Microsoft -- not to mention the growing industry interest in free software and software-compatible applications led Sun CEO McNealy to tender a rumored half-billion-dollar offer." Sun invests $5 million in Tripwire (News.com). Sun's investment came with a host of other investors. "The new funding round was announced Tuesday. New investors besides Sun were Deutsche Banc Alex. Brown, ClearLight Partners and Riverside Management. Earlier investors Bessemer Venture Partners, Advanced Technology Ventures and Garage.com also contributed to the funding round, Tripwire said." CorelCorel paints rosier future (News.com). C|Net's News.com looks at Corel's change in direction. "Corel is close to finishing a deal with Linux Global Partners, a New York holding company that is expected to buy 80 percent of Corel's Linux business for $5 million and allow Corel to hold the remaining 20 percent, according to sources. Details of that deal are not expected to be announced for another month or so, sources said." Corel to spin off part of its Linux business (ZDNet). Here's ZDNet's take on Corel's plan to sell its Linux division. "Linux suffered a blow today as Corel Corp. announced it plans to spin off part of its Linux division, effectively taking the company out of the market as a developer of Linux desktop operating system software." The article, however, is not clear on just how Corel's withdrawal has hurt Linux... CompaniesLinuxcare follows Red Hat with online support service (News.com). C|Net's News.com reports on the opening of Linuxcare's managed services, providing customers with remote administration. "Linuxcare itself won't sell the services to prospective customers but instead will rely on the sales forces of business partners Digital Island, Consonus and others to come." VA Linux -- Easy Come, Easy Go (San Francisco Chronicle). The San Francisco Chronicle talks of VA's cope with reality, and how at least inside the company, reality has been in plain sight all along. "Vice President John Hall, whose net worth at the age of 27 has gone from nearly a billion dollars to tens of millions, still lives in the same apartment he and two college buddies have rented since graduating from Stanford in 1994." Start-up to sell open-source Web software (News.com). C|Net's News.com reports on Zend's push into the commercial PHP market. "Zend isn't starting from scratch, though, a major advantage over some open-source companies. Zend can take advantage of the popularity of Apache, the No. 1 software package used to send Web pages out to Internet surfers, according to Netcraft." MP3.com Open to Friends (Wired). Wired covers MP3.com's announcement to open its API to other sites. "[MP3.com CEO Michael] Robertson hopes that websites looking to drive traffic to their sites will incorporate the technology into their systems, which would radically drive up subscription sales for the company. MP3 would therefore get additional revenue from fees charged when users store more than 25 CDs." BusinessOpen Source Lab to open this week (ZDNet). An announcement on the opening of the Open Source Lab is expected this week, according to this ZDnet story. "Ross Mauri, vice president of Unix software at IBM, has been appointed president of the lab's governing board, while Brian Behlendorf, chief technical officer of CollabNet and co-founder of Apache, is among the board appointees, the source said. IBM was not immediately available for comment." Banrisul to replace DOS with Linux in Brazilian ATM's. Linux.org interviews two key members of the Banrisul Bank in Brazil about that bank's move from DOS to Linux in all of their 2000 ATM's. "We were using MS-DOS, an operating system which could no longer fulfill our needs. An option was MS-Windows, but this would have forced us to re-write a good part of our existing programs - not to mention the cost of licenses for MS-Windows in each of the two thousand ATMs. MS-Windows requires more frequent CPU upgrades than Linux does. This is due to Linux's greater efficiency compared with other 32 bit operating systems." (Thanks to Jay R. Ashworth) Open minds on open source (Federal Computer Week). NASA's Marshall Space Flight Center has switched to the open sourced MySQL database server from Oracle for their NAIS system. NAIS sends e-mail notifications to users based on specified interests and enables users to query the Web site. (Thanks to Ronald van der Lee) Linux Lovers Launch Large Lab (Wired). Wired covers the opening of the OSDL in Oregon and tells us what the first two projects will entail. "The second project is being conducted by Jabber an open-source instant-messaging company, and is focused on increasing Linux TCP/IP concurrent connection support from the current 20,000 to greater than 64,000." (Thanks to Jay Ashworth) Agere to roll Linux chip set (TechWeb). Agere Systems, the former Lucent Technologies Microelectronics Group, has selected Linux as the operating system to be used with a new asymmetric digital subscriber line (ADSL) chip set for residential gateway, home networking and personal computer equipment. AMD chips power new supercomputer (News.com). AMD Athlon's are being used in a new supercomputer for the University of Delaware. "The 128-processor computer is constructed from a series of nodes. Each node is like a standalone PC in that it has its own processor, memory and a high-end networking card. Communication between nodes is accomplished via a network and is directed by a host node." Linux rides out the bears (HeraldSun.com). Despite the outflow of investors, Linux companies are sticking to their plans for growth and income, according to this HeraldSun article. "Red Hat continues to move toward the goal it set in June to become profitable in 2001. The company posted a net loss from its ongoing business of $900,000 or 1 cent per share for the quarter that ended Nov. 30. Revenue grew 21 percent over the previous quarter to $22.4 million." ReviewsAn In-Depth Look at Reiserfs (Linux Planet). Linux Planet has put up, well, an in-depth look at ReiserFS, which will appear in the 2.4.1 kernel release. "Performance gains under Reiserfs can be substantial, or can be miniscule, depending on what you are doing. I have found that Reiserfs is extremely responsive for most of my work, and I wouldn't want to live without it. Compiling source code, something that typically opens hundreds or thousands of files in rapid succession, really zooms." Making Linux Work In The Workplace: KWord (LinuxOrbit). KWord lacks some stability according to this review in LinuxOrbit. "One of the biggest selling points in any Linux pitch is the rock-solid uptime and performance, which is why I found KWord's stability (or lack thereof) surprising. While trying out the various features of KWord (which there are plenty), I experienced no less than a dozen crashes. KWord seemed to be rock solid as a regular word processor, but when working with frames it became as tipsy as a drunken toddler." Matrox G400/G450 Review (LinuxLookup). The Matrox G400/G500 series of video cards can provide multiple monitor support for Linux systems using drivers from Matrox, according to this article at LinuxLookup. Review: Zend Cache (ReviewBoard.com). Zend Cache, the caching plug-in to Zend's ZendEngine PHP core system, is reviewed in this article from ReviewBoard.com. "It saves this compiled and optimized code in shared memory, which is shared and used by every web request. When the web process gets a request, it checks the ZendCache registry to see if the file has been loaded into the cache and if it has uses the compiled version of the script. This has huge performance benefits for high traffic sites" MiscellaneousEmbedded, storage and 2.4 developments to rule LinuxWorld (searchEnterpriseLinux). In the first of what is likely to be a large number of stories to come from New York next week, searchEnterpriseLinux looks at what we might expect from the exhibit floor. "BigStorage is one of many vendors announcing new storage and server products at the show. Rounding out the storage field will be new product announcements from Enhanced Software Technologies Overland Data,and API NetWorks. Phoenix, Ariz.-based EST will spotlight its new BRU-Pro, an enterprise Linux backup product, while San Diego's Overland will showcase its line of automated storage backup solutions." Libraries are dead, long live meta-libraries! (ZDNet). ZDNet's Michael C. Daconta says meta-libraries are the "think globally, act locally" solution to the world's cross platform language woes. "A meta-library is a library stretches globally to span diverse systems (thinks globally) and repackages them to appear the same as local libraries and objects (acts locally). If implemented in the Java Virtual Machine, meta-libraries would allow you to instantiate Python objects or invoke .Net services in a way comfortable (and transparent) to Java programmers." Section Editor: Rebecca Sobol |
January 25, 2001 |
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Announcements page. |
AnnouncementsResourcesOnline Resource Features Linux Oriented Embedded Single Board Computers. LinuxDevices.com announced the addition of The Linux-friendly Embedded SBCs Quick Reference Guide to its growing list of guides. LinuxDevices.com also launched a supported Embedded and Real-time Linux Technical Q&A Forum. Full text to Australian/British/American hacker book. Suelette Dreyfus and Julian Assange, along with publisher Random House, have released the complete and unabridged electronic text to their book ``Underground: tales of hacking, madness and obsession on the electronic frontier''. The site for the book has been heavily loaded since the announcement, and mirrors are now available. What's so good about open source and Linux -- in embedded? (LinuxDevices). Rick Lehrbaum takes a close look at some of the data gathered in last year's Embedded Linux Market Survey. Embedded Linux Newsletter for Jan. 18, 2001 (LinuxDevices.com). The weekly Embedded Linux Newsletter for Jan. 18, 2001 has been published. This past week, LinuxDevices ran stories on their new single board computer (SBC) reference guide and a tutorial on installing Microwindows on the iPAQ. EventsCall for nominations: 2001 US Big Brother Awards. Privacy International has put out a call for nominations for its 2001 U.S. Big Brother Awards. They are looking for those who have done the most to invade privacy in the U.S. over the last year. Certainly a few of the people and groups that have crossed purposes with the free software community may be deserving of this honor. There will also be a set of "Brandeis" awards for those who have made an outstanding contribution to the protection of privacy. If you have a good idea for a recipient of either award, it's time to go put your nomination in. LinuxWorld Conference & Expo. LinuxWorld takes place January 30 - February 2, 2001, at the Jacob Javits Convention Center in New York City.
OSDEM Schedule. The schedule for the Open Source Developers European Meeting has been posted. (Coming up Feb. 3 & 4.) FOSE 2001 announces speakers. FOSE is a government information technology conference and showcase, held annually in Washington DC. This year's event will be at the Washington DC Convention Center on March 20 - 22, 2001 and Jon "maddog" Hall will be one of the speakers. The GNOME Users And Developers European Conference 2001. GUADEC will take place in Copenhagen from April 6 - 8, 2001. Financial assistance may be available for GNOME hackers and all contributors who wish to attend but can't afford it are encouaged to apply. LinuxTag 2001. This year's LinuxTag takes place July 5 - July 8, 2001 at the exhibition fair of Stuttgart, Germany. European Conference Conflicts. Thierry Laronde wrote to LWN about the fact that LinuxTag in Germany and Libre Software Meeting in France (along with Debian Conference 1) are scheduled at about the same time. LSM runs July 4 through July 9, 2001. ALS 2001. The name, city, and sponsoring group have changed, but the acronym remains the same. ALS 2001 has posted their new website and officially placed their call for papers. Formerly known as the Atlanta Linux Showcase, this event is the 5th Annual Linux Showcase & Conference. Sponsors this year are USENIX and the Atlanta Linux Showcase, Inc., in cooperation with Linux International. ALS 2001 will be held in Oakland, California, November 6 - November 10, 2001. Refereed paper abstracts and invited talk proposals are due June 5, 2001. Call for Papers: 15th Systems Administration Conference (LISA 2001). LISA, the Systems Administration Conference sponsored by USENIX and SAGE, the Systems Adminstrations Guild, has published the first call for papers for their 2001 conference to be held in San Diego December 2nd through 7th. January/February/March events.
Additional events can be found in the LWN Event Calendar. Event submissions should be sent to lwn@lwn.net in a plain text format. Employment OportunitiesKernel filesystem hacker needed. There is a job opening for a kernel hacker with distributed filesystem experience. The position is in Michigan, but "they will relocate or travel the right candidate." See the posting for details.Web sitesNew O'Reilly Site Covers the Fast-Moving World of Peer-to-Peer Technologies. O'Reilly Network's launched openp2p.com, with technical, analytical, and news coverage of Peer-to-Peer (P2P) technology. Project Mayo becomes open source web site. Project Mayo, the international group of Internet and video technologists who are creating the next generation of the DivX(TM) video format, announced a new corporate identity called DivXNetworks. The Project Mayo site will become an open source DivX technology hosting site for Internet and video technology enthusiasts. User Group NewsLUG Events: January 25 - February 8, 2001.
Additional events can be found in the LWN Event Calendar. Event submissions should be sent to lwn@lwn.net in a plain text format. |
January 25, 2001 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Software AnnouncementsHere are this week's Freshmeat software announcements. Freshmeat now offers the announcements sorted in two different ways: |
Our software announcements are provided courtesy of FreshMeat
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Linux History page. |
This week in Linux historyFive years ago: Red Hat released Red Hat 2.1 for the Alpha architecture; this was the first official Red Hat release for that processor. Red Hat also (in this message from "bob@redhat.com") announced its fancy new web site, that was even "SEARCHABLE!". Four years ago: Ulrich Drepper released the first, experimental version of glibc 2.0. Thus began a long and sometimes painful (but worthwhile) transition. Three years ago: in a brief note to comp.os.linux.announce, an ambitious, if not too smart, little company called Eklektix announced an online publication called the Linux Weekly News. The first issue hit the web on January 22, 1998, though we got a bit more serious with the January 29 issue. Netscape announced that it would release the source for Communicator 5.0. At this distance, it can be hard to remember the impact that announcement had; at the time, it was a huge thing. It was the event that made a lot of people aware of free software. The pace of events picked up thereafter. Of course, three years later, we are still waiting for that stable browser release. But, while we wait, projects like Galeon and others have made good use of Mozilla's work. SunWorld introduces Linux: One of the biggest drawbacks to Linux in business is old-fashioned FUD -- fear, uncertainty, and doubt generated by the Linux freely distributable model. To a lot of people "freely distributable" equates with "unsupported" and "hobby quality." In fact, Linux is neither. ...but they take care to point out that it isn't Solaris. The Debian 2.0 release roadmap was posted, along with a set of 2.0 release requirements. Two years ago (January 28, 1999 LWN): The long-awaited 2.2.0 kernel release hit the net on January 25. No formal announcement was made, other than this rather terse note on the kernel.org site. Linus did announce that 2.3.x was not going to happen anytime soon, and that it was not time to start sending in patches. One patch had to go in quickly, however, once Dan Burcaw pointed out an easy way for any user to crash a 2.2.0 system. Linus also said that 32-bit Linux systems would never support 4GB of memory. Of course, 2.4.0 does exactly that... Perhaps his crystal ball isn't so infallible after all. Both HP and SGI announced plans to support Linux on their hardware. Back in 1999, this sort of thing was still a big deal. Somebody broke into ftp.win.tue.nl and replaced the source for the TCP wrappers package with a new version that contained a back door. The problem was found within hours, and, apparently, no sites were compromised as a result of this change. This episode pointed out a real vulnerability in free software, however, and helped motivate the use of signatures on source packages. It is probable, however, that few users check signatures even now, and a repeat of this sort of attack is almost certain at some point. What happens when Windows programmers start to switch to Linux? Barring a sudden, unforeseen bursting of the Linux bubble, we're about to see the nontechnical aspects of programming take center stage like never before, not even when the rise of the IBM PC brought mainframe programmers to the desktop, or even when the Y2K fiasco made legions of programmers learn (or relearn) Cobol. From the standpoint of individual programmers, this will look like yet another standards/mindset war, with coders once again serving as both foot soldiers and the short term prize. The difference is that this time there will be a distinct cultural aspect to the war, and if we're lucky, the outcome could be a significantly more competitive industry.
One year ago (January 27, 2000 LWN): Caldera, Red Hat, and Turbolinux all announce that they will ship IBM's Java implementation with their distributions, leaving Sun out in the cold. Sun, instead, announced the availability of "free Solaris 8," complete with source code. In a move aimed at Linux, Sun said it will announce Wednesday that it is making the source code for its new Solaris 8 operating system "open." Webster's has lots of definitions for the word, including "not sealed, fastened, or locked." But when you dig into the details of Sun's announcement, you'll find that what it is offering doesn't come close to meeting the dictionary's definition, let alone that of the open-source movement.
SGI, meanwhile, released its OpenGL implementation under an open source license. DeCSS hacker Jon Johansen was detained for questioning regarding his role in the cracking of the DVD encryption system. Lineo shipped the 1.0 version of its Embedix embedded Linux distribution. The Debian project ran into a little snag when, halfway through the nomination period, nobody had stepped forward saying they wanted to be the next project leader. The Journal of Linux Technology was announced by VA Linux Systems and O'Reilly & Associates. A year later, though, only two issues have been published, the latest being from April, 2000. | |
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Letters page. |
Letters to the editorLetters to the editor should be sent to letters@lwn.net. Preference will be given to letters which are short, to the point, and well written. If you want your email address "anti-spammed" in some way please be sure to let us know. We do not have a policy against anonymous letters, but we will be reluctant to include them. |
January 25, 2001 |
Date: Mon, 22 Jan 2001 14:16:20 -0700 From: Andrew Gilmore <andrewgilmore@my-deja.com> To: lwn@lwn.net Subject: Dell Linux Laptops Your main page from last week mentions Dell's laptop page. (http://www.dell.com/us/en/bsd/topics/segtopic_linux_001_linux_center.htm). This page is indeed about Dell Linux laptops, but all of the links to anywhere on that page fail. I know that the Inspiron 7500 mentioned on that page is no longer being built, I'm not sure about the Latitude CPx. I'm not sure what to make of the linux laptop thing either. :( Andrew -- Hydraulic Engineer, Upper Colorado Region US Bureau of Reclamation 125 S State St, Room 6107, UC-433 Salt Lake City, UT 84138-1147 PH: 801-524-3879 Fax: 801-524-3858 | ||
Date: Fri, 19 Jan 2001 07:42:39 +0800 From: Nick Urbanik <nicku@vtc.edu.hk> To: letters@lwn.net Subject: Pronunciation of Linux I call Linux so it rhymes with "Linus" in the Peanuts comic strip, and enjoy defending my right to say it that way. Do I need to put on an Seattle accent when I refer to Bill Gates? | ||
Date: Thu, 18 Jan 2001 12:06:33 -0800 From: Gene Mosher <gene@viewtouch.com> To: lwn@lwn.net Subject: VA Linux Hey, VA Linux is prohibited by Intel, which owns ten percent of it, from selling AMD systems. So, while everybody else is doing well, VA Linux just keeps bleeding to death. How can it fulfill its obligation to its shareholders by refusing to sell AMD systems? Obviously it can't. If you look at the Nasdaq, you'll see that Techs are having a VERY good month, but not VA Linux, Red Hat, Caldera or Neoware. The light at the end of this tunnel is a train coming right at them. Even the employees are dumping all their shares while they still have any value at all. $7 a share may be a lot higher than what the share price will be later this year. Just because the share price is two to three cents of what it was a year ago doesn't mean that it can't go a LOT lower. It could well fall to nine cents per share. Look at what happened to NCDI, for instance. Last summer people were bragging about how they were able to scoop up NCD shares for $9. Well, three weeks ago it fell to nine cents. Public companies which are losing money are not long for this world. Public companies which never have made money since their inception as private companies OUGHT to be sued by shareholders. It's the only recourse which stockholders have against a company whose officers took their money, which can't deliver shareholder value and who think that they can ignore their lawful obligations to do their best to do so. VA Linux and Red Hat have followed pied pipers like Eric Raymond right off the edge of the cliff, singlehandedly making it virtually impossible for any Linux organization to get the benefit of public financing, even if, unlike VA Linux and Red Hat, they have a VALID business model. Shame on them. C'mon, give us some good journalism about this, whydoncha? Gene Mosher | ||
Date: Thu, 18 Jan 2001 15:45:47 -0500 From: Derek Glidden <dglidden@illusionary.com> To: letters@lwn.net Subject: Linux, NFS and journaling filesystems [I apologize in advance for the length of this letter, but I think some of my recent, and past, experience might be of significant interest to other Linux users out there.] In your Jan 18th newsletter in the discussion on ReiserFS (huzzah for ReiserFS making it into the 2.4.1 patch!) you say, "bear in mind that NFS still can not serve files from a ReiserFS partition" and there is extensive discussion on ReiserFS/NFS compatibility on the ReiserFS FAQ section of the ReiserFS site at www.namesys.com. However, despite all these reports to the contrary, I've successfully run an NFS server with a 52GB exported volume utilizing ReiserFS on my home network for several months now with no problems. Initially the box was RedHat 6.x based with 2.2.16 kernel and ReiserFS patches, and has variously incarnated through several kernel revisions and a major distro change to its most recent state of Debian 2.2 with kernel 2.4 and ReiserFS patches. The main volume has been a 52GB "md"-driven RAID0 volume comprised of two 26GB IDE drives, formatted ReiserFS, and it has served its files up with knfsd straight off of whatever kernel/distro it happened to be running at the time with only ReiserFS, mingo's RAID and hedrick's IDE patches applied. I've never had any problems with the three or four client machines that may be accessing the box at any given time. (Yeah, I really have a home network with a huge fileserver and three or four client machines that might be using it at any given time. So I'm a big geek. :) ReiserFS has served me well in both testing environments and "real-world" situations; I can't think of any occasions where I've experienced any sort of problems with the ReiserFS volume and never any data loss. Remount times after any sort of failure (even having a UPS on the machine won't prevent someone from accidentally bumping the "reset" switch while it's doing something...) have been great (i.e. virtually nonexistent) compared to the hour-long fsck times I used to have even with smaller ext2 filesystems. With the recent release of the 2.4 kernel, however, I've started playing with alternate configurations. I've just this past week "retired" the old fileserver and, with a couple of new hard drives, have rebuilt the new primary fileserver using two 61GB IDE drives, integrated into a single 120GB volume with LVM (http://www.sistina.com) formatted using SGI's XFS filesystem (http://oss.sgi.com/projects/xfs/) and running the 2.4.0 kernel on Debian 2.2. Instructions for those attempting this at home: check out SGI's CVS version of the 2.4 kernel with the XFS mods already applied. Check out the most recent CVS of LVM from Sistina - the LVM patch that (kind of accidentally) went into 2.4 was not ready for real use and has a couple of real showstopper bugs. Follow the LVM instructions for patching against the 2.4 kernel using the checked out kernel source from SGI. Configure, compile and install. The toolchains for LVM and XFS should both be in your CVS checkout trees ready for compiling and using. If you're running Debian 2.2 and want to run Kernel 2.4, you'll have to get the latest modutils source from the unstable tree and build and install it. XFS is surprisingly well along its road to "release-quality" for a project that the vast majority of the public thinks of as "still under serious development." Mount and check times with XFS are significantly faster than ReiserFS (which is really saying something if you've ever been amazed at the zero-fsck mount times of ReiserFS) and I have definitely noticed an improvement in NFS speed, although I can't directly attribute this to either improvements in NFS code in the 2.4 kernel or moving away from ReiserFS as the base filesystem for the NFS volume. (Although I'd probably point a finger at ReiserFS for the slowdown as I did run the machine with 2.4/ReiserFS for a few days and didn't notice any significant difference in its behaviour during that time.) Over several days of "hardcore" testing, I've concluded that, for me personally, XFS is stable enough to form the base for my newly-built fileserver. It has been very reliable in my completely-and-utterly-scientific "rsync a big chunk of data onto the volume while doing an rm -rf against a copy of the mozilla source tree and running a perl script that writes, copies and deletes a bunch of temp files and then pull the plug" tests, mounting nearly instantly on restart and with the "xfs_check" tool reporting no problems with the filesystem afterwards. But why would I move away from a proven architecture to do something crazy like this? LVM gives me the ability to add new physical volumes to the logical volume on my fileserver without having to rebuild the volume, which is something I've sorely missed as that machine has been upgraded several times from its original 8GB filesystem and each time I've had to build a "backup" server to migrate the data to temporarily while I rebuild the new server. Both XFS and ReiserFS include tools for growing an existing filesystem to account for newly-available volume space and there are tools available for doing this to an ext2 filesystem as well so any of those filesystems will work with LVM without much hassle. I had no problems at all growing any of those three filesystems, with or without data already on them, to account for newly-added space on an LVM volume during my tests. The choice to go with XFS over ReiserFS was partially based on the "geek factor" of using XFS but also partially the fact that a larger set of useful userspace tools comes with XFS than with ReiserFS, not the least useful of which are the "xfsdump" and "xfsrestore" tools. (And let's not overlook the fact that XFS uses full 64-bit file offsets while ReiserFS "only" supports 60-bit file offsets... :) However, ReiserFS has been very very reliable for me and we have been deploying ReiserFS on machines at work for several months now without a single glitch. Other users interested in ReiserFS or XFS are encouraged to visit the respective websites and do as much research as they feel necessary. I feel that at this point in their development, either one would make an ideal base for a system that needs an extremely reliable filesystem with little-to-no downtime. With the important caveat: *** Both ReiserFS and XFS (and any journaling filesystem on Linux at the moment) will have problems dealing with software RAID5 volumes, but at least as of now, behave properly with mirroring, striping and concatenating RAID methods with either md or LVM drivers. This is likely to change in the future, and hardware RAID will not have any impact on either of them as hardware RAID will look like a single device to the Linux VFS layer, which is where the incompatibilities hide. The Namesys website, as you mentioned, has an incredible amount of information about ReiserFS, going well beyond its journaling capabilities. There is also an excellent article on ReiserFS by one of its primary programmers in the most recent Linux Journal magazine that not only points out some of the highlights of ReiserFS but also, very honestly, some of its shortcomings. The future of the 2,4 kernel series is looking bright indeed with projects like ReiserFS, XFS and LVM coming over the horizon. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- With Microsoft products, failure is not Derek Glidden an option - it's a standard component. http://3dlinux.org/ Choose your life. Choose your http://www.tbcpc.org/ future. Choose Linux. http://www.illusionary.com/ | ||