Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise
news for all interests
Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters
Other LWN stuff:
Archives/search
Recent features: Here is the permanent site for this page. See also: last week's LWN.
|
Leading items and editorialsRed Hat makes a profit - sort of. With some fanfare, Red Hat has announced its results for the first quarter of its 2002 fiscal year. The core point, of course, is that the company claims to have made a $600,000 profit in this quarter, which ended on May 31. The company made $11.3 million in revenue from subscriptions, and $14 million from the various consulting and development services. There is no separate item for "Linux distribution sales," leading one to believe that they have been folded into "subscriptions." Red Hat also earned almost $4.5 million in interest from its sizeable cash holdings. On the down side, the "cost of revenue" was $11.1 million, sales and marketing ran $10.7 million, research and development $4.3 million, and administrative expenses were $3.4 million. In other words, Red Hat actually, using these numbers, operated at a $3.9 million loss. It was the interest income that put it nominally into the black. This is a significant achievement on Red Hat's part. The company had not promised profitability for another year yet, but that state has been reached now. They have gotten there despite a harsh economic downturn that has savaged many other Linux companies. And Red Hat has not drifted from its commitment to free software; the company still employs a great many free software developers, and gives back a great deal to the community. Red Hat shows that it can be done. Or so we hope. A closer look at the numbers shows a slightly more complicated story than what we have seen so far. The $600K profit comes out of the "adjusted" results. The adjustments that have been made include the omission of three sets of expenses:
What about future quarters? During the company's conference call, Red Hat management explicitly refused to provide any sort of guidance regarding future results. They will not even guess, at this point, at whether they can remain profitable or not. These are uncertain times for most companies, but most are sufficiently on top of their situation to offer estimates of how things will go. Red Hat, evidently, has no clue. The company did say, however, that no significant changes in staffing were expected over the next quarter. So it remains to be seen whether this is the beginning of Red Hat's money-making operations, or whether it is, instead, the company's high point. Red Hat appears to be doing things right in a lot of ways, to the free software community's benefit. With luck, they'll pull it off. Red Hat to become a database company? One other detail that Red Hat let slip in its conference call was that the company would soon announce a relational database product and associated services. No further information is available from the company at this time; it is making people wait until the marketing people say it's time. The hope, clearly, is that relational database systems will help drive the next phase of corporate acceptance of free software, and that Red Hat will be able to provide those systems and the services that go with them. It remains to be seen how well that will work; database customers are used to getting their databases and operating systems from different vendors. Red Hat will have to offer something new and compelling to attract customers in this field. Red Hat will stick with its open source approach for its database offering. Assuming that Red Hat is smart enough not to try to implement a relational database management system from scratch, it will have to adopt one of the existing, free database systems: MySQL, PostgreSQL, InterBase, or SAP DB. Red Hat as been careful, thus far, to not tip its hand regarding its selection. There are some rumors about, however, that PostgreSQL will be the platform chosen by Red Hat. Certainly it would be a worthy choice; the PostgreSQL team has worked long and hard to produce a top-quality relational database system. Such a move, however, could prove to be a challenge for the companies that are already providing commercial support for PostgreSQL. The most prominent of those, perhaps, is Great Bridge, the company founded by early Red Hat investor Frank Batten Jr., and the employer of much of the PostgreSQL core team. We talked briefly with Great Bridge CEO Bob Gilbert, who was very upbeat about Red Hat's possible entry into the PostgreSQL market. "What took them so long?" Mr. Gilbert welcomes Red Hat, and looks forward to Red Hat's contribution to PostgreSQL development. If you believe Mr. Gilbert, the PostgreSQL market is a good one to get into. The company is finding customers in each of several target areas; PostgreSQL is being received well. Larry Ellison and Oracle, he says, should start getting worried "yesterday." Mr. Gilbert's confidence may well be justified, but Red Hat's entry into the database market still has the potential to shake things up. We'll revisit this topic once the company has made its plans public. GnuCash and library dependencies, again. Last week's item about the GnuCash 1.6 release and its many library dependencies drew more than the usual amount of mail, including this response from the GnuCash project itself. We seem to have hit a bit of a nerve there. So this week we'll follow up with two more articles; this one looks at the library dependency issue again, and the following one is a quick review of the 1.6 release itself. Some members of the GnuCash development community felt that the project had been unfairly singled out for criticism when they would rather have seen attention paid to the stable release that they had worked so hard to produce. So let us say it here: GnuCash, at the moment, demonstrates the kinds of problems that can come up with massive shared library dependencies, but GnuCash is not, itself, the problem. GnuCash is a high-quality application which fills a pressing need in the free software community, and it has gotten there partly because its developers have taken the greatest possible advantage of work done by others. We never meant to criticize the project itself. There are pitfalls, however, with a reliance on large numbers of shared libraries. Especially when a number of those libraries are not widely available on common distributions. If nothing else, it makes it very hard for people to use your software. In the proprietary world, users will expect to be able to install a new "stable" release of a web browser, mail program, file manager, or personal finance program on their current system. Most do not expect to have to massively upgrade parts or all of their system first. (What happens when the application messes with their system anyway is a different, sad story that Linux users, happily, need not experience). The people who have reported success with GnuCash 1.6 are, for the most part, running distributions like Debian unstable ("sid") or Mandrake's Cooker. The exception appears to be the just-released SuSE 7.2 distribution. Nonetheless, many users of a personal finance application will not be pleased to have to upgrade their operating systems just to install or upgrade it. If you tell them that, not only do they need to upgrade the operating system, but they must use an unstable version of a distribution, they will simply walk away. There may be no easy solution to this problem. One of the characteristics of free software is rapid development, and few of us would have it any other way. But fast development implies a lot of upgrades if you want to keep up, and, often, the need to run beta versions of software. These requirements may be hard to reconcile with the needs of desktop users, who just want things to work without their needing to mess with them. This will be a continuing challenge for those developing desktop applications. About GnuCash 1.6. The GnuCash package has long had the features that one really needs to handle personal finance - see LWN's review from back in 1999. It has, however, remained far behind the proprietary packages with regard to the features offered. People who really want to run free software for everything have been able to use GnuCash for some time; just about everybody else has been inclined to wait. With the 1.6 release, the feature gap is closing. The application as a whole has a much more finished look, and the online help is greatly improved. Quite a few important new features have been added. GnuCash still has not caught up with the proprietary packages in a number of ways, but it has gotten a lot closer. Once the distributions catch up and make GnuCash 1.6 easy to install and run, its user base should grow. The first thing likely to be noticed by GnuCash users who upgrade to 1.6 is the new, XML database file format. The program converts older files to the new format, but must ask a number of questions in the process - especially if the file contains a lot of stock accounts. The XML format is certainly nice for a number of things, but there is a downside as well: the size of the database file grows by almost a factor of ten. Over 1KB is required for each transaction (i.e. a check) (example). GnuCash 1.6 is noticeably slower to load or save data in the new format. That's the sort of price we pay for a transparent file format. Of course, for those with huge GnuCash files, taking advantage of the new PostgreSQL back-end may well prove the best way to go. A crucial improvement in GnuCash 1.6 is in the report generator. Reports in version 1.4 were somewhat crude and could not be directly printed - one had to export the report in HTML and feed it to a web browser first. Version 1.6 reports are more tightly integrated into the system, look better, and include the obligatory bar and pie charts. GnuCash has always had a strongly international approach and supported multiple currencies. The new version has strengthened that approach, and includes detailed support for the Euro. Other features include: more business-oriented support (things like depreciation reports), tax preparation support, improved QIF importing, internal updating of stock prices (no more need for an external application), a loan calculator, and even a built-in web browser. GnuCash 1.6 also includes support for the "GnuCash network." The network does not currently provide much in the way of services; the registration window doesn't even work, and will not until version 1.6.1. One can presume, however, that providing useful services through that channel is part of somebody's business plan, and that things should start showing up there soon. What's still missing? Many users would most like to see support for scheduled transactions; this feature is apparently under intensive development and should be there for the next major release. It's still not possible to directly import information from banks or credit card companies. No budgeting tools are provided. GnuCash still doesn't really understand loans, and will not handle the amortization for you. And several other things, doubtless. The GnuCash developers have set themselves the goal of blowing the proprietary finance packages (both personal and business) out of the water with a free alternative. It is an ambitious goal, and, as of 1.6, it has not yet been achieved. Things are clearly heading in the right direction, however; GnuCash is more than usable now. If you are still balancing your checkbook with a proprietary package, it may be time to consider making a change. (See also: the GnuCash web site). Inside this week's Linux Weekly News:
This Week's LWN was brought to you by:
|
June 21, 2001
|
Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Security page. |
SecurityNews and EditorialsThe Danger of Allowing Users to Post Images. A major discussion thread on BugTraq this week started when John Percival posted a note entitled The Danger of Allowing Users to Post Images. With it, he included an exploit developed by Chris 'stallion' Lambert which could be used with almost any web script that uses cookie session/login data to validate CGI forms. Many such web scripts, including threaded discussion forums like Infopop's Ultimate Bulletin Board or ezboard allow users to post images to the forum. This means that they accept user input in the form of HTML-embedded references or URLs. They do not, however, necessarily check the input they receive to make sure it does not contain additional HTML commands, such as possible hostile query-strings. As a result, another user clicking on such as image may be unwittingly executing HTML commands. If such a user has additional privileges, such as a forum administrator, more damage can result. BugTraq ID 2871 addresses this issue and currently lists four affected applications: ezboard, Infopop's Ultimate Bulletin Board, VBulletin and WWWThreads. Fixes for Ultimate Bulletin Board and VBulletin have been made available. However, the basic issue is not specific to the applications, but just a demonstration that input verification vulnerabilities are extremely wide-spread in current web-based scripts. Time to take a look at your web scripts and look at how you are currently verifying the user input you receive, particularly if that input is in the form of HTML or other executable code. CRYPTO-GRAM Newsletter. Bruce Schneier's CRYPTO-GRAM Newsletter for June is out. It covers a wide range of topics, including the grc.com attacks and the Honeynet project. "The results are fascinating. A random computer on the Internet is scanned dozens of times a day. The life expectancy of a default installation of Red Hat 6.2 server, or the time before someone successfully hacks it, is less than 72 hours. A common home user setup, with Windows 98 and file sharing enabled, was hacked five times in four days. Systems are subjected to NetBIOS scans an average of 17 times a day. And the fastest time for a server being hacked: 15 minutes after plugging it into the network." One of the links inside this month's CRYPTO-GRAM is to The Strange Tale of Denial of Service, an account by Steve Gibson of his research into the world of distributed denial-of-service attacks. In this case, the machines used to deploy the attacks were running Microsoft Windows operating systems, but the victims could be any machine. From his experiences, he learned that major ISPs were simply unwilling to take action in response to this type of problem, that the US Federal government has too many problems to handle and will not look at "small" problems, such as the disablement of a single site, and that age does indeed shield youthful offenders within the US from prosecution. To quote Steve, "We can not have a stable Internet economy while 13-year-old children are free to deny arbitrary Internet services with impunity". Using a Cryptographic Hardware Token with Linux: the OpenSSL Project's New Engine (Linux Journal). Linux Journal's Paul Friburg takes a look at using OpenSSL's new engine to provide support for digitally-signed emails using a hardware token. "Hardware tokens are nearly tamper proof and assure that the data are originating from a given Linux PC provided that the token is plugged into it. ... Sadly, the token we were requested to integrate, the Chrysalis-ITS Luna2 PC card, was not on the list of the three tokens implemented in the engine. This forced us to go under the hood of the OpenSSL engine code. ". Security Reportssysklogd denial-of-service vulnerability. Immunix reports that the Linux kernel logging daemon klogd distributed with the sysklogd is vulnerable to a denial-of-service attack because it will shut down if it receives a null byte in a log message from the Linux kernel. A patch to fix the problem is available.fetchmail buffer overflow. Wolfram Kleff reported a buffer overflow in all versions of fetchmail. This is remotely exploitable and could lead to root access if fetchmail is run by root. An upgrade to fetchmail 5.8.6 will resolve the problem.
rxvt buffer overflow. Samuel "Zorgon" Dralet reported a buffer overflow in rxvt which can be exploited to gain group utmp privileges on some systems, which could allow the utmp file to be modified. A patch is available to fix the problem.
man page source buffer overflow. zen-parse reported a buffer overflow in man that, when manual pages begin with a '.so' statement, may be exploited to execute arbitrary code under the 'man' group id. No patch or update for man has been posted so far. For more details, check BugTraq ID 2872.MDBMS query display buffer overflow. teleh0r reported a buffer overflow in MDBMS, an SQL database server for Unix which provides source code and is free for non-commercial use. The buffer overflow can be exploited to execute arbitrary code. An updated version is available, containing a fix for the problem.BSD ptrace race condition vulnerability. The version of ptrace shipped with NetBSD and OpenBSD has been reported to contain a race condition which can be exploited to allow an unprivileged user to attach to a privileged process, elevating the attacker's privileges. OpenBSD has released patches to their kernel to resolve the problem; NetBSD has fixed the problem in their CVS tree.ghttp buffer overflow. The Gaztek HTTP daemon, ghttpd, is a GPL'd HTTP server with a small memory footprint that is capable of handling "thousands of simultaneous connections". A buffer overflow has been reported in version 1.4 that can be exploited by a remote attacker to run arbitrary code under the privileges of the ghttpd server. No fix for the problem has been reported so far. Proprietary products. The following proprietary products were reported to contain vulnerabilities:
Updatesexim format string vulnerability. Check the June 14th LWN Security Summary for the original report.This week's updates: Previous updates:xinetd buffer overflow. Check the June 14th LWN Security Summary for the initial report. The buffer overflow is in the ident logging portion of xinetd, so one workaround to the problem is to disable ident logging.This week's updates: xinetd default umask vulnerability. Check the June 7th LWN Security Summary for the original report. Fixing the problem simply requires that the default umask for xinetd be set to 022 instead of 000. This is also covered in BugTraq ID 2826.This week's updates: Previous updates:
OpenSSH tmplink vulnerability. Check the June 7th LWN Security Summary for the initial report. This is also covered in BugTraq ID 2825.This week, OpenSSH 2.9.p2 was released with a fix for the problem. ispell symbolic link vulnerabilities. Check the June 7th LWN Security Summary for the original report.This week's updates: Previous updates:Webmin environment variable inheritance vulnerability. Check the May 31st LWN Security Summary for the original report. This week's updates: Previous updates:gnupg format string vulnerability. Check the May 31st LWN Security Summary for the initial report. gnupg 1.0.5 and earlier are vulnerable; gnupg 1.0.6 contains a fix for this problem and an upgrade is recommended. Werner Koch also sent out a note warning of minor build problems with gnupg 1.0.6 when compiled without gcc.This week's updates:
gnupg. gnupg 1.0.5 was released on April 29th. Check the May 3rd LWN Security Summary for details. An upgrade to 1.0.5 is recommended.This week's updates: Previous updates:
Denial-of-service vulnerability in FTP server implementations. Check the March 22nd LWN Security Summary for the original report. Affected FTP daemons include ProFTPd, NetBSD FTP, PureFTPd (to some variants of this attack), BeroFTPD, and FreeBSD FTP.This week's updates: Previous updates:
Apache directory listing error. Check the March 8th LWN Security Summary for the initial report. Apache 1.3.18 and earlier are vulnerable; Apache 1.3.19 contains a fix for the problem.Previous reports: ResourcesBastille Linux 1.2. The Bastille Linux development team announced the release of Bastille Linux 1.2, a hardening script for multiple Linux distributions. CryptoMail 0.90. The first public release of CryptoMail, version 0.90, was announced this week. CryptoMail is an end-to-end secure email system. MySQL, Apache and Sendmail are required in order to run the server. More information is available at http://www.cryptomail.org. EventsUpcoming Security Events.
For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net. Section Editor: Liz Coolbaugh |
June 21, 2001
LWN Resources | |||||||||||||||||||||||||||
Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Kernel page. |
Kernel developmentThe current kernel release is still 2.4.5; the 2.4.6pre4 prepatch came out just as LWN was going to "press"; it contains a set of fixes but nothing spectacular. The same can not be said for Alan Cox, who has released several patches up to 2.4.5ac16. Alan has also released 2.2.20pre5 (though the last announced release was 2.2.20pre4) for those still working with the 2.2 kernel. Some have asked why the current "ac" patches don't include the latest updates from the 2.4.6pre series. Alan's answer might make one a little nervous: "Because right now I don't consider the 2.4.6 page cache ext2 stuff safe enough to merge. I'm letting someone else be the sucide squad." There have not been a whole lot of complaints from 2.4.6pre users, however. Andrea Arcangeli, too, has been issuing general kernel patches. 2.4.6pre3aa2 adds a number of fixes to the current Linus prepatch. There is also a 2.2.20pre5aa1 for the 2.2.20 prepatch. The Linux kernel and gcc 3.0. Now that this major gcc release is out, people are naturally interested in using it to build kernels. Numerous fixes for gcc 3.0 are going in, but, at this point, using that compiler is still not recommended. It will take some time for both the compiler and the necessary kernel changes to stabilize before gcc 3.0 can be used with confidence. The second edition of Linux Device Drivers is about to hit the shelves, at last. This edition, published by O'Reilly, is written by Alessandro Rubini and LWN editor Jonathan Corbet. It covers the 2.4 kernel through even most of the post-2.4.0 changes, and gives great attention to SMP and portability issues. It should hit the shelves around the end of the month - in the U.S., at least. More information can be found on the O'Reilly web site. The really fun part, though, is the book will be released online under the GNU Free Documentation License. The exact date of the online release is unclear - some work has to be done to prepare the DocBook source for release. The hope, however, is to get it onto the net within a month of the bookstore release. At just over 550 pages, it should be a sizeable addition to the free documentation for the Linux kernel. The FOLK project sent out an announcement of its existence on June 13. FOLK, or "Functionally Overloaded Linux Kernel," aims to combine as many interesting patches as possible into a single, integrated patch to make them all easier to try out. From the announcement: The idea isn't to worry about quality, bloat, or any other "detail", but rather to give developers one additional way to showcase ideas and give interested users a way to try things out without having to spend a lifetime finding what's out there, another lifetime upgrading the patch to the current kernel and a third lifetime fixing all the rejected diffs. In other words, it's probably not something you want to drop onto a production server, but the FOLK patch could be an interesting way of seeing what sort of work is being done out there. As of this writing, the current patch is 2.4.5-folk1.4. It includes the full 2.4.5ac15 patch, the Bad Memory patch, the Linux Doors patch, the HP plugin scheduler patch, the socket registration patch (discussed in last week's LWN kernel page), IBM's POSIX threading patch, the real-time scheduler patch, JFS, and more. It should be fun to play with - but watch out for those "details." The Linux kernel is getting too big? A recurring theme on the linux-kernel list is the complaint that the kernel tarballs have gotten too big, and that they contain far more stuff than anybody is going to use. Wouldn't it be better to split it apart, so that people could only download the code they actually need? The answer has always been something along the lines of "feel free to set up a split kernel download site, but we're too busy." The conversation usually stops there. Now, however, Michael Bacarella has done something about it. He has set up a web page allowing a user to specify which kernel subsystems are of interest; then a tarball is created containing just the desired code. The current setup is a bit rough - the choices on what to exclude are crude, and it's easy to request a kernel that will not build. But it's only intended to be a first step; future versions would probably hook into the CML2 configuration system and make much smarter choices on which code to include. Mr. Bacarella, of course, is looking for people who would like to help make a better system; drop him a note if you're interested. Run Linux on your VAX. The Linux/VAX project project announced this week that it had succeeded in booting the system on a VAXStation 3100 and running a shell there. That is, of course, a crucial milestone, and the project is to be congratulated. Even if the resulting system does claim a whopping 5.4 BogoMIPs. Your editor is thinking about that old 11/780 he first learned Unix on...moving it into the basement would be a hard sell with the wife, however... Making kernel configuration fun. Eric Raymond has evidently decided that there are not enough interfaces to the new kernel configuration system, so he has added another. This one, however, is different, being based on an ancient "interactive diagnostic" program interface: Welcome to CML2 Adventure, version 1.6.1. You are in a maze of twisty little Linux kernel options menus, all different. The main room. A sign reads `Linux Kernel Configuration System'. Passages lead off in all directions. > n The arch room. A sign reads `Processor type'. A passage leads upwards. Choose your processor architecture. A brass lantern is here. There is a row of buttons on the wall of this room. They read: X86, ALPHA, SPARC32, SPARC64, MIPS32, MIPS64, PPC, M68K, ARM, SUPERH, IA64, PARISC, S390, S390X, CRIS The button marked X86 is pressed. Perhaps this configuration mode should become the default for the Linux/VAX project? Followup: the PCI suspend/resume interface change. Last week we looked at an incompatible API change that went into 2.4.6pre3, and which upset some developers. For those who are interested, here is Patrick Mochel's justification for the change. While there seems to be a consensus that the change makes sense technically, not everybody thinks it should have been now. Quoting Jeff Garzik: Anyway I beg you -- please consider API changes more carefully in the future, even if Quick Draw Torvalds does not. The changes that occured here are immaterial: the principle of the stable series is what is at stake here.
Interestingly, Linus felt the need to deny that Mr. Mochel's employment at Transmeta had anything to do with the change being included - despite the fact that nobody had (publicly, at least) made any such allegation. The real conclusion that should be drawn here, perhaps, is that it is past time for the 2.5 series to begin. 2.4 has not truly stabilized, but it is getting closer and a lot of the remaining problems (virtual memory being at the top of the list) are not those that can be addressed by most kernel hackers. Perhaps it is time to start the new development tree, and future API changes can go there. Linux/PPC has a new maintainer. Cort Dougan has announced that he is stepping down as the maintainer of the PowerPC port of the Linux kernel. Mr. Dougan has filled this role for several years, and has been widely respected for his leadership with this port. The new maintainer will be Paul Mackerras. He posted an acceptance speech of sorts; we wish him luck. Other patches and updates released this week include:
Section Editor: Jonathan Corbet |
June 21, 2001 For other kernel news, see: Other resources: |
Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Distributions page.
Lists of Distributions |
DistributionsPlease note that security updates from the various distributions are covered in the security section. News and EditorialsAgenda-VR. The addition of Agenda-VR to our distributions list marked the perfect opportunity to split handheld distributions out of the general embedded distribution lists. Given the growing popularity of PDAs, the pace of the Linux development in this field and the likelihood that playing with the OS on your Linux PDA might be the primary reason you chose to purchase it, separating out Linux Distributions for PDAs seemed like the "right" thing to do. Agenda-VR is the Linux distribution that runs on the Agenda VR3 PDA. They've got a nice, interactive tour on their site of the product from the website and provide information on both the old and new versions of their OS. Unfortunately, when we tried to download the software, the links were not working. Other useful resources include Russell Stuart's Agenda Development Page, which gives tips on downloading and compiling code, and the SNOW compiler for the Agenda PDA. SNOW is an application binary interface for the MIPS CPU architecture developed initially by Jay Carlson and adapted for the Agenda by Shane Nay. It produces shared libraries that are loaded at a fixed location in memory, similar to some of the older Linux shared libraries, providing enhanced performance in exchange for the time involved in tracking library location and relinking programs when libraries are modified. [Thanks to Tony Audas]. Estimating the size of GNU/Linux.
David Wheeler has released More
Than a Gigabuck: Estimating GNU/Linux's Size, his second
white-paper to address the size and development costs of Linux.
It analyzes the source code from Red Hat 7.1 to draw a number
of conclusions, including:
New DistributionsSentry Firewall CD. Sentry Firewall CD is a Slackware-based (currently Slackware 7.1) distribution that fits on a single bootable CDROM and takes configuration information from either a floppy drive or a local hard drive. As the name suggests, it is tailored primarily to provide a basic firewall environment. In addition, it can also serve as an intrusion detection node. In both cases, the advantage of running off the CDROM is that, even if hacked, the base operating system cannot be modified. So a reboot with a backup configuration floppy, for example, should get a damaged firewall back up and running immediately. Running the configuration off a read-protect floppy, rather than the internal hard drive, decreases the vulnerability of the system one step further. Sentry Firewall CD is also hosted on Sourceforge. Thanks to David A. Bandel for the reference. Distribution NewsLinux-Mandrake News. The second release of MandrakeFreq is now available. This is a snapshot of the still-in-development Linux-Mandrake 8.0 and is intended only for power-users that like to live life on the bleeding edge. It includes KDE2.2alpha2, Linux 2.4.5, XFree86 4.1, Evolution 0.10, Nautilus 1.03 and Mozilla 0.9.1. This week's Linux-Mandrake Community Newsletter reports the opening of MandrakeBizcases.com, a new site where business users can share their experiences using Linux-Mandrake products. They also provide a Mini-FAQ about the PPC beta released last week, including what hardware it supports, where the files can be downloaded and how to start the installation. We were also pleased this week to hear of the creation of the Mandrake Cooker Weekly News (this week's version is permanently archived at this address), a new weekly feature that will be following the bleeding development edge at Linux-Mandrake. It promises "concise, hot information" on what they are currently developing internally, what new packages are available, development policy issues being discussed, etc. It will be available either as an email newsletter or on the web. Between these two new features and Mandrake Forum, the availability of information on Linux-Mandrake is starting to rival that of volunteer distributions like Debian, where almost all information is available on-line. It is a model we strongly encourage for all distributions or development projects, since such a news source can do a lot to bind a community together, as well as providing a valuable historic resource. Red Hat News. XFree86 4.1 is in Rawhide. People using it should note, however, that Red Hat removed libXIE.so from XFree86 4.1 when they installed it because the XFree86 team deprecates the use of that library. Unfortunately, Mozilla 0.9.1 uses that library. As a result, libXIE.so will go back into the next Rawhide build. However, it will not be included in future official versions of Red Hat. Developers take note; use of that library will make your program incompatible with future releases of Red Hat and other distributions that follow the request of the XFree86 team. SuSE News. SuSE users reported the same problem with Mozilla 0.9.1 and XFree86 4.1.0 as mentioned above. As a result, libXIE.tar.gz should now be available for download in the XFree86 4.1.0 directory at SuSE. Installing it should fix the problem. Meanwhile, US-based SuSE users will be cheered to hear that deliveries of SuSE 7.2 in the US were reported starting on June 18th. Slackware News. On Thursday, June 15th, the Intel Changelog indicated that current had been frozen in preparation for the upcoming release. That did not prevent, though, the addition of Gcc 3.0 on an "experimental" basis or an upgrade of Qt to version 2.3.1. Several people commented that they have been using -current extensively and consider it to be highly stable. Meanwhile, Patrick Volkerding again stated that the official release of Slackware 8.0 will be "soon". On the bug-fix side, a patch to lpr went in for a known problem and updates to fetchmail and rxvt went in to resolve security issues. Several ham packages were upgraded by Arno Verhoeven. A LILO configuration problem that was causing partition tables to be rewritten at boot was resolved. e2fsprogs was downgraded to 1.19. No Changelog entries went in for the Alpha or Sparc platforms. A new version of the Slackware Package Management System was released this week, version 0.1.3. It now supports one-step packaging, and "automagic" document copying in addition to cleanups to the code. Caldera News. This past week, some members of the caldera-users mailing list began to speak openly of moving to alternate distributions, due to frustration with Caldera and the lack of recent releases. No specific links are provided, since members of such a list should have the right to vent a bit without becoming a media focus. Nonetheless, if Caldera is still interested in having a user community, we certainly hope they are reading their own mailing lists. These people liked OpenLinux and don't want to leave it, but felt they are reaching a point where they have no choice. Only a day or so later, an unofficial comment was posted that OpenLinux Workstation 3.1 will be released on the 29th of June. Debian News. The Kernel Cousin Debian Hurd shows a lot of active development over the past week. A problem with getsockopt() has been fixed. Conflicts between packages using high port numbers for network connections became a topic of conversation this week. It was quickly agreed that Debian needed to produce a mechanism to prevent conflict between packages, even though all high numbered ports are "up for grab", as an expected part of the "integration process" that any distributor provides. The mechanism by which they will prevent conflicts has not yet been chosen. A separate port registry, additions to /etc/services, or using the IANA registration were mentioned as possibilities. KRUD News. The next monthly release of KRUD 7.1 will contain all the library updates needed for installing gnucash 1.6.0. Sean Reifschneider reported that the libraries that needed updating all installed without problems. KRUD 7.1 is based on Red Hat 7.1, but comes as a subscription service with a new CD each month, bundled with all related security and bug fix updates, as well as additional software chosen by tummy.com.
Trustix Secure Linux 1.4.90 released. Trustix Secure Linux 1.4.90, the beta release of this distribution before 1.5 comes out, has been released. It contains a number of new features; it also has incompatibilities with the last stable release (1.2), so prospective users should proceed with care. RTLinux News. FSMLabs announced this week that RTLinux now supports the Motorola PowerPC 860. It is currently available, along with the RTLinux Development Kit for several PowerPC 860 evaluation boards. Coyote News. The Embedded Coyote Linux distribution is nearing a usable state. Automatically-updated ISO images are available for those that would like to check it out. Minor Distribution updates
Distribution ReviewsThe e-smith server and gateway (Linux Journal). The Linux Journal reviews the e-smith server and gateway distribution. "In some ways, having problems while doing a review is not such a bad thing. You get to call tech support which gives you a feel for how quickly your questions and concerns will be answered. I am happy to report that not only did I not have to wait in a queue, but the person I spoke with was knowledgeable, helpful and open to the suggestions I made regarding the whole installation process." Review: Red Hat Linux 7.1 (Duke of URL). This review of Red Hat Linux 7.1 finds, once again, that the .1 release cleans up well after the .0 version. "They have overcome almost all of the issues with the premature release of gcc 2.96 in version 7.0. They have again provided gcc 2.96 but this time it works well and can compile to the standards for both C and C++. They have also increased their currency by allowing a properly configured KDE to be included with the distribution. Thus catering to both desktop environment crowds. The inclusion of XFree86 4.0.3 and the anti-aliased xft render extension by default is also a nice touch." Thanks to contributors. We want to thank readers who have written in to nit-pick on the categorization of various distributions, contribute new distribution links and more. This does a great deal to improve the quality of our information and it is much appreciated. Particular thanks go this week to Daniel James. Section Editor: Liz Coolbaugh |
June 21, 2001
Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.
|
Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters See also: last week's On the Desktop page.
|
On The DesktopNetscape 6.1. Late last week, right after our Weekly edition was published, Netscape officially released another version of their popular browser. C|Net reviewed this new release, Netscape 6.1PR1, and gave it a positive, though cautious, mark.
Some of the updated features and enhancements for 6.1PR1 include:
Commentaries from various news sites have reported that the 6.1 release is just a bargaining chip for AOL in its current negotiations with Microsoft over cross-licensing deals. But Netscape President Jim Bankoff has been quoted as saying that in 6 months people won't think of Netscape as a browser company. Whether that means the company might be dropping the browser (which is unlikely) or simply relegating it to a lower priority (much more probable) remains to be seen. Most reports seem to think Bankoff's comments reflect Netscape's expected growth spurt, where they take the innards of the browser to make media tools for business. Despite the advances, the PR1 release isn't quite ready for the masses. One of the known problems for Linux systems is that images are not displayed if they are either resized using the height or width attributes, or resized dynamically, from the actual image dimensions. Additionally, themes designed for the 6.0 release won't work with 6.1 due to changes in the XUL specification. Wired reported that page loads were faster and entire pages loaded at once, meaning graphics and text displayed at the same time. This isn't exactly true - it depends on the site visited and connection speed, but image loading is definitely much faster. The same Wired story noted that the pull down menus at Sony.com didn't work at all, but LWN.net found that one set of menus worked and another didn't. A stock Mozilla 0.9.1 presented the same problem. Perhaps drop down menus can't be displayed over another drop down menu. What we did find was that Netscape 6.1PR1 is quite the resource hog, chewing up memory to the exclusion of all other applications on a Red Hat Linux 6.2 system, eventually forcing us to kill the application lest we lose our X session entirely. Users interested in following the Mozilla/Netscape 6.x releases can find additional information from the NewZilla Web site, where tips on using Netscape 6 can also be found. pilot-link redux. More information on the pilot-link project came to light this week. First, as soon as the new servers are moved across the US, the new pilot-link.org site will go live. This site is currently maintained at the gnu-designs web site. Additionally, a new bug database went live (at the current site) this week for reporting problems in the pilot-link package. Finally, and most importantly, a new release of pilot-link, version 0.9.5, has hit the streets. Autoinstalling - Ximian Debian. The usefulness of Ximian's Red Carpet installer for Red Hat based systems was discussed in the May 24th, 2001 edition of On the Desktop. After that we received word that Ximian also provides a version of Red Carpet for Debian Woody and Debian Potato. In fact, there appears to be versions of Red Carpet for LinuxPPC, Mandrake, SuSE, and Turbolinux as well. (Thanks to Mark L. Kahnt) Open-source music format ready to play (ZDNet). ZDNet looks at the upcoming 1.0 release of Ogg Vorbis, the open source music format. "The version set for release Sunday will officially be a "release candidate"--containing essentially everything that will be in the final version but still being checked by its users for last-minute flaws." LWN.net Book Review: The New XFree86. LWN.net senior editor Michael J. Hammel reviews Prima Tech's The New XFree86, by Bill Ball. "The meat of XFree86 is in the libraries and X server and this text simply doesn't go into detail for either of these." Desktop EnvironmentsGNOME Summary for June 10 - June 16. The weekly summary of the GNOME world has been posted. Highlights this week include an update on the progress of 2.0, the XFree86 technical conference, and the rebirth of the eazel-hacking automated build system. GNOME Board meeting 12 June 2001. The minutes of the latest GNOME Board meeting have been published. The most interesting note is that the X Technical Conference appears to have been revived for this years ALS conference. People behind KDE: Kurt Granroth. Kurt Granroth, SuSE employee and KDE core developer in the US, is interviewed in another of this long running series from KDE.org. "SuSE has me on as a full-time KDE developer. They give me nearly complete freedom to work on what's necessary and pay well. All in all, it's as close to a perfect job as anybody could realistically expect." Kernel Cousin KDE #14. This week's KDE kernel cousin covers discussions on a new keyboard shortcut scheme, design differences between the vector drawing tools Karbon and KIllustrator, and discussions on what the KDE League really is all about. GNUStep Weekly Update. The latest GNUStep Weekly Update showed up late last week. The big news is the upgrades to gcc which will help alleviate the problems encountered which prevented using gcc to build GNUStep in the past. Office ApplicationsOpenOffice releases new build candidate. The OpenOffice project (aka StarOffice) released the build 632 on Tuesday this week. The release notes say that the Berkeley DB is now included with the distribution, after they reached an agreement with the authors of that open source database. Keeping up AbiWord. The latest edition of the AbiWord Weekly News #48 came out this week. Focus on Infusion (KDE Dot News). KDE Dot News reviews the recently uncovered office application known as Infusion. "Infusion aspires to compete with the likes of Aethera, Magellan, Evolution, and yes, Microsoft Outlook+Exchange. Is Infusion there yet? Nope. But from what I've seen, I've certainly been impressed by Citadel/UX, and once I managed to get Infusion compiled, I was able to enjoy some neat functionality." Desktop ApplicationsKDE PIM Roadmap. A project to help develop a roadmap for developers interested in working on KDE PIM, culminating in a PIM developer gathering in late 2001, has been proposed to the KDE PIM mailing list. And in other news...XFree86 4.1.0 (Duke of URL). The Duke of URL takes an indepth look at the recently released XFree86 4.1. "4.1.0 features support for not only new cards, but also strengthens the support for some cards. It also seems that a lot of time, the Alpha platform gets ignored along with the *BSDs, but this version changes that. With 4.1.0, Linux/PPC finally has DRI support, FreeBSD has i810/i815 support, and Alpha/Linux finally has jumped on the bandwagon with support for the ATI Radeon." December 2001 Convergence (LinuxMedNews). LinuxMedNews creator Ignacio Valdez says that the Linux Desktop is close, but world domination won't be here till December. "My wife who is as non-technical as can be uses it also for school and documents using StarOffice 5.2. Then again, she has me to admin her machine. There are some end-user experience issues which keep Linux out of the reach of the masses: 1) Installation of video and sound as well as other installation difficulties remain an issue. 2) Anti-aliased fonts are not widely available through all the distributions. 3) A browser with the familiar Netscape name is not currently competitive. 4) Some application software is either a) not ready, b) not as good as applications such as MS-Office, or c) ready and superior to its Windows equilvalents (see my recent article on scanning) but requires more effort and knowledge on the part of the user to find and use." If desktop Linux is viable, thank some unlikely spokespeople (ZDNet). Henry Kingman, Senior Producer of ZDNet's Linux Center, says that the only real problem for Linux is it needs a stronger mainstream media presence. "PR [from RMS, Eric Raymand and Bruce Perens] can only go so far. Without proponents among the ranks of media professionals, I wonder if desktop Linux has very much of a chance." His comments are meant to entice mainstream publishers to produce more Linux pieces, to open the publics awareness to the alternatives of open source. My plan for getting Linux on the desktop (ZDNet). The same author that gave us 9 reasons why not to use Linux on the desktop last week, now continues with 10 issues to face to get Linux onto more desktops. "The only real way I see Linux becoming anything like a common desktop operating system would be for Microsoft to endorse it. Figure out the likelihood of this and you'll have a fairly precise measure of the chances Linux has of becoming a real desktop player." Section Editor: Michael J. Hammel |
June 21, 2001
| ||
Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Development page. |
Development projectsNews and EditorialsGnu Compiler Collection Version 3.0Version 3.0 of GCC, the GNU Compiler Collection, has been announced. GCC, provides compilers for the languages C, C++, Objective C, Fortran, and now Java. GCC works on a wide variety of processor platforms. GCC is, of course, licensed under the GPL license. The list of major new features in GCC 3.0 includes:
For a complete and detailed list of the new features, see the official GCC 3.0 New Features document. ZD Net is running an article about GCC 3.0 by Stephen Shankland which looks at some of the history behind GCC. The article points out that even Microsoft, despite its recent criticisms of the GPL, has a project known as Interix which features GCC as one of the key components. No doubt, it will take a while for GCC 3.0 to show up in the major Linux distributions. Recompiling all of the code that makes up an entire distribution will, no doubt, take some time and will reveal new bugs in the compiler and the source code. Progress marches on. For those of you who want to get started playing with GCC 3.0, downloads are available here. AudioOgg Vorbis decode RC 1. Release candidate 1 of the Ogg Vorbis decoder library has been released. "This release is a 100% feature complete implementation of the Ogg Vorbis decoder libraries." Ogg Vorbis is an open source audio compression scheme with capabilities similar to the popular MP3 format. Work is also progressing on the accompanying encoding tools. Ecawave 0.4.0 released. Version 0.4.0 of the Ecawave graphical sound editing tool has been released. This is considered to be a stable release. This version features bug fixes, and no more dependency on Qt. DatabasesTypes of JOINs (O'Reilly OnLamp). John Paul Ashenfelter discusses the details of database JOINs in an O'Reilly OnLamp article. "One of the fundamental challenges in understanding SQL is becoming comfortable with thinking about data in terms of mathematical sets and relational algebra. This is similar to the challenge procedural programmers face when making the transition to object-oriented languages -- things are just simply different and the old rules simply don't apply. Joins force you to think in a set-oriented way." DocumentationLDP Weekly News. The Linux Documentation Project had a busy week, with 19 updated documents, including an updated Linux Installation HOWTO from Eric Raymond. Three new documents are also available, the GNU/Linux Post-Installation Checklist, the Home Electrical Device mini HOWTO, and the Linux Loadable Kernel Module HOWTO. Embedded SystemsEmbedded Linux Newsletter for June 14th, 2001. The Embedded Linux Newsletter this week mentioned formation of an industry group to standardize embedded Linux for set top boxes. The formation of the new group, known as the TV Linux Alliance, is summarized along with many other stories in the weekly Embedded Linux Newsletter. InteroperabilityWine Weekly News issue 22. Issue 22 of the Wine Weekly News has been published. Included is a discussion of getting ActiveX working with Konqueror, talk of building a Wine kernel module, and information on the applicability of the Stanford kernel checker to other projects, among other things. Network ManagementOpenNMS Update for June 20, 2001. The June 20, 2001 issue of the OpenNMS Update covers the announced delay of 0.7.6 due to bugs uncovered during the beta test of that release. Other project status information is also included. Printing SystemsOmni Printer Driver version 0.3 released. Version 0.3 of the Omni Printer Driver has been released. This version features a number of new features that are documented in the Changelog. ScienceStallman: Science must `push copyright aside' (nature). Nature.com is running an article by Richard Stallman in which he discusses copyright issues and dissemination of scientific literature. "The modern technology for scientific publishing, however, is the World Wide Web. What rules would best ensure the maximum dissemination of scientific articles, and knowledge, on the Web? Articles should be distributed in non-proprietary formats, with open access for all. And everyone should have the right to `mirror' articles; that is, to republish them verbatim with proper attribution." Web-site DevelopmentZope Weekly News for June 17, 2001. The Zope Weekly News for June 17th, 2001 is available. This edition covers the upcoming EuroZope conference, a new Zope Developer's Guide, and Zope-cmf. Midgard Weekly Summary. This week's Midgard Weekly Summary includes a note on case study plans and the new Nadmin Studio 1.4 interface. New ZODB release. Andrew Kuchling has announced a new release of the Zope Object Database. The ZODB release contains just the object data store, without the rest of the Zope structure; it can be a most useful tool for people wanting to write Python applications with persistent objects, but who are not interested in the Zope web application framework. mod_lisp 2.0 released. A completely rewritten version of mod_lisp, the Apache web server plug-in has been released. Mod_lisp is released under a FreeBSD style license and the code is considered to be beta level. Window SystemsGTK+ 1.3.6 released. A new release of the GTK+ libraries is now available to developers. This release makes the set of four libraries included in the pre-2.0 line a single distribution which can be built with a single configure/make/make install sequence. Libraries included in this package include GLib, Pango (the new text rendering library), Atk (a new accessibility library) and GTK. Note that the API is mostly frozen at this point and no major API changes are expected before the 2.0 release. MiscellaneousIBM iSCSI and Itanium projects (IBM). IBM has published updated information for two development projects. The iSCSI project site provides CVS access to kernel updates and information on the SCSI-over-IP project. The AlphaWorks site contains information on an updated Developer Kit for the Itanium processor with support for glibc 2.2 on Red Hat Linux 7.1 and Turbolinux.. Section Editor: Forrest Cook |
June 21, 2001
|
|
Programming LanguagesCcURL 7.8 available. A new release of cURL has been announced. "Curl is a tool for transferring files with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, GOPHER, TELNET, DICT, FILE and LDAP. Curl supports HTTPS certificates, HTTP POST, HTTP PUT, FTP uploading, kerberos, HTTP form based upload, proxies, cookies, user+password authentication, file transfer resume, http proxy tunneling and a busload of other useful tricks." A new version of the Python extension to the cURL library, pycURL, is also available. CamlCaml Weekly News for June 12 through 19, 2001. The June 12 through 19, 2001 issue of the Caml Weekl News is available. Topics include interfacing C threads with O'caml, ocamlweb 1.0, and several new English language introductions to O'Caml. HaskellGlasgow Haskell Compiler 5.00.2 released. Version 5.00.2 of the Glasgow Haskell Compiler (GHC) has been announced. This release contains a number of bug fixes. Also, version 1.06 of the York Haskell Compiler (nhc98) has been released with its own set of bug fixes and some new features. JavaTake command of your client/server apps (IBM developerWorks). Barry A. Fiegenbaum discusses Java client/server programming in an IBM developerWorks article. "The Java language, with its easy access to TCP/IP-based sockets and its ability to stream objects over them, makes it easy to exchange command messages between clients and their associated servers". LispcCLan News debut. The first edition of the Comprehensive Common Lisp Archive Network (cCLan) News has been announced. The cCLan site is just coming together, expect to see more as time passes. PerlNew XML-RPC suite for Perl: RPC::XML (use Perl). The first full release of the Perl XML-RPC package has been announced. "The module includes a client class, a basic server class (that uses your choice of HTTP::Daemon or Net::Server as a transport layer) and a subclass of the basic server that hooks in as a mod_perl content handler." PHPPHP and Java (O'Reilly's onLamp). W J Gilmore looks at the Java extension for PHP in an O'Reilly onLamp article. "Do PHP developers ever sleep? I'm starting to wonder what these caffeine-entranced insomniacs are going to think of next. I'm asking this question because I can't seem to understand how PHP always seems to have just the right extension to accomplish the task at-hand." PythonDr. Dobb's Python-URL! for June 18, 2001. The June 18, 2001 issue of the Python-URL! has been published by Dr. Dobb's. Topics include version 0.3 of the Quixote Web development toolkit, a new ZODB and ZEO package, PyClimate 1.1 for looking at atmospheric and oceanic data, a post from Guido about GPL issues that have been fixed since Python 1.61, and a new tutorial on floating point. Python 2.0.1c1 released. Guido van Rossum has announced Python 2.0.1c1. While this is mostly a bugfix release, the major news is that this version is now fully compatible with the GPL license. A plan to make a GPL compatible version of Python 2.1.1 was also mentioned. That release should show up within a month. QuantLib-Python 0.1.9 released. Version 0.1.9 of QuantLib-Python has been announced. "QuantLib-Python is the SWIG Python wrap of QuantLib. QuantLib (http://quantlib.org) is a C++ open source library for quantitative finance." Rubydebut of the Ruby Garden news portal. A news portal for the Ruby language has been set up. Check out Ruby Garden for the latest happenings in the world of Ruby. SmalltalkSqueak News e-zine. Squeak News, a new interactive online e-zine that is dedicated to the use of the open source Squeak smalltalk compiler, has been announced. Tcl/TkDr. Dobb's Tcl-URL! for June 18, 2001. This week's edition of the Dr. Dobb's Tcl-URL! is now available. Topics include availability of papers from the second European Tcl/Tk users meeting, Tcl install shell version 1.2, and a Tcl implementation of a Turing Machine simulation language. XML3 myths of XML (O'Reilly xml.com). Kendall Grant Clark looks at some XML myths in an O'Reilly xml.com article:
MiscellaneousUnix's lessons for component architectures (IBM developerWorks).
Peter Seebach discusses component architecture and code reuse in
this IBM developerWorks article. Section Editor: Forrest Cook |
Language Links Caml Caml Hump Tiny COBOL Erlang g95 Fortran Gnu Compiler Collection (GCC) Gnu Compiler for the Java Language (GCJ) Guile Haskell IBM Java Zone Jython Free the X3J Thirteen (Lisp) Use Perl O'Reilly's perl.com Dr. Dobbs' Perl PHP PHP Weekly Summary Daily Python-URL Python.org Python.faqts Python Eggs Ruby Ruby Garden MIT Scheme Schemers Squeak Smalltalk Why Smalltalk Tcl Developer Xchange Tcl-tk.net O'Reilly's XML.com Regular Expressions |
Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Commerce page. |
Linux and BusinessCompaq Announces New Linux Initiatives. Compaq is not usually perceived as a 'Linux company'. They do, after all, sell lots of PCs with 'Microsoft inside'. Compaq also sells more Linux-based servers than any other computer maker worldwide. Compaq has been a supporter of Linux and open source since the early 90s when they provided computers for Linus to work on. They are a driving force behind Handhelds.org and are a pioneer in clustering technology. They have been there, they've just been quiet. This week Compaq made some noise, announcing six strategic initiatives "to meet global customer demand for commercially viable Linux enterprise solutions". The initiatives cover:
IBM and Trustix launch 'Goldbox'. IBM and Trustix launched a new product called Goldbox. Goldbox is a Linux solution for small to medium sized businesses with software products from IBM and Trustix. The Goldbox solution is comprised of three IBM xSeries (Netfinity) servers, the IBM Small Business Suite for Linux, and Linux Systems Management SW (XPloy) and Firewall Security SW (XSentry) from Trustix. In addition Goldbox includes technology for managing and maintaining Linux applications running on the platform. Everything is pre-installed, pre-configured, and delivered through the IBM and Trustix distribution channel. See this white paper on Goldbox for further details. GNU Compiler Collection Version 3.0 Is Released. The Free Software Foundation has announced the 3.0 release of the GNU Compiler Collection (GCC). This version of GCC fully incorporates a native-code compiler for the Java programming language. It also includes support for the Intel IA-64 processor. GCC compliers are widely used, as can be seen from this ZDNet article. "Indeed, GCC has spread as far as Microsoft, which ships the compiler as part of its Interix software, which enables Unix software to run on Windows computers." Ask Jeeves Selects Sleepycat's Berkeley DB. Sleepycat Software, Inc. announced that Ask Jeeves, Inc. has selected Sleepycat's Berkeley DB embedded database for question answering data management. Linux Stock Index for June 14 to June 20, 2001.
LSI at closing on June 14, 2001 ... 30.12
The high for the week was 30.12
Press Releases:Open source products
Distributions and bundled products
Proprietary Products for Linux
Hardware and bundled products
Products and Services Using Linux
Products With Linux Versions
Books & Training
Partnerships
Investments and Acquisitions
Personnel & New Offices
Financial Results
Linux At Work
Other
Section Editor: Rebecca Sobol. |
June 21, 2001
|
Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Linux in the news page. |
Linux in the newsRecommended ReadingLinux laps up more of the server software market (USA Today). The mainstream press looks at Linux. USA Today summarizes much of what has been happening lately with respect to market shares and Microsoft attacks. "Inconsequential 3 years ago, the crash-resistant Linux today accounts for 10% to 27% of server software shipments, surveys show. Researcher IDC pegs Linux as the fastest-growing server software 2 years running, complicating Microsoft's hope to dominate servers as it does PC operating systems." Beware of wolves in agnostic's clothing (AnchorDeskUK). Bruce Perens responds to a recent pro-Microsoft, anti-Linux AnchorDesk editorial. "The concept of a commons has always been an essential feature of capitalism, especially for infrastructure like public roads. Open source puts software in the commons, a natural place for infrastructure, but Jack doesn't think that will work." License to FUD (ZDNet). Evan Leibovitch examines the real and perceived differences in licenses, most notably the GPL and BSD licenses. "The BSD philosophy seems to hold that creating and giving away code, then seeing it used by others, is victory and reward enough. But most of the GPL supporters disapproved of allowing "others" to close off source code and hide enhancements." Whitepaper: Linux's Future in the Embedded Market (LinuxDevices). LinuxDevices.com has a white paper on the future of Linux in the embedded market. "The overall embedded market is undergoing a major transformation both in design and functionality. Networking technologies are becoming increasingly more important for embedded developers. Driven by the proliferation of the Internet and the increasing ubiquity of embedded computer systems, devices that can communicate with other devices are becoming dominant in the embedded market." Embedded Linux set for European push (ZDNet). The ELC plans to extend its reach in Europe, including the addition of a new European Ambassador to help market embedded Linux in that marketplace. "ELC-Europe is a new body whose purpose is to "accelerate the ELC's European presence via promotion, marketing and standardization-related activities". The ELC plans to open an office in Belgium, Holland or Luxembourg soon." Embedded Linux: strong growth, European chapter. According to a LinuxDevices report, Venture Development Capital expects strong growth for the embedded Linux marketplace over the next 4 years. Additionally, LinuxDevices reports on a new European chapter of the Embedded Linux Consortium. Microsoft vs LinuxGates wades into open-source debate (News.com). Bill Gates is interviewed by C|Net and talks about how Microsoft uses open source software and how the company feels about the GPL. "The GPL, he continued, 'breaks that cycle--that is, it makes it impossible for a commercial company to use any of that work or build on any of that work. So what you saw with TCP/IP or Sendmail or the browser could never happen.'" GPL Pacman will eat your business, warns Gates (Register). Here's The Register's take on the latest wisdom from Bill Gates. "Think hard about that one - it's a little thing that runs around gobbling up everything it comes across, like alternative GUIs for Dos, disk compression, independent TCP/IP stacks, the browser market, email clients, instant messaging, digital audio and CD burning... No wait, that's something else entirely. What Bill really means is that the GPL is the Borg/bodysnatcher de nos jours, tainting everything it comes into contact with and assimilating it to The Hive." (Thanks to David Killick). Microsoft Uses Open-Source Code (Wall Street Journal). The Wall Street Journal reports that FreeBSD developers have verified that Microsoft is not only still using FreeBSD over at Hotmail, but also within the Redmond giant's own operating systems. "Software connected with the FreeBSD open-source operating system is used in several places deep inside several versions of Microsoft's Windows software, such as in the "TCP/IP" section that arranges all connections to the Internet." Why Microsoft is wary of open source (News.com). More fallout from the Microsoft attacks on Linux, including more market numbers, for what ever they might be worth. At least this time they're from IDC, which sees Linux as having gained a larger piece of the pie. "While Linux hasn't displaced Windows, it has made serious inroads. Linux accounted for 27 percent of new worldwide operating-system licenses in 2000, and Microsoft captured 41 percent of new licenses, according to IDC. Overall, Gartner estimates Linux runs on nearly 9 percent of U.S. servers, with worldwide projected sales of nearly $2.5 billion, reaching about $9 billion in 2005." Opening closed minds to open source (ZDNet). This ZDNet article by Richard French, senior vice president and general manager of the Open Source Development Network, rebuts some Microsoft FUD. "Let's be clear. It's Microsoft that diagnosed Linux as a supposed "cancer" and polarized the debate to begin with. So I'm here to offer a second opinion: Contrary to Dr. Ballmer's misinformed prognosis, the weight of evidence shows that Linux, and open source software in general, can in fact co-exist with proprietary software." Microsoft before the earthquake (LinuxUser). A recent document from Microsoft describing their perceived dangers of the GPL (in .doc format) has started to rile the masses once more. This time, LinuxUser presents an analysis and rebuttal to this latest bit of Microsoft FUD. "Of course, including a few lines of Microsoft source code in your commercial product would have a dramatic effect on your legal obligations, too: you'd soon be looking at a Microsoft lawsuit for trade secret misappropriation and copyright infringement. We almost always let you do things they absolutely prohibit. That's why we must be wrong." The campaign against Linux is uphill battle for Microsoft (Wall St. Journal/MSNBC). Recent attacks on Linux may be backfiring for Microsoft, according to this Wall Street Journal piece. "Many of the nation's biggest companies, including International Business Machines Corp. and Oracle Corp., regularly release proprietary programs that work with Linux, and TiVo Inc. built its TiVo digital video recorder on top of Linux. What's more, some other open-source software, such as FreeBSD and Apache, are distributed under an entirely different license than Linux, and have virtually no restrictions on them at all." Microsoft is not the enemy (ZDNet). Here's a ZDNet article that cautions Linux advocates against lashing out at Microsoft. "While a lot of Linux and free software creators are probably just motivated to write good code, I think others really hope to free the computing industry and all computer users from the kind of bullying and domination that Microsoft has exemplified. They seek to do this not by turning the tables on Microsoft and themselves dominating the industry and the users. That's absurd--you can't dominate anything by letting people take stuff for free. Rather, they seek to provide for those who can't afford or just don't want to buy from a domineering company." CompaniesRed Hat to play in Oracle's arena (News.com). Red Hat announced plans to roll out a new database product next week to continue their moves into the enterprise market. "Szulik said the product will continue Red Hat's support for open-source software--code developed collaboratively by programmers who freely share the underlying source code, without many of the restrictions of proprietary software such as that from Microsoft or Oracle. The database also will fit into Red Hat's plan for selling subscriptions to the company's software management services." IBM Banks on Austin, Texas, Center to Build Customer Base for Linux System. IBM's Linux Technology Center and other Austin, TX based open source companies are profiled in this story from the Austin American Statesman. "One Austin startup that's hoping to get in on the application side is Gnumatic Inc., which is developing desktop financial management software. Founder and Chief Executive Linas Vesptas anticipates eventually selling the product, Gnucash, on a CD-ROM, accompanied by the proper documentation -- just like its Windows equivalents, programs such as Quicken and Microsoft Money." Winnebago Running Linux Mail on Mainframe (TechWeb). TechWeb looks at Winnebago's use of Linux on an IBM mainframe. "Winnebago installed Linux on the mainframe in the fall. The company uses the Linux installation for Web serving, an intranet, Samba for file serving and printing, DNS and ftp serving. The advantage to running Linux on the mainframe is that Winnebago already had the mainframe; the company did not need to bring in and maintain another server." End of an affair? (Salon). Salon reports on the strong relationship between hackers and TiVo and how Andrew Tridgell's unreleased ethernet hacks for the device spurred alternative projects, and then wonders if the relationship hackers have had with the company will end now that the Napster-like hack for the TV recorder is making the rounds. "The Alviso, Calif., company has worked extremely hard to cultivate the geek community. So hard, in fact, that previous to the release of ExtractStream, another hacker who had created his own version of the software declined to release his hack to the general public after discussing it with TiVo. Why? Simply put, says open-source-software programmer Andrew Tridgell, "because TiVo is doing a damn good job." (Thanks to Paul R Hewitt) Compaq adds stability to Linux armor (News.com). Compaq has announced clustering software for Linux that was previously available for their Tru64 version of Unix and Caldera International's UnixWare. "Compaq's clustering technology will be released under a license similar to the General Public License that covers Linux, said Gary Campbell, president and chief technology officer of Compaq's Enterprise Server group. The company is working with Linux sellers--including Red Hat, SuSE and Turbolinux--to encourage adoption of the software." Compaq ramps up enterprise Linux efforts (ZDNet). Compaq is said to be irritated that IBM is being portrayed as the leader in big business support for open source software, according to this ZDNet report. "[Compaq's executive vice president in charge of its global business units Mike] Winkler countered that Compaq has invested in the open-source community for 10 years and was among the earliest proponents of Linux." Netscape Denies Browser Escape (Wired). Wired test drives Netscape 6 and finds it better, but not great, and the company has more to lose by shipping a buggy version than a late one. "Page loads are notably faster, and the page comes up all at once, as opposed to Netscape 4.x or Internet Explorer 5.5, which tend to load the page in pieces -- first the HTML, then small graphics, then the fatter content. With Netscape 6.1, the whole page pops up at once, and often very quickly." Networks promise unfettered file swapping (News.com). According to this C|Net News.com report, FreeNet has hired one of their own to finish a new release. "The largely volunteer effort has hired a paid staffer, Swedish student Oskar Sandberg, who will get $2500 for two months of work, using funds from an online donation pool. Developers hope that allowing one of their members to work full time on the project will help the completion of a new release, the first in almost a year, that finally will make Freenet faster and easier to use." ResourcesWhich OS is Fastest for High-Performance Network Applications? (SysAdminMag). SysAdmin magazine is running this article comparing Linux, Solaris (for Intel), FreeBSD, and Windows 2000 to determine which operating system (OS) runs high-performance network applications the fastest. "We found that the software application's architecture determines speed results much more than the operating system on which it runs. Our benchmarks demonstrate a 12x performance difference between process-based and asynchronous task architectures. Significantly, we found up to a 75% overall performance difference between OSes when using the most efficient asynchronous architecture. We found Linux to be the best performing operating system based on our metrics, performing 35% better than Solaris, which came in second, followed by Windows, and finally, FreeBSD." (Thanks to Michael Greminger) Smart coding pays off big (ZDNet). Red Hat + Apache 2 years ago provided 1,842 requests per second. Fast forward today and, with tuned upgrades of both packages, Red Hat + Apache reaches 4,602 Web requests per second. "Despite having a tougher workload and fewer overall CPU megahertz available, Apache on Linux showed a huge 2.5 factor speedup in just two years of development time. Some of these performance changes were in Apache, but many were in the Linux kernel itself." ReviewsTux: Built for speed (ZDNet). ZDNet reviews Red Hat Inc.'s Tux 2.0 Web server. "The fact that Tux 2.0 was also significantly faster than Windows 2000's Internet Information Server 5.0 Web server (5,137 requests per second) clearly shows the advantages of Tux's new design over that of a well-established Web server. The next version of IIS (which ships with Microsoft Corp.'s Whistler project) uses several ideas introduced by Tux, including the kernel-space design." InterviewsA talk with Paul Leroux (FreeOS.com). This interview with Paul Leroux examines the philosophy and people behind QNX, the reason the project went open source and compares QNX with Linux. "While they share programming interfaces, QNX is inherently realtime, whereas Linux is a general-purpose OS. QNX has a microkernel architecture (i.e. drivers, protocols, and file systems are dynamically upgradable, memory-protected processes), whereas Linux follows a far more traditional "monolithic" kernel architecture." MiscellaneousApplications over Freenet: a Decentralized, Anonymous Gaming API? (Linux Journal). Linux Journal is carrying an article on writing a simple gaming API over Freenet. "There are four different APIs exposed via XML-RPC in the Freenet reference implementation. The Util API supplies utility methods for determining the version of your node and other sundry items that don't concern us. The Simple API provides a one-line method call to insert and request files but is not designed to handle big files. The Chunked API allows for chunked retrieval of large files. The Streaming API allows for efficient streaming retrieval of data." Section Editor: Forrest Cook |
June 21, 2001 |
Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Announcements page. |
AnnouncementsResourcesLinux Buyer's Guide #11. The 11th edition of the Linux Buyer's Guide is out. "New chipets emerged from everyone from VIA to Intel, and even included a newcomer to the motherboard chipset scene, NVIDIA. VIA pushed DDR on the Pentium 4, Intel flexed its muscles with its new i860, and NVIDIA rolled out their new AMD-only chipset, the Crush, along with an obligation to fully support it under Linux." Tip Of The Week: locate What You're Looking For. LinuxLookup.com helps locate data or a program with the Linux locate command. EventsLinux@Work report. Aschwin Marsman was kind enough to send us a report from Linux@Work in Amsterdam, with pictures. Sponsorship for the 5th LyX Developers Meeting. The LyX team announced the sponsership of the next LyX Developers Meeting (to be held in Bozen in northern Italy between the 21st and the 26th of June, 2001) by the CCP2000 Organizing Committee. CCP2000 is a conference on Computational Physics, which took place in December 2000 in Australia. Events: June 21 - August 16, 2001.
Additional events can be found in the LWN Event Calendar. Event submissions should be sent to lwn@lwn.net in a plain text format. Web sites"Linux in Brazil" URL changes. The Linux in Brazil site has moved to a new URL. Look for it at www.linux.matrix.com.br. The change was motivated by a general upgrade (the web server was moved to a new datacenter). All the crew remains the same, as well as the service provider. User Group NewsNew email address for LUG news. LWN now has a new email address for LUG news. Please send all your LUG news to lwn-lug@lwn.net in a plain text format. News sent to this address will be reported in this space each week. Linux Surviving in the Wild. The Ottawa Canada Linux Users Group (OCLUG) is planning an outdoor meeting for the month of July. The theme is "Linux Surviving in the Wild". BBQ/picnic food, drinks, and network connectivity will be available, as well as the usual technical talks. The event is scheduled for the evening (6pm) of Thursday July 5th 2001 in Strathcona Park (weather permitting). Everyone is welcome! July events for the Linux Users Group of Davis. The next regular meeting of LUGOD will be held July 3 at Z-World in Davis, California. The topic will be Regular Expressions presented by Henry House. On July 21 LUGOD will hold a Linux Demonstration at the Davis Food Co-Op. LUG Events: June 21 - July 5, 2001.
Additional events can be found in the LWN Event Calendar. Event submissions should be sent to lwn-lug@lwn.net in a plain text format. |
June 21, 2001 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Software AnnouncementsHere are this week's Freshmeat software announcements. Freshmeat now offers the announcements sorted in two different ways: The Alphabetical List and Sorted by license |
Our software announcements are provided courtesy of FreshMeat
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Linux History page. |
This week in Linux historyThree years ago (June 25, 1998 LWN): Alan Cox had a few words to say on U.S. patent laws: There are probably now in excess of a million so called 'software patents' cripping US industry. Because the US patent system basically runs without any checking of any kind US companies file patents on anything that so much as compiles in the hope they can use it to monopolise a field and drive competitors bankrupt. Software patent problems are not limited the United States. Later in this page we will see an attempt to battle them and a specific example. ZDNet's Jesse Berst wrote: Would you like to see the rug pulled out from under Microsoft? Here's how it could happen. IBM ships and supports Linux. Oracle does Linux versions of all its products. A consortium of top vendors picks a standard Linux interface and creates a compatibility logo. When IBM announced plans to bundle and support Apache during the same week, it seemed like the corners of the rug had been tugged. These days Linux has IBM support and Oracle support. If you allow for a choice of two desktops as a standard interface then Linux has that too. And the compatibility logo? One should certainly be part of the imminent Linux Standard Base 1.0 release... Debian 2.0 went into beta. Two years ago (June 24, 1999 LWN): SuSE's financial results through March 31, 1999 showed revenues just under $10 million with 130 employees. In comparison, Red Hat's recent SEC filing reported just under $11 million and 127 employees. The common perception that Red Hat was the biggest distributor was shattered. SuSE was just as big. Unfortunately, SuSE does not release its numbers, so there is no easy way to determine the relative sizes of the two companies now. Eric Raymond spoke at Microsoft. Matt Michie wrote an editorial titled "Microsoft and the Art of War." It's tries to predict how Microsoft might respond to Linux and free software in general. Just when Microsoft thought that Unix was finally dead and buried, all these free *NIX clones spring into popularity over the Internet. Standard MS stratagems are enacted and FUD (Fear Uncertainty Doubt) was spread through their standard trade press channels.... Microsoft seems to be moving backwards in that they are once again attempting to spread FUD. Are more benchmark tests coming? Ten European industry leaders, including Linus Torvalds, raised concerns about software patents. The GNU COBOL project was born after Rildo Pragana released the source code for an old COBOL compiler he had created for MSDOS. The project, now TinyCOBOL, is still working. Bob Metcalfe predicted the death of Linux and "The Open Sores Movement". Why do I think Linux won't kill Windows? Two reasons. The Open Source Movement's ideology is utopian balderdash. And Linux is 30-year-old technology. The Open Source Movement reminds me of communism. Richard Stallman's Marx rants about the evils of the profit motive and multinational corporations. Linus Torvalds' Lenin laughs about world domination. This UserFriendly cartoon for June 10, 2001 proves that a good quote never dies.
One year ago (June 22, 2000 LWN):
The kernel hackers were busily trying to fix the 2.4 virtual memory subsystem. A year later...they're still trying... The Direct Access File System (DAFS) was announced this week. DAFS Collaborative web site. The DAFS Collaborative just demonstrated its first prototype this week. LynuxWorks released BlueCat Linux 2.0. Also released were OpenBSD 2.7, Immunix 6.2, and SuSE 7.1 beta 1. Red Hat's first quarter results showed revenues of $16 million with a $2.5 million loss. One year later, revenue is up substantially, and the loss is gone. Jesse Berst wrote: Penguins throw down your arms. The Linux battle for the desktop is a fruitless waste of time.... These days Linux is a popular choice for large enterprises and popular in the embedded space too. The "battle for the desktop" doesn't seem quite so "fruitless" anymore either. It's no wonder Microsoft is nervous. British Telecom claimed to own a patent on hyperlinks. GnuCash 1.4 was released. Complaints about library dependencies were relatively rare that time around. |
June 21, 2001
LWN Linux Timelines | ||
Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Letters page. |
Letters to the editorLetters to the editor should be sent to letters@lwn.net. Preference will be given to letters which are short, to the point, and well written. If you want your email address "anti-spammed" in some way please be sure to let us know. We do not have a policy against anonymous letters, but we will be reluctant to include them. |
June 21, 2001 |
From: "nathan r. hruby" <nhruby@arches.uga.edu> To: letters@lwn.net Subject: Error About trove Date: Thu, 14 Jun 2001 10:22:41 -0400 (EDT) In the June 14th edition of LWN, on the "Linux History" page (http://www.lwn.net/2001/0614/history.php3) you say: > Trove has not caught on in the way Eric might have liked, with one big > exception: SourceForge uses it. FreshmeatII now uses Trove as well for categorizing its entries. -n -- ...... nathan hruby - nhruby@arches.uga.edu computer support specialist department of drama and theatre http://www.drama.uga.edu/ ...... | ||
From: "Robert A. Knop Jr." <rknop@pobox.com> To: <letters@lwn.net> Subject: GnuCash 1.6 & library dependencies Date: Thu, 14 Jun 2001 06:59:35 -0700 (PDT) I understand the frusturation that you must feel trying to get GnuCash 1.6.0 to work. Fortunately for me, 1.4 serves my needs quite well, so I will stick with that for the forseeable future-- which is almost certainly when the next major revision of the distribution I use comes out. I had a similar but smaller-scale problem several months ago when I was trying to install lilypond on a mostly RH6.2-based system. Lilypond required a newer version of the guile library-- which was fine, except that the dependencies in the RPMs were such that a couple of the *other* programs on the system would *not* work with the new guile packages. In order to get the newer guile on my system, I ended up having to rebuild a number of other RPMs from source RPMs, and keep my rebuilt ones around to overwrite updates which I was automatically grabbing using scripts I'd written myself. I hate to think what would have happened if I was using just a pre-canned update service, unless it had a way of letting me mark which things were *not* to be updated. When I upgraded to RedHat 7.1. Then, at that point, installing lilypond 1.4 became simple. (I think I did have to rebuild it from the SRPM, but I didn't have to rebuild anything else, and the libraries with RH7.1 were sufficient.) There are a couple of lessons in this. The first is, if you wait a little while, the major distributions will "catch up" with the newer libraries, and things will settle down and start working. The second is, when the applications get "ahead" of the library installation for your system, most users who don't want to spend the trouble should just stick with the old version until their distribution catches up. It would be nice if applications only depended on "longstanding" versions of libraries (e.g. only Gnome 1.2, not Gnome 1.4). However, free software is chaotic, and that's one of its advantages. There is nobody keeping everything synchronized, and free software developers are perfectly free to build things that depend on development versions of libraries. Most major applications tend to have *some* version packaged to work immediately with major distributions, either by the maker of the distribution, or by the writers of the application. If a package for your distribution isn't available from the application writers, often you find it in the distribution itself, or in some add-on collection (such as RedHat's Rawhide). It may not be the latest and greatest version of the application. As long as we can wait the six months or so it takes a distribution to move forward, and don't need to run the latest version of (say) GnuCash within weeks of its release, things are not quite so dire as all of that. This might sound like fodder for Microsoftesque free-software bashing: "You can't even run the latest version of applications without being a system developer and capable of updating the libraries yourself!" On the other hand, compare the rate of release of typical free software packages to the rate of release of typical closed-source commerical packages. Free software keeps pace very well in terms of users really being able to use new version of things... it is just that the new version gets aired to the public a whole lot sooner, as opposed to closed-source commercial software where R&D departments sit on things waiting for the next release of Windows. -Rob Knop rknop@pobox.com | ||
From: Patrick Spinler <spinler.patrick@mayo.edu> To: letters@lwn.net Subject: An upcoming solution to Gnucash 1.6 dependancies Date: Thu, 14 Jun 2001 10:03:55 -0500 If you don't want to wait until the next vendor release from your distribution; The Gnucash core team plans a release of Gnucash 1.6 on CD that will install all it's needed libraries into a private area, thus allowing use of the new software without destroying your existing system. No date has yet been set for this release, however we are told to expect it "soon". -- Pat -- This message does not represent the policies or positions of the Mayo Foundation or its subsidiaries. Patrick Spinler email: Spinler.Patrick@Mayo.EDU Mayo Foundation phone: 507/284-9485 | ||
From: "Tom Cato Amundsen" <tca@gnu.org> To: letters@lwn.net Subject: gnucash 1.6 Date: Thu, 14 Jun 2001 17:38:38 +0200 Gnucash is only hard to install if you run the wrong OS. On debian unstable, I did apt-get install gnucash today, and all the correct libs are installed. -- Tom Cato Amundsen <tca@gnu.org> GNU Solfege - free eartraining, http://www.gnu.org/software/solfege/ | ||
From: John Goerzen <jgoerzen@complete.org> To: letters@lwn.net Subject: Gnucash 1.6.0 is here Date: 14 Jun 2001 10:32:18 -0500 LWN: Thank you for your article on Gnucash. I maintain the package for Debian, and wanted to let you know that Debian's sid distribution does currently have all requisite packages for a Gnucash installation, and Gnucash 1.6.0 .debs already have been uploaded to Debian and should be installed in the archive soon. People looking for an advance copy may find them here: gopher://quux.org/11/devel/debian/gnucash You should be able to install that on any current sid machine and just have it work. -- John Goerzen <jgoerzen@complete.org> www.complete.org Sr. Software Developer, Progeny Linux Systems, Inc. www.progenylinux.com #include <std_disclaimer.h> <jgoerzen@progenylinux.com> | ||
From: Herbert Thoma <tma@iis.fhg.de> To: letters@lwn.net, GnuCash <gnucash-devel@gnucash.org> Subject: LWN gnucash article Date: Thu, 14 Jun 2001 17:27:55 +0200 Hi, in your last front page you claim: "As of this writing, there is probably not a single distribution which, out of the box, provides that environment." SuSE 7.2 comes with everything that is required for GnuCash 1.6. (OK, I admit, SuSE 7.2 is out for no longer than 1 week ...) I'm a (not too active) GnuCash developer. And in spite of your article I still like LWN very much. But I do agree with the mail Bill Gribble sent to Jonathan Corbet. Regards, Herbert. -- Herbert Thoma FhG-IIS A, Studio Department Am Weichselgarten 3, 91058 Erlangen, Germany Phone: +49-9131-776-323 Fax: +49-9131-776-399 email: tma@iis.fhg.de www: http://www.iis.fhg.de/ | ||
From: dave mallery <dmallery@cia-g.com> To: <letters@lwn.net> Subject: dependency hell Date: Thu, 14 Jun 2001 12:25:15 -0600 (MDT) hi i have been using linux daily since about 1997 and saw my first computer in about 1965. the feature on gnucash fingers a really major problem. a working linux desktop is a beautiful thing, but the near impossibility of installing anything major kills it neatly. i just spent a week trying to get Corel Office 2000 to run on my r/h 7.1 machine. the initial problem is that it needs glibc2.1 or 2.0, not the 2.2 that ships. a backward compatibility problem. just installing the compatability rpm did not solve it. the install script shipped with the product does not work in this environment. only a well hidden script pointed to by an e-mail (many day latency) from support would work. further problems showed up requiring another upgrade for libaps via an rpm from their site. at this point, it will 'run' but is highly unstable and there are no more hints available. i had come to rely on their wordperfect 8 for a few years. too bad. the reason i don't just go to one of the free apps is that the fonts are few and they won't read my many hundred wp8 files. (i have not checked star yet). the big fear in the back of my mind is that as i make changes to my 7.1 install, i will either screw something up or unwittingly fork, making my system 'un-upgradable'! i have the same fear with a system on which i installed ximian. once you diverge from the r/h installation (i subscribe to krud), you may find yourself in un-charted seas. i am a reasonably experienced user facing a wall of complexity. this could rapidly become an insurmountable problem and needs some clever fixing at the system level. i'd love to use gnucash..... dave -- www.ramahcafe.com Dave Mallery Ramah Cafe 3270 Hiway 53 PO Box 520 Ramah, NM 87321 no gates no windows... running GNU/Linux free at last! Linux is a trademark of Linus Torvalds | ||
From: Joe Van Andel <vanandel@atd.ucar.edu> To: letters@lwn.net Subject: shared library hell and library version numbers Date: Fri, 15 Jun 2001 12:01:03 -0600 The "gnucash 1.6 and the dependency nightmare" article didn't explain that some library developers are contributing to the problem by *not* changing the version number of libraries when incompatable changes are made. In theory, if application X uses shared library Y.1.2, it should work with *any* version of library 1.1.2. In practice, I find that two different releases of Redhat (for example) may contain shared libraries with the same version number, but incompatible contents. Clearly, if library developers "played by the rules", I could continue to use application X with shared library Y.1.2 while using application 'Z' with shared library Y.1.3 . That is, I wouldn't need to worry (as much) about breaking existing applications when I upgrade shared libraries if all library developers would consistently change the library version suffix when incompatible changes were made. There is some irony in the fact that Microsoft has been plagued by the same issue with Dynamically Linked Libraries (DLLs). One source of instabililty in Microsoft Windows applications is that installing one application can break existing applications, because the "new" application installs its own version of DLLs that aren't compatible with the DLLs needed by an existing application. Microsoft's solution for Windows 2000 is (so-called) "enhanced sharing" of DLLs. Rather than applications being allowed to over-write the system DLLs provided by Microsoft, each application must install its own "private" copies of DLLs, which are stored with the application, rather than in the "shared", system directories. As a result, at runtime, your system might have 3 different verions of XYZ.dll loaded into memory. As much as I dislike statically linking applications, unless library developers do a more consistent job with shared library version numbering, static linking may be necessary to improve application stability. -- Joe VanAndel National Center for Atmospheric Research http://www.atd.ucar.edu/~vanandel/ Internet: vanandel@ucar.edu | ||
From: Ketil Malde <ketil@ii.uib.no> To: letters@lwn.net Subject: Executable stack and security Date: 14 Jun 2001 09:00:30 +0200 While one may argue that disabling execution of the stack doesn't really fix the problem, I don't agree with labelling it "security through obscurity". STO is about maintaining security by hoping nobody finds out about your weaknesses. Non-exec stack makes exploits more difficult, it's making the weakness a bit less weak. Calling this patch STO is, IMHO, a political statement, though from LWN it's probably unintentional. The real argument against it, I think, is that those lazy, worthless bastards[*] maintaining libc and other code may not bother to fix their buffer overruns any more. -kzm PS: Yeah, and cut the Desktop page some slack, will you? LWN *needs* desktop coverage, and I think it will sort itself out. I guess (looking at the survey) we're a bunch of dweebs who'd like more of the hard tech stuff -- personally, I like the way the kernel page is done; first the current news, then a more in-depth look at some technical details. How about some technical stuff about KParts, CORBA, XFree86 4, etc? [*] Actually, I'm being ironic. I think they'll continue to fix bugs, regardless of stack executability. -- If I haven't seen further, it is by standing in the footprints of giants | ||
From: Eric Smith <eric@brouhaha.com> To: letters@lwn.net Subject: Non-executable segments are NOT an obscurity defense Date: 14 Jun 2001 21:39:41 -0000 Gentlemen, In your 14-Jun-2001 issue, you write "non-executable segments is arguably an obscurity defense, because attacks exploiting overflow vulnerabilities that are stopped by non-executable segments can always be re-worked to be "return into libc" style attacks that bypass the non-executable segment by pointing directly at code in the code segment." That's like saying that putting a lock on my front door is an "obscurity defense" because an attacker can still pick the lock. The failure to solve 100% of the problem and eliminate related attacks does not make it an "obscurity defense". If I put a lock on my front door, but the lock was designed to open without a key if someone whistles nearby, that *might* qualify as an "obscurity defense." Note that obscurity isn't inherently bad. It is *depending* on obscurity of widely-distributed information that is bad, because you can't expect that the attacker doesn't have the necessary obscure information. Some amount of obscurity is almost always necessary for security. For instance, having a password is an "obscurity defense," because you're counting on the attacker not knowing this obscure knowledge. However, a password is a very small bit of knowledge that is ideally only known to one person. On the other hand, if a password system in a widely distributed piece of software had a fixed "back door" password coded into it, and we expected no one to find that, it would be a blatant case of "obscurity defense", because the knowledge could be (somewhat) easily obtained by anyone. Eric Smith | ||
From: Christian Hellon <xian@lisardcage.fsnet.co.uk> To: letters@lwn.net Subject: On the Desktop just hit the mark Date: Thu, 14 Jun 2001 12:40:20 +0100 (GMT+01:00) I've watched the furore over the On the Desktop section for the last few weeks, and privately agreed with those who felt that the style wasn't really in keeping with the rest of LWN. However, I decided to wait and see; it's natural that an established author, accustomed to writing and achieving success in his own style, would take a while to find the "groove" that successfully combined that with the house style of the magazine he's just joined. It looks like I was right to wait a while before passing judgement. This week's column is spot on, continuing the trend of the last couple of weeks. A belated welcome to the team, Mr Hammel, and I look forward to reading On the Desktop for a good few years to come. -- the desk lisard is at reply@lisardcage.fsnet.co.uk "i don't know why i'm crying, am i suspended in gaffa?" ____________________________________________________________ Freeserve - get your free ISP service including web-mail at: www.freeserve.co.uk | ||
From: "Alex Bennee" <Alex_Bennee@hotmail.com> To: lwn@lwn.net Subject: On having plug in protocol stacks in the Linux Kernel Date: Fri, 15 Jun 2001 10:38:42 +0100 Dear LWN, I thought I would just point out why having this pluggable interface structure would be useful. I'm in the process of trying to convince my development area (we do embedded comms) to move from our existing RTOS's (where we suffer badly from vendor lock-in) to a linux kernel. However as is common in the comms world we do use 3rd party stacks to bring our time to market down. While the eventual hope would be to move away from such expensive 3rd party stacks pragmatism must be the order of the day. By the way the stacks we use are about 50/50 split between pure source or binary only. Of course anybody could "fork" the kernel or provide a patch for the standard kernel to add in such a feature but it would be a bit more of a pain to manage. Most proprietary OS's provide standard interfaces for 3rd party stacks to plug-in. I think the kernel will suffer in the embedded world if such interfaces can't be kept in an open central way. I prefer a more pragmatic approach which allows for proprietary plugins but is not dogmatic about avoiding the possibility of non "free" software working with the kernel. Also I think "crippling" a generic patch to only work with source-level linking is a rather pointless exercise. Regards, Alex. | ||
From: "Robert A. Knop Jr." <rknop@panisse.lbl.gov> To: <letters@lwn.net> Subject: FUD "forking" resopnse Date: Fri, 15 Jun 2001 14:00:07 -0700 (PDT) A common piece of FUD about Linux and free software is that because it's not controlled by any one central authority, it may (and will and indeed been known in the past to) fork, causing confusion and balkanization for its users. The plethora of Linux distributions available is often cited as an example; it is difficult for anybody to support Linux, the argument goes, because you don't know exactly which flavor of Linux your users are using. One might make the analogy to news sources. Go to the supermarket and look around. You are likely to find a number of different mainstream news sources: Time, Newsweek, the local newspaper, etc. You will also find the National Enquirer, the Weekly World News, and other, er, less mainstream sources of news. Freedom of the Press means that anybody who wants to and can afford to can put out a newspaper. But, horrors! Without a central authority controlling the news that gets to individuals, how are we to know which news source to listen to? How are we to make heads or tails out of the reports in certain "news" sources that seem to contradict everything in other news sources? Obviously, this isn't a problem; indeed most people in the USA recognize that freedom of the press is one of the most important foundations of our society. Some people believe the Weekly World News, but most people recognize it as a source of entertainment. Based on track record, we learn which news sources to trust. What's more, each individual can figure out for himself which news source is the one that is best for him. The plethora of distributions, the "forking" of news sources isn't a problem, it's an opportunity. And, of course, the only way to "cure" this "forking" would be to elimiate freedom of the press. The analogies to free software are clear. There are lots of distributions; there are only a few major distributions. People will pick the ones that work best for them. If code forks, people at large will figure out, and the information will get out, as to which branch(es) of the code are the ones to trust, and are the ones to pay attention to. It's just not a problem, any more than having lots of fun newspapers in the checkout line at the supermarket is a problem. -Rob Knop rknop@pobox.com | ||
From: "Richard Corfield" <rjc1008@hotmail.com> To: letters@lwn.net Subject: MS documents about Linux Date: Mon, 18 Jun 2001 10:51:53 -0000 I must admit, as a cancer patient, that I see nothing in common between Linux and cancer. I remember one thing I was told in my graduate training for a well known large computer company. You should never blatantly attack the competition as Microsoft are doing now. You can sell the benefits of your product, but to just insult the competition is seen as highly unprofessional and just gives a bad image. Hopefuly people are seeing through Microsoft's "in the interests of America" approach and seeing these attacks for what they are. The text of the "Linux in retail" document is laughable. Here it resulted in explosions of giggles. I wonder sometimes if someone could write a similar document about Microsoft, but the argument about "being professional" comes in, so perhaps better not. I imagine also that Microsoft's laywers would have a field day with it. Microsoft are sounding like the baby throwing the rattle out of the pram because it can't get what it wants. Lets hope that is how the computing public will see these blind attacks and think about discovering for themselves the real differences between Microsoft and Linux. - Richard If Linux is cancer, then I suppose Windows is like chemotherapy. I'm finding that chemo has the nastier side-effects. Now who wants chemo for something non-malignant like Linux? | ||
From: Anders Holtsberg <anders.holtsberg@decuma.com> To: lwn@lwn.net Subject: About your article. Date: Wed, 20 Jun 2001 12:53:34 +0200 In the article http://www.linuxweeklynews.com/ you cite a Microsoft document: Imagine how confusing it would be if Microsoft released 188 versions of Windows and multiple versions of the GUI, each with a slightly different functionality? Wouldn't that be confusing? Wouldn't it be extremely difficult to run an enterprise solution with confidence about your future and return on investment in Microsoft products? That is the exact scenario that Linux is presently in by having so many distributions. Your answer was: You read it here: choice is bad. I have another answer: What about Microsoft's number of versions? We run a network where we develop stuff for the chinese market. We have for example one machine with chinese Win2000. Does it work? No. Our company standard swedish MS-Word won't even run on it because it generates internal temporary file names with swedish characters in them and the chinese Win2000 refuses to accept it. Result: Microsoft Win2000 programs don't work on Microsoft Win2000 operating system. If Microsoft claims they cause no problems since they don't produce a bewildering number of different operating system versions, then they are lying. Anders Holtsberg ps. by the way: in the project I am heading we use Linux, Bash, Noweb, GCC, Icon, Gawk and Octave as core tools as well as Windows and Visual C++. -- _______________________________________________________________ Anders Holtsberg Decuma AB tel +46 709 596305 Ideon Växthuset anders.holtsberg@decuma.se S-223 70 Lund, Sweden | ||