![[LWN Logo]](http://old.lwn.net/images/lcorner.png)
![[LWN.net]](http://old.lwn.net/images/bigpage.png)
|
|
|
Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise
news for all interests
 Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters
Other LWN stuff:
Archives/search
Recent features: Here is the permanent site for this page. See also: last week's LWN.
|
Leading items and editorialsCaldera's new releases and per-seat licensing. On June 26, Caldera International announced a couple of new distribution products: OpenLinux Workstation 3.1 and OpenLinux Server 3.1 Both of these releases contain a great many new features which should be of interest to Caldera users (and others); they are covered in depth on this week's Distributions page. There is another aspect of this release, however, that we'll look at here. The OpenLinux press releases and web pages say very little about licensing for these products, which could lead many to believe that OpenLinux is yet another free distribution. If, however, you dig into the OpenLinux Workstation Reviewer's Guide (warning: 5MB PDF), you'll find the following text: OpenLinux Workstation licensing has changed from previous versions. OpenLinux Workstation, as a product, is licensed per system and cannot be deployed without limit. Caldera will provide a certificate of license authenticity (COLA) with each unit sold, and Caldera expects each customer to have a COLA for each system that deploys OpenLinux Workstation.
Linux users have grown accustomed to being able to copy distributions at will. It's not uncommon for a company to buy a small number of distribution CDs and to install them on dozens or hundreds of systems. By imposing per-system licensing, Caldera is challenging that practice, and, in the process, raising some interesting issues. We'll look at Caldera's licensing from two angles; the next article goes into why Caldera is taking this path, and the following will examine whether members of the free software community are right to criticize the company. Why is Caldera doing this? Given that a move of this sort is guaranteed to provoke criticism from the free software community, what could have inspired Caldera to go with per-system licensing? We talked with John Harker, Caldera's vice president of server product management, and asked him that question. In general terms, Caldera is trying to do two things:
The folks at Caldera have made the observation that Linux has been most successful in situations where it can be made to do something right out of the box. Tasks like running web or file servers, for example. In situations where integration of tools is required, adoption of Linux has been slower. Caldera's purpose is to make a version of Linux that works "out of the box" in a wider range of situations, and to help others do the same. The company has a particular focus on independent system vendors who integrate the operating system with some other, task-specific software and resell the result. Those vendors want an operating system that "just works." Something that is stable, lacking bleeding-edge software, has a development roadmap, and will be supported by its vendor for a long time. In other words, these people want something that "looks more like a traditional operating system." Caldera will be trying to provide that system for these vendors. So the company's target is not, in general, the current set of Linux users. Caldera is thus not afraid of losing customers as a result of the new licensing. As Mr. Harker put it, Caldera may lose a number of "users," but the company does not expect its paying customers to go elsewhere. And, in fact, it expects to attract quite a few more of them through the new features in this distribution. Thus, according to Caldera, the company remains committed to Linux and free software, and it wants to continue to see them succeed. It's just taking a different path to make that happen. Meanwhile Caldera continues to support free software projects (including XFree86 and KDE). They are also, according to Mr. Harker, looking at whether there are any interesting parts of SCO Unix that could maybe be released under an open source license, and would appreciate input from the community on that topic. Interestingly, Linux has progressed far enough that, it would seem, traditional Unix systems have little to offer in the way of additions. Caldera has chosen a path that is unproven, to say the least. But then, that could be said of almost every Linux company. But it is a path that remains based in Linux, and is not the complete departure that some people have made it out to be. Whether it succeeds or not depends on whether the company can find customers who agree with its vision of what is needed. Should Caldera be taking this path? Needless to say, per-system licensing has drawn some criticism. Some pretty severe things have been said about this business approach and Caldera's position in the free software community. Much of the energy that has gone into that criticism might have been better expended elsewhere, however. There is no evidence that Caldera is violating the license of any free software package that it is including in its distribution. Source for free software packaged by Caldera is available - it's included in the box. Caldera is not attempting to restrict the redistribution of the free software it uses; instead, it is restricting a compilation which includes a fair number of proprietary packages. These packages, including Volution, JBuilder, and Forte, do not allow unlimited copying. So a distribution which includes them can not allow copying either. Caldera's reliance on proprietary software is neither new nor surprising. A mix of proprietary and free packages has always been part of the company's plans. This plan has always implied restrictions on copying; it is, perhaps, a bit late to criticise Caldera at this point. There are, in fact, a couple of good aspects to Caldera's techniques. Here's why free software advocates should be glad that Caldera is taking this approach:
It would be difficult to overemphasize that second point. History is full of captive IBM, DEC, CDC, etc. shops which found themselves in a difficult position when their vendors failed them. No Linux shop need ever fear that fate. Transitioning to a new distribution is not without its challenges, but those challenges are miniscule even compared to switching between proprietary Unix variants. Any Caldera user who is unhappy with the new licensing will find several other, well-engineered, well-supported distributions waiting. So Caldera is causing little, if any, harm with this approach. In the best (for Caldera) scenario, it will have found a way to add value to Linux that suits its customers, and the company will flourish. Otherwise, its users will make their feelings clear by voting with their feet for one of the many alternatives. Either way, we're seeing a demonstration of the freedoms that come with free software. The end of the Alpha. Compaq this week announced a new deal with Intel. The end result will likely be the end of the Alpha processor architecture, and a reduction of choices for Linux users. The details: Compaq will be moving away from the Alpha processor, which it picked up as part of its acquisition of Digital Equipment Corporation a few years ago. In the future, Compaq expects to use the Itanium processor for all of its 64-bit servers. Much of the Alpha technology, and staff that goes along with it, will be transfered to Intel. This isn't happening right away, of course; Compaq is trying to give advance warning to its Alpha customers. Thus, for example, the goal of having all Compaq 64-bit servers using Itanium isn't to be met until 2004. In the mean time, new Alpha-based servers and a new generation of Alpha processors will be forthcoming. Of course, Compaq isn't the only company working with the Alpha processor; most of them are made by Samsung, and an important partner is API Networks. We talked with a couple of managers at API (Guy Ludden, senior marketing manager and Tom Morris, director of product strategy) about API's plans for the Alpha. API sees no real impact in the short term (the next couple of years), but they acknowledge that there is little chance of the Alpha living on after Compaq loses interest. The more cynical among us have been heard to mutter that the Alpha will live on in the form of new Itanium processors that actually work. But we can't speak to that. In truth, the Alpha appears to be dead. The Alpha processor is important to Linux historically, of course. Way back in the beginning, Linus didn't think that Linux would ever run on anything other than the 386: I'd say that porting is impossible. It's mostly in C, but most people wouldn't call what I write C. It uses every conceivable feature of the 386 I could find, as it was also a project to teach me about the 386.
Now, of course, Linux is one of the most portable (and ported) operating systems available. That change came about when Jon 'maddog' Hall, then working at DEC, got an Alpha-based system delivered to Linus in 1994. Since then, Linux has been ported to numerous systems, but the Alpha has retained a strong following. It remains the processor of choice for people building high-end clusters, and for anybody with serious processing requirements in general. Many users will be sad to see it go. What is truly unfortunate, though, is the reduction in choices for all Linux users. The end of the Alpha takes us a little closer to a world completely dominated by a single processor architecture. And that, of course, can not possibly be good for anybody. Next week's LWN.net weekly edition will come out on Wednesday, July 4, so that we can enjoy the U.S. Independence Day holiday. We'll return to our normal schedule the following week. Inside this week's Linux Weekly News:
This Week's LWN was brought to you by:
|
June 28, 2001
|
|
Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Security page. |
SecurityNews and EditorialsThe responsibility of the individual. While not laying blame on individuals for security problems, two articles this week took a look at educating non-experts about what they can do to help. The Defense Department talked about simple things to do to make life harder for the bad guys. "Use different passwords at Web sites and on every machine you use. Reject all site and system offers to "remember" you and your password. Bad guys know many people use just one password, so attacking an easily hacked site gives them "skeleton keys" to tough ones". Meanwhile, a survey of British employees took a look at bad password practices. "The survey, conducted by UK domain registry CentralNic, revealed that nearly half of the workers polled use their own name or a nickname and a third used a favorite sports team or celebrity for their passwords". This is one lesson we've seen taught over and over again for the past twenty years. Yet there are still people who haven't heard it yet. Multi-nation cybercrime pact gets OK (ZDNet). ZDNet's Robert Lemos reported on ratification of the Convention on Cyber-Crime by a committee on crimes for the Council of Europe. "Last month, the European Committee on Crime Problems bowed to pressure from international rights groups and included some provisions in the treaty to limit surveillance to criminal investigations and added some safeguards to civil liberties. But it's still not enough, [James X.] Dempsey said. 'Unfortunately, it remains a fundamentally imbalanced document,' he said". Ethics challenge' softens hacker con (SecurityFocus). SecurityFocus reports on a planned CyberEthical Surfivor, a new challenge planned for this year's Def Con Nine conference, being held July 13th through the 15th in Las Vegas, Nevada, USA. "CyberEthical Surfivor will pit two teams of nine hackers head-to-head in a public struggle with weighty moral decisions. Example: You are seventeen-years-old, about to graduate to an Ivy League university when a vindictive teacher monkey-wrenches your academic dreams by wrongly flunking you on a final exam. The Principal won't listen to you. Should you crack the school's computer and give yourself the grade you deserve?" Security ReportsNasty Samba security hole. The Samba team sent out an urgent security advisory regarding a remotely-exploitable hole in all versions of the code. The security hole involves the use of the '%m' macro in /etc/smb.conf. Replacing '%m' with '%I' is one possible workaround. Note that not all distributions are vulnerable by default. Nonetheless, the Samba team has made patches available and an upgrade is strongly recommended, since this can potentially be exploited to overwrite a Samba log file to gain root access.The vulnerability was originally found and reported by Michal Zalewski.
OpenSSH PAM session evasion vulnerability. Christian Kraemer reported that OpenSSH fails to call pam_open_session if no pty is used. As a result, on a system where PAM is used to enforce additional login restrictions, OpenSSH can be used to evade such restrictions. OpenSSH 2.9p1 and earlier are reported vulnerable. Check BugTraq ID 2917 for more details.Portable OpenSSH team member Damien Miller acknowledged the problem, which was introduced because some PAM modules on some platforms "fail utterly or perform in unpredictable ways" when called without a controlling terminal. Meanwhile, the call to pam_open_session has been reintroduced in CVS and will be included in the next stable release. SGI Performance Co-Pilot (pmpost) symbolic link vulnerability. SGI Performance Co-Pilot is a product originally developed by SGI for use on IRIX systems. However, SGI has Open Sourced the product under the GPL and it is available for Linux systems.A symbolic link vulnerability has been reported in pmpost, one of the utilities shipped with Performance Co-Pilot. An exploit has been published. The problem can be resolved either by removing the setuid bit from pmpost or by upgrading to Performance Co-Pilot version 2.2.1-3. ePerl preprocessor input validation vulnerability. ePerl, also known as Embedded Perl, expands Perl 5 programming statements within text files. It can be used as a filter to generate files or as a webserver scripting language. David Madison reported that all C-based versions of ePerl, including the current versions 2.2.14, appeared to be vulnerable to an input verification vulnerability. When including untrusted files, ePerl fails to prevent such files from, in turn, including additional files without filtering perl commands from such files. Workarounds for the problem exist. Alternately, David suggested using the perl-based ePerl instead of the C-based version. w3m buffer overflow vulnerability. w3m is a text-based browser similar to Lynx. A buffer overflow in w3m can be triggered when a base-64 encoded string longer than 32 characters is found in a MIME header field. Source code patches to fix the problem were posted to the w3m developers' list.cfingerd buffer overflow and format string vulnerabilities. Both a buffer overflow and a format string vulnerability were reported this week in cfingerd by Steven Van Acker, who also provided unofficial patches for resolving the problems. These vulnerabilities can be exploited locally to gain elevated privileges, possibly including root access. Check BugTraq ID 2914 for more details.scotty (ntping) buffer overflow. Scotty is a Tcl-based network management package. A buffer overflow has been reported in ntping, a component of scotty. This can be exploited locally to execute arbitrary code. Scotty 2.1.10 and earlier are vulnerable; scotty 2.1.11 has been released with a fix for the problem.eXtremail remote format string vulnerability. eXtremail, a freeware SMTP/POP3 mailserver (free to use, no specific license, no source found) has been reported to contain a remotely-exploitable format string vulnerability. eXtremail runs currently on Linux and AIX. It runs as root, so this vulnerability can be used by a remote attacker to gain root access on the local server running eXtremail. An exploit has been published. eXtremail 1.1.9 and earlier are affected; a binary version of eXtremail 1.1.10 has been made available to resolve the problem on Linux; no AIX version as of yet. Disabling the service is recommended until an upgrade is in place.LPRng + tetex tmplink vulnerability. Reported in Bug ID #43342 in Red Hat's Bugzilla, when both LPRng and tetex are installed, a tmplink vulnerability is created in Red Hat 7.0 and 7.1 that can result in a local attacker gaining elevated privileges. A patch is currently in Red Hat's Rawhide distribution; no advisory has been released so far. Check this posting for additional details. It is not known whether or not this might impact other distributions. GNATS-Web input verification vulnerability. GNATS-Web is a PHP-based interface for the GNATS open-source bug-tracking and problem-accounting system. Joost Pol has reported a vulnerability in gnatsweb where the name of a help file could be provided via a URL, but the input was not properly checked before being used. The problem was acknowledged by the GNATS-Web team and patches provided.web scripts. The following web scripts were reported to contain vulnerabilities:Proprietary products. The following proprietary products were reported to contain vulnerabilities:
Updatesfetchmail buffer overflow. Check the June 21st LWN Security Summary for the original report. This is remotely exploitable and could lead to root access if fetchmail is run by root. An upgrade to fetchmail 5.8.6 will resolve the problem.This week's updates: Previous updates:rxvt buffer overflow. Check the June 21st LWN Security Summary for the original report from Samuel "Zorgon" Dralet. A patch is available to fix the problem.This week's updates: Previous updates:
XFree86 X font server (xfs) denial-of-service vulnerability. Check the June 14th LWN Security Summary for the original report. This is only applicable to font servers that are listening to TCP/IP, which is likely only the case for a machine that is serving X terminals.This week's updates:
exim format string vulnerability. Check the June 14th LWN Security Summary for the original report.This week's updates: Previous updates:
ispell symbolic link vulnerabilities. Check the June 7th LWN Security Summary for the original report.This week's updates: Previous updates:
gnupg format string vulnerability. Check the May 31st LWN Security Summary for the initial report. gnupg 1.0.5 and earlier are vulnerable; gnupg 1.0.6 contains a fix for this problem and an upgrade is recommended. Werner Koch also sent out a note warning of minor build problems with gnupg 1.0.6 when compiled without gcc.This week's updates:
KDEsu tmplink vulnerability. Check the May 3rd LWN Security summary for details. Fixes for the problem are included in kdelibs-2.1.2. The KDE Project recommends an upgrade both to kdelibs-2.1.2 and to KDE 2.1.1.This week's updates:
Linux Kernel 2.4 Netfilter/IPTables vulnerability. Check the April 19th LWN Security Summary for the original report. The NetFilter team has provided a patch for Linux 2.4.3. Note that the patch may be subject to future revision; a URL is provided where the latest version can be found.This week's updates:
Samba local disk corruption vulnerability. Check the April 19th LWN Security Summary for the original report. This problem has been fixed in Samba 2.0.9 and an upgrade is recommended. Note that all versions of Samba from (and including) 1.9.17alpha4 are vulnerable (except 2.0.9, of course). BugTraq ID 2617.Note that 2.0.8 was originally believed to fix this problem, but did not. As a result, some of the original distribution updates had to be re-released with 2.0.9. Samba 2.2.0 users are not affected by this problem. This week's updates:
Apache directory listing error. Check the March 8th LWN Security Summary for the initial report. Apache 1.3.18 and earlier are vulnerable; Apache 1.3.19 contains a fix for the problem. This week's updates: Previous reports:
ncurses buffer overflow. Check the October 12th, 2000 LWN Security Summary for the initial report of this problem. Note that the buffer overflow impacts applications linked against ncurses. Such applications must be relinked against a fixed ncurses or curses library.This week's updates:
esound tmpfile link vulnerability. Check the September 7th LWN Security Summary for the original report of this problem from FreeBSD.This week's updates: Previous updates:
Resources
. EventsFinal Reminder: Black Hat Briefings. A final reminder for the Black Hat Briefings 2001 USA, scheduled for July 9th through the 12th in Las Vegas, Nevada, USA, was sent out this week. "This year's topics include: Reverse Engineering, the Honey Net Project, the CVE, 802.11b WEP security, ICMP scanning, SQL security configuration, GSM and WAP security, and more". Upcoming Security Events.
For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net. Section Editor: Liz Coolbaugh |
June 28, 2001
LWN Resources | |||||||||||||||||||||
|
Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Kernel page. |
Kernel developmentThe current kernel release is still 2.4.5. The 2.4.6pre6 prepatch came out on June 27, just as this page was going to "press." Sometimes we think Linus does it on purpose. In any case, this prepatch contains another set of fixes, and the resumption of merging from the "ac" patch series (which is currently at 2.4.5ac19). The 2.2.20 prepatch is up to 2.2.20pre6. 2.5 is coming soon. In a message on page locking, Linus let slip the following: I don't have any objections to the patch in that case, although it does end up being a 2.5.x issue as far as I'm concerned (and don't worry, 2.5.x looks like it will open in a week or two, so we're not talking about long timeframes).
That message was posted on June 21, meaning that the new development series can be expected anytime. The 2.4 kernel has had an especially long settling period - a full six months if it lasts until July 4. The kernel hackers (and others) are more than ready to have a bleeding edge to live on once again. It's certainly time. Transitioning to the new kbuild system. The approach of 2.5 has motivated the developers of the new kernel build subsystem to think about how they will effect the transition. The current plans, as last heard from Linus, call for that transition to happen somewhere around the 2.5.2 release. So it's not too soon to be wondering how it will happen. A draft transition plan has been posted to the kbuild list. The developers have decided that the first step will be to replace the configuration system with CML2. That code is stable, and it appears that an important enhancement will not be implemented soon: For you CML2 Adventure fans, Eric has decided not to implement monster combat at this time. On the other hand, the dungeon walls may soon develop graffiti.
The new Makefile scheme implemented by Keith Owens is just about ready, but there are a couple of loose ends yet to be taken care of. So the Makefiles will come second, as a large patch of their own. A third, cleanup patch will follow later. Of course, all this is subject to acceptance by Linus... Memory management I: the early flush patch. Linux, like most Unix-like systems (and most systems in general), does not immediately flush data written by processes to the disk. Data, instead, is cached in order to improve performance. By delaying writes, the system can fold multiple operations into a single write to the disk. Performance can also be improved by allowing writes to consecutive disk sectors to accumulate, so that they can all happen at once. In general, this approach works well. Recently, however, some developers have begun to question one aspect of write caching: how the system decides that it is time to write cached data to disk. Currently, the decision to write comes about in two ways: (1) the system needs memory for other purposes, or (2) the data has been sitting in memory for too long. Neither case is optimal, as it turns out. Using memory for cache until the system needs it for something else seems like a sensible policy, and it often is. In the real world, however, memory pressure is often associated with a high disk I/O load. So if the system waits until memory is short to write cache to disk, it ends up increasing the load on memory just when it's already at a high point. The result can be even worse memory pressure, an overheating disk, and possibly a thrashing system. Writing out cache on a regular basis (the second case, above) may or may not create I/O at a bad time. It can, however, create suboptimal behavior on laptops, or any other system where disks have been set to spin down after an idle period. Activity which generates data to write to disk has a good chance of having already caused the disk to spin up. If the actual write of the data is delayed up to 30 seconds, the spindown of the disk will be delayed accordingly. Both cases suggest that it might often make sense to write out cached data quickly, especially if the disks are not doing much at the time. Daniel Phillips has put together a patch which attempts to do just that. Daniel's patches are always interesting to read, since he includes a detailed and clear description of what he is doing; this one is no exception. Essentially, the patch sets up a new polling loop within the kernel which runs every 100ms. At each poll, if the I/O backlog is small, a flush of cached data will be initiated. That flush may not write out absolutely everything; it tries to fill up the I/O queues while still leaving some slack, in case a burst of activity comes along. The patch is relatively small and simple, but it has the potential of improving performance for a number of different types of workloads. And getting data written to disk sooner doesn't hurt either. (Those who want to try out the patch should see the updated version which contains a few improvements.) Memory management II: the VM requirements document. Jason McMullan recently posted a rant (his word) on how work with the VM subsystem is going. According to him, people have been bashing on virtual memory without a strong idea of just what they are trying to accomplish. He would like to see a summary of the motivations behind the VM work. What if the VM were your little Tuxigachi. A little critter that lived in your computer, handling all the memory, swap, and cache management. What would be the positive and negative feedback you'd give him to tell him how well he's doing VM?
The ensuing conversation remained calm, despite the fact that the VM hackers did not entirely agree with his summary of their work. Jason followed up a few days later with a draft VM requirements document analyzing the constraints on memory management for a number of system types, from embedded systems to servers. In particular, he looked at caching and swapping behavior. It boils down to a few rules of thumb, including:
This sort of analysis, of course, is just a first step. Turning the above items into actual strategies for the VM subsystem, and from there into code, will take some time. But it is a useful exercise in the ongoing effort to improve Linux memory management. (See also: Rik van Riel's FREENIX paper on Linux memory management, available in PDF format from his lectures page). Other patches and updates released this week include:
Section Editor: Jonathan Corbet |
June 28, 2001 For other kernel news, see: Other resources: |
|
Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Distributions page.
Lists of Distributions |
DistributionsPlease note that security updates from the various distributions are covered in the security section. News and EditorialsCaldera OpenLinux Workstation 3.1. Caldera announced its release of Caldera OpenLinux Workstation 3.1 this week, approximately 14 months after Caldera OpenLinux eDeskTop 2.4 began shipping last year. This bucks the trend of many commercial Linux distributions, with most releasing new versions between two to three times a year. Are the two products comparable? OpenLinux eDeskTop was aimed at the basic desktop user. OpenLinux Workstation clearly has a target audience among developers, specifically commercial applications developers. In addition, there is some indication that a non-targeted version, Caldera OpenLinux, will still be supported, though version 3.1 has not yet been released. What is included in Workstation 3.1? Caldera's description starts with the inclusion of Borland's Jbuilder Foundation and Sun Microsystems' Forte Java development environments. Existing Linux developers may be less interested in these tools, but application developers using them on non-Linux platforms will presumably be happy to see them. As is common with Caldera's products, don't expect to see the latest version of packages included. Both XFree86-3.3.6 and XFree86-4.0.2 are included, but the new 4.0.3 and 4.1.0 versions are not. Apache 1.3.19 is included (Apache 1.3.20 was released May 19th). Sendmail 8.11.1 is included (sendmail 8.11.4 is the current default, released May 28th). KDE 2.1 is the base for the system (KDE 2.1.1 was released March 28th). For the first time, a version of Gnome is reported to be included, not by default but available on the 'Skunkware' contrib CD that is bundled with Workstation 3.1. Note, the terminology 'Skunkware' has apparently migrated from SCO to Caldera, and refers to unsupported software. The kernel in use is linux-2.4.2. Note, however, that Caldera has likely applied many patches to this kernel, to close known bugs, while choosing not to upgrade to a later kernel in case of the introduction of new bugs. The use of older versions of the software is in keeping with Caldera's emphasis on stability. As with the kernel, the older versions may include security fixes or bugfixes that have been backported from newer versions. What is the user reaction so far? The released product appears to be pretty much what was seen in the beta, so no big surprises. As is discussed on this week's front page, licensing issues are causing many people to discuss moving to an alternate Linux distribution. SuSE, Linux-Mandrake and Linux From Scratch were discussed quite a bit. On the other hand, not everyone was upset with the decision to charge a per seat license. Those that weren't, though, were unhappy that no upgrade price was provided, meaning that people who have been buying box sets for each of their machines in the past will still pay the same price as new Caldera users. In addition, the lack of a discounted price for multiple seats caused a lot of complaints from people who maintain 10 to a 1000 machines rather than just one or two. One point made by several users was that the quality of support on the caldera-users mailing list was their reason for preferring Caldera, rather than the product itself or the support available directly from Caldera. These people were very concerned that the licensing changes would drive away many of the technical people that they had been counting on for free support. Meanwhile, some of the caldera-users members are apparently migrating over to linux-users@linux.nf, a mailing list that is not specific to any particular Linux distribution, but was created and supported in part by Caldera users looking for a new home. New DistributionsNew distribution: LNX-BBC. The LNX-BBC project has announced its existence. LNX-BBC is taking the cool Linuxcare bootable business card distribution and continuing its development and support outside the company (which appears to no longer have the resources to work on it). All of the original BBC developers are working on LNX-BBC now. They have some ambitious plans; see the announcement for details. This new distribution is having a logo contest. The deadline is August 1. Distribution NewsRed Hat News. An updated version of gcc-2.96-RH, Red Hat's tailored GNU gcc 2.96, has been made available for Red Hat 7.0 and 7.l. "This update fixes several Internal Compiler Errors on invalid input as well as some on valid input. It also fixes a number of cases where code was miscompiled". Note that they recommend all previously released patches be applied before applying this update. Also in the bug-fix vein, Red Hat users running the Linux 2.4.3 kernel or higher may be interested in their recent update to SysVinit, which fixes problems receiving input from a serial console. Red Hat announced this week the availability of Red Hat Deluxe for Compaq's AlphaServer systems. Unrelated to that, Red Hat recently replaced the original ISOs for Red Hat Linux 7.1 for the Alpha due to a packaging problem. Although the applications were fine, the dependency lists were inconsistent, causing a problem when Red Hat Network was used to update packages. The new ISOs should resolve this problem. For those of you wanting to do some IPv6 testing, Pekka Savola has made available ISOs for an IPv6-enabled Linux host/router based on Red Hat Linux 7.1. Meanwhile, on the embedded side, Red Hat announced support for the Hitachi SuperH processors for both their embedded version of Red Hat and for eCos. Debian News. The process of creating a Debian package is covered in part 2 of this series from Linux Journal. They also cover the creation of "fake" debian packages, when and why you may want to use them. The Debian project has posted the June 25th edition of the Debian Weekly News. Bleeding edge KDE 2.2 packages have been made available by Ivan E. Moore II, the location of traceroute became the topic of debate, Debian-friendly laptops were discussed and Debian's master ftp server crashed, causing testing to disappear for a day. Three new packages have been put up for adoption this past week: apt-zip, diskless and rarpd. Also included is the current list of orphaned packages and packages that have been available for adoption for some time. This past week was a difficult one for those people tracking debian-unstable. Sam Hartman put out an apology after uploading a new PAM package to unstable that broke all logins. He's got a fixed version out there now and has promised to revamp his testing procedures before the next upload. The June 27th edition of the Kernel Cousin Debian Hurd discusses the desirability of using the GNU autotools for busybox, so that the autobuilding system could be used for GNU/Hurd instead of just for GNU/Linux. The exim and ae packages have been ported to the Hurd, along with bsd-games. "Now that we have games, we are a real OS, right?", commented Neil Walfield. Linux-Mandrake. The latest community newsletter from Linux-Mandrake is now available. This issue includes discussions on the new MandrakeFreq release, the PPC beta status, and the business case of the week: Viata Online, an application service provider in Hawaii. "Viata Online, an application service provider based in Hawaii, develops business to-business solutions for the travel industry. All of their 50+ workstations run Mandrake Linux instead of Windows, as well as 10+ servers". Slackware News. Ogg Vorbis libraries were upgraded to provide the last bit of 1.0 functionality. In reaction to reports of segfaults with util-linux-2.11f, current has been switched back to the mount/umount from util-linux-2.11b. The rest of the package is still version 2.11f. The segfaulting versions are available as mount-2.11f and umount-2.11f. Although Slackware is not vulnerable to the recently reported remote root Samba vulnerability in its default configuration, current was upgraded to Samba 2.2.0 just in case. Various patches went in to expand support for the vfat and reiserfs file systems. Most of the kernels have been recompiled to remove SMP support by default. 2fsprogs was upgraded yet again to version 1.22, with yet more bugfixes. Other upgrades include python-2.0.1, gnome-utils-1.4.0.1, gnome-media-1.2.3, ibsafe-2.0-2, SDL-1.2.1, and parted-1.4.14. Meanwhile, new ZipSlack.zip and fourmeg.zip files have been created. Rock Linux News. Rock Linux returns to LinuxTag this year with the generous support of Compaq Germany. Rock Linux representatives will be present to demonstrate Rock Linux running on a Compaq Alphaserver DS20. Free CDs will also be made available. MaxOS/BearOps News. MaxOS Linux is apparently on the way to becoming "BearOps Solutions". As part of that, a beta version of their next operating systems release, BearOps-Beta-1 is available for download in ISO format. Feedback and bugs should go to bugzilla@maxos.com. e-smith News. e-smith has put out a Documentation Update. It includes a number of user-contributed documents on a variety of topics ("How to set up Windows NT/2000 machines for Domain Logon to e-smith", "How to install an IDE tape drive on e-smith 4.1.x", ...). Staff effort has been focused on improving documentation in preparation for the next version of e-smith server. Kondara MNU/Linux News. Maya Tamiya reports from Japan on Kondara MNU/Linux. "Kondara MNU/Linux put out a very short announcement which said "At last, our work's paid off!" (and no more than that) recently.[0] According to some sources [1][2][3], this announcement implies that they are happy because PS2 Linux Kit is, apparently, based on Kondara MNU/Linux". Minor Distribution updates
Distribution ReviewsSoftware review: Engarde Secure Linux (NewsForge). NewsForge reviews Engarde Secure Linux. "With minimal system access allowed and every precaution taken, Engarde Secure Linux just might be the best distribution for Web/mail servers yet. It doesn't have all the bells and whistles of other distributions or operating systems, but it would seem that, unlike other companies that market server OSes, Guardian Digital does not think Pinball is an appropriate application for a server." Section Editor: Liz Coolbaugh |
June 28, 2001
Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.
|
|
Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters See also: last week's On the Desktop page.
|
On The DesktopOffice solutions. Many Linux followers know well the triumvirate of office suites most commonly associated with the their favored desktop - KOffice, GNOME Office, and OpenOffice. But office solutions for Linux exist in many forms and provide many features, and those solutions extend to offerings far beyond this well-known trio. Before stalking the wilds of the 'Net to find alternative office tools, it would be wise to define what we mean by "office suite". Linux Journal carried a review of available tools back in April 2000. In that article, they defined an office suite this way: Generally speaking, office suites include word processing, spreadsheet and database software for use on a personal computer. However, of late, presentation software, e-mail and even Internet browsers have been considered to be parts of a full office suite. To be certain, an office suite can be many things to different people. Many Linux users also throw in graphics applications as a required part of their suite, while some users are now expecting more financial-based applications in order to handle real world business accounting. For this study we'll consider any package containing three or more of the following tools in its set, with a word processor and a spreadsheet required, to be an office suite. The usefulness of that set is left as an exercise for the reader, but we will examine which packages contain which tools.
Native applications A native application is one that was compiled on a Linux system and directly accesses system libraries designed for use on Linux. This generally means real GUI programs (not Web based tools) that make use of Qt/KDE, GTK+/GNOME or Motif. These are the Holy Grails of office applications - the tools naysayers say don't exist yet and are expected to be the most efficient and well integrated into the desktop environment. Unfortunately, the maturity of some of the more favored options in this category still leaves something to be desired.
But all this is a little deceptive at this point. The GNOME Office web
site lists all these programs as part of the complete office package but
there is no GNOME Office package to download. So essentially, you
have to download a bunch of packages that are all GNOME compliant.
Integration is at the API level, but not at the distribution level. At
least not yet. Of course, Ximian will probably address that issue at some
point. They'll have to wait for most of these applications to mature
first, however.
So while GNOME Office lists many programs, it has no integrated package. On
the other hand, KOffice actually includes a set of programs but not a
complete set for an office even though KDE actually has a number of those
missing tools. Once again, it
comes down to what individual users need from an office suite and whether
they want to retrieve missing pieces from alternative sources.
OpenOffice, and its predecessor StarOffice, are integrated office packages and include a word processor, web browser, and spreadsheet tools. In fact, StarOffice 5.2 contained just about everything a desktop user could need, including an integrated desktop. But with the adoption of desktop environments such as GNOME and KDE, future releases of StarOffice and OpenOffice will no longer carry the integrated desktop. Additionally, OpenOffice will not offer all the features of StarOffice 6.0, including (but not limited to) some international language support, some font support, spell checking and the integrated database. These features are proprietary add-ons which Sun has licensed for its 6.0 version alone. Both the email and scheduling software from 5.2 are being dropped from both StarOffice 6.0 and OpenOffice according to the FAQ on the OpenOffice web site. StarOffice 5.2 is still offered for free by Sun while OpenOffice offers developer-only releases for download from that projects main web site site.
This past week Sun announced that the U.S. Defense Information Systems
Agency was
replacing ApplixWare with StarOffice on up to 10,000
workstations.
ApplixWare.
A long time Unix offering, Applixware's future is uncertain. This office
package was originally developed by Applix, Inc. for use on a variety of
Unix systems. After porting to Linux, the company spun off their Linux
division into a company called VistaSource, which was
recently sold
to Parallax Capital Partners.
Parallax is known for its investing in and acquisition of companies in the
software, telecommunications, and technology markets,
focusing on companies with between $5 and $25 million of revenue.
According to a letter to customers, the new parent is focused on
"server-centric technology solutions that are real-time capable,
customizable and web-enabled." Where that leaves the desktop is
anyone's guess.
The main advantage Applix has (or at least had) over other office solutions
was stability. Their package has been a native Unix application for many
years and their recent port to GTK+ went fairly smoothly.
While the graphics tool in Siag, Egon Animator, can be used for creating
images it is better used as a means to generate animations from
existing images. It will import Magic Point and Power Point presentations
for editing.
HancomOffice.
Hansoft, the largest software maker in Korea,
handed their Linux product line to HancomLinux in 1999.
HancomLinux now provides the country
specific versions of the
HancomOffice suite for Linux in
English,
Japanese,
Chinese and
Korean.
The office suite is Qt/KDE-based and offers a word processor, spreadsheet,
presentation manager and graphics application. The graphics tool,
HancomPainter, is a raster tool similar to GIMP or
Photogenics.
The English version appears to be a couple minor revisions behind the
multiple Asian versions.
StarOffice, GNOME and KDE all offer support for PDAs to one extent or another though only StarOffice has integrated that support directly into the office package. The OpenOffice version will likely, as with most tools from its parent project, become componentized with its initial public release. What limits the native office suites the most is that - except for StarOffice 5.2 - they aren't integrated packages. They are collections of separate tools that can be distributed as GNOME or KDE (or whatever) packages, much like Ximian does for GNOME. But the complete set of tools are seldom found in a single distribution of Linux. It will more than likely be left to either companies like Ximian or distributors like Red Hat, SuSE or perhaps even Debian to package the complete set and distribute them as an office solution. Some of these tools are already distributed by Linux vendors but are not presented specifically as an office suite. Expect changes to vendor distributions (and even the GNOME and KDE packages themselves) to make the tools more recognizable as complete office suites over the next 6-12 months. Windows on Linux: WINE based solutions. While the native packages are still evolving, many Linux desktop users are resorting to using existing Windows and NT based offerings. These tools can be run in one of two ways: either under an operating system emulator such as VMWare or as packages ported to Linux using the WINE environment. WINE (which stands for Wine is not an emulator) allows Windows and NT applications to run directly on Linux by using a special library that converts Windows calls to their Linux counterparts. That's the good news. The bad news is this doesn't always work as advertised. VMWare offers a virtual environment that simulates one operating system on another, such as Windows on Linux. While we could list a whole slew of solutions that might run under VMWare and similar environments, we'll skip those for now. VMWare and its brethren require rather fast and powerful computing systems to run well. Desktop users may not have the power to make applications behave in a reasonable manner on their more meager systems using these virtual systems. For that reason, we'll consider only WINE-based offerings.
Corel has invested quite an effort into making their Windows versions of applications work on Linux using WINE.
Reports of this suite having problems with RH7.1 are not distribution
related but have to do with Corel's package having insufficient startup
scripts. Currently, the most stable way to start WordPerfect Office 2000
on Linux is to download and compile Corel's latest version of WINE and
to modify the startup scripts appropriately for your specific needs.
Ability Office 2000.
This package underwent a complete rewrite in 1997 for the Win32 API. At
that time work was also done to abstract the OS interfaces. That made
the
port to Linux using WINE more straightforward, at least more so than the
methods used by Corel.
Ability's PhotoPaint is modeled after Photoshop but doesn't appear to
provide plugin support. The office package does seem to include a
primitive vector drawing tool as well. The office package provides a
MS Access compatible SQL relational database.
Other Tools. One office package that sits outside the lines in all of this is ThinkFree Office. This is a Java based package that requires the IBM Java Runtime Environment. It includes a word processor, a spreadsheet and a presentation graphics tool. Other tools that individually provide office-style features but that are independent of any package suites include:
Office and Word Processor reviews. SoftLandIndia posted a review on May 26, 2001 for quite a number of the office suites listed here. They gave all but one of them their highest rating though the reviews sound more like press clippings from the respective companies or development groups. LinuxPlanet recently announced their intentions to review a wide selection of word processors available for Linux. Their reviews will be posted in the coming weeks. Finding more tools. Tucows list of Linux Office tools offers a wide range of tools not found in packaged sets. Desktop EnvironmentsKOffice 1.1 Beta 3. A new beta release of the KOffice 1.1 package has been announced by the KDE project. Bonobo 1.0.6. A bug fix and UI update release of Bonobo, the GNOME component object model, was made this week. Gnome-- 1.2.0. A new version of the C++ wrappers, known as Gnome--, for the GNOME library widget set was also released this past week. gnome-utils 1.4.0.1. A new release of the gnome-utils package is now available. This release includes a few new tools, including a backported gcalc from the GTK 2.0 version and a new program to make archives called the meat-grinder. GNOME Summary 17 June to 23 June. This week's GNOME Summary includes news on Ximian Setup Tools 0.6, a review of Galeon and the next generation of Glade. Ximian Setup Tools 0.6 have been released.. A new release of the Ximian Setup Tools is now available. This release fixes a number of major bugs but has no new features. Office ApplicationsAbiWord Weekly News #49. AbiWord moves toward 0.9.0. Read about it in the AbiWord Weekly News. Gnumeric 0.66. This latest developer release of Gnumeric now defaults to a GNOME build with associated dependency on Bonobo 1.0.x. Building without GNOME/Bonobo is still possible with --without-bonobo, but this is not the default. Moneydance Personal Finance Manager (Linux Journal). Linux Journal reviews Appgen's Java-based Moneydance Personal Finance Manager. "If you are already using Quicken, Moneydance lets you import Quicken data as a QIF file. I tried this with the version of Pocket Quicken I've been using for years on my HP100LX, and it worked fine, bringing in all my accounts, balances and transactions." Desktop ApplicationsGIMP 1.2.2-pre2. A new developers release of GIMP has been announced. This new version is still not intended for end users, but according to reports if this release yields little bug reporting then the official 1.2.2 should follow shortly. Chess Interfaces (FirstLinux). FirstLinux looks at a few graphical interfaces for playing chess over the Internet. "To play chess over the Internet you need to obtain a chess client which logs you into a chess server. There are a wide range of servers on the net, ranging from the commercial Internet Chess Club, to numerous free chess servers. The focus of this review is to compare and contrast the four main Linux chess interfaces on the Free Internet Chess Server." GamesKohan for Linux Now in Beta. Loki Software, Inc. released a beta version of the game Kohan from TimeGate Studios this week. No One Lives Forever goes open source (ZDNet). According to a Gamespot report, the popular first person shooter code has been released in an effort to help build the game's online community. And in other news...A very apt app (ZDNet). Conectiva's port of Debian's apt-get to manage RPM formatted packages gets a "thumbs up" in this ZDNet article. "But apt-get's capabilities go far beyond simplifying installation. Most notable is an option that updates your system by comparing the release levels of the software on your system to those of a remote benchmark site." People Behind KDE. The ongoing series of interviews with KDE developers offered two new interviews this past week: Martin James, author of many KDE screensavers, and Michael Goffioul, author of the printing system for KDE 2.2. Intel: Linux has 'no place' on desktop (ZDNet). Intel Chief Executive Officer Craig Barrett thinks the OS has a place in the computing world, but Linux wasn't designed for the desktop. "...the crucial thing is for Linux to come up with a body of applications to compare with the tens of thousands available for Windows; until then it will have "no appreciable place on the desktop." Section Editor: Michael J. Hammel |
June 28, 2001
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Development page. |
Development projectsNews and EditorialsLinux Cluster Systems The Parallel Research Group of the Department of Computer Engineering at Kasetsart University in Bangkok, Thailand has announced the release of SCE 1.0. SCE is the Scalable Computing Environment and features the following tools for working with clusters:
A few weeks ago, Sandia National Laboratory announced the Cplant project, which appears to be going for the high end side of the spectrum with support for Alpha processors and Myrinet interconnects. Cplant was previously mentioned in the June 14, 2001 edition of the LWN development section. Meanwhile, Compaq has also announced two open-source cluster projects of its own, the Cluster Infrastructure for Linux, and the Open Single System Image Clusters for Linux Project. Both projects appear to tie Linux and Unixware together. The Compaq press release describes the Cluster Infrastructure (CI) for Linux: "The goal of this project is to develop a common infrastructure for many if not all forms of Linux clustering by extending the Cluster Membership and Inter-node Communication Subsystems from Compaq's NonStop Clusters for Unixware code base. This project also provides the basis for the Open SSI Clusters for Linux project." The Open Single System Image (SSI) Clusters for Linux Project is described as follows: "The Open SSI project leverages both Compaq's NonStop Clusters for Unixware technology and other open source technology to provide a full, highly available SSI environment for Linux." Included are features such as cluster filesystems, process migration, load leveling, monitoring, and failover. Of course, no discussion of Linux clusters would be complete without mentioning The Beowulf Project, which was started by Donald Becker and has been around since 1994. Clustered computing has its roots in the big money scientific world with classic applications being simulation of real-world systems and other compute intensive scientific tasks. The movie industry has used clusters to perform rendering on large numbers of digital images. It seems like clusters are at a point where they are becoming accessible to the average computer nerd. After all, many of us have a few old machines lying around. It can't be too long before home users are able to crank out high resolution movies. Operations that take many minutes to complete are obvious candidates for running on clusters. A 10 minute kernel build could be done in a few minutes if it were spread across a number of machines. That would be a real productivity enhancer for the kernel hacker. Re-sampling, volume normalization, and encoding of large audio files also seems like an area that could be helped along greatly by enlisting the capabilities of multiple machines. Availability of open source clustering tools is bound to open up the power of clustering to an ever wider audience. DatabasesAn introduction to XQuery (IBM developerWorks). Howard Katz takes a look at XQuery, the W3C's proposed standard for an XML query language, in an IBM developerWorks article. " The W3C's XQuery specification has been in the works for a long time. The initial query language workshop that kicked things off was hosted by the W3C in Boston in December 1998. Invited representatives from industry, academia, and the research community at the workshop had an opportunity to present their views on the features and requirements they considered important in a query language for XML." EducationLinux in education report #47. The June 25, 2001 edition of the Seul/Edu Linux in education report is out. Topics include management of exchange student lists, instant printing of text books, encyclopedias under Linux, and talk of a Python based hypercard project. ElectronicsIcarus Verilog 20010623 snapshot. A new snapshot of the Icarus Verilog electronics simulation language compiler has been released on the gEDA site. Numerous bugs have been fixed. Embedded SystemsEmbedded Linux Newsletter for June 21, 2001 (LinuxDevices). This past week saw the announcement of a new device for home entertainment from HP and Compaq's announcement of a contest for handheld applications. Summaries of both stories and more can be found in this week's Embedded Linux Newsletter. Online embedded software development contest (Linux Devices). Linux Devices has mentioned an embedded software development contest that is going on this summer. "DevelopOnline has launched a software development contest which runs from today through August 29 of this year. 15 winners will each receive a $1,000.00 check and international recognition." InteroperabilityWine Weekly News for June 21, 2001. The June 21, 2001 edition of the Wine Weekly News is out. Topics include revamping of the Wine application database, licensing issues, and mmap problems in glibc 2.1.3. Samba security bug fix release. Versions 2.2.0a and 2.0.10 of Samba have been released to fix a security problem. Don't delay in plugging this hole. Network ManagementGanymede 1.03 released. Ganymede 1.03 is available for download. This release fixes a variety of bugs. "Ganymede provides support for concurrent, team-based management of network directory services." Tools of the Trade (O'Reilly). Carl Constantine takes a look at several network monitoring tools in Tools of the Trade: Part 1 on the O'Reilly OnLamp site. In particular, nmap and Ethereal are explored. "To stop mischievous crackers -- more commonly called "black hats" in the security community -- from breaking in to your network, you must learn the same tactics that they know, and become familiar with the same tools that they use. It helps to think like they think. Why you ask? It's better to be the first person that finds a hole in your security before your network is compromised by others." System AdministrationSun Microsystems Contribution Code to WBEMsource. Sun announced today that it will give its Java implementation of the Web-based Enterprise Management (WBEM) standard to WBEMsource, an open source initiative. "Sun will be working with other leading companies and the broader development community to accelerate the development and deployment of standards-based systems management, with special focus on the Common Information Model (CIM)/WBEM standards managed by the Distributed Management Task Force (DMTF)." Web-site DevelopmentZope 2.3.3 released. Zope 2.3.3 has been released. It's a "relatively minor bug-fix release" with no exciting new features, but sites running Zope should probably apply the upgrade. Zope Weekly News for June 24, 2001. The June 24, 2001 edition of the Zope Weekly News is available. Topics include CMF 1.1, Zope 2.3, and Zope 2.4 beta. Migrating from Apache 1.3 to Apache 2.0 (O'Reilly). Ryan Bloom summarizes the process of migrating from Apache 1.3 to 2.0 on the apache.org site in an O'Reilly OnLamp article. Upgrades take a large share of a systems administrator's time. This article is good reading for those who are planning on doing an upgrade. MiscellaneousLinux Development Network. A new site was pointed out to us, the Linux Development Network, lidn.org. This site contains references useful to developers of applications on the Linux platform ranging from GTK+ 2.0 documentation to open source licenses to autoconf references. (Thanks to Tim Hanson) Section Editor: Forrest Cook |
June 28, 2001
|
|
|
Programming LanguagesBASICGnome Basic 0.0.20 released. A new version of Gnome Basic (GB) has been released. Gnome Basic "is an embryonic attempt to provide VB compatible functionality for the GNOME project, particularly with respect to office (VBA) compatibility". Version 0.0.20 features lots of fixes to the grammar, lexer, and internals, and has updated Form and FormItem support. CamlCaml Weekly News for June 20 through 26, 2001. The latest edition of the Caml Weekly News is out. The news focuses on G'Caml, an experimental extension of the extensional polymorphism to O'Caml. JavaUsing Ant and WebLogic EJBs (O'Reilly). Jesse E. Tilly takes a look at Ant in an O'Reilly onJava article. "Ant is an open-source tool for building Java-based applications and is a part of the Apache Jakarta project. Using XML as a build description language, Ant groups build results into targets with finite resolution states; a target fails or succeeds. We, the developer or build manager, define the build properties, the tasks needed to build targets, and the dependencies between those targets in the antfile." LispThe latest Lisp announcements. Several new Lisp projects have been announced: OpenMCL 0.4, the open-source Common Lisp implementation has been released. CL-XML 0.908, a collection of Common Lisp XML modules is available, and sql-odbc 0.9, which provides CMU Common Lisp support for ODBC, is also out. PerlSOAP-enhanced perldoc (use Perl). A new SOAP enhanced version of perldoc is available that allows users to grab documents from remote servers if they can't be found locally. Using Perl to create reusable Web apps (IBM developerWorks). IBM's developerWorks looks at using Perl for web application development. "Lincoln Stein's CGI module is great for handling script parameters, but not for generating HTML elements (when HTML is embedded in the body of the script). It is interesting that the CGI module could be used in object-oriented style, as well as in function-oriented style, retaining the ability to be inherited. For instance, the CGI module could be inherited by CGI::Apache and CGI::Fast modules, which are CGI interfaces for Perl-Apache API and Open Market FastCGI Standard, respectively." Cyber-stuffing remains threat to All-Star voting (ESPN). A well known Perl hacker named Chris Nandor used Perl to stuff the ballots at Major League Baseball All Star voting site. "Jon Orwant, chief technical officer for O'Reilly & Associates, a computer publishing company, is a friend of Nandor who alerted the Boston Globe to the All-Star vote's vulnerability to fraud. Orwant said smart hackers can ensure their multiple ballots don't stick out by setting up a voting program at the beginning of the voting period, avoiding the anomalies that can alert Big Ballot to voting fraud." Using Inline in Perl (IBM developerWorks). Michael Roberts explores Inline in Perl in an IBM developerWorks article. "The new Inline module for Perl allows you to write code in other languages (like C, Python, Tcl, or Java) and toss it into Perl scripts with wild abandon. Unlike previous ways of interfacing C code with Perl, Inline is very easy to use, and very much in keeping with the Perl philosophy. One extremely useful application of Inline is to write quick wrapper code around a C-language library to use it from Perl, thus turning Perl into (as far as I'm concerned) the best testing platform on the planet." Code Coverage Analysis in Perl (Dr. Dobb's). Brian d Foy looks at Perl's Devel::Coverage module in a Dr. Dobb's article about debugging Perl code. PHPPHP Weekly Summary for June 25, 2001. The June 25, 2001 edition of the PHP Weekly Summary is available. The issue looks at the new PHP 4.0.6 release, DBX and GD extension fixes, and various new features for PHP. PythonPython-URL! for June 26, 2001 (Dr. Dobb's). The June 26, 2001 edition of the Dr. Dobb's Python-URL! is out. This week's issue covers Guido's announcement of Python 2.0.1, web2ldap, Python clones of lex and yacc, an interface to Sybase, articles on ZODB, and lots more. python-dev summary 2001-06-07 - 2001-06-21. This week's summary of the python-dev traffic is now available. Topics covered are decoding unicode, asian codecs, Simple Generators, and more. Python 2.0.1 released. The Python 2.0.1 release brings GPL compatible licensing to Python 2.0 and also includes a few bug fixes. Palm-Linux integration with Pyrite (IBM developerWorks). IBM DeveloperWorks authors Andrew Blais and David Mertz look at Pyrite. "The Pyrite Project has created several related tools to allow Python programmers to access and control PalmOS handheld devices. Pyrite communicates with and manages the data help on Palm devices, while Pyrite Publisher creates and distributes Doc format e-books to Palm devices. This article discusses our experience working with Pyrite tools, the underlying architecture, and tips for effectively using the Pyrite tools." web2ldap 0.9.4 released. Version 0.9.4 of web2ldap has been released. Web2ldap is a Python based web bsed generic LDAP client and this release contains numerous bug fixes and new capabilities. PyChecker 0.6.1 released. Version 0.6.1 of PyChecker, a Python code bug checker, has been released. This version has added several new checks and contains a few bug fixes. SchemeKawa, the Java-based Scheme system. Per Bothner has rewritten R. Alexander Milowski's Kawa, a Scheme environment written in Java. Kawa builds with GCJ, the Gnu Compiler for Java. (Thanks to Per Bothner.) Tcl/TkTcl-URL! for June 26, 2001 (Dr. Dobb's). The June 26, 2001 edition of the Dr. Dobb's Tcl-URL! is out. Topics include discussions on productivity when working with Tcl, il8n, [catch], self testing Tcl scripts, and auto_import, as well as a number of new software announcements. Section Editor: Forrest Cook |
Language Links Caml Caml Hump Tiny COBOL Erlang g95 Fortran Gnu Compiler Collection (GCC) Gnu Compiler for the Java Language (GCJ) Guile Haskell IBM Java Zone Jython Free the X3J Thirteen (Lisp) Use Perl O'Reilly's perl.com Dr. Dobbs' Perl PHP PHP Weekly Summary Daily Python-URL Python.org Python.faqts Python Eggs Ruby Ruby Garden MIT Scheme Schemers Squeak Smalltalk Why Smalltalk Tcl Developer Xchange Tcl-tk.net O'Reilly's XML.com Regular Expressions |
|
Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Commerce page. |
Linux and BusinessVA Linux Systems bails out of the hardware business. Many have wondered what would happen to the Linux hardware vendors as the competition from the large PC companies intensified. For a long time it looked as if some of them, at least, would be able to defy the odds and thrive. Then the bubble burst. The long-term nature of the Linux hardware market as it will really be became more apparent on June 27, when VA Linux Systems, the company that personified that market, announced that it would cease selling hardware. Failing hardware companies inevitably attempt to recast themselves as software companies, and VA Linux is no exception. The "about VA Linux" section in the above-mentioned announcement describes the new company: VA Linux is a provider of application software, featuring the SourceForge OnSite collaborative development system; Linux software development and consulting services; and OSDN, the Open Source Development Network.
The new company will focus in three areas:
VA's departure from the Linux hardware business is truly the end of an era. The company's role in the growth of Linux has not been small; a great many Linux users out there got their start on a box from VA. And VA continues to employ numerous Linux hackers who contribute to the development of the system. And, for better or worse, much of the free software development activity now happens via SourceForge. The course chosen by VA looks challenging, to say the least. The company has a lot of smart people, though, and might just find a way to pull it off. We wish them luck. IPOs are in the news. MandrakeSoft decided to raise money with an IPO. "This IPO should be a very rapid process which also allow us to involve our current base of users and contributors who already understand our philosophy much better than a normal investor does. Many of these people, who are already strong Mandrake Linux supporters, have been requesting for quite some time an opportunity to purchase a part of MandrakeSoft." The "Marché Libre" of EuroNext - Pan-European market (Paris, Brussels, Amsterdam) is the chosen venue. We hope the European market is better than the US market. Meanwhile, LynuxWorks withdrew its IPO plans, citing horrible market conditions. Red Hat Introduces Red Hat Database. Red Hat has officially announced Red Hat Database. The Red Hat Database product is an open source database solution, based on PostgreSQL 7.1, and optimized with Red Hat Linux 7.1. Red Hat launches consulting services. Red Hat announced a new suite of consulting services that includes Linux migration and integration services, open source Web infrastructure services and open source strategic opportunities. European Union supports OSS projects. Three open source projects were launched in May and June 2001 via the EU's Information Society Technologies (IST) program. (Thanks to Tobias Benedikt Hoevekamp) Open Source Development Lab Announces 2001 Enterprise Achievement Award Contest. The Open Source Development Lab (OSDL) announced a call for entries for its 2001 OSDL Enterprise Achievement Award. A cash prize of $25,000 will be granted to a developer or group that has made a significant contribution to Linux for the enterprise. Jordan Hubbard joins Apple. According to his note posted on the FreeBSD announcement mailing list, the FreeBSD leader has taken a position with Apple to work on Darwin-based projects. "Let me assure you all that Apple does fully understand the importance of FreeBSD and they don't want me or anyone else to stop working on it. FreeBSD doesn't compete with Apple's product offerings in any way and provides an excellent source of technology for them." French text on Zope. The first text published on Zope is now available for ordering online. The text, written in French and published by Eyrolles, is titled simply "Zope". LPI News. The latest issue of the LPI News is out. Updates include a milestone for Lintraining, LPI in Italy and Korea and a note about preparing for the LPI exams. You thought Unix was an operating system?. Linux Stock Index for June 21 to June 27, 2001.
LSI at closing on June 21, 2001 ... 29.29
The high for the week was 29.49
Press Releases:Open source products
Proprietary Products for Linux
Distributions with Hardware
Products and Services Using Linux
Products With Linux Versions
Books & Training
Partnerships
Personnel & New Offices
Financial Results
Section Editor: Rebecca Sobol. |
June 28, 2001
|
|
Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Linux in the news page. |
Linux in the newsRecommended ReadingHow many ways canst thou measure Linux shipments? (The Register). The Register presents an analysis of the methods used to measure shipments vs. usage in the Linux world. "IDC has been rigorous about disregarding unused copies, such as magazine cover mounts, CDs that get bundled with network cards, and the like. IDC is also not counting some full shipments that aren't really being used as full shipments: for example, when it's being used to update a specific library." (Thanks to Dave Killick) Mac creators tackle Jobs, Mac OS X (ZDNet). Applauding and criticizing at the same time both Steve Jobs and the new OS X, the team that built the original Mac says Apple can't ignore open source any longer. "Apple needs to pay more than lip service to open-source development," Hertzfeld said, if the company is to grow and woo new developers." BOFH and the Linux Evangelist (Register). The Register treats us to another chapter in the ongoing Bastard Operator From Hell saga. "A couple of years back the chances of seeing Unix on a user's desktop machine was about as likely as seeing a Manager at the bar with his wallet open. But in recent months, thanks to the evangelism of a geeky type from R&D a number of people are converting from the Windows Dark Side to Linux. And I'm not a happy man." CompaniesCaldera drops license bombshell (Register). Caldera has added a per-user license for it's latest product offerings. according to this report from The Register. Open source leaders duke it out (ZDNet). Caldera's Ransom Love responds to criticism from Richard Stallman. "Love said he is deadly serious in developing Linux to become the main business-platform. 'From the technical view this is a major challenge. I hold a lot respect for all these Linux companies and their work. They are no parasites, either.'" Compaq Makes Play for Sun Base with Linux (LinuxGram). Compaq's attempt to use Linux to grab Sun developers with their STL porting tools marks another thrust by Big Q to do battle with Sun while holding its own against IBM. "Winkler couldn't resist making a crack about Compaq really doing Linux work as opposed to companies spending their time and energies painting penguins on sidewalks, alluding to an ill-conceived marketing ploy that got IBM in Dutch with the authorities." Microsoft: Audit, Or There's Gonna Be Trouble (ExtremeTech). Here's an article in ExtremeTech demonstrating just how fun proprietary software can be. "In its continuing jihad against software piracy, Microsoft Corp.'s legal department has sent letters to corporate customers demanding they conduct internal audits of their software licenses and submit their findings within 30 days to the software giant. The letter, using language no less intimidating than the Internal Revenue Service might use, also includes a form that spells out the audit process. Customers must report the number of installs, documented licenses, license upgrades and unlicensed software." Apparently some 5,000 businesses have received this letter. MS lawyers join open-source fray (ZDNet). Microsoft lawyers join the battle against open source software, writing licenses that prohibit using "potentially viral software" with MS code. "In describing this category of software, Microsoft includes the most common licenses used for publishing open-source software, such as the Linux operating system. Licenses specifically excluded by Microsoft include the General Public License, the Lesser General Public License, the Mozilla Public License and the Sun Industry Standards License." Open source terror stalks Microsoft's lawyers (Register). The Register examines, and laughs just a bit, at Microsoft's Mobile Internet Toolkit license. "One almost begins to believe that there is some nightmare security hole in previous issues of Microsoft's development tools licence agreements. Could it be that Microsoft has carelessly conferred some kind of power of attorney or similar on its developers, thus actually giving them some kind of authority that might be construed as allowing them to open source Microsoft's IP?" .Net to support Linux? (ZDNet). Independent research shows Microsoft may be preparing to release versions of the Visual Studio .Net software for non-MS platforms, including Linux. "'I found a list of the target operating systems to be supported in .Net in that beta. The list includes Linux (kbLinux), Unix (kbUnix), Macintosh (kbMacintosh), Windows and Windows CE,' said Rob Scoble, an editor at Fawcette Technical Publications." MS masters NC mind-set (InfoWorld). Nicholas Petreley warns about .NET and Microsoft's plans for world domination. "If Microsoft controls the management of user data and user authentication, it controls the flow of the services others can provide. It's the Windows desktop all over again, business-wise. You can't compete with Microsoft without first making a deal with Microsoft over something as basic as where your customer's data is stored and how one must access it." (Thanks to Scott Weikart). Those interested in a more detailed look at Microsoft's plans may want to read Clay Shirky's OpenP2P article from a few weeks ago. If you believe this vision of the future, little things like dominance of the desktop no longer matter. Worth some thought. Red Hat follows Microsoft with server move (News.com). C|Net's News.com reports on Red Hat's move into the database world. "Red Hat may be small compared with Oracle and Microsoft, but it's an 800-pound gorilla compared with its open-source software competition. Companies that likely will feel the pressure of Red Hat's arrival in the database market include Progress Software subsidiary NuSphere, AbriaSoft, IBPhoenix and Great Bridge." Red Hat sought help in database plan (News.com). Red Hat has plenty of competition in the database arena, according to this C|Net article. "One major difference separates Red Hat from the likes of NuSphere, Great Bridge and Oracle, though. Like Microsoft, Red Hat has an operating system business to protect. The other companies' database products run on numerous operating systems, including Sun Microsystems' Solaris, the various versions of BSD Unix and in some cases Windows." Red Hat database ready to roll (ZDNet). ZDNet looks deeper into Red Hat's upcoming PostgreSQL based database product. "The Red Hat Database, as it is likely to be called, is based on PostgreSQL 7.1. Included in the package will be Red Hat Installer, which will aid users in quickly installing the database, robust transaction support and advanced locking capabilities. It will comply with SQL92, ODBC and JDBC APIs." Ellison's NIC Co. to team with Sun (News.com). Larry Ellison wants to push his NIC with Sun's Cobalt Qube to get schools low cost Internet connectivity. "The NIC Co. will market Sun's Cobalt Qube 3 server appliance together with the $199 New Internet Computer as a low-cost way for schools to get students onto the Internet. Both the Qube and the New Internet Computer use variants of the Linux operating system." Linux makes the move to China (ZDNet). German embedded Linux startup Tuxia is entering the Chinese market for Internet appliances. "Tuxia is to co-develop Linux-based gadgets like thin client terminals, set top boxes, PDAs and Web pads with Beijing Orient Electronics Group, a large manufacturer of electronics components and displays." HP gets funky with Digital Entertainment Center (CNN). CNN reports on HP's new Digital Entertainment Center, the Linux-based music center for home consumers. "At the heart of the system: the capability to record and play MP3 and Real Audio music files. You can compile the collection from downloads, move them from your PC via a HomePNA network connection, and gather tunes from your standard audio CDs." Rogers tests complex home system (globetechnology.com). Canadian cable company Rogers Cable is rolling out a Linux-based home networking system for delivery of TV, the Internet and phone services. "The service, delivered via a box running the Linux operating system, is called Triple Play. It combines TV sets, personal computers, stereo systems, laptop computers and telephones in a technology that Rogers says is faster than Microsoft's WebTV. " (Thanks to Michael Walma) O! Canada Gets Fast Interactive (Wired). Wired looks at the Rogers Cable plan for Linux-based cable systems. "If this thing works, if this gets off the ground, then the whole interactive TV thing is just going to be mothballed," John Grandy, an industry analyst with Yorkton Securities in Toronto, told the Star. BusinessProfit from programming practices (InfoWorld). A comparison of open source and extreme programming (known as XP) methodologies for code development are examined from an IT perspective in this article from InfoWorld. "Open Source developers, although highly communicative and tightly focused on rapid release cycles, seldom meet or see one another while working on code together. The Open Source development methodology leverages Web-based tools and communication techniques to support collective code development. Freed from location-based constraints, Open Source developers around the world work jointly on code, and oftentimes many more sets of eyes are examining the same code than the two sets of eyes defined by XP's pair programming." (Thanks to Dan York) A little respect: Red Hat in black (ZDNet). eWeek says Red Hat's recent profit showing will take it to new regions far afield from its "Linux-in-a-box" roots. "For the first part of its equation to pay off, however, Red Hat must find a way to stimulate growth for Red Hat Network, which has not lived up to expectations." SEC pores over pro forma (News.com). Here's a News.com article on how companies spin their financial data. "Take Red Hat, for instance. The Linux company reported first-quarter results Tuesday in a press release titled 'Red Hat Achieves Positive Cash Flows From Operations and Shows a Profit for the First Time in First Quarter.' But further down in the press release, the company revealed that 'on a reported basis,' it had a net loss of $27.6 million, or 16 cents per share." ResourcesThe OpenSSL Project's New Engine (Linux Journal). Linux Journal explores using a cryptographic hardware token with Linux. "The engine implementation dynamically links with a hardware token's library at run time. The user specifies the engine type on the command line, and this loads the necessary library from a structure and links the needed token-specific functions. The "-engine" option to OpenSSL allows the end-user to specify the type of token to use." ReviewsBook Review: Python Standard Library (Linux Journal). Linux Journal reviews O'Reilly's Python Standard Library. Software review: Engarde Secure Linux (NewsForge). NewsForge reviews Engarde Secure Linux. "With minimal system access allowed and every precaution taken, Engarde Secure Linux just might be the best distribution for Web/mail servers yet. It doesn't have all the bells and whistles of other distributions or operating systems, but it would seem that, unlike other companies that market server OSes, Guardian Digital does not think Pinball is an appropriate application for a server." Bootstrapping the YOPY PDA (O'Reilly). This final installment from O'Reilly of a three part series on Linux PDAs covers the G.Mate YOPY. "Once I actually tried to use the applications for personal information management (PIM) functions, I discovered that there were many bugs with the individual applications and the window/app management itself. For example, while you can always launch a new application, there's no way to switch between running apps." MiscellaneousDeath of a Palm (O'Reilly). This bit of humor about the loss of a Palm in a tragic suicide (or so it seems) comes from O'Reilly. "I screamed, as I scooped it up and turned it over. My worst fears were realized: Paw's display was smashed -- the touch screen blinded to input. My Palm was dead; it had committed suicide! (The fact I had had three beers at the time had nothing to do with it; that's my story and I'm sticking to it.)" Anche Linux finisce in tribunale (La Repubblica). Here is a strange article (in Italian) in La Repubblica; the title translates to "Linux, too, ends up in court." Editor's translation: "The entire open source community, for example, is now asking itself if development of the Linux system might not suffer from Torvalds' power, given that 'his' system drives all development strategies, which functions to integrate and which to leave out." English translation is available via Babelfish. (Thanks to Paolo Bizzarri). Linux in Possible Crisis; IBM, NEC, Two Others to Form Promotion Group (AsiaBizTech). More FUD is to be found in this AsiaBizTech article, which warns that corporate takeover of Linux is inevitable due to Linus' relaxed attitudes. "Also, the casual attitude of Torvald [sic], which doesn't meet the needs o f the market and minds of investors, is one of the reasons that investors have rapidly lost interest in Linux distributors and Linux-related businesses." Section Editor: Forrest Cook |
June 28, 2001 |
![[Unix diapers]](unix.jpg)
Copyright © 2001
Eklektix, Inc., all rights reserved