Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise
news for all interests
Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters
Other LWN stuff:
Archives/search
Recent features: Here is the permanent site for this page. See also: last week's LWN.
|
Leading items and editorialsA big anniversary arrives. Picking the true birthday of Linux is not necessarily an easy task - what date would you choose? The first gleam in Linus's eye is probably too early, and nobody really knows when that was. The 1.0 release, of course, would be far too late. Where, in between, was Linux really born? One date favored by many is August 25, 1991, when Linus first told the world, via the comp.os.minix newsgroup, that he was putting together a kernel. I'm doing a (free) operating system (just a hobby, won't be big and professional like gnu) for 386(486) AT clones. This has been brewing since april, and is starting to get ready. Linus clearly had not set his sights on World Domination quite yet. Quite a bit of interest was generated by the above posting, even though no code was released (that happened on October 5). The world was clearly ready for a widely available free operating system. The growth of Linus's "just a hobby" over the last ten years has been truly phenomenal - and we have just begun. Linux has changed the world. It's been a great decade; the next will be even better. Let's all beat up on Richard Stallman. LWN editor Liz Coolbaugh once found herself seated next to Richard Stallman for dinner at some conference. It turned out not to be one of the most pleasant experiences of her life; there was no way to bring an end to the discussion of whether this publication should change its name to the GNU/Linux Weekly News. Mr. Stallman is nothing if not tenacious. He is also endlessly controversial. It is generally not surprising to other supporters of free software speaking out against him. This week, however, has been notable even on the RMS scale. Consider, for example, the release notes for glibc 2.2.4. A minor C library release normally wouldn't draw a great deal of attention; there's not much in the way of exciting new features, and most people avoid upgrading glibc unless they really have to. But most point releases of glibc don't come with comments like: Stallman recently tried what I would call a hostile takeover of the glibc development. He tried to conspire behind my back and persuade the other main developers to take control so that in the end he is in control and can dictate whatever pleases him.... Those would be fighting words. The motivations behind an attempted Stallman takeover of glibc development are somewhat unclear. Some of it has to do, apparently, with the adoption of version 2.1 of the LGPL, with its references to "...the whole GNU operating system, as well as its variant, the GNU/Linux operating system." It could also have been motivated by a desire for less conflict with glibc maintainer Ulrich Drepper, who is also not always considered to be one of the easiest people to get along with. Unless Mr. Stallman acknowledges that this "hostile takeover" attempt truly happened, and explains his reasoning, it will be hard to understand what is really going on. Richard Stallman does show signs, however, of wishing that his revolution had not gotten away from him. Free software has been more successful than many of us could have ever hoped, and Richard Stallman deserves much of the credit for that success. But much of the work has been done outside of the GNU project's organization since the beginning, and the proportion of non-GNU work is only increasing. Richard Stallman remains the head of the Free Software Foundation, but, if the larger Linux and free software movement has a head at all, it's not him. That can be expected to hurt some. But, if you are trying to head up a movement or a community, you are playing a seriously political game, and political games are like that. Mr. Stallman might be well advised to let go of some of those ambitions, if he has them, not try to direct the development of our free system, and put his efforts into endeavors where we still truly need him. Should we be talking about freedom? The O'Reilly Network site has been running a little debate on software and freedom. The sequence so far has been:
In other words, Stallman and Kuhn want to be able to make decisions that affect other developers more than themselves. By the definition they themselves have proposed, they want power. The bulk of the response, however, takes a different tack: Some words (like "freedom") make this kind of semantic ping-pong game way too easy. They obfuscate more than they enlighten, they cloud the issues rather than clearing the air. This is a major reason I have spent the last three years trying to get open-source developers to stop talking about "freedom". Reasonable people may differ on what balance creates the greatest degree of freedom. The unreasonable people have their opinions too, of course, but it's not clear they know more than anybody else. There is a claim LWN would like to put forward, however, made up of two parts:
Richard Stallman, certainly, should not be our only proponent of freedom. His approach is polemic and unyielding; he is a fundamentalist. But his is a voice that must continue to be heard. His efforts will keep freedom on the agenda and will counter the tendency of more moderate groups to compromise too much. Richard Stallman's point of view belongs in our debates. That said, there's certainly plenty of room to disagree with what he says; LWN readers know that this publication has no objection to the existence of proprietary software, for example, even if we choose not to use it. The term "freedom" certainly means, as Eric Raymond says, different things to different people. But that doesn't mean we should avoid discussion of the term; why should we hide disagreements over something so fundamental? It's far better to get the viewpoints out on the table so that members of the community can make their own conclusions. Dmitry Sklyarov's pretrial hearing (arraignment) was originally scheduled for August 23, but was postponed. Definitive information is still lacking, but it appears that his defense is negotiating for a dropping of the charges, and asked for the delay so that the negotiations could continue. The new hearing date appears to be August 30; see the EFF advisory for more information and a nice statement from Dmitry. Those of you attending LinuxWorld should consider attending the protest march which has been scheduled for August 30. It starts at the Moscone center, so it should be easy for attendees to find, and proceeds to the Federal Building. This is an opportunity to generate a large turnout and draw a great deal of attention to Dmitry Sklyarov's situation and the DMCA in general.
The LinuxWorld Conference and Expo starts on August 28 in San Francisco. It will, as always, be an interesting event; LWN's Michael Hammel and Dennis Tenney will be there in both speaking and reporting roles. Stay tuned for our coverage from the conference. Inside this LWN.net weekly edition:
This Week's LWN was brought to you by:
|
August 23, 2001
|
Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Security page. |
SecurityNews and EditorialsAirSnort hits the net. AirSnort is a new packet sniffing tool, which has been released under the GPL. A particular feature of AirSnort, however, is that (1) it works with wireless networks, and (2) it is capable of recovering the encryption keys used with those networks.It has been known for some time that the WEP protocol used with 802.11b networking is insecure, but nobody has, until now, produced a widely-available exploitation tool. And AirSnort is certainly such a tool; given a sufficient pile of sniffed data (100MB or more), it can come up with the master password in "under a second." Once an attacker has that password, he or she has free use of the wireless network. The usual debate about whether it was appropriate to release this tool has arisen. The truth of the matter, however, is that the security problems exist and will be exploited; AirSnort did not cause them. But it will, perhaps, draw more attention to these problems, and, with luck, hasten a fix. Meanwhile, anybody running a wireless network should assume that it is open to the world. Researchers develop SSH cracker (vnunet). vnunet.com is running an article describing a new attack on ssh developed by researchers at the University of California at Berkeley. It's more of a traffic analysis attack than one on the ssh protocol itself - it looks at the inter-packet timings and deduces keystrokes from that. "A password cracker program, dubbed Herbivore, was developed on the back of the research. Herbivore is capable of learning a user's password by monitoring SSH sessions." More information is available in the white paper written by the researchers (Dawn Xiaodong Song, David Wagner, and Xuqing Tian). Another look at full disclosure. Those interested in the full disclosure debate (as covered in last week's LWN.net Weekly Edition) may want to have a look at this paper by Jon Lasser. He looks at the evolution of the rpc.statd hole and its exploits, leading up to the Ramen worm, and how full disclosure may have helped those seeking to take advantage of this vulnerability. Security ReportsDenial of service vulnerability with netfilter MIRROR target. The experimental MIRROR target, available with the 2.4.x netfilter code, may open up sites to denial of service attacks. See this report from Fabian Melzow for details and information on how to work around the problem.An input validation problem with sendmail. It's been a little while since we had a serious sendmail vulnerability. Wait no longer; Dave Ahmed has reported an input validation problem which may be used by local users to obtain root access. An exploit for the problem has already been posted. The vulnerability is not exploitable remotely. For now, the solution to the problem is to upgrade to sendmail 8.11.6 (or, for beta users, 8.12.0Beta19). No distributors have issued updates as of this writing; keep an eye on the LWN.net Daily Updates Page to see when patched packages from the distributions become available.
SuSE fixes a problem with sdb. Caldera Security Advisory for ucd-snmp. Caldera International, Inc. has found some problems in ucd-snmp, including "several potentially exploitable buffer overflows, format string bugs, signedness issues and tempfile race conditions." OpenLinux eServer 2.3.1 and OpenLinux eBuilder, using ucd-snmp-4.2.1-6b are vulnerable.Proprietary products. The following proprietary products were reported to contain vulnerabilities:
UpdatesBuffer overrun vulnerabilities in fetchmail. (Found by Salvatore Sanfilippo). Two buffer overrun vulnerabilities exist in the much-used fetchmail program. Given a hostile server, arbitrary code can be run on the system running fetchmail. The solution is to upgrade to fetchmail 5.8.17. See the August 16 Security page for the initial report. Previous updates:
Format string vulnerability in groff. A format string problem exists in groff; apparently it could be remotely exploited when it is configured to be used with the lpd printing system. (First LWN report: August 16, 2001). The stable release of Debian is not vulnerable. New updates:
Previous updates:
Mandrake-Linux advisory for gdm. MandrakeSoft has issued an advisory for gdm to address a very old (first covered in the May 25, 2000 LWN Security Page) remote exploit through XDMCP. Note the Mandrake-Linux doesn't configure XDMCP use by default, however. ResourcesSecuring Sendmail with TLS (Linux Journal). The Linux Journal shows how to set up sendmail using transaction layer security channels. "The most obvious use of a cryptographically enabled Sendmail installation is for confidentiality of the electronic mail transaction and the integrity checking provided by the cipher suite. Everything between the two mail servers is encrypted, including the sender and recipient addresses. TLS also allows for authentication of either or both systems in the transaction." LinuxSecurity.com's weekly newsletter for August 20 is available.
EventsUpcoming Security Events.
For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net. Section Editor: Jonathan Corbet |
August 23, 2001
LWN Resources | |||||||||
Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Kernel page. |
Kernel developmentThe current kernel release is 2.4.9, which was released on August 16. Linus then jetted off to Finland, so no prepatches have been forthcoming. 2.4.9 has compilation errors for a subset of users (see below), but appears stable for most. The EMU10K1 (SB Live) driver is stabilizing in 2.4.9. Note, however, that you'll need the user-space tools from Creative to make full use of the sound card with the new driver. Alan Cox's latest is 2.4.8ac9. As can be seen by the name, Alan has not yet synched up to the 2.4.9 release (he "doesn't see the point" right now), but he has included the usual vast list of fixes and improvements. Those interested in how the Linus and ac kernels relate may want to take a look at this explanation from Alan, posted on Slashdot. With the -ac tree I try and do rapid rolling releases, sucking in new code to test it and also its interactions with other new code. By doing releases every few days I get a high number of people testing and reporting bugs before there are too many possible causes. This is how Linus trees used to work long ago, and I still think its the better technique.
The redefinition of min() and max(). C programmers since the very beginning of the language have been familiar with the min() and max() macros, which are usually taken directly out of the first edition of the K&R book as: #define max(A,B) ((A) > (B) ? (A) : (B)) #define min(A,B) ((A) < (B) ? (A) : (B))Certainly kernel programmers have been reading their K&R - a quick grep of the 2.4.8 source turns up more than 150 individual definitions of min(). Usually, when a body of code contains that many duplicated definitions, it's time to consider a cleanup. So, perhaps, not too many people may have been surprised when 2.4.9 included a common definition (in linux/kernel.h) for these two little macros. When, however, various modules started turning up compilation errors, and it turned out that the new min() and max() have a different interface, people were surprised indeed, and not particularly pleased. Interface changes during this stable series have become almost commonplace, but few people expected to see a change to something so common and fundamental. It seems that the new min() and max() have a third argument, being the type of data being compared. So, to get the minimum of two integers, one would code: minimum = min(int, a, b);There are perfectly good reasons for doing things this way; when values of different types are being compared, the explicit type determines what type will be used to do the comparison. It makes things explicit, and forces people to think about what they are doing. Unfortunately, it also breaks quite a bit of existing code. Any code which defines its own version of these macros will end up with compilation errors. Even worse, for many, is the fact that there is no way to create backward compatibility macros to cover over the difference. A driver using these macros which compiles for 2.4.9 will not compile for earlier versions of the kernel. Linus has tended to not to be sympathetic toward developers who are trying to maintain portability to older kernels, but there are quite a few of them trying to do so anyway. The question that has come up, of course, is: if Linus wanted a type-aware variant of min() and max(), why didn't he create something with a new name (i.e. typed_min()) and leave the classic macros alone? The answer seems to be that Linus wants to eradicate the old, two-argument macros from the kernel altogether, and so (by way of David Miller) chose an approach that would break code that has not been fixed. Doing things this way can produce more maintainable code in the long term, at the cost of some real short-term pain. But, one would not normally make such a change in the middle of a stable kernel series, and not to something as well understood as min() and max(). Linus, of course, put this change out in 2.4.9 final and immediately fled the country; the cynical among us might surmise that he knew there would be some discontent. And discontent there is; among other things, Alan Cox does not plan to merge this change into the "ac" series; he'll make a typed_min() and typed_max() instead. Linus does not often back down on such decisions, though; it will be interesting to see how this one resolves itself. Feeding entropy from network devices. The Linux kernel provides two pseudo-devices which generate random numbers: /dev/random and /dev/urandom. They both provide (seemingly) random numbers to applications, but they differ in one regard: /dev/random works much harder to ensure that the returned numbers are truly random. The random number generator works through the maintenance of an "entropy pool," a collection of random data which has been collected from outside sources. The most common source of entropy (randomness) in Linux systems is device interrupts; the time periods between keystrokes or disk interrupts is unpredictable enough to provide a degree of true randomness that can not be had from a software-only random number generator. Each random event adds a certain amount of entropy to the pool. If an application reads random data from /dev/random, the kernel will make sure that there is sufficient entropy in the pool to return truly random numbers; if the entropy is inadequate, the read will block until sufficient entropy has been generated. /dev/urandom, instead, will generate numbers (using a secure hash algorithm) regardless of whether sufficient entropy exists; it never blocks waiting for entropy. In theory, that difference means that a sufficiently clever attacker could, perhaps, predict the random numbers that will be generated by /dev/urandom. Using the predicted numbers, the attacker could proceed to make a mess of any cryptographic or security code using /dev/urandom. Such an attack remains entirely theoretical, however; it would be in no way easy, and nobody has ever demonstrated a way of successfully predicting Linux's random numbers. Nonetheless, people worry, and many applications will only use random data from /dev/random. On some systems, this can lead to problems if the system is not generating enough entropy; suddenly ssh connections take a long time to start up, and things get unresponsive in general. Network firewalls, with no keyboard and little or no disk activity can be especially susceptible to this problem. The answer, seemingly, would be to use the arrival of network packets as another source of entropy. Historically, this source of entropy has been avoided, since network traffic is susceptible to observation and manipulation by an attacker. In a highly paranoid world, one might worry about an attacker watching network traffic in an effort to predict the contents of the entropy pool on a target system; the attacker could also feed precisely-timed packets to the target in the hopes of influencing random number generation there. Once again, nobody has ever gotten close to demonstrating an attack of this nature, but if security people didn't worry they would have little to do. Now, however, Robert Love has submitted a patch which allows the system to use entropy from network traffic, subject to a kernel configuration option. There is some real opposition to the patch; some people feel that network entropy should not be treated as entropy at all, and that applications should just be using /dev/urandom in these cases. The wider consensus, however, is that sometimes network entropy is the best you can get, and that it makes sense to give the user a choice of whether to use it. After all, when, ten years from now, some super cracker develops a network entropy exploit, you can always turn the feature off. New no-bounce high memory I/O patches have been posted by Jens Axboe (see also the quick update that came out shortly afterward). This patch is rapidly approaching a state of readiness, and, with luck, should find its way into a stable kernel sometime soon. It eliminates the need to use "bounce buffers" on systems with large (multiple GB) amounts of memory, even on systems where the kernel does not directly address high memory. One user has reported a 40% performance increase when running with the patch. Incorporated into Jens' patch is the new 64-bit PCI DMA interface designed by David Miller. He has also posted the PCI64 patches separately for those who would like to take a look at them. With these patches, DMA I/O is possible on systems with very large amounts of memory (more than 4GB) if the hardware is up to the task. There is also a later revision of this patch available. Between these two efforts, the kernel's support for high-end systems will be much improved. Other patches and updates released this week include:
Section Editor: Jonathan Corbet |
August 23, 2001 For other kernel news, see: Other resources: |
Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Distributions page.
Lists of Distributions |
DistributionsPlease note that security updates from the various distributions are covered in the security section. News and EditorialsCompatibility between Linux distributions. This week a lengthy thread arose on the debian-devel list on whether the Debian distribution should be Red Hat binary compatible. The answers ranged from "yes" to "no" to "maybe". As the LWN commerce editor for the last couple of years I can vouch for the fact that there are an increasing number of proprietary software packages being released specifically for Red Hat Linux. No doubt in Germany the distribution of choice is SuSE, and other countries will have other favorites. The point is Debian (or Slackware or many other smaller vendors) will not usually be the first choice for a proprietary software vendor who wishes to port software to Linux. Also this software, once ported to one flavor of Linux may or may not run on other Linux distributions. The Linux Standard Base was created to address these compatibility issues and the current 1.0.0 release is certainly a good start. Obviously it's not all the way there yet. Also, there is no guarantee that all Linux vendors will follow the standard. If, for example, a large vendor like Red Hat chooses to ignore the LSB it is likely that the proprietary software vendors will also ignore those standards, and write software that runs only on Red Hat Linux. Making Red Hat a de facto standard in this manner puts additional pressure on a volunteer based distribution like Debian. It is really best if all distributions stick to the standard. There may still be some compatibility issues, but following standards will minimize the issues (or maybe just point out a place where the standards are inadequate). Not all volunteer developers within Debian will agree that there is a need for proprietary software to run on Debian. This is certainly a valid choice. However, if a business chooses to run Debian and also chooses to use a proprietary software product shouldn't this combination just work? Should that business be forced to use a different distribution just because it is tied to a third party product? This is a mode of operation more reminiscent of certain proprietary operating systems than of Linux. World domination requires that vendors can port once and businesses can use whichever flavor of Linux they please without worrying about compatibility issues. Debian Linux for BeOS refugees. Since Palm acquired Be's assets and Be intends to wind up its operations some time in the fall many BeOS refugees will be looking for alternatives, including Linux. One ex-Be user advocates Debian for BeOS refugees. Mandrake Linux Community Newsletter - Issue #10. This issue of the Mandrake Linux Community Newsletter is available in English and in French. It includes information on the Mandrake 8.1 Beta, a reminder about the upcoming LinuxWorld show in San Francisco, and a spotlight on the KDE desktop environment. New DistributionsCRUX. The CRUX distribution appears to have been around at least since last April and version 0.9 was released on July 7, 2001. Here's a description from the CRUX website. CRUX is a lightweight, i686-optimized Linux distribution targeted at experienced Linux users. The primary focus of this distribution is "keep it simple", which is reflected in a simple tar.gz-based package system, BSD-style initscripts, and a relatively small collection of trimmed packages. The secondary focus is utilization of new Linux features and recent tools and libraries. (Thanks to Joe Klemmer who found the link at DaveCentral. Distribution NewsBlue Linux announces the Development of Blue Linux EDU. Blue Linux announced that they will be working toward a Blue Linux Educational version that will be based on reaching out to the Educational Community. Blue Linux Founder Matt Jezorek said "We hope that we can help cut the cost of running the school systems and keeping up with licensing so that learning can once again become the major part of todays schools."
Debian News. Debian release manager Anthony Towns has posted a request not to make major changes to the base as part of the ongoing freeze, and as a bonus included a list of the software to be included in the base as well as the "standard" packaging. There will be a bug squashing party this weekend to help stamp out those Woody bugs. If you are a prospective Debian developer looking for an existing developer to meet and sign your GPG key (for the Identification part of the new maintainer process), there is now a listing of developers available. Current Debian developers are encouraged to register so prospective developers can find you in the listing. Some new mailing lists have been created for Debian developers. There's one for Debian's Catalan internationalization and localization team, some new bug lists, lists in Italian and French, and others. Mandrake Linux 8.1 Beta1 for x86 on mirror sites. MandrakeSoft has informed us that the first beta release of Mandrake 8.1 for x86 systems is now available from their mirror sites. This version includes the 2.4.8 Linux kernel; the shiny new KDE 2.2; the latest Ximian Evolution 1.0 beta 2; and you can try your new digital camera with gphoto2; configure and reconfigure your printer with the reworked printerdrake and its new friend foomatic; and much more. Yes, its a beta and it has bugs, but some of those bugs already have fixes available. So get busy, crash some machines and let Mandrake know what works and what doesn't. Midori 1.0.0-beta3 released. Midori Linux 1.0.0-beta3 has been released. "Highlights: it compiles on Red Hat 7.1 (your mileage may vary, so please let us know how it works for you) and we've replaced the entire init script system with something much better (in our opinion, at least) than what's available on the average Linux system." MontaVista's Linux port to the IQ80310. Here is the latest source drop for the Linux port to the IQ80310. You'll need the linux-2.4.7 kernel with patch-2.4.7-rmk3 to get it running. Red Hat: Roswell, the return. There has been another sighting of Roswell, Red Hat's latest beta. Apparently lots of things have changed with this new version, which may still be rather buggy. The truth is out there. Trustix releases Secure Linux 1.5. Trustix announced the release of Trustix Secure Linux version 1.5, nicknamed "MiddleWhere". A number of new features have been added to TSL with this version, based on user requests. Updates to this package include MySQL, PHP4, and modutils for 2.4, and SWUP for automatic updates and easy install of new software. Turbolinux News. Turbolinux has announced the release of its z/Linux 6.5 distribution for IBM zSeries servers and S/390 mainframes. Turbolinux also announced the availability of Turbolinux Workstation 7.0 for US-based OEMs. Minor Distribution updatesDragonLinux. DragonLinux has a new phpwiki page available for users. DragonLinux documentation is available, and users can discuss and modify documents via wiki. FreeBSD. FreeBSD v4.4 should be available by the end of the month. In the meantime Annelise Anderson, a frequent contributor to the FreeBSD mailing lists, has written "FreeBSD: An Open-Source Operating System for Your PC", an introduction to FreeBSD aimed at the new user. It is published by The Bit Tree Press, the ISBN is 0971204500, and it can be ordered from, amongst other places, the DaemonNews Mall. Mindi Linux v0.38. This version of Mindi was released August 18th. There is now a 'mindi-kernel' plug-in, so that users can use a stock 2.4.7 kernel in case their kernel isn't right for a boot disk among other changes. Distribution ReviewsRedmond Linux: Stripped-down Linux business aims at desktop newbies (NewsForge). NewsForge reviewed Redmond Linux. Joseph Cheek, CTO of Redmond Linux tells us there are a few inaccuracies in the article [Redmond Linux is based on Caldera Workstation 3.1, and Rick Collette is VP of Engineering, not VP of Marketing], however this is a good review overall. "The distribution has several goals, including, of course, "ease of use for people used to Windows," Collette says. The Redmond Linux coders also want seamless filesystem integration with other operating systems on a network, and a full suite of working applications." Section Editor: Rebecca Sobol |
August 23, 2001
Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.
|
Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters See also: last week's On the Desktop page.
|
On The DesktopEnd User System Management. For many desktop users, be they Linux or Windows users, the day to day task of managing their computers is somewhat daunting. The process of managing installed packages alone can be a nightmare, but throw in network management and security, user management, and even the simple process of dialing out through a modem and users end up with a strong desire to toss the whole load out the window, put on a pair of sunglasses, a grass hat and wonder where Jimmy Buffett goes at times like these. One of the sad parts of Linux is a lack of standardized configuration tools. Many distributions include the useful, if not completely reliable, Linuxconf toolset. This package is based on over 40,000 lines of C++ code and attempts to do what commercial Unix has never been able to do well - administer a standalone Unix (or in this case Linux) system. Linuxconf offers tools for configuring LAN connections via DHCP or manual addressing, dialup modems, the Apache Web server, firewalls, the LILO boot manager, printers, user and group management and a host of other features. An even larger feature set is provided in external modules. Linuxconf is the current administrative interface used by many Linux distributions. It supports Caldera, Debian, Red Hat, Conectiva, SuSE, and Mandrake. There are text, ncurses, GTK and HTML based interfaces available as well. Many of the modules appear to have come from Conectiva, though it's not clear if the other modules come from other distribution vendors or not. While Linuxconf appears complete, it does have its drawbacks. The web site mentions compatibility with many older distributions from the major Linux vendors, but there is little mention of the latest releases such as Red Hat 7.x, Mandrake 8 or SuSE 7. Debian includes some support for Linuxconf but one Debian developer we talked to said that he expects that it has a very low use rate among Debian users. But a bigger issue may be that Linuxconf can often misconfigure some features or activate features unrelated to a users changes at inappropriate times. Many users may be willing to accept broken or incomplete software, but when it comes to systems administration, they should never accept software the works incorrectly. The stability of your system is at risk here. And most distribution vendors are aware of these issues. Debian developers, we're told, have lately been interested in a Web based administration tool from Caldera, Webmin, though this interest is not at an official level (we haven't heard of them adding it to their distribution at this time). It's an open source (BSD license) application from a company that was recently purchased by Caldera and provides a plug-in style API that permits modules which can be both open source and proprietary. The application supports a large number of Linux distributions. The RPM installation was very clean and installs its own web server for managing your system. It can run with Apache, though the default server seemed quite sufficient for local (single user) administration. Most major tasks are supported in the default configuration, including DNS and networking, file sharing, user management, and even package management. The modular design offers quite a few options for the future. Another alternative to Linuxconf and Webmin has recently started coming out of Ximian's GNOME product development. The Ximian Setup Tools (XST) is a frontend/backend design currently based on GNOME that also has support in development for the KDE environment. Most of the major Linux distributions are supported, including Debian. Backend tools can be written in any language (though Perl seems to dominate currently), using an XML transport, which means configuration information is passed between the backend and the frontend in XML. Use of XML provides a method (which may or may not be implemented in each backend) for saving past states which can be restored at a later date. This rollback option is something that neither Linuxconf nor Webmin provide. As Ximian developer Michael Meeks puts it, XST provides "user level support to give a rubber knife to learner systems administrators instead of a scalpel." The architecture of XST offers great hope but not all the features expounded by Ximian are implemented yet. Rollbacks are still missing, as are remote host administration options. Local administration appears to work fairly well though we had a few problems with adding a new user. Features in the current, unstable release of XST include user and group management, time and date handlers, and boot, disk, memory, network, and file sharing management. After installation (which can be handled automatically using Ximian's Red Carpet facility) the tools end up as individual menu items in the Programs->Utilities menu under the GNOME menu panel. Linuxconf is a bit monolithic in nature - all the bits and pieces are rolled into a single interface (though it appears they can be run individually from the command line). XST, on the other hand, uses a frontend/backend pair as a standalone application. The modularity provided in the backends for both XST and Webmin allows a separation of duties and prevents the problem Linuxconf brings when it performs duties you didn't really request of it. You aren't likely to accidently reset a network daemon while performing user management, for example. Such modularity also makes both XST and Webmin easily extensible. XST carries no dependencies other than the desktop environment (either GNOME or KDE, essentially). This makes XST and Webmin fairly even when it comes to future expansion. With Webmin being web based it should be free of all desktop dependencies other than an available browser. Systems administration will always be a difficult task to manage for end users, but with tools like Webmin and XST there is hope of a less convoluted future. Vector tools and the VFX industry. We received a letter from a Windows-based graphics company (see our response to them) who mentioned customer requests for a Linux port of their product. There still isn't a publicly announced professional-level, native vector tool for Linux even though such a tool is highly desired. One problem this vendor has is with peripheral support: We have looked at the Linux market before but the community and support (graphics tablet and other peripherals) for graphics products was not sufficiently advanced at that stage. The Wacom tablet is fairly well supported under XFree86 4.0.x now, but support for other tablets is fairly spotty at best. Most Visual Effects (aka "VFX") houses working in the film industry tend to port their own drivers over to Linux as they need them, but few (if any) of these have been released back to the community. Still, this isn't a lost cause. Most of the VFX industry is migrating to Linux. Their biggest problem, according to a couple of industry insiders, is finding out how to get open source developers involved with them, and how they can get the industry itself to move from highly secretive productions to more open development. Enlightenment. The authors of the Enlightenment environment, which is evolving into a desktop environment to challenge GNOME and KDE, are interviewed about the year long march towards E17. E17 is built for sheer performance. It should be able to equal or beat anything else doing anywhere near the same level of visual work - and many things doing a lot less visual work. Rememebr you can't compare something that displays 2 lines and a box with something that fills the srceen with alpha blended images and anti-aliased text. They are different levels of visual work, but even so - e17 should be not far off a lot fo the performance of the simpler visual displays. e17 isn't a whole desktop. It's a desktop shell - think of it as a window manager + desktop background manager + file manager + config tools all in one.
Desktop EnvironmentsGNOME Summary for 2001-08-05 - 2001-08-15. This latest edition of the GNOME Summary is out, and covers topics including the addition of TrueType support to GNOME Print, an update to the Galeon project, updates to AbiWord, and hacks from Linux kernel developer Alan Cox on Nautilus. Gnome on Slackware and Galeon wins browser review (GNOME Gnotices). GNOME Gnotices pointed us to the news that there are now Ximian GNOME packages available for Slackware. These don't appear to be official Ximian packages and, because Ximian doesn't support the gzipped tar (aka "tgz") format, don't include support for Red Carpet. In another news tip from the same note, Canada Computes has done a review of Linux browsers, including Opera, Netscape, Konqueror, Mozilla, Galeon and Skipstone. Galeon came out on top. GNOME Foundation adds Timothy Ney as Executive Director. The GNOME Foundation has finally announced their executive director: Timothy Ney. Ney most recently served as the managing officer of the Free Software Foundation for the past three years. First review of KDE 2.2. Now that KDE 2.2 is out, reviews cannot be far behind. Here is the first. "The sad fact is that there is no Linux desktop that can yet match the ease of use, and comfortable usage of Microsoft Windows or Mac OS. KDE is getting there but still lacks some refining touches. My guess is that KDE 3.0 is going to provide a revolutionary step towards the desktop with Linux. " (Found at dot.kde.org) Open Source Printing Summit. The Open Source Development Network (OSDN) along with Hewlett-Packard and IBM will be holding their second annual Linux Printing Summit in September in San Jose, California. Window Maker web site redesign. Window Maker, an alternative desktop window manager which works with GNOME and KDE, had a web site relaunch earlier this month. The new site is much cleaner and more professional looking, though little new information on the product itself is available. Office ApplicationsAbiWord 0.9.2 released. Version 0.9.2 of the AbiWord word processor has been released; see the release notes for a list of changes. On a side note: The AbiWord Weekly News may be taking a two seek summer break as author Jesper Skov takes a well deserved vacation. Someone from the list may take over for Jesper, but if that does not work out, he'll write up a double issue on his return. GnomeMeeting 0.10 released. A new release of GnomeMeeting, was announced this week. GnomeMeeting is a video conferencing system. Updates include support for both FreeBSD and KDE and includes packages in both RPM and .deb formats (Mandrake coming soon). Desktop ApplicationsGnumeric 0.70. A new release of Gnumeric was announced this week. This is a high priority upgrade from the 0.69 release, which broke MS Excel importing. Unfortunately, this release also reduces the stability of graphs. Remember that that the sub-1.0 releases are meant primarily for developers and testers - expect some problems. And in other news...Caldera CEO: The challenge of the desktop (ZDNet). ZDNet News interviews Caldera CEO Ransom Love. "The challenge of the desktop is evolving. The traditional monolithic desktop is not for Linux, but the evolving thin client desktop is ideal for it. Something like 80 to 90 percent of personal time is now spent in the browser, and as the Internet becomes predominant use of desktop, applications will follow." Adding a new dimension to the desktop with 3Dwm (LinuxPower). 3 dimensional desktops are still quite a few years away from the common man, but work steadily progresses on at least one project in this arena: 3Dwm. "We expect to be releasing version 0.3.0 of 3Dwm shortly (just need to iron out a few things), and this release finally adds full input handling in the display server. This should allow you to not only navigate around in the environment (this has been possible from day one), but also to interact with the 3D objects in the scene. However, I would not recommend this release for users other than to just perhaps compile it and play around a little with it; there are still some pretty glaring things that keeps us far away from a 1.0 release." VistaSource gets a makeover. The VistaSource web site has gotten a makeover. Despite earlier rumors, it appears that Applixware continues to be sold by the new company, though its name has been changed to Anywhere Desktop for Linux. Section Editor: Michael J. Hammel |
August 23, 2001
|
Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Development page. |
Development projectsNews and EditorialsLast week, Walter Bright's D Programming Language was discussed at length on Slashdot. D is intended to be a successor to C and C++, and has been designed with compiler implementation in mind.The language overview states that D is not an interpreted or scripting language, it is a compiled language that is designed to be higher level than C++. The language will not require a runtime virtual machine, as does Java and Smalltalk. D is intended to keep much of the C/C++ language look and feel, making it easy to transition to from those languages. From C/C++, D will keep the compile/link/debug development model, will emphasize exception handling, and will use templates, although the template design will be newly designed. The documentation already contains text about Programming in D for C Programmers and Programming in D for C++ Programmers, making the learning process fairly straightforward. While keeping many C/C++ features, D will eliminate the preprocessor, and thus include files. Also gone will be multiple inheritance, operator overloading, arbitrary Bit Fields, and support for 16 bit CPUs. Most of this is to simplify the language and eliminate infrequently used features. One interesting feature of D is the ability to include optional built-in unit test code (go to the bottom): "Unit tests are a series of test cases applied to a class to determine if it is working properly. Ideally, unit tests should be run every time a program is compiled. The best way to make sure that unit tests do get run, and that they are maintained along with the class code is to put the test code right in with the class implementation code." Another interesting, but slightly quirky feature is that the D compiler allows D language code to be embedded into html files. This allows functional code to be displayed in a browser with special highlighting for better readability, and the same file can be compiled. This feature could allow for some interesting documentation. The D Programming Language Reference Document provides the complete language documentation as it exists, today. In all, it looks like D could become an important language if it can manage to get beyond the design phase into working code, and can attract a large enough following. AudioEcasound 2.0.2 released. A new version of Ecasound is available. This version features bug fixes, minor improvements, and compatibility with the Gcc 3.0 compiler. Also on the same site, Brad Bowman has written a Perl module that implements the Ecasound Control Interface. CORBAOpenOrb Enterprise Suite 1.2. The ExoLab Group has announced OpenORB Enterprise Suite 1.2, a CORBA 2.4 ORB written in Java. The OpenOrb home page has all of the details. OpenOrb has been released under a BSD license, a commercial OEM/ISV license is also available. (Thanks to Christof Meerwald) DatabasesPostgreSQL v7.1.3 released. A new version of the PostgreSQL database has been announced. FreeGIS web portal updated. The FreeGIS web portal has been updated and now provides a search engine for finding tools from their database of over 125 applications relating to Geographic Information Systems. Embedded SystemsEmbedded Linux tops developers' 2002 wishlist (LinuxDevices). An Evans study on embedded OS usages shows Linux currently sits 4th behind home-grown solutions, VxWorks, and MS-DOS. "One of the most striking results of the survey is the indication of a dramatic shift away from "home grown" OSes [in 2002], which have traditionally accounted for between half and two-thirds of all embedded systems' OSes. The roll-your-own category practically vanishes in a single year, with much of the slack taken up by Embedded Linux..." Embedded Linux Newsletter. This week's Embedded Linux Newsletter includes a review of John Lombardo's "Embedded Linux", a study of how Linux is being used in industrial controls, and a look at IBM's TechMobile, a Ford Explorer that runs Linux. ELC announces new board of directors. The Embedded Linux Consortium has announced its new board of directors. "Five incumbents were re-elected and two new candidates gained board seats. Re-elected are Dr. Inder Singh (chairman and CEO, LynuxWorks); Michael Tiemann (chief technology officer, Red Hat); James Ready (CEO, MontaVista Software); Dan Bandera (business line manager, IBM Pervasive Computing); and Greg Wright (an independent Linux community member). The two new board members are Dr. Kiwon Lee (head of corporate technology operations and executive vice president, Samsung Electronics); and Victor Yodaiken (CEO, FSMLabs). Yodaiken's election fills a vacant position and brings the board to full strength." Multi-vendor open source set-top box project launches (LinuxDevices). LinuxDevices reports on Linux4.TV, another project to put Linux into a set top box. "An open source set-top box design based on National's Geode system-on-chip processor is said to be available for immediate download. Downloadable software components include Century's WebMedia set-top box front-end application, which provides a video middleware API, and National's enhanced Video for Linux 2 (V4L2) API, which provides features such as alpha blending, VIP, overlay, and picture-in-picture (PIP) support." InteroperabilityWine Weekly News for August 16, 2001. The August 16, 2001 edition of the Wine Weekly News is out. This edition covers 16 bit printer drivers, navigating through Wine, debugging techniques for Winelib applications, and lots more. Printing SystemsUpdated CUPS Source Distribution. A new source distribution of the CUPS printing system, version 1.1.10, has been released. The release notes document the changes, which include job priority tweaking, support for Dymo label printers and lots of bug fixes. A next-day bug fix release was also released, version 1.1.10-1 fixes a few minor filter and installation bugs. Omni Printer Driver version 0.40 released. Version 0.40 of the Omni printer driver is now available for download. This release includes drivers for 21 HP LaserJet printers, support for hardware scaling printers, updated Epson Stylus support, and lots of bug fixes. System AdministrationConsolidating Servers Under Linux (O'Reilly). David H M Spector discusses the consolidation of multiple server functions under a single Linux system. "'Server consolidation' is a term that is often used in IT jargon to mean 'we're getting rid of platform X' where 'X' is SPARC, Intel, Hewlett-Packard, or some other unlucky victim of a corporate popularity contest. These days, you should be thinking about a different kind of server consolidation -- how to reduce the number of servers that your company has to support and how to bring more services together on the servers that remain." Web-site DevelopmentMnoGoSearch 3.1.19 released. Version 3.1.19 of the MnoGoSearch web server search tool has been announced. This is mostly a bug fix release, although it also features content encoding support. Zope News for August 17, 2001. The August 17, 2001 edition of the Zope News is out. This issue features a new editor, Chris McDonough, and a name change from the Zope Weekly News to just Zope News. This is slightly confusing due to the fact that zope.org also has another Zope News site, hopefully all of that will be straightened out in time. Topics from this new edition include the release of Zope 2.4.0, some security issues, and more. Zope 2.4.1 beta 1 released. A new version of Zope, version 2.4.1 beta 1 has been released. This version features a number of bug fixes. Word ProcessorsSun releases OpenOffice Development Kit. Sun Microsystems has released ODK, the OpenOffice.org Development Kit. "The ODK is a set of tools, libraries, jar files, header files and idl files which are necessary to develop components for the OpenOffice.org using the OpenOffice API and the OpenOffice.org component technology UNO (Universal Network Objects)." A Linux/Intel version of the kit is available. The licensing information for OpenOffice.org states that it is released under a dual LGPL and SISSL license, SISSL is the Sun Industry Standards Source License. MiscellaneousQuick Reference For Choosing a Free Software License (zooko.com). Bryce Wilcox-O'Hearn has published a Quick Reference Guide for choosing free software licenses. If you are uncecided about which license to use for an open-source project, this would be a good place to start. Section Editor: Forrest Cook |
August 23, 2001
|
|
Programming LanguagesCGCC 3.0.1 Released. Version 3.0.1 of GCC has been released. Changes with this release include numerous bug fixes, and a port to the S/390 architecture. (Thanks to Roberto Bagnara) CamlCaml Weekly News for August 21, 2001. The August 21, 2001 edition of the Caml Weekly News has been delivered. Topics this week include a rewrite of David Fox's FFI C interface generator, and FORT 0.3, the Framework for Ocaml Regression Testing. JavaStudy: Java to overtake C/C++ in 2002 (ZDNet). According to a study by the Evans Data Corp, Java developers will outnumber C/C++ developers by early 2002. "The research also shows that Java usage has been rising at the expense of Visual Basic and C/C++." The study also praises Linux as a stable and popular platform for software development. Embedded Java (O'Reilly). Vincent Perrier examines some embedded Java issues in an O'Reilly article. "Java's strong appeal for embedded applications is sometimes offset by concerns about its speed and its memory requirements. However, there are techniques that you can use to boost Java performance and reduce memory needs, and of course the Java virtual machine you choose affects Java performance, too. You can make better-informed decisions about using Java by understanding the factors that affect its performance and selecting meaningful benchmarks for embedded applications." Jlouiss java tracer updated. Albrecht Kleine has announced the availability of a new version of his jLouiss Java tracer. JLouiss is licensed under a GPL license. LispOpenMCL 0.6 released. Version 0.6 of the OpenMCL lisp compiler has been released. This version adds a new foreign type system, different command line argument processing, a new Linux system call mechanism, and more. PerlThis Week on Perl 6 (O'Reilly). The August 12-18, 2001 edition of the Perl 6 Porters digest is out with coverage of all of the latest Perl 6 development activity. Gluing C++ And Perl Together. John Keiser has put together a tutorial on binding Perl XS, the Perl native glue, and C++. The tutorial fills in areas that the existing documentation has failed to cover. PythonHypercard and Python (O'Reilly). Stephen Figgins takes a look back at the classic Macintosh application Hypercard, and a new embryonic project known as PythonCard. The PythonCard project aims to be a Python based software construction kit that allows GUI development with minimal coding. PythonCard is being released under a Python 2.1 license. Daily Python-URL. The latest items in the Daily Python-URL include a discussion on Extended HTTP functionality and WebDAV, MySQL performance tuning, the Java Python Extension (JPE), scientific calculations with SciPy, and more. SCons design document. Based on a design from last year's Software Carpentry Contest, the Python based SCons software construction tool is under design, with an alpha release due out in several months. A design document for SCons has been announced and is open for review. PyDO 1.0 Object Relational Database Tool. A new version of the the PyDO Object Relational Database tool has been announced. This release works with Python 2.2a1 and features an improved PostgreSQL driver. RubyThe latest from the Ruby Garden. The Ruby Garden reports an increasing number of posts to the Ruby-talk mailing list, indicating that the language is catching on. Also, string comparison techniques in Ruby are discussed. SmalltalkThe latest Smalltalk Chronicles. After a bit of a hiatus, the Smalltalk Chronicles has returned with a fancy new design. This issue includes an interview with Dan Ingalls on the future of Squeak, cranking on real-time physics problems with ElastoLab, The Moose, a Smalltalk environment for re-engineering code, and refactoring patterns. XMLXML for Data: Four tips for smart architecture (IBM developerWorks). Kevin Williams looks at common XML design mistakes and illustrates how to deal with them in an IBM developerWorks article. For the impatient, here are the tips:
Miscellaneousglibc maintainer lashes out at RMS. The release notes for glibc 2.2.4 have been posted, and include some fairly strong anti-Stallman sentiments. Section Editor: Forrest Cook |
Language Links Caml Caml Hump Tiny COBOL Erlang g95 Fortran Gnu Compiler Collection (GCC) Gnu Compiler for the Java Language (GCJ) Guile Haskell IBM Java Zone Jython Free the X3J Thirteen (Lisp) Use Perl O'Reilly's perl.com Dr. Dobbs' Perl PHP PHP Weekly Summary Daily Python-URL Python.org Python.faqts Python Eggs Ruby Ruby Garden MIT Scheme Schemers Squeak Smalltalk Why Smalltalk Tcl Developer Xchange Tcl-tk.net O'Reilly's XML.com Regular Expressions |
Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Linux in the news page. |
Linux in the newsRecommended ReadingWhy artists should be using Ogg Vorbis. Daniel James offers some interesting arguments from the perspective of the musician on why artists should be using Ogg Vorbis instead of MP3. Daniel is also advocating the use of The Personal Music License as a means of keeping the musician in the monetary loop when music is sold while allowing the music to be freely shared when it is given away. Ogg Vorbis is an open-source musical compression scheme that is similar to the popular MP3 format. (Thanks to Daniel James) Ethernet MP3 Player for Linux (MP3newswire). Another MP3 player, the SLiMP3 , based on Linux and designed for network playing is covered in an article from the MP3Newswire. Dmitry Sklyarov, Adobe, and the FBI (Byte). Jerry Pournelle has written about the Dmitry Sklyarov case. "I predict that if the case ever comes to trial the law will be thrown out, either on Constitutional grounds or on the narrower principle that it is too hopelessly vague to be enforceable. If the matter is ever put to a grownup in the Department of Justice, the only question will be 'How do we get out of this with a minimum of egg on our faces?'" Arrested Russian programmer thanks supporters (News.com). Dmitry Sklyarov says he's grateful for the world outpouring of support in his trials against the DMCA. "Protests in support of Sklyarov are scheduled outside the hearing in San Jose, as well as later this week and next in Russia, England, San Francisco, Los Angeles, Minneapolis, Boston and even "Black Rock City" in Nevada, the desert site for the annual Burning Man cultural arts festival, according to the statement." Why Austin TX is considering a Microsoft Enterprise license ( LinuxWorld). The city of Austin, Texas doesn't quite know how to get out of the license fiasco forced on them by Microsoft - pay a big fine, or buy a big contract with lousy conditions. According to one city official: "As the specialty for Linux is servers, and servers make up only 1% of the costs for Microsoft licensing, the financial impact is a fraction of the Microsoft licensing issue. The other 99% of the costs are related to MS Office, MS exchange, Desktop OS, Visio, MS Project, and other products for which Linux does not provide a solution." As author Joe Barr suggests, "Someone needs to tell that to the 400 employees of the City of Largo, Florida." IBM demos car of the future (CNN). CNN provides a bit more detail on the Linux-based TechMobile from IBM. "Blue Eyes detects movements of the retina and frequency of eye blinks. Using this technology, the alphaWorks team created an alarm system. An infrared camera watches the eyes, and if the system does not detect the eyeballs, it assumes the driver has fallen asleep and an alarm is sounded." CompaniesWhy Apple's bass-ackwards Unix approach is the right way (ZDNet). Apple's desktop oriented Unix is a smart play for the company, avoiding the server market entrance most Unix vendors opt for in the long run, according to this ZDNet story. "This tack is a novel inversion of the path of least resistance. Apple could've tried to compete in the workgroup server market--a place where it's had decent success in the past--and worked on the client version of the OS while the server variant established itself. Instead, realizing the desktop was more important, Apple is focusing its efforts there." Caldera to open source benchmarks, regular expression parser. Caldera has announced it will Open Source the AIM performance benchmarks and the UNIX Regular Expression Parser, along with two UNIX utilities awk and grep. These technologies will be released under the GPL (Gnu General Public License). HP to sell secure version of Linux (News.com). HP's Secure OS Software for Linux is expected to be officially announced on Wednesday, according to this C|Net story. "The secure Linux product will be available for HP servers or others that pass the qualification tests Red Hat uses to assure a computer can run its latest version 7.1, said Bill Wear, product manager for HP's secure Linux offerings." When Linux grows up, IBM glad to boot AIX (IDG). IBM is almost ready to boot AIX in favor of Linux, but the community champ has still has some maturing to do yet. "While IBM officials concede that Linux might not emerge as the operating system of the future, the company is ready to back it now with millions of dollars and as many developers as it can find. If these bets pay off, IBM will likely send AIX packing, opting to put a penguin inside every server instead." IBM to open source WebSphere Linux tools (ZDNet). ZDNet reports on IBM's reported release of WebSphere to open source. "IBM plans to first move all of the tools that developers plug into the Workbench into a shipping product on both Linux and Windows so that all the tools would work on both platforms." Denver Firm Allows Internet Programmers to Collaborate on Software Projects (Denver Post). The Denver Post covers the Jabber instant messaging project. The article talks about the open source model for developing software projects (Jabber is open source). "To abide by the code of conduct in the open-source world, Durand said Jabber.com puts its proprietary code on the website after a new version of its software is released. Jabber.com even put Miller and three programmers on the payroll so they could continue to write code for the original, nonprofit Jabber.org site." Penguin Computer lays off 24 percent (News.com). Penguin Computing (not Penguin Computer) cut 25 employees last Friday, according to C|Net. Red Hat Plugs E-Biz Apps Gap For Linux (TechWeb/Yahoo! News). TechWeb/Yahoo covers Red Hat's e-commerce business rollout. "... analysts agreed with Gold's assessment that midmarket companies are likely to accept the new Red Hat E-Commerce package mostly for cost reasons. The sell-side application, used mostly by retailers or B2B companies selling or managing customer support online, has been tested for reliability and performance by thousands of developers, and its lack of proprietary code makes it cheaper to maintain than other platforms." BusinessLinux: Lusty or Listless? (IT-Director). IT-Director says that it's hard to tell if the Linux industry is getting strong or failing quietly. "We feel that the hype is over. The go-go days have ended and the put-up or shut-up time is here. Linux companies need to come up with an appropriate and viable business model that will allow them to compete." Linux is ready for the long haul (ZDNet). C|Net interviewed a number of industry analysts to find out what might be in store for Linux over the long haul. Says one Forrester Research analyst: "Hardware firms such as IBM and HP love Linux because it removes OS costs from boxes such as firewalls and Web server appliances. With appliance makers able to take what they need and exclude what they don't, we see a Linux foundation for most computing appliances by 2005..." Linux making corporate inroads (News.com). News.com reports on the latest IDC study on corporate Linux adoption. "The studies found that 40 percent of the 800 decision makers surveyed in North America and Western Europe are actively using or piloting Linux, and that Linux unit replenishment rates were twice as high as those for Unix." InterviewsPeace, Love, and Linux (Consulting Times). Caldera's CEO Ransom Love talks with Consulting Times about recent criticisms of his company and defends the need for commercial Linux solutions. "I think you can build on top of GNU, the layers that make it more of a total solution to a specific segment. I don't think you can do it generically, but I think if you know who your customers are you can build an integrated solution that utilizes those resources. You have to play within the rules and you contribute back to the back to the components that you use. That's fine, and that works." MiscellaneousTo upgrade or not to upgrade (BBC). The BBC looks at alternatives to upgrading Windows on your older hardware. "Despite all the improvements, installing Linux still takes a little technical courage, though the benefits in terms of learning how your machine works can be substantial." Section Editor: Forrest Cook |
August 23, 2001 |
Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Announcements page. |
AnnouncementsResourcesA Must-Have Tool (LinuxLookup). LinuxLookup's Tip of the Week looks at using VNC, the Virtual Network Computing open source software from AT&T. VNC allows you to display a remote desktop on a local system, even when the remote and local systems are running different operating systems. .comment: We're Getting There!. LinuxPlanet comments on GNOME, Red Hat, and package managers. "In due course I was booted to the Gnome desktop. As a longtime KDE user, and an unashamed admirer of that desktop, I found nothing that was sufficiently unusual or different that I couldn't do work at once -- such as writing this column. I do wonder what the point is, because I think KDE is far ahead of Gnome development and otherwise the two are in all important ways virtual clones, but I find nothing particularly objectionable about Gnome..." EventsWizards of OS 2. Wizards of OS 2, Open Cultures and Free Knowledge, is an International Conference at the House of World Cultures Berlin coming October 11 - 13, 2001. Events: August 23 - October 18, 2001.
Additional events can be found in the LWN Event Calendar. Event submissions should be sent to lwn@lwn.net in a plain text format. User Group NewsLUG Events: August 23 - September 6, 2001.
Additional events can be found in the LWN Event Calendar. Event submissions should be sent to lwn-lug@lwn.net in a plain text format. Section Editor: Rebecca Sobol. |
August 23, 2001 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Software AnnouncementsHere are this week's Freshmeat software announcements. Freshmeat now offers the announcements sorted in two different ways: The Alphabetical List and Sorted by license |
Our software announcements are provided courtesy of FreshMeat
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Linux History page. |
This week in Linux historyThree years ago (August 27, 1998 LWN): The short-lived Linux Standards Association had its biggest day in the spotlight when it publicly questioned the validity of the Linux trademark. That move forced the hand of Linus Torvalds and Linux International, and brought about an intervention by the lawyers. The LSA, in the end, backed down and started explicitly acknowledging the trademark. At that time, trademark acknowledgements were relatively rare. The Linux International site did not have one, and neither did many distributions. After this episode, that all changed. Nobody really questions Linus's trademark anymore. This was also the week in which the Linux Standard Base (LSB) and Linux Compatibility Standards (LCS) projects merged back together. Current efforts toward Linux standards continue at www.linuxbase.org. ZDNet chimed in with some Good Old Time FUD: Technically, Linux might be a reasonable choice, but what kind of company is going to rely on unsupported freeware or something that's supported by two tiny vendors? Rejecting Linux is a straightforward business decision. If it were supported by an IBM or a Hewlett-Packard, then that would be an entirely different matter. Nowadays, of course, it's an entirely different matter... Red Herring named Transmeta as one of its top 100 technology companies, even though it had no idea what Transmeta was up to. Two years ago (August 26, 1999 LWN): Linux-Mandrake celebrated the end of its first year with two "Editor's Choice" awards from LinuxWorld, its first big equity investment, and the launch of its "Cooker" development version. LWN marked the events with an interview with Linux-Mandrake creator Gaël Duval. Jesse Berst thought that Sun buying StarDivision (creators of StarOffice) was the not the smartest thing he had ever heard of. Hang on, give me a second? I'm thinking... I'm trying to decide if that's the dumbest idea I've heard this year. Two year later, Sun has shown no signs of buyer's remorse, though StarDivision can not be making the company a great deal of money. Caldera Systems and Red Hat were the first distributors to claim year-2000 compliance for their systems. It seemed important at the time. Ted Nelson's long-hyped Xanadu system was released as open source this week, after well over two decades of development. It also seemed important at the time. One year ago (August 17, 2000 LWN): The first round of the DVD case ended, with the MPAA a clear winner. Bad news for free software, especially in the United States. The previous week's announcement of the GNOME Foundation brought out a rash of GNOME vs. KDE articles. The supposed war seemed to be mostly in the minds of the media, as most developers acknowledged that the competition had improved both desktops. For a war that supposedly isn't, the battle over open-source desktops seems to be getting bloodier. It's GNOME vs. KDE. And even though many open-source backers are loath to admit the existence of a rift within their ranks on any software development front, sides are being taken and two distinct camps are forming.
The current development kernel release was 2.4.0-test7 and the current stable kernel release was still 2.2.16. vger.rutgers.edu died and was reborn as vger.kernel.org, moving from Rutgers to Red Hat in the process. Eric Raymond took Linus to task for insufficient software engineering discipline: I used to worry about what would happen if Linus got hit by a truck. With all respect, I still worry about what will happen if the complexity of the kernel exceeds the scope of your astonishing native talent before you grow up. One year later, not a whole lot has changed with regard to how Linus manages kernel development. It seems to be holding together, for now... Debian's "testing" distribution is now one year old. They're still testing it. Transmeta filed for an IPO. Transmeta (NasdaqNM:TMTA) stock was at 2.76 at this writing. VA Linux Systems reported revenue of $120 million. The company was still losing money, but was getting closer to profitable. Unfortunately things went downhill from there.
Section Editor: Rebecca Sobol. |
August 23, 2001
LWN Linux Timelines |
Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Letters page. |
Letters to the editorLetters to the editor should be sent to letters@lwn.net. Preference will be given to letters which are short, to the point, and well written. If you want your email address "anti-spammed" in some way please be sure to let us know. We do not have a policy against anonymous letters, but we will be reluctant to include them. |
August 23, 2001 |
From: Peter Schmitteckert <peter@schmitteckert.com> To: ask@eff.org Subject: DCMA vs. Security patches Date: Tue, 21 Aug 2001 15:53:46 +0200 Cc: letters@lwn.net Dear All, I'm still dreaming of visiting the US national parks one day, so I really do not want to break any US laws. But two weeks ago I got really puzzled. The notebook of a friend was infected with the so called CodeRed worm. My friend then searched the Web and found some patches to remove the worm. But wait, being able to provide patches the worm had to be re-engineered. Isn't that a clear violation of the DCMA ? In addition, Microsoft is providing patches to circument the effect of CodeRed, isn't that another violation of DCMA. Thinking more about it, aren't all the anti-virus software products illegal under DCMA ? Well I'm lucky, I never had to remove worms or viruses from system since DCMA was passed by legislation. But if I'll have to, will I be arrested on my next trip to the states ? O.k., I don't know the law precisely, so maybe you tell me, that DCMA doesn't apply to criminal software ? But then there is no reason to arrest Dmitry, since ADOBE was lying to their customers -- saying ebooks encryption is strong --, so they are criminals (suppose I sell you an air plane claiming that it is safe, and your family dies because it isn't, won't you call me a criminal? Of course, you would). Could someone please correct me if I'm wrong? Thanks in advance, best regards, Peter Schmitteckert ________________________________________ Dr. Peter Schmitteckert / IT-Consulting s-mail: Fridolinstr. 19, 68753 Waghäusel Web: http://www.schmitteckert.com e-mail: peter@sch_______ert.com | ||
From: Richard Simpson <rsimpson@ewrcsdra.demon.co.uk> To: letters@lwn.net Subject: The reach of US laws? Date: Thu, 16 Aug 2001 19:09:33 +0100 Sir, In your 16th Aug letters page Bryan Henderson wrote: > it's well established, and makes sense, that you can violate > US laws while standing on a foreign shore. Placing drugs on a ship bound > for the US is a classic example. Putting a program onto a network that > reaches into the US isn't much of a stretch from that. The problem with this view is that many Americans seem to feel that it should only work one way. A hypothetical example might help: Ali is a 2nd generation US citizen and a keen homebrewer (i.e. he brews his own beer). In most US states this is legal provided the results are for home consumption. He runs a homebrewing web site with recipes, tips, reviews, homebrewing jokes etc. Since he speaks English and Arabic his web site is in both languages. One day he decides to visit some relatives who live in Saudi Arabia. On arrival the Saudi police arrest him because his US based web site breaks Saudi law. Now, if this happened would your US readers; a) Feel that this was perfectly reasonable and that Ali deserved to spend years in a Saudi jail, or b) Feel the same sense of anti-imperialist rage that many Europeans feel towards the USA? Note to Saudi readers: I am not suggesting for one moment that your government would actualy behave in such an unreasonable manner. Richard Simpson -- ---------------------------------------------------------------------------- Richard Simpson Farnborough, Hants, Uk Fax: 01252 455596 rsimpson@ewrcsdra.demon.co.uk | ||
From: "Bruce Ide" <ide@us.ibm.com> To: letters@lwn.net Subject: Xerox firmware update Date: Thu, 16 Aug 2001 08:32:16 -0600 You said: "Xerox has a firmware upgrade available for N40 printers which, it seems, do not handle Code Red scans well. of course, one could question the wisdom of putting a network printer in a place where it is exposed to Code Red attacks in the first place." What, you mean on a network? Code Red has been playing holy hell on our internal network for a few weeks now. The only place where you're safe from code red scans is completely off the network. All it takes is for one employee to get his system infected while surfing the net at home and then all he has to do is fire up the VPN software that routes his network connections into the company's network and you've got a problem. A big problem as it turns out. Of course what with your network having multi-day outages and dramatically reduced performance, you'd think printers would be a relatively small concern, but I guess someone has to worry about them... -- Bruce Ide / Boulder T/L 263-4452 / Outside (303) 924-4452 "So you see, with Automatic Volume Recognition your operators can pre-mount labelled tapes on any online tape drive and they'll be allocated to the correct jobs. But this doesn't mean you can hire CHIMPANZEES to run your systems!..." - IBM Instructor, "Introduction to System/360," Circa 2Q 1966 | ||
From: "George B. Moody" <george@mit.edu> To: letters@lwn.net Subject: LWN Daily Updates Date: Tue, 21 Aug 2001 22:23:21 -0400 I was amused to read (in "Adding a new dimension to the desktop with 3Dwm") that "3 dimensional desktops are still quite a few years away from the common man, but work steadily progresses on at least one project in this arena: 3Dwm." I don't mean to brag, but I've had one of these 3D desktops for years. I don't have a file manager for it any more (I could never get those clips to stay in place), but it supports SFS (the sedimentary file system), a telephone interface, a clipboard, and there's a recycling bin beneath. :-) Cheers and keep up the good work! George | ||