[LWN Logo]
[LWN.net]

Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise news for all interests


Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

Other LWN stuff:
 Daily Updates
 Calendar
 Linux Stocks Page
 Book reviews
 Penguin Gallery

 Archives/search
 Use LWN headlines
 Advertise here
 Contact us

Recent features:
- RMS Interview
- 2001 Timeline
- O'Reilly Open Source Conference
- OLS 2001
- Gaël Duval
- Kernel Summit
- Singapore Linux Conference
- djbdns

Here is the permanent site for this page.

See also: last week's LWN.

Leading items and editorials


A new proposed Microsoft remedy. Unhappy with the Department of Justice's remedy, nine holdout states have put forward a proposal of their own in the Microsoft case. The full proposal is available to those who are interested in PDF format. Here we'll look at a few aspects of this proposal that are of interest to the free software community.

One, of course, is the requirement that Internet Explorer (actually, "all browser products and browser functionality") be released under an open source license. The license to be used is not specified, but it includes "a royalty-free, non-exclusive perpetual right on a non-discriminatory basis to make, use, modify, and distribute without limitation products implementing or derived from Microsoft's source code." In other words, it looks like something BSDish.

Is this helpful? One can imagine a belated release of code, missing many important parts which, while necessary to build IE, are not, according to Microsoft, "browser functionality." An open source IE could help to create some browser diversity on the Windows platform. It's not clear how much it would help on free systems, where numerous free, capable browsers are finally becoming available.

More to the point, perhaps, it is hard to see how an open source Internet Explorer will help mitigate Microsoft's monopoly power in the future.

The proposal requires Microsoft to distribute Java for the next ten years. This seems pointless. No doubt enough little glitches could be caused to remain in the Java virtual machine that the "debug everywhere" nature of the language would persist. Do we really want the government to start regulating which languages should be present on our systems?

Then there's the porting of Office. The proposal requires Microsoft to auction licenses for ports of Office to three other operating systems. It's worth noting that nothing says which systems are to receive ports; it would appear that Microsoft could offer licenses for ports to, say, CP/M, Plan 9, and VxWorks. Nothing in the proposal requires a port to Linux.

How useful would such a port be, if it were to happen? The availability of Office might help drive a few corporate desktop deployments. But, then, if people really want to run Office, there is probably little reason for them not to run it on Windows. If the port included a separate library for the reading and writing of Office file formats, other Linux applications could have an easier time with proprietary files. Except, of course, those licensed under the GPL, which could not be linked with that sort of closed source library.

Section 4 of the proposal requires "disclosure of APIs, communications interfaces, and technical information." This seems like a good idea: much effort in the free software community goes into reverse engineering of Microsoft's protocols and formats. The proposal does not require disclosure to the free software community, however, or to the public as a whole. Disclosure is limited to "ISVs, IHV, IAPs, ICP, OEMs and third-party licensees." This information would remain proprietary, only with a larger group of companies allowed access. It's not at all clear that the information so disclosed could be incorporated into free software products.

In summary: this proposal is stronger than the remedies put forward by the Department of Justice, but it still does little for the free software community. Free software developers are not given the sort of access to information that is mandated for proprietary vendors. And, of course, this proposal does little to prevent a future Microsoft monopoly based on .NET and HailStorm.

The best course of action remains as before: create the best software we can and let it speak for itself. Free software continues to make great strides, even in the current economic climate. Rather than counting on the government to hobble the strongest proprietary competition, let's work on keeping free software strong and making that competition obsolete.

(See also: Robert X. Cringely's take on the proposal, which includes information on how to submit comments, and Dan Kegel's proposed modifications to the proposal).

Worth a look: OpenOffice. The OpenOffice project seems to be keeping a deliberately low profile. OpenOffice developers, perhaps, are fearful of the criticism that Mozilla has taken over the years; they, too, have taken on a hefty chunk of newly freed corporate code, and are working to turn it into a proper free application. Rather than risk disappointing the community, OpenOffice is keeping relatively quiet about what it is up to. No press releases, no weekly summaries.

Then again, maybe they just do not want to draw attention away from the upcoming StarOffice 6.0 commercial release.

It is, however, time that the world began to notice OpenOffice. The project has, quietly, produced a capable and fully functional office productivity suite. Recent builds of OpenOffice are very similar to the StarOffice 6.0 beta recently released by Sun (and reviewed by LWN), but without the weird licensing. All the important features are there.

Not long ago, there was no free office suite for Linux, and the proprietary ones left users disappointed as well. Now we are blessed with a number of free alternatives. An MS Office power user would likely find reasons to complain about all of them, but most others should find all the capabilities they need. The widespread deployment of Linux on desktops may be closer than we think.

What the insiders are up to. One fun bit of information available on the Yahoo site is data on insider stock trades. This trading information can give an insight into what people are up to. Here's a couple of examples:

  • When the company now known as Caldera International and the company now known as Lineo split apart, each maintained a substantial holding in the other. A look at the insider trading data for Caldera shows that Lineo has been selling off its holdings - over 1 million shares for almost $1.3 million since the beginning of the year. Caldera's stock fell to a low of $0.22 while this was happening. One could say that Lineo is showing a lack of faith in its sister company's future, but the truth is probably more straightforward: Lineo has been financing its operation by selling its Caldera stock.

  • A pattern stands out immediately in Red Hat's data: co-founder Bob Young has been selling roughly 10,000 shares daily since the middle of July. Proceeds will be in the millions of dollars. Either Bob is looking to buy a house in co-founder Marc Ewing's neighborhood, or he has some other scheme in the works...
Holders of stock in VA Software, instead, are standing pat; there are very few insider trades on record.

Inside this LWN.net weekly edition:

  • Security: Governments choose Linux, security reports & updates, AES standard published.
  • Kernel: Memory pools; bigger device numbers; dueling schedulers.
  • Distributions: Got KRUD?; Installing Debian Linux on a Dell Laptop.
  • Development: Bochs x86 emulator, Quanta 2.0, OpenCV 2.1, Crystal Space 0.92, Open CASCADE 4.0, Guikachu 1.0.0, Osimpa macro assembler, PHP 4.1.0, Ruby/FLTK 0.5.0.
  • Commerce: Caldera and VA financials, Red Hat's Szulik to testify before senate, VA name change, Covalent Apache 2.0 Zone.
  • History: Debian 1.0, 1.1, and 1.2; 2.4 is imminent; VA Linux goes public.
  • Letters: MS Remedies; Mutt and Evolution; SourceForge.
...plus the usual array of reports, updates, and announcements.

This Week's LWN was brought to you by:


December 13, 2001

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

See also: last week's Security page.

Security


News and Editorials

World Governments Choosing Linux for National Security (GovTech). Government Technology has an article on how security conscious governments are looking at Linux. "Security experts tend to agree that computers are less prone to hacking and viruses when running open-source software like Linux or the Web server Apache. When vulnerabilities are found, programmers can fix them by tinkering with the code and publishing the results." (Thanks to Robert K. Nelson).

Is Open-Source Security Software Safe? (BusinessWeek). Business Week considers Guardent's firewall box and whether companies will trust it. "Most important, removing the cost of software licenses makes a huge difference in the competitive field of managed security services, where Guardent hopes to make a big splash. Co-founder McCall thinks he can maintain profit margins in the 60% to 70% range with the open-source appliance. All of this might sound familiar to those who have watched Red Hat's struggle to create a workable model, one in which software is free and service revenues generate the profit." (Thanks to David A. Wheeler).

Guardent announces security appliance. Guardent has announced the availability of its "Security Defense Appliance," which is built on Linux. Along with the appliance customers are expected to buy a range of security monitoring and response services.

Security Reports

OpenSSH restricted command vulnerability clarification. Last week LWN reported that Red Hat issued the first update we had seen for the OpenSSH restricted command vulnerability first reported in the September 27 LWN security page. In fact, Immunix issued an alert in October and Debian fixed the vunerabilty in unstable on November 30th (Debian stable is not vulnerable). (Thanks to Seth Arnold and Matt Zimmerman).

Conectiva security update to mailman. Conectiva has issued a security update to mailman which fixes the cross-site scripting problem in that package.

Debian security update to wmtv. The Debian Project has issued a security update to wmtv fixing a really silly local root compromise vulnerability in that package.

web scripts. The following web scripts were reported to contain vulnerabilities:

Updates

Postfix session log memory exhaustion. Postfix 20010228, and some earlier verions, have a denial of service vulnerability. The SMTP session log could grow to an unreasonable size. (First LWN report: November 29, 2001).

This week's updates:

Previous updates:

Cyrus SASL format string vulnerability. A format string bug in the Cyrus SASL authentication API for mail clients and servers may be remotely exploitable. (First LWN report: November 29, 2001).

This week's updates:

Previous updates:

Directory indexing and path discovery in Apache. Versions of Apache prior to version 1.3.19 are vulnerable to a custom crafted request that can cause modules to misbehave and return a listing of the directory contents by avoiding the error page. (First LWN report: September 20, 2001).

This week's updates:

Previous updates:

Resources

Web Security, Privacy, and Commerce, Second Edition. O'Reilly has announced the release of the second edition of Web Security, Privacy, and Commerce by Gene Spafford and Simson Garfinkel.

Advanced Encryption Standard (AES) is a US cryptographic standard described in this government publication (PDF format). which was announced on December 4th. "AES was developed to replace the Data Encryption Standard (DES) in a multi-year effort that began in 1997. The AES specifies a cryptographic algorithm that can be used to protect electronic data by encrypting (enciphering) and decrypting (deciphering) information."

Events

CERT Conference 2002 has issued a call for papers. This fourth annual CERT Conference will be held in Omaha, Nebraska, USA August 6 - 9, 2002.

CodeCon 2002 is scheduled for February 15, 16, and 17 in San Francisco, California, USA. Those who would like to participate have until January 1st to answer the call for presentations.

Upcoming Security Events.
Date Event Location
December 13 - 14, 2001Annual Computer Security Applications ConferenceNew Orleans, LA
December 27 - 29, 200118th Chaos Communication CongressBerlin, Germany
January 30 - February 2, 2002Second Annual Privacy and Data Protection SummitWashington D.C., USA
February 15 - 17, 2002CODECON 2002San Francisco, California, USA

For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net.

Section Editor: Dennis Tenney


December 13, 2001

LWN Resources


Secured Distributions:
Astaro Security
Castle
Engarde Secure Linux
Immunix
Kaladix Linux
NSA Security Enhanced
Openwall GNU/Linux
Trustix

Security Projects
Bastille
Linux Security Audit Project
Linux Security Module
OpenSSH

Security List Archives
Bugtraq Archive
Firewall Wizards Archive
ISN Archive

Distribution-specific links
Caldera Advisories
Conectiva Updates
Debian Alerts
Kondara Advisories
Esware Alerts
LinuxPPC Security Updates
Mandrake Updates
Red Hat Errata
SuSE Announcements
Turbolinux
Yellow Dog Errata

BSD-specific links
BSDi
FreeBSD
NetBSD
OpenBSD

Security mailing lists
Caldera
Cobalt
Conectiva
Debian
Esware
FreeBSD
Kondara
LASER5
Linux From Scratch
Linux-Mandrake
NetBSD
OpenBSD
Red Hat
Slackware
Stampede
SuSE
Trustix
turboLinux
Yellow Dog

Security Software Archives
munitions
ZedZ.net (formerly replay.com)

Miscellaneous Resources
CERT
CIAC
Comp Sec News Daily
Crypto-GRAM
LinuxLock.org
LinuxSecurity.com
Security Focus
SecurityPortal

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

See also: last week's Kernel page.

Kernel development


The current development kernel release is still 2.5.0. The current 2.5.1 prepatch is 2.5.1-pre10. On the surface, little has changed over the last week; most of the changelog entries seem to be some variant of "Jens Axboe: bio work." The thrashing of the block layer is taking some time to stabilize - as to be expected from a change of this magnitude. The last of the disruptive block I/O changes have not yet hit the kernel, so this situation could persist for a while yet.

Also included in this prepatch is a Super-H architecture update, some network driver work, an NTFS update, USB fixes, memory pools (see below), and the inevitable superblock cleanup patches from Al Viro.

The current stable kernel release is 2.4.16. Marcelo's prepatches are up to 2.4.17-pre8; he has stated that the next prepatch will be the first 2.4.17 release candidate. Marcelo's stated plan is to have the final release be the same as the last release candidate; the hope is to be done with surprises caused by last-minute patches.

Memory pools are a new addition to the kernel as of 2.5.1-pre10. The idea behind "mempools," which were implemented by Ingo Molnar, is to provide a memory allocation function that is guaranteed to work, even when memory is tight. Some places in the kernel can not afford to have memory allocations fail. For example, memory pressure can force the system to swap pages out, but that swap operation will require memory to be executed. If the memory to set up the swap is not available, the system comes to a halt.

Memory pools work by simply preallocating a bunch of memory and keeping it aside until it's needed. The actual allocation and freeing of memory is handled by somebody else (the idea seems to be for mempools to be layered over the slab allocator); all mempools do is stock up ahead of time. Their use will thus increase the kernel's memory consumption (by the amount of memory that is set aside). For certain critical paths, though, they should help to improve the stability of the system under heavy load.

Coming soon: bigger device numbers. One of the long-stated plans for 2.5 is to increase the size of dev_t, the type which is used to represent device numbers. This type, as it stands now, has roots all the way back to the original Unix systems - it is a 16-bit quantity, with eight bits for the major number, and eight for the minor. It is inadequate for modern systems, which can have, literally, thousands of devices on them. So dev_t has to grow.

Linus laid out the plan some time ago (see the March 29, 2001 LWN Kernel Page): dev_t would grow to 32 bits. Of those, twelve would designate the major number, and 20 the minor number. A number of people would rather see 64-bit device numbers, but Linus is opposed to that.

Changing device numbers raises a number of interesting compatibility problems. Consider, for example, a tar or dump archive containing a /dev directory. The archive contains the device numbers for every entry in that directory; if those numbers stop working after the dev_t change, everybody's backups have just been rendered invalid. System administrators, when faced with that prospect, tend to break out in a cold sweat, overindulge in beer, and switch to BSD.

Fortunately, that particular problem has a solution. In the new scheme, the major number zero is set aside as a marker for "legacy" device numbers. Any 32-bit device number with a major number of zero is interpreted as an old-style number and "just works." A change to the C library will be required before applications can exchange larger device numbers with the kernel, but the change should be relatively smooth beyond that.

On the kernel side, however, life could be more interesting. Kernel developers really do try to avoid breaking applications, but they are more willing to tear things up inside the kernel. Especially in a development series.

The kernel version of the device number type is kdev_t. It has long been meant to be an opaque type, but it's really just dev_t in kernel drag. People had assumed that kdev_t would grow along with dev_t, but that's not what Linus has in mind. Linus wants kdev_t to go away entirely. All of the interfaces in the kernel which currently use that type will be changed to take a pointer to an appropriate structure. Block drivers, thus, will see a pointer to a struct block_device rather than a device number. Some sort of struct char_device will also probably be created to handle a similar role.

In other words, the kernel will no longer use device numbers at all, except as a means of communication with user space. Internally, device numbers will not exist. A lot of kernel code is going to have to change to make this happen; one does not have to look very hard to see more unstable development kernel releases in the future - see, for example, Al Viro's description of some of the issues involved. But, then, that's what development kernels are for.

Where do important changes get tested? One would think that, now that we finally have a development kernel again, non-trivial changes would show up there before being merged into the stable 2.4 series. Thus, there was some surprise when support for "hyperthreading" on Pentium IV processors went into 2.4.17-pre5. That support still does not exist in 2.5, and has thus not seen the wider testing that it could experience there.

The reasoning behind putting this change into 2.4, as explained by Alan Cox, is interesting. The claim that normal users will not be affected by the change is standard. But Alan also points out that, due to the ongoing block I/O work, the 2.5 series "isn't usable for that kind of thing in the near future." So, if a feature like hyperthreading is to be tried out, it must be added to the stable kernel series.

Things will get better as the block layer stabilizes - at least, until the next set of disruptive changes go in. Until then, it's a bit ironic that the only place to test certain kinds of changes is the stable kernel series.

(Hyperthreading, for those who are interested, is the hardware trick of making a single processor appear to be multiple virtual processors as a way of keeping busy while waiting for memory accesses. See Intel's Hyperthreading page for details).

Work on the scheduler is also coming to a boil. It is a widely (though not universally) held belief that the Linux scheduler is overdue for a rewrite in 2.5. Quoting Alan Cox again:

Its a great scheduler for a single or dual processor 486/pentium type box running a home environment. It gets a bit flaky by the time its running oracle on a 4 way, it gets very flaky by the time its running lotus back ends on an 8 way. It doesn't take lunacy like java, broken JVM implementations and volcanomark to make it go astray.

The scheduler's performance on larger systems and under load has been shown to be inadequate numerous times. But there is little agreement on what should replace it.

Mike Kravetz and company at IBM have posted a new multi-queue scheduler patch for the 2.5.0 kernel. This scheduler cuts down on scheduling time by maintaining a separate run queue for each processor on the system. It tries to improve performance while maintaining the same behavior as the existing scheduler.

Alan Cox has a new scheduler of his own which works by maintaining a set of eight (currently) run queues for each processor. Picking a process to run is just a matter of taking the first one off the highest priority queue.

Finally, Davide Libenzi has a scheduler patch which implements a per-CPU run queue and some load balancing code.

All of these projects share the same goals: cut down on scheduling overhead, work harder to keep processes from moving between processors, and retain good performance in low-load situations. The low-load performance is considered critical: it is, after all, the normal situation for most systems, and the current scheduler handles it well. No patch which impairs low-load performance is likely to get too far.

The hyperthreading issue mentioned above is likely to throw a new set of complications into the mix. A processor which does hyperthreading looks like two independent CPUs, but it should not be scheduled as such - it is better to divide process across real (hardware) processors first. Expect scheduling to be a hot topic for some time.

Linux Advanced Routing & Traffic Control Documentation Project. Bert Hubert has been working for some time on the documentation of the advanced Linux routing features. The Linux traffic control mechanism has been available since the 2.1 days, but is greatly underutilized. The quality of the available documentation has not helped here. The code is great, but it's hard to figure out how to use it. So an effort to shine some light in that direction is more than welcome.

Bert's work has how grown into the Linux Advanced Routing & Traffic Control documentation project, and a great deal of information is available there. The latest addition is the tc-cbq man page: "Nearly 2500 words, 8 printed pages, of nearly unintelligible gobledygook, explaining mostly how CBQ works." Good stuff.

Other patches and updates released this week include:

  • Andrea Arcangeli has made available (as a tarball containing a magicpoint file) the slides from his PLUTO talk on the new VM implementation. This is the first documentation that has been made available on the new code. We have also made the slides available in HTML format.

  • Daniel Phillips has posted his ALS paper on ext2 directory indexes, along with a wealth of benchmark results. Worth a look if this work interest you at all.

  • Kernel Traffic #145 (December 10) is available.

  • Rusty Russell has posted a patch making it easy for kernel code to set up per-CPU data areas.

  • The ltp-20021206 release is available from the Linux Test Project.

  • The latest User-mode Linux release from Jeff Dike is 0.53-2.4.16.

  • A new preemptible kernel patch is available from Robert Love.

  • Karim Yaghmour has released version 0.9.5pre4 of the Linux Trace Toolkit.

  • Jason Baietto has released a set of "multiprocessor control interface" programs. These allow users to bind tasks to processors and other, similar tasks.

  • Ben LaHaise has posted a patch which adds his kvec type (essentially a lightweight replacement for kiobufs) to the kernel. kvecs are needed for his asynchronous I/O work, among other things. Also available is this patch, which works the kvec structure into the new block I/O code.

  • Eric Raymond has released CML2 1.9.7.

  • The 2001_12_10 release of the security module code is available. Also available is a new security module adding labeled IPv4 networking to SELinux.

  • Lennert Buytenhek has released version 0.0.4pre1 of his bridging netfilter code.

  • Jozsef Kadlecsik has been added to the netfilter core team.

Section Editor: Jonathan Corbet


December 13, 2001

For other kernel news, see:

Other resources:

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

See also: last week's Distributions page.

Note: The list of Linux distributions has moved to its own page.

Distributions


Please note that security updates from the various distributions are covered in the security section.

News and Editorials

Got KRUD?. Last week I wrote about my recently installed KRUD (Kevin's RedHat Uber Distribution) 7.2 distribution. My first KRUD update arrived just in time for me to give it a spin before publication this week. Choosing to update automagically, I put the CD into the drive and rebooted my system. A couple of questions and a few minutes later all the errata for the past month had been updated on my system. This could be too easy for some. For the rest of us, a subscription to KRUD is the way to keep a system up-to-date.

KRUD 7.2 fits on two CDs and a README.KRUD file lists the packages that have been changed. This update took me from the 2.4.9-7 kernel to the 2.4.9-13 kernel. OpenSSH went from version 2.9p2-9 to version 3.0.1p1-1. Galeon was updated to version 1.0-1, and so on.

When installing for the first time, one is asked to choose between a workstation, laptop, server or firewall system. I choose a workstation install, which also allowed me to further customize my system depending on diskspace and preferences with options such as development packages or KDE. (The default desktop is GNOME.) It is also possible to completely customize your installation and your upgrades.

Installing Debian Linux on a Dell Laptop. Here's a step-by-step guide from the Linux Journal on how to install Debian on a laptop. "What we have installed is the stable release of Debian, currently version 2.2r3, but known as potato. Debian's XFree86 4.1.0 packages are available in the unstable tree, currently known as sid. So, let's upgrade this new installation to Debian's unstable tree."

TimeSys Announces TimeSys Linux GPL. TimeSys has announced the availability of TimeSys Linux GPL for several embedded processor architectures. "TimeSys Linux GPL consists of a powerful, fully featured, preemptible Linux kernel and all other components needed to extend a standard Linux distribution to support predictable, extremely low-latency response."

'Getting Started With Yellow Dog Linux' released. Terra Soft Solutions has announced the release of Getting Started With Yellow Dog Linux, the company's first book.

MontaVista offers Hard Hat Linux for the ARM processor. MontaVista Software has announced the availability of Hard Hat Linux 2.0 for the ARM architecture.

New Distributions

ELX, Everyone's Linux. ELX is new distribution designed to ease Windows users into Linux. DesktopLinux.com is running a review of ELX. "I recently got my test copy of Elx (Everyone's Linux), which made it almost certain to me that Linux is going to be on everybody's desktop much sooner than I ever expected. The complete system is so well crafted for users of Windows that it took my friend, who is a hardcore Windowsian, quite a while to figure out that its not just 'another' version of his favorite Windows."

The DeMuDi Project. The DeMuDi project has built a Debian based GNU/Linux distribution oriented toward music and multimedia. (Thanks to "ljp")

Topologilinux. Topologi Software has released Topologilinux v01. It is based on Slackware 8 with kernel 2.4.16 and it is designed to be run on top of any DOS/WIN partition without the need for partitioning hard disks. (It uses loopmount.) The ext2, ext3, and reiserfs filesystems are supported along with the X window system, KDE, GNOME and more. There is a temporary page with download links. You can also download it from this mirror site.

Distribution News

Debian Weekly News. The Debian Weekly News for December 5 is out. Covered topics include Ximian's Debian packages, the Woody freeze, LDP documents, and more.

Mandrake Linux Users Club FAQ. A set of questions and answers on the Mandrake Linux Users Club has been posted. "The Club provides an attractive answer to a simple issue: MandrakeSoft needs to have its costs covered by revenue. With the current economic slowdown and recent world events, companies are finding it much more difficult to sell software, provide money-generating services, and to find funding. This means that MandrakeSoft's revenue growth will take more time than was previously planned."

Mandrake Linux Community Newsletter. The Mandrake Linux Community Newsletter for December 6 is out. Covered topics include the Mandrake Linux Users Club, MandrakeSecure, and more.

Red Hat Linux. Red Hat has release a bugfix advisory for login, which fails to set controlling terminal in 7.1 - alpha, i386, ia64 and 7.2 - i386 versions.

Minor Distribution updates

ASPLinux 7.2 released. ASPLinux 7.2 has been released. The website is in Russian. (Thanks to Eugene Kanter)

Blue Linux moves focus onto Linux in Education. Blue Linux has announced that it has shifted focus away from security, into education. It has accordingly moved on LWN's Distributions list from the Secured section to the Education section.

ClarkConnect. ClarkConnect can help transform your PC into a dedicated broadband gateway and easy-to-use server. Version 0.9.1 is due out the week of December 17.

Linux From Scratch. Linux From Scratch has released stable version 3.1 under a BSD license. The changelog lists a new Reiserfs package, as well as updates to many other packages.

NSA Security-enhanced Linux. NSA Security-enhanced Linux version 2001121010 is out. Changes: Many utilities have been updated to newer versions to improve compatibility with Red Hat 7.2. Auditing has been revised for easier parsing, and several additional bugs have been fixed.

Redmond Linux. Redmond Linux announced build 43, RL amethyst final. Version 1.0 is now out!

Section Editor: Rebecca Sobol


December 13, 2001

Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

See also: last week's Development page.

Development projects


News and Editorials

The Bochs x86 CPU Emulator. Bochs, written by Kevin Lawton, is an open source x86 emulator. Bochs can be configured to emulate 286, 386, 486, Pentium, and Pentium Pro processors. Bochs runs Windows 95/98/NT and other operating systems under Linux and other operating systems. Bochs is written in C++ and is licensed under the GPL license.

As with most emulators, performance is not exactly spectacular, The Bochs FAQ claims a 1.5 MIPS equivalent speed while running on a 400Mhz PII Linux machine. This slowness is partly attributable to the fact that Bochs can run on non x86 processors including PPC, Alpha, Sparc, and MIPS, there is no dependence on the native instruction set of the host processor.

There are many uses for such a system, including testing new OS installs and debugging OSes while maintaining a working system. Bochs should also be useful for running that one special application that isn't available under Linux.

Bochs has been successfully used to run the Windows 95, 98, and NT operating systems, various Microsoft Office apps have been tested under those OSes. Performance is typically too slow for the more complicated games, such as DOOM, although a 1.7 Ghz processor may help in that area.

Emulation of a number of typcial PC hardware devices is provided, Bochs has support for emulated ports, soundcards, CD-ROMs, and one netorking card. The emulated filesystem appears as one large file on the host OS filesystem.

The project has announced the release of Bochs 1.3. This release includes quite a few performance improvements, a number of new features, and a new, menu-based configuration system.

The Bochs project is looking for help from PC hardware gurus in the area of more hardware emulation, and bug fixing in currently emulated devices. Help is also needed in the area of documentation and testing. This project has made some serious progress; it's worth a look. The Bochs Documentation is a good place to start.

Education

SEUL/edu Linux in Education Report. The SEUL/edu Linux in Education Report for December 10 is out. Covered topics include Linux in Manitoba schools, the KDE Edutainment Project, and more.

Electronics

XCircuit 2.5.1 beta released. A new beta version of the XCircuit schematic drawing program has been released. Version 2.5.1 adds support for numerical parameters, the XCircuit license has also been changed to the GPL.

New Icarus Verilog Snapshot. A new snapshot of the Icarus Verilog simulation language compiler has been announced. See the release notes for all of the details.

Embedded Systems

Embedded Linux Newsletter for December 6, 2001. The December 6, 2001 edition of the LinuxDevices Embedded Linux Newsletter is out. This issue looks at HP's blade server initiative, and ZapMedia's ZapStation. A developer's contest for the Sharp Zaurus SL-5000D Linux PDA has also been announced.

Mail Software

Procmail Basics (O'Reilly). Dru Lavigne discusses Procmail installation on O'Reilly's OnLamp site. "If you receive more than a few email messages a day, you've probably discovered that it becomes increasingly difficult to sort and prioritize your email. Messages you want to read immediately can get lost in a sea of less-important messages. Worse, your inbox can become cluttered with spam, virus-infected messages, and other disagreeables. Fortunately, the procmail program has been designed to help you sort through this mess."

Web-site Development

The return of Quanta. Quanta is a KDE-based web development tool. Its status has been unclear for some time, since some of its developers have decided to turn it into a proprietary product. Now, however, Quanta Plus 2.0 has been released under the GPL. The release announcement includes a long description of what's up with Quanta, and where the developers plan to go for the next big release. (Thanks to KDE Dot News).

mnoGoSearch-php-3.2.0.beta1 released. A new version of the php search front end for mnoGoSearch has been announced. This version features search daemon support, support for synonyms, bug fixes and more.

ASPSeek v.1.2.7 released. Version 1.2.7 of the ASPSeek search engine has been released. This version features a number of bug fixes and portability improvements.

Zope 2.5.0 beta 2 availble. Zope version 2.5.0 beta 2 has been announced. This version features a fix for a major memory leak and other bug fixes. New features include a preview field for image objects, a new user management API, user folder password encryption, session tracking, and more.

Miscellaneous

Intel released OpenCV 2.1. Intel has announced the open source of OpenCV 2.1, an computer vision library which can perform stereoscopic processing.

Packaging software with RPM, Part 2 (IBM developerWorks). Dan Poirier continues with part two in his series on building RPM packages. See part one for the whole story. Build an RPM package and get your open source project into wider use.


December 13, 2001


Application Links
GIMP
Mozilla
Galeon
High Availability
ht://Dig
mnoGoSearch
MagicPoint
Wine
Worldforge
Zope

Open Source Code Collections
Berlios
Freshmeat
OpenSourceDirectory
Savannah
Le Serveur Libre
SourceForge
Sweetcode

   

 

Desktop Development


Audio Applications

Glame 0.5.4 released. A new version of the Glame audio file editor has been announced on the Linuxmusic site. The Glame home page has not yet been updated. This version is considered beta quality and features filteredit improvements, a cool export dialog, bug fixes, and more.

WaveSurfer 1.2 released. Version 1.2 of the WaveSurfer sound visualization and manipulation tool has been released. New features include support for Ogg/Vorbis files, support for Unicode and localization, and more functionality for HTK/MLF files.

Web Browsers

Mozilla Status Update. The December 6, 2001 Mozilla Status Update lists a number of changes to the Mailnews and Editor sections of Mozilla. Also see the Mozdev site for more Mozilla development news.

Galeon 1.0.1 released. Version 1.0.1 of the small, fast Galeon web browser has been announced. This version fixes a few bugs. RPMs for Red Hat 6.X are also available for this release. Downloads are available here.

New fresh and exciting Encompass available (gnome.org). Gnome.org reports on the Encompass browser. "Rodney Dawes has just made a new release of the browser Encompass. This is an early preview mainly targeted at developers, but it do show of the power of Encompass's new codebase."

Desktop Environments

This week's GNOME Summary. The GNOME Summary for December 7 is out. This issue includes some GNOME2 screenshots, the Encompass browser, the final GNOME Foundation board election results, and more.

GNUstep Weekly Editorial. The December 7, 2001 GNUstep Weekly Editorial is out with the latest developments from the GNUstep desktop environment.

Kernel Cousin KDE #28. Kernel Cousin KDE #28 is out. Topics covered include Opera style mouse gestures for Konq/E, SVG and KDE3, an application for learning conjugation, Konsole development, Konqueror and online banking, and more.

People of KDE: Adriaan de Groot. This week, KDE.org interviews Adriaan de Groot, the current maintainer of KPilot.

Games

Crystal Space 0.92. A new version of the Crystal Space C++ game development kit has been released. This version features bug fixes, better documentation, and a few minor API changes.

Graphics

Open CASCADE 4.0. Version 4.0 of the Open CASCADE 3D modeling library has been released. There's a number of new features, including the new Extended Data Exchange facility.

GUI Packages

How to Develop with GLADE!. Gnome.org points to two articles on developing with GLADE, the GNOME RAD GUI tool.

Interoperability

Wine Weekly News for December 12, 2001. The latest Wine Weekly News is available. This issue looks at the implications of the Microsoft antitrust settlement on Wine, OSS fixes, SHLWAPI Additions, an async I/O Patch, and more.

Office Applications

Kernel Cousin GNUe #6. The December 8, 2001 issue of Kernel Cousin for GNU Enterprise is out with the latest development from that project..

AbiWord Weekly News #73. The latest AbiWord Weekly News is available. This edition features a rant on people's expectations of AbiWord.

Miscellaneous

Guikachu 1.0.0: 'Team Pocket'. Gnome.org takes a look at Guikachu 1.0.0, a utility for creating PalmOS resource files under Unix based systems. Guikachu is licensed under the GPL license.

 
Desktop Environments
GNOME
GNUstep
KDE
XFce
XFree86

Window Managers
Afterstep
Enlightenment
FVMW2
IceWM
Sawfish
WindowMaker

Widget Sets
GTK+
Qt
   

 

Programming Languages


Assembly Language

Osimpa macro-assembler. Here's a report on the latest developments to the osimpa macro-assembler. "osimpa is a macro-assembler or 'compembler' written entirely in GNU Bash. With minor modifications it should also work with pdksh and zsh. It currently supports the Intel 80386 real and protected modes."

Caml

The latest Caml Weekly News. The December 5 through 11, 2001 edition of the Caml Weekly News is out. Topics include code size versus languages, unreliable threading, Ensemble 1.33, embedding Ocaml, and SML to OCaml.

SCaml extension to the OCaml compiler. SCaml is an extension to the OCaml compiler. It adds module unloading, a workaround for mangled function names, and an uninliner for .cmx among other things.

FORTRAN

g95 Progress. Work continues on the g95 FORTRAN compiler project. "G95 is still in an embryonic state. Perusing the g77 source, we estimate that about 200,000 lines of code will be necessary to implement g95. G95 is currently about 33,000 lines long, making it about version 0.165. The current g95 does nothing except print the contents of internal data structures."

Lisp

OpenMCL 0.9 released. A new version of OpenMCL has been announced. Version 0.9 features internal file structure changes, more debugging and introspection tools, new memory access primitives, and sample code for OpenGL/GTK+.

Perl

Parrot 0.0.3 is released! (use Perl). A new version of Parrot, the Perl 6 interpreter has been announced. This version adds full support for custom data types.

The Perl Foundation launches. The Perl Foundation is a non-profit operation which seeks to promote the use and development of the Perl language. The Foundation's web site is now up, and the 2002 grant funding drive has begun.

Damian Conway Interview (pair.com). Pair Networks is running an interview with Damien Conway. Among other things, Damien talks about many new Perl modules that he is working on.

Perl 6 Porters for December 10, 2001. The December 10, 2001 edition of the Perl 6 Porters digest is out. Topics include Parrot 0.03, the Parrot FAQ 0.2, The GCC Register Transfer Language, the Parrot Execution Environment, and more.

PHP

PHP Weekly Summary for December 11, 2001. The December 11, 2001 edition of the PHP Weekly Summary is available. Topics include a long list of bugs, fixes, and new features for PHP.

PHP 4.1.0. PHP 4.1.0 has been released. There's numerous performance improvements and such, but the most significant change is probably the move away from automatically setting up form parameters as global variables. This feature makes form programming easy, but opens PHP code up to a number of potential security problems. For now, code that depends on the old behavior will not break, but things are clearly moving in that direction. (Thanks to Serguei Sokol).

Python

This week's Python-URL. Dr. Dobb's Python-URL for December 10 is out, with the usual roundup of interesting stuff from the Python development community.

Python timeline. Mark Pilgrim has put together a Python Timeline, covering Python history back to Guido's announcement of the language in 1991. The site is open to suggestions about more historical Python events.

Ruby

This week on the Ruby Garden. This week, the Ruby Garden covers the String#match method, programming Ruby in Spanish, the Torrent work flow Library, and more.

Ruby/FLTK 0.5.0. A new version of Ruby/FLTK, the Ruby binding to the FLTK toolkit, is available.

Tcl/Tk

This week's Tcl-URL. Dr. Dobb's Tcl-URL for December 10 is out, with the latest from the Tcl/Tk development community.

XML

Effective XML processing with DOM and XPath in Java (IBM developerWorks). Parand Tony Darugar writes about XML processing in Java on IBM's developerWorks. "Based on an analysis of several large XML projects, this article examines how to make effective and efficient use of DOM in Java. The DOM offers a flexible and powerful means for creating, processing, and manipulating XML documents, but it can be awkward to use and can lead to brittle and buggy code."

Java configuration with XML Schema (IBM developerWorks). Marcello Vitaletti writes about Java and XML Schema on IBM's developerWorks. "This article shows how to use a Java XML parser together with the Java language reflection features to create an arbitrary set of named objects according to the content of an XML file. Objects created by the proposed initialization process live in a hierarchical, global namespace. References to these objects anywhere in the code can be obtained by a simple query."

Section Editor: Forrest Cook

 
Language Links
Caml
Caml Hump
Tiny COBOL
Erlang
g95 Fortran
Gnu Compiler Collection (GCC)
Gnu Compiler for the Java Language (GCJ)
Guile
Haskell
IBM Java Zone
Jython
Free the X3J Thirteen (Lisp)
Use Perl
O'Reilly's perl.com
Dr. Dobbs' Perl
PHP
PHP Weekly Summary
Daily Python-URL
Python.org
Python.faqts
Python Eggs
Ruby
Ruby Garden
MIT Scheme
Schemers
Squeak
Smalltalk
Why Smalltalk
Tcl Developer Xchange
Tcl-tk.net
O'Reilly's XML.com
Regular Expressions
   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

See also: last week's Commerce page.

Linux and Business


Microsoft on embedded Linux. Here's a classic Microsoft posting: Why Microsoft Windows XP Embedded and Not Embedded Linux?. Typical of these sorts of MS attacks, it contains some good points and some things that are truly ridiculous. "For example, there are at least five different window managers and at least four competing browsers, increasing programming complexity and reducing the pool of available developers."

LinuxDevices.com is organizing a response to this document via talkbacks.

Red Hat CEO Matthew Szulik to Testify Before Senate Committee. Red Hat has sent out a press release stating that CEO Matthew Szulik will be testifying before the Senate Judiciary Committee tomorrow (Wednesday 12) regarding the Microsoft settlement. "The recent decree from the Department of Justice is inadequate and we believe that the remedial proposals of the plaintiffs still litigating this matter in nine states is a more appropriate and reasonable conclusion of this legal process."

Guardent announces security appliance. Guardent has announced the availability of its "Security Defense Appliance," which is built on Linux. Along with the appliance customers are expected to buy a range of security monitoring and response services.

Covalent launches the 'Apache 2.0 Zone'. Covalent Technologies has announced the launch of the "Apache 2.0 Zone" at apache.covalent.net. It is intended to be "the first comprehensive information source for Apache 2.0."

Caldera International's fourth quarter results. Caldera has announced its fourth quarter results. Revenue was just under $19 million. The company reported a loss of an amazing $91 million, but much of that is in the form of a writedown: "After evaluating current market and other conditions during the fourth quarter, we determined that various assets related to the operations acquired from Tarantella were impaired and that the book value exceeded the current estimates of fair value. As a result we recorded a $73.7 million write-down of goodwill and intangibles..." The SCO acquisition was perhaps not as good a deal as they had hoped.

D.H. Brown Linux Cluster software report. D.H. Brown has announced the availability of a report on Linux cluster failover products. Six offerings have been designated "stand-outs," which handled failover tasks quickly. The full report costs money, of course, but an executive summary is available for those who register.

Web Security, Privacy, and Commerce, Second Edition. O'Reilly has announced the release of the second edition of Web Security, Privacy, and Commerce by Gene Spafford and Simson Garfinkel.

Tommy Hilfiger goes with IBM and Linux. IBM has announced that Tommy Hilfiger, a clothing retailer, has gone with IBM Linux systems for its new e-business infrastructure.

VA Linux Systems changes name. It's official: the company formerly known as VA Linux Systems, previously known as VA Research, originally known as Fintronic Linux Systems, has changed its name again. The new name is VA Software Corporation.

PythonWorks Pro 1.3 released. Pythonware has released PythonWorks Pro 1.3, an integrated development environment for Python.

Linux Stock Index for December 06 to December 12, 2001

LSI at closing on December 06, 2001 32.10
LSI at closing on December 12, 2001 33.14

The high for the week was 33.14
The low for the week was 31.95

Press Releases:

Open source products

Proprietary Products for Linux

Hardware running Linux

Products and Services Using Linux

Products With Linux Versions

Java Products

Partnerships

Personnel & New Offices

Other

Section Editor: Forrest Cook.


December 13, 2001

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

See also: last week's Linux in the news page.

Linux in the news


Recommended Reading

Making Linux look harder than it is (NewsForge). Here's a NewsForge article saying that Linux gurus overlook how easy it can be to run a Linux system. "Find a distribution you like, update it regularly either on your own or with one of the increasingly popular subscription-based 'automatic' update services for Linux, and there is little reason to go beyond the Graphical User Interface more than a few times a year -- and when you do, if you are a true 'user' instead of a professional sysadmin or hard-core computer hobbyist, you are probably best off strictly following cookbook-style instructions given to you by someone more knowledgeable than yourself." (This article was also published in The Register).

Chinese take sip of Linux tea (Register). The Register looks at XTeam Software, which is going public in Hong Kong. "Typically, Linux has a price advantage over Microsoft software, being free, but this advantage is lost in China where most people either buy or download pirate versions of the software. On this level-playing field and with Microsoft having coded better Chinese support into its software, its applications tend to be more popular, says Lawrence Sheed, a Shanghai-based webmaster."

Queen dismisses Linux (News.com). According to this News.com article, the British Monarchy's web site no longer runs on Linux. It appears to be a result of a change in providers, rather than an explicit technology switch. "But last Thursday, Linux's reign ended when the site relaunched with its new service provider, CCG.XM, a division of the Cordiant Communications Group. CCG.XM 'works with Microsoft Internet Information Server as standard,' a palace representative said."

States get tough in Microsoft case (News.com). News.com looks at a new proposed Microsoft 'remedy' proposed by dissenting states. "The provision also would require Microsoft to develop a version of Office for the Linux operating system. The states apparently see Microsoft's dominance in desktop operating systems and office productivity suites to be a pair of clubs the company wields to maintain share in both markets."

Open source IE, license MSOffice, says rebel States' pitch (Register). Here's The Register's take on the alternative Microsoft settlement. "If IE was fully GPLed, and open source developers embraced it (that's a very big if, but it's possible), then IE would remain the de facto standard, Microsoft would be free to incorporate other developers' improvements and innovations in its own product, and the rival browsers that do currently exist could well be road-kill."

Linux lined up as virus target (vnunet). Vnunet tells us to expect more Linux viruses in the future. "Jack Clarke, European product manager at McAfee, said: 'In fact it's probably easier to write a virus for Linux because it's open source and the code is available. So we will be seeing more Linux viruses as the OS becomes more common and popular.'"

See also: this response to that article on the Roaring Penguin site. "There is a trend under Linux to build complex, rich desktop environments which allow rich interaction between programs. These environments could, if not designed correctly, increase the chances for viruses to execute and propagate. So far, however, the designers of these environments seem to be following sensible design and security procedures. No-one, for example, has built a Linux e-mail client which automatically executes an attachment with just one mouse click."

Building a Mosix Cluster with SystemImager (SourceForge). The SourceForge "Cluster Foundry" has posted an article on building clusters with Mosix. "MOSIX is a Linux kernel extension that allows you to run normal (non-cluster aware) applications across a cluster. One feature of MOSIX that I found most intriguing is 'process migration'. Process migration is just what it sounds like -- processes can migrate from one node to another. For example, when a particular process starts to dominate a machine's load, it gets moved to another node in the cluster that has more idle resources."

Lord of the special effects (Stuff). The (New Zealand) site Stuff has an article on the generation of special effects for The Lord of the Rings. "Mr Labrie says Linux is gradually replacing Irix as the operating system of choice in the effects world."

Companies

Caldera Feeds Mid-sized Business Needs with Simple MS Exchange Replacement (Linux Journal). The Linux Journal reviews Caldera's answer to Exchange. "The solution is Caldera's Volution Messaging Server, which combines SMTP, IMAP, POP and web mail in a single, web-administered package licensed for $28 per seat."

Sun's latest Star still shuns the Mac (IT-Director). IT-Director looks at StarOffice. "Of course, the most interesting 'feature' of Star Office is that it is free. This makes it attractive to any organisation re-evaluating its technology spending - it becomes even more attractive when put against Microsoft's new licensing agreements and associated costs. This, together with features and functionality comparable with Microsoft Office, and compatibility with those competing products, is starting to represent a very real threat to Microsoft's position as king of the Office."

Business

Linux Attacks Outlook Market (IT-Director). Here's IT-Director's take on the Evolution 1.0 release. "The IT world is split into two major camps, those who employ proprietary software tools, and Open Source fanatics. Clearly there are some realists who are psychologically equipped to asses any technology purely on its capabilities and fit with existing infrastructures without recourse to gut level opinion, but these individuals are few and far between. Until recently, for many organisations the choice of 'office' systems has been a question of using Microsoft products, IBM products, or something wacky in the extreme. However, times are changing and distinctions are blurring."

Studie empfiehlt Schily Server-Umrüstung auf Linux (Heise). Here's an article (in German) in Heise News regarding a study done for the German Ministry of the Interior on moving to open source software. The study recommends moving the Ministry's servers, but stops short of recommending Linux for desktop use. Lots more information is in the article; there is a painful Babelfish translation available for the non German-capable among us. (Thanks to Alexander Stohr).

Reviews

A developer's review of LynuxWorks' BlueCat Linux SDK (LinuxDevices). LinuxDevices.com has posted a detailed look at the BlueCat Linux software development kit from LynuxWorks. "The amount of code added by LynuxWorks for this product is actually quite small; primarily consisting, as we shall see, of the BlueCat OS Loader (itself simply a Linux implementation with the ability to load another Linux system) and some fairly simple command-line utilities for constructing and deploying kernels and filesystem images. Most significantly, the entire process is extraordinarily well documented in the User's Guide, resulting in a complete and usable system."

Interviews

Interview with Dr. Frank G. Soltis (IT-Director). IT-Director interviews Frank Soltis, chief scientist at IBM. "Everybody is working really hard to get Linux onto the straight and narrow. If it is going to be a commercial success then we have to stop all the solutions diverging."

Miscellaneous

Hacking the TCSX-1 for fun and profit (LinuxDevices). LinuxDevices rips into the Advantage Business Computer Systems' TCSX-1 Thin Client to see what's inside. "At first I thought I could just hack into it using some sort of shell trick. Knowing that when it is in Setup mode it's running a shell script that does a shell 'read' followed by some sort of shell 'if [ ]; then' sequence, I thought I could just give it some magic ASCII shell escape sequence to get myself to the shell. No such luck."

Section Editor: Forrest Cook


December 13, 2001

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

See also: last week's Announcements page.

Announcements


Resources

UML Disaster of the Month Contest. Jeff Dike, creator of User-mode Linux, has announced a new 'Disaster of the Month' contest. The challenge: use UML to create a horribly damaged system, then figure out how to recover. User-mode Linux is, indeed, an ideal tool for this sort of exercise, since one need not vandalize an actual, working system. The first test is a zeroed-out superblock; roll up your sleeves and figure out how you're going to get out of this one...

Events

FOSDEM 2002. The Free and Open Source Software Developers European Meeting (FOSDEM) has been announced for February 16 and 17 in Brussels. A number of speakers have already been scheduled, including Richard Stallman and Miguel de Icaza. More information is available on the FOSDEM web site. There will also be a chance to meet some KDE developers at FOSDEM.

Python 10 conference program. The program for the Tenth International Python Conference (February 4 to 7, Alexandria, Virginia) is now complete. The keynote speakers are Tim Berners-Lee and Andrew Koenig. The full program may be found on the Python10 web site.

Fourth German Perl Workshop 2002: Call for Participation (use Perl). There will be a Perl Workshop in Sankt Augustin, Germany from February 13 through 15, 2002.

Linux Charity Christmas Party. A Linux Charity Christmas Party will be held in Toronto, Canada on December 17, 2001. Toys are being collected for needy kids. A stuffed penguin would make an excellent gift.

linux.conf.au registration opens. Registration for linux.conf.au (Brisbane, Australia, February 6 to 9) is now open.

Linux Event 2002. The Linux Event 2002 will be held in Livorno, Italy on February 1 through 3. (If the web site turns up "under construction," try later on - they are still working on it).

Events: December 13, 2001 - February 7, 2002.
Date Event Location
December 13 - 15, 2001II Unix Internacional Meeting(UMeet2001)Online
January 28 - 29, 2002The Conference on File and Storage Technologies(FAST 2002)Monterey, CA
January 29 - February 1, 2002LinuxWorldNew York, NY
February 1 - 3, 2002Linux Event 2002Livorno, Italy
February 3 - 6, 2002Embedded Executive Summit(Ritz-Carlton)Half Moon Bay, California
February 4 - 7, 200210th International Python Conference(Hilton Alexandria Mark Center)Alexandria, Virginia
February 5, 2002OMG Information Days Europe 2002Amsterdam
February 6, 2002OMG Information Days Europe 2002Brussels
February 6 - 9, 2002linux.conf.auBrisbane, Australia
February 7, 2002OMG Information Days Europe 2002Paris

Additional events can be found in the LWN Event Calendar. Event submissions should be sent to lwn@lwn.net in a plain text format.

Web sites

Perl Training Directory. Gabor Szabo has put together perltraining.org, a site that is dedicated to listing Perl language training courses.

Section Editor: Forrest Cook.


December 13, 2001

   

 

Software Announcements


Here are this week's Freshmeat software announcements. Freshmeat now offers the announcements sorted in two different ways:

The Alphabetical List and Sorted by license

 

Our software announcements are provided courtesy of FreshMeat

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

See also: last week's Linux History page.

This week in Linux history


Six years ago: The Debian 1.0 release never happens after InfoMagic mistakenly puts a broken, development version on its CD as "Debian 1.0". The project, instead, goes directly to a 1.1 release.

Five years ago: Debian 1.2 is released. The distribution claims 848 packages, and 120 active maintainers. Debian releases came a little quicker in those days...

Four years ago: Linus Torvalds won the 1997 Nokia Foundation Award.

Three years ago (December 17, 1998 LWN): IDC reported that Linux's market share rose 212% in 1998, giving it 17% of the server operating system market.

Work continued toward the 2.2.0 stable kernel release. Linus, meanwhile, addressed the topic of raw I/O in Linux:

Quite frankly, nobody has EVER given me a reason that makes any kind of sense at all for supporting raw devices in any other way than we already do. Nobody sane uses a disk without a filesystem, and the insane people that do I feel we can and should ignore. Insanity has a way of dying off over time, when Darvin [sic] starts to look into it.

(The 2.4 kernel, of course, includes a Linus-approved raw I/O implementation).

The Debian Project adopted its constitution, which describes how the project operates. The project was smaller then; all of 86 votes were counted in the decision on the constitution. The first project leader election began, with Joseph Carter, Ben Collins, and Wichert Akkerman running as candidates.

Red Hat, meanwhile, launched its training and certification programs.

The GNOME project aims to emulate what is best about existing interfaces. "Microsoft did some things very well, and we're trying to learn from them," [Miguel] de Icaza says. At the same time, the project seeks to avoid some of Windows' annoying design peculiarities. GNOME users, de Icaza promises flatly, will not turn off their computers by clicking a button labeled "Start."
-- Technology Review on GNOME, three years ago.

The Linux Mall announced the availability of the first stuffed Tuxes. "A huggable pal to have around, or a great bed partner."

IBM released the first version of Wietse Venema's "Secure Mailer," otherwise known as Postfix.

Two years ago (December 16, 1999 LWN) saw, of course, the initial public offering of VA Linux Systems. The company's stock shot up to close at almost eight times its (already increased) initial value, setting a record which remains unchallenged a year later. It was the high point of the Linux stock mania. Two years later, VA's stock stands at less than 1% of its first-day peak.

Internet mania reached new levels of frenzy Thursday as investors paid huge multiples on an initial public offering, giving a market value of almost $10 billion to a tiny company with powerful competitors, little revenue and no expectation of earnings in the foreseeable future.
-- New York Times

LWN predicted a flood of Linux-related IPOs to follow. Needless to say, things did not work out that way.

VA had indeed gone out on NASDAQ -- and I had become worth approximately forty-one million dollars while I wasn't looking. Well, that didn't last long. In the next two hours, VA dropped from $274 a share to close at $239, leaving me with a stake of only thirty-six million dollars. Which is still a preposterously large amount of money.
-- Eric S. Raymond. That didn't last long either.

The Bazaar, a free software conference, was held in New York. Attendance was light, and the event has not been repeated. At the conference, Miguel de Icaza was awarded the Free Software Foundation Award for his work with GNOME.

Bastille Linux 1.0.0 was released. Debian 2.1r4 came out. MandrakeSoft proclaimed that Linux-Mandrake 6.1 was Y2K compliant. Stormix released Storm Linux 2000.

Linus released development kernel 2.3.33 with the comment: "We're obviously not going to have a 2.4 this millenium [sic], but let's get the pre-2.4 series going this year, with the real release Q1 of 2000." He was flooded by those who claim the millennium wouldn't end for another year, and responded:

The fact that our forefathers were Pascal-programmers, and started counting from one does not mean that we have to continue that mistake forever. We've since moved on to C, and the change from 1999->2000 is a lot more interesting in a base-10 system than the change from 2000->2001.

Of course, there was no no 2.4.0 by the end of the millennium even by the reckoning of Pascal programmers...

Linuxcare closed a large investment round.

But Linuxcare wants to get its business in better shape before it goes public. The company isn't profitable and won't be for the next year as Linuxcare pays for aggressive hiring and expansion, [CEO Fernand Sarrat] said in an interview. Shunning the method pioneered by Internet companies, Sarrat is focusing on building up the business before Linuxcare goes public, instead of using the proceeds of an IPO to fund that expansion.
-- News.com, December 14, 1999

Of course, Linuxcare filed for its IPO just one month later...

One year ago (December 14, 2000 LWN): Amid great fanfare, FreeDesktop.org released version 1 of the "extended window manager hints specification." This spec was produced as a cooperative effort between KDE and GNOME developers.

Great Bridge announced its first boxed version of the PostgreSQL database.

While Great Bridge software will be widely distributed at no cost, the company will make money by selling value-added support services such as technical support, consulting and training. Great Bridge offers a suite of technical support packages for corporate end-users. Its Premium Support package provides one year of unlimited, 24-hour e-mail and telephone support from a dedicated engineering team. The Standard Support package includes unlimited e-mail support and limited telephone support for one year.

It seemed like a good idea at the time.

NuSphere also announced a set of service offerings, these oriented around MySQL.

Linus released 2.4.0-test12, which contained an amazing number of changes for a kernel that was supposed to be near a stable release.

Conectiva released its port of the Debian apt tool which uses RPM as a package manager.

Sun completed its acquisition of Cobalt Networks.

If anyone had told me back then that getting back to embarrassingly primitive Unix would be the great hope and investment obsession of the year 2000, merely because its name was changed to Linux and its source code was opened up again, I never would have had the stomach or the heart to continue in computer science.
-- Jaron Lanier was not impressed.

Section Editor: Jonathan Corbet.


December 13, 2001

LWN Linux Timelines
1998 In Review
1999 In Review
2000 In Review
2001 In Review

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

See also: last week's Letters page.

Letters to the editor


Letters to the editor should be sent to letters@lwn.net. Preference will be given to letters which are short, to the point, and well written. If you want your email address "anti-spammed" in some way please be sure to let us know. We do not have a policy against anonymous letters, but we will be reluctant to include them.

December 13, 2001

   
From:	 Jim <jimd@starshine.org>
To:	 letters@lwn.net
Subject: MS Remedy, Br'er Patch
Date:	 Sat, 8 Dec 2001 19:20:22 -0800


 Since there is news (on your current "Daily" updates) about
 the latest absurdities in the pursuit of justice and free market
 balance (vis a vis the DoJ and various States Attorneys General
 versus Microsoft) I figured it would make sense to link to an
 editorial (op-ed) that I wrote for the Linux Gazette this month:

 	http://www.linuxgazette.com/issue73/dennis.html

 It should be blatantly obvious that a court-mandated "Linux version"
 of MS Office would be grudgingly delivered late, bereft of as much
 functionality as the courts could tolerate, and more or less deliberately
 "tuned" to offer the most abysmal performance possible.

 Microsoft's officers and management wouldn't have to encourage this
 result.  Their own rank and file rancor would *GUARANTEE* this
 result.  Hell, I'd feel the urge to sabotage the effort if I was
 one of their programmers --- despite my pro-Linux leanings!

 There is *no* effective way to compel a company to release a quality
 software product by government mandate.  The very notion is absurd 
 almost beyond belief.  
 
 It would be conceivable that third parties could be "licensed" 
 (by governmnet mandate) to port the sources to Linux (and other OS).  
 In other words, one could require MS to provide full source trees to 
 third parties (with proof of their comprehensive nature lying in the 
 requirement that they be able to build a fully operational copy of the 
 software for its native platform).

 Such sources would then be explicitly licensed for said third parties
 to create derivative works under a RAND (reasonable and non-discriminatory)
 royalty basis.  (In other words a company would have *no* up front 
 licensing fees --- they could freely get the sources --- but any commercial
 derivative works would provide a small *percentage* royalty that would be
 paid back to MS and/or to a federal licensing agency).

 I say that this is conceivable.  However it is probably not feasible.
 We cannot mandate that MS "open source" their products.  That would be
 too drastic a blow against traditional copyright laws (including the very 
 copyright which protects our right to "copyleft" anything).  A RAND
 for derivatives would raise all sorts of thorny issues.  What if I
 port these sources to Linux, FreeBSD, and even to back "MS Windows" 
 itself and *don't* charge any money for it?  What do you mean I've got to 
 make a minimum charge -- then we have a government mandated pricing
 structure on (some) software.  That way lies madness.

 I think the "public domain interoperable reference sources" proposal
 (in my article) is still the most reasonable and practical.  We need
 something simple, fair and unambiguous.  The hardest part of my proposal
 is to define a set of operations which must be covered for file formats,
 APIs and protocols.  
 
 The enforcement mechanism is relatively simple: injunctions on revenues 
 from sales until the court's mandates are satisfied.  (In other words, 
 the software can be sold, at locked prices, but the revenues beyond 
 minimum media duplication and distribution is held in escrow; with 
 fines exacted, until MS is in conformance --- until they have a 
 "interoperable set of reference sources" which an perform the designated 
 suite of operations on every file format, API, and over every protocol 
 used by MS applications and operating systems.  Thus the software 
 remains available to the public which has been rendered dependent 
 upon it by Microsoft's prior (and now proven) anti-competitive practices,
 but MS doesn't benefit from that available until remedies are made.
 Meanwhile MS is free to "innovate" (do anything they want with their
 software) so long as the release of these innovations is made concurrent
 to the required suite "interoperable references sources."

 As I've said before; this proposal says nothing about Microsoft's
 proprietary sources.  They are free to maintain them and develop the
 reference sources independently; or they are free to create a subset
 of them which provides the interoperability while keeping the UI
 and feature set (what they do with the data, or how they do it) to
 themselves.  All we (the injured public) care about is that we can
 open, parse, and modify *our* files as they are stored in designated
 MS application formats (.doc, .ppt, .xls, and the backend mailbox,
 and SQL Server table formats, for example) and that we have full
 access to the APIs and protocols used between applications and the
 OS, and among the applications.  As I say, the tricky part is defining
 the specific operations that constitute "interoperable."

--
Jim Dennis 

   
From:	 "Greg Owen" <gowen@swynwyr.com>
To:	 letters@lwn.net
Subject: Re: Contacts in Evolution
Date:	 Fri, 7 Dec 2001 10:24:08 -0500


> Most pointed out that there is, indeed, a way to generate a
> contact entry from a mail message; one simply clicks on the
> sender's address with the right mouse button. It's good that
> the feature exists, but the difficulty of finding it points
> out the need for continued usability testing for Linux desktop
> software.

    As a long-time Outlook and Outlook Express user (for work reasons,
honest!) right clicking to add to the address book was a no-brainer.  For the
vast majority of Windows users converting to Linux, Evolution's interface is
spot-on.

    I've plenty of nits with Evolution's usability, but that shouldn't one of
them.

--
        gowen -- Greg Owen -- gowen@swynwyr.com
        79A7 4063 96B6 9974 86CA  3BEF 521C 860F 5A93 D66D

   
From:	 Marius Gedminas <mgedmin@delfi.lt>
To:	 letters@lwn.net
Subject: Mutt or Evolution?
Date:	 Thu, 6 Dec 2001 16:08:44 +0200

Eric Kidd wrote:
> I've abandoned a highly customized Mutt setup (among other things, I'm
> the author of Emacs mutt-mode), and switched to Evolution.  Why?

That is the best recommendation for Evolution I've ever seen.  More
convenient than a highly customized Mutt setup?  I must take another
look at it.

I have to agree that Mutt doesn't really cope with huge folders (ones
with > ~ 5,000 messages, although I sometimes wonder if using Maildir on
Reiserfs partitions would help a bit there).  And it is a bit tedious
having to open another xterm with another copy of Mutt because of its
modality.  But I'm really surprised that the author of Emacs mutt-mode
doesn't know about ~b search pattern that allows just that -- searching
in message bodies.  And I see nothing clunky with adding one line to
one's ~/.mailcap and two to one's ~/.muttrc for automatic rendering of
HTML e-mails.

Cheers,
Marius Gedminas
-- 
Linux don't need no steenkin' viruses. The users can destroy the
system all by themselves....
		-- Peter Dalgaard in comp.os.linux.misc
   
From:	 Andrej Marjan <amarjan@pobox.com>
To:	 eric.kidd@pobox.com
Subject: Re: Evolution notes
Date:	 Fri, 7 Dec 2001 00:03:11 -0500
Cc:	 letters@lwn.net

Here are two minor nits to your drawbacks of mutt:

> * Mutt is inherently modal.  I can't, say, compose two messages at once,
> read a third, and poke around in a mailbox at the same time.

True, this can be annoying, however, mutt is lightweight enough to run
many instances concurrently. The only real shortcoming would be not
being able to run two instances on the same folder, though this might
not be an issue if maildirs are used.

It's simply a different approach to solve the same problem (dare I say
"paradigm").

> * Mutt can't search message bodies.

Just prefix your search with '~b' for a body search (ESC-b in Debian).
Of course, there is no text index to speed this operation, but it is
there.

The two big drawbacks of evolution for me personally are its primitive
thread handling and its gui-only mode. Unfortunately, not every machine
has an X server locally, and X over the Internet at large tends toward
unbearable. :)

Regards,

Andrej Marjan

-- 
-----------------------------------+-------------------------
Change is inevitable.              |  A n d r e j M a r j a n
Progress is not.                   |     amarjan@pobox.com
-----------------------------------+-------------------------
   
From:	 Eric Kidd <eric.kidd@pobox.com>
To:	 jhecking@netgaroo.com, lhecking@nmrc.ie, jzbiciak@dal.asp.ti.com,
	 marcus@blazingdot.com, rrw@hell.pl
Subject: Searching big gobs of e-mail
Date:	 06 Dec 2001 13:34:35 -0500
Cc:	 letters@lwn.net

Many thanks to everybody who read my letter to LWN and wrote me to say
that /~b will search message bodies in mutt.  This does appear to work
very nicely for ordinary e-mail usage, and would have saved me some
trouble in the past.

Still, this brings me back to my major difficulty with mutt--I have
close to 100,000 messages archived (for example, I answer questions
about an open source project with 13,467 mailing list messages since
1997), and mutt has simply broken down.  In mutt's defense, of course,
most other mailers broke down around a few thousand messages.

Don't get me wrong; I love mutt.  It's just breaking under the strain. 
For example:

* When opening a mailbox, Mutt appears to do a linear scan of all the
messages.  Since mailboxes tend to fragment nastily, this requires lots
of disk seeks.  The result: some mailboxes take nearly 45 seconds to
open.  And since mutt opens and closes mailboxes when you switch between
them, this gets rather tiresome.

* The aforementioned /~b feature walks me through search results one
message at a time.  But some of the queries I need to perform return
hundreds of hits (say, digging through automatically-generated CVS
e-mails from years ago).  So when I most need /~b, it turns out to be
nearly useless.

* Mutt has no ability to save search results in a virtual folder (a
feature which I've loved in Evolution and the original BeOS mail
client).  This is a lifesaver for research purposes--I use queries of
the form "all unread messages from the following mailing lists in the
past three days", "everything to or from the client who owes me money",
or "everything from this CVS repository in 1998 mentioning 'linker'".  I
can then perform secondary searches on these virtual folders.

All of this suggests that Mutt was never intended to handle the kind of
abuse I inflict on my mailer.  This is no fault of mutt's--it stands
head and shoulders above most mail clients in this regard.

Cheers,
Eric

P.S.  Yay vFolders!

Rule name: [Mutt stuff]

Execute actions if [all criteria are met]

[Message was sent] [after]    [Dec 05 12:00 AM]
[Message Body]     [contains] [mutt]

vFolder Sources
[specific folders only]
file:///home/emk/evolution/Inbox
file:///home/emk/evolution/Sent

;-)

(The BeOS was a bit nicer; it allowed structured queries with boolean
operators.  Evolution can only do this in a hackish fashion--you have to
build multiple layers of vFolders.)

   
From:	 "Jonathan Day" <jd9812@my-deja.com>
To:	 letters@lwn.net
Subject: Sourceforge, Linux Viruses, and Paranoia, Oh My!
Date:	 Thu, 6 Dec 2001 06:27:19 -0800

Dear Editors,

   Sourceforge can reasonably be treated with considerable suspicion. Why?
Because shortly after VA took over Freshmeat, a certain competing service
(Server 51) vanished. No warning, no notice, no site. More than a few
people complained, and I wrote a rather direct editorial on Technocrat,
explaining why VA was hardly engendering trust, by pulling this stunt. A
high-up VA employee replied that they were shocked, would look into the
matter, and absolutely guaranteed the code for Server 51 would, at the very
least, be up on Sourceforge "soon".
    That was a long time ago. Oh, I believe the employee was sincere. There
is no reason not to. But that makes VA's position very clear. They don't
want trust. They don't want the legitamacy of Open Source. If they did,
where is the source for Server 51? For that matter, where is the source for
Sourceforge? The updates are sporadic and rarer than Halley's Comet at a
blue moon.
    The only way to gain trust is to earn it. Silently killing the
competition and only paying lip-service to the very concept they claim as
the cornerstone of their business model... Well, in my book, that falls
short of earning anything.

   Now onto that utterly pathetic claim by Symantec that Linux viruses
should be more common, because the source is available. Sure, the source is
available. That's how the holes get fixed BEFORE the viruses get written!
Twit! Then, there's the very thing that commercial vendors have been
slamming Linux for, for years. Environments are not consistant. I guess
it's "heads I win, tails you lose". Viruses are far more susceptable to
changes in the environment, as they can't afford to carry the extra payload
needed to cope with variations.
   This means that compiled code isn't guaranteed to work. Are you using
a.out or elf? Glibc 2.0, 2.1 or 2.2? It matters. A binary for one won't be
guaranteed to run on any of the others. (Unless it's statically linked. But
while applications can afford to do this, viruses really can't.) Script
viruses are also getting common, but is csh installed? Python 1 or Python
2? Which Perl, and where is it?
   Then, viruses must make other assumptions. They depend on users not
installing LSM, SE-Linux, POSIX ACL's, or any other security software of
this ilk. It's hard to be unobtrusive, in a secure environment.
   Finally, there's the psychological aspect. "Proving a point", political
propoganda, or even just digital vandalism, are not only possible, but
encouraged, by the schizoid, paranoid world of the corporate market. In an
Open Source world, the only way to achieve the same intensity of feelings,
the same passionate rage, is to add to what is already there. Some of the
greatest creative works of humanity have been produced when insanity has
been allowed to vent for the benefit of all. That is a notion the
proprietary world has never understood. Throughout history, it's suffered
the consequences for that. You can't simply cage people up, and hope
they'll stay quiet, especially if their brains are half-broiled to start
with.

Well, enough of this rant. I'm off to beat some bugs over the head.

Jonathan Day

   
Eklektix, Inc. Linux powered! Copyright © 2001 Eklektix, Inc., all rights reserved
Linux ® is a registered trademark of Linus Torvalds