[LWN Logo]
[LWN.net]

Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise news for all interests


Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Letters

Other LWN stuff:
 Daily Updates
 Calendar
 Linux Stocks Page
 Book reviews
 Penguin Gallery

 Archives/search
 Use LWN headlines
 Advertise here
 Contact us

Recent features:
- RMS Interview
- 2001 Timeline
- O'Reilly Open Source Conference
- OLS 2001
- Gaël Duval
- Kernel Summit
- Singapore Linux Conference
- djbdns

Here is the permanent site for this page.

See also: last week's LWN.

Leading items and editorials


No more free StarOffice downloads. Linux users have long been accustomed to being able to download the StarOffice suite for free. It is one of the best deals out there: a complex, highly functional office suite which can be had for the price of a download. Seemingly, the deal was a little too good; the word has now slipped out that StarOffice 6.0 will be a proprietary product. At least for some operating systems; the Solaris version will remain free (of charge).

Why might Sun be doing this? Turning StarOffice into a proprietary product will certainly reduce its use on Linux systems. In the absence of a definitive word from Sun, one can only go looking for possible motives, such as:

  • The StarOffice development team is expensive, and Sun would like to earn enough money from their work to pay their keep.

  • Pointy-haired bosses might actually take the product more seriously if they have to pay for it. Turning StarOffice into a commercial product could, conceivably, increase its penetration into places where Sun actually wants to go.

  • By all appearances, Sun will be coming out with its own Linux distribution (though the company has refused to comment to us on that topic). A Sun-branded Linux would offer a distinct value above other distributions if it were the only one which came with a bundled version of StarOffice.

Then again, perhaps Sun just remains hostile to the idea of free software. Those days, however, are probably (hopefully) past.

It will be interesting to see how this all turns out. If Sun is able to turn StarOffice into a successful product, that is likely to be good for Linux in the long run. That is a big "if," however; if your name is not Microsoft, the office suite business is not a very fun place to be. Sun's success there is far from guaranteed.

The Linux community, in any case, can be calm about this move. After all, StarOffice never was free software, even if one did not have to pay for it. But it's based on OpenOffice, which, thanks to Sun, is free software. OpenOffice does most of what StarOffice does (see the OpenOffice FAQ for a list of differences), and the source is out there. If a commercial StarOffice helps to support the development of OpenOffice, it is hard to argue that the Linux community has lost anything from this move.

[Editor's note: the original title of this article ("StarOffice goes proprietary") was clearly misleading, generated a lot of mail, and has been changed. We apologize for any confusion].

The Progress (NuSphere)/MySQL AB preliminary hearing was still unresolved as of this writing. This is a legal case that is worth watching; it is, perhaps, the first time that the GPL will be tested in court.

The basics of the case are relatively straightforward. NuSphere implemented its "Gemini" storage manager for MySQL, and shipped a binary product that included that code. Since MySQL is licensed under the GPL, NuSphere was bound by the license to ship the source for its modifications. The source for Gemini, however, was long in coming.

NuSphere has issued a press release denying any violation of the GPL took place:

The FSF contends that NuSphere violated the GPL by simply linking proprietary software to the MySQL system using a public API. MySQL AB is interpreting the GPL so broadly that any commercial software that comes into contact with free software must also become free..

MySQL AB does indeed take a broad view of the GPL - code which speaks to the MySQL daemon over a network connection can deemed to be "linked" and thus fall under the GPL. In the Gemini case, however, things are simpler: the Gemini storage manager was staticly linked into the MySQL daemon itself. This is exactly the sort of situation the GPL was written to cover; if it does not apply here then its restrictions on derived works are weak indeed. It will be interesting to see what the court says, but this case looks clear to most observers.

Of course, the Gemini source has been available for some time; NuSphere's current products are no longer in violation. Unfortunately for NuSphere, the GPL states that, once a violation occurs, all rights to use the software are terminated. MySQL AB is trying to use that term to prevent NuSphere from distributing MySQL at all, even though it is currently in compliance. That is a departure from previous GPL enforcement efforts; usually, once a problem has been resolved, the violator is "forgiven" and may continue to distribute the software. The normal purpose, after all, is to bring about compliance with the license. The first goal is not usually punishment of the violator.

This case is clearly different. NuSphere makes its living by selling value-added versions of MySQL (and associated services). By trying to deprive NuSphere of the right to distribute the system, even after the GPL violation has been remedied, MySQL AB is going for blood: NuSphere could well be driven out of business.

Why is MySQL AB taking this approach? There has been bad blood between the two companies for some time, and lawsuits have been filed in both directions. The full details of the dispute between the two have never been made public; there is likely far more going on than most of us are aware of. The GPL enforcement looks like just another tactic employed by MySQL AB in this disagreement. In other words, we're seeing the public part of an unpleasant, private, and unrelated (to the GPL) fight between two corporations. It's too bad they had to drag the GPL into it.

(See also: the FSF's press release on Eben Moglen's participation in the trial, his affidavit explaining in detail why NuSphere should lose its right to distribute MySQL, and this brief report from the preliminary hearing suggesting that a GPL-based injunction would not be issued at this time).

Monitoring the chilling effects. The Electronic Frontier Foundation, along with Internet law clinics at Harvard, Stanford, Berkeley, and San Francisco have announced the launch of a new site at ChillingEffects.org. This site seeks to encourage freedom of expression on the Internet with legal information on (U.S.) intellectual property laws and First Amendment rights. Topics covered include the rights of authors of "fan fiction," anonymous posting, linking, and, of course, the DMCA.

The real core of the site, however, appears to be an archive of "cease and desist" letters that have been published by their recipients. This is a highly worthwhile endeavor; as the number of these letters grows, this archive will provide a picture of the real cost of the DMCA and other problematic intellectual property laws. That can only help in the battle to roll back those laws, and to prevent the passage of even more ill-advised legislation (such as the SSSCA). Of course, seeing how willing some people are to call out the lawyers and shut down sites they don't like could have a chilling effect of its own...

Speaking of the SSSCA, it's worth taking a look at this column by Jack Valenti, CEO of the MPAA. This, of course, is the guy who claimed that the video cassette recorder "is to the American film producer and the American public as the Boston Strangler is to the woman alone." He's worried about Internet downloads of films, of course. His solution?

Simply put, in order to transport movies as agreed to by the consumer on a rent, buy or pay-per-view basis with heightened security, computers and video devices must be prepared to react to instructions embedded in the film.

In other words, the film industry wants to be able to program our computers for us to implement their copyright protection schemes. One imagines that the industry will not react well to those of us who decide to reprogram our systems to work the way we want. Given that new hearings on digital content protection are to be held on February 28 (with our friend Mr. Valenti testifying), the threat of new, hostile legislation is real.

This approach is hostile, at its core, to the fundamental ideas behind free software. The MPAA knows how our hardware and software should work, and is prepared to use the legal system to ensure computers work that way. It is your hardware, but it is controlled by somebody else. This does not look like a desirable future to those of us who are concerned about freedom, fair use rights, security, privacy, or any of a number of other issues.

(See also: this Bugtraq posting on severe privacy problems with the Microsoft Windows Media Player.)

W3C RAND licensing followup. The W3C has issued a press release describing its now draft patent policy. The new policy was examined in detail back in January; we'll not repeat that discussion now. If anything, the policy has tipped ever more strongly against patented technology: "Working Group Participants must now commit to Royalty-Free Licensing." Once again, congratulations are due to the community: we won this one.

Inside this LWN.net weekly edition:

  • Security: Common security vulnerability naming; squid problems.
  • Kernel: Process migration; Doing BK penguin style.
  • Distributions: Rock Linux; Embedded Distributions and new Intel processors.
  • Development: Omni 0.6.0, Alsa 0.9.0b12, Linux H.A. report, Ghostscript 6.53, Zope 2.5.1b1, Gnome 2.0 beta, AbiWord 0.99.2, gphoto 2.0, GCC 3.0.4, TinyCOBOL 0.5.7.
  • Commerce: Linux International starts telecom marketing initiative; EU lets Microsoft write its Patent Directive.
  • Letters: Racism and free software; Debian Testing; CML2.
...plus the usual array of reports, updates, and announcements.

This Week's LWN was brought to you by:


February 28, 2002

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Letters

See also: last week's Security page.

Security


News and Editorials

Toward a common naming system for security vulnerabilities. The Common Vulnerabilities and Exposures project has been working since 1999 to create a standard way of talking about security problems. The problem to be solved is real: one distributor may refer to a vulnerability in "login," while another fixes a problem with the PAM libraries. Both are dealing with the same vulnerability, but it can be hard to tell without taking a detailed look. Even more detailed descriptions (i.e. "the buffer overflow in wu-ftpd") can be ambiguous. How is a user to know which problems an update really fixes?

The CVE project steps in by assigning a unique name to each vulnerability. The full set of vulnerabilities is packaged in a "freely downloadable" database - you can do almost anything with CVE except modify it. Last year's mutt format string vulnerability, for example, is CVE-2001-0473.

The process for creating a CVE entry appears to be long; one must get a "candidate number" assigned, then wait for a large "editorial board" to pass judgment on whether a real vulnerability has been described or not. That process appears to be long; the last Linux-related vulnerability with a full CVE number is CVE-2001-0489, a format string vulnerability in gftp which was reported in May, 2001. This is a problem: time is often of the essence when dealing with security incidents. During the period in which a security problem is current, all that is available is an unratified, temporary candidate number. This slowness is likely to slow the adoption of CVE.

Still, the effort is worthwhile. As we rework our handling of security vulnerabilities in the near future, we'll look hard at including CVE identifiers in the database.

Security Reports

Multiple security vulnerabilities in squid. Here is a security advisory for the Squid proxy server reporting several vulnerabilities in versions up to and including 2.4.STABLE3. At the minimum, the vulnerabilities could facilitate denial of service attacks; the potential for worse also exists. Sites running squid probably should apply the update sooner rather than later.

Distributor updates seen so far:

IRC connection tracking vulnerability in netfilter. The Netfilter team has released an advisory warning of a bug in the Linux packet filtering code. It seems that when connection tracking is used, and a particular type of IRC connection is made, the firewall can be opened up to all incoming connections to a particular port for a brief period. Only certain configurations are vulnerable; see the advisory for details.

As of this writing, the only distributor update available is from Red Hat. It is a kernel update, of course, and so should be applied carefully.

Red Hat security update to ncurses4. Red Hat has issued a security update to ncurses4 fixing a buffer overrun vulnerability in that package.

Access control vulnerabilities in gnujsp. The gnujsp Java servlet has a set of vulnerabilities which make it possible to bypass access control restrictions on the web server. So far, the only distributor update we have seen is:

Updates

Heap corruption vulnerability in at. The at command has a potentially exploitable heap corruption bug. (First LWN report:  January 17th).

This week's updates:

Previous updates:

Buffer overflow in CUPS. Versions of the Common Unix Print System prior to 1.1.14 have a buffer overflow vulnerability. (First LWN report: February 14).

This week's updates:

Previous updates:

Multiple vulnerabilities in SNMP implementations. Most SNMP implementations out there have a variety of buffer overflow vulnerabilities and should be upgraded at first opportunity. See this CERT advisory for more. (First LWN report: February 14).

This week's updates:

Previous updates:

Resources

Patching the net's fatal flaws (Business Week). Business Week examines the SNMP vulnerabilities. "So far, the fallout has been minimal. Major attacks using the SNMP hole have failed to materialize. That doesn't mean they won't happen, though."

LinuxSecurity.com newsletters. The Linux Advisory Watch and Linux Security Week newsletters from LinuxSecurity.com are available.

Events

ICICS 2002 CFP. The 4th International Conference on Information and Communications Security will be held in Singapore on December 9 to 12. The Call for papers has gone out; see the ICICS 2002 web page for details.

Upcoming Security Events.
Date Event Location
February 28 - March 1, 2002Secure Trusted OS Consortium - Quarterly Meeting(STOS)(Hyperdigm Research)Chantilly, VA, USA
March 11 - 14, 2002Financial Cryptography 2002Sothhampton, Bermuda
March 18 - 21, 2002Sixth Annual Distributed Objects and Components Security Workshop(Pier 5 Hotel at the Inner Harbor)Baltimore, Maryland, USA
March 18 - 20, 2002InfoSec World Conference and Expo/2002Orlando, FL, USA
April 1 - 7, 2002SANS 2002Orlando, FL., USA
April 5 - 7, 2002RubiconDetroit, Michigan, USA
April 7 - 10, 2002Techno-Security 2002 ConferenceMyrtle Beach, SC
April 14 - 15, 2002Workshop on Privacy Enhancing Technologies 2002(Cathedral Hill Hotel)San Francisco, California, USA
April 16 - 19, 2002The Twelfth Conference on Computers, Freedom & Privacy(Cathedral Hill Hotel)San Francisco, California, USA
April 23 - 25, 2002Infosecurity Europe 2002Olympia, London, UK

For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net.

Section Editor: Jonathan Corbet


February 28, 2002

LWN Resources


Secured Distributions:
Astaro Security
Castle
Engarde Secure Linux
Immunix
Kaladix Linux
NSA Security Enhanced
Openwall GNU/Linux
Trustix

Security Projects
Bastille
Linux Security Audit Project
Linux Security Module
OpenSSH

Security List Archives
Bugtraq Archive
Firewall Wizards Archive
ISN Archive

Distribution-specific links
Caldera Advisories
Conectiva Updates
Debian Alerts
Kondara Advisories
Esware Alerts
LinuxPPC Security Updates
Mandrake Updates
Red Hat Errata
SuSE Announcements
Turbolinux
Yellow Dog Errata

BSD-specific links
BSDi
FreeBSD
NetBSD
OpenBSD

Security mailing lists
Caldera
Cobalt
Conectiva
Debian
Esware
FreeBSD
Kondara
LASER5
Linux From Scratch
Linux-Mandrake
NetBSD
OpenBSD
Red Hat
Slackware
Stampede
SuSE
Trustix
turboLinux
Yellow Dog

Security Software Archives
munitions
ZedZ.net (formerly replay.com)

Miscellaneous Resources
CERT
CIAC
Comp Sec News Daily
Crypto-GRAM
LinuxLock.org
LinuxSecurity.com
Security Focus
SecurityPortal

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Letters

See also: last week's Kernel page.

Kernel development


The current development kernel release is 2.5.5. Linus has released the first 2.5.6 prepatch which contains a number of driver updates, the usual VFS work from Al Viro, an ALSA update, and a new scheme for process migration (see below).

The latest prepatch from Dave Jones is 2.5.5-dj2; it is caught up with 2.5.6-pre1 and 2.4.19-pre1, and adds a number of other small fixes.

The February 27 version of Guillaume Boissiere's 2.5 Status document is available.

The current stable kernel release is 2.4.18, which was released on February 25. It was intended to be identical to the 2.4.18-rc4 release candidate; unfortunately, a slip of the fingers caused the one -rc4 patch to be dropped from the final release. The result is that static applications on a few architectures will not work properly. There was a great deal of discussion on what should be done, but the consensus seems to be that the problem is not that severe. Thus there will not be a replacement 2.4.18 patch, or an expedited 2.4.19.

The 2.4.19 process has begun with 2.4.19-pre1, which adds a rather larger set of fixes, but no real new features.

Alan Cox has a couple of prepatches out there. 2.4.18-ac2 adds a small number of fixes to the 2.4.18 kernel. 2.4.19-pre1-ac2 brings in more stuff, including the USB 2.0 implementation and a number of hotplug support patches.

On the 2.2 front, Alan has released 2.2.21-pre3 which adds another long set of fixes.

Pressure to add new features to 2.4 is growing. Thus far, Marcelo has held a firm line with his 2.4 kernels: almost everything that goes in is a fix for some problem or other. As time goes by, however, there is an increasing number of requests for the merging new features and more intrusive changes. Recently there have been requests for new filesystems (XFS, JFS), USB 2.0, the reverse mapping VM (Rik is not ready to see that merged yet, though he has submitted the portion that shrinks struct page), the new scheduler, the SD many patch, and more. The era of bugfix-only 2.4 releases may be coming to an end.

This situation poses a bit of a challenge to Marcelo. If larger patches start to go into 2.4, chances are that new bugs will be introduced. Now that 2.4 is finally getting truly stable, few people would like to see it be destabilized again. On the other hand, the 2.6/3.0 kernel could well still be two years away; it is unrealistic to expect that 2.4 will stand still for that long. If Marcelo does not release kernels with, at least, the more obvious and safe improvements, somebody else will.

So expect the 2.4 releases to get more interesting. With luck and proper care, they hopefully won't get too interesting...

The proper way to migrate processes. The new scheduler code in the 2.5 series implements, among many other things, per-CPU run queues. Processes normally stay in the same queue, and run on the same processor; there are a number of performance benefits to doing things this way. Occasionally, however, it is necessary to move a process to another CPU; this move can happen as a result of load balancing (fixing a situation where one processor is switching between many tasks while another sits idle), or from an explicit user-space request.

The 2.5.5 scheduler only allows the current process to be migrated to another CPU - essentially, processes must move themselves. This limitation gets in the way of a number of possible applications; it is often desirable to move arbitrary processes around as the result of user-space decisions. So a few people have been working on ways to relax the "current process only" constraint.

Erich Focht posted a patch which implements a "migration interrupt." When a process is to be moved, the target processor is interrupted; it waits until the process is in a movable state, then performs the required operations.

The problem with this approach is that the target processor must wait in the interrupt handler for things to happen - never a good way to do things. If the target processor holds a resource (a spinlock, say) that the process to be moved requires, a deadlock could result. So Ingo Molnar has posted a patch of his own which takes a different approach; this patch was included into the 2.5.6-pre1 prepatch.

The new code works by setting up (yet another) kernel thread on each processor dedicated to the process migration task. When a process is to be moved, it is put onto a queue and the appropriate migration task is awakened. That task can wait for the process to become movable; since it is just running as another process, it can afford to wait as long as necessary (by giving up the CPU) without running the risk of deadlocks. It looks like a scheme that should work well, but expect a round of "what are those migration_CPU* processes?" questions after 2.5.6 comes out.

Doing the BK Thing, Penguin-Style. Jeff Garzik has posted a document on how to do kernel development using BitKeeper. Since Linus's use of BitKeeper is increasingly looking like a permanent thing, this document is recommended reading for anybody who submits patches (even though use of BK is not required).

On the developer's end, this also represents a fundamental disruption in the standard workflow of changes, commits, and merges. You will need to take a few minutes to think about how to best work under BitKeeper, and re-optimize things a bit. In some sense it is a bit radical, because it might described as tossing changes out into a maelstrom and having them them magically land at the right destination... but I'm getting ahead of myself.

Have a look for the complete story.

Other patches and updates released this week include:

Core kernel code:

Development tools:

  • Dan Aloni posted for the Linux kernel. The response has not been terribly positive...

  • Syscalltrack 0.7 was released by Guy Keren.

  • Keith Owens has released for the 2.4.18 kernel.

Device drivers

  • David Miller and Jeff Garzik have released a new Broadcom Tigon3 driver. "It is meant to replace Broadcom's driver because frankly their driver is junk and would never be accepted into the tree." (The latest version is 0.92).

Filesystems:

  • UVFS 0.5, a user-space filesystem implementation, was released by Britt Park.

Miscellaneous:

Networking:

  • Version 0.93 of the Affix BlueTooth stack has been announced by Dmitry Kasatkin.

  • Version 2.4.17-0.4.4 of the Linux SCTP implementation has ben announced by Jon Grimm.

  • The iptstate tool has been released by Phil Dibowitz. "Based on the idea of IP Filter's 'statetop' feature, IP Tables State displays states in your firewall in a top-like format, in real-time."

Ports:

  • James Bottomley has updated his patch for the NCR Voyager architecture.

  • Robert Schwebel has released a new version of his AMD Elan patch.

Section Editor: Jonathan Corbet


February 28, 2002

For other kernel news, see:

Other resources:

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Letters

See also: last week's Distributions page.

Distributions


Please note that security updates from the various distributions are covered in the security section.

News and Editorials

Rock Linux. Rock Linux is a distribution that is worth keeping an eye on. Largely the work of European hackers, Rock Linux has gained a following in Asia and the US as well. Like Debian and Slackware, it's a volunteer project that has found a few sponsors and mirror sites. It also has a portal site and a number of Rock inspired sub-projects.

Rock is a source based distribution, and as such, its not for "woozies", "wimps", "newbies", or the uninitiated. Rock Linux users like to get their hands dirty, setting up configuration files and compiling code. When they are done, they get a rock solid operating system, completely optimized for the hardware it runs on.

On the main Rock Linux stable tree we have an announcement about the Rock Linux 1.5.13 release candidate. The Desktop ROCK Linux (dRock) project has announced the release of version 1.4.1. There are plans to merge dRock with the Rock 1.7 development tree in the future.

Embedded Distributions and new Intel processors. With the Embedded Systems Conference coming up in mid-March, Intel is getting ready by releasing some new processors, suitable for embedded applications. Embedded Linux providers MontaVista and LynuxWorks are close behind, providing ports to these new processors. Here is a progress report from MontaVista on its port of MontaVista Linux to the DBPXA250 Development Platform and the PXA250 Applications Processor. MontaVista has also issued this press release announcing that MontaVista Linux 2.1, will support the new Intel IXP2400, IXP2800 and IXP425 Network Processors. LynuxWorks has also announced that its latest BlueCat Linux will begin shipping for the Intel Internet Exchange Architecture (IXA) Software Developers Kit (SDK) 2.0 for the Intel(R) IXP1200 Network Processor family.

New Distributions

Leka Rescue Floppy. Leka Rescue Floppy is a Linux mini-distribution that installs into one floppy disk. It is meant for disaster recovery, but also contains many fine features like networking support, a dhcpd, a Web browser, and an IRC client. The initial release, 0.50, is dated February 26, 2002. V0.51 was released the following day, with minor bug fixes.

MURIX Cross Hardware Linux. MURIX Cross Hardware Linux is a distribution that aims to function on all hardware platforms. Version 20020205, the initial release, became available on February 24, 2002.

Recovery Is Possible (RIP). Recovery Is Possible (RIP) is not really new. Somehow, though, it managed to evade our list. Until now. RIP is a CD or floppy boot/rescue/backup system with an excellent range of filesystem support. It's available for download here. V48 was released February 26, 2002.

Distribution News

Debian News. The Debian Weekly News for February 20 is available. Covered topics include the new upload system, Debian running over Solaris, the Woody release status, and more.

This Woody release update lists packages to be dropped because they have release critical bugs that have not been fixed.

There is a new Debian based project getting underway. The Debian Aid project is aimed at using Linux as a communications server for Aid Organizations.

Mandrake Linux Community Newsletter. The Mandrake Linux Community Newsletter for February 19, 2002 includes 8.2 Beta Articles at MandrakeForum; Mandrake PPC 8.2 is coming; Security-related Software updates; and more.

Here's the Mandrake Linux Community Newsletter for February 26. It looks at the third Mandrake Linux 8.2 beta, the Mandrake Corporate Club, the business case of the week, and more.

New Red Hat beta: Pensacola. Red Hat has announced a new beta release called "Pensacola." This is a distribution aimed at high-end systems: it includes fancier clustering technology and a kernel which has been tuned for server workloads. Among other things, the kernel includes a POSIX asynchronous I/O implementation - presumably a version of Ben LaHaise's patch, which has not yet been merged into a mainline kernel.

Slackware News. The Slackware current tree has been updated new pkgtools and e2fsprogs packages. See the changelog for details.

Minor Distribution updates

2-Disk Xwindow System. The 2-Disk Xwindow System has released v1.2 with minor feature enhancements.

Astaro Security Linux. Astaro Security Linux released 3.030 beta, with major feature enhancements. Changes include a new install procedure, improved WebAdmin, a new Linux kernel (2.4.17), new logging facilities, new Interface and NAT handling systems, a 'Reject' action for the packet filter, DHCP client and server support, DSL (pppoe) support, a new VPN IPsec handling system (incl. X.509), and a factory reset command line tool.

ClumpOS. ClumpOS has released R5.3 with minor bug fixes.

Wolverine. Wolverine is a firewall and VPN product based on Embedded Coyote Linux. The Alpha 2 (Build 102) release contains major feature enhancements.

Distribution Reviews

Icepack - a distribution to watch (TuxReports). TuxReports reviews Icepack 1.9.8.1. Icepack 2.0 is due to be released at the end of February, 2002. "A reason to sing praises for Icepack is the four Window Managers included by default. They happen to be on my favorite's list. In fact, the menu layout within Window Maker was perfect for immediate use. KDE 2.2.2 and Gnome 1.4 were also ready for immediate productivity. And my absolute favorite manager is XFce."

Red Flag, China's home-grown Linux distribution, is a good start (NewsForge). Linux.com and NewsForge have provided us with an English-language review of Red Flag Linux. "Right away, I suspected that Red Flag was based on Red Hat. I hit return to boot into graphical mode to see how the installer would handle the graphical mode while running under VMware. After the kernel scrolled for a little while, the Red Flag desktop installer came up in an ugly 16-color X server. It was obvious at this point that this was indeed a modified Red Hat installer. Not reading many Kanji, I selected the only option I could understand, English, and proceeded."

Section Editor: Rebecca Sobol


February 28, 2002

Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.

Distribution Lists:
LWN List
DistroWatch
ibiblio
Linux.com
LinuxLinks
Woven Goods

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Letters

See also: last week's Development page.

Development projects


News and Editorials

Omni Printer Driver Version 0.6.0

Version 0.6.0 of the Omni printer driver has been released by IBM. Omni provides printer support by using the Ghostscript framework.

The Omni Project Documentation explains the driver operation and details the process of building XML based printer definition files. More project background is available here. Unfortunately, we were unable to locate any documentation that actually describes the process of installing Omni on any of the common Linux distributions. Hopefully, that information will be forthcoming.

The number of printers that are already supported is large and continues to grow, this version supports 410 printers. This release also adds support for more media types.

With version 0.6.0, a number of bugs have been fixed and some GCC compiling problems have been resolved, see Changelog file for the complete story.

Omni is being distributed under the Lesser General Public License (LGPL). Documentation and code for Omni are available here.

Audio Projects

ALSA packages 0.9.0beta12 released. New development releases of the ALSA sound driver, library, utility, and tools packages are available. Change information is in the source code.

Clusters

Linux High Availability status report. Alan Robertson has sent us the latest Linux High Availability status report, with news from the LWCE conference, Ram Pai's cluster membership algorithm, progress on the Open Cluster Framework API, and more.

CORBA

Help with Designing or Debugging CORBA Applications (Linux Journal). Linux Journal features an article by Frank Singleton on analyzing CORBA network traffic. "This article explores how I have added some useful extensions to an open-source protocol analyzer in order to allow the extraction of OMG IDL (interface definition language) defined data types from TCP/IP traffic (using GIOP/IIOP)."

Databases

Online Training for PostgreSQL. A new Flash-based online training course is available for PostgreSQL. A working knowledge of SQL is recommended.

Database Access Using Lightweight Applets (O'Reilly). Donald Bales writes about database access with applets on O'Reilly's OnJava site."Using HTTP as the communication protocol and a servlet peer for database queries, you can write a rich-content user interface applet that can dynamically interact with a database, yet remain small enough in size to perform well."

Embedded Systems

Embedded Linux Newsletter (LinuxDevices). The LinuxDevices.com Embedded Linux Newsletter for February 21 is out, with a complete roundup of interesting happenings in the embedded Linux world.

Printing Software

GNU Ghostscript 6.53 release. A new release of GNU Ghostscript has been announced. "This release includes the same security update as the 7.04 release, autoconf support, IJS integration, and improved asian text handling from the gs-cjk project."

LPRng 3.8.8 released. A new version of the LPRng print spooler system is available. The CHANGES in Version 3.8.8 include some bug fixes.

Web-site Development

New Bricolage Releases (use Perl). use Perl reports on the new 1.3.0 development release of Bricolage, a Perl-based content management and publishing system. Version 1.3.0 features a new SOAP server, and bug fixes.

A new stable version, Bricolage 1.2.1, has also been announced.

Zope 2.5.1 beta1 released. Zope 2.5.1 beta1 is available. This release fixes a bug that was causing Zope to crash. Other bug fixes and an updated ZODB are included, among other things. See the CHANGES file for all of the details.

Zope Members' News. This week's Zope Members' News items include an announcement for a new Zope Stability document, discussion of Zope 2.5.1 beta 1, Zope training, and more.

Insecure Web Proxy Servers (O'Reilly). Noel Davis looks at a number of common web proxy server vulnerabilities on O'Reilly. "In this column, we look at insecure Web Proxy Servers; buffer overflows in ncurses, Squid, hanterm, and ripMime; and problems in gnujsp, the NetBSD kernel, jmcce, the IRIX Unified Name Service Daemon, and Chuid."

Preventing Cross-site Scripting Attacks (O'Reilly). Paul Lindner describes cross-site scripting attacks and shows how to avoid them when using mod_perl.

Miscellaneous

Packaging software with RPM, Part 3 (IBM developerWorks). Dan Poirier presents part 3 of his series on using RPM packages. "In this article, third in a series, Dan explains how to run scripts when your package is installed or uninstalled, or when other packages are installed or uninstalled."

You may want to start with part 1 and part 2 of the series.


February 28, 2002


Application Links
GIMP
Mozilla
Galeon
High Availability
ht://Dig
mnoGoSearch
MagicPoint
Wine
Worldforge
Zope

Open Source Code Collections
Berlios
Freshmeat
OpenSourceDirectory
Savannah
Le Serveur Libre
SourceForge
Sweetcode

   

 

Desktop Development


Audio Applications

Noatun Gets a Web Interface (KDE.NEWS). Flood is a new web interface plugin for KDE's Noatun media player. See the announcement on KDE.NEWS.

Desktop Environments

GNOME 2.0 beta. The beta release of GNOME 2.0 has been announced. "It is hoped that the real release notes will show up RSN."

GARNOME Preview Two (Gnotices). A new release of GARNOME has been announced. "GARNOME 0.7.0 - the bad-ass, bleeding edge GNOME distribution for testers and tweakers everywhere - is ready for more tire-kicking and bug-bashing. If you're dying to try the GNOME 2.0 Desktop, but don't want to fall into the depraved addictions and co-dependencies of testing from anonymous CVS, then GARNOME is for you."

This week's GNOME Summary. The GNOME Summary for February 23 has wandered in. Covered topics include the GNOME 2 beta release, GStreamer applications, and more.

Coding with KParts (IBM developerWorks). David Faure writes about KParts on IBM's developerWorks. "This article discusses KParts, an architecture for graphical components, found in KDE, the K Desktop Environment. KParts allows applications requiring the same functionality to share a component by embedding the graphical component into the application's window. This article compares KParts with other component models, such as CORBA, and describes the main concepts used in KParts, including actions, plug-ins, part managers, and GUI merging."

Interview with Mandrake's & KDE's David Faure (OSnews). OSnews has interviewed KDE developer David Faure. David discusses Konqueror, KDE object prelinking, and Gnome, among other things. "I do think that Linux will make it on the desktop. I think it has already made it to some desktops, and will continue to improve, thanks to user-friendly interfaces such as KDE, 'konquering' (pun intended) JoeUser's desktop.

My own family is obviously the testing bed for this, I have my own usability labs in the persons of my wife, her sister and my parents."

People of KDE: Jaime Robles. This week's People of KDE focuses on Jaime Robles, team coordinator for the KDE Spanish translations.

Kernel Cousin KDE #32 and #33. Kernel Cousin KDE #32 covers DCOP for C, bleeding edge issues, aRts, KDE Thumbnails, and more.

Kernel Cousin KDE #33 is also out this week, topics include a mini golf game, animated GIFs, an XML configuration proof of concept, an improved malloc, SVG icons, and Kmail configuration migration.

Games

Pykanoid 0.14 released. The Pygame site features a new version of the tile breaking Pykanoid game.

GUI Packages

FLTK v1.1.0b11 Available. FLTK v1.1.0b11 is available. " FLTK 1.1.0b11 contains bug and compile fixes, as well as the initial port of the FLTK 2.0 drag-n-drop support". Also new is FLTKCallback++ 0.0.2.

GTK+ libraries 1.3.15 released. In what is hoped to be the last release before version 2.0, the GTK+ libraries version 1.3.15 has been released. This version features bug fixes and performance improvements.

Interoperability

Kernel Cousin Wine #116. Issue #116 of Kernel Cousin Wine is out. Topics include Wine and Lindows, Wine licensing, DTR flow control, DirectInput key mapping, X11drv color depth, Odin, and more.

Office Applications

AbiWord 0.99.2 released.. Gnotices is carrying an announcement for the 0.99.2 release of AbiWord. This release features bug fixes, a new Thesaurus, and an incremental document loader which allows documents to be viewed as they are loaded. See the release notes for all of the details, the code can be downloaded here.

AbiWord Weekly News. The February 26, 2002 issue of the AbiWord Weekly News looks at the new 0.99.2 release of AbiWord. "If you have not already downloaded it, you probably want to do that ASAP as it fixes many many Bugs and adds/completes quite a few features!"

Kernel Cousin GNUe #16. Issue #16 of Kernel Cousin GNUe looks at GNUe history and philosophy, Unicode support, form tips and tricks, a PHP client for GNUe forms, and much more.

Miscellaneous

gphoto2 2.0 released. Version 2.0 of gphoto2, the digital camera interface program, has been released. "Gphoto2 is a complete rewrite of the award winning gphoto. gphoto2 is now a library to access digital cameras. This library comes with a command-line frontend and others frontends are available separately (gtkam, GnoCam, kamera). "

 
Desktop Environments
GNOME
GNUstep
KDE
XFce
XFree86

Window Managers
Afterstep
Enlightenment
FVMW2
IceWM
Sawfish
WindowMaker

Widget Sets
GTK+
Qt
   

 

Programming Languages


C

GCC 3.0.4 released. GCC version 3.0.4 has been announced. This release mainly features a number of bug fixes for C++ compiler and library problems. A new 3.1 release branch is also planned. (Thanks to Pat Eyler and Craig Rodrigues.)

Caml

Caml Weekly News. The February 19-26 edition of the Caml Weekly News is out. Topics include embedded ocaml, Osiris 1.0, and XML light.

COBOL

TinyCOBOL 0.57 released. Stable version 0.57 of TinyCOBOL is available. Downloads are available here.

Java

Java 1.4 available. Sun released Java version 1.4 a few weeks ago. See Sun's documentation on the Java 2 Platform and the Java 2 SDK new features for all of the details. (Thanks to Adrien Beau.)

Extending XML tools with Jacl scripts (IBM developerWorks). Phil Whiles introduces Jacl scripts on IBM's developerWorks. "This article shows how to extend open-source Apache XML tools using Jacl, a Java implementation of the popular Tcl scripting language. With Jacl, you can embed scripted functionality within XML or XSL."

Lisp

Yadda Lambda Lisp Magazine. A new online Lisp magazine has been announced. Known as Yadda Lambda, the magazine is currently soliciting articles for it's first issue, which will come out in April, 2002.

Common Lisp Cookbook moves to SourceForge. The collaborative Common Lisp Cookbook project has been moved to SourceForge.

Perl

Hietaniemi Posts perl 5.8.0 Time Line (use Perl). Jarkko Hietaniemi has posted a time line for Perl 5.7.3 and 5.8.0. The latter is to be released before the end of May. Read about it on use Perl.

mod_perl Developer's Cookbook source code. The source code has been made available for the mod_perl Developer's Cookbook. (Thanks to Paul Lindner.)

Why mod_perl? (O'Reilly). Stas Bekman introduces mod_perl on O'Reilly's perl.com. "In this article, I'll give an initial introduction to mod_perl, make you want to give it a try and present a few examples of the well-known sites that are powered by mod_perl enabled Apache."

PHP

PHP Weekly Summary for February 25, 2002. The February 25, 2002 PHP Weekly Summary is out. Topics include a new fmod() function, socket extensions, disabling magic quotes, FOSDEM pictures, and more.

PHP-GTK version 0.5.0 has been released. Version 0.5.0 of PHP-GTK has been released. See the change log for all of the details.

Python

The latest from the Daily Python-URL. This week, the Daily Python-URL looks at decompyle, Java-Python Extension version 2.0, Ogre, PYX, Grouch, XPipes, Fle3, PyTheater, and much more. It's been a busy week for Python development.

This week's Python-URL. Here's . Topics include scripting C++ from Python, Python daemons, a logo-like turtle graphics library, and more.

Ruby

This week on the Ruby Garden. This week's Ruby Garden articles include a discussion on the problems with eXtreme Programming, IO orthogonalization, Ruby licenses, and more

Ruby Weekly News. The latest Ruby Weekly News looks at the ruby-lang IRC, Ruby Graph Library 0.1, the Ruby Hardware Definition Language, RubyConf 2002, and more.

XML

XML 2.0 -- Can We Get There From Here? (O'Reilly). Kendall Grant Clark writes about the process of formulating the XML 2.0 specification. "Whatever XML 2.0 eventually becomes technically, the process that creates it will be more social and political than anything else, and it's that process which seems perilous and fragile at best."

Integrated Development Environments

GNUstep Weekly Editorial. The February 21, 2002 GNUstep Weekly Editorial is out with reports of the latest progress in the GNUstep object oriented development environment.

Miscellaneous

Handling attachments in SOAP (IBM developerWorks). Joshy Joseph discusses SOAP attachments on IBM's developerWorks. "Web services will require the ability to send more than just text messages between services in a process. Often it will involve complex data types such as language structures, multimedia files, and even other embedded messages. This article takes a look at how the SOAP with Attachments specification can be used to send such information."

Section Editor: Forrest Cook

 
Language Links
Caml
Caml Hump
Tiny COBOL
Erlang
g95 Fortran
Gnu Compiler Collection (GCC)
Gnu Compiler for the Java Language (GCJ)
Guile
Haskell
IBM Java Zone
Jython
Free the X3J Thirteen (Lisp)
Use Perl
O'Reilly's perl.com
Dr. Dobbs' Perl
PHP
PHP Weekly Summary
Daily Python-URL
Python.org
Python.faqts
Python Eggs
Ruby
Ruby Garden
MIT Scheme
Schemers
Squeak
Smalltalk
Why Smalltalk
Tcl Developer Xchange
Tcl-tk.net
O'Reilly's XML.com
Regular Expressions
   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Letters

See also: last week's Commerce page.

Linux and Business


Linux International starts telecom marketing initiative. Linux International has announced the launch of a new marketing initiative aimed at promoting the use of Linux in telecommunications applications. "Linux International, leveraging the value of its member companies will conduct market research, publish software porting guides, migration white papers, and solution guides for educating and informing the telecommunication industry, related Independent Software Vendors (ISVs), and reseller channel of the benefits of using or porting to the Linux operating system."

EU lets Microsoft write its Patent Directive. The European Commission has published a press release on software patents, as well as a directive. Its content is, apart from a few minor wording differences, exactly the same as the BSA document EuroLinux obtained last week, which states that the EU plans to pass laws similar to those in the US regarding software patents. The EuroLinux alliance has issued this notice in response.

Update: Here is a letter (in French) from AnShare, Shareware Europe and RUSh urging the EU to reconsider.

SuSE gets investment, new CTO. SuSE has announced the receipt of a EUR 4.4 million investment from a venture capital company with the difficult name of AdAstra Erste Beteiligungsgesellschaft GmbH.

Also announced by the company is the appointment of Boris Nalbach as Chief Technology Officer. This announcement describes the four business units that make up the reorganized company as well.

Caldera International reports first quarter. Caldera has announced its first quarter results. The company lost $11 million on $17.9 million in revenue, which was pretty much what they expected.

Brian Kernighan elected to National Academy of Engineering. Princeton University has announced that Brian Kernighan, professor of computer science, was elected for "contributions to software and to programming languages."

Virtuozzo 2.1: 2000 instances of Linux on an Intel-based Server. For those who wish they could partition their commodity servers like an IBM mainframe: SWSoft has announced that the beta version of Virtuozzo 2.1 was able to run over 2000 Linux instances on a Dell 8450 server. SWsoft's chief engineer, apparently, is Linux networking guru Alexey Kuznetsov.

Opera launches Opera 6.0 for Linux Beta 1. Opera Software ASA unleashed Opera 6.0 for Linux Beta 1 with a wide range of speed-boosting functions and exclusive features only available to Linux users.

Upgrade Program Enables Easy Trade-Up From Windows NT 4.0 Server To Sun Cobalt Server Appliances. Sun Microsystems, Inc. has announced an aggressive upgrade program to enable current Microsoft Windows NT Server 4.0 customers to easily trade up to Sun Cobalt RaQ(TM) server appliances or Sun Cobalt Qube(TM) appliances running Linux.

Red Hat Embedded Year 2001 in Review. Red Hat has issued a press release reviewing the company's accomplishments in the embedded arena.

The O'Reilly Community Press. O'Reilly has announced the launch of its "Community Press." It will be a new line of books publishing reference works which are freely available on the net; the first book will be the MySQL Reference Manual.

Linux Stock Index for February 22 to February 27, 2002.
LSI at closing on February 22, 2002 ... 25.48
LSI at closing on February 27, 2002 ... 25.89

The high for the week was 26.02
The low for the week was 25.48

Press Releases: