[LWN Logo]

Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise news for all interests

 Main page
 Linux in the news

Other LWN stuff:
 Daily Updates
 Linux Stocks Page
 Book reviews
 Penguin Gallery

 Use LWN headlines
 Advertise here
 Contact us

Recent features:
- RMS Interview
- 2001 Timeline
- O'Reilly Open Source Conference
- OLS 2001
- Gaël Duval
- Kernel Summit
- Singapore Linux Conference
- djbdns

Here is the permanent site for this page.

See also: last week's LWN.

Leading items and editorials

The Digital Speech Project got a boost this week when the Free Software Foundation announced its support[Digital Speech] for the effort. The purpose of the project is to attempt to bring some sanity to U.S. intellectual property laws; in particular, the project has targeted the DMCA and the (proposed) SSSCA. The FSF has joined in by hiring organizer Jonathan Watterson to work on digital speech issues.

The FSF is right to be concerned about the DMCA and SSSCA, of course. Consider this description of the SSSCA from a recent Wired article:

A version of the SSSCA obtained by Wired News prohibits creating, selling or distributing 'any interactive digital device that does not include and utilize certified security technologies.' The SSSCA also creates new federal felonies, punishable by five years in prison and fines of up to $500,000.

Any system built on free software will certainly qualify as an "interactive digital device that does not include and utilize certified security technologies." It is going to be an interesting time if free software is made illegal. Any attempt to ban free software will be futile, of course, but that wouldn't stop the ruining of numerous lives in the process. It is better to avoid that situation altogether - and that requires action now.

(One bit of useful action for U.S. folk might be to respond to a call for views on "the application of copyright law to the digital environment" from a House subcommittee. The House is the most likely place to stop the SSSCA, so they should know what we think.)

Red Hat's year-end results. Red Hat has announced its financial results for the end of its fiscal year. Since Red Hat is one of the most prominent free software businesses, and since it has been making claims of profitability, its results are worth a close look. The details have to wait for the company's SEC filing, of course; for now, we have to content ourselves with the press release.

The company claims an "adjusted net income" of $1 million for the quarter, on revenue of $18.6 million.. "This represents the fourth consecutive quarter in which the company has delivered profitable or breakeven results." Once you un-adjust the figures, of course, the picture is a little different. When the accounts are run in accordance with GAAP (generally accepted accounting principles), that $1 million profit turns into a $28.9 million loss.

One can argue that much of that loss is an accounting artifact, since is made up of "goodwill" writeoffs and such. A bit over $2 million of that loss, however, is in the form of cash severance payments to the company's laid-off network consulting group. So, while Red Hat is hardly failing, its claims of sustained profitability only work with sustained funky accounting. They may yet get there for real, however.

This time around, Red Hat has decided that its mission is "delivering open source solutions to the Global 2000." So the press release hypes the company's new big-name customers (AOL, UBS, Morgan Stanley, Amazon, Cisco, Nortel, Dell, GE Medical, Dreamworks, Oracle, Deutsche Bank, Siemens, and BP), and deemphasizes other areas of business.

It is, perhaps, most interesting to look at the performance one of those deemphasized business areas: embedded systems. With its acquisition of Cygnus, Red Hat should be positioned to do well in the embedded arena. So it is discouraging to examine the trend of Red Hat's embedded services revenues (in millions):

ServiceFeb 2001Nov 2001Feb 2002

In other words, Red Hat's total embedded revenue has dropped from $7 million to $2.4 million over the course of a year. That hurts.

It has been a hard time to run a business, and one could blame a reduction in revenues on the difficult economy. But Red Hat was able to increase its "enterprise" revenues slightly during the last quarter. It's hard to avoid the conclusion that Red Hat's embedded business is slipping away. If this decay continues, a point could come where Red Hat's contribution to important related free software (i.e. gcc) is sharply reduced. Some people have been known to worry about Red Hat's dominant position with regard to gcc, but few would like to see it cut back in this way.

Followup: Hurd and proprietary software. Last week we speculated on whether Richard Stallman's comments on the upcoming Hurd release suggested that Hurd-based systems would not be allowed to run proprietary software. It turns out we speculated wrong. There will be no attempt to keep proprietary software off the Hurd kernel. We regret any confusion that our speculations may have caused.

That still leaves open, however, the question of what the comments did mean. There is, after all, no difficulty in building 100% free systems based on the Linux kernel, and a number of distributors do so. What will be different about a Hurd-based system? According to Mr. Stallman:

Many versions of the GNU system are available (typically they are GNU/Linux systems, using Linux as the kernel), but none of them follows our criteria for free software. Debian comes closest, but their criteria are different and they also distribute software they do not consider free.

We are working at clarifying things further, in an attempt to discover (and fairly represent) what the Free Software Foundation's objections are with regard to the existing, fully free distributions. Stay tuned...

Donations. The response to last week's request for donations for LWN met with a tremendous response; over $5,000 has been donated by our readers. This amount of money, of course, is not enough to keep an operation going for very long, but it could well prove to be the crucial bridge that keeps the lights on while we work on longer-term solutions. It is extremely gratifying that our readers are willing to help support us in that way. We can't thank you enough.

Our new LWN Supporters Page lists the LWN contributors who were willing to be thanked in public.

We have received a few complaints about the use of Paypal. We understand that not everybody likes or wants to work with Paypal, and we are working on alternatives. Paypal has the advantage of being quick and easy to set up, which is why we went to it first. Things like credit card processing will take longer.

Of course, it's still not too late to donate if you haven't done so already...

Inside this LWN.net weekly edition:

  • Security: Too much Trust?; Flaws won't undermine Linux; reports & updates
  • Kernel: The fastest kernel compile; splitting the VM patches; exit functions.
  • Distributions: RTFM!; No source for Sorcerer; Netule, Network Module.
  • Development: Knoda database frontend, frequency domain audio tools, iptables-1.2.6, BioPerl 1.0, Bricolage 1.2.2, AxKit 1.5.1, Xfsamba 0.44, Python 2.2.1c1.
  • Commerce: Free Software Foundation Announces Support of the Affero General Public License; Announcement of the EGOVOS SELinux Distribution.
  • Letters: Thinking with your gonads; Hurd.
...plus the usual array of reports, updates, and announcements.

This Week's LWN was brought to you by:

March 21, 2002


 Main page
 Linux in the news

See also: last week's Security page.


News and Editorials

Too much trust in open source? (ZDNet). ZDNet looks at the recent security vulnerabilities and asks whether free software is really more secure. Quoting Linus Torvalds: "In the open-source community, the community has so far been pretty good at policing itself without the embarrassment. Do bugs happen? Yes, of course. But do they get found and fixed without a new virus of the week that costs a few billion dollars of user time? You bet."

Analysts: Security flaws won't undermine Linux (ComputerWorld). ComputerWorld talks to security analysts about recent security problems. "Alan Paller, research director at the SANS Institute, a Bethesda, Md.-based nonprofit security group, said it's not a surprise that more vulnerabilities are showing up in Linux, since the operating system is being used more widely in corporate computing. The larger deployment of the operating system means more problems are likely to be seen in larger numbers, Paller said." (Thanks to Jay R. Ashworth)

March CRYPTO-GRAM newsletter. Bruce Schneier's CRYPTO-GRAM Newsletter for March is out. It looks at the SNMP vulnerabilities, the IETF draft "responsible disclosure" standard, cryptography and terrorism, and more. "CERT took on the task of coordinating the [SNMP] fix with the major software vendors, and has said that the reason publication was delayed so long is that there were so many vendors to contact. CERT even had problems with vendors not taking the problem seriously, and had to spend considerable effort to get the right people to pay attention. Lesson #1: If bugs are secret, many vendors won't bother patching their systems."

Security Reports

Mandrake Linux update for rsync. Ethan Benson reported that rsyncd fails to remove supplementary groups (such as root) from the server process after changing to the specified unprivileged uid and gid. Mandrake has provided an rsync update which fixes the problem. "This seems only serious if rsync is called using "rsync --daemon" from the command line where it will inherit the group of the user starting the server (usually root)."

web scripts. The following web scripts were reported to contain vulnerabilities:

  • ARSC Really Simple Chat v1.0.1 and v1.0 had a system information path disclosure vulnerability reported by Ahmet Sabri Alper in this advisory. The problem is fixed in version 1.0.1pl1.
  • Ahmet Sabri Alper has also reported cross site scripting vulnerabilities in News-TNK, BG Guestbook and Board-TNK which "would allow a remote attacker to send information to victims from untrusted web servers, and make it look as if the information came from the legitimate server."

Proprietary products. The following proprietary products were reported to contain vulnerabilities:


Apache mod_ssl buffer overflow vulnerability. According to this announcement "modssl versions prior to 2.8.7-1.3.23 (Feb 23, 2002) make use of the underlying OpenSSL routines in a manner which could overflow a buffer within the implementation. This situation appears difficult to exploit in a production environment[...]." (First LWN report: March 7).

This week's updates:

Previous updates:

Buffer overflow in CUPS. Versions of the Common Unix Print System prior to 1.1.14 have a buffer overflow vulnerability. (First LWN report: February 14).

This week's updates:

Previous updates:

Remotely exploitable buffer overflow in Ecartis/Listar. Janusz Niewiadomski and Wojciech Purczynski reported a remotely exploitable buffer overflow in address_match(). The other vulnerabilities in their report not addressed by the updates listed below are "ineffective privilege dropping in listar" and "multiple local vulnerabilities." Listar is a mailing list manager similar to Majordomo or Listserv. (First LWN report: March 14).

This week's updates:

Both PHP3 and PHP4 have vulnerabilities in their file upload code which can lead to remote command execution. This one could be ugly; sites using PHP should apply updates at the first opportunity. If an update isn't available for your distribution, users of PHP 4.0.3 and later are encouraged to consider disabling file upload support by adding this directive to php.ini:

	file_uploads = Off

CERT has issued this advisory on the problem. This article in the Register also talks about the vulnerability. (First LWN report: March 7).

Developers using the 4.2.0 branch, are not vulnerable because because file upload support was completely rewritten for that branch.

This week's updates:

Previous updates:

Update: Despite some concern expressed in an earlier report by LWN, these updates do, in fact, fix the problem. The original update from the php team fixes the security hole but introduces a "rare segfault condition" that is not a security problem.

zlib corrupts malloc data structures via double free. This vulnerability impacts all major Linux vendors. It may impact every Linux installation on Earth. Updates are required to zlib and any packages that were statically built with the zlib code. (First LWN report: March 14).

LinuxSecurity describes the vulnerability and coordinated distributor efforts in detail. "Packages including X11, rsync, the Linux kernel, QT, mozilla, gcc, vnc, and many other programs that have the ability to use network compression are potentially vulnerable."

Updating is recommended. As always, please proceed with caution when applying updates to the kernel.

This week's updates:

Previous updates:

See also: articles in ZDNet and The Register about the zlib vulnerability. And, these reports from ZDNet and Vnunet on this vulnerability in some of Microsoft's major applications.


Paranoid Penguin: Hardening Sendmail (Linux Journal). Mick Bauer shares his secrets of a secure sendmail install. "Well, contrary to popular belief, sendmail isn't a total loss where security is concerned, nor does it require learning the arcane syntax of sendmail.cf (although hardcore sendmail gurus do indeed master it). This month we examine these and other sendmail security controversies, using sendmail's handy m4 macros to rapidly build a secure but functional Simple Mail Transport Protocol (SMTP) gateway to handle internet mail."

The Linux Virus Writing HOWTO. Alexander Bartolich's Linux Virus Writing HOWTO describes "how to write parasitic file viruses infecting ELF executables on Linux/i386. Though it contains a lot of source code, no actual virus is included."

Linux security week. The and publications from LinuxSecurity.com are available.


Upcoming Security Events.

FOSE SELinux Panel. There is a Security Enhanced Linux (SELinux) panel at the FOSE conference in Washington D.C. today, Thursday, March 21, 2002.

Date Event Location
March 21, 2002Sixth Annual Distributed Objects and Components Security Workshop(Pier 5 Hotel at the Inner Harbor)Baltimore, Maryland, USA
April 1 - 7, 2002SANS 2002Orlando, FL., USA
April 5 - 7, 2002RubiconDetroit, Michigan, USA
April 7 - 10, 2002Techno-Security 2002 ConferenceMyrtle Beach, SC
April 14 - 15, 2002Workshop on Privacy Enhancing Technologies 2002(Cathedral Hill Hotel)San Francisco, California, USA
April 16 - 19, 2002The Twelfth Conference on Computers, Freedom & Privacy(Cathedral Hill Hotel)San Francisco, California, USA
April 23 - 25, 2002Infosecurity Europe 2002Olympia, London, UK
May 1 - 3, 2002cansecwest/core02Vancouver, Canada
May 4 - 5, 2002DallasConDallas, TX., USA
May 12 - 15, 20022002 IEEE Symposium on Security and Privacy(The Claremont Resort)Oakland, California, USA
May 13 - 14, 20023rd International Common Criteria Conference(ICCC)Ottawa, Ont., Canada
May 13 - 17, 200214th Annual Canadian Information Technology Security Symposium(CITSS)(Ottawa Congress Centre)Ottawa, Ontario, Canada
May 27 - 31, 20023rd International SANE Conference(SANE 2002)Maastricht, The Netherlands
May 29 - 30, 2002RSA Conference 2002 Japan(Akasaka Prince Hotel)Tokyo, Japan

For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net.

Section Editor: Dennis Tenney

March 21, 2002

LWN Resources

Secured Distributions:
Astaro Security
Engarde Secure Linux
Kaladix Linux
NSA Security Enhanced
Openwall GNU/Linux

Security Projects
Linux Security Audit Project
Linux Security Module

Security List Archives
Bugtraq Archive
Firewall Wizards Archive
ISN Archive

Distribution-specific links
Caldera Advisories
Conectiva Updates
Debian Alerts
Kondara Advisories
Esware Alerts
LinuxPPC Security Updates
Mandrake Updates
Red Hat Errata
SuSE Announcements
Yellow Dog Errata

BSD-specific links

Security mailing lists
Linux From Scratch
Red Hat
Yellow Dog

Security Software Archives
ZedZ.net (formerly replay.com)

Miscellaneous Resources
Comp Sec News Daily
Security Focus


 Main page
 Linux in the news

See also: last week's Kernel page.

Kernel development

The current development kernel release is 2.5.7, which was released on March 18. This will be the last such release for a while, since Linus has headed off for a two-week vacation. This release contains some fairly big patches, including:
  • The current ACPI patch from Andrew Grover and company. ACPI did not work particularly well in the prepatches, but a number of the problems have been dealt with for the 2.5.7 final release.

  • The NAPI work by Jamal Hadi Salim, Robert Olsson, and Alexey Kuznetsov. NAPI changes the way the kernel handles network traffic, with the intent of greatly improving performance on high-performance systems. It was discussed on this page back in October. (See also the NAPI HOWTO document that was merged into the kernel source).
Also included is a bunch of USB work, an ALSA update, more reworking of the IDE code, some NFS work (including Alexander Viro's new "nfsd" filesystem), the fast user-space mutex ("futexes") patch, a VLAN code thrashup, and no end of other fixes. It's a big patch.

The latest from Dave Jones is 2.5.6-dj2, which adds a number of fixes and updates to the 2.5.7-pre2 kernel.

Guillaume Boissiere updated his 2.5 status summary on March 20.

The current stable kernel release is 2.4.18. The current 2.4.19 prepatch is 2.4.19-pre4; it includes a massive m68k update, the new video device code, and a great many other fixes.

Alan Cox's latest 2.4.19 patch is 2.4.19-pre3-ac4.

For those of you who aren't into all that bleeding-edge 2.4 stuff, David Weinehall has released 2.0.40-rc4 which should, with luck, turn into a real 2.0.40 soon.

Note that other kernel tree announcements now appear with the rest of the patches at the bottom of the page.

Kernel compilation benchmark update. When we last checked in with the fast-kernel-compile benchmark crowd (in last week's LWN Kernel Page) they had managed to get a kernel compilation down to just over 10 seconds. The record has fallen, however: Anton Blanchard has announced that he was able, through use of a 32-way PowerPC64 system, to build the benchmark kernel in 7.52 seconds. "...not a bad result for something running under a hypervisor."

Watch for sub-second kernel compilations, coming soon to a million-dollar machine near you...

The obligatory BitKeeper update. Marcelo Tosatti has announced that he is now using BitKeeper to manage the 2.4 code. See this note for information on how to access his tree.

"Discussions" of BitKeeper's licensing continue, not helped by the discovery of a temporary file race vulnerability in the BitKeeper installer. Readers of this page are more than familiar with the licensing arguments, though; we'll not repeat them this time.

Reworking the 2.4 VM patches. The word on the net for some time has been that the 2.4.x virtual memory subsystem almost works as it should; all that remains is to incorporate the last set of patches from Andrea Arcangeli. 2.4 maintainer Marcelo Tosatti has not yet integrated those patches, however; he has wanted to see them split up and documented so that he actually understands what he is putting in. This seems like a not unreasonable approach for a stable kernel maintainer to take. Thus far, however, Andrea has not found the time to rework his patches as requested, so they remain unapplied.

Andrew Morton has decided to try to break this logjam by reworking the patch and splitting it up into a form suitable for submission to Marcelo. Andrew has, in consultation with Linus, annotated the patches and made his own changes (including leaving a few patches out entirely). The result is an interesting view into what still needs to be fixed with the 2.4 virtual memory implementation; it's worth a detailed look.

Andrea's 10_vm-32 patch was split into 24 individual pieces. Andrew has dropped eight of those, leaving 16 patches for consideration:

  • aa-020-sync_buffers changes the way throttling of memory allocators is done. Throttling is done to slow down tasks to the point where the disk can keep up with their memory activity; this patch can cause memory allocators to wait until disk I/O initiated elsewhere in the system (as well as I/O they initiate themselves) has completed.

  • aa-030-writeout_scheduling improves how the "bdflush" kernel thread flushes dirty buffers to disk. Rather than try to write out every dirty buffer in the system in a single run, bdflush now stops partway through. The VM is also made less likely to block writing processes while their dirty buffers are flushed to disk; more of that work is now done asynchronously in bdflush. "This code works well. Fixes the problem where copying a large file between two disks only exercises one disk at a time."

  • aa-093-vm_tunables add some knobs for run-time tweaking of VM performance. They consist of a set of ratios controlling just how much scanning will be done at any given time, and how much memory should be put to different uses.

  • aa-096-swap_out is, according to Andrew, "probably the most important patch." It includes much more aggressive shrinking of kernel caches when memory is tight, and a tweak which keeps the system from repeatedly trying to swap things out when it isn't working. This patch also gets rid of the "out-of-memory killer," taking the approach of simply failing memory allocations instead. The "init" task gets some special protection; its memory allocations will succeed, by spinning and waiting for memory if need be.

  • aa-100-local_pages deals with an interesting fairness issue: a process may go off freeing memory to satisfy an allocation, only to find that, when it's done, other processes have stolen all the pages it freed. Andrea's code kept a whole list of freed pages that the freeing process could use first; Andrew has simplified it to only set aside a single page.

  • aa-110-zone_accounting increases the resolution of the system's memory accounting, and changes the locking rules as well.

  • Small tweaks. A number of the patches perform relatively simple housekeeping or other such tasks; these include aa-010-show_stack, aa-040-touch_buffer, aa-120-try_to_free_pages_nozone, aa-140-misc_junk, aa-150-read_write_tweaks, aa-160-lru_release_check, aa-170-drain_cpu_caches, aa-180-activate_page_cleanup, aa-190-block_flushpage_check, and aa-200-active_page_swapout.

Together, these patches represent a great deal of work by both Andrea and Andrew. With luck, they'll find their way into a better VM in the near future.

Exit sections and monolithic kernels. The kernel has had, for some time, the ability to mark functions and data with an "exit" flag. The traditional use for this marker is to flag functions which are used at module unload time. Modules need cleanup functions so that they can be gracefully removed from the kernel. When those modules are linked statically into the kernel, however, they will never be removed. In this case, functions and data marked with the "exit" flag are simply discarded, making the kernel image smaller.

It's a worthwhile optimization. Anybody who has tried building a kernel with a modern binutils distribution, however, will have experienced the annoying, useless "undefined reference to `local symbols in discarded section .text.exit'" message that accompanies a failed link. The problem is simple: the kernel has numerous pointers to exit functions and data. Usually a human can determine that, in cases where the exit section has been discarded, those pointers will never be used; they are thus harmless. The linker doesn't see things that way, though, and newer versions refuse to complete the link when dangling exit pointers exist.

The workaround has been to define a devexit_p macro which causes exit pointers to disappear in non-modular code. It's a bit of a hack, but it gets the job done. The devexit_p calls have been slowly working their way into the kernel code.

But now Linus has come up with a different approach. Rather than discard all that exit code, why not keep it in the kernel and use it to gracefully shut down the hardware at system shutdown time? The code is there, one might as well make use of it, even if the kernel gets a bit bigger. devexit_p's days in the kernel may be numbered.

Other patches and updates released this week include:

Alternate kernel trees:

  • Andrea Arcangeli's 2.4.19-pre3-aa2 includes the VM-32 patch and a number of performance-oriented fixes.

  • Jörg Prante has released 2.4.19-pre3-jp8, which adds a large set of patches to 2.4.19-pre3.

Core kernel code:

  • Hubertus Franke has posted a well documented patch which speeds up assignment of new process IDs.

  • Neil Schemenauer has released capwrap, a kernel module allowing an administrator to run executables with specific (restricted) capabilities.

  • Version 12h of Rik van Riel's reverse mapping VM code is available.

Development tools:

  • ksymoops 2.4.5 was released by Keith Owens.

  • Karim Yaghmour has released version 0.9.5pre6 of the Linux Trace Toolkit.

Device drivers

  • David Miller has released the eighth beta of the new Tigon3 driver.

  • Jörg Prante has posted instructions for backporting the 2.5 ALSA code to 2.4 kernels.

Kernel building:

  • Roman Zippel has announced a new kernel configuration mechanism. It is designed to be simpler and faster than CML2. See the followup posting for the latest version. "So far I hadn't very much feedback. What's up? Is everyone suddenly completely happy with cml2? Now is your chance to evaluate the alternatives or does this require too much work before you can start flaming?"



  • Jean Tourrilhes has released a version of the new wireless driver API for the 2.4 kernel series.

  • This week's Affix BlueTooth stack release from Dmitry Kasatkin is version 0_96.

  • The Netfilter team has released iptables 1.2.6.

Section Editor: Jonathan Corbet

March 21, 2002

For other kernel news, see:

Other resources:


 Main page
 Linux in the news

See also: last week's Distributions page.


Please note that security updates from the various distributions are covered in the security section.

News and Editorials

RTFM!. We know what it means*. Sometimes, though, it's hard to find the right M to R and that's where the Linux Documentation Project (LDP) comes in. The LDP is a collection of Guides, HOWTOs, FAQs, man pages, and other sources of Linux related documentation. If you are having trouble finding the M you want to R, searching through the LDP site might help. The LWN Development page usually carries the LDP weekly news, with more information on what's new, what's revised, and so on. This week a particular document showed up in the list of new documents. It's really not so much new, as newly revised, with a new maintainer, and it's clearly in need of additional revisions. It's the English-language GNU/Linux distributions on CD-ROM (formerly: The Linux distributions HOWTO). As the name implies, this list of Linux distributions is very focused, covering only popular English-language distributions; specifically compiled for the Intel platform; available on CD-ROM; and easily accessible to the first-time user. As such it is much shorter than the LWN list which includes distributions in many languages and formats. Keeping the list focused allows new users to find the information they are looking for, without becoming overwhelmed by extraneous information.

Martin S. Wheeler is new maintainer of this document, and while he probably doesn't need a barrage of email asking why distribution x, y or z isn't on the list, he could use some help getting this document up-to-date. So if you are a maintainer of a distribution that falls within the scope of this list, check to see if your distribution is covered and follow the directions within the document to add or update the entry for your distribution. We've added a link to the English-language GNU/Linux distributions on CD-ROM document to the right sidebar of this page, along with the other known lists of Linux distributions.

* (For anyone who really doesn't know, it's - Read The Frelling** Manual -
** you may substitute your favorite F-word here).

No source for Sorcerer. Sorcerer GNU/Linux seems to be dead. The listing on Freshmeat is gone and the Sorcerer homepage now only contains only a short announcement which reads, in part: Sorcerer GNU Linux is no longer being distributed under the GNU/GPL license. If you have problems with this then write your own original source based GNU Linux distribution and give it away for free. (Thanks to Ravenhall)

Update: Numerous readers have written in to note that the rumors of Sorcerer's death are premature. Here's the new web page for this distribution. See also SorcererLinux.org for more information on this (fairly twisted) situation.

New Distributions

Netule. A company called Netule has created three new Linux distributions, which are now available for download. The EM-I or Email Module I is a full featured Email Server based on Sendmail; the WM-I or Web Module I is a vastly simplified Web Server based on Apache; and the FM-I or Firewall Module I is released in partnership with Astaro Security Linux. Netule products are a combination of open and closed source and are available bundled with hardware.

Distribution News

Debian GNU/Linux. The Debian Weekly News for March 13, 2002 contains news about the Woody release status, the Project Leader Elections debate, and congratulates Debian developer Bart Bunting for two gold medal wins in this year's Paralympics.

The DPL debate is now scheduled for 21:00 UTC Saturday, March 23, 2002. The start of the voting period has been postponed to 00:00 UTC, March 24th, 2002.

Mandrake Linux 8.2 is Available. MandrakeSoft has announced the release of Mandrake Linux 8.2. Features include support for encrypted filesystems, SMP support, easy setup for printers and scanners, a redesigned Mandrake Control Center, lots of new configuration wizards, and more.

MontaVista Linux. MontaVista Software Inc. has announced that MontaVista Linux will support IBM's new 440GP PowerPC microprocessor.

Red Hat Linux. Red Hat has updated e2fsprogs packages available, which fix many ext3 bugs. This advisory says that new versions of the Red Hat Network Update Agent and Registration Client are now available. These new versions include new features, optimizations, and bug fixes.

Keep an eye out for 'Skipjack', the code name for the newest Red Hat beta. The ftp site was not open for anonymous ftp as of this writing, but it might be open by the time you read this. Try ftp.redhat.com/pub/redhat/linux/beta/skipjack/

Slackware Linux. Slackware also has updated e2fsprogs packages available for Slackware current.

SuSE Linux. SuSE Linux announced that the latest version of its advanced enterprise operating system, the 64-bit SuSE Linux Enterprise Server 7 for IBM eServer zSeries, will be available by the beginning of May.

Turbolinux Speeds Enterprise Acceptance of Linux. Here is a press release about Turbolinux 7 Server, "the first Linux distribution to conform to Li18NUX internationalization standards."

Yellow Dog Linux. Terra Soft is preparing to release Yellow Dog Linux 2.2; with Gnome 1.4, kernel 2.4.18 and XFree86 4.2.0; all built from a Red Hat 7.2 foundation. It should be out soon.

Minor Distribution updates

Astaro Security Linux. Astaro Security Linux has released v3.040 beta with major feature enhancements.

Devil-Linux. Devil-Linux released v0.5 beta 6 with lots of changes.

Keeper Linux. Keeper Linux has released KL 1.1a, with TinyLogin and other minor updates.

Kondara MNU/Linux. The Kondara Project has released Kondara MNU/Linux 2.1 code named "Asumi". (Thanks to Maya TAMIYA)

Libranet GNU/Linux. The folks at Libranet GNU/Linux have decided to set up a pay for download scheme to help out with the bills.

NSA Security Enhanced Linux. NSA Security Enhanced Linux has released v2002031409 with minor feature enhancements.

Vine Linux. Vine Linux has announced the release of Vine Linux 2.5 beta 1, available for i386 and PPC processors.

Distribution Reviews

Linux on a Floppy, an Intro to Mini Linux Distributions Version 1.0 (Linux Orbit). Linux Orbit introduces some mini-distributions, including Trinux, the Crash Recovery Kit, and tomsrtbt. "If you've ever been stuck on the freeway with a flat tire and no jack, you know what it's like to have a Linux system crash and not have a boot disk. And although nearly every Linux distribution company asks you make a boot/recovery floppy when you install Linux for the first time, many users skip this important step. Out of the boot/recovery disk concept was born the Mini-Linux distribution."

Lycoris Desktop/LX: The World's Flower Power (Tux Reports). Tux Reports focuses on usability in this review of the Lycoris Desktop/LX operating system. "I was surprised that my students latched onto Lycoris so readily. This says a lot about it's usability for novices. Clearly, Lycoris hit the mark for a Windows network. This Linux distribution worked well on a mid-sized Windows network. Students used it without complaining. We'll keep it on this network so that students can work with the school website (hosted on a Linux box)."

MandrakeSoft adds Office to Linux (ZDNet). This ZDNet UK article covers the release of Mandrake Linux 8.2, with a focus on the software that will be added to the boxed sets. "When the boxed product ships in April, version 8.2 will be the first Mandrake Linux version to include the office suite StarOffice 6.0 and the Outlook clone Evolution 1.02, both of which are considered to be significantly improved over earlier editions."

MandrakeSoft, SuSe add new life to Linux (ZDNet). This ZDNet UK article takes a look at Mandrake Linux 8.2 (which is already available for download) and the upcoming SuSE Linux 8.0. "SuSE Linux 8 includes tweaked versions of its e-mail client, organizer and media players. Other multimedia features include support for CD writing, video playback and editing, the Kooka scanning application, and version 0.9 of the Advanced Linux Sound Architecture."

Section Editor: Rebecca Sobol

March 21, 2002

Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.

Distribution Lists:
LWN List
LDP English-language GNU/Linux distributions on CD-ROM
Woven Goods


 Main page
 Linux in the news

See also: last week's Development page.

Development projects

News and Editorials

The Knoda Database Frontend for KDE

Knoda, ("Knorr's Datenbank"), is a database front end for the K Desktop Environment (KDE). It is based on the hk_classes C++ database library. Knoda works with the Mysql database and the documentation indicates that it can be installed under the Mandrake and SuSE distributions. Knoda was written by Horst Knorr.

"Knoda is a GUI for accessing relational databases in KDE. It comprises a Form generator, a Table and Query generator and a Report Designer." The general information page further details what Knoda can do. The screenshots page shows some examples of Knoda's capabilities.

Version 0.5.1 of Knoda has just been released, new features include support for KDE2 and KDE3 as well as an XML export filter and bug fixes. See the changelog for the complete list and project history.

These pages also have some useful information:

  • The Knoda documentation page, which has the API documentation and several tutorials.
  • The Knoda FAQ which has some useful installation tips.

Knoda can be downloaded here. It is licensed under the GPL and the LGPL.

Audio Projects

MPEG audio analysis tools. We have received an announcement from CSIRO for a set of frequency domain audio analysis tools. Maaate is a framework for doing work with MPEG compressed files, and Bewdy allows one to work with MP3 files. (Thanks to Silvia Pfeiffer.)


SEUL/edu report for March 18, 2002. The March 18, 2002 SEUL/edu report features discussions on GNU license issues in Canada, teaching Linux to high school students, the Free Assessment Summary Tool (FAST), multi-language support for Tux Typing, data formats for educational use, and more.

Embedded Systems

Embedded Linux Newsletter for March 14, 2002. The March 14, 2002 edition of the LinuxDevices Embedded Linux Newsletter is out with the latest embedded Linux news.

Tracking Down Killer Bugs (Dr. Dobbs'). Eric McRae discusses embedded system debugging techniques on Dr. Dobbs'. "In the field of embedded system development, there occasionally arises a bug that defies all normal techniques for discovery. These "killer" bugs are characterized by unpredictability, an unclear hardware/software basis, and their proximity to a major project deadline."

Network Management

iptables-1.2.6 released. Version 1.2.6 of the iptables firewall software has been released. It features a bunch of bug fixes. (Thanks to Harald Welte.)


Tk Family Practice Version 50 Released (LinuxMedNews). LinuxMedNews reports on the latest version of the Tk_familypractice medical record system. Features include an improved install script, better progress note templates, a file chooser dialog, improved internationalization, and more.

BioPerl 1.0 Release (Bioinformatics). Bioinformatics has an announcement for the 1.0 release of BioPerl, a set of Perl extensions for handling biological data. "Bioperl has been used worldwide since 1998 but the project has always used conservative release numbering - for example, for the last 2 years, the stable release series was 0.7. By moving to 1.0, Bioperl is declaring that it is 'feature complete' for sequence handling, the most common task in bioinformatics. "

Web-site Development

Liferay Enterprise Portal v1.0. Liferay, a new J2EE open source portal server has been released for Linux and Windows. The portal is built on Oracle9i. Liferay is licensed under the MIT Open Source License.

Bricolage 1.2.2 Released (use Perl). Version 1.2.2 of the Bricolage content management and publishing system has been announced. "This is a maintenance release with many bug fixes."

This week on Zope Members' News. New items on the Zope Members' News site include a new PHParser, FunctionalTests 0.2, and a note on a Zope talk at the Open Source Content Management Summit in Zurich, Switzerland on Mar 21-22 2002.

Asp2php news. A few updates have been added to the Asp2php project. "Fixed some bugs in the 'function' conversion. I also totally updated the GUI. It should work A LOT better now. "

Apache AxKit 1.5.1 Released (use Perl). A new version of AxKit, a mod_perl mime encoding sniffer for XML files, has been announced. This release features bug fixes, it is also the first release to be included as part of Apache.

Introducing AxKit (O'Reilly). Barrie Slaymaker takes a look at AxKit on O'Reilly's perl.com. "Starting from the basics, this series explains how to install a basic AxKit server and then explores AxKit's more powerful capabilities. "


LDP Weekly News. The March 12, 2002 LDP Weekly News features a new Latvian HOWTO as well as numerous updated documents.

The March 19, 2002 LDP Weekly News mentions that Joy Goodreau will be replacing David Merrill as the collection editor. Thanks go to Dave for all of his hard work, and welcome to Joy. New documents include a Compaq T1500 Linux HOWTO, and an English-language GNU/Linux distributions HOWTO.

March 21, 2002

Application Links
High Availability

Open Source Code Collections
Le Serveur Libre



Desktop Development

Audio Applications

AlsaPlayer 0.99.57. Version 0.99.57 of the AlsaPlayer PCM player is available. This version features bug fixes, added scopes, and more preferences.

Web Browsers

Have You Seen These Hackers? (Mozilla). The Mozilla project is searching for a number of former developers, they need to find them and ask their permission for the relicensing of Mozilla.

Switching from IE to Gecko (NewsForge). NewsForge has an encouraging article about a web browser developer making the switch to Gecko. "Howard Ryan is CEO of Custom Browser, Inc. , a company that codes (you'd never guess from the name) custom Web browsers. He's a Windows guy, and most of his work has been based on Microsoft Explorer's rendering engine. But Howard is starting to use Mozilla's Gecko in his own custom and embedded browsers, and says moving to Gecko from Explorer is not only a good idea, but is amazingly simple for browser developers because, he says, 'the Gecko API is identical to the IE API.'"

Desktop Environments

Kernel Cousin KDE #35. Issue #35 of Kernel Cousin KDE covers recent release candidates for KDE3, Krayon, KOffice file thumbnails, CVS documentation accidents, and more.

People of KDE: Andy Fawcett. One of the more recent endeavours in the KDE world is the KDEduware project. This week dot.kde.org speaks with team member Andy Fawcett. "I help out with the KDE Edu project, doing testing, giving advice (I have some teaching experience), and maintaining some of the website . When we 'went public' with the project, I somehow managed to coordinate getting the text in seven different languages, all in the space of a day, and for which I am very grateful to the poor fools people on IRC who volunteered to translate."

The KDE Three Meeting. Cristian Tibirna has compiled a summary of the recent KDE Three Meeting, which covered various KDE 3.0 development issues.

KDE Worldwide Goes Live. Chris Howells has announced a new project, KDE Worldwide, which aims to promote KDE around the world by assisting with the localization of KDE.

GNOME-2.0 Installation Guide Online (Gnotices). A new GNOME-2.0 Installation Guide has been announced. "This GIG2 explains not only how to compile and install the GNOME 2.0 Desktop Environment itself but also how to compile and install the GNOME 1.4.1 applications into the new GNOME-2.0 Desktop Environment."

New GNOME themes site (Gnotices). Sunshine In A Bag is a new GNOME themes site that has been announced. Its purpose is to be a resource site for all GNOME related themes.

GNOME Summary for March 16, 2002. The March 16, 2002 GNOME Summary looks at Rhythmbox 0.1, GStreamer 0.3.3, GnuCash 1.6.6, Ada bindings for GTK+ 2.0, the GNOME 2.0 desktop Beta 2, and more.

GUI Packages

Python/C# Mania: New Bindings Expand KDE Languages. A number of new bindings have been released for KDE and Qt, adding C# and Python to the list of supported languages.


Xfsamba 0.44 Samba navigator. Version 0.44 of Xfsamba, a GUI-based Samba navigator, has been released. (Thanks to Joe Klemmer.)


KWinTV: Future Vision (KDE.News). KDE.News reports on Richard Moore's latest version of KWinTV, a television card interface for KDE.

Office Applications

AbiWord 0.99.3 Released (Gnotices). In the move towards the AbiWord 1.0 release, the AbiWord team has announced version 0.99.3. "The AbiWord team continues to make great progress towards 1.0. In the 4 weeks since 0.99.2 was released we've closed tons of bugs, completed RTF import/export, added great new image handling facilities and have made AbiWord significantly faster."

Desktop Environments

Window Managers

Widget Sets


Programming Languages


Implementing C++ Servlet Containers (Dr. Dobbs'). John Hinke introduces C++ servelet containers on Dr. Dobb's. "What if the full power of the Java servlet API could be harnessed in C++ to create a pure C++ web application by using the same techniques used when creating Java web applications? C++ developers would then be able to create C++ web applications without needing to use multiple languages, or using a slower technology such as Java or CGI."


Caml Weekly News. The March 19, 2002 Caml Weekl News is available. Topics include profiling, PXP-1.1.4, a lablgtk interface for Gecko, caml-info-look, and a Text Mode Kit.

The Caml Hump. This week, the Caml Hump looks at the TextMode Kit OCaml text mode widget system and caml-info-look, an automatic OCaml info file browser.


JSP Standard Tag Libraries, Part 1 (O'Reilly). Sue Spielman introduces JSP Standard Tag Libraries on O'Reilly's OnJava site. "If a custom tag has been created, tested, and debugged, then it only is logical that, as a developer, you want to grab the golden ring of OOD: reusable components. Working with custom tags is one avenue to explore in the world of reuse. But wouldn't it be better, more efficient, and easier if there was a set of standard tags that solved common problems? Do we really need ten different ways to iterate, or to do conditional processing?"

A taste of 'Bitter Java' (IBM developerWorks). Bruce A. Tate explores Java antipatterns on IBM's developerWorks. "In this article, antipatterns expert and noted author of Bitter Java, Bruce Tate, demonstrates how and why antipatterns are a necessary and complementary companion to design patterns."


CL-BibTeX alpha available. An alpha release of CL-BibTeX, a Common Lisp replacement of the BibTeX bibliograpy database tool, has been announced.


PHP Weekly Summary. The March 17, 2002 PHP Weekly Summary covers streams support, SapDB and PHP, a FastCGI update, fixes for the PHP audit project, interface extension, and Unix Mail, and more.

PHP Documentation Team Meeting. The notes from the PHP Documentation Team Meeting are available online.


Python 2.2.1c1 released. A new candidate for the bugfix release of Python has been announced. No major new features are included, just bug fixes. Testers are being recruited.

This week's Python-URL!. This week's Python-URL! covers Enhanced Generators, NormalDate 1.2, a Python 2.2 bug encounter, an English thesaurus and dictionary thread, a proposed standard logging module, PIL v1.1.3, and more.

This week on the Daily Python-URL. New items on the Daily Python-URL include a list-comprehension syntax discussion, Python 2.2.1 RC 1, a Python Logging System, Python Imaging Library, version 1.1.3, Korean Codecs 2.0.2, and more.


Ruby: Productive Programming Language (Linux Journal). The Linux Journal looks at Ruby. "Ruby has some distinct advantages over Python. It is a far cleaner OOP language with excellent features, and it supports Perl's regex type terse notation. It also scores high in enabling one to write short concise and maintainable code."

The Ruby Garden. This week, the Ruby Garden discusses programmer personalities, Dir.mkdirhier and Dir.rmdirhier, message parameters for abort, the Mutex object, dir methods, and more.

The Ruby Weekly News. The March 18, 2002 Ruby Weekly News features announcements for Ruby Dataquery Shell 0.3.3, rpkg 0.3.1, Ruby-Gnome 0.27, Ruby/SMB beta 2, Ruby/zlib 0.5.1, the Locana GUI and GUI builder 0.81, and more.


Tcl-URL! for March 18, 2002. This week's Tcl-URL! covers try/catch exception handling, garbage collection, embedded TCL legalities, Tcl history, animated GIFs, the Tgdb debugger, and more.


Processing Model Considered Essential (O'Reilly). Leigh Dodds looks at XML processing model issues on xml.com. "This week's XML-Deviant takes a step backwards in an attempt to foreground an issue that has been behind several recent debates in the XML community, namely, the lack of a processing model for XML."

Integrated Development Environments

GNUstep Weekly Editorial. The March 15, 2002 GNUstep Weekly Editorial covers testing on different Objective-C window managers, compatibility between Apple Objective-C++ and gcc, Chinese language support, converting a NeXTSTEP text to speech program to Linux, and GNUstep progress.

Section Editor: Forrest Cook

Language Links
Caml Hump
g95 Fortran
Gnu Compiler Collection (GCC)
Gnu Compiler for the Java Language (GCJ)
IBM Java Zone
Free the X3J Thirteen (Lisp)
Use Perl
O'Reilly's perl.com
Dr. Dobbs' Perl
PHP Weekly Summary
Daily Python-URL
Python Eggs
Ruby Garden
MIT Scheme
Why Smalltalk
Tcl Developer Xchange
O'Reilly's XML.com
Regular Expressions

 Main page
 Linux in the news

See also: last week's Commerce page.

Linux and Business

Free Software Foundation Announces Support of the Affero General Public License, the First Copyleft License for Web Services. The Free Software Foundation (FSF) announced support for the first public license designed to protect software distributed as Web services: the Affero General Public License (AGPL). They also invite public comment on the new license.

Announcement of the EGOVOS SELinux Distribution during the SELinux Panel at FOSE in Washington, DC. Project EGOVOS is an initiative to form a consortium of university-based Open Source/Free Software development centers around the country to take responsibility for producing a secure GNU/Linux operating system. They will be selling the National Security Agency's Security-Enhanced Linux (SELinux) to help with the project funding.

Caldera Education Services Introduces Newest Linux Courseware. Caldera International Inc. revealed Caldera OpenLearning Courseware for Linux solutions. Based on the Linux 2.4 kernel, this new courseware prepares students for Linux Professional Institute (LPI) and CompTIA Linux+(TM) certifications.

Questions about Red Hat and ArsDigita answered (redhat.com). Red Hat has published a FAQ about their acquisition of ArsDigita. "ArsDigita has a reputation for delivering flexible and scalable global content management and collaboration solutions, and has strong Open Source roots, which we think will mesh very well with Red Hat's culture."

POS Shipments Down 7% in 2001 According to IHL Consulting Group. A press release from IHL says that shipments of Point of Sale terminals are down by 7% in 2001. Linus POS terminals show up in the statistics with a small market share, that will probably grow in 2002 due to an ever-expanding Linux presence in the embedded space. "At the operating system level, Microsoft dominated the shipments with 69% of the market with Windows NT/2000/XP (46%) and Windows 9x/CE (23%). IBM's 4690 continued its strength, particularly in the Mass Merchants and Supercenter/Warehouse Clubs where it garnered 80% of all shipments. Linux represented 2% of shipments."

Linux Stock Index for March 15 to March 20, 2002.
LSI at closing on March 15, 2002 ... 27.73
LSI at closing on March 20, 2002 ... 25.69

The high for the week was 27.73
The low for the week was 25.69

Press Releases: