[LWN Logo]
[LWN.net]

Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise news for all interests


Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Letters

Other LWN stuff:
 Daily Updates
 Calendar
 Linux Stocks Page
 Book reviews
 Penguin Gallery

 Archives/search
 Use LWN headlines
 Advertise here
 Contact us

Recent features:
- RMS Interview
- 2001 Timeline
- O'Reilly Open Source Conference
- OLS 2001
- Gaël Duval
- Kernel Summit
- Singapore Linux Conference
- djbdns

Here is the permanent site for this page.

See also: last week's LWN.

Leading items and editorials


Apache 2.0.35 released. The first 2.0 alpha release of the Apache web server was announced just over two years ago - in March, 2000. Since then, the project has seemed to creep along at a slow pace; like Mozilla 1.0, it has been in the background for years, with no stable release in sight. For the most part, this pace has not been a problem for Apache; version 1.3.x works well enough that few people feel the need to make a change.

1.3.x, however, is now officially old software. With the 2.0.35 release, Apache 2.0 is now considered stable and ready for production use. It is now the recommended version of the server; expect to see it start showing up in distributions later this year.

So what has the Apache team been doing all this time? Some of the most significant new features in 2.0 include:

  • The new hybrid process/thread model. Apache has traditionally worked by running a (potentially large) number of processes to handle multiple requests simultaneously. This scheme works well most of the time, but the overhead of running many processes can get large on high-traffic systems. By splitting each process into several lightweight threads, Apache 2.0 is able to get better performance at the high end. It must be time for another Mindcraft benchmark.

  • Apache modules can now be written as filters, making it possible to stack them. Want to process server-side includes in the output of your mod_perl code? Now it's possible.

  • SSL encryption is included in a module packaged with the Apache distribution, eliminating the need to go out and find an SSL plugin from somewhere else.

  • There is also an included module providing WebDAV support.

Other additions include IPv6 support, an improved internal API, the ability to serve multiple protocols, a simplified configuration mechanism, completely rewritten proxy support, and the ability to create customized error responses in multiple languages. Congratulations are due to the Apache team, which has worked long and hard to improve on the world's most popular web server.

The Elcomsoft case will not be dismissed, at least not yet. At a preliminary hearing on April 1, Elcomsoft's lawyers asked for a dismissal of the DMCA-based charges against the company, claiming that U.S. jurisdiction does not extend to a product developed (legally) in Russia. Judge Ronald Whyte didn't buy that argument, however. This result is not all that surprising; the company did, after all, sell the Advanced eBook Processor in the U.S., via a web site hosted in the U.S. The jurisdictional situation thus seems relatively clear.

There are two other motions for dismissal outstanding, however. One is based on claims that the DMCA is overly vague, making it impossible for a company to know if a product is in violation or not. The other challenge is on freedom of speech grounds. Judge Whyte has not indicated when he might rule on those motions.

The next date in this case is April 15, when a "status conference" will be held. Stay tuned.

Licensing terms: what's in a name? Richard Stallman recently objected to our use of the term "reasonable and non-discriminatory" to describe certain classes of software and patent licenses. These licenses, require a payment for the use of the patented technology; the RAND terms just ensure that everybody can use that technology for the same payment. According to Mr. Stallman, the name RAND is inappropriate because:

  • By requiring a fee for use, the license is clearly discriminatory against free software.

  • This discrimination, of course, is not reasonable.

Mr. Stallman's suggested term is "UFO" for "Uniform Fee Only." LWN will likely not drop the use of "RAND" entirely for the simple reason that the term is widely used and recognized. There is a certain appeal to the "UFO" term, though...

Meanwhile, "royalty-free" (RF) licenses are generally considered to be good for free software. But what is one to make of Microsoft's "Royalty-Free CIFS Technical Reference License Agreement," which prohibits the distribution of a CIFS implementation under an "IPR impairing" license - specifically the GPL? It's only "royalty-free" if Microsoft likes your license. These terms appear to be an effort to undermine Samba, which is licensed under the GPL. Whether this attempt will see any success is, of course, another question: the Samba developers have not signed this agreement. It does hint, however, at the possibility of real attacks against Samba - using patents, perhaps - in the future.

Microsoft's language also highlights a common misconception about the GPL that Microsoft, seemingly, wants to encourage. One often sees claims that use of GPL-licensed software can force the release of a company's proprietary source code. In fact, the GPL lacks any such power. A company which distributes software derived from GPL-licensed code is required to make source available and follow the other GPL terms. Should a company fail to comply with those terms, however, there is only one thing that happens: the company loses its right to use the original GPL-licensed code. From the GPL text:

You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do not accept this License.

The loss of the right to use GPL-licensed code can be devastating to a business, but it is not the same as having that business's intellectual property pried away from it.

Inside this LWN.net weekly edition:

  • Security: Red Hat adopts CVE; security breaches rare in Linux environment
  • Kernel: USB reorganization; IDE tagged command queueing; kbuild 2.5 returns; supporting discontiguous memory.
  • Distributions: spyLinux returns to the list; RedHawk Linux.
  • Development: Foomatic Print System, sendmail 8.12.3, AFPL GS 7.20, AlsaPlayer 0.99.59, KDE 3.0, GHC 5.02.3, Pike language.
  • Commerce: EFF Broadcast Protection Discussion Group weblog; Concurrent Introduces iHawk Real-Time Linux Multiprocessor Systems.
  • Letters: CBDTPA, RMS, the way out.
...plus the usual array of reports, updates, and announcements.

This Week's LWN was brought to you by:


April 11, 2002

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Letters

See also: last week's Security page.

Security


News and Editorials

Red Hat Unveils CVE Security Compatibility. Red Hat announced that their security alerts and advisories, including updates issued through the Red Hat Network, will use Common Vulnerabilities and Exposures (CVE) standard names. The CVE project has been working since 1999 to create a standard way of talking about security problems. So far, fifty one organizations have declared that seventy six network security products or services are, or will be CVE-compatible.

Other Linux distributors who have adopted CVE at some level include Caldera, Debian, EnGarde Secure Linux and Mandrake Linux. LWN published a brief introduction to CVE in our February 28th security section.

New Evans Data Survey Reports Security Breaches Rare in Linux Environment. An Evans Data Corp. survey looks at Linux security statistics. "According to CERT, a center for Internet security expertise operated by Carnegie Mellon University, the total number of computer attacks has almost doubled every year since 1988. However, the rarity of security breaches in the Linux environment is illustrated by the fact that 78% of respondents to the survey have never experienced an unwanted intrusion and 94% have operated virus-free."

Open sourcers wear the white hats (ZDNet). Here's an article by Bruce Perens about the difference in the security of open-source and proprietary software. "In contrast, open source has a lot of "white hats" looking at the source. They often do find security bugs while working on other aspects of the code, and the bugs are reported and closed. However, open source can still profit from a formal security review, just as proprietary code can, and there is an accelerating trend to do formal security reviews in open-source projects."

Security Reports

IMP 2.2.8 released. Version 2.2.8 of IMP has been released, it fixes some vulnerabilities. "The Horde team announces the availability of IMP 2.2.8, which prevents some potential cross-site scripting (CSS) attacks. Site administrators should consider upgrading to IMP 3 (our first recommendation), but if this is not possible, IMP 2.2.8 should be used to prevent these potential attacks."

Red Hat Security Advisory - tcpdump. Updated tcpdump, libpcap, and arpwatch packages are available for Red Hat Linux 6.2 and 7.x. These updates close vulnerabilities present in versions of tcpdump up to 3.5.1 and various other bugs.

Red Hat Security Advisory - logwatch. Updated Red Hat Linux 7.2 logwatch packages are available that fix tmp file race conditions which can cause a local user to gain root privileges. Here's the same alert for the Red Hat Powertools logwatch.

web scripts. The following web scripts were reported to contain vulnerabilities:

  • Steve Gustin has reported a remote code execution vulnerability in csGuestBook, csLiveSupport, csNewsPro and csChatRBox. Updates that fix the vulnerability are available from CGIScript.net

Proprietary products. The following proprietary products were reported to contain vulnerabilities:

Updates

Apache spoofed information logging vulnerabilty. Versions of apache prior to 1.3.24 sometimes put invalid client hostnames in the log file. A remote attacker may exploit this behavior to insert spoofed information into the webserver logs. The fix is to upgrade to the recent Apache 1.3.24 release. (First LWN report: March 28th).

This week's updates:

rsync supplementary groups vulnerability. Ethan Benson reported that rsyncd fails to remove supplementary groups (such as root) from the server process after changing to the specified unprivileged uid and gid. "This seems only serious if rsync is called using "rsync --daemon" from the command line where it will inherit the group of the user starting the server (usually root)." (First LWN report:  March 14th, 2002).

This week's updates:

Previous updates:

Multiple vulnerabilities in SNMP implementations. Most SNMP implementations out there have a variety of buffer overflow vulnerabilities and should be upgraded at first opportunity. See this CERT advisory for more. (First LWN report: February 14).

This week's updates:

Previous updates:

zlib corrupts malloc data structures via double free. This vulnerability impacts all major Linux vendors. It may impact every Linux installation on Earth. Updates are required to zlib and any packages that were statically built with the zlib code. (First LWN report: March 14).

LinuxSecurity describes the vulnerability and coordinated distributor efforts in detail. "Packages including X11, rsync, the Linux kernel, QT, mozilla, gcc, vnc, and many other programs that have the ability to use network compression are potentially vulnerable."

Updating is recommended. As always, please proceed with caution when applying updates to the kernel.

This week's updates:

Previous updates:

See also: articles in ZDNet and The Register about the zlib vulnerability. And, these reports from ZDNet and Vnunet on this vulnerability in some of Microsoft's major applications.

Resources

Linux security week. The and publications from LinuxSecurity.com are available.

Network security tips for managers (ZDNet). While not Linux (or Unix) specific, this article does contain some good security tips. "To see what may be listening on the computers in your network, you should use a simple hacker's tool known as a port scanner. Software is used across a network listens to network information on a port. There are a number of ports available on most servers. By using a tool known as a port scanner, a hacker checks for every possible piece of network software. If it answers, the hacker tries to find more information about the computer. The hacker then tries to exploit that port. However, you can use it just as a list of what's listening on a computer and check to make sure you don't have unnecessary software running."

Events

Black Hat Briefings 2002 call for papers. Black Hat has issued this reminder that the Black Hat 2002 Call for Papers closes May 1st. The conference is held from July 31-August 1, 2002 at the Caesars Palace Hotel and Resort in Las Vegas, NV, USA.

Upcoming Security Events.
Date Event Location
April 14 - 15, 2002Workshop on Privacy Enhancing Technologies 2002(Cathedral Hill Hotel)San Francisco, California, USA
April 15 - 19, 2002InfoSec 2002UniNet IRC network (irc.uninet.edu) - channel #infosec
April 16 - 19, 2002The Twelfth Conference on Computers, Freedom & Privacy(Cathedral Hill Hotel)San Francisco, California, USA
April 23 - 25, 2002Infosecurity Europe 2002Olympia, London, UK
May 1 - 3, 2002cansecwest/core02Vancouver, Canada
May 4 - 5, 2002DallasConDallas, TX., USA
May 12 - 15, 20022002 IEEE Symposium on Security and Privacy(The Claremont Resort)Oakland, California, USA
May 13 - 14, 20023rd International Common Criteria Conference(ICCC)Ottawa, Ont., Canada
May 13 - 17, 200214th Annual Canadian Information Technology Security Symposium(CITSS)(Ottawa Congress Centre)Ottawa, Ontario, Canada
May 27 - 31, 20023rd International SANE Conference(SANE 2002)Maastricht, The Netherlands
May 29 - 30, 2002RSA Conference 2002 Japan(Akasaka Prince Hotel)Tokyo, Japan

For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net.

Section Editor: Dennis Tenney


April 11, 2002

LWN Resources


Secured Distributions:
Astaro Security
Castle
Engarde Secure Linux
Immunix
Kaladix Linux
NSA Security Enhanced
Openwall GNU/Linux
Trustix

Security Projects
Bastille
Linux Security Audit Project
Linux Security Module
OpenSSH

Security List Archives
Bugtraq Archive
Firewall Wizards Archive
ISN Archive

Distribution-specific links
Caldera Advisories
Conectiva Updates
Debian Alerts
Kondara Advisories
Esware Alerts
LinuxPPC Security Updates
Mandrake Updates
Red Hat Errata
SuSE Announcements
Turbolinux
Yellow Dog Errata

BSD-specific links
BSDi
FreeBSD
NetBSD
OpenBSD

Security mailing lists
Caldera
Cobalt
Conectiva
Debian
Esware
FreeBSD
Kondara
LASER5
Linux From Scratch
Linux-Mandrake
NetBSD
OpenBSD
Red Hat
Slackware
Stampede
SuSE
Trustix
turboLinux
Yellow Dog

Security Software Archives
munitions
ZedZ.net (formerly replay.com)

Miscellaneous Resources
CERT
CIAC
Comp Sec News Daily
Crypto-GRAM
LinuxLock.org
LinuxSecurity.com
Security Focus
SecurityPortal

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Letters

See also: last week's Kernel page.

Kernel development


The current development kernel release is 2.5.7. The current 2.5.8 prepatch from Linus is 2.5.8-pre3; it includes a big PowerPC64 update, a FireWire update, the new system calls for setting process CPU affinity, a bunch of USB updates, a great deal of merging from the "dj" series, and more.

Dave Jones's latest prepatch is 2.5.7-dj3. There's not much new in it; Dave appears to be concentrating more on feeding changes to Linus at the moment.

The latest 2.5 status summary from Guillaume Boissiere came out on April 2.

The current stable kernel release is 2.4.18. The current 2.4.19 prepatch is 2.4.19-pre6. It includes a long list of networking fixes, a netfilter update, lots of USB updates, and a vast number of other changes. Significantly, this patch also includes a few pieces of Andrea Arcangeli's VM update, as reworked by Andrew Morton. Much of the reworked VM code remains outside of the main 2.4 kernel, however.

Alan Cox's latest prepatch is 2.4.19-pre5-ac3. The most interesting part of this prepatch is the inclusion of Pavel Machek's software suspend code. If you want to actually play with that code, though, you'll also need to apply this patch from Pavel.

Alan has also released 2.2.21-rc3, the third 2.2.21 release candidate.

Reorganizing USB. It's all Lineo's fault. The company announced the contribution of its "USB Device Software" to the Linux kernel. This code allows a Linux system to behave as a device (not the host) on a USB bus; it is used in the Sharp Zaurus PDA. The code was welcomed by all, but it led quickly to the inevitable question: "where do we put all that code?"

After some discussion, it was decided that the USB source tree needed to be reorganized. The final organization looks like this (everything under drivers/usb, of course):

\n"; echo "\n"; } tline ("core", "The core USB code (including device-side code)"); tline ("host", "Controller code for USB hosts"); tline ("device", "Controller code for USB device systems"); tline ("class", "Drivers for USB devices with defined 'class' specifications"); tline ("net", "Network drivers"); tline ("image", "Scanner drivers"); tline ("input", "Input drivers"); tline ("media", "Media drivers (i.e. cameras)"); tline ("serial", "Serial drivers"); tline ("storage", "Storage drivers"); tline ("misc", "Everything else"); ?>
", $dir, "", $desc, "

The resulting changes were merged in 2.5.8-pre3, resulting in a huge patch that, for the most part, just moves files around. The Lineo code has not yet been merged, but it's on the list of things to do.

kbuild 2.5 is back. We last heard from the kbuild 2.5 project, which is mostly the work of Keith Owens, some months ago. At that point, the project had a much improved, cleaner, and more accurate kernel build process which provided some interesting new features. There was just one little problem: a full kernel build took twice as long. That kind of bad news does not get you very far with kernel hackers, who spend a lot of time as it is waiting for kernel builds; Keith was essentially told, politely, to come back when the performance problems had been dealt with. (See the January 3 LWN Kernel Page).

Keith is back. Kbuild 2.5 version 2.0 is now available for 2.4.16, with version for the 2.5 kernel available as well. While previous versions of kbuild worked with a text file that was read at every step in the process, the new kbuild uses a memory-mapped database implementation borrowed from BitKeeper. The database code, like a few other pieces of BitKeeper, has been released under the GPL, so there should be no licensing objections here.

The new code has made a difference. On Keith's system, a full kernel build with the traditional kbuild code takes a full 15 minutes (with everything configured in). With the new code, that time drops to just under nine minutes. If you immediately run a second make on the fully-built tree, things look even better. The old kbuild recompiles a bunch of stuff unnecessarily, resulting in a "build" time of just over two minutes. The new kbuild, instead, figures out that nothing needs to be done in 14 seconds. Says Keith:

More accurate kernel build, easier to write and understand Makefiles, 30% faster than kbuild 2.4. Now the nay-sayers will have to find something else to complain about!

Keith has no plans to try to get the new code into the 2.4 kernel tree ("Changing the kernel build on a stable kernel is a bad idea"), but there will probably be a renewed push to see it incorporated into 2.5. The "nay-sayers" may have to scramble if they want to keep it out.

EVMS 1.0 released. The news is a bit stale (due to the Kernel Page taking last week off), but still worth a mention: the Enterprise Volume Management System team has announced the release of EVMS 1.0, the first full release. EVMS is a high-end system for the management of disk drives, partitions, and volumes; in addition to the usual nice volume management features it supports snapshots, bad block handling, and more. See the EVMS web page for more information.

Tagged command queueing for IDE drives. SCSI drives have supported tagged command queueing (TCQ) for many years. TCQ allows a device driver to attach an identifying "tag" onto each request passed to a drive; the drive will then use that tag when reporting on the status of an operation. This tagging allows the drive to have multiple requests outstanding, and to satisfy them in any order it chooses. TCQ improves performance in a couple of ways:

  • Having multiple operations outstanding reduces idle time by ensuring that the drive always has work to do. In a single-request mode, the drive must wait after signalling completion until the system gets around to handing it another request. In the tagged mode, that next request is already available.

  • The drive can optimize the ordering of requests for the best performance. The Linux filesystem and driver code already tries to perform this optimization, but there limits to how successful the host system can be in this regard. The simple cylinders / heads / tracks model of a disk drive's block layout has been an approximate fiction for years; blocks may not actually be close to where the host system thinks they should be. And it is hard for the host system to know the current head and platter positions. The drive (one hopes) is better informed, and can make better decisions.

TCQ support has been a justification for SCSI user smugness for years. IDE is catching up, however, and Linux is almost ready: Jens Axboe has released a patch which uses TCQ on IDE drives which support that feature. With the release of the second version of the patch, Jens states: "The code has taken quite a lot of beating, so I'm ready to call this beta and ask for more testers. No malfunctions have been detected here."

Note that the patch is still a little way from being ready for widespread enterprise deployment - among other things, no real performance testing has been done yet. Jens has been most concerned with issues like data integrity so far - something that most Linux users will likely appreciate. It's also worth taking a look at this note from Andre Hedrick on the (dismal) state of TCQ support in most IDE hardware.

Nonetheless, the TCQ code has begun to find its way into Martin Dalecki's IDE patch set, and will thus likely show up in a 2.5 prepatch before too long.

Dealing with discontiguous memory. Most computers out there organize their memory as a single, contiguous array of bytes - or something close to that. If there are gaps (such as the x86 memory hole at 640K), they tend to be small and easily worked around. Linux on most systems takes advantage of this contiguous nature by treating memory as a simple, linear array.

But what do you do if your hardware is not so reasonable? The Linux kernel has had discontiguous memory support for some time, but the implementation has not been considered satisfactory by all. Its performance is suboptimal, and the code tends to be strongly tied to specific architectures.

Daniel Phillips has set out to apply an old computer science axiom to this challenge: any problem can be solved by adding another layer of indirection. He has posted a patch which makes some interesting changes to how the Linux kernel sees the memory it runs on.

In kernel space, there is a fundamental distinction between "virtual" and "physical" addresses. Kernel virtual addresses are different from user-space virtual addresses; most of the code treats them as if they were really physical, hardware addresses. In fact, on most architectures, the only difference between (most) kernel virtual addresses and the corresponding physical addresses is a constant offset. The kernel usually works with virtual addresses, translating them to physical addresses only when it is really necessary.

With Daniel's patch, the kernel works with a third address type, called a "logical" address. The characteristics of the three address types, from lowest-level to highest, now are:

The establishment of the logical address space is handled at the lowest levels of the kernel; most of the rest of the system is unaware of it. By setting up the logical address tables properly, the patch takes a system with randomly-organized, discontiguous memory and makes that memory look like a nice, linear array. As a result, most of the kernel code need not be aware of the real arrangement of the hardware.

This patch is a fundamental change in how Linux deals with its memory. Despite that, it is relatively small in size, and it makes it easy for the kernel to deal with complicated hardware arrangements. That extra layer of indirection hides the complexity of the underlying system. Maybe the old axiom is right.

(Here is the latest version of Daniel's patch as of this writing).

SUBTERFUGUE needs a new maintainer. As if in response to the project's having been mentioned in NTK, SUBTERFUGUE maintainer Mike Coleman has announced that he can no longer maintain the project. Have a look if you think you might like to take on this interesting tool.

Other patches and updates released this week include:

Kernel trees:

  • Andrea Arcangeli: 2.4.19-pre6-aa1; a number of fixes and performance patches.

  • Greg Kroah-Hartman: 2.5.7-gregkh-1; includes a great many USB patches.

  • Jörg Prante: 2.4.19-pre5-jp9; the kitchen sink is missing but not much else.

  • Marc-Christian Petersen: 2.4.18-WOLK3.3; also includes the kitchen sink.

  • Christoph Hellwig: 1.0.9-hch1. "After all the discussions about VFS races and VM problems and growing bloat in all areas of the kernel people seem to have forgotten the good old days of the small and simple linux kernels. Even more important the ego of a young kernel developer will suffer in the long term if he doesn't have his own kernel patchkit, so here it is." Yes, it really is based on 1.0.9.

  • J.A. Magallon: 2.4.19-pre5-jam2; updated to the latest Arcangeli VM.

  • Paul P Komkoff Jr: 2.4.19-pre5-ac3-s43.

Core kernel code:

Development tools:

Device drivers

Filesystems:

Miscellaneous:

Networking:

  • Dmitry Kasatkin: Affix 0.98 (Bluetooth stack for Linux).

  • Kazunori Miyazawa: USAGI 3.1, a stable release from this project, which is working to improve Linux IPv6 support.

Ports:

Section Editor: Jonathan Corbet


April 11, 2002

For other kernel news, see:

Other resources:

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Letters

See also: last week's Distributions page.

Distributions


Please note that security updates from the various distributions are covered in the security section.

News and Editorials

spyLinux returns to the list. spyLinux was one of those distributions that disappeared from our Distributions List during the recent upgrade. But it wasn't really gone, only moved to a new web site. And now, thanks to doks, we welcome spyLinux back to the list. spyLinux is (s)mall (py)thon (Linux), a single disk distribution of Linux based on tomsrtbt with mxCGIPython. You'll find listed with the Floppy-based distributions.

RedHawk Linux. Concurrent Computer Corporation's RedHawk Linux is an industry-standard, POSIX-compliant, real-time version of Linux, based on the Red Hat Linux distribution. RedHawk features high I/O throughput, fast response to external events, and optimized interprocess communication. Other real-time Linux versions are small, embedded species. Not RedHawk! This real-time OS tackles the larger industry applications that require both a full featured OS and real-time abilities. While not really new, it's a newcomer to the LWN Distributions list, where it's now listed with the Special Purpose distributions. Concurrent sells complete systems; hardware, software, support and service. See this week's Commerce page for an announcement about the the iHawk(TM) Series 860 high-performance Intel-based multiprocessors running RedHawk.

Distribution News

Debian News. The Debian Weekly News for the week of April 3rd picks the best of April Foolery, and an essay entitled "Debian's Problems, Debian's Future".

Here is the latest Woody Release Status report, dated April 6, 2002. "In that vein, I'm becoming increasingly confident in woody's release readiness. So, to go out on a limb:
Debian 3.0 (codenamed woody) will release on May 1st, 2002.
" A Woody CD image is available for testing.

The third and final call for votes for the Debian Project Leader Election 2002 has been announced. Participation levels are currently lagging behind previous years, so if you are a Debian developer, and you haven't voted yet, vote now.

The 2nd Annual Debian Conference registration page is now available. Debconf 2 will be held in Toronto, Ontario, at York University, from Friday, July 5, to Sunday, July 7, 2002.

FreeBSD. A Developer Preview release of FreeBSD 5.0-CURRENT is now available for widespread testing. This preview is a significant milestone towards the eventual release of FreeBSD 5.0 in late 2002.

Lindows.com's LindowsOS, Sneak Preview 2, Available for Digital Download. Lindows.com has announced the release of Lindows Sneak Preview 2. "One of the new features showcased in LindowsOS Sneak Preview 2 is Click-N-Run(tm) (www.lindows.com/clicknrun), a powerful new tool that opens the door to a world of high-quality software solutions by allowing LindowsOS users to instantly zap software to their machines with one click."

The Future of Mandrake Linux? The Answers!. Gaël Duval answers questions concerning the MandrakeClub. "Did you become concerned after reading the "Future of MandrakeSoft" message that was released on March 11th? Do you feel that MandrakeClub is not an ideal solution for a "for-profit" company? Do you support the idea of the Club, but have been unable to pay? Would you prefer to become a shareholder? Here are the answers to many of these questions and more."

More Mandrake Linux News. The Mandrake Linux Community Newsletter for April 3, 2002 is available. Topics include 8.2 PPC Beta 2; improved printer drivers for HP Inkjets; 8.2 errata online; and more.

Various packages are being provided as bugfix updates to the Mandrake Linux 8.2 release.

Red Hat News. The announcement begins: "It's time for another installment of "As The Packages Churn." In today's episode, the young Cups McDriver continues her quest to wrestle away control of Printers, Ltd. from the powerful L.P.R. Meanwhile a visitor to Skipjack, Alternatives de Debian, tries to mend fences between Hendrik Postfix and Pixie Sendmail. Also Mayor Kernel, still recovering from recent recompiling, tries to bring peace within the Desktop crime syndicate, as the war for control escalates between Keyser Denis Edwards and Gnome Widget."

The second public beta of Red Hat Linux: Skipjack is packed with the very latest technology, including: the 2.4.18 kernel; XFree86 4.2.0; GNOME 1.4, including Evolution; Mozilla 0.9.9; and much, much more.

This week's bug fix advisories:

Slackware News. The testing version of Slackware has seen many upgrades recently, including improvements in nearly every package. Slackware 8.1 is getting closer. See the changes for this week.

Turbolinux News. Newsforge is running a press release from Turbolinux about Birkenstock USA. Apparently Birkenstock is running its ecommerce site on Turbolinux Cluster Server 6.

Embedded Distribution updates

MontaVista Linux. MontaVista announced MontaVista Linux Carrier Grade Edition 2.1, the first carrier-grade quality Linux distribution targeted for edge and core telecommunications including applications for the converging IP and voice networks, optical networks, signaling gateways and Voice over IP (VoIP) gateways, and many other applications.

TimeSys Linux. TimeSys Corporation announced the release of a board support package (BSP) for Embedded Planet's PowerPC-based RPX Lite 823 single board computer (SBC) based on the Motorola PowerPC 823e processor.

Minor Distribution updates

2-Disk Xwindow System. The 2-Disk Xwindow System has released v1.4rc05 with minor feature enhancements.

CRUX. CRUX announced the availability of the CRUX Network Setup, which lets you install CRUX over FTP (i.e. without burning a CD).

Gentoo Linux. Gentoo Linux has announced the release of Gentoo Linux 1.1a. Changes since Gentoo Linux 1.0 include important pam/shadow/util-linux security fixes; support for pppoe installs from our install CDs; various important improvements to Portage; a new design for our nvidia-glx, nvidia-driver and xfree ebuilds; and very many upgrades and improvements to a bunch of packages.

Kondara MNU/Linux. Kondara MNU/Linux has given notice of the termination of releasing "Jirai", a former development branch which is no longer maintained..

Linux From Scratch. Linux From Scratch has released stable version 3.3 with minor bug fixes.

Netstation Linux. Netstation Linux has released development version 0.6 with major bug fixes.

tomsrtbt. A major new version of Tomsrtbt has been released. Version 2.0.0 contains a kernel upgrade (from 2.0.39 to 2.2.20) and lots of other stuff.

Virtual Linux. Virtual Linux will soon release v1.1. A new website is in progress here.

Distribution Reviews

Lindows opens new 'Sneak Preview' (ZDNet). ZDNet reviews the second Lindows preview. "The two features added with the new Lindows software are 'Click-N-Run', an automated process for downloading and installing software, and a set of file viewers designed to handle formats like Word, Excel and Powerpoint."

Section Editor: Rebecca Sobol


April 11, 2002

Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.

Distribution Lists:
LWN List
DistroWatch
ibiblio
Linux.com
LinuxLinks
LDP English-language GNU/Linux distributions on CD-ROM
Woven Goods

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Letters

See also: last week's Development page.

Development projects


News and Editorials

Foomatic Print System Version 1.9 A new version of the Foomatic print driver integration system has been announced by Till Kamppeter.

A little background on Foomatic:

"Foomatic is a system for using free software printer drivers with common spoolers on Unix. It supports LPD, PDQ, CUPS, the VA Linux LPD, LPRng, PPR, and direct spooler-less printing and any free software driver for which execution data has been entered in the database."

In other words, Foomatic forms a kind of "glue logic" that connects a number of common spoolers to the appropriate printer driver software. It derives the connection information from the Linux Printer Compatibility Database.

The project aims to give a more comprehensive solution to the problem of connecting a large number of printers to different spoolers. It is more of a "big picture" solution than most of the vendor-supplied printer configuration tools. A printer that is set up with Foomatic will be able to handle a variety of different input file formats such as Text, PostScript, and common image formats.

Foomatic supports a long list of printer drivers and printers, but it apparently does not work with IBM's Omni printer driver as of this writing.

For an example of what needs to be done to get Foomatic running on your system, see the documentation for running it with LPD/LPRng/GNUlpr. More documentation is provided for other spooling systems.

The new version is a test for the upcoming 2.0 release, and features streamlined installation as well as performance improvements. Installation no longer requires dealing with a large number of Perl libraries. The announcement gives a detailed list of new capabilities, the ChangeLog has more developer oriented information. See the Foomatic version 1.9 USAGE document for installation tips.

This whitepaper (PDF format) for a description of the origins of Foomatic and the LinuxPrinting.org site that hosts Foomatic. Foomatic can be downloaded here.

Databases

psycopg. Federico Di Gregorio has brought our attention to the psycopg project. Psycopg provides a python interface to PostgreSQL. "psycopg is different from the other database adapter because it was designed for heavily multi-threaded applications that create and destroy lots of cursors and make a conspicuous number of concurrent INSERTs or UPDATEs." The current version is 1.0.7-1.

Embedded Systems

LinuxDevices.com Embedded Linux Newsletter. The April 4, 2002 Embedded Linux Newsletter looks at the VTech Helio PDA and embedded Linux in China. An interview with FSMLabs' president Victor Yodaiken is also included.

Mail Software

Sendmail 8.12.3 released. A new version of Sendmail is available. "This version fixes a long-standing MIME (7 to 8-bit) conversion bug and several smaller problems, e.g., a possible communication problem between the MTA and libmilter, a bug in handling (invalid) addresses containing 8-bit characters, a possible problem with small timeouts being lost on slow machines if itimers are used, and the handling of the 421 reply code and timeouts in the SMTP delivery code."

Network Management

Writing PAM-Capable Applications (O'Reilly). Jennifer Vesperman writes about PAM (Pluggable Authentication Modules) on O'Reilly. "This is the first part of a two-part series on writing PAM-capable applications. This part provides the background knowledge and some of the supporting functions necessary for a developer to effectively use the PAM library. The second part will introduce the PAM library functions."

Printing Software

AFPL Ghostscript 7.20 devel release. A new development release of AFPL Ghostscript has been announced. "Major new features include the new Font API for supporting third-party font renderers, a 'diskn' implemenentation, and tightening of the filesystem access security introduced in the previous stable and GPL releases. -dSAFER now restricts read access as well as write, equivalent to -dSAFER -dPARANOIDSAFER in earlier releases."

Web-site Development

Linux App Writer Wows Skeptics (Wired). Wired examines IBM's SashXB web scripting language. "Some experienced Linux developers say they weren't impressed with the idea of SashXB at first, thinking that working with relatively simple languages such as HTML and JavaScript would limit them and their projects. But the majority of those who finally used SashXB are excited by its promise. " IBM has released the source code for SashXB under the LGPL license. Also see IBM's SashXB homepage and this article on the Gnotices site.

mnoGoSearch-php-3.2.0.beta3 released. A new beta version of the 3.2 branch of the mnoGoSearch web search engine software is available. New features include an Alias command, an improved make script, and an updated search template. The ChangeLog file has all of the release information.

Zope Members' News. This week's Zope Members' News items include an announcement for MailBoxer 1.2beta, SiteBoiler 0.1, ZFireBirdDA 0.0.2, and talk of the Zope BBQ Europe.

Tips for Building Web Database Applications with PHP and MySQL (O'Reilly). Hugh E. Williams gives some tips on building web database applications. "As a backend database management system, MySQL is the perfect partner for PHP. It has a well-deserved reputation for speed in the Web environment, where the commonest class of queries are simple SELECT queries that read from a database."

Documentation

The Linux Documentation Project gets a new domain. The latest Linux Documentation Project Weekly News includes a note that the LDP site has moved to www.tldp.org. There were evidently "some difficulties with the linuxdoc.org domain name." The old address still works for now, but updating of bookmarks and links would appear to be in order.


April 11, 2002


Application Links
GIMP
Mozilla
Galeon
High Availability
ht://Dig
mnoGoSearch
MagicPoint
Wine
Worldforge
Zope

Open Source Code Collections
Berlios
Freshmeat
OpenSourceDirectory
Savannah
Le Serveur Libre
SourceForge
Sweetcode

   

 

Desktop Development


Audio Applications

AlsaPlayer version 0.99.59 released. A new version of the AlsaPlayer audio PCM file player has been released. This version adds a number of locking fixes and includes new song information on the playlist.

WaveSurfer 1.3.1 released. Version 1.3.1 of the WaveSurfer multi-platform sound visualization and manipulation tool is available. The changes include new documentation tools, updated documentation, and bug fixes.

Web Browsers

Mozilla 1.0 RC1 coming soon. The Mozilla hope page says that the first release candidate for Mozilla 1.0 is coming soon. A development roadmap shows where the project is headed.

Desktop Environments

KDE 3.0: A New Era In Desktop Choice. KDE.News has posted the announcement for the release of KDE 3.0. "Every advance opens the door to a group of new adopters, and KDE 3 is set to tear the doors asunder."

KDE.de App of the Month: KView (KDE.News). KDE.News reports on the KDE.de Application of the Month, the KView image viewer. (In German)

People Behind KDE: Takumi Asaki. In this week's episode of The People Behind KDE, we travel to Osaka, Japan for a beer with Takumi Asaki. "I'm one of KDE users. I check the Japanese support for other bugs, and report them. Sometimes I write a patch if I can."

Graphics

Crystal Space 0.94r001 Released. Version 0.94r001 of the Crystal Space 3D engine has been released with lots of new features.

Office Applications

AbiWord Weekly News #86. Issue #86 of the AbiWord Weekly News covers the soon to be released version 0.99.5. The news site has been reworked to improve the handling of bugs.

Kernel Cousin GNUe #23. Issue #23 of Kernel Cousin GNUe is out with the latest GNU Enterprise developments.

Miscellaneous

Announcing Ganymede 1.0.10. Version 1.0.10 of the Ganymede metadirectory system has been released. "Lots of minor feature additions, lots of small bug fixes, and a good bit of code maintainability changes that we have put together over the last four months for this release." See the CHANGES file for the a detailed list.

 
Desktop Environments
GNOME
GNUstep
KDE
XFce
XFree86

Window Managers
Afterstep
Enlightenment
FVMW2
IceWM
Sawfish
WindowMaker

Widget Sets
GTK+
Qt
   

 

Programming Languages


Caml

The Caml Hump. The latest adds on the Caml Hump include Stew, the OCamlGD GD graphics library interface, mtlib for mutable lists and binary trees, Lablgtk hump for dealing with LablGtk and LablGL, Cryptokit, and more.

Haskell

Glasgow Haskell Compiler 5.02.3 released. Version 5.02.3 of the Glasgow Haskell Compiler (GHC) has been released. New features include compatibility with gcc 3.x and newer glibc releases, and lots of bug fixes. (Thanks to Jens Petersen.)

Java

Create native, cross-platform GUI applications (IBM developerWorks). Kirk Vogen explains how to use the Java Standard Widget Toolkit. "The Java language has flourished in the server-side and applet spaces, but when it comes to end-user applications, it isn't usually a player. But it doesn't have to be this way. Using Linux, the GNU Compiler for Java, and the Standard Widget Toolkit, you can create fast, native GUI applications programmed in the Java language."

Lisp

New Lisp Software. The latest new Lisp software entries include version 0.2.0 of the ICanCAD electronic CAD editor for integrated circuit design, and the Meta-CVS layer on top of the popular CVS version control utility.

The first issue of The Lisp Magazine has also been announced.

Perl

SOAP::Lite servers are in danger (use Perl). use Perl points out a nasty security vulnerability in SOAP::Lite servers. "This is a big one, and relates to how SOAP::Lite dispatches method calls at runtime, and how Perl executes dynamic method calls. The very best thing you can do is take down your SOAP servers until an update is available."

Stem 0.06 released. Version 0.06 of the Stem general-purpose networking toolkit for Perl has been released. This version has been released under the GPL license and includes a new installation script, more documentation, rewritten modules, and bug fixes. See the April, 2002 edition of the Stem News for all of the details.

PHP

PHP Weekly Summary for April 8, 2002. The April 8, 2002 PHP Weekly Summary looks at a proposal to make mbstring the default, Apache 2 compatibility issues for PHP, dealing with output compression level, and features an examination of Aggregate and Overload.

Pike

Pike: A Language with Teeth (Linux Journal). Linux Journal introduces Pike, a scripting language with roots in C++. "Why should you use Pike? Its powerful C++-like syntax and multiple packages are a plus, as is its speed. It's a strong web-scripting language and treats sockets like files, allowing beginners to talk to mail servers and other services with a minimal fuss."

Pascal

Writing GTK+ Programs with the Free Pascal Compiler (Linux Journal). Linux Journal shows how to use GTK+ with the Free Pascal Compiler. "Being a fan of Delphi/Pascal for Windows programming, I have been curious about the Free Pascal project for quite some time. Free Pascal is an object-oriented compiled language that has been in development since 1993. I've also been interested in writing GUI applications for Linux, which recently prompted me to give Free Pascal a try. This article will briefly explain, based on my (limited) experience, how to write graphical applications using the GIMP Took Kit (GTK+) and the Free Pascal compiler on Linux."

Python

Dr. Dobb's Python-URL!. The weekly Python-URL! for April 9 is available, with links and news of interest to the Python community.

Python 2.2.1 released. Python 2.2.1 has been released. "This being a bugfix release, there are no exciting new features -- we just fixed a lot of bugs." A bug that affects Zope has been fixed in this release.

Python Options (O'Reilly). Stephen Figgins talks about the handling of command line options in Python. "Parsing and handling options is so simple that when Greg Ward announced Optik, a command-line parsing library, I asked him why he would even bother. He replied, 'The problem is not that it's difficult per se, but that it's too easy -- any idiot can code a loop over sys.argv.'"

The Daily Python-URL. This week's entries on the Daily Python-URL include the Python Computer Graphics Kit, the JpGraph PHP graphing utility, Python 2.1.3, SLiP, the CAGE cellular automaton engine, SVGdraw, and more.

Ruby

The Ruby Garden. This week's Ruby Garden looks at several implicit return issues, endian-ness, LDAP & SSO, the Struct class, and more.

The Ruby Weekly News has announcements for the Eclipse Ruby Development Tool, Devel::Logger/1.0.0, and a new Ruby book.

Smalltalk

Swazoo, a Smalltalk Web Zoo. An new version of the "Open Source, vendor agnostic, dialect neutral web application framework for Smalltalk", known as Swazoo has been announced. New features include SSL support, support for multihomed hosts, better portability, and more.

Tcl/Tk

Dr. Dobb's Tcl-URL!. The Dr. Dobb's Tcl-URL! for April 3, 2002 is out with lots of April Fool's Day material as well as more serious Tcl material.

XML

Apache SOAP type mapping, Part 2: A serialization cookbook (IBM developerWorks). Gavin Bong continues his IBM developerWorks series on Apache/SOAP. "SOAP specifies an encoding to represent common types found in databases, programming languages (for example, Java programming language), and data repositories. Apache SOAP's toolkit supports encoding by supplying a base set of (de)serializers; classes that do the grunt work of mapping Java types to serialized XML representations."

Integrated Development Environments

GNUstep Weekly Editorial. The April 5, 2002 GNUstep Weekly Editorial covers the new gslib implementation for gnustep-back, as well as other project developments.

Miscellaneous

Server clinic: Expect exceeds expectations (IBM developerWorks). Cameron Laird writes about Expect on IBM's developerWorks. "Cameron Laird opens his new monthly column with an overview of the popular Expect tool, a language capable of far more than most programmers and administrators realize. Expect is so apt for the general-purpose work needed to keep servers healthy, in fact, that it can serve as your one (almost) universal programming language."

SQL Console 1.3 for Jext. Another new version of SQL Console for the Jext programmer's editor is available and features a new sortable table view.

Section Editor: Forrest Cook

 
Language Links
Caml
Caml Hump
Tiny COBOL
Erlang
g95 Fortran
Gnu Compiler Collection (GCC)
Gnu Compiler for the Java Language (GCJ)
Guile
Haskell
IBM Java Zone
Jython
Free the X3J Thirteen (Lisp)
Use Perl
O'Reilly's perl.com
Dr. Dobbs' Perl
PHP
PHP Weekly Summary
Daily Python-URL
Python.org
Python.faqts
Python Eggs
Ruby
Ruby Garden
MIT Scheme
Schemers
Squeak
Smalltalk
Why Smalltalk
Tcl Developer Xchange
Tcl-tk.net
O'Reilly's XML.com
Regular Expressions
   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Letters

See also: last week's Commerce page.

Linux and Business


EFF Broadcast Protection Discussion Group weblog. The Electronic Frontier Foundation calls attention to a "mini-SSSCA" -- a narrow government mandate sought by electronics and computer industries as an alternative to the broad mandate in the SSSCA/CBDTPA. "It's still a mandate, and it's still bad for free software. It would mean, in practice, that free software couldn't be used to receive or display digital television broadcasts."

Concurrent Introduces iHawk Real-Time Linux Multiprocessor Systems. Concurrent Computer Corporation introduced the iHawk(TM) Series 860 high-performance Intel-based multiprocessors running the Linux(R) operating system. The new iHawk systems are powered by from one to eight Intel Pentium(R) Xeon(TM) processors, each running Concurrent's RedHawk(TM) Linux real-time operating system.

Concurrent also announced its NightStar(TM) real-time software development tools for the iHawk.

'Jython Essentials' from O'Reilly. O'Reilly has announced the release of Jython Essentials, a book about the Python implementation written in Java, by Noel Rappin and Samuele Pedroni. The first chapter is available online.

Linux Stock Index for April 05 to April 10, 2002.
LSI at closing on April 05, 2002 ... 24.06
LSI at closing on April 10, 2002 ... 23.48

The high for the week was 24.06
The low for the week was 23.14

Press Releases: