[LWN Logo]

Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise news for all interests

 Main page
 Linux in the news

Other LWN stuff:
 Daily Updates
 Linux Stocks Page
 Book reviews
 Penguin Gallery

 Use LWN headlines
 Advertise here
 Contact us

Recent features:
- RMS Interview
- 2001 Timeline
- O'Reilly Open Source Conference
- OLS 2001
- Gaël Duval
- Kernel Summit
- Singapore Linux Conference
- djbdns

Here is the permanent site for this page.

See also: last week's LWN.

Leading items and editorials

The free software community and proprietary packages. The BitKeeper tool is being used by an increasing number of kernel developers to manage patches and the patch process in general. BitKeeper, of course, is not free software, and, as a result, a number of kernel developers have chosen not to use it. For the most part, the use of BitKeeper has not been a big problem; no kernel developer has been forced to use it to get patches into the code. The discussion of Linus's choice to go with BitKeeper has thus been somewhat more muted than one might have expected.

Until now, that is. Daniel Phillips opened a massive can of worms with this patch which removes Jeff Garzik's "Doing the BK Thing, Penguin-Style" document from the kernel source. Says Daniel in a separate posting:

I am against carrying what *appears* to be a big advertisement for Bitkeeper itself in the Linux source tree. This I see as akin to putting up a commercial billboard in a public park. Would you be comfortable with that?

The response to this patch has been mostly negative, and Linus has stated that it will not be applied. This discussion has the appearance of just another license war, but, since it reveals things about how the free software community sees proprietary programs, it's worth a look.

There seem to be two main camps in the free software realm. The first sees free software as something that is fun, useful, and preferable whenever possible. This group is far more interested in getting the job done than worrying about the pedigree of its tools. Linus Torvalds, a highly visible member of this group, expressed it this way:

Quite frankly, I don't _want_ people using Linux for ideological reasons. I think ideology sucks. This world would be a much better place if people had less ideology, and a whole lot more "I do this because it's FUN and because others might find it useful, not because I got religion".

Would I prefer to use a tool that didn't have any restrictions on it for kernel maintenance? Yes. But since no such tool exists, and since I'm personally not very interested in writing one, _and_ since I don't have any hangups about using the right tool for the job, I use BitKeeper.

The other point of view sees proprietary software as an evil to be avoided at all costs. Even discussion of proprietary software is to be avoided; Richard Stallman refused to answer a question for our recent interview until the name of a proprietary product was removed. Those holding this point of view are deeply bothered by the use of BitKeeper in kernel development, seeing it as a betrayal of the principles embodied in free software. The presence of a document that seemingly encourages the use of BitKeeper in the kernel source - even though the document itself is licensed under the GPL - is seen as counterproductive and even offensive.

Free software developers usually get along well, regardless of the degree of "ideology" in their world views. They are, after all, working toward the same goal, and share an interest in the code. Occasionally, however, the differences of opinion come out, and the resulting discussions can be fierce. These debates may not change many opinions, but they do at least keep everybody aware of the different views being held within our community.

(See also: Alexander Viro's classic view of the situation, which sees three distinct groups instead of two; and this week's LWN Kernel Page, which looks at the other half of the BitKeeper discussion).

AbiWord 1.0 is out - though you have to look for it. Gnotices broke the news that the long-awaited 1.0 release of the AbiWord word processor had hit the net. The folks at SourceGear are a little more restrained; as of this writing, the AbiSource web site still claims that the current version is 0.99.5. The 1.0 release can be found, though, on SourceForge, in Debian unstable, and numerous other places. Release notes still have not been posted; word is they are on the way.

We gave the 1.0 release a quick spin in our state-of-the-art testing laboratories. AbiWord has evolved into a highly capable word processor with an extensive set of features. For a great many uses it should be more than adequate. Importing of proprietary document formats has been much improved, making AbiWord a useful tool for reading obfuscated documents sent by others.

AbiWord is also very quick to start up and present a window for editing - a nice feature for those of us who get tired of having multiple kernel releases come out while we are waiting for our office suites to launch.

The most obvious omission in AbiWord 1.0 is support for tables. There is no way to create tables, and documents which contain tables are not rendered well. It would also be nice if AbiWord could integrate with other GNOME-based office software, Gnumeric, for example. The AbiWord hackers are no doubt working on these issues; until they get resolved, AbiWord will still fall short of users' needs at least some of the time. It is, nonetheless, an impressive milestone for a free software project which has come a long way over the last few years.

Meanwhile, stay tuned for the OpenOffice 1.0 release, which is likely to happen before the end of the month.

Inside this LWN.net weekly edition:

  • Security: CASPER project; Fragroute and snort; OpenSSH vulnerability; Nesus 1.2.0
  • Kernel: Interrupt balancing; USB "gadgets"; block I/O splitting; more BitKeeper stuff.
  • Distributions: Goodbye Best Linux, welcome back Sot Linux; What happened to RunOnCD?
  • Development: Twisted event based framework, Mailman 2.0.10, Omni on Foomatic, mod_python 2.7.8, two new Zopes, Mozilla 1.0 rc 1, Galeon 1.2.1, Abiword 1.0, LISA 1.2, PHP 4.2.0.
  • Commerce: Jack Valenti's Congressional testimony; Petition supporting free software in Italian government.
  • Letters: Developer conferences; Trouble with Jesux.
...plus the usual array of reports, updates, and announcements.

This Week's LWN was brought to you by:

April 25, 2002


 Main page
 Linux in the news

See also: last week's Security page.


News and Editorials

The Commonly Accepted Security Practices and Recommendations (CASPR) project. Rob Slade announced his acceptance as the leader of the CASPR Anti-virus Management and Protection discussion group. The group's goal is to document commonly accepted practices and recommendations for anti-virus management and protection.

CASPR is an ambitious project to "document the information security common body of knowledge (CBK) through a series of Commonly Accepted Security Practices and Recommendations." CASPR grew out of Thomas Akin's thinking about how to use the Open Source development model to create a set of recommended practice documents.

Since CASPR was founded in April, 2001, it has attracted contributions from over 450 volunteer Information Security experts. They are looking for group leaders and contributors to prepare papers on a variety of security topics roughly grouped under a dozen CBK domains. Interested readers are encouraged to find out more about volunteering.

Sun appoints Whitfield Diffie as Chief Security Officer. Sun has announced the appointment of Whitfield Diffie as the company's new "Chief Security Officer." Mr. Diffie has been active in cryptography rights for years, and is the inventor of public key encryption. His appointment can be seen as a sign that Sun, perhaps, is getting serious about security issues.

Honeynet looks to sting hackers (Network World Fusion). Network World Fusion News reports on the The Honeynet Project. "A group of 30 computer security researchers who set up inexpensive "fake" networks to observe how hackers behave as they break into them are finding out about new software vulnerabilities and warning the public."

New tool helps hackers evade detection (News.com). News.com covers a program called Fragroute, which can be used to test a network's vulnerabilities. "Some security aficionados posting to the Bugtraq list concentrated on Snort as a program vulnerable to the Fragroute program, but [Dug] Song waved off the implied criticism on the open-source program in his posting. 'Snort, I'd wager, does much better than most,' he wrote, adding that many other proprietary programs are also vulnerable."

Snort 1.7 Named a 2002 Finalist by Network Computing for Well-Connected Award. Sourcefire, Inc. announced that that Snort 1.7 has been awarded finalist status by Network Computing for a 2002 Well-Connected Award in the category of Intrusion Detection Systems. "Snort 1.7 is an open source network IDS that was chosen for its innovative ability to detect a variety of Internet attacks and probes and perform real-time traffic analysis and packet logging on IP networks."

Security Reports

Another OpenSSH vulnerability. An advisory has gone out for another vulnerability in OpenSSH. It could be remotely exploitable, but only under a set of relatively rare conditions: "A buffer overflow exists in OpenSSH's sshd if sshd has been compiled with Kerberos/AFS support and KerberosTgtPassing or AFSTokenPassing has been enabled in the sshd_config file."

Gentoo Linux Security update - exim. Gentoo Linux has released an update for exim. This fixes a security vulnerability that was found which might allow a local attacker to gain elevated priveleges. This affects Gentoo's exim-3.34-r1 and prior packages.

MHonArc script filtering bypass vulnerability. MHonArc v2.5.3 has been released; this release fixes a vulnerability which could allow some HTML tags to be placed in the archive unfiltered. MHonArc is a mail-to-HTML converter which "provides HTML mail archiving with index, mail thread linking, etc; plus other capabilities including support for MIME and powerful user customization features."

A denial of service vulnerabilty in Mosix 1.5.x was reported. MosiX is an cluster-environment for Linux. The clumpOS-Mosix client cd is also vulnerable, "the clumpOS-Mosix Node has also no vnc password set so anyone in the cluster-network can gain root-access to the affected node. this issue will be fixed in the next clumpOS Version."

web scripts. The following web scripts were reported to contain vulnerabilities:

Proprietary products. The following proprietary products were reported to contain vulnerabilities:


rsync supplementary groups vulnerability. Ethan Benson reported that rsyncd fails to remove supplementary groups (such as root) from the server process after changing to the specified unprivileged uid and gid. "This seems only serious if rsync is called using "rsync --daemon" from the command line where it will inherit the group of the user starting the server (usually root)." (First LWN report:  March 14th, 2002).

This week's updates:

Previous updates:

Webalizer DNS server based attach vulnerability. The cause is a buffer overflow bug. This one sounds nasty. If reverse DNS lookups are enabled in webalizer, "an attacker with control over the victims DNS may spoof responses thus triggering a buffer overflow, potentially leading to a root compromise." Webalizer 2.01-10 "fixes this and a few other buglets that have been discovered in the last month or so". (First LWN report:  April 18th, 2002).

This week's updates:

Previous updates:


Nessus 1.2.0 has been released. "Nessus is a remote security scanner which has been developed since 1998. It is free, open-sourced (GPLed) and updated very regularly (and currently performs over 900 security checks)."

Linux security week. The and publications from LinuxSecurity.com are available.

Frédéric Raynal's article on "Howto exploit a remote format bug automatically" was posted by the author to Bugtraq. The article was written "for a French magazine (MISC #2) which main topic is security."

Remote Timing Techniques over TCP/IP is the topic of this paper by Mauro Lacy. The paper "describes remote timing techniques based on TCP/IP intrinsic operation and options."


Upcoming Security Events.

Foundstone Executives Conduct All Day Security Seminar At Networld+Interop. George Kurtz, Foundstone CEO and co-author of "Hacking Linux Exposed" and Stuart McClure, Foundstone President and CTO and lead author of "Hacking Exposed: Network Security Secrets and Solutions" will conduct the session "Hacking Exposed, Live!" on May 6, at Networld+Interop in Las Vegas, Nevada.

HiverCon 2002 call for papers. . The 6th of September is the proposal deadline. HiverCon 2002 will be held 26th-27th November, 2002 at the Hilton Hotel, Dublin, Ireland. "Created to fill the gap of deep knowledge computer security conferences. Aimed at the security concious programmer, admin and consultant, HiverCON avoids introductionary talks to focus on advanced and prominent security topics."

SummerCon 2002 is looking for speakers. The Conference will be held on May 31 and June 1 at the Renaissance Hotel Washington D.C. "Summercon is the oldest and one of the most storied of the computer security conferences. No doubt more history will be made this year. Details about the conference will be posted to the website http://www.summercon.org/ in two weeks."

SEcurity of Communications on the Internet 2002 (SECI'02) has extended the deadline for submitting papers to May 5th. The conference will be held Setpember 19-21, 2002 in Tunis, Tunisia.

Date Event Location
April 25, 2002Infosecurity Europe 2002Olympia, London, UK
May 1 - 3, 2002cansecwest/core02Vancouver, Canada
May 4 - 5, 2002DallasConDallas, TX., USA
May 9, 2002Stanford's Center for Internet and Society Conference on Computer Security Vulnerability Disclosure(Stanford Law School)Stanford, CA, USA
May 12 - 15, 20022002 IEEE Symposium on Security and Privacy(The Claremont Resort)Oakland, California, USA
May 13 - 14, 20023rd International Common Criteria Conference(ICCC)Ottawa, Ont., Canada
May 13 - 17, 200214th Annual Canadian Information Technology Security Symposium(CITSS)(Ottawa Congress Centre)Ottawa, Ontario, Canada
May 27 - 31, 20023rd International SANE Conference(SANE 2002)Maastricht, The Netherlands
May 29 - 30, 2002RSA Conference 2002 Japan(Akasaka Prince Hotel)Tokyo, Japan
May 31 - June 1, 2002SummerCon 2002(Renaissance Hotel)Washington D.C., USA
June 17 - 19, 2002NetSec 2002San Fransisco, California, USA
June 24 - 28, 200214th Annual Computer Security Incident Handling Conference(Hilton Waikoloa Village)Hawaii
June 24 - 26, 200215th IEEE Computer Security Foundations Workshop(Keltic Lodge, Cape Breton)Nova Scotia, Canada

For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net.

Section Editor: Dennis Tenney

April 25, 2002

LWN Resources

Secured Distributions:
Astaro Security
Engarde Secure Linux
Kaladix Linux
NSA Security Enhanced
Openwall GNU/Linux

Security Projects
Linux Security Audit Project
Linux Security Module

Security List Archives
Bugtraq Archive
Firewall Wizards Archive
ISN Archive

Distribution-specific links
Caldera Advisories
Conectiva Updates
Debian Alerts
Kondara Advisories
Esware Alerts
LinuxPPC Security Updates
Mandrake Updates
Red Hat Errata
SuSE Announcements
Yellow Dog Errata

BSD-specific links

Security mailing lists
Linux From Scratch
Red Hat
Yellow Dog

Security Software Archives
ZedZ.net (formerly replay.com)

Miscellaneous Resources
Comp Sec News Daily
Security Focus


 Main page
 Linux in the news

See also: last week's Kernel page.

Kernel development

The current development kernel is 2.5.10, which was released on April 24. As per Linus's new style of operation (see below), this patch is relatively small, and was not preceded by any prepatches. It consists mostly of driver updates and a couple of fixes for 2.5.9 problems.

2.5.9, also released without prepatches, contained quite a few architecture updates, ongoing USB work, the usual IDE and VFS updates, and a new interrupt balancing scheme.

The current prepatch from Dave Jones is 2.5.9-dj1; it adds more fixes and a SCSI subsystem change that is likely to break a number of drivers.

The current stable kernel release is 2.4.18. Marcelo has released no 2.4.19 prepatches in the last week.

Alan Cox's latest prepatch is 2.4.19-pre7-ac2, which contains a bunch of I2O work and numerous fixes.

There will be a kernel developers' summit held in Ottawa, just before the Ottawa Linux Symposium. Like last year's event, this summit will be an invitation-only affair. No agenda has yet been released.

Smarter interrupt balancing is now part of the 2.5 kernel - at least, for the x86 architecture. Modern interrupt controllers have long had the ability to direct interrupts to specific processors on SMP systems. Thus far, Linux has made relatively little use of that capability. 2.5.9, however, included a small patch by Ingo Molnar which changes things.

At most once every "jiffy" (1/100 of a second on the x86), the interrupt management code will attempt to balance each interrupt that it handles. This code will now select a target processor by scanning in a random direction for a CPU that is "idle enough" - one which has been idle for at least one clock cycle. In the absence of an idle processor, the code will most likely not change the processor handling the interrupt.

The changes make sense. In general, it is better to have the same processor deal with any specific interrupt, in order to take advantage of data in the processor cache. But, as the scheduler gets better at keeping processes from moving between processors (again, for cache reasons), it is a good idea to direct other work away from busy processors. The performance benefits from balancing interrupts in this manner are probably not huge, but every bit helps.

What do you call a USB "device" - a computer (such as a PDA) which attaches to a USB bus as a device, rather than as a host computer? The standards use the term "device," but, as discussed here over the last few weeks, Linus (along with others) is not comfortable with that term. A USB "device driver" is commonly understood to be something that runs on a host computer, after all.

Terms like "target," "slave," and "client" have been thrown around. The leading contender now, however, may well be "gadget." It may seem relatively non-technical, but it gets the idea across. Don't be surprised if the kernel acquires a set of gadget drivers in the near future.

On the proper splitting of block I/O operations. The 2.5 development series has seen a great deal of work on the block I/O subsystem. One of the goals of that work has been to address a performance problem found in 2.4 (and prior) kernels: all block I/O transfers were split into very small blocks. An application (or filesystem) may write large chunks of data, but the block I/O code would split those large transfers into single blocks before passing the request (now multiple requests) on to the driver. The driver can join those chunks back together, but the "lots of small blocks" nature of the 2.4 block subsystem remains a drag on performance.

So one of the first things that was done in 2.5 was to increase the smartness of the block code, having it pass large requests through to the low-level drivers intact. It turns out, however, that this approach is not entirely without its problems either.

Consider the challenge faced by the EVMS project, which is building a fancy volume management scheme. An EVMS volume looks like a disk, and can receive large requests from the block I/O layer. Internally, however, that request may have to be handled with operations involving multiple drives. Thus, the lower layers may have to split up the I/O requests that the upper layers have so carefully kept intact.

The EVMS folks have run into some practical difficulties in handling this splitting. There are, in fact, some serious traps to avoid in performing this sort of operation. Splitting a block I/O request can require memory - but what happens when the system is out of memory, and the I/O request was generated in order to free pages? That sort of scenario can lead to deadlocks, grumpy users, and further declines in Linux stock prices.

So how does one deal with requests that need splitting? A few possibilities have been raised:

  • Keep aside a private pool of memory for the splitting of block I/O requests. EVMS has an implementation of a private pool which works now, but this approach is seen as a wasteful duplication of code. It can also be hard to guarantee that sufficient memory will be available when it is needed.

  • Have each device (physical or virtual) record a maximum I/O size that it can handle. This maximum could be set to the largest size which does not require splitting of requests, and the problem goes away. The new problem, of course, is that this approach looks much like the 2.4 scheme that Jens Axboe and others worked so hard to eliminate.

  • Provide a callback into the low-level drivers whereby the block I/O layer could ask how large each request should be. Given information about which blocks are to be transferred, the low-level driver could calculate exactly how large the request could be before it would have to be split. This technique would produce optimal request sizes, but at a cost of increasing the amount of computation for every block I/O operation. This cost would be a complete loss most of the time, since most block devices do not have variable maximum request sizes.

No generally-accepted solution has emerged as of this writing.

The rest of the BitKeeper story. This week's Front Page looks at the latest BitKeeper debate as a disagreement over BitKeeper's non-free license. It turns out, though, that licensing is not the full story; there is some concern about how patches are getting into the mainline tree, and how BitKeeper may be affecting the development process.

Consider another posting from Daniel Phillips:

Those who now chose to carry out their development using the patch+email method, and prefer to submit everything for discussion on lkml before it gets included are now largely out of the loop. Things just seem to *appear* in the tree now, without much fanfare. That's my impression.

Rather than Linux development becoming more open, as I'd hoped with the advent of Bitkeeper, it seems to be turning more in the direction of becoming a closed club.

Daniel's fear, thus, is that BitKeeper is helping to reduce the openness of kernel development by providing a sort of back channel through which many patches now pass. Not everybody agrees with that assessment, naturally. Linus, for example, states: "I'm not getting changes from any new magical BK 'men in black'."

Linus goes on to recognize, however, that at least some people feel put off by the new process. One idea that he has come up with is to have BitKeeper generate daily development kernel releases so that everybody could easily track what has been merged. That has not happened yet, but Linus has decided to do away with the -pre prepatches for development kernels, and to make regular releases more frequently. Thus, 2.5.9 and 2.5.10 came out relatively quickly, and without prepatches. If Linus sticks with this approach, kernel development will look more like it did back in the early days.

(Meanwhile, regular dumps of patches from BitKeeper are being posted by both David Woodhouse and Rik van Riel. Larry McVoy has posted statistics on 2.5 changes in BitKeeper by developer and by directory.)

Other patches and updates released this week include:

Kernel hackers wanted:

Kernel trees:

Core kernel code:

Device drivers


Kernel building:



Section Editor: Jonathan Corbet

April 25, 2002

For other kernel news, see:

Other resources:


 Main page
 Linux in the news

See also: last week's Distributions page.


Please note that security updates from the various distributions are covered in the security section.

News and Editorials

Goodbye Best Linux, welcome back Sot Linux. The well-known Finnish distribution Best Linux has announced a name change. Changing the name back to good old SOT Linux is now possible, as Sweden is no longer our primary market focus. Several years ago we were obliged to change the name from SOT Linux, because the word "sot" means "disease" or "soot" in Swedish, neither of which were considered desirable by our marketing department. To celebrate the return to a former identity, a new release of the SOT Linux Operating System has been announced. SOT Linux 2002 comes in Desktop and Server versions.

What happened to RunOnCD?. Joe Klemmer pointed out that the link for RunOnCD leads to a Korean error page. He also pointed out http://www.easylinux.co.kr/ that says it's the home of RunOnCD. We couldn't find any code, or even an ISO image to download though. There is a link to http://www.netian.com/~cgchoi/ where one might expect to find downloads, and there are instructions in English that start with, "If you get the images..." ...

Everything else is in Korean, a language not known to any LWN editors. So if anyone knows what happened to RunOnCD, please let us know.

New Distributions

LinEx distribution. The Extremadura Regional Government in Spain has developed the LinEx GNU/Linux distribution, which is based on Debian and Gnome. "LinEx forms part of a wider regional project which aims at promoting the Information Society in order to improve citizens' quality of life." (Thanks to Fred Mobach.)

Boot Everywhere Linux. bootE Linux is yet another minimalist Linux distribution. bootE is pronounced boot-ee and the E could mean Everywhere or Emergency - no one really knows for sure. bootE is an i386 Linux distribution and is contained on a single floppy disk. It supports only single user mode, and is intended as a repair/rescue/emergency distribution. Initial version 0.10 was released April 18, 2002.

ELJOnline: Brian Writes about His BOEL. Brian Elliott Finley writes about BOEL (Brian's Own Embedded Linux), a single floppy distribution based on tomsrtbt. "One of my initial requirements for BOEL was that it had to fit on a single floppy. I wanted to be able to boot a virgin machine from a floppy diskette and have it come up to a point where it could communicate with the network and access its hard disk(s). From that point, I figured I could pull over any scripts or tools necessary that didn't fit on the floppy itself."

Probatus released Probatus Spectra Linux operating system. Probatus Oy released the Probatus Spectra Linux operating system. Designed for workstation and server use, the Finnish made Probatus Spectra Linux comes with lots of extras, including the Probatus Spectra SDK application development environment, which supports all most common operating systems.

Distribution News

Beehive Linux. Beehive Linux has released Beehive Linux 0.5.0 (Money Shot). "Almost everything has been updated to recent versions."

Conectiva Linux. Conectiva Linux has announced (in Portuguese) the release of Conectiva 8.0. An English translation of the announcement is available via Babelfish.

Debian Weekly News. The Debian Weekly News for April 17 is out. It looks at Woody CDs, rsync and Debian, Debian over OpenBSD, KDE3, OpenOffice, and, almost as an afterthought, the Debian Project Leader election results.

Message from the new Debian project leader. The new Debian project leader Bdale Garbee has sent out an introductory announcement. "This is the first of what I hope will be a fairly regular series of messages from me in my capacity as Debian Project Leader. I intend to tackle various topics that I think deserve your attention as we move along the path towards our vision for Debian's future... but right now, I don't want to distract anyone from the effort to get woody released!"

GNU-Darwin supports AMD. GNU-Darwin now supports AMD-based computers in addition to Apple and Intel boxen, and Darwin installer CD images are available for free.

Mandrake Linux Community Newsletter - Issue #39. The Mandrake Linux Community Newsletter for April 17, 2002 features an upcoming PPC Installfest in Boston, the Open Directory Project, and much more.

MandrakeSoft releases Mandrake Linux 8.2. MandrakeSoft has announced the release of Mandrake Linux version 8.2 in "retail pack" form. This version includes StarOffice 6.0 and lots more.

Mandrake Linux 8.2 for PPC. MandrakeSoft has announced the immediate availability of Mandrake Linux 8.2 PPC. It comes with Linux kernel 2.4.18; XFree86 4.2 for 3D acceleration with more graphics cards; glibc 2.2.4; KDE 2.2.2; GNOME 1.4.0; Window Maker 0.8; Apache 1.3.23; Evolution 1.01; Galeon 1.0.3; and Mozilla 0.9.8, just for starters.

Slackware. Things have been pretty quiet at Slackware this week. Either the Slackware 8.1 beta2 (released last week) is ready to become the official Slackware 8.1, or people just aren't testing it enough. In any case, the only change this week was a cvs upgrade.

Minor Distribution updates

Arch Linux. Arch Linux has released v0.2 with major feature enhancements.

Bifrost. Thanks to Tom Karlsson we have learned that embedded distribution Bifrost moved to a new URL. See http://bifrost.slu.se/ for the home page in Swedish, or http://bifrost.slu.se/index.en.html for the English version. The entry in our Distributions list has been updated as well.

Keeper Linux. There is a major new release of Keeper Linux. KLX-2.01 boots directly from CDROM with its root filesystem in ramdisk (no hard disk required). Keeper Linux was listed under Floppy-based distributions, but with this release we've moved it to the Special Purpose/Mini section of our list.

Lunar-Linux. Lunar-Linux has released a revised "Petro_e" ISO for download.

Distribution Reviews

Zee Germans and Zee Penguins: SuSE 8.0 beta 3 Review (Linux Journal). The Linux Journal reviews SuSE Linux 8.0 beta 3. "SuSE 8.0 is a great Linux distribution. It's easy to install, which has been a typical problem, has very sane defaults and provides a rich environment for those moving to Linux or upgrading to this version. While only a beta was evaluated here, it shows strong promise for really propelling Linux onto the desktop."

Section Editor: Rebecca Sobol

April 25, 2002

Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.

Distribution Lists:
LWN List
LDP English-language GNU/Linux distributions on CD-ROM
Woven Goods


 Main page
 Linux in the news

See also: last week's Development page.

Development projects

News and Editorials

The Twisted event-based framework

Twisted is an event-based framework that has been released a "loosely-affiliated group of hackers" known as Twisted Matrix Laboratories. Twisted is written in Python.

The Twisted framework serves as a base for writing network applications. It includes "a web server, a telnet server, a chat server, a news server, a generic client and server for remote object access, and APIs for creating new protocols and services. Twisted supports integration of the Tk, GTK+, Qt or wxPython event loop with its main event loop". Here is the official list of protocols that are currently supported by Twisted.

A number of applications are included with Twisted, Instance Messenger is a multi-protocol chat program, and Twisted Web is a web server that is integrated into the twisted framework. Twisted components are divided into the dot products and plugins sections. Many of the Twisted components appear to be under construction, a number of interesting utilities appear to be in the planning stage.

The twisted developers offer these reasons for using the Twisted framework.

Twisted version 0.17.4 has been announced. The latest features include NNTP support, persistent connections and pipelining for the web server, a Zope-inspired component architecture, bug fixes, and feature enhancements.

Twisted is licensed under the LGPL license, it may be downloaded here.

Embedded Systems

Embedded Linux Newsletter (LinuxDevices.com). Here's the LinuxDevices.com Embedded Linux Newsletter for April 18, with the usual collection of interesting stuff from the embedded Linux community.

Running Embedded Linux on SuperH (Linux Devices). Bhavana Nagendra writes about booting Linux on a Hitachi SuperH development board. "This article demonstrates running embedded Linux on the Hitachi SuperH target using Red Hat Linux and RedBoot as the boot loader. We discuss initial setup, related kernel details and copying the Linux kernel to Flash memory. We illustrate the appropriate use of JFFS2 and NFS filesystems and address some board-specific kernel issues with examples."


Hot and Fresh Technology for the Enterprise (O'Reilly). Antoine Quint delves into SVG progress on O'Reilly's XML.com. "This month I'm taking a break from flooding you with heaps of technical SVG tricks in order to reflect on how SVG has been progressing."


Gdk-pixbuf 0.17.0 is released. Version 0.17.0 of the Gdk-pixbuf library has been released. This version merges in a number of GTK+ 2.0 bug fixes.

Mail Software

Mailman 2.0.10 released. Version 2.0.10 of the Mailman mailing list manager has been released. This version includes a number of minor bug fixes.

Network Management

Network Management With OpenNMS (O'Reilly). Shane O'Donnell examines OpenNMS and network management on O'Reilly's OnLamp site. "Once everything is handily deployed, you suddenly find yourself thinking, 'Whew, that's a job well done.' But then it dawns on you: not only are you not done, but you are now stuck tending the monster you've just created. Dr. Frankenstein found himself in a similar situation at one point."

Printing Software

Foomatic adds support for Omni. According to LinuxPrinting.org, the Foomatic printer database now includes support for IBM's Omni printer driver. "OMNI does not reach the output quality of GIMP-Print, but it gives support to many printers which were not explicitly supported before, especially for dot-matrix printers, but also many inkjets and lasers."

ESP Ghostscript 7.05.1. A new version of ESP Ghostscript has been released. ESP Ghostscript is a patched version of GNU Ghostscript 7.05 that supports a number of non-PostScript printers.

Omni printer driver version 0.6.1. A new version of IBM's Omni printer driver software is available. The Changelog file mentions beta support for CUPS, the new tools OmniDevices and OmniDeviceOptions, libxml2 support, and more.


Debian-Med: Project Status (LinuxMedNews). LinuxMedNews is carrying the latest project status for Debian-Med. News includes a German translation of the project's web site, and more.

Web-site Development

mod_python version 2.7.8 released. Version 2.7.8 of mod_python is available. This release fixes a 404 bug that was introduced in version 2.7.7. (Thanks to Giorgio Zoppi.)

Quixote 0.4.7 released. Version 0.4.7 of the Quixote Python-based web application framework has been released. New features include the addition of some testing code and a bug fix, among other things. See the CHANGES file for the details.

A couple of Zope releases. Zope Corporation has announced the release of Zope 2.4.4 (the stable branch) and Zope 2.5.1 (development). This version adds a fix for the DTML crashing bug as well as a number of other bug fixes. Note that both releases require Python 2.1.3. The folks at Zope Corp. have also let it slip that they have a couple of positions open.

Zope Newbies. The Zope Newbies site mentions the availability of a new Zope Magazine and two new Zope books.

Webalyzer 2.01-10 released. Version 2.01-10 of the Webalyzer web log analyzer has been released. This release fixes a number of bugs.

Building an Open Source J2EE Weblogger (O'Reilly). David Johnson writes about an open-source Weblogger application on O'Reilly's OnJava site. "In this article, I will introduce you to some of the most useful open source Java development tools by showing you how I used these tools to develop a complete database-driven Web application called Roller."

Apache and SSL (O'Reilly). Paul Weinstein covers Apache and SSL integration on O'Reilly. "Secure Sockets Layer (SSL), developed by Netscape Communications, and Transport Layer Security (TLS), the open-standard replacement for SSL from the Internet Engineering Task Force, are the two protocols that add encryption and authentication to TCP/IP. This article summarizes the basic concepts of how the two protocols work and how Apache implements these protocols so that one can transmit information securely over HTTP."

XSP, Taglibs and Pipelines (Perl.com). Barrie Slaymaker looks at XSP on Perl.com. "In the first article in this series, we saw how to install, configure and test AxKit, and we took a look at a simple processing pipeline. In this article, we will see how to write a simple 10-line XSP taglib and use it in a pipeline along with XSLT to build dynamic pages in such a way that gets the systems architects and coders out of the content maintenance business. Along the way, we'll discuss the pipeline processing model that makes AxKit so powerful."


Linux Documentation Project Weekly News. The LDPWN for April 23, 2002 is available. A new Managing Accurate Date and Time HOWTO is available.


Porting MFC applications to Linux (IBM developerWorks). Markus Neifer shows how to port Windows applications to Linux on IBM's developerWorks. "Porting Windows applications to Linux doesn't have to involve a retraining nightmare. Markus Neifer shows how to port MFC using wxWindows, giving a user's guide to this open source GUI toolkit and providing a complete, step-by-step porting example."

April 25, 2002

Application Links
High Availability

Open Source Code Collections
Le Serveur Libre



Desktop Development

Web Browsers

Mozilla 1.0 rc 1. Release Candidate 1 for Mozilla version 1.0 has been announced. The developers are looking for testing and feedback. The release notes detail a long list of changes. Also, you can read about the new release on MozillaZine.

Galeon 1.2.1 released. Version 1.2.1 of the minimalist Galeon browser has been released. This version adds compatibility with Mozilla 1.0 rc 1, autoscroll, print preview capabilities, and bug fixes.

Opera 6.0 for Linux Beta 2 Released. Version 6.0 beta 2 of the Opera browser has been released for the Linux platform. "Opera 6.0 for Linux Beta 2 incorporates not only better features and faster rendering of pages, but also improves support for non-Roman alphabets. Opera is currently fine-tuning the Unicode and font support for Asian users and is preparing to shortly launch a final version of Opera 6.0 for Linux."

Desktop Environments

GNOME Summary for 2002-03-17 - 2002-04-22. Here's the GNOME Summary for March 17 through April 22, 2002. This issue looks at Abiword 1.0; the release of GTK#; reports from the Second Unix Accessibility Conference; and much more.

PerlBox desktop for Unix. PerlBox is a new desktop system written in Perl. PerlBox supports voice command input and works with the blackbox window manager.

Introduction to GConf and GnomeVFS Article. Mikael Hallendal and Richard Hult have published an introduction to GConf and GnomeVFS. GConf is the configuration utility for GNOME 2 and GnomeVFS is the Gnome Virtual File System library.

Xfce 3.8.16 released. Version 3.8.16 of the Xfce lightweight desktop environment is available for download.


Wine Weekly News. Issue #120 of the Wine Weekly News looks at wine-20020411, the X11 tree, WineX 2.0, Lindows, a CreateProcess test, C profiling, and more.


Gnome Media Media Related Utilities Package 1.520.2. Version 1.520.2 of the Gnome Media Media Related Utilities Package has been announced. Changed components include Gnome-CD, Gnome-Volume-Control, Gnome-Sound-Recorder, and CDDBSlave2.

Office Applications

Abiword v1.0. Abiword v1.0 has been released and is now available for download.

AbiWord Weekly News. Issue #88 of the AbiWord Weekly News covers the latest developments from that project. The bug fixing effort is still in full swing.

Pan 0.11.3 Released (Gnotices). Version 0.11.3 of the Pan news reader has been released. The main new feature is support for decoding yEnc formatted messages.

Kernel Cousin GNUe. Issue #25 of Kernel Cousin GNUe covers a number of Microsoft compatibility issues, documentation, and lots more.

Desktop Environments

Window Managers

Widget Sets


Programming Languages


Caml Weekly News. The April 23, 2002 Caml Weekly News looks at OCamlSDl, and CamlTk/Windows, and features a discussion on a curses library.

The Caml Hump. This week's Caml Hump entries include Phox, Rogare utilities, OSP, netclient, Cameleon, Okey, Configwin, and OCamlSDL.


G95 progress. Check out the latest developments on the G95 open-source FORTRAN compiler project. Progress is steadily moving forward.


LISA 1.2 released. Version 1.2 of LISA, the Lisp-based Intelligent Software Agents has been released. "LISA is a platform for the development of Rete-based intelligent systems in Common Lisp." This version adds a new query language for retrieving CLOS instances from the knowledge base.


Larry Drops Apocalypse 5 Hints On List (use Perl). Use Perl mentions some preliminary hints that Larry Wall has made concerning the contents of the upcoming Apocalypse 5.

Perl and XML on the Command Line (O'Reilly). Kip Hampton explores Perl and XML on O'Reilly. "The truth is that putting Perl's XML processing facilities to work is no harder than using any other part of Perl; and if the applications that feature Perl/XML in a visible way are complex, it is because the problems that those applications are designed to solve are complex. To drive this point home, this month we will get back to our Perlish roots by examining how Perl can be used on the command line to perform a range of common XML tasks."


PHP 4.2.0 released. The release candidate phase of PHP 4.2.0 is done, the official 4.2.0 version has been announced. "The biggest change in PHP 4.2.0 concerns variable handling. External variables (from the environment, the HTTP request, cookies or the web server) are no longer registered in the global scope by default. The preferred method of accessing these external variables is by using the new Superglobal arrays, introduced in PHP 4.1.0." This version also adds experimental support for Apache 2.


Dr. Dobb's Python-URL!. The weekly Dr. Dobb's Python-URL! is available for the week ending April 22, 2002.

The Daily Python-URL. New on the Daily Python-URL this week are several Python related events, Jython tips, ZEO 1.0 final, and more.


The Ruby Garden. This week's Ruby Garden looks at autoincrement and decrement operators, Numeric#prev, proc expressions, alternate method return values, constructors, and more.

The Ruby Weekly News. This week's Ruby Weekly News covers Ruby/Google 0.2.0, Ruby-Poll 0.0.1, TaskMaster 0.1.2, and Imlib2-Ruby 0.4.0.


Expand XSL with extensions (IBM developerWorks). Jared Jackson writes about XSL extensions on IBM's developerWorks. "Simply put, extensions are a way of calling a method written in some other programming language from within an XSL document. Usually, the extension methods are written in the same language as that of the XSL processor. There are exceptions to this rule: Java, for example, can be made to run programs in other languages such as Javascript or Perl."

Privacy and XML, Part I (O'Reilly). Paul Madsen and Carlisle Adams look at privacy issues from an XML perspective. "If access to information is part of the problem, it would seem that XML, with its logically identified and structured information objects, would only add fuel to the fire. Imagine how much easier a hacker's 'job' would be if she knew that all banks kept the credit card numbers of their customers in an XML Schema that specified a element."

Integrated Development Environments

GNUstep Weekly Editorial. The April 21, 2002 issue of the GNUstep Weekly Editorial looks at libffi support, work on gnustep-gui and gnustep-back, and more.

Section Editor: Forrest Cook

Language Links
Caml Hump
g95 Fortran
Gnu Compiler Collection (GCC)
Gnu Compiler for the Java Language (GCJ)
IBM Java Zone
Free the X3J Thirteen (Lisp)
Use Perl
O'Reilly's perl.com
Dr. Dobbs' Perl
PHP Weekly Summary
Daily Python-URL
Python Eggs
Ruby Garden
MIT Scheme
Why Smalltalk
Tcl Developer Xchange
O'Reilly's XML.com
Regular Expressions

 Main page
 Linux in the news

See also: last week's Commerce page.

Linux and Business

Jack Valenti's Congressional testimony. For those who are interested, here is a transcript of MPAA CEO Jack Valenti's testimony to a U.S. House subcommittee. He whines at length about the problems of piracy, but does not actually come out asking for the CBDTPA. "Then there is the mysterious magic of being able, with a simple click of a mouse, to send a full-length movie hurtling with the speed of light (186,000 miles per second) to any part of this wracked and weary old planet. It is that uncomprehending fact of digital life that disturbs the sleep of the entire U.S. film industry."

Petition supporting free software in Italian government. The Associazione Software Libero and the Italian Linux Society have launched a call for signatures in support of a proposed law which would require the adoption of free software and document formats in the Italian government. They want real signatures - there is a PDF file to be downloaded, printed, signed, and sent to the Associazione in Florence. It's all in Italian, of course.

HP Receives Top Ranking from D.H. Brown for Leadership in Linux and Open Source; HP Also Unveils Linux and Open Source Book Series Authored by HP Experts. Hewlett-Packard Company announced that in a comparison of Linux strategies by top IT vendors, HP's was deemed the most clearly communicated for customers and the industry, according to a new research report issued by D.H. Brown Associates, Inc. HP also unveiled a series of books authored by executives from HP Labs and HP's Linux organizations to further the education, research, adoption and development of Linux, Itanium and open source.

A new PostgreSQL book in the works. No Starch Press has announced the forthcoming availability of PostgreSQL: An Introduction to Software Engineering, to be published in cooperation with PostgreSQL, Inc.

PHP and MySQL: the Building Blocks of Successful Web Database Applications. O'Reilly announced the release of "Web Database Applications with PHP & MySQL", by Hugh E. Williams and David Lane.

Transgaming Technologies unleashes WineX 2.0. Transgaming Technologies has announced the release of WineX 2.0, which allows over 80 Windows games to be played on Linux. Downloads are only available to subscribers, who must pay a $5 membership fee.

VA Software Introduces SourceForge Enterprise Edition 3.1; Features Broader Enterprise Integration, Enhanced Project Administration, New User Interface. VA Software Corp. announced SourceForge(TM) Enterprise Edition 3.1, the latest version of its flagship product.

Linux Stock Index for April 19 to April 24, 2002.
LSI at closing on April 19, 2002 ... 25.23
LSI at closing on April 24, 2002 ... 23.99

The high for the week was 25.23
The low for the week was 23.89

Press Releases: