[LWN Logo]
[LWN.net]

Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise news for all interests


Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Letters

Other LWN stuff:
 Daily Updates
 Calendar
 Linux Stocks Page
 Book reviews
 Penguin Gallery

 Archives/search
 Use LWN headlines
 Advertise here
 Contact us

Recent features:
- RMS Interview
- 2001 Timeline
- O'Reilly Open Source Conference
- OLS 2001
- Gaël Duval
- Kernel Summit
- Singapore Linux Conference
- djbdns

Here is the permanent site for this page.

See also: last week's LWN.

Leading items and editorials


Measuring total cost of ownership. A claim that is often made by free software detractors is that free software is not really cheaper. Initial licensing fees, it is said, make up a very small part of the "total cost of ownership" (TCO) of a computing system. Once you figure in the costs of ongoing operations and support, free software no longer looks like a very good deal.

In reality, there is very little in the way of real data which demonstrates, one way or the other, whether a free or proprietary software shop is cheaper to run. So it was refreshing to see information from two separate sources which fills that gap this week. The bottom line from both sources is the same: running an operation with free software costs less.

First, consider a survey done by Cybersource (available in PDF format) which looks directly at the TCO issue. The folks at Cybersource look at two scenarios for outfitting a company with a server and desktop infrastructure, with and without the need to buy new hardware. The survey considers hardware and software costs, and the costs of the staff required to keep things going. The final conclusion: a Linux-based infrastructure has a 25% lower TCO over three years if new hardware is part of the deal; 34% lower if existing hardware is to be used.

The survey could be attacked as being simplistic. The only software cost for the Linux-based network is $79.95 (Australian) for a single copy of a commercial distribution. The possibility that a company may need to buy any proprietary packages is not considered. The survey also does not consider retraining and other migration costs - a point which is often made by proprietary software companies, and which should be taken into account (but see the next item, below). Cybersource found that Linux system administrators cost a bit more than Windows administrators, but does not account for the (generally unmeasured) perception that Windows systems require more administrative time than Linux systems. And so on.

No such survey is going to be perfect, however - real-world networks are complicated things. This survey is, however, a useful contribution to the debate.

The other data point comes from a very different source, and was never meant to be presented as a TCO comparison. Consider Dell's new dedicated hosting service, and, in particular, the D-2800 offering. This service offers a respectable system (Pentium 850, 256MB, 20GB, 21GB/month bandwidth) in two configurations:

  • Red Hat Linux 7.1: $189/month.
  • Windows 2000: $239/month.

The folks at Dell are not out to prove a point about which system is better. They are running a business, and have figured out a competitive price at which they can offer each service. The total cost of ownership of each system will have been figured into the hosting costs they charge their customers. The result is decisive: with identical hardware and bandwidth provision, the Linux system is 21% cheaper. Not a bad result.

Microsoft vs. Peru. These events transpired in late March and early April, but we in the North can be a bit slow at times.... Peru, like a number of countries, is considering legislation which would require the use of free software within the government whenever possible. Microsoft, strangely enough, does not like that idea. So, on March 21, Juan Alberto González, general manager of Microsoft Perú, sent a letter to Edgar Villanueva Nuñez, the Peruvian congressman behind the free software bill. This letter is available on the net translated to English; those wanting to read the original Spanish version can find it (as a set of scanned images) on this page.

The letter raises the usual points heard from Microsoft when it is worried about free software:

  • Use of free software will "discourage local and international software manufacturers who make real and important investments in the country."

  • Free software presents security risks, comes with no warranty, and may violate "the intellectual property rights of third parties."

  • Free software is not really free (of charge), and, in any case, licensing costs are a small part ("8%") of the total cost of ownership.

  • The state could benefit from Microsoft's volume pricing schemes (despite the fact that Microsoft just claimed that licensing costs are almost insignificant).

  • Moving to free software imposes migration costs.

  • The level of service available for free software is inadequate.

  • Using free software will discourage creativity in the Peruvian software industry. "With a law encouraging the use of open source software, programmers lose their intellectual property rights and their most important source of remuneration."
And so on.

Government officials in many countries seem to eat that sort of stuff up. So it is delightful to read Mr. Villanueva's highly clueful response (in Spanish or English translation). We'll present a few excerpts here, but it is worth the effort to read the whole (somewhat lengthy) thing.

Mr. Villanueva starts by reiterating the goals of the free software bill, which Microsoft passed over entirely in its criticism:

  • Free access to public information
  • Permanence of public data
  • Security of the state and its citizens

These goals, he argues, can only be achieved with free, open source code and file formats. Not all free software users are much concerned with freedom, but governments should be. Microsoft's arguments pass over freedom and look at economic issues; it is good to see that this congressman is able to keep the freedom argument in view.

Once that is done, however, Mr. Villanueva proceeds to demolish the economic arguments as well. Concerning, for example, the claim that the local software industry would be damaged:

In addition, a reading of your opinion would lead to the conclusion that the State market is crucial and essential for the proprietary software industry, to such a point that the choice made by the State in this bill would completely eliminate the market for these firms. If that is true, we can deduce that the State must be subsidizing the proprietary software industry. In the unlikely event that this were true, the State would have the right to apply the subsidies in the area it considered of greatest social value; it is undeniable, in this improbable hypothesis, that if the State decided to subsidize software, it would have to do so choosing the free over the proprietary, considering its social effect and the rational use of taxpayers money.

With regard to Microsoft's security claims:

What is impossible to prove is that proprietary software is more secure than free, without the public and open inspection of the scientific community and users in general. This demonstration is impossible because the model of proprietary software itself prevents this analysis, so that any guarantee of security is based only on promises of good intentions (biased, by any reckoning) made by the producer itself, or its contractors.

Mr. Villanueva also sees through the "no warranty" argument:

If as a result of a security bug in one of your products, not fixed in time by yourselves, an attacker managed to compromise crucial State systems, what guarantees, reparations and compensation would your company make in accordance with your licensing conditions? The guarantees of proprietary software, inasmuch as programs are delivered ``AS IS'', that is, in the state in which they are, with no additional responsibility of the provider in respect of function, in no way differ from those normal with free software.

Mr. Villanueva takes issue with the cost of ownership arguments, making many familiar points: there is a more competitive market for services, fixes only need be done once, far fewer problems with downtime, "blue screens of death," viruses, etc. He also has an answer to the claim that migration costs make free software uncompetitive:

Once a policy of using free software has been established (which certainly, does imply some cost) then on the contrary migration from one system to another becomes very simple, since all data is stored in open formats. On the other hand, migration to an open software context implies no more costs than migration between two different proprietary software contexts, which invalidates your argument completely.

For what it's worth, Microsoft is far less concerned about migration costs on its Migrating to Windows from Unix and Linux pages.

One last point worth careful study is Mr. Villanueva's analysis of the failure of Mexico's "Red Escolar" project, which has backed off from its goal of running free software in all of Mexico's schools. Red Escolar failed because it emphasized licensing costs over the other benefits of free software, because it lacked support from the federal government, and, crucially, because there was no real plan for moving over to free software:

...the assumption was made that to implant free software in schools it would be enough to drop their software budget and send them a CD ROM with Gnu/Linux instead. Of course this failed, and it couldn't have been otherwise, just as school laboratories fail when they use proprietary software and have no budget for implementation and maintenance. That's exactly why our bill is not limited to making the use of free software mandatory, but recognizes the need to create a viable migration plan, in which the State undertakes the technical transition in an orderly way in order to then enjoy the advantages of free software.

This is an important realization: you can't just mandate free software and expect it to work. The fact that Peru is thinking about how this change is to be made, and that it is not "free beer" free, is a hopeful sign.

Increasingly, governments are realizing that the goals of freedom of information and security conflict with the use of proprietary software. Most national governments are also well at ease with the notion that they don't have to send all that money to a large, U.S. corporation which has been convicted of antitrust violations. Said corporation does not like this trend, and can only be expected to fight back fiercely. In Peru, however, the company has so far found itself rather outclassed.

LWN now accepts credit cards. Numerous people have asked us for an alternative to PayPal as a means for donating to LWN or paying for advertisements. We may be slow, but we don't forget...we now have secure credit card processing working on the site. If you have been waiting for a non-PayPal way to donate to LWN, now is your chance.

Inside this LWN.net weekly edition:

  • Security: Honeynet Reverse Challenge; tcpdump & FreeBSD; GnuPG 1.0.7
  • Kernel: The end of /proc/ide; kbuild 2.5 and modversions.
  • Distributions: Yet another revision (to the LWN Distributions List); The Arabization of Linux.
  • Development: Samba 2.2.4, SocketCC, Google search modules, Rosegarden 4v0.1.5, GARNOME preview 6, game contest, FLTK 1.1.0rc1, GnuPG 1.0.7, SBCL 0.7.3, Parrot answers, OProfile 0.2.
  • Commerce: Red Hat Launches New Channels to Support Education; EUCD status Wiki established.
  • Letters: Mandating the GPL.
...plus the usual array of reports, updates, and announcements.

This Week's LWN was brought to you by:


May 9, 2002

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Letters

See also: last week's Security page.

Security


News and Editorials

The Honeynet Project Reverse Challenge. The Honeynet Project has announced a new challenge for the security community. It differs from last year's Forensic Challenge, however: "The goal of this challenge is to develop reverse engineering skills amongst the security community. Your mission, if you should choose to accept, is to analyze and report on a binary captured in the wild." The captured binary was released on May 5th. There are actually prizes being offered this time around.

Jeffrey Reava has suggested a couple of resources that "may be helpful in putting together an analysis environment." Please remember that the subject is a binary "captured in the wild" and take appropriate precautions.

NewScientist.com has also run an article about the contest.

Security Reports

Multiple vulnerabilities in tcpdump. Version 3.5.2 fixed a buffer overflow vulnerability in all prior versions. However, newer versions, including 3.6.2, are vulnerable to another buffer overflow in the AFS RPC functions that was reported by Nick Cleaton.

This Conectiva announcement addresses both vulnerabilities. The February 12th Red Hat security advisory updates tcpdump to version 3.5.2, which does not have the AFS vulnerability.

Both problems appear to have been reported and fixed in FreeBSD some months ago. The CIAC report on the vulnerability in versions prior to 3.5.2 is dated October 31, 2000. Nick Cleaton's FreeBSD security advisory on the AFS RPC bug, and reference to a fix for FreeBSD, is dated July, 17, 2001. Tcpdump 3.7 was released on January 21, 2002. So the Linux distributors are running a little slow on this one. (Thanks to Michael Richardson).

Heap corruption vulnerability in imlib. A new problem has been found with the imlib library; this heap corruption bug could, perhaps, lead to remote exploits. Note that this is a different problem than the NetPBM vulnerability (reported below); a new update is required to fix it. So far, the only update we have seen for the new vulnerability is this one from Conectiva.

Webmin/Usermin vulnerabilities. Webmin is a web-based interface for system administration for Unix. Webmin has cross-site scripting and session ID spoofing vulnerabilities which are fixed in version 0.970.

Gentoo security update to evolution. There is a security update to evolution available for Gentoo Linux fixing the malformed header processing vulnerability in that package.

Red Hat Security Advisory: Nautilus. Red Hat has posted a security update to nautilus. "The metadata file code in Red Hat Linux 7.2 can be tricked into chasing a symlink and overwriting the symlink target."

SuSE security update to sysconfig. SuSE has updated its sysconfig package fixing a (SuSE-specific) problem where DHCP clients can be compromised via spoofed DHCP reply packets.

Packet Storm warning. "On May 5, a file was added to Packet Storm which was found to contain a linux virus known as Linux.Jac.8759. The file, 73501867, is an exploit for PHP in binary form." Packet Storm is "a non-profit organization comprised of security engineers dedicated to providing the information necessary to secure the World's networks." (Thanks to Giorgio Zoppi).

Updates

Problem loading untrusted images in imlib. Versions of imlib prior to 1.9.13 used the NetPBM package in ways which "make it possible for attackers to create image files such that when loaded via software which uses Imlib, could crash the program or potentially allow arbitrary code to be executed." (First LWN report: March 28).

This week's updates:

Previous updates:

mod_python remote vulnerability. Version 2.7.7 of mod_python has been announced. "This release (as far as I could tell adequately) addresses the security issue whereby a module indirectly imported by a published module could then be accessed via the publisher." Upgrades are recommended. (First LWN report: April 18).

This week's updates:

Mozilla XMLHttpRequest file disclosure vulnerability. This XMLHttpRequest security bug impacts all Mozilla-based browsers. "The bug is found in versions of Mozilla from 0.9.7 to 0.9.9 on various operating system platforms, and in Netscape versions 6.1 and higher." (First LWN report: May 2).

This week's updates:

Previous updates:

  • The fix is in Mozilla 1.0 branch nightly builds dated 2 May 2002 or later.

ZDNet also covered the vulnerability with a focus on its presence in Netscape.

Resources

Linux security week. The and publications from LinuxSecurity.com are available.

GnuPG version 1.0.7 released. Version 1.0.7 of the Gnu Privacy Guard (GnuPG), the open replacement for PGP has been released. This version features a large number of changes and improvements.

Events

Upcoming Security Events.

Mark your calendars - DEFCON 10. The announcement has gone out: DEFCON 10, "largest hacker convention on the planet," will be held August 2 to 4 in Las Vegas.

Date Event Location
May 9, 2002Stanford's Center for Internet and Society Conference on Computer Security Vulnerability Disclosure(Stanford Law School)Stanford, CA, USA
May 12 - 15, 20022002 IEEE Symposium on Security and Privacy(The Claremont Resort)Oakland, California, USA
May 13 - 14, 20023rd International Common Criteria Conference(ICCC)Ottawa, Ont., Canada
May 13 - 17, 200214th Annual Canadian Information Technology Security Symposium(CITSS)(Ottawa Congress Centre)Ottawa, Ontario, Canada
May 27 - 31, 20023rd International SANE Conference(SANE 2002)Maastricht, The Netherlands
May 29 - 30, 2002RSA Conference 2002 Japan(Akasaka Prince Hotel)Tokyo, Japan
May 31 - June 1, 2002SummerCon 2002(Renaissance Hotel)Washington D.C., USA
June 17 - 19, 2002NetSec 2002San Fransisco, California, USA
June 24 - 28, 200214th Annual Computer Security Incident Handling Conference(Hilton Waikoloa Village)Hawaii
June 24 - 26, 200215th IEEE Computer Security Foundations Workshop(Keltic Lodge, Cape Breton)Nova Scotia, Canada

For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net.

Section Editor: Dennis Tenney


May 9, 2002

LWN Resources


Secured Distributions:
Astaro Security
Castle
Engarde Secure Linux
Immunix
Kaladix Linux
NSA Security Enhanced
Openwall GNU/Linux
Trustix

Security Projects
Bastille
Linux Security Audit Project
Linux Security Module
OpenSSH

Security List Archives
Bugtraq Archive
Firewall Wizards Archive
ISN Archive

Distribution-specific links
Caldera Advisories
Conectiva Updates
Debian Alerts
Kondara Advisories
Esware Alerts
LinuxPPC Security Updates
Mandrake Updates
Red Hat Errata
SuSE Announcements
Turbolinux
Yellow Dog Errata

BSD-specific links
BSDi
FreeBSD
NetBSD
OpenBSD

Security mailing lists
Caldera
Cobalt
Conectiva
Debian
Esware
FreeBSD
Kondara
LASER5
Linux From Scratch
Linux-Mandrake
NetBSD
OpenBSD
Red Hat
Slackware
Stampede
SuSE
Trustix
turboLinux
Yellow Dog

Security Software Archives
munitions
ZedZ.net (formerly replay.com)

Miscellaneous Resources
CERT
CIAC
Comp Sec News Daily
Crypto-GRAM
LinuxLock.org
LinuxSecurity.com
Security Focus
SecurityPortal

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Letters

See also: last week's Kernel page.

Kernel development


The current development kernel is 2.5.14, released on May 6. This release includes the usual IDE reworking, a big Bluetooth update, an NTFS update, and a bunch of VM/buffer management work. As Linus points out, many of the changes in this kernel affect fundamental layers of the VM and buffer management subsystems; "backups are always a good idea." There have been few complaints, however.

The buffer management changes, which have been working their way in over the last few development kernel releases, make substantial progress toward the goal of eliminating the buffer cache as such. The "buffer head" data structure, increasingly, is used for I/O management and little else. With the recent patches (by Andrew Morton), writeback of dirty I/O pages is done directly out of the page cache, rather than by scanning a list of buffer heads. In a subtle (but important) change, page writeback is now done without locking the page, allowing certain other concurrent uses and reducing lock contention. The change improves performance, but requires kernel developers to be aware that an unlocked page could have write I/O operations active on it. Other changes include hashed wait queues for buffer heads (saving a chunk of memory) and a new way of handling readahead values, which eliminates another ugly global array from the block layer.

The latest prepatch from Dave Jones is 2.5.14-dj2, which adds a reworking of the x86 initialization code and a relatively small set of other patches.

The latest 2.5 Status Summary from Guillaume Boissiere is dated May 7.

The current stable kernel release is 2.4.18. After a long pause, a new 2.4.19 prepatch (2.4.19-pre8) came out on May 2. Marcelo says that there will be just one more prepatch before the first 2.4.19 release candidate. -pre8 includes a big m68k update, many patches from the -ac series, and lots of other fixes.

Alan Cox has released 2.4.19-pre8-ac1, which merges with -pre8 but adds no other changes.

The end of /proc/ide. The week would not be complete without some discontent over Martin Dalecki's IDE changes. The problematic change this time around was his IDE 57 patch, which removes the code implementing /proc/ide. This directory, and those beneath it, provide a wealth of information about the IDE drives on the system: their geometry, how they are configured, etc.

Martin has a couple of complaints about how /proc/ide works. The most important of those is that changing drive settings requires a fair amount of attention to return values, error handling, etc. which "is very unlikely to be implemented in bash." The ability to tweak drive settings should be limited to "real" programs using the ioctl() interface. The other complaint is, simply, that the /proc/ide code is large, about 34KB.

The thing is, of course, that some people like to have the information available in /proc/ide. Some of that information can be obtained from the hdparm command, but not all of it. Until somebody steps in and fills the gap, it is going to be harder to look into the IDE subsystem.

While some people complain about the continual flux and removal of features in the IDE subsystem, Linus thinks it's a good thing:

Who cares? Have you found _anything_ that Martin removed that was at all worthwhile? I sure haven't.

Guys, you have to realize that the IDE layer has eight YEARS of absolute crap in it. Seriously. It's _never_ been cleaned up before. It has stuff so distasteful that it's scary.

So the IDE reworking process is likely to continue.

Is kbuild 2.5 really ready for inclusion? LWN recently stated that, with the solving of the kbuild 2.5 performance problems, detractors were going to have to find some other reason to keep the new system out of the kernel. Well, it seems they have been trying.

The big complaint now is that modversions does not work in kbuild 2.5. Modversions, of course, is a mechanism which attempts to make binary modules loadable into multiple kernel versions without recompilation; it is much appreciated by distributors, binary software vendors, and users who like to be able to upgrade kernels without having to rebuild their external modules.

Essentially, modversions works as follows. A utility program shipped with the kernel (genksyms) is run as part of the kernel build process. It looks at every interface exported by the kernel, and calculates a checksum based on the types used in that interface. Thus, for example, it may look at the prototype for kmalloc():

	void *kmalloc (size_t size, int flags);
From the name, the void * return type, and the types of the arguments it generates (say) a checksum of 93d4cfe6. Through a bit of a long process, any module which is compiled for this kernel will include a definition (essentially) like:
	#define kmalloc kmalloc_R93d4cfe6
The module will thus expect to link against the mangled version of the name, not straight kmalloc.

The mangled names are not used for hard linking within the kernel. They do, however, find their way into the kernel symbol table (and can thus be seen in /proc/ksyms). When insmod is used to load a module, it checks the mangled names against the symbol table, and will only load the module if they match. Thus, if the interface to some function has changed, the insert will fail and the module will have to be recompiled.

In practice, it doesn't always work quite that well. genksyms can find interface changes, but it is unaware of numerous other changes which can make a module unsuitable for insertion into any given kernel. One of these issues (SMP versus uniprocessor) is handled in the kernel makefiles, since it is a common and devastating case. But other options - preemptable kernel, memory model, etc. - are not caught, and can result in the loading of a module which brings down the system. There are also scenarios where modversions can fail to catch an interface change if the user is not careful.

Kernel developers themselves rarely turn on modversions; it does not normally help them, adds extra processing, and it has a hackish feel that turns people off. So it is surprising to see complaints about modversions not working in kbuild 2.5, especially since kbuild developer Keith Owens has said that he plans to fix it once kbuild is part of the mainline kernel. In fact, he plans to fix it right, using the same emphasis on getting the right result that he has applied to the rest of the kbuild system. So modversions will be back for the next stable series, which is the only time it really matters.

SELinux as a Linux Security Module. The NSA's Security Enhanced Linux is one of the better-known high-security Linux distributions. SELinux was also one of the first demonstrations of a security structure built upon the Linux Security Module (LSM) patch. The SELinux hackers have now posted a report describing how SELinux was implemented over LSM. It's worthwhile reading for anybody who is interested in how the LSM patch works, or in how a high-security system can be built over the Linux kernel.

Other patches and updates released this week include:

Kernel trees:

Core kernel code:

Development tools:

Device drivers

Filesystems:

Kernel building:

Miscellaneous:

Networking:

Section Editor: Jonathan Corbet


May 9, 2002

For other kernel news, see:

Other resources:

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Letters

See also: last week's Distributions page.

Distributions


Please note that security updates from the various distributions are covered in the security section.

News and Editorials

Yet another revision (to the LWN Distributions List). When LWN released the newly revised LWN.net Linux Distributions List last February, several people wrote to ask if we could add a table of contents to make it a bit easier to navigate. It took a while to get there, but we are pleased to announce that a table of contents has been added. Now you can find your way to any category with a single click.

As part of the ongoing maintenance of the list we have found two distributions that seem to have disappeared. The Linux Cyrillic Edition, once found at http://www.usoft.spb.ru/Graphic/English/Products/products.html, and LEM, once found at http://linux-embedded.com/, are both gone. As usual, before deleting these distributions from the list we are asking our very knowledgeable readers if they have additional information for either one.

The Arabization of Linux. This week an article from the Arab News showed up at LWN. The article covers several topics, but in particular, it says, "Investment in Linux associated Arabization has not been made by governments or educational institutions. This is a mistake. In the long-term, Arabization of Linux will cost less than licensing fees."

The government may not be helping out much, but we are pleased to report that Haydar Linux and the Arabeyes Project are making progress in this area. The Arabeyes Project is aimed at fully supporting the Arabic language in the Unix/Linux environment. The project is working closely with Haydar Linux to produce a Linux distribution with full Arabic language support. They are getting closer to this goal as Haydar Linux has announced its first beta release. This beta release is meant for programmers and experts to test and report the bugs and problems.

Distribution News

Debian Weekly News for May 1st. The latest edition of the Debian Weekly News is available for your enjoyment. Covered topics include the LILO boot screen, the Debian Developer Portal, the preliminary Woody release announcement, and more.

Mandrake Linux Community Newsletter. The Mandrake Linux Community Newsletter for May 2 is available. Covered topics include the reopening of the MandrakeStore, the Business Case of the Week, and more.

Mandrake Linux Security tools. Security conscious Mandrake Linux users should keep an eye on Mandrake Security tools project. This package is designed to provide a generic secure level for Mandrake Linux users.

MontaVista Linux 2.1 is shipping. MontaVista Software, Inc has announced the release of version 2.1 of MontaVista Linux Professional Edition, a commercial embedded Linux distribution. "MontaVista Linux 2.1 focuses on cross-development capability, with tools hosted on 11 host environments, including Mandrake, Yellow Dog, SuSE, Red Hat, Solaris and VMWare on Windows NT/2000."

MontaVista Linux Professional Edition 2.1 also supports a range of IBM next-generation network processors including the NP4GS3 and the NPe405H and NPe405L family.

Red Hat Unveils Red Hat Linux 7.3. Here's Red Hat's press release on version 7.3 of the company's flagship distribution. See the new features page for a list of all the new goodies this time around.

Slackware Linux. Slackware Linux users were treated to another large set of changes to Slackware-current this week.

If you've had any problems with printing on Slackware you should check out this Slackware printing guide on UserLocal.com.

SuSE Ships SuSE Linux Enterprise Server 7 for 64-bit IBM eServer zSeries. SuSE has issued a press release announcing the new release of their distribution for the zSeries server line from IBM.

Minor Distribution updates

Astaro Security Linux. Astaro Corporation announced version 3 of its combined Astaro Security Linux firewall/ VPN/ anti-virus/content filtering security software. This complete software appliance also bundles a hardened Linux kernel.

GENDIST. GENDIST has released stable version 1.0.0 with minor feature enhancements.

Lunar-Linux. Lunar-Linux has a new ISO available for testing. This one, called Petro_h, is a release candidate.

NSA Security Enhanced Linux. NSA Security Enhanced Linux has released version 2002050211 with minor feature enhancements.

ROCK Linux. Have you been thinking about building a ROCK Linux cluster? Here is a helpful guide. There are new online documentation files available for BUILD, BUILD-CROSS and BUILD-CLUSTER. (Thanks to Stefan Koerner)

Sorcerer Linux. Sorcerer has a new Install/Rescue disk available. "Bugs in linux/POST_INSTALL keeping the image section from being properly written to /etc/lilo.conf during initial installation have been fixed. A new Install/Rescue Image is ready for download. I suggest downloading the much smaller 317 kilobyte xdelta patch and apply that to an unbzip2ed sorcerer-20020427.iso if you already have it."

Source Mage GNU/Linux. Source Mage GNU/Linux is the new name for that branch of Sorcerer GNU/Linux created by former SGL team members. The project has a new web address and the mailing lists have moved. What was once sorcerylinux.org is now sourcemage.org.

Virtual Linux. Virtual Linux has released v1.1 with major feature enhancements.

Distribution Reviews

A first look at Red Hat 7.3. Aschwin Marsman of aYniK Software Solutions has reviewed Red Hat Linux 7.3. "At 22:25 I chose to upgrade my existing RH 7.2 installation. I selected partition hde5 on my 80GB hard drive as the root file system, and selected to customize the packages to be upgraded. After that I got the possibility to upgrade ext2 partitions to ext3. I choose not to upgrade, because all RH 7.2 partitions are already ext3, and the other partitions are on other hard drives which are nominated to be cleaned."

Red Hat releases Linux 7.3 (News.com). News.com reports on the new Red Hat Linux 7.3 release. "Red Hat Linux version 7.3 adds to the company's current open-source operating system offerings with new features that include personal firewall configuration, and installation and video-conferencing software.

The new version also includes Web and telephone access to experts and the Red Hat Network--an automated Internet service for managing Red Hat Linux systems."

SOT Linux 2002 (Tucows). Tucows gave SOT Linux 2002 a 5 cow rating in this brief review. "Whether you're a desktop publisher, a 'Net junkie or a games fiend, SOT Linux 2002 Desktop has everything you'll need to make computer life easier."

What to do with that 'throw-away' Computer - or - OpenBSD rocks on low spec Pentiums! (Linux Orbit). Linux Orbit reviews OpenBSD on older Pentium hardware. "The machine is a classic Pentium 100 MHz with 24MB of RAM and two hard drives at 545MB and 130MB each. Not only is this machine extremely low spec, but it also has a Y2K bug which means I have to run it with a pre 2000 or post 2094 date. If it weren't for the fact that I was given this machine for free, it would probably be in a landfill somewhere. After deleting Windows 95 I decided it would be a perfect machine to try out the OpenBSD 2.9 ISO's which I had downloaded some months before (Since then OpenBSD 3.0 has been released and 3.1 is due 19th May, 2002)."

Section Editor: Rebecca Sobol


May 9, 2002

Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.

Distribution Lists:
LWN List
DistroWatch
ibiblio
Linux.com
LinuxLinks
LDP English-language GNU/Linux distributions on CD-ROM
Woven Goods

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Letters

See also: last week's Development page.

Development projects


News and Editorials

Samba 2.2.4 Released A new stable release of Samba has been announced. Samba allows a Unix-based machine to serve files and printers to Microsoft machines, it provides an inexpensive and reliable alternative to Microsoft-based servers. Version 2.2.4 is recommended for all production systems since it incorporates all of the current bug-fixes.

A few highlights of this release include:

  • Improved SPOOLSS printing for Windows NT/2k/XP clients.
  • Bug fixes relating to the serving of Access and FoxPro database files.
  • VFS layer improvements and the inclusion of a recycle bin vfs module.
  • A new tdbbackup tool for backing up and restoring Samba TDBs.
  • Scalability and stability improvements to winbind.
  • MS-DFS bug fixes.
  • Fixes for the Rpcclient's printer commands.
See the announcement for a detailed list of all of the changes.

Source code and binary packages for Samba 2.2.4 may be downloaded here. Congratulations go to the Samba team for moving this important project ahead. (Thanks to Gerald Carter)

Electronics

Icarus Verilog snapshot for April 6, 2002. A new version of the Icarus Verilog electronics simulation language compiler is available. The release notes detail all of the changes.

Embedded Systems

WANDER: a Portable Linux Data-Collection System (Linux Devices). Linux Devices features an article on the WANDER portable linux-based data collection system. "We wanted to allow the user (typically a scientist doing environmental field research) to install a variety of sensors and configure the system accordingly -- a somewhat nontrivial problem, as we can't very well anticipate every arcane serial protocol or sensor characteristic that might be encountered."

Device Profile: Cyclades TS100 'device server' (LinuxDevices.com). LinuxDevices has posted a review of the Linux-based Cyclades-TS100. "The TS100 is a powerful yet highly compact device server which is used to connect various serial devices to a TCP/IP network."

Embedded Linux Newsletter for May 2, 2002 (LinuxDevices.com). The LinuxDevices.com Embedded Linux Newsletter is available with all of the latest news and info from the world of Embedded Linux and Linux-based gadgets.

Libraries

A C++ Socket Library for Linux (Dr. Dobb's). Jason But introduces his SocketCC C++ socket library on Dr. Dobb's. "I wrote SocketCC, the C++ class library I present here, which supports both IPv4 and IPv6 network communications using both TCP- and UDP-style sockets. SocketCC is not a comprehensive sockets library, nor is it necessarily suitable for all types of applications. However, it is both class based and open source, so you should be able to work around any deficiencies by inheriting classes or rewriting the base class. "

Network Management

Guarddog Firewall 2.0 Almost Ready For Release. Guarddog Firewall is in need of testing. Guarddog is an easy to use, yet powerful, firewall for Linux machines running KDE 2 or 3.

Printing Software

LPRng 3.8.12 released. Version 3.8.12 of the LPRng print spooling system is available. The CHANGES in this release are fairly minor, involving a patch for Tcp wrappers.

Web-site Development

Zope Members News. The Zope Members News features articles on the Fle3 tools for Collaborative Knowledge Building, the Wing IDE version 1.1.4, BlogFace 1.0, the Emil 0.6.0 Email Client, and more.

Web Services

ActiveState Releases Module for Searching Google (usePerl). UsePerl reports on a new web service that allows Google's search engine to be accessed through SOAP. Perl and Python modules are provided.

Wrapping Web Service APIs (O'Reilly). Stephen Figgins explores the PyGoogle interface to Google on O'Reilly's onLamp site. "There are many approaches to writing XML based web services: SOAP, XML-RPC, REST. If all you want to do is use a service, and there is a Python wrapper for it, you might not care what it was written in. Mark Pilgrim's has wrapped the Google SOAP API. Load up his PyGoogle module and google away. The wrapper takes care of the SOAP for you."


May 9, 2002


Application Links
GIMP
Mozilla
Galeon
High Availability
ht://Dig
mnoGoSearch
MagicPoint
Wine
Worldforge
Zope

Open Source Code Collections
Berlios
Freshmeat
OpenSourceDirectory
Savannah
Le Serveur Libre
SourceForge
Sweetcode

   

 

Desktop Development


Audio Applications

Winamp glitch may benefit open source (CNET News.com). Here's an article all about Ogg Vorbis. "A recently disclosed vulnerability in an old version of the popular Winamp media player could provide a boost for the royalty-free alternative to the MP3 format known as Ogg Vorbis."

Rosegarden 4 version 0.1.5. Rosegarden 4 version 0.1.5 has been announced. "The Rosegarden development team would like to announce the release of Rosegarden-4 v0.1.5 - a sequencer and music notation editor for KDE2 now with KDE3 and ALSA 0.9 support.

This is an alpha, development release and while not yet suitable for end-users it has some interesting features and is certainly usable for composition, MIDI playback and recording."

Desktop Environments

GNOME Summary - April 23 - 28, 2002. The GNOME Summary for April 23 - 28 covers the GNOME 2 release, preferences/control panel reorganization, easy bugs to fix, Ximian setup tools, Glade, the frontier extends, AbiWord works in Evolution, and much more.

GNOME Summary for 29 April to 4 May, 2002 AC. Here's the GNOME Summary for April 29 - May 4, 2002. This issue covers a need for GNOME2 maintainers, the world's coolest archiver, a new release of Overflow, and much more.

GARNOME Preview Six (Gnotices). A new version of GARNOME is out. "If you're dying to try the GNOME 2.0 Desktop, but don't want to fall into the depraved addictions and co-dependencies of testing from anonymous CVS, then GARNOME is for you."

Games

Announcing the Crystal Space Contest. The developers of Crystal Space, an Open Source 3D Engine, have announced a contest that involves writing a game, demo, or useful tool for Crystal Space using the Crystal Space framework. Prizes totaling $950 will be awarded to three winners.

The Chopping Block. The May, 2002 edition of the Chopping Block has been published at World Forge games. This edition contains a number of meeting summaries and a bonus fictional piece.

PyDDR 0.4.5 (Pygame). The Pygame site lists a new version of PyDDR. "PyDDR is a clone of 'Dance Dance Revolution'. Dance with your body (or your fingers) and try to keep the beat. The better you do, the higher you score. There is full support for floor pads, so you can dance dance the night away."

GUI Packages

FLTK 1.1.0rc1 released. Version 1.1.0rc1 of FLTK, the fast, light toolkit has been announced. Changes include a long list of bug fixes and improvements.

Interoperability

Kernel Cousin Wine. Issue #121 of Kernel Cousin Wine covers the ALSA driver, Winsock 2 patches, tests, Wineinstall bumps, Euro support, the IE Favorites Menu, problems with CDROMs, and the XIM internationalization patch.

Office Applications

Kernel Cousin GNUe #27. Issue #27 Of Kernel Cousin GNUe features a discussion of links between GNUe and DotGNU as well as many more GNU Enterprise development issues.

AbiWord Weekly News #90. Issue #90 of the AbiWord Weekly News covers new additions and bug fixes for the AbiWord word processor project.

Miscellaneous

GnuPG version 1.0.7 released. Version 1.0.7 of the Gnu Privacy Guard (GnuPG), the open replacement for PGP has been released. This version features a large number of changes and improvements.

 
Desktop Environments
GNOME
GNUstep
KDE
XFce
XFree86

Window Managers
Afterstep
Enlightenment
FVMW2
IceWM
Sawfish
WindowMaker

Widget Sets
GTK+
Qt
   

 

Languages and Tools


Caml

Caml Weekly News. the May 7, 2002 edition looks at Functional Unparsing, high end type theory, and a problem with input_line.

Lisp

Steel Bank Common Lisp 0.7.3 released. Version 0.7.3 of Steel Bank Common Lisp has been announced. It features support for more platforms, bug fixes, improved documentation, and more.

Vendor Neutral cCLan. A new vendor-neutral comprehensive Common Lisp archive network has been announced. "cCLan (comprehensive Common Lisp archive network) is a Lisp software distribution project much like CTAN for (La)TeX and CPAN for Perl. Its goal is to enable users to issue a single command for downloading, compiling and installing a module or application and all the libraries it depends on."

OpenMCL 0.11 released. Version 0.11 of OpenMCL has been released. "OpenMCL is an open-source Common Lisp implementation derived from Macintosh Common Lisp by Digitool. It runs under LinuxPPC and Darwin/MacOS X."

Perl

The Parrot Answers (use Perl). Parrot Pumpking Dan Sugalski answers a bunch of questions about Parrot, the Perl 6 compiler. Some of the questions concern supported platforms, other language support, mod_perl support, performance issues, timelines, and more.

May Issue of The Perl Review (ThePerlReview.com). The latest Perl Review for May is available in PDF form. Articles in this issue:

  • Extreme Publishing: Change Happens -- Brian dFoy
  • Cooking Perl with flex -- Alberto Manuel Sim
  • Parroty Bits: Bit 1, The Parrot Vooms! -- Dan Sugalski
  • Finding Perl Modules -- Brian dFoy

PHP

PHP Weekly Summary for May 6, 2002. The May 6 PHP Weekly Summary looks at the PHP 4.3.0 release plan, PHP 4.2.1 RC 1, the cryptopp and Xdebug extensions, interfaces, string types, and a URL Rewriter.

Python

The Daily Python-URL. This week's entries on the Daily Python-URL include the Python Pattern, fun with generators, ZUBB, embedding Python in ArcView, online polls with Zope, handling units with Unum, and more.

Pyro 2.7 released. Version 2.7 of Pyro (PYthon for Remote Objects) has been announced. "Pyro offers you a Name Server, an Event Service, mobile objects, remote exceptions, dynamic proxies, remote attribute access, automatic reconnection, a detailed manual, and many examples to get you started right away."

Ruby

The Ruby Garden. This week, the Ruby Garden covers ruby_run exiting issues, quotes and hash keys, class/module names and constants, require, and type checks.

The Ruby Weekly News. The May 5, 2002 Ruby Weekly News looks at Ruby/Google 0.4.0, Practical Ruby 0.2.2, RHDL 0.1.0, an RAA wrapper client, and more.

XML

Splitting and Manipulating Strings (O'Reilly). Bob DuCharme shows how to deal with strings with XSLT and XML. "XSLT is a language for manipulating XML documents, and XML documents are text. When you're manipulating text, functions for searching strings and pulling out substrings are indispensable for rearranging documents to create new documents. The XPath string functions incorporated by XSLT give you a lot of power when you're manipulating element character data, attribute values, and any other strings of text that your stylesheet can access."

Debuggers

GNUstep Weekly Editorial. The May 3, 2002 GNUstep Weekly Editorial covers the latest developments on the GNUstep debugger project.

Software Testing

OProfile 0.2 released. Version 0.2 of the OProfile code profiler has been announced. "OProfile is still in alpha, but has been proven stable for many users."

Section Editor: Forrest Cook

 
Language Links
Caml
Caml Hump
Tiny COBOL
Erlang
g95 Fortran
Gnu Compiler Collection (GCC)
Gnu Compiler for the Java Language (GCJ)
Guile
Haskell
IBM Java Zone
Jython
Free the X3J Thirteen (Lisp)
Use Perl
O'Reilly's perl.com
Dr. Dobbs' Perl
PHP
PHP Weekly Summary
Daily Python-URL
Python.org
Python.faqts
Python Eggs
Ruby
Ruby Garden
MIT Scheme
Schemers
Squeak
Smalltalk
Why Smalltalk
Tcl Developer Xchange
Tcl-tk.net
O'Reilly's XML.com
Regular Expressions
   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Letters

See also: last week's Commerce page.

Linux and Business


Red Hat Launches New Channels to Support Education. Red Hat has announced the launch of two new educational channels on Red Hat Network, the Educational Channel, and the K-12 Linux Terminal Server Project Channel.

Red Hat Launches Red Hat Linux Education Program. Red Hat, Inc. announced its K-12 Red Hat Linux Pilot Program. Schools participating in the initiative will be provided with Red Hat software and services at no cost. Red Hat will assess the current and future computing needs of each school and then install the appropriate open source software and programs. Each school is providing its own hardware and has agreed to meet the minimum requirements set by Red Hat.

EUCD status Wiki established. The European Union Copyright Directive is Europe's attempt to inflict the joys of the DMCA upon itself. Needless to say, a few people are beginning to be a little concerned about this possibility. In an attempt to begin coordinating an anti-EUCD response, the Association Electronique Libre has put up a Wiki page for the tracking EUCD implementation legislation in each of the EU member countries. Those who are tracking EUCD are encouraged to help update the information there and keep it current. (See also: this page on the FSF Europe site on why the EUCD is a problem).

FreeGIS CD 1.2.0 released. The Intevation GmbH has released FreeGIS-CD 1.2.0 for GNU/Linux-Systems.

Wing IDE for Python version 1.1.4. Version 1.1.4 of the commercial Wing IDE for Python has been released.

HP to help port openMosix to the IA-64. The openMosix project has announced that HP will help support a port of the openMosix clustering platform to the IA-64 processor.

The New HP is Ready. Here's a press release discussing HP's plans following its merger with Compaq Computer Corp. There are some Linux servers in HP's future.

Caldera Global Services Honored Again. Caldera International, Inc. announced that Caldera TEAM Support for Linux won Network Computing's Annual Well-Connected Award for Linux Support Service and was named the overall category winner in Network Computing's Annual Well-Connected Service Providers and Outsourcing Award Category.

New wireless networks book from O'Reilly. O'Reilly has announced the release of 802.11 Wireless Networks: The Definitive Guide by Matthew S. Gast. "Since network monitoring is essential to any serious network administrator, and commercial packet sniffers for wireless applications are scarce and expensive, the book shows how to create a wireless packet sniffer from a Linux system and open source software."

Linux Buyer's Guide Launches. SSC Publications, publisher of the monthly magazine Linux Journal, announced the launch of the on-line Linux Buyer's Guide.

Linux Stock Index for May 03 to May 08, 2002.
LSI at closing on May 03, 2002 ... 23.20
LSI at closing on May 08, 2002 ... 25.13

The high for the week was 25.13
The low for the week was 19.65

Press Releases: