![[LWN Logo]](http://old.lwn.net/images/lcorner.png)
![[LWN.net]](http://old.lwn.net/images/bigpage.png)
|
|
|
|
Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise
news for all interests
 Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters
Other LWN stuff:
Archives/search
Recent features: Here is the permanent site for this page. See also: last week's LWN.
|
Leading items and editorialsA big anniversary arrives. Picking the true birthday of Linux is not necessarily an easy task - what date would you choose? The first gleam in Linus's eye is probably too early, and nobody really knows when that was. The 1.0 release, of course, would be far too late. Where, in between, was Linux really born? One date favored by many is August 25, 1991, when Linus first told the world, via the comp.os.minix newsgroup, that he was putting together a kernel. I'm doing a (free) operating system (just a hobby, won't be big and professional like gnu) for 386(486) AT clones. This has been brewing since april, and is starting to get ready. Linus clearly had not set his sights on World Domination quite yet. Quite a bit of interest was generated by the above posting, even though no code was released (that happened on October 5). The world was clearly ready for a widely available free operating system. The growth of Linus's "just a hobby" over the last ten years has been truly phenomenal - and we have just begun. Linux has changed the world. It's been a great decade; the next will be even better. Let's all beat up on Richard Stallman. LWN editor Liz Coolbaugh once found herself seated next to Richard Stallman for dinner at some conference. It turned out not to be one of the most pleasant experiences of her life; there was no way to bring an end to the discussion of whether this publication should change its name to the GNU/Linux Weekly News. Mr. Stallman is nothing if not tenacious. He is also endlessly controversial. It is generally not surprising to other supporters of free software speaking out against him. This week, however, has been notable even on the RMS scale. Consider, for example, the release notes for glibc 2.2.4. A minor C library release normally wouldn't draw a great deal of attention; there's not much in the way of exciting new features, and most people avoid upgrading glibc unless they really have to. But most point releases of glibc don't come with comments like: Stallman recently tried what I would call a hostile takeover of the glibc development. He tried to conspire behind my back and persuade the other main developers to take control so that in the end he is in control and can dictate whatever pleases him.... Those would be fighting words. The motivations behind an attempted Stallman takeover of glibc development are somewhat unclear. Some of it has to do, apparently, with the adoption of version 2.1 of the LGPL, with its references to "...the whole GNU operating system, as well as its variant, the GNU/Linux operating system." It could also have been motivated by a desire for less conflict with glibc maintainer Ulrich Drepper, who is also not always considered to be one of the easiest people to get along with. Unless Mr. Stallman acknowledges that this "hostile takeover" attempt truly happened, and explains his reasoning, it will be hard to understand what is really going on. Richard Stallman does show signs, however, of wishing that his revolution had not gotten away from him. Free software has been more successful than many of us could have ever hoped, and Richard Stallman deserves much of the credit for that success. But much of the work has been done outside of the GNU project's organization since the beginning, and the proportion of non-GNU work is only increasing. Richard Stallman remains the head of the Free Software Foundation, but, if the larger Linux and free software movement has a head at all, it's not him. That can be expected to hurt some. But, if you are trying to head up a movement or a community, you are playing a seriously political game, and political games are like that. Mr. Stallman might be well advised to let go of some of those ambitions, if he has them, not try to direct the development of our free system, and put his efforts into endeavors where we still truly need him. Should we be talking about freedom? The O'Reilly Network site has been running a little debate on software and freedom. The sequence so far has been:
In other words, Stallman and Kuhn want to be able to make decisions that affect other developers more than themselves. By the definition they themselves have proposed, they want power. The bulk of the response, however, takes a different tack: Some words (like "freedom") make this kind of semantic ping-pong game way too easy. They obfuscate more than they enlighten, they cloud the issues rather than clearing the air. This is a major reason I have spent the last three years trying to get open-source developers to stop talking about "freedom". Reasonable people may differ on what balance creates the greatest degree of freedom. The unreasonable people have their opinions too, of course, but it's not clear they know more than anybody else. There is a claim LWN would like to put forward, however, made up of two parts:
Richard Stallman, certainly, should not be our only proponent of freedom. His approach is polemic and unyielding; he is a fundamentalist. But his is a voice that must continue to be heard. His efforts will keep freedom on the agenda and will counter the tendency of more moderate groups to compromise too much. Richard Stallman's point of view belongs in our debates. That said, there's certainly plenty of room to disagree with what he says; LWN readers know that this publication has no objection to the existence of proprietary software, for example, even if we choose not to use it. The term "freedom" certainly means, as Eric Raymond says, different things to different people. But that doesn't mean we should avoid discussion of the term; why should we hide disagreements over something so fundamental? It's far better to get the viewpoints out on the table so that members of the community can make their own conclusions. Dmitry Sklyarov's pretrial hearing (arraignment) was originally scheduled for August 23, but was postponed. Definitive information is still lacking, but it appears that his defense is negotiating for a dropping of the charges, and asked for the delay so that the negotiations could continue. The new hearing date appears to be August 30; see the EFF advisory for more information and a nice statement from Dmitry. Those of you attending LinuxWorld should consider attending the protest march which has been scheduled for August 30. It starts at the Moscone center, so it should be easy for attendees to find, and proceeds to the Federal Building. This is an opportunity to generate a large turnout and draw a great deal of attention to Dmitry Sklyarov's situation and the DMCA in general.
The LinuxWorld Conference and Expo starts on August 28 in San Francisco. It will, as always, be an interesting event; LWN's Michael Hammel and Dennis Tenney will be there in both speaking and reporting roles. Stay tuned for our coverage from the conference. Inside this LWN.net weekly edition:
This Week's LWN was brought to you by:
|
August 23, 2001
|
|
Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Security page. |
SecurityNews and EditorialsAirSnort hits the net. AirSnort is a new packet sniffing tool, which has been released under the GPL. A particular feature of AirSnort, however, is that (1) it works with wireless networks, and (2) it is capable of recovering the encryption keys used with those networks.It has been known for some time that the WEP protocol used with 802.11b networking is insecure, but nobody has, until now, produced a widely-available exploitation tool. And AirSnort is certainly such a tool; given a sufficient pile of sniffed data (100MB or more), it can come up with the master password in "under a second." Once an attacker has that password, he or she has free use of the wireless network. The usual debate about whether it was appropriate to release this tool has arisen. The truth of the matter, however, is that the security problems exist and will be exploited; AirSnort did not cause them. But it will, perhaps, draw more attention to these problems, and, with luck, hasten a fix. Meanwhile, anybody running a wireless network should assume that it is open to the world. Researchers develop SSH cracker (vnunet). vnunet.com is running an article describing a new attack on ssh developed by researchers at the University of California at Berkeley. It's more of a traffic analysis attack than one on the ssh protocol itself - it looks at the inter-packet timings and deduces keystrokes from that. "A password cracker program, dubbed Herbivore, was developed on the back of the research. Herbivore is capable of learning a user's password by monitoring SSH sessions." More information is available in the white paper written by the researchers (Dawn Xiaodong Song, David Wagner, and Xuqing Tian). Another look at full disclosure. Those interested in the full disclosure debate (as covered in last week's LWN.net Weekly Edition) may want to have a look at this paper by Jon Lasser. He looks at the evolution of the rpc.statd hole and its exploits, leading up to the Ramen worm, and how full disclosure may have helped those seeking to take advantage of this vulnerability. Security ReportsDenial of service vulnerability with netfilter MIRROR target. The experimental MIRROR target, available with the 2.4.x netfilter code, may open up sites to denial of service attacks. See this report from Fabian Melzow for details and information on how to work around the problem.An input validation problem with sendmail. It's been a little while since we had a serious sendmail vulnerability. Wait no longer; Dave Ahmed has reported an input validation problem which may be used by local users to obtain root access. An exploit for the problem has already been posted. The vulnerability is not exploitable remotely. For now, the solution to the problem is to upgrade to sendmail 8.11.6 (or, for beta users, 8.12.0Beta19). No distributors have issued updates as of this writing; keep an eye on the LWN.net Daily Updates Page to see when patched packages from the distributions become available.
SuSE fixes a problem with sdb. Caldera Security Advisory for ucd-snmp. Caldera International, Inc. has found some problems in ucd-snmp, including "several potentially exploitable buffer overflows, format string bugs, signedness issues and tempfile race conditions." OpenLinux eServer 2.3.1 and OpenLinux eBuilder, using ucd-snmp-4.2.1-6b are vulnerable.Proprietary products. The following proprietary products were reported to contain vulnerabilities:
UpdatesBuffer overrun vulnerabilities in fetchmail. (Found by Salvatore Sanfilippo). Two buffer overrun vulnerabilities exist in the much-used fetchmail program. Given a hostile server, arbitrary code can be run on the system running fetchmail. The solution is to upgrade to fetchmail 5.8.17. See the August 16 Security page for the initial report. Previous updates:
Format string vulnerability in groff. A format string problem exists in groff; apparently it could be remotely exploited when it is configured to be used with the lpd printing system. (First LWN report: August 16, 2001). The stable release of Debian is not vulnerable. New updates:
Previous updates:
Mandrake-Linux advisory for gdm. MandrakeSoft has issued an advisory for gdm to address a very old (first covered in the May 25, 2000 LWN Security Page) remote exploit through XDMCP. Note the Mandrake-Linux doesn't configure XDMCP use by default, however. ResourcesSecuring Sendmail with TLS (Linux Journal). The Linux Journal shows how to set up sendmail using transaction layer security channels. "The most obvious use of a cryptographically enabled Sendmail installation is for confidentiality of the electronic mail transaction and the integrity checking provided by the cipher suite. Everything between the two mail servers is encrypted, including the sender and recipient addresses. TLS also allows for authentication of either or both systems in the transaction." LinuxSecurity.com's weekly newsletter for August 20 is available.
EventsUpcoming Security Events.
For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net. Section Editor: Jonathan Corbet |
August 23, 2001
Security alerts archive Secured Distributions: Astaro Security Castle Engarde Secure Linux Immunix Kaladix Linux NSA Security Enhanced Openwall GNU/Linux Trustix Security Projects Bastille Linux Security Audit Project Linux Security Module OpenSSH Security List Archives Bugtraq Archive Firewall Wizards Archive ISN Archive Distribution-specific links Caldera Advisories Conectiva Updates Debian Alerts Kondara Advisories Esware Alerts LinuxPPC Security Updates Mandrake Updates Red Hat Errata SuSE Announcements Turbolinux Yellow Dog Errata BSD-specific links BSDi FreeBSD NetBSD OpenBSD Security mailing lists Caldera Cobalt Conectiva Debian Esware FreeBSD Kondara LASER5 Linux From Scratch Linux-Mandrake NetBSD OpenBSD Red Hat Slackware Stampede SuSE Trustix turboLinux Yellow Dog Security Software Archives munitions ZedZ.net (formerly replay.com) Miscellaneous Resources CERT CIAC Comp Sec News Daily Crypto-GRAM LinuxLock.org LinuxSecurity.com Security Focus SecurityPortal | |||||||||
|
Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Kernel page. |
Kernel developmentThe current kernel release is 2.4.9, which was released on August 16. Linus then jetted off to Finland, so no prepatches have been forthcoming. 2.4.9 has compilation errors for a subset of users (see below), but appears stable for most. The EMU10K1 (SB Live) driver is stabilizing in 2.4.9. Note, however, that you'll need the user-space tools from Creative to make full use of the sound card with the new driver. Alan Cox's latest is 2.4.8ac9. As can be seen by the name, Alan has not yet synched up to the 2.4.9 release (he "doesn't see the point" right now), but he has included the usual vast list of fixes and improvements. Those interested in how the Linus and ac kernels relate may want to take a look at this explanation from Alan, posted on Slashdot. With the -ac tree I try and do rapid rolling releases, sucking in new code to test it and also its interactions with other new code. By doing releases every few days I get a high number of people testing and reporting bugs before there are too many possible causes. This is how Linus trees used to work long ago, and I still think its the better technique.
The redefinition of min() and max(). C programmers since the very beginning of the language have been familiar with the min() and max() macros, which are usually taken directly out of the first edition of the K&R book as:
#define max(A,B) ((A) > (B) ? (A) : (B))
#define min(A,B) ((A) < (B) ? (A) : (B))
Certainly kernel programmers have been reading their K&R - a quick grep of the 2.4.8 source turns up more than 150
individual definitions of min(). Usually, when a body of code
contains that many duplicated definitions, it's time to consider a cleanup.
So, perhaps, not too many people may have been surprised when 2.4.9 included a common definition (in linux/kernel.h) for these two little macros. When, however, various modules started turning up compilation errors, and it turned out that the new min() and max() have a different interface, people were surprised indeed, and not particularly pleased. Interface changes during this stable series have become almost commonplace, but few people expected to see a change to something so common and fundamental. It seems that the new min() and max() have a third argument, being the type of data being compared. So, to get the minimum of two integers, one would code:
minimum = min(int, a, b);
There are perfectly good reasons for doing things this way; when values of
different types are being compared, the explicit type determines what type
will be used to do the comparison. It makes things explicit, and forces
people to think about what they are doing.
Unfortunately, it also breaks quite a bit of existing code. Any code which defines its own version of these macros will end up with compilation errors. Even worse, for many, is the fact that there is no way to create backward compatibility macros to cover over the difference. A driver using these macros which compiles for 2.4.9 will not compile for earlier versions of the kernel. Linus has tended to not to be sympathetic toward developers who are trying to maintain portability to older kernels, but there are quite a few of them trying to do so anyway. The question that has come up, of course, is: if Linus wanted a type-aware variant of min() and max(), why didn't he create something with a new name (i.e. typed_min()) and leave the classic macros alone? The answer seems to be that Linus wants to eradicate the old, two-argument macros from the kernel altogether, and so (by way of David Miller) chose an approach that would break code that has not been fixed. Doing things this way can produce more maintainable code in the long term, at the cost of some real short-term pain. But, one would not normally make such a change in the middle of a stable kernel series, and not to something as well understood as min() and max(). Linus, of course, put this change out in 2.4.9 final and immediately fled the country; the cynical among us might surmise that he knew there would be some discontent. And discontent there is; among other things, Alan Cox does not plan to merge this change into the "ac" series; he'll make a typed_min() and typed_max() instead. Linus does not often back down on such decisions, though; it will be interesting to see how this one resolves itself. Feeding entropy from network devices. The Linux kernel provides two pseudo-devices which generate random numbers: /dev/random and /dev/urandom. They both provide (seemingly) random numbers to applications, but they differ in one regard: /dev/random works much harder to ensure that the returned numbers are truly random. The random number generator works through the maintenance of an "entropy pool," a collection of random data which has been collected from outside sources. The most common source of entropy (randomness) in Linux systems is device interrupts; the time periods between keystrokes or disk interrupts is unpredictable enough to provide a degree of true randomness that can not be had from a software-only random number generator. Each random event adds a certain amount of entropy to the pool. If an application reads random data from /dev/random, the kernel will make sure that there is sufficient entropy in the pool to return truly random numbers; if the entropy is inadequate, the read will block until sufficient entropy has been generated. /dev/urandom, instead, will generate numbers (using a secure hash algorithm) regardless of whether sufficient entropy exists; it never blocks waiting for entropy. In theory, that difference means that a sufficiently clever attacker could, perhaps, predict the random numbers that will be generated by /dev/urandom. Using the predicted numbers, the attacker could proceed to make a mess of any cryptographic or security code using /dev/urandom. Such an attack remains entirely theoretical, however; it would be in no way easy, and nobody has ever demonstrated a way of successfully predicting Linux's random numbers. Nonetheless, people worry, and many applications will only use random data from /dev/random. On some systems, this can lead to problems if the system is not generating enough entropy; suddenly ssh connections take a long time to start up, and things get unresponsive in general. Network firewalls, with no keyboard and little or no disk activity can be especially susceptible to this problem. The answer, seemingly, would be to use the arrival of network packets as another source of entropy. Historically, this source of entropy has been avoided, since network traffic is susceptible to observation and manipulation by an attacker. In a highly paranoid world, one might worry about an attacker watching network traffic in an effort to predict the contents of the entropy pool on a target system; the attacker could also feed precisely-timed packets to the target in the hopes of influencing random number generation there. Once again, nobody has ever gotten close to demonstrating an attack of this nature, but if security people didn't worry they would have little to do. Now, however, Robert Love has submitted a patch which allows the system to use entropy from network traffic, subject to a kernel configuration option. There is some real opposition to the patch; some people feel that network entropy should not be treated as entropy at all, and that applications should just be using /dev/urandom in these cases. The wider consensus, however, is that sometimes network entropy is the best you can get, and that it makes sense to give the user a choice of whether to use it. After all, when, ten years from now, some super cracker develops a network entropy exploit, you can always turn the feature off. New no-bounce high memory I/O patches have been posted by Jens Axboe (see also the quick update that came out shortly afterward). This patch is rapidly approaching a state of readiness, and, with luck, should find its way into a stable kernel sometime soon. It eliminates the need to use "bounce buffers" on systems with large (multiple GB) amounts of memory, even on systems where the kernel does not directly address high memory. One user has reported a 40% performance increase when running with the patch. Incorporated into Jens' patch is the new 64-bit PCI DMA interface designed by David Miller. He has also posted the PCI64 patches separately for those who would like to take a look at them. With these patches, DMA I/O is possible on systems with very large amounts of memory (more than 4GB) if the hardware is up to the task. There is also a later revision of this patch available. Between these two efforts, the kernel's support for high-end systems will be much improved. Other patches and updates released this week include:
Section Editor: Jonathan Corbet |
August 23, 2001 For other kernel news, see: Other resources: |
|
Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Distributions page.
Lists of Distributions |
DistributionsPlease note that security updates from the various distributions are covered in the security section. News and EditorialsCompatibility between Linux distributions. This week a lengthy thread arose on the debian-devel list on whether the Debian distribution should be Red Hat binary compatible. The answers ranged from "yes" to "no" to "maybe". As the LWN commerce editor for the last couple of years I can vouch for the fact that there are an increasing number of proprietary software packages being released specifically for Red Hat Linux. No doubt in Germany the distribution of choice is SuSE, and other countries will have other favorites. The point is Debian (or Slackware or many other smaller vendors) will not usually be the first choice for a proprietary software vendor who wishes to port software to Linux. Also this software, once ported to one flavor of Linux may or may not run on other Linux distributions. The Linux Standard Base was created to address these compatibility issues and the current 1.0.0 release is certainly a good start. Obviously it's not all the way there yet. Also, there is no guarantee that all Linux vendors will follow the standard. If, for example, a large vendor like Red Hat chooses to ignore the LSB it is likely that the proprietary software vendors will also ignore those standards, and write software that runs only on Red Hat Linux. Making Red Hat a de facto standard in this manner puts additional pressure on a volunteer based distribution like Debian. It is really best if all distributions stick to the standard. There may still be some compatibility issues, but following standards will minimize the issues (or maybe just point out a place where the standards are inadequate). Not all volunteer developers within Debian will agree that there is a need for proprietary software to run on Debian. This is certainly a valid choice. However, if a business chooses to run Debian and also chooses to use a proprietary software product shouldn't this combination just work? Should that business be forced to use a different distribution just because it is tied to a third party product? This is a mode of operation more reminiscent of certain proprietary operating systems than of Linux. World domination requires that vendors can port once and businesses can use whichever flavor of Linux they please without worrying about compatibility issues. Debian Linux for BeOS refugees. Since Palm acquired Be's assets and Be intends to wind up its operations some time in the fall many BeOS refugees will be looking for alternatives, including Linux. One ex-Be user advocates Debian for BeOS refugees. Mandrake Linux Community Newsletter - Issue #10. This issue of the Mandrake Linux Community Newsletter is available in English and in French. It includes information on the Mandrake 8.1 Beta, a reminder about the upcoming LinuxWorld show in San Francisco, and a spotlight on the KDE desktop environment. New DistributionsCRUX. The CRUX distribution appears to have been around at least since last April and version 0.9 was released on July 7, 2001. Here's a description from the CRUX website. CRUX is a lightweight, i686-optimized Linux distribution targeted at experienced Linux users. The primary focus of this distribution is "keep it simple", which is reflected in a simple tar.gz-based package system, BSD-style initscripts, and a relatively small collection of trimmed packages. The secondary focus is utilization of new Linux features and recent tools and libraries. (Thanks to Joe Klemmer who found the link at DaveCentral. Distribution NewsBlue Linux announces the Development of Blue Linux EDU. Blue Linux announced that they will be working toward a Blue Linux Educational version that will be based on reaching out to the Educational Community. Blue Linux Founder Matt Jezorek said "We hope that we can help cut the cost of running the school systems and keeping up with licensing so that learning can once again become the major part of todays schools."
Debian News. Debian release manager Anthony Towns has posted a request not to make major changes to the base as part of the ongoing freeze, and as a bonus included a list of the software to be included in the base as well as the "standard" packaging. There will be a bug squashing party this weekend to help stamp out those Woody bugs. If you are a prospective Debian developer looking for an existing developer to meet and sign your GPG key (for the Identification part of the new maintainer process), there is now a listing of developers available. Current Debian developers are encouraged to register so prospective developers can find you in the listing. Some new mailing lists have been created for Debian developers. There's one for Debian's Catalan internationalization and localization team, some new bug lists, lists in Italian and French, and others. Mandrake Linux 8.1 Beta1 for x86 on mirror sites. MandrakeSoft has informed us that the first beta release of Mandrake 8.1 for x86 systems is now available from their mirror sites. This version includes the 2.4.8 Linux kernel; the shiny new KDE 2.2; the latest Ximian Evolution 1.0 beta 2; and you can try your new digital camera with gphoto2; configure and reconfigure your printer with the reworked printerdrake and its new friend foomatic; and much more. Yes, its a beta and it has bugs, but some of those bugs already have fixes available. So get busy, crash some machines and let Mandrake know what works and what doesn't. Midori 1.0.0-beta3 released. Midori Linux 1.0.0-beta3 has been released. "Highlights: it compiles on Red Hat 7.1 (your mileage may vary, so please let us know how it works for you) and we've replaced the entire init script system with something much better (in our opinion, at least) than what's available on the average Linux system." MontaVista's Linux port to the IQ80310. Here is the latest source drop for the Linux port to the IQ80310. You'll need the linux-2.4.7 kernel with patch-2.4.7-rmk3 to get it running. Red Hat: Roswell, the return. There has been another sighting of Roswell, Red Hat's latest beta. Apparently lots of things have changed with this new version, which may still be rather buggy. The truth is out there. Trustix releases Secure Linux 1.5. Trustix announced the release of Trustix Secure Linux version 1.5, nicknamed "MiddleWhere". A number of new features have been added to TSL with this version, based on user requests. Updates to this package include MySQL, PHP4, and modutils for 2.4, and SWUP for automatic updates and easy install of new software. Turbolinux News. Turbolinux has announced the release of its z/Linux 6.5 distribution for IBM zSeries servers and S/390 mainframes. Turbolinux also announced the availability of Turbolinux Workstation 7.0 for US-based OEMs. Minor Distribution updatesDragonLinux. DragonLinux has a new phpwiki page available for users. DragonLinux documentation is available, and users can discuss and modify documents via wiki. FreeBSD. FreeBSD v4.4 should be available by the end of the month. In the meantime Annelise Anderson, a frequent contributor to the FreeBSD mailing lists, has written "FreeBSD: An Open-Source Operating System for Your PC", an introduction to FreeBSD aimed at the new user. It is published by The Bit Tree Press, the ISBN is 0971204500, and it can be ordered from, amongst other places, the DaemonNews Mall. Mindi Linux v0.38. This version of Mindi was released August 18th. There is now a 'mindi-kernel' plug-in, so that users can use a stock 2.4.7 kernel in case their kernel isn't right for a boot disk among other changes. Distribution ReviewsRedmond Linux: Stripped-down Linux business aims at desktop newbies (NewsForge). NewsForge reviewed Redmond Linux. Joseph Cheek, CTO of Redmond Linux tells us there are a few inaccuracies in the article [Redmond Linux is based on Caldera Workstation 3.1, and Rick Collette is VP of Engineering, not VP of Marketing], however this is a good review overall. "The distribution has several goals, including, of course, "ease of use for people used to Windows," Collette says. The Redmond Linux coders also want seamless filesystem integration with other operating systems on a network, and a full suite of working applications." Section Editor: Rebecca Sobol |
August 23, 2001
Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.
|
|
Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters See also: last week's On the Desktop page.
|
On The DesktopEnd User System Management. For many desktop users, be they Linux or Windows users, the day to day task of managing their computers is somewhat daunting. The process of managing installed packages alone can be a nightmare, but throw in network management and security, user management, and even the simple process of dialing out through a modem and users end up with a strong desire to toss the whole load out the window, put on a pair of sunglasses, a grass hat and wonder where Jimmy Buffett goes at times like these. One of the sad parts of Linux is a lack of standardized configuration tools. Many distributions include the useful, if not completely reliable, Linuxconf toolset. This package is based on over 40,000 lines of C++ code and attempts to do what commercial Unix has never been able to do well - administer a standalone Unix (or in this case Linux) system. Linuxconf offers tools for configuring LAN connections via DHCP or manual addressing, dialup modems, the Apache Web server, firewalls, the LILO boot manager, printers, user and group management and a host of other features. An even larger feature set is provided in external modules. Linuxconf is the current administrative interface used by many Linux distributions. It supports Caldera, Debian, Red Hat, Conectiva, SuSE, and Mandrake. There are text, ncurses, GTK and HTML based interfaces available as well. Many of the modules appear to have come from Conectiva, though it's not clear if the other modules come from other distribution vendors or not. While Linuxconf appears complete, it does have its drawbacks. The web site mentions compatibility with many older distributions from the major Linux vendors, but there is little mention of the latest releases such as Red Hat 7.x, Mandrake 8 or SuSE 7. Debian includes some support for Linuxconf but one Debian developer we talked to said that he expects that it has a very low use rate among Debian users. But a bigger issue may be that Linuxconf can often misconfigure some features or activate features unrelated to a users changes at inappropriate times. Many users may be willing to accept broken or incomplete software, but when it comes to systems administration, they should never accept software the works incorrectly. The stability of your system is at risk here. And most distribution vendors are aware of these issues. Debian developers, we're told, have lately been interested in a Web based administration tool from Caldera, Webmin, though this interest is not at an official level (we haven't heard of them adding it to their distribution at this time). It's an open source (BSD license) application from a company that was recently purchased by Caldera and provides a plug-in style API that permits modules which can be both open source and proprietary. The application supports a large number of Linux distributions. The RPM installation was very clean and installs its own web server for managing your system. It can run with Apache, though the default server seemed quite sufficient for local (single user) administration. Most major tasks are supported in the default configuration, including DNS and networking, file sharing, user management, and even package management. The modular design offers quite a few options for the future. Another alternative to Linuxconf and Webmin has recently started coming out of Ximian's GNOME product development. The Ximian Setup Tools (XST) is a frontend/backend design currently based on GNOME that also has support in development for the KDE environment. Most of the major Linux distributions are supported, including Debian. Backend tools can be written in any language (though Perl seems to dominate currently), using an XML transport, which means configuration information is passed between the backend and the frontend in XML. Use of XML provides a method (which may or may not be implemented in each backend) for saving past states which can be restored at a later date. This rollback option is something that neither Linuxconf nor Webmin provide. As Ximian developer Michael Meeks puts it, XST provides "user level support to give a rubber knife to learner systems administrators instead of a scalpel." The architecture of XST offers great hope but not all the features expounded by Ximian are implemented yet. Rollbacks are still missing, as are remote host administration options. Local administration appears to work fairly well though we had a few problems with adding a new user. Features in the current, unstable release of XST include user and group management, time and date handlers, and boot, disk, memory, network, and file sharing management. After installation (which can be handled automatically using Ximian's Red Carpet facility) the tools end up as individual menu items in the Programs->Utilities menu under the GNOME menu panel. Linuxconf is a bit monolithic in nature - all the bits and pieces are rolled into a single interface (though it appears they can be run individually from the command line). XST, on the other hand, uses a frontend/backend pair as a standalone application. The modularity provided in the backends for both XST and Webmin allows a separation of duties and prevents the problem Linuxconf brings when it performs duties you didn't really request of it. You aren't likely to accidently reset a network daemon while performing user management, for example. Such modularity also makes both XST and Webmin easily extensible. XST carries no dependencies other than the desktop environment (either GNOME or KDE, essentially). This makes XST and Webmin fairly even when it comes to future expansion. With Webmin being web based it should be free of all desktop dependencies other than an available browser. Systems administration will always be a difficult task to manage for end users, but with tools like Webmin and XST there is hope of a less convoluted future. Vector tools and the VFX industry. We received a letter from a Windows-based graphics company (see our response to them) who mentioned customer requests for a Linux port of their product. There still isn't a publicly announced professional-level, native vector tool for Linux even though such a tool is highly desired. One problem this vendor has is with peripheral support: We have looked at the Linux market before but the community and support (graphics tablet and other peripherals) for graphics products was not sufficiently advanced at that stage. The Wacom tablet is fairly well supported under XFree86 4.0.x now, but support for other tablets is fairly spotty at best. Most Visual Effects (aka "VFX") houses working in the film industry tend to port their own drivers over to Linux as they need them, but few (if any) of these have been released back to the community. Still, this isn't a lost cause. Most of the VFX industry is migrating to Linux. Their biggest problem, according to a couple of industry insiders, is finding out how to get open source developers involved with them, and how they can get the industry itself to move from highly secretive productions to more open development. Enlightenment. The authors of the Enlightenment environment, which is evolving into a desktop environment to challenge GNOME and KDE, are interviewed about the year long march towards E17. E17 is built for sheer performance. It should be able to equal or beat anything else doing anywhere near the same level of visual work - and many things doing a lot less visual work. Rememebr you can't compare something that displays 2 lines and a box with something that fills the srceen with alpha blended images and anti-aliased text. They are different levels of visual work, but even so - e17 should be not far off a lot fo the performance of the simpler visual displays. e17 isn't a whole desktop. It's a desktop shell - think of it as a window manager + desktop background manager + file manager + config tools all in one.
Desktop EnvironmentsGNOME Summary for 2001-08-05 - 2001-08-15. This latest edition of the GNOME Summary is out, and covers topics including the addition of TrueType support to GNOME Print, an update to the Galeon project, updates to AbiWord, and hacks from Linux kernel developer Alan Cox on Nautilus. Gnome on Slackware and Galeon wins browser review (GNOME Gnotices). GNOME Gnotices pointed us to the news that there are now Ximian GNOME packages available for Slackware. These don't appear to be official Ximian packages and, because Ximian doesn't support the gzipped tar (aka "tgz") format, don't include support for Red Carpet. In another news tip from the same note, Canada Computes has done a review of Linux browsers, including Opera, Netscape, Konqueror, Mozilla, Galeon and Skipstone. Galeon came out on top. GNOME Foundation adds Timothy Ney as Executive Director. The GNOME Foundation has finally announced their executive director: Timothy Ney. Ney most recently served as the managing officer of the Free Software Foundation for the past three years. First review of KDE 2.2. Now that KDE 2.2 is out, reviews cannot be far behind. Here is the first. "The sad fact is that there is no Linux desktop that can yet match the ease of use, and comfortable usage of Microsoft Windows or Mac OS. KDE is getting there but still lacks some refining touches. My guess is that KDE 3.0 is going to provide a revolutionary step towards the desktop with Linux. " (Found at dot.kde.org) Open Source Printing Summit. The Open Source Development Network (OSDN) along with Hewlett-Packard and IBM will be holding their second annual Linux Printing Summit in September in San Jose, California. Window Maker web site redesign. Window Maker, an alternative desktop window manager which works with GNOME and KDE, had a web site relaunch earlier this month. The new site is much cleaner and more professional looking, though little new information on the product itself is available. Office ApplicationsAbiWord 0.9.2 released. Version 0.9.2 of the AbiWord word processor has been released; see the release notes for a list of changes. On a side note: The AbiWord Weekly News may be taking a two seek summer break as author Jesper Skov takes a well deserved vacation. Someone from the list may take over for Jesper, but if that does not work out, he'll write up a double issue on his return. GnomeMeeting 0.10 released. A new release of GnomeMeeting, was announced this week. GnomeMeeting is a video conferencing system. Updates include support for both FreeBSD and KDE and includes packages in both RPM and .deb formats (Mandrake coming soon). Desktop ApplicationsGnumeric 0.70. A new release of Gnumeric was announced this week. This is a high priority upgrade from the 0.69 release, which broke MS Excel importing. Unfortunately, this release also reduces the stability of graphs. Remember that that the sub-1.0 releases are meant primarily for developers and testers - expect some problems. And in other news...Caldera CEO: The challenge of the desktop (ZDNet). ZDNet News interviews Caldera CEO Ransom Love. "The challenge of the desktop is evolving. The traditional monolithic desktop is not for Linux, but the evolving thin client desktop is ideal for it. Something like 80 to 90 percent of personal time is now spent in the browser, and as the Internet becomes predominant use of desktop, applications will follow." Adding a new dimension to the desktop with 3Dwm (LinuxPower). 3 dimensional desktops are still quite a few years away from the common man, but work steadily progresses on at least one project in this arena: 3Dwm. "We expect to be releasing version 0.3.0 of 3Dwm shortly (just need to iron out a few things), and this release finally adds full input handling in the display server. This should allow you to not only navigate around in the environment (this has been possible from day one), but also to interact with the 3D objects in the scene. However, I would not recommend this release for users other than to just perhaps compile it and play around a little with it; there are still some pretty glaring things that keeps us far away from a 1.0 release." VistaSource gets a makeover. The VistaSource web site has gotten a makeover. Despite earlier rumors, it appears that Applixware continues to be sold by the new company, though its name has been changed to Anywhere Desktop for Linux. Section Editor: Michael J. Hammel |
August 23, 2001
|
|
Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Development page. |
Development projectsNews and EditorialsLast week, Walter Bright's D Programming Language was discussed at length on Slashdot. D is intended to be a successor to C and C++, and has been designed with compiler implementation in mind.The language overview states that D is not an interpreted or scripting language, it is a compiled language that is designed to be higher level than C++. The language will not require a runtime virtual machine, as does Java and Smalltalk. D is intended to keep much of the C/C++ language look and feel, making it easy to transition to from those languages. From C/C++, D will keep the compile/link/debug development model, will emphasize exception handling, and will use templates, although the template design will be newly designed. The documentation already contains text about Programming in D for C Programmers and Programming in D for C++ Programmers, making the learning process fairly straightforward. While keeping many C/C++ features, D will eliminate the preprocessor, and thus include files. Also gone will be multiple inheritance, operator overloading, arbitrary Bit Fields, and support for 16 bit CPUs. Most of this is to simplify the language and eliminate infrequently used features. One interesting feature of D is the ability to include optional built-in unit test code (go to the bottom): "Unit tests are a series of test cases applied to a class to determine if it is working properly. Ideally, unit tests should be run every time a program is compiled. The best way to make sure that unit tests do get run, and that they are maintained along with the class code is to put the test code right in with the class implementation code." Another interesting, but slightly quirky feature is that the D compiler allows D language code to be embedded into html files. This allows functional code to be displayed in a browser with special highlighting for better readability, and the same file can be compiled. This feature could allow for some interesting documentation. The D Programming Language Reference Document provides the complete language documentation as it exists, today. In all, it looks like D could become an important language if it can manage to get beyond the design phase into working code, and can attract a large enough following. AudioEcasound 2.0.2 released. A new version of Ecasound is available. This version features bug fixes, minor improvements, and compatibility with the Gcc 3.0 compiler. Also on the same site, Brad Bowman has written a Perl module that implements the Ecasound Control Interface. CORBAOpenOrb Enterprise Suite 1.2. The ExoLab Group has announced OpenORB Enterprise Suite 1.2, a CORBA 2.4 ORB written in Java. The OpenOrb home page has all of the details. OpenOrb has been released under a BSD license, a commercial OEM/ISV license is also available. (Thanks to Christof Meerwald) DatabasesPostgreSQL v7.1.3 released. A new version of the PostgreSQL database has been announced. FreeGIS web portal updated. The FreeGIS web portal has been updated and now provides a search engine for finding tools from their database of over 125 applications relating to Geographic Information Systems. Embedded SystemsEmbedded Linux tops developers' 2002 wishlist (LinuxDevices). An Evans study on embedded OS usages shows Linux currently sits 4th behind home-grown solutions, VxWorks, and MS-DOS. "One of the most striking results of the survey is the indication of a dramatic shift away from "home grown" OSes [in 2002], which have traditionally accounted for between half and two-thirds of all embedded systems' OSes. The roll-your-own category practically vanishes in a single year, with much of the slack taken up by Embedded Linux..." Embedded Linux Newsletter. This week's Embedded Linux Newsletter includes a review of John Lombardo's "Embedded Linux", a study of how Linux is being used in industrial controls, and a look at IBM's TechMobile, a Ford Explorer that runs Linux. ELC announces new board of directors. The Embedded Linux Consortium has announced its new board of directors. "Five incumbents were re-elected and two new candidates gained board seats. Re-elected are Dr. Inder Singh (chairman and CEO, LynuxWorks); Michael Tiemann (chief technology officer, Red Hat); James Ready (CEO, MontaVista Software); Dan Bandera (business line manager, IBM Pervasive Computing); and Greg Wright (an independent Linux community member). The two new board members are Dr. Kiwon Lee (head of corporate technology operations and executive vice president, Samsung Electronics); and Victor Yodaiken (CEO, FSMLabs). Yodaiken's election fills a vacant position and brings the board to full strength." Multi-vendor open source set-top box project launches (LinuxDevices). LinuxDevices reports on Linux4.TV, another project to put Linux into a set top box. "An open source set-top box design based on National's Geode system-on-chip processor is said to be available for immediate download. Downloadable software components include Century's WebMedia set-top box front-end application, which provides a video middleware API, and National's enhanced Video for Linux 2 (V4L2) API, which provides features such as alpha blending, VIP, overlay, and picture-in-picture (PIP) support." InteroperabilityWine Weekly News for August 16, 2001. The August 16, 2001 edition of the Wine Weekly News is out. This edition covers 16 bit printer drivers, navigating through Wine, debugging techniques for Winelib applications, and lots more. Printing SystemsUpdated CUPS Source Distribution. A new source distribution of the CUPS printing system, version 1.1.10, has been released. The release notes document the changes, which include job priority tweaking, support for Dymo label printers and lots of bug fixes. A next-day bug fix release was also released, version 1.1.10-1 fixes a few minor filter and installation bugs. Omni Printer Driver version 0.40 released. Version 0.40 of the Omni printer driver is now available for download. This release includes drivers for 21 HP LaserJet printers, support for hardware scaling printers, updated Epson Stylus support, and lots of bug fixes. System AdministrationConsolidating Servers Under Linux (O'Reilly). David H M Spector discusses the consolidation of multiple server functions under a single Linux system. "'Server consolidation' is a term that is often used in IT jargon to mean 'we're getting rid of platform X' where 'X' is SPARC, Intel, Hewlett-Packard, or some other unlucky victim of a corporate popularity contest. These days, you should be thinking about a different kind of server consolidation -- how to reduce the number of servers that your company has to support and how to bring more services together on the servers that remain." Web-site DevelopmentMnoGoSearch 3.1.19 released. Version 3.1.19 of the MnoGoSearch web server search tool has been announced. This is mostly a bug fix release, although it also features content encoding support. Zope News for August 17, 2001. The August 17, 2001 edition of the Zope News is out. This issue features a new editor, Chris McDonough, and a name change from the Zope Weekly News to just Zope News. This is slightly confusing due to the fact that zope.org also has another Zope News site, hopefully all of that will be straightened out in time. Topics from this new edition include the release of Zope 2.4.0, some security issues, and more. Zope 2.4.1 beta 1 released. A new version of Zope, version 2.4.1 beta 1 has been released. This version features a number of bug fixes. Word ProcessorsSun releases OpenOffice Development Kit. Sun Microsystems has released ODK, the OpenOffice.org Development Kit. "The ODK is a set of tools, libraries, jar files, header files and idl files which are necessary to develop components for the OpenOffice.org using the OpenOffice API and the OpenOffice.org component technology UNO (Universal Network Objects)." A Linux/Intel version of the kit is available. The licensing information for OpenOffice.org states that it is released under a dual LGPL and SISSL license, SISSL is the Sun Industry Standards Source License. MiscellaneousQuick Reference For Choosing a Free Software License (zooko.com). Bryce Wilcox-O'Hearn has published a Quick Reference Guide for choosing free software licenses. If you are uncecided about which license to use for an open-source project, this would be a good place to start. Section Editor: Forrest Cook |
August 23, 2001
|
|
|
Programming LanguagesCGCC 3.0.1 Released. Version 3.0.1 of GCC has been released. Changes with this release include numerous bug fixes, and a port to the S/390 architecture. (Thanks to Roberto Bagnara) CamlCaml Weekly News for August 21, 2001. The August 21, 2001 edition of the Caml Weekly News has been delivered. Topics this week include a rewrite of David Fox's FFI C interface generator, and FORT 0.3, the Framework for Ocaml Regression Testing. JavaStudy: Java to overtake C/C++ in 2002 (ZDNet). According to a study by the Evans Data Corp, Java developers will outnumber C/C++ developers by early 2002. "The research also shows that Java usage has been rising at the expense of Visual Basic and C/C++." The study also praises Linux as a stable and popular platform for software development. Embedded Java (O'Reilly). Vincent Perrier examines some embedded Java issues in an O'Reilly article. "Java's strong appeal for embedded applications is sometimes offset by concerns about its speed and its memory requirements. However, there are techniques that you can use to boost Java performance and reduce memory needs, and of course the Java virtual machine you choose affects Java performance, too. You can make better-informed decisions about using Java by understanding the factors that affect its performance and selecting meaningful benchmarks for embedded applications." Jlouiss java tracer updated. Albrecht Kleine has announced the availability of a new version of his jLouiss Java tracer. JLouiss is licensed under a GPL license. LispOpenMCL 0.6 released. Version 0.6 of the OpenMCL lisp compiler has been released. This version adds a new foreign type system, different command line argument processing, a new Linux system call mechanism, and more. PerlThis Week on Perl 6 (O'Reilly). The August 12-18, 2001 edition of the Perl 6 Porters digest is out with coverage of all of the latest Perl 6 development activity. Gluing C++ And Perl Together. John Keiser has put together a tutorial on binding Perl XS, the Perl native glue, and C++. The tutorial fills in areas that the existing documentation has failed to cover. PythonHypercard and Python (O'Reilly). Stephen Figgins takes a look back at the classic Macintosh application Hypercard, and a new embryonic project known as PythonCard. The PythonCard project aims to be a Python based software construction kit that allows GUI development with minimal coding. PythonCard is being released under a Python 2.1 license. Daily Python-URL. The latest items in the Daily Python-URL include a discussion on Extended HTTP functionality and WebDAV, MySQL performance tuning, the Java Python Extension (JPE), scientific calculations with SciPy, and more. SCons design document. Based on a design from last year's Software Carpentry Contest, the Python based SCons software construction tool is under design, with an alpha release due out in several months. A design document for SCons has been announced and is open for review. PyDO 1.0 Object Relational Database Tool. A new version of the the PyDO Object Relational Database tool has been announced. This release works with Python 2.2a1 and features an improved PostgreSQL driver. RubyThe latest from the Ruby Garden. The Ruby Garden reports an increasing number of posts to the Ruby-talk mailing list, indicating that the language is catching on. Also, string comparison techniques in Ruby are discussed. SmalltalkThe latest Smalltalk Chronicles. After a bit of a hiatus, the Smalltalk Chronicles has returned with a fancy new design. This issue includes an interview with Dan Ingalls on the future of Squeak, cranking on real-time physics problems with ElastoLab, The Moose, a Smalltalk environment for re-engineering code, and refactoring patterns. XMLXML for Data: Four tips for smart architecture (IBM developerWorks). Kevin Williams looks at common XML design mistakes and illustrates how to deal with them in an IBM developerWorks article. For the impatient, here are the tips:
Miscellaneousglibc maintainer lashes out at RMS. The release notes for glibc 2.2.4 have been posted, and include some fairly strong anti-Stallman sentiments. Section Editor: Forrest Cook |
Language Links Caml Caml Hump Tiny COBOL Erlang g95 Fortran Gnu Compiler Collection (GCC) Gnu Compiler for the Java Language (GCJ) Guile Haskell IBM Java Zone Jython Free the X3J Thirteen (Lisp) Use Perl O'Reilly's perl.com Dr. Dobbs' Perl PHP PHP Weekly Summary Daily Python-URL Python.org Python.faqts Python Eggs Ruby Ruby Garden MIT Scheme Schemers Squeak Smalltalk Why Smalltalk Tcl Developer Xchange Tcl-tk.net O'Reilly's XML.com Regular Expressions |
