Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise news for all interests
Linux in the news
Here is the permanent site for this page.
See also: last week's LWN.
Ajuba Solutions has been acquired by Interwoven. This is an interesting development, and it almost certainly foreshadows events that we will see in the future. We'll look first at what's going on, then at some of the implications.
Way back in the late 1980's, John Ousterhout, then at the University of California at Berkeley, put together a programming language called Tcl - the "Tool Command Language." Tcl had many of the features that have since come to be expected of scripting languages: it was interpreted, embeddable within applications, and easily extendable. With the addition of the Tk user interface library in 1990, Tcl/Tk became a widely popular tool for application development. Its mindshare may have fallen somewhat in the intervening years (and wasn't helped by Richard Stallman's famous "drive-by flaming" in 1994), but it remains popular and Tk is at the core of the GUI libraries used by Perl, Python, and other languages.
After a period at Sun, Mr. Ousterhout decided to create his own company around Tcl/Tk. This company, called Scriptics, put forward a combination of open source and proprietary products, with the TclPro development environment being perhaps the flagship product on the proprietary side. Scriptics recently recast itself as Ajuba Solutions and took on a broader approach, with XML products for putting businesses on the web and such. (See John Ousterhout's Tcl history page for more on Tcl's roots).
Interwoven has purchased Ajuba (announcement here) for $31 million in stock. The company has absolutely no interest in Tcl; what they wanted was Ajuba's XML expertise. So Ajuba's product line, including TclPro, will be discontinued.
This is, of course, a blow to the Tcl community. The loss of the products will hurt some, but the loss of Ajuba's developers will hurt more. Ajuba was the corporate champion of Tcl/Tk, and put in a large part of the total development effort. Those developers will now be off doing proprietary XML stuff for Interwoven, and Tcl/Tk will have to do without them.
Beyond the loss of developers, what are the implications for Tcl/Tk? The company has tried to answer those questions on this page about the acquisition. Among other things:
So things could be worse.
There are some lessons in this series of events that are worth noting. Increasingly, free software projects have prominent corporate sponsors. Think of gcc (Red Hat), GNOME (Helix Code), Mozilla (Netscape/AOL), OpenOffice (Sun), PHP (Zend), PostgreSQL (Great Bridge), Python (BeOpen), Qt (Trolltech), and many others. This sponsorship certainly helps get the software developed and keep free software developers employed; it is thus a good thing. But the corporate world is volatile, and the tech corporate world doubly so.
Fortunately, the free software community has everything it needs to cope with corporate changes - even those that are more hostile to free software than the Ajuba acquisition. Free software licenses, of course, are the first line of defense. Ajuba may no longer be in the Tcl business, but they can not take Tcl/Tk away. Software that is free will remain so.
This acquisition shows, however, that it is also important to have a diverse developer base. A project that is too heavily dependent on developers at a single company will collapse if all those developers go away. Tcl is diverse enough to survive; some other projects could have a harder time.
It is also important that crucial project resources live independently of the hosting company. Ajuba is working to find a new home for the Tcl development site; other companies might not bother. To this end, having sites like SourceForge around is a good thing - as long as nobody buys VA Linux Systems. It still would be nicer to see a community of SourceForges, again for the sake of diversity.
Expect to see these issues come up again in the future. Linux and free software are part of the commercial world, and cannot hope to remain unaffected by it.
KDE 2.0 is out. The long-awaited KDE 2.0 release is finally available. Mindful of its PR needs, the project has sent out a press release on Business Wire, complete with supporting quotes from Ransom Love, Dirk Hohndel, Gaël Duval, and others. The announcement on the KDE site is rather more satisfying, in that it skips most of the quotes and talks more about what KDE 2.0 has to offer.
There is a great deal of new stuff under the hood as well - much of the KDE project's effort over the last year has gone into the creation of a new advanced infrastructure. High on the list, of course, is the new KParts component system, which is claimed to be lighter-weight and easier to deal with than GNOME's CORBA-based implementation. The larger applications, such a KOffice and Konqueror, use KParts to assemble themselves out of smaller components. There is also DCOP, which allows applications to talk to each other, and KIO, supporting network-transparent I/O. The XMLGUI layer uses XML to store the details of an application's layout; it also maintains a global "style sheet" which helps to ensure consistency across the set of applications.
Two years ago, critics were still saying that the free software world was not capable of producing something as complicated as a modern desktop. How much fun it is to point out to those critics that we now have two... The KDE project has raised the bar considerably with this release; congratulations to all the developers who worked to make it possible.
Microsoft says penguins can mutate. Do check out this Microsoft advertisement scanned from the print version of c't magazine. It contains a set of distorted penguins, and claims that open source systems can mutate on you - so it's better to go with proprietary stuff.
There are those who claim that the ad is interesting because it is the first direct Microsoft attack against free software. That, however, is not quite true - the Linux Myths page showed up on the Microsoft page just over a year ago. The ad does show that Microsoft sees a threat, though, and is looking for ways to counter it.
This one is not likely to get them very far. The creator of the Word file format is not in much of a position to criticize other systems for changing - at least changes in the free software world are documented and in the open. It is an amusing ad, though, and unlikely to be the last such from that direction.
Announcing...Mountain View Data. A company called Mountain View Data announced its existence this week. The first thing that catches the attention with this company is that its principals are Cliff Miller and Iris Miller, the founders of TurboLinux, along with Peter Braam, the designer behind the Coda and Intermezzo filesystems.
The Millers, of course, have been easing out of their roles in TurboLinux for a while. Large venture investments have a way of pushing aside a company's founders in favor of more presentable (to investors) executives. So they are off to Mountain View, which gives them a chance to create another successful open source company.
Mountain View intends to provide services around data storage needs. To that end, they have brought in Mr. Braam's Intermezzo filesystem, and Mr. Braam himself as CTO. The filesystem is being presented as an ideal high-availability solution, especially when complemented with the SnapFS filesystem (which allows taking easy snapshots of the filesystem state) and the LinuxDisk storage area network system.
Mountain View is clear on its technology and personnel; what is not so clear at this point is just how the company plans to make money. The software is, after all, open source. There is a lot of talk about how corporations have increasing needs for data storage, and increasing trends toward outsourcing. Mountain View clearly plans to be involved in that outsourcing, but its services page only says "We will be offering managed storage services, early 2001."
We asked Mr. Braam about what the company will sell, and were told:
The business model is to manage data centers and offer storage to customers. We take care of the backups, installation, management and growth in these centers and will probably charge by the "byte"
There are a few other companies operating in this area, but Mountain View is the only one explicitly working with open source software. Through the use of this software and commodity hardware, the company expects to price its offerings far below those of its competitors. It's an ambitious plan, but the company may just have the right people to pull it off.
LynuxWorks files for an IPO. Just as this LWN Weekly Edition went to "press", LynuxWorks announced that it had filed for its initial public offering of stock. We've done a quick pass over the company's IPO filing, and written up our impressions as a feature article. LynuxWorks has an interesting business model in mind; it's not necessarily going to be an easy path.
Inside this week's Linux Weekly News:
This Week's LWN was brought to you by:
October 26, 2000
Linux in the news
See also: last week's Security page.
News and Editorials
XFree86 security problems.XFree86 security problems have become an ongoing issue. Chris Evans pointed out on BugTraq this week an increasing number of XFree86 security problems for which vendors have not released security updates, including:
Given Linux' heavy dependence on XFree86, the current situation is definitely not good. We cannot tell, from the lack of response, if the problems above have been investigated and found to be invalid or valid, whether fixes haven't been released because no one took the time or because the issues are too difficult, intrinsically, to fix properly. Fixes for the problems may even have been put into the XFree86 development tree without announcement or back-port to the stable versions in general use; that has happened in the past.
Chris Evans' response to this has been the release of an exploit for at least one of the problems he personally reported, and the encouragement for others to do the same. As a result, the need for fixes for these problems has just increased an order of magnitude. Most of us can't afford to stop using X, therefore security updates for XFree86 are a real necessity. In the meantime, while we continue to wait, a check on your firewall to make sure you are blocking X packets is one good idea.
The case for exploits.Chris Evans' choice to develop and release exploits for a security problem for which no fixes have been developed after several months is a good example of why exploits became so necessary in the computer security world. Particularly with commercial software, where the customer has no option other than to wait for a vendor to release a fix, exploits and negative publicity are about the only tools available. Negative publicity is easier to generate for a problem with a proven exploit, so the two go hand in hand.
Last week, discussion on BugTraq mentioned and highlighted a couple of additional reasons for the use of exploits. One security problem seen last week had been reported as a bug many months before, but the person who reported it, and others that read the bug report, couldn't quite envision how the bug could be used to actually broach security. As a result, the bug was left unfixed -- until last week, where someone proposed a theoretical manner in which it could be exploited, and then proved their theory with an exploit. Needless to say, the bug was quickly fixed.
That particular example could quickly take us to a discussion of why every bug is important to fix, but that's not our topic this week. Let's concentrate, instead, on other ways that exploits help us. For systems administrators who are actively following and applying patches for security problems, exploits allow them to first identify whether or not their system is vulnerable (and adjust the priority of the security update) and also to test an applied "security fix" to see if it has really removed the problem.
Much publicity and attention is going to the negative aspects of such exploits, the way in which they have been used by "script kiddies" to proliferate attacks on systems across the Internet. However, it is very difficult to see how computer security would have ever improved to even today's wobbly standard without them. Blaming the exploits obscures the real culprit: the software/hardware is vulnerable and needs to be fixed.
The Cybercrime Treaty.It is important to understand the need for exploits, and other tools that are used by systems administrators and script kiddies alike. A lack of that understanding is frighteningly demonstrated by the draft Cybercrime Treaty from the Council of Europe.
This is not a new draft; it is dated April 25th, 2000. It was discussed on Slashdot in September. However, this week, MS NBC covered the treaty, stating that it would create a new class of persecuted artists: computer hackers. This article is, obviously, fairly inflammatory and does not bother to reference the text of the original treaty, nor use accurate quotes from it. However, we don't disagree with the heart of the article, that this potential Treaty could have serious negative impacts on software developers.
What, exactly, in the treaty generates such concern? Much of it stems from the necessarily vague language of a treaty that involves forty-one European nations, as well as the US, Canada, Japan, and South Africa. In particular, the treaty outlaws "Illegal Devices", and then proceeds to define them as follows:
Article 6 - Illegal DevicesPart of the damage here is the continuance of equating a software program with a device, instead of equating software code with free speech, an analogy that most of us in the Free Software world prefer.
Another reason for concern is the fact that this treaty is so far-reaching, yet the process of developing it side-steps the internal process of the U.S. and other countries for guaranteeing input and review from citizens. For more specific details on such concerns, you may want to refer to this additional MS NBC article in which a coalition of 28 cyber-rights organizations slam the treaty. ""Police agencies and powerful private interests acting outside of the democratic means of accountability have sought to use a closed process to establish rules that will have the effect of binding legislation," the GILC stated in its letter."
People working with computer security are particularly affected, since much, if not all, of the software used for computer security purposes can be adapted for illegal purposes. It may even, depending on the individual's point of view, have been designed for computer intrusion, yet be an essential tool for security experts and systems administrators. All exploit code would fall into this category. As a result, this statement of concerns has been signed by a number of "leading security practitioners, educators, vendors, and users of information security". They state bluntly, "We are concerned that some portions of the proposed treaty may inadvertently result in criminalizing techniques and software commonly used to make computer systems resistant to attack."
There is no indication that the draft has been changed in response to these expressed concerns.
Happy birthday to OpenBSD. Thanks to Alexandre Dulaunoy, who pointed out that October 18 was the fifth anniversary of the beginning of the OpenBSD project. Congratulations, and we wish you many more!
U.S. crypto winners -- Belgian heroes (Wall Street Journal Interactive. Jokingly, they were presented with a pseudo-gold medal, draped around the neck of an inflatable Tux. This Wall Street Journal Interactive article takes a look at Vincent Rijmen and Joan Daemen, creators of the Rijndael encryption formula, selected by NIST to become the new Advanced Encryption Standard.
"Rijndael is the fruit of symbiotic intellectual relationship. Though he has the more assertive personality and even shows a cocky side at times, Daemen says he considers himself less gifted in math than the shy, understated Rijmen -- something Rijmen doesn't seem to dispute. But both say they couldn't be successful without being able to test ideas and theories through each other. And Rijmen may be the better mathematician, but Daemen's creative ideas are sometimes what put them on track toward a breakthrough, they say."
Oracle vulnerabilities. The Oracle LDAP daemon, oidldapd, contains a buffer overflow that can be exploited via the use of an environmental variable, whose value is not properly checked before use. For details, check the original BugTraq report. Oracle 8.1.6 on Linux is affected, as is Oracle Internet Directory 2.0.6. Oracle has responded and promises a fix next week.
MySQL authentication weakness. The CORE SDI team reported an authentication weakness in MySQL this week. MySQL uses a challenge/response authentication scheme to avoid passing passwords across the network in plaintext. The CORE SDI team demonstrated that this authentication scheme can be detected and, after the observation of such challenge/response interactions, fake passwords can be generated to interact with the server and gain access to client data and privileges.
This is a known security weakness of MySQL, documented in the MySQL manual. To avoid it, ssh-tunneling should be used to support MySQL client/server interactions outside a local network. The manual section makes other configuration suggestions to minimize the problem.
Slackware PPP vulnerability. A Slackware-specific configuration error in the ppp-off script could allow an unprivileged user to overwrite any file on the system. A new Slackware PPP package has been issued to correct the problem.
ntop '-i' buffer overflow.The "-i" option of ntop can be exploited to pass in a command which is then executed by ntop. If ntop is installed setuid root, this can lead to a root break-in. Check this BugTraq report for more details.
Exploits for ntop have also been published, so you may want to disable ntop until a security update is available. Alternatively, Christophe Bailleux reported that ntop-1.1-5.i386.rpm is not installed setuid and is not vulnerable.
Red Hat lpr print filter vulnerability. The lpr package shipped with Red Hat 6.2 (and possibly earlier versions) contains a print filter with a configuration error that can be exploited to run arbitrary commands under the lp group. This, in turn, can be exploited to gain root privileges. Red Hat 7.0 is reported not to be vulnerable. For more information, check out BugTraq ID 1834. This problem was reported by Zenith Parsec on October 20th.
Commercial products. A security fix for Half-Life, a popular first-person shooter game, was included in the 18.104.22.168 release of Half-Life, now available for download.
Apache mod_rewrite vulnerabilty.Files outside the document root can be accessed, if the mod_rewrite module for Apache is in use. For more details, check the October 5th LWN Security Summary.
This week's updates:
GnuPG false signature verification.GnuPG fails to correctly validate multiple signatures in a file. Check last week's Security Summary for details. GnuPG 1.0.4 has been released and contains the fix for this problem. Anyone using GnuPG will want to upgrade their package as soon as possible.
This week's updates:
Format string vulnerabilities in PHP.Multiple format string vulnerabilities in PHP 3 and PHP 4, including one involving the use of syslog, can be exploited remotely to execute arbitrary code under the web server's identity. PHP 3.0.17 and 4.0.3 contain the fixes for these problems. For more information, check last week's LWN Security Summary.
This week's updates:
NIS/ypbind format string vulnerability.A format string vulnerability in NIS/ypbind can be remotely exploited to run arbitrary code as root. An immediate upgrade is recommended. For more information, check last week's LWN Security Summary.
This week's updates:
xlockmore.Check the August 24th Security Summary for details. An update to xlockmore 4.17.1 is recommended.
This week's updates:
curl buffer overflow.A buffer overflow in curl, a command-line tool for getting data from a URL, was reported last week.
This week's updates:
Buffer overflows in ping.Multiple buffer overflows in Alexey Kuznetsov's ping were discussed last week.
This week's updates:
ResourcesThe following security-related software has been released this week:
Upcoming security events.
Section Editor: Liz Coolbaugh
October 26, 2000
Security alerts archive
Engarde Secure Linux
NSA Security Enhanced
Linux Security Audit Project
Linux Security Module
Security List Archives
Firewall Wizards Archive
LinuxPPC Security Updates
Red Hat Errata
Yellow Dog Errata
Security mailing lists Caldera
Linux From Scratch
Security Software Archives
ZedZ.net (formerly replay.com)
Comp Sec News Daily
Linux in the news
See also: last week's Kernel page.
The current development kernel release is (still) 2.4.0-test9. On the prepatch side, 2.4.0-test10-pre5 came out on October 23. The bug fixing continues...
The current stable kernel release is still 2.2.17. The 2.2.18 prepatch is up to 2.2.18pre17. More fixes have gone in, but there's still a list of things that need to be dealt with before the real 2.2.18 release can happen.
Should applications be allowed to bind to any IP address? "Binding," of course, is how a server gets set up to accept connections. The current 2.4.0-test implemention allows binding to an arbitrary address - even if the system has no interfaces at that address. Such an action would seem to make no sense; if there are no interfaces which can receive packets to an address, a server that has bound to that address will have very little to do.
The reasoning behind allowing that sort of binding is that an interface could conceivably come up in the future which does correspond to the given address. Not all interfaces are up all the time, and life may be simpler for servers if they do not have to be continually checking to see if the network is there yet.
There are a couple of problems with that behavior, though. It turns out that the POSIX standard requires that a bind to a nonexistent address fail. And it turns out that some applications try to bind to an address as a way of determining whether the address is local or not. The Java virtual machine, in particular, does this; the 2.4.0 semantics confuse it and causes the compatibility test to fail.
As a result, the ability to bind to nonexistent addresses will be going away. There will, however, be a sysctl option added that will allow the system administrator to restore that behavior if need be.
A new Linux event handling interface? Readers of linux-kernel this week were treated to a lengthy discussion of how Linux makes event information available to applications, and the beginnings of a new interface that may improve on things in the future.
The mechanism used by most applications for tracking events is the poll() system call. poll() essentially takes a list of open files (and devices and network sockets...) and blocks until one or more of them is ready to perform I/O. The classic example of a user of poll() is the X window system server, which has a long list of client connections and must be able to respond to input events on any of them.
Dan Kegel started things off by posting the results of some benchmarks he did with poll(). To stress things a bit, he tried an application watching 100, then 10,000 file descriptors on both Linux and Solaris. Solaris did rather better than Linux did; in particular, it showed only a factor of 6.5 time difference between 100 and 10,000 sockets.
Some people were quick to downplay the results, pointing out that they almost have to indicate a large setup time on the Solaris side that will penalize programs polling a small number of sockets (which is most of them). Linus was in this camp:
Basically, for poll(), perfect scalability is that poll() scales by a factor of 100 when you go from 100 to 10000 entries. Anybody who does NOT scale by a factor of 100 is not scaling right - and claiming that 6.5 is a "good" scale factor only shows that you've bought into marketing hype.
Others pointed out that the Linux implementation of poll() is not ideal, since it requires four passes over the list of file descriptors: (1) reading them into kernel space, (2) querying drivers and setting up wait queues, (3) querying again after an event happens, and (4) copying results back to user space. Every pass over a large array hurts.
The Linux poll() implementation could probably be improved to perform fewer passes over the list. The real problem, though, is that poll() requires the system to pass over such a large array in the first place. To make things worse, the array is entirely under the application's control, so every call to poll() is like the first one. Clearly there is some room for improvement here, and this conversation got people thinking about a better way of doing things.
So Linus posted a new interface design reflecting one of those better ways. Read the posting for the details; in very simple terms, the proposed interface allows the application to tell the kernel about events of interest. The kernel maintains the list, and thus knows when the list changes. Each process has a queue of events waiting to be processed, which it may look at with a system call. Whenever an event actually happens (a network connection arrives, for example) the kernel adds it to the list of every process that is interested - but only if an event of that type is not already on the queue.
The business about putting only one event of a given type on the queue is important. An event notification from the kernel means that one or more events are pending, and the application must be sure to deal with them all. This requirement makes life a little bit harder for applications, but much easier for the kernel. Among other things, the kernel need not worry about running out of memory should a large blast of network packets show up.
Of course, nothing much is new under the sun...Dan Kegel pointed out that Linus's scheme bears a strong resemblance to the FreeBSD kqueue mechanism. It has evolved somewhat under discussion as well. Nobody, yet, has rushed out to implement this approach - it would be a 2.5 item in any case. But something along these lines will likely happen before too long. The fun of free software is that you can see it take form in the early stages.
Access Control Lists and extended attributes. Andreas Gruenbacher released version 0.7.0 of the Access Control List (ACL) patch. This release was the first stable release in some time... except that it was closely followed by 0.7.1 to fix up a few details..
On a more general level, Andreas also posted a proposal for the implementation of "extended attributes" (such as access control lists) in the Linux virtual filesystem. The ACL project has had an extended attribute patch for a while; they would now like to begin the process of getting it into the kernel.
Something will almost certainly go in at some point, but the extended attribute interface may well see some changes first. Stephen Tweedie posted a separate extended attribute specification which was evidently hammered out at the recent storage workshop in Miami. This version takes a wider view of things; it tries to handle things like the ACL's found on the NT filesystem and NTish identifiers that can be used by Samba. It's a complicated problem, and the kernel developers would like to solve it properly.
Once again, of course, this is 2.5 material, so there is some time to work out the details. The 2.6 kernel will likely have a much more extensive security scheme as a result.
KernelTrap.com hits the web. A new site called KernelTrap has turned up on the net. It is dedicated to kernel hacking in general, but its content is very much Linux-oriented.
Other patches and updates released this week include:
Section Editor: Jonathan Corbet
October 26, 2000
For other kernel news, see:
Linux in the news
See also: last week's Distributions page.
Lists of Distributions
Please note that security updates from the various distributions are covered in the security section.
News and Editorials
LSB-FHS test suite issues.Early in the week we received a notice from SuSE regarding the results of the LSB-FHS test suite run against the SuSE 7.0 distribution. While the results are obviously very good for SuSE, their claim to be the most compliant distribution could be questioned. SuSE scored 238 passed tests and 5 failed tests, a good mark undeniably, but just how valid were the tests? Debian Project leader Wichert Akkerman later sent out a response to the LSB-FHS test suite results which showed SuSE as the most conformant distribution. Looking at the places where Debian ran into trouble, Mr. Akkerman takes issue with some aspects of the test, and admits to trouble on Debian's part for others.
Not all of the test results are fair in my opinion: some are real bugs in Debian, others are bugs in the test-suite or the result of using an incomplete install.
The messages began flying on the Debian Development list (and were copied to LWN) discussing the methods and madness behind the LSB-FHS tests. Andrew Josey, LSB Test leader, and author of the LSB-FHS test suite wrote in with his own view of the FHS test suite and it's status along with the latest LSB test news.
"The first milestone for LSB test development is now complete. This has been in setting up the test framework for integrating tests into. The framework adopted is the Test Environment Toolkit, with the VSXgen (generic VSX test framework) layered on top of that. As proof of concept the first testsets, the LSB-VSX and LSB-FHS testsets have been integrated into the framework."
Despite this work, Andrews stated that "[the community] should not be expecting any distributions to pass the current version of the test suite. Although [LSB] believes it to be a fair and accurate test of the LSB FHS 2.1 specification, there are issues with the specification and tests that need to be resolved."
This argument was backed by Daniel Quinlan, who wrote in to the Debian Development list:
"I just checked the old version of the LSB test web pages and while they didn't warn people to not claim compliance, they do refer to LSB-FHS-2.1-1 as "the latest development release" and it was noted that (1) the test results weren't believed to be accurate and (2) that there are issues that would be fixed in FHS."
So the moral of the story? The standards are, well, not standard yet. While FHS is both desirable and necessary, its existence and availability does not make it complete. Press releases related to the FHS need to be put into context and, most importantly, distribution vendors need to be aware of what they are doing when it comes to the LSB FHS. Certainly, at a minimum, they should be aware of what is and isn't standard.
TurboLinux Founders move to storage startup.TurboLinux founders Cliff and Iris Miller, along with file system and data storage authority Dr. Peter Braam, announced the launch of a new, global storage service company -- Mountain View Data.
The new company will sell storage services on the open-source InterMezzo file storage software. The Millers retain their majority stake in TurboLinux but control of that company has been handed over to Paul Thomas, who took over as CEO in June.
More information is available on the Front Page.
Getting To Know SuSE Linux.SuSE was in the news a number of times this week:
Dirk Hondel, SuSE's Chief Technology Officer, is interviewed by ISPworld. "SuSE has a strong focus on security within its distribution. We not only have an internal security team within SuSE Labs that audits all major packages and closely follows all relevant information sources, but we also maintain an active dialogue with our customer base through mailing lists and security alerts." (For a related-article, check our coverage of the SuSE Security Team in the September 14th LWN Security Summary).
SuSE also expanded its international presence with a new subsidiary in France. The European Linux heavyweight opened a new sales and service office in Paris. The new office provides installation support by phone, fax, and e-mail for the French version of SuSE Linux, which was introduced two years ago.
Finally, Marc Heuse wrote to let us know about a new document available on SuSE's web site describing, in a step by step fashion, how to install a secure Web server.
North Carolina State University EOS runs Red Hat.NC State's College of Engineering project EOS was used to show the school's committment to the open source movement. "IBM provided deep discounts on hardware for the Eos project, including a large mainframe computer that runs Linux. Red Hat's 3-month-old University Program provided software and technical assistance to N.C. State. The Linux company's ties to the engineering program there actually date to Red Hat's earliest days."
It's not the color, it's the network.And finally, from the "I don't speak that language" department: A reader wrote in last week concerned about the use of colors in the naming of Linux distributions - Red Hat, Yellow Dog Linux, and so forth. One of the projects mentioned was the Red Escolar Project. Numerous readers wrote in to let us know that "red" in spanish means "network". So that would be the "School Network" Project, not the "Red School" Project.
Life is never as black and white as it seems, eh?
Review of Conectiva Linux 5.0 - Duke of URL.The Duke of URL this week carried a review of Conectiva Linux 5.0, a Red Hat-based distribution which is known for its large selection of software and language support. "Conectiva Linux features much of what we've come to expect, SMP, graphical installation, optimized kernels, SSL, hardware detection, and more, but also brings to the table a few new features. One of these new features is two CDs full of commercial applications, something not normally seen in your typical Linux distributions."
SAMS Red Hat 7 Unleashed.While not a review, SAMS has followed Red Hat's release of their verion 7 distribution with their own Red Hat 7 Unleashed text.
The Future of Linux-Mandrake.Now that the Linux-Mandrake 7.2 release has been frozen (no new features will be added), discussion was opened on where Linux-Mandrake should go from here. Some of the wish list items readers asked for included:
Best Linux 2000 Release 3.SOT Finnish Software Engineering Ltd. issued a new release for its Best Linux Operating System for desktop and server applications. The new release of Best Linux includes, in addition to many other improvements, support for the Portuguese language, improved sound card support, modem configuration, and the new KDE 2.0 desktop environment.
ROCK Linux 1.3.11 released.The ROCK Linux team has announced the release of ROCK Linux 1.3.11. ROCK Linux is a distribution "for admins, hackers, geeks, and skilled Unix users;" this release is based on the 2.4.0-test9 kernel and a number of other current software releases (they stopped short of gcc-2.96, though).
Red Flag Linux.Sun Wah Linux Limited and Red Flag Software Company Limited, of the Chinese Academy of Sciences ("CAS"), have officially launched the Red Flag Linux Server - Traditional Chinese Version, which is aimed specifically at the Chinese market. Included in this launch are Red Flag Linux Server 2.0 and Red Flag E-business Start Kit 1.0. The former runs on 32-bit, 64-bit or higher-end machines and optimizes server hardware performance. It provides an operating environment that is secure, stable and reliable, and supports key Internet/Intranet-based applications.
Caldera eServer 2.3 Wins Network World Blue Ribbon Award.Caldera announced that OpenLinux eServer 2.3 has received Network World's Blue Ribbon award for use as an enterprise server. Caldera eServer led the list of five Linux server-side distributions based on the following criteria: LAN administration and setup, added applications and value, installation, service support policies and documentation.
Debian News.The Debian Weekly news this week discusses LSB-FSH issues and why Helix Gnome isn't in Debian yet.
Mizi Linux 1.5 released.MIZI Linux OS is a Linux distribution version developed by MIZI Research. Its goal is to develop a distribution version that can be used in desktop environment.
ODDAS-Linux 0.2.ODDAS-Linux was released earlier this week. This release fixes some network initialization scripts and provides better documentation.
easyLinux.We haven't heard much about easyLinux/ since about February 2000, but they contacted us to see if they could be included in the list of distributions. A quick look at their web site shows the distribution to be available on CD-ROM and in a boxed package. The RPM based distribution has won a few awards (according to their web site) and offers shares of the company in exchange for contributions to the distribution and for purchases made. While not public, one wonders how valuable such shares might be (or how many you can get in the long run). Interesting concept.
WinLinux 2000.Last covered in March of 2000, WinLinux 2000 sent LWN a press release suggesting it was a new release. No web site was provided in the press release but we already had the URL: http://www.winlinux.net/
Tynux expands into Japan.According to a LinuxDevices.com report, PalmPalm Technology, makers of the Tynux embedded Linux distributions, will open its Japan office, PalmPalm Japan, on October 25th.
e-smith 4.0.Last week we covered the release of e-smith 4.0 server and gateway products. In that coverage we incorrectly stated that the server and gateway software is used on their line of Internet appliances. Kirrily Skud Robert, who recently joined the e-smith team, wrote in to set the record straight:
I notice you list e-smith 4.0 on your distributions page, based on my freshmeat announcement from a few days ago. I wanted to point out to you that the e-smith server and gateway does *not* run on a specialised internet appliance, and in fact e-smith has no such appliance product. The e-smith server and gateway runs on any Intel-based PC (eg a commodity Pentium) and, as it's fully GPL's, can be used at no cost -- though of course e-smith do provide support and software subscriptions at a very reasonable rate.
We apologize for the confusion and hope this clarifies the situation.
Section Editor: Liz Coolbaugh
October 26, 2000
Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.
Linux in the news
See also: last week's Development page.
News and EditorialsThe Jython project has announced its existence. Jython is the successor to JPython - the implementation of Python in Java. The new project has been created as part of the overall Python license change - it will have a license that looks much like the new Python 2.0 license. The first official Jython release will be at some unspecified future date, but the code is currently available on sourceforge.
Speaking of Python variants, David Mertz of Gnosis Software discusses several other versions of Python, including Vyper and Stackless Python. The article delves into the issues of multiple language implementations.
Mozilla Sidebar Tools. There are several new tools for working with the Mozilla sidebar panel. Eric Hodel has added some requested new features to the Links Sidebar Panel, and D.J. Adams has written a perl script called My Sidebar which allows for the creation of a Mozilla 5 sidebar panel from "an RSS data source of your choice".
Jabberzilla Alpha 1 for M18. Eric Murphy has released an Alpha 1 version of Jabberzilla, which combines Jabber and Mozilla technologies. "Jabber is a peer-to-peer messaging system that is XML-based and lets you use Instant Message systems like AIM, ICQ, IRC, MSN, Yahoo Chat, etc. from a single application."
DOM 1 Reference published. Jiri Znamenacek has published a Document Object Model (DOM) level 1 reference. He is looking for XML contributions to the reference.
PostgreSQL tutorial slides (PostgreSQL). The PostgreSQL site has published a set of slides for an upcoming talk by Tom Lane and Bruce Momjian. The talk will be presented at the Open Source Database Summit on October 30 and 31, 2000 in San Jose, California.
Linux For Kids releases CD Collection. The Linux For Kids site has just announced the release of an ISO image of its version 1.03 CD software collection. Now you can burn your own CD and have lots of Linux educational and game software in one handy location.
SEUL/edu report #31. The October 23 edition of the SEUL/edu report is out. Check it out for the latest news concerning Linux in the schools.
Wine Weekly News #66. The October 23 edition of the Wine Weekly News is out. This issue announces a new Winehq search engine, new mailing lists, and some Wine history.
OpenNMS Update. The latest OpenNMS Update has been sent in, providing updates on various projects, including a MIB compiler and the scope of the OpenNMS project for the month of November.
Kivio First Public Beta Available. KDE Dot News reports on the first beta release of Kivio, a KDE-based diagram and flowchart editing tool. "Kivio is the first and most complete diagramming tool for KDE".
Gimp 1.1.27 and 1.1.28 released. Manish Singh, Gimp build master, released Gimp 1.1.27, a new developer's version of the Gnu Image Manipulation Program, back on October 4th. After some build problems were reported, Gimp 1.1.28 was released on October 16th. These releases contain mostly bug-fixes and documentation changes.
Gnumeric Spreadsheet 0.57 released. Version 0.57 of the Gnumeric Spreadsheet program has been released.
On the Desktop
The People Behind KDE: Claudiu Costin. This week, the People Behind KDE series interviews Claudiu Costin.
Trolltech releases an open source localization tool. Trolltech has released a fully functional preview of Qt Linguist, an application language translation system. Qt linguist is licensed under the open source BSD license. Qt Linguist works in conjunction with Qt, Trolltech's cross-platform GUI application framework. "Qt Linguist, localization tool, allows users to seamlessly convert Qt-based programs from one language to another, simply and intelligently. Qt Linguist helps with the translation of all visible text in a program, to and from any language supported by Unicode and the target platforms".
Evolution 0.6 announced (Gnome.org). Gnome.org has announced the release of Evolution 0.6, code named Procompsognathus, truly a coded name in this case. This release features lots of additions to the Mail program, and numerous bug fixes among other things.
Reorganizing the UI team (Gnome.org). Miguel De Icaza has posted an article on Reorganizing the UI team for the Gnome project.
The executive summary follows:
The Alternative Languages in Gnome Matrix. Erik Bågfors has published The Alternative Languages in Gnome Matrix with a large table of languages that may be used for developing Gnome applications.
Medical software's free future (BMJ). The British Medical Journal has run an editorial by Douglas Carnall on Medical software's free future. "Free software concepts make particular sense in medicine: although peer review has its problems, medical knowledge is becoming more open, not less, and the idea of locking it up in proprietary systems is untenable". Worth checking out.
Section Editor: Forrest Cook
October 26, 2000
Erlang Conference Proceedings. The proceedings from the October 3, 2000 Erlang/OTP user conference have been made available. Take a virtual tour of the conference.
Blackdown releases Java2 SE v1.3.0-FCS. Blackdown has released its Java2 SE v1.3.0-FCS for Linux. This release contains many bug fixes.
Programming GNOME Applications with Perl, Part One (Perl.com). O'Reilly's Perl.com has published a feature article on Programming GNOME Applications with Perl. The article takes you through the process of developing a simple gnome application with Perl.
Perl 5 Porters gets new author. Simon Cozens has recently taken charge of the Perl 5 Porters digest. The latest issue contains discussions on virtual values, slow unshift response, and the handling of integers and floating point values.
PHP Weekly Summary #8. The October 23 issue of the PHP Weekly Summary is out. News includes a pl1 release of PHP 4.0.3 that fixes a problem with the Apache php_value mechanism, among other things. PHP 4.0.3pl1 can be downloaded here.
Python-dev summary for October 1-16, 2000. The Python-dev summary for October 1 - 16, 2000 is now available. A summary of recent discussions about Python's handling of floating point numbers was posted.
This week's Python-URL. Here is Dr. Dobb's Python-URL for October 23 with the usual collection of goodies from the Python development world. Topics include hints on math operators, IEEE 754, watch variables, assertions, and exceptions
Python Bindings and Scripting for KDE Updated. theKompany.com announced the release of VeePee v1.0 and SIP/PyQt/PyKDE version 2.1. "VeePee is the Python-based scripting environment for KDE, and SIP/PyQt/PyKDE are the Python bindings for Qt and KDE. These updates are to support Python 2.0 as well as numerous feature additions and some bug fixes".
Mod_python beta 2.6 announced. Gregory Trubetskoy has announced the release of Mod_python beta 2.6. This release features bug fixes, faster operation, and improved installation thanks to a switch to the autoconf system.
py_cpp Python/C++ binding system announced. A new Python/C++ binding system, py_cpp, has been announced.
Installing and using SGMLtools-Lite (IBM Developer Works). IBM's developer works has run an article on Installing and using SGMLtools-Lite by Joe "Zonker" Brockmeister. The article covers the installation of this tool and its use in converting SGML into HTML, PostScript, text, and other languages.
This week's Tcl-URL. Here is Dr. Dobb's Tcl-URL for October 23 with the latest from the Tcl/Tk development community. This week's edition discusses accessing tape drives, closing out applications correctly, and terminal i/o among other things.
Software Development Tools
LSB test news. The Linux Standards Based released this announcement regarding the status of their testing processes. "The first milestone for LSB test development is now complete. This has been in setting up the test framework for integrating tests into. The framework adopted is the Test Environment Toolkit, with the VSXgen (generic VSX test framework) layered on top of that. As proof of concept the first test sets, the LSB-VSX and LSB-FHS test sets have been integrated into the framework."
More information on this can be found in the Distributions Page.
Section Editor: Forrest Cook
Gnu Compiler Collection (GCC)
Gnu Compiler for the Java Language (GCJ)
IBM Java Zone
Free the X3J Thirteen (Lisp)
Dr. Dobbs' Perl
PHP Weekly Summary
Tcl Developer Xchange
Linux in the news
See also: last week's Commerce page.
Open Source corporate sponsers. Open Source activity has certainly been strong this week. As was mentioned in this week's front page, corporate sponsors play a large part in keeping the open source community going. Who are these corporate sponsors and what are they up to this week?
The Open Source Development Network (OSDN) is a division of VA Linux. The old Andover.net is now incorporated into OSDN. Of course the Andover.net site is still there, but the OSDN site has all the same departments, and lots more besides. Through OSDN, VA Linux supports open source in many ways. Freshmeat.net and SourceForge.net are just a couple of the many examples. OSDN has an opportunity to support open source in other ways as well. The recently announced Open Source Database Summit provides a different type of forum for developers. (More info on the Summit can be found in this week's announcements page.)
Corporations make alliances to better support open source. This alliance between OSDN and Jabber is a good example. Webb Interactive is the corporate sponsor/developer of the open source messaging system, Jabber (found at jabber.com). OSDN will soon feature the Jabber system on both SourceForge.net and OSDN.com.
DevelopOnline.com is a collaborative, online development center for programmers and engineers geared towards the embedded market. Sponsors include Intel, Avnet, Lineo and, according to this announcement, MontaVista. DevelopOnline recently announced support for Linux developers wishing to work on Compaq iPaq and StrongArm based handheld devices.
Smaller companies may not have the resources of VA Linux or Intel, but ID-PRO has found another way to help. They are holding an auction to raise money for the Free Software Foundation Europe and KDE. They will be auctioning the prototype version of PAUL, ID-PRO's communications server, which has been signed by a number of Open Source luminaries such as Linus Torvalds and Jon "maddog" Hall.
The Danish Parliament supports open source, showing us that governments can also supply support. Danish MP Knud Erik Hansen had put out a press release regarding a proposal in the Danish Parliament on open source. "In the report the parties clearly express their support for Open Source and for provision of a good framework for development of Open Source by the state. This will be a part of the state's IT policy in the future. The report recommends that the state henceforward use Open Source in the development of its own software, that the state provides possibilities for bids with Open Source software, and that the state disseminates information about experiences with Open Source." (Thanks to Peter Toft, via Stéfane Fermigier).
More open source announcements can be found below in the press release section.
European Commission to research software patents. Here is a release from the EuroLinux Alliance on a move by the European Commission to study the economic and social effects of software patents in Europe. It seems they are beginning to figure out that there could be some trouble there. The EuroLinux Alliance is trying to help them out with well-written input; they are looking for contributions from people in Europe. This issue directly affects a lot of our readers; consider helping them out if you can.
Axis announces 2120 network camera. Axis Communications has announced the availability of the 2120 network camera. This camera resembles the 2100 model, reviewed by LWN last May, in that it has a built-in Linux system and web server, and plugs directly into the net. The new version has a number of new features, including full motion JPEG output and motion detection capability.
Codemesh needs Beta testers. Codemesh is porting its JunC++ion product to several *nix platforms, including Linux. "The UNIX platforms that customers have expressed the most interest in are Solaris, Linux, AIX, and HP-UX. If you're interested in becoming a beta test site for one or more of these UNIX platforms, e-mail Codemesh at email@example.com."
Open Source ProductsUnless specified, license is unverified.
Commercial Products for Linux
Products Using Linux
Products with Linux Versions
Books and Training
Investments and Acquisitions
Linux At Work
Section Editor: Rebecca Sobol.
October 26, 2000
Linux in the news
See also: last week's Linux in the news page.
KDE 2.0 released. The much-awaited KDE 2.0 Kopernicus release is now available. According to KDE founder Matthias Ettrich: "We think that current KDE users will be pleasantly surprised with the remarkable improvements we have achieved. KDE 2 offers the desktop user the benefit of standards compliance and an array of new technologies, from Konqueror, a full featured web browser and file manager, to KOffice, an integrated office suite, as well as a slew of usability enhancements, such as KDE's expanded themeability and configurability and a new KDE Help Center". Happy downloading!
Linux planet takes a look at KDE2 in a feature article by Dennis E. Powell.
Looking at KDE, Waiting for the Other Guy (Andover News). Jack Bryar looks at what the Linux desktop, in particular the new KDE 2.0 Linux desktop, means to business. "Which would you rather do, wait for a Gee-whiz desktop interface and office suite that can do everything you want (and more) -- or would you rather get something that actually works? Or would you still do nothing?" (Thanks to César A. K. Grossmann).
Norwegian language movement says: `Boycott Microsoft - use KDE instead' (KDE Dot News). KDE Dot News is running an english translation of a Norwegian newspaper article about an organization asking Norwegian schools to swtich to KDE from Microsoft tools. "Since KDE now provides both Bokmål and Nynorsk, Norsk Målungdom wants schools to use KDE instead of MS Windows."
Bigger, not necesarily better (ZDNet). ZDNet looks at the StarOffice release. "Mind you, just because you can get the source code to OpenOffice, doesn't necessarily mean you're going to want it. The sheer volume of the code requires more than three gigabytes of hard disk space in which to build, and compiles have been reported to take more than 20 hours to complete."
Sun dances the dance, pours the source (LinuxToday). The Australian LinuxToday has put up this look at the StarOffice release. "The GNOME project have plans to take the StarOffice release and run with it, abandoning their current office projects, Abiword and Gnumeric, for their big brother OpenOffice. I would say that in about 2 years time we'll start seeing a decent, workable GNOME Office on people's desktops. The GNOME team wants to take OpenOffice and rip it apart, applying their BONOBO architecture and making it integrate well with their object model. All I can say is, well they'd better know German."
Get your Red-hot Linux apps (ZDNet). Chiliware is set to release 4 new applications for the Linux Desktop, says this ZDNet News article. "'Open source is a great service, but if you just do open source, it's hard to make enough money to pay everybody', said company CEO Kenneth Eppers".
Covalent mixes proprietary and open source software (Upside). Upside looks at Covalent's apache-oriented business model. "For a company that has long been trying to emulate the branding success of Red Hat for the Apache market, this willingness to stick with the traditional, proprietary approach is an interesting point of contrast."
Welcoming back an old Amiga (News.com). The Amiga is set to make a comeback, according to C|Net's News.com. "Amiga's future, however, lies chiefly in its software, in particular its new Amiga Digital Environment software, which can run as an operating system of its own or atop other operating systems, including Linux and Windows CE, [Amiga President Bill] McEwan said."
Back to the future: Novell's new vision for success (NetworkWorld Fusion). Novell has staked its future on Netware - or has it? In this article from NetworkWorld, Jeff Shapiro thinks Linux may be the heart of Novell's new soul. "In speculating, I wouldn't be surprised to see NetWare operating in a Linux microkernel environment, with support for NetWare storage systems, Novell Distributed Print Services and legacy NetWare Loadable Modules running as daemons."
Details of Linuxcare complaint come to light (Upside). It looks like Linuxcare's troubles are not over yet. This article in Upside covers a sexual harassment suit against the company and its former CEO Fernand Sarrat. "After dinner with Sarrat and another Linuxcare executive, Bowen was offered a job as Sarrat's personal assistant. The post paid $110,000 a year and carried options to purchase 115,000 shares of Linuxcare stock, according to the documents on file with the court." The article goes into some unpleasant detail from there.
Linux taking hold in India. LinuxNews.com looks at Linux in India. Quoting Atul Chitnis: "Not sure about the rest of the country, but in the state of Karnataka (whose capital is Bangalore), the study of Linux is compulsory in technical education."
Bidding on Linux (Inc.com). It's an older article (June 2000), but Inc.com did a nice article investigating just how well you can run your company using Linux. "Linux can also save small companies money because it runs well on older, less powerful machines. When Campbell installed E-mail and a firewall -- a security gateway between the company's computers and the Internet -- at James G. Murphy Co., two years ago, he used an old 486 computer that Murphy was preparing to jettison. `I could have sold them a new computer,' Campbell says. `But Linux runs just fine on that computer, so why sell them hardware they don't really need?'"
World Bank Launches `Development' Portal (Interactive Week). The World Bank Group is setting up a separate company to run the Global Development Gateway, a portal where it hopes residents, businesspeople and officials from emerging countries can collaborate on economic and social development projects with their peers around the world.
Testing the Enterprise Linux Load (LinuxWorld Austrlia). In this article from LinuxWorld Australia, Caldera, Red Hat Software, Stormix Technologies, SuSE and TurboLinux are evaluated to assess whether these companies are coupling their distributions with the tools and services necessary for enterprise server use. "The best installation process was offered by Caldera eServer, which appeared to have total command of each platform we installed it on, followed very closely by Red Hat 6.2 and TurboLinux Server 6.0. The other distributions seemed to be less capable of sensing the platform environment in one way or another."
.comment: TechnoPolitics (LinuxPlanet). LinuxPlanet has noticed that Linux companies do not show up in the list of U.S. presidential campaign donors. "The philosophical argument is that Linux really has nothing to do with government. It's free, knows no borders, and the community is highly apolitical... But there's another argument, a practical one. There are some things at stake that matter, or ought to matter, to Linux users and to those to whom Free or Open Source software is important. In fact, like it or not, the community has been shot through with political issues all year."
Linux has already won (LinuxToday Australia). LinuxToday Australia ponders the question: Has Linux already achieved world domination? "I have a theorem that Linux has perhaps the largest number of free development tools for any platform available ... Take into consideration its "ability to talk to any medium except smoke signals" ... and you have a combination which, given time, cannot be anything but successful."
What Makes a Virtual Organization Work? (Sloan Management Review). The MIT Sloan Management Review Fall 2000 issue contains a brief look at the open source workplace. "What motivates people to participate in open-source projects? And how is participation governed in the absence of employment or fee-for-service contracts? The answers revealed some important lessons for traditional organizations about the challenges of keeping and motivating knowledge workers and the process of managing in the new arena of networked or virtual organizations."
Lights, camera and net interaction (London Evening Standard). Can open source style collaboration migrate to other realms? In this article from the London Evening Standard, script writers get a chance to collaborate on a potential movie script in an open source fashion. "Of course, guidance is required and the project will be overseen by professional writers, known as Navigators, including Joe Minion, the wordsmith behind Martin Scorsese's After Hours, who will set tasks for the community. In the first instance, members will create, in 2,250 words or less, the central character for a detective thriller. When the deadline closes a "peer review" will invite members to evaluate one anothers' work."
Open Sources: Running afoul of the AMA (ZDNet). An extension of the open sources philosophies to the medical world seems appropriate in this article on one mans run-in with the American Medical Association and their Medicare code numbers used for setting prices for services.
Fragmentation fears within Linux (ComputerWeekly). Perhaps too much effort is expended worrying about Linux fragmentation. This ComputerWeekly article looks at fragmentation as method of differentiation amongst distributors, primarly from the point of view of Caldera.
Linux Boosts Unix (ZDNet). Unix vendors feel they have little to worry about with Linux in this article from ZDNet. In fact, they seem to be happy with the upstart OS. "The comment is a reflection of what the Unix vendors feel is a remarkable turnaround in their fortunes over the last 18 months. Having lived for years in fear of the growing power and scalability of Microsoft Windows, they now sense that they have in Linux a little champion on their side, one with charisma and a popular following. Unix vendors aren't used to feeling that way."
Embedded Linux Newsletter - October 19th, 2000. The latest issue of the LinuxDevices.com Embedded Linux Newsletter is now available.
A look at embedded devices running Linux. This LinuxDevices.com reference guide looks at the myriad of embedded devices currently in development that use Linux as the heart of their hardware.
Programming GNOME Applications with Perl, Part One (Perl.com). This article on Perl.com discusses one man's journey to learn the Perl interface into GNOME. "I recently needed to write a GNOME application and hit this barrier [no documentation for Perl/GNOME], and I had to figure the whole thing out pretty much for myself. So, I decided to write these tutorials so that you, dear reader, don't have to. In this first episode, we'll create an extremely simple application, but one with a full, standard GNOME interface."
It's time to kiss your BIOS goodbye! (LinuxDevices). Linux Devices summarizes the goal of Red Hat's new Red Boot project - to provide an open source bootstrap process for embedded PCs - and points readers to the associated whitepaper.
Python Roadmap (O'Reilly Net). The O'Reilly Network looks at whether Stackless Python will make it into the mainstream. "It seems reasonable to expect Stackless will make it into Python 2.1. This is likely to unleash a burst of activity, as higher-level interfaces -- microthreads and coroutines, among others -- are shaken down for 2.2. Stackless is a sufficiently interesting change that it might take many months to grasp all its consequences."
How prone is Linux to forking?. Does forking in Linux happen more than in BSD? Does it matter? Newsforge looks at forking in both Linux and BSD, with comments from Bruce Perens, Chairman of Progeny Linux Systems and well known Linux advocate.
Wine: It Gets Better With Age (LinuxToday). The Australian LinuxToday looks at the Wine project. "After seven years as alpha code, Wine's developers expect to have a 1.0 release of the software ready some time in the next six to twelve months - though it's not clear how events at Corel might change that timetable."
Linux Gets Smaller (ZDNet). ZDNet Reviews is carrying an introductory article on embedded Linux and some of the companies working in this arena. "Embedded Linux will lead to a wide range of diminutive products running the open-source operating system. In fact, many believe embedded-Linux devices will outnumber Palm devices in two years."
Device profile: FrontPath portable info appliance (LinuxDevices). LinuxDevices.com takes a look at the FrontPath ProGear, a Transmeta-powered tablet device. "The device is intended to provide an easy-to-use information appliance for a wide range of specialty applications, in markets such as health care, real estate, restaurants, hotels, and cruise ships."
Sendmail Multi Switch 2.1 Gives Powerful Features a Simple Face (Network Computing). This article in Network Computing reviews Sendmail Multi Switch 2.1, a commercial version of the open source Sendmail. "Multi Switch lets you set up and maintain multiple mail-stream queues. This allows for parallelism, especially on SMP (symmetric multiprocessing) servers and clusters. Individual queues can have their own rule sets and configuration peculiarities, and you can make some queues faster or slower than others. The standard open-source version of Sendmail doesn't let you do this. "
Device profile: Nokia Media Terminal (LinuxDevices. Rick Lehrbaum takes a look at the Nokia Media Terminal in this LinuxDevices.com article. "The Media Terminal's software architecture consists primarily of Linux, the Xfree86 windowing system, and the Mozilla web browser (enhanced for PAL and NTSC display)."
Penguins in South America? (DukeOfUrl). The DukeOfUrl reviews Conectiva Linux 5.0. "One area you may look to Conectiva is if you're sick of distributions biased towards the English language. This would be a fine choice for users seeking good Portuguese support. Additionally, if you want the easiest installation in the business, look no further."
Device profile: Ericsson Cordless Screen Phone (LinuxDevices). Another embedded Linux device profile from LinuxDevices.com - this one on the Ericsson Cordless Screen Phone, which runs an embedded version of Red Hat Linux and the embedded version of Qt.
Device profile: empeg car audio player (LinuxDevices). Yet another embedded Linux device profile from LinuxDevices.com - this time Rick looks at the empeg car audio player, a StrongArm based embedded Linux computer that fits into your car radio slot. Unlike other embedded Linux products this one is actually available for sale and its parent company - empeg - encourages hacking of the device!
Interview with Linus Torvalds (c't). C't has posted this interview (in German) with Linus Torvalds. If past experience holds, they will likely post the English version eventually; until then, a partial translation is available via Babelfish. (Thanks to Albrecht Fritzsche).
A Good-Looking Geek Magnet (Fox News). Fox News.com is running a fluff piece on the beauty of the Linux Desktop, based on a short interview with themes.org Site Manager Greg Sanders and a high level overview of our beloved X Window System.
Highlights of Atlanta (Annual) Linux Showcase (Linux Journal). From last week, but worth a look anyway: Don Marti's ALS summary on the Linux Journal site. "Red Hat's rush to ship C++ fixes at the cost of confusing, ok, enraging, old-school Red Hat users is good news. It shows that Red Hat is getting service and support contracts from corporate customers who are porting C++ programs that depend on features that have been weak historically in GCC. Face it, nobody needs a bleeding-edge compiler to rebuild the old reliable tools written in C."
Section Editor: Rebecca Sobol
October 26, 2000
Linux in the news
See also: last week's Announcements page.
Linux Advanced Routing & Traffic Control HOWTO. The Linux Advanced Routing & Traffic Control HOWTO team announced the creation of a mailing list dedicated to discussion of the topic of their HOWTO.
Proceedings: Open source software in the space business. A conference entitled "The role of open source software in the space business: technical issues, use guidance, legal implications" was held on October 5 in Noordwijk, The Netherlands. The proceedings from the conference are now available on line. The contents of several talks are available, though most are in PDF format. (Thanks to Bernard Lang and Stéfane Fermigier).
JavaPlus Comes to San Jose. JavaPlus opens October 29 in San Jose, California. This event offers keynote presentations, panel discussions, developer workshops, technical briefings and an Exhibit Hall.
Open Source Development Network. Two open source developers, Bruce Momjian and Tom Lane, both from Great Bridge LLC, will keynote the Open Source Database Summit, hosted by the Open Source Development Network, October 30 and 31 in San Jose, California.
Linux Expo Keynotes announced. Linux Expo Canada has announced their keynote speakers for their October 31st sessions. Speakers from Oracle, Red Hat, MandrakeSoft, and the Free Software Foundation are scheduled to talk. Here's a separate announcement about ParaSoft CTO, Marc Campbell. He will present "How to Create a More Effective Development Process".
Linux TechTracks at Bangalore (India) IT.COM 2000. Linux TechTracks is a series of almost 30 talks delivered by Linux Community members about various aspects of Linux and its usage. "The TechTracks address technical, corporate and "newbie" audiences, and will run from November 1-4 (both days inclusive). The schedule is available online at http://itcom.linux-india.org."
The Linux Game Tome Shows ShowMeLinux How the Game is Played. ShowMeLinux announced the addition of Linux Game Tome to their team. Linux Game Tome will be authoring ShowMeLinux's 'Game Room'. The Game Room is a column offering a monthly review of new or upgraded Linux games.
BountyQuest Launches Internet Destination. BountyQuest has launched a high-stakes knowledge marketplace at www.BountyQuest.com that rewards individuals across the globe for what they know and helps companies settle critical patent disputes more quickly and cost-effectively. Site backers include Jeff Bezos and Tim O'Reilly.
YourWriters.com. Here's a web site that will help you find technology/business writers.
InformIT Adds Live Expert Consultations. EXP.com, an online marketplace for expert advice and services, announced it has teamed with InformIT to provide personalized answers to specific technology and business questions on InformIT's Web site.
User Group News
Linux Users Group of Davis donates books. LUGOD will be donating a collection of Linux- and Unix-related books to the Davis branch of the Yolo County Library on Saturday, October 28th, 2000. Following that event, LUGOD will be demonstrating the Linux operating system at Border's Books.
LUG Events: October 26 - November 9, 2000.
October 26, 2000
Here are this week's Freshmeat software announcements. Freshmeat now offers the announcements sorted in two different ways:
Our software announcements are provided courtesy of FreshMeat
Linux in the news
See also: last week's Back page page.
Fscktris. Tired of waiting while your multi-Gigabyte disks run through an fsck upon reboot? Fscktris may be your answer! Now you can play a Tetris clone while your disks are being cleaned up. Note carefully, however, the caveats from Fscktris' web-page: "Fscktris should only be used if you really don't care about your data. Whilst I've had no problems with it, it comes with no guarantee of safety. This could hose your filesystem ! (although I would say it's unlikely :)".
The website formerly known as LiLAC. The website formerly known as LiLAC has been renamed MobiliX. The emphasis is on information related to Unix/Linux, laptops, PDAs, etc., though the Ecology-HOWTO and Medicine-HOWTO can also be found here.
Section Editor: Jon Corbet
October 26, 2000
Two years ago (October 29th, 1998): The Red Escolar project, then called the "Scholar Net" project, was announced. This was a plan to install Linux throughout 140,000 schools in Mexico and was led by Arturo Espinosa. Nowadays, after gaining experience improving Gnome for the Red Escolar project, Arturo continues his work on Gnome in the United States, working for Helix Code.
We have less specific information on the status of the Red Escolar project, since the Red Escolar News Page hasn't seen an update since June 28th. Fortunately, other pages on the site have been updated more recently, including the status page, which was updated yesterday. It still indicates implementation of the Red Escolar project is only moving forward in the San Luis Potos area.
Debian got congratulations on their port of Debian to the Netwinder two years ago. The Netwinder, however, has remained an infrequently used device, not quite living up to the promise we thought it had back then.
Corel announced its support for the Wine project, choosing it as a platform to bring their products to Linux and promising an infusion of new developers to the project as well. Two years later, the Wine project is finally approaching its first stable release. Meanwhile, of course, the financial state of Corel, and the recent large investment in Corel by Microsoft, have led to questions about Corel's possible future involvement, or lack thereof, both in Wine and in Linux.
One year ago (October 28th, 1999): To no one's surprise, licensing problems between Qt and the GPL were in the spotlight a year ago, with Corel's development as the catalyst. Corel liked using Qt for developing the software they added to the Corel Linux distribution, but their developers were much less likely to be aware of potential licensing conflicts when mixing the Qt with GPL'ed code from Debian. Of course, such problems have now been largely eliminated by the dual-licensing of Qt under the GPL, a possibility not even under discussion last year.
Last year, Comdex' standing policy of not admitting any person under the age of eighteen was under scrutiny, spawning much debate. The policy is no different at this year's Comdex. We have noticed other computer conferences, though, where such age restrictions have been removed.
Speaking of Comdex, Miguel de Icaza will be delivering one of the keynotes at Comdex this year, on Tuesday, November 14th. It was only a year ago that Miguel quit his day job in Mexico and moved to the United States. At that time, his new company Helix Code, Inc., was spoken of only in terms of "secret investors". Nowadays, they've hired a great deal of talent from the Gnome developer team and are in the process of figuring out how to make some money.
Letters to the editor should be sent to firstname.lastname@example.org. Preference will be given to letters which are short, to the point, and well written. If you want your email address "anti-spammed" in some way please be sure to let us know. We do not have a policy against anonymous letters, but we will be reluctant to include them.
Date: Thu, 19 Oct 2000 22:56:34 -0600 From: Joe Brockmeier <email@example.com> To: firstname.lastname@example.org Subject: Red Hat Editorial Hey Guys, Hope all is well at Linux Weekly News. Read the front page bit about the Red Hat release. I've got to say, I think you're letting Red Hat off pretty easy. Red Hat presents its software as being production-ready, and as such it should be as production-ready as possible. Red Hat is supposed to be the market-leader and as such they should recognize that they're going to be a lot of people's first distro. If they get a distribution that has serious bugs, why should they consider Linux any better than Windows? Most of the people who are going to find these bugs are not going to understand them, and certainly won't appreciate being part of the bug-cleaning crew. And, in their minds they're not getting the benefits of free software - they paid good money for it. Many long-time Linux users recogize that a .0 or .1 release of Red Hat is going to have issues. But newcomers will not, and this is not the time to be springing buggy software onto newcomers to Linux. It's time Red Hat, and the other distros, start releasing just one major release every year and make the rest of them developer releases or updates. It's just not good for retail or for end users who are not developers - a much larger percentage these days. Okay - enough tirade. Just my humble opinion. Take care, Zonker -- Joe "Zonker" Brockmeier email@example.com Zonker@Linux-Mag.com Zonker@UserFriendly.org
Date: Thu, 19 Oct 2000 08:59:50 -0800 From: Arthur Corliss <firstname.lastname@example.org> To: email@example.com Subject: Red Hat's early software release Greetings: I wholeheartedly and emphatically disagree with your assesment of RH's action. I agree that the glib issue was helped by them, but you're talking about apples and oranges. As I recall, glib was a *hell* of a lot more mature than gcc 2.96 is when they did so, and so the end result were pure bug patches. Gcc, on the other hand, has experimental features and methodologies that might not make it into a stable release at all. This isn't hastening adoption, this is just ludicrous decision making, pure and simple. One final thing that everyone seems to be forgetting: screw what Red Hat wants, doesn't the gcc project managers have any say about the inclusion? Even *they* publically denounced the inclusion into a "stable" distribution release. RH obviously cares little about the maintianing developer's recommendations. So let's get this straight: RH did no favours to anyone. They included a release *against* the wishes of the package maintainers, and foisted a product onto the unsuspecting consumer that has experimental features that may even make it incompatible with the *next* stable release. This does *nothing* to debug the product, it only makes RH users guinea pigs in the truest sense of the phrase. That's wrong. Period. Your endorsement of their actions is reprehensible. That said, outside of your ridiculous editorial highlighted above, you have one of the finest Linux e-rags out there, and I read you religiously. Keep up the good work. ;-) --Arthur Corliss Bolverk's Lair -- http://www.odinicfoundation.org/arthur/ "Live Free or Die, the Only Way to Live" -- NH State Motto
Date: Thu, 19 Oct 2000 10:36:23 +0200 From: Federico Di Gregorio <firstname.lastname@example.org> To: email@example.com Subject: about this week editorial hi, in your defense of redhat you compare gcc release with glibc2 release. there are big differences. when redhat released 5.0 debian had already used the new libc for months. in unstable. and almost all debian developers and *a lot* of other people run unstable (that is not so much unstable, but that's a problem with debian slow release cycle...) so that library was not so much new or incompatible with anything else. gcc was taken from *cvs* and released with a new version number without ever worrying for compatibility with other linux systems. that's different. another point is that using the userbase (the *paying* userbase) as a testbad for broken products is a practice i can't approve. it remainds me too much of M$ techniques of shipping broken software. the should have a choice: stable software or over-the-edge-but-buggy one. friendly, federico -- Federico Di Gregorio MIXAD LIVE System Programmer firstname.lastname@example.org Debian GNU/Linux Developer & Italian Press Contact email@example.com Put a GNOME on your desktop! [http://www.gnome.org] -- brought to you by One Line Spam
Date: Fri, 20 Oct 2000 21:37:10 +0000 (GMT) From: Mike Fisk <firstname.lastname@example.org> To: email@example.com Subject: Software testers needed Back when everybody had to download and compile tarballs manually, we all made implicit decisions about when we wanted to upgrade a package and if we wanted to try a development, prerelease version or the latest stable version. Now that so many people just use whatever their favorite distribution has seen fit to give them, there's less experimentation with new versions --- unless that's what your distribution gives you. I applaud distributions pushing the envelope with applications, but they should advertise those distributions as being "tests", "developer releases", "betas", etc. As you state (in the lead article of the October 19th LWN), this is part of the open development process*. But, I don't care for Red Hat's eagerness to shrink-wrap these releases and advertise them as a full release. Microsoft and Apple will sell you test releases, but they're clearly labelled as such and the stable versions are still on the shelf. People who want more reliability with Red Hat have learned to stay behind the curve of new releases. I think other development processes like the Linux kernel and the Debian project achieve the same goals, but are more up-front about it. Many of us choose to track the development kernels or Debian frozen/unstable trees in order to get the latest features in exchange for being guinea pigs. But these development versions are acknowledged as not necessarily being the best choice for stability or usability. For production systems, we may choose to use stable releases. From the IT perspective, having your staff track the unstable kernels and distributions on their desktops or test systems also gives them familiarity with new features before they show up on your production systems. *The increase in public betas of commercial software is evidence that the need for wide exposure in testing isn't specific to open source. -- Mike Fisk, RADIANT Team, Network Engineering Group, Los Alamos National Lab See http://home.lanl.gov/mfisk/ for contact information
Date: Sat, 21 Oct 2000 12:29:27 +0200 From: Toon Moene <firstname.lastname@example.org> To: email@example.com Subject: When is the right time to release free software? Jon, Liz, On this week's LWN Front Page you write: > When is the right time to release free software? Red Hat has > taken some grief recently for releasing development versions of the > compiler and C library with Red Hat 7. One reason (of many) that has > been put forward to explain this decision is that Red Hat is seeking > to help stabilize the development of gcc 3.0 by increasing the > development version's user base. By increasing the number of testers > (also known as "users"), Red Hat 7 will flush out the remaining bugs > and provide motivation for the gcc team to get 3.0 out there. [ Note that I write the following as GNU Fortran maintainer, and do *not* speak for the GCC Steering Committee ] Perhaps I can correct one misunderstanding from the start: Red Hat did not just "drop" a development *snapshot* of GCC into Red Hat 7 - they took the 20000731 snapshot and applied a boatload of bug fixes to it before they shipped it as Red Hat 7's system compiler. In fact, this is not unlike the way the GCC team organises new releases: A CVS branch is made and is beaten on until we think we ousted all known bugs. Therefore there's no a-priori reason to assume that Red Hat's GCC "2.96" is buggier than the official GCC releases. Because the relevant bug fixes were "fed back" into the official GCC development tree, it *did* help to flush out bugs, but in a different way you foresee (although the effect you mention above will exist). No, Red Hat's move is interesting in a different way: *Nobody knew what they were doing until days before it happened*. On the 23rd of September I sent the following note to the SC list: > Listening to the rumor mill on the Internet, I get the impression that > the (GNU/)Linux distribution according to Red Hat, version 7.0 - due > early next week, will contain an (ammended) snapshot version of GCC > 2.96. > I do not oppose this move per se; however, due to the fact that the > projected release time for GCC-3.0 was "end of the year", I also > didn't particularly take care of bundling related Fortran Frontend > updates that are interdependent. In fact, what happened was (as became clear in hindsight) that the snapshot on the 31st of July - which is the basis of Red Hat 7's system compiler - was taken right in the middle of those updates I mention above. Now, fortunately, the damage is small - the (g77) compiler will crash if you feed it both -g and -fdebug-kludge options when compiling Fortran source with COMMON BLOCKs in it; at least it won't generate incorrect code ... Furthermore, four weeks after the release, apparently nobody has run into this problem yet (at least I haven't seen a bug report about it) ... However, it could have been worse, and to come to the point of my message: It could have been avoided ! If Red Hat had communicated with the developers of GCC, this could easily have been corrected by: 1. Red Hat waiting to take the "quiescent" snapshot that would be the basis for their system compiler. 2. Me working somewhat faster to meet their deadline. 3. Red Hat applying the changes _after_ taking the snapshot. I sincerely hope that this non-communication was an unfortunate incident, and won't happen again. We volunteers in various free software projects have to work with the information presented to us; if someone just takes the work and runs, they get what they asked for ;-) Perhaps it's good to stress again that I write this as my personal view on the matter, in my function as GNU Fortran maintainer. Cheers, -- Toon Moene - mailto:firstname.lastname@example.org - phoneto: +31 346 214290 Saturnushof 14, 3738 XG Maartensdijk, The Netherlands GNU Fortran 77: http://gcc.gnu.org/onlinedocs/g77_news.html GNU Fortran 95: http://g95.sourceforge.net/ (under construction)
From: "David C. Spaeth" <email@example.com> To: <firstname.lastname@example.org> Subject: Thank you! Date: Fri, 20 Oct 2000 23:36:05 -0500 You've summed up my opinion about Red Hat's 7 release more succinctly than I ever could! Thanks! I really appreciate Red Hat's efforts in reguard to it's releases. With their work, my systems are steadily becoming more and more able to assist me in managing UNIX systems (SCO, Linux, AIX, and Solaris/SunOS) for my customers. I also run Linux on about 6 systems at home...3 as only Linux, 3 as dual-boot (my kids lie StarCraft and Diablo II). Thanks for not slamming Red Hat! David Spaeth Sr. SysAdmin Taskiss.com
To: email@example.com Subject: Secure Deletion Date: Sat, 21 Oct 2000 17:56:31 -0500 From: Christopher Browne <firstname.lastname@example.org> The "File That Would Not Go Away" problem is indeed more of a problem than people expect, and the "Oh, I'll Just Delete The File" thing represents a perpetually misleading Deus Ex Machina in literature and Television. And the misunderstandings of Hollywood do not just fall out of their ignorance; I don't think that the issue is, generally speaking, well-understood even by those that should know better. Just this week, the TV show "Dark Angel" trotted the situation out where the hacker friend of the protaganist prevents the bad guys from pulling her picture out of prison records by, at the last possible moment, "deleting her record from the database." COMPETENTLY RUN prison information systems are likely to be running a journalling database system [any of the major names, Oracle, Informix, DB/2, Sybase, Microsoft SQL Server, should do] for their database needs. The Bad Guy may react to this setback with a little less fatalism: "Oh, well, let's just take the last cold backup, sitting on tape, along with the Oracle archive logs, continuously being dumped to tape as they are produced, and recover them to a duplicate system." Keeping data ephemeral on systems intended to keep it persistent is about as problematic as keeping data persistent on ephemeral systems. The "most ephemeral" thing is data that sits in memory that will get destroyed as soon as power goes off. Mind you, that is misleading when: - RAM on my PalmPilot _isn't_ lost when I shut it off; - Data might get swapped out to disk At the other end of the scale, databases tend to be characteristic of the "least ephemeral thing;" transaction logs, if carefully backed up, can't be deleted via anything a remote hacker might try to do. After all, if updates get dumped onto tape immediately, and the tape quite quickly gets processed through, dropped into archives, it may become a tremendously challenging thing to try to remove data. This implies that the typical Hollywood scenario of "We'll have to hack in to purge the records from the police files" represents so much nonsense. The last I heard, the RCMP was using Trusted Oracle for such applications; I'm sure similar is true for many other police forces. The funniest relevant anecdote I've heard is of a payroll system where they didn't want to have the high salaries of corporate executives available to the computer systems staff. Every couple weeks, an executive assistant, entrusted with this data, would temporarily enter the rates into the system, run cheques, carefully keeping them from the eyes of the rest of the computer centre staff, and then remove the salaries, leaving everyone none the wiser. Or so they thought. The net result of the process was that the "fingerprints" of the executive pay information was being recorded three or four EXTRA times since the DBMS logged each modification. Back to the drawing board... Files fall somewhere in between in terms of robustness. They are certainly more "stable" than RAM, but are less so than a transaction-logged DBMS. Every time someone adds DBMS technology, such as logging/journalling, to a filesystem, files become a little more difficult to _comprehensively_ purge. The answer may ultimately be to implement some sort of "Secure Temporary File System" providing semantics to guarantee that files can be securely deleted, where temporary files become _truly_ temporary. -- email@example.com - <http://www.hex.net/~cbbrowne/linux.html> "C++ is more of a rube-goldberg type thing full of high-voltages, large chain-driven gears, sharp edges, exploding widgets, and spots to get your fingers crushed. And because of it's complexity many (if not most) of it's users don't know how it works, and can't tell ahead of time what's going to cause them to loose an arm." -- Grant Edwards
Date: Thu, 19 Oct 2000 11:41:16 +0000 From: Oliver White <firstname.lastname@example.org> To: email@example.com, firstname.lastname@example.org Subject: RE: kde and gnome and pr and licensing >KDE has fixed their license problem finally, but it's probably > (hopefully) too late for KDE to recover from Gnome getting the > critical mass of developers. Licencing is a major issue. However, there are several technical reasons that still keep developers from working with Gnome rather than KDE. The Gnome folk are, for the most part, 'Old School' hackers. They depend on Emacs, C and think diagrams are for the weak. This is all very well. However, there is a certain snobbishness towards people who want to develop in C++, using more modern (not necessarily better) techniques for communication like UML, and who'd like to use an Integrated Development Environment. As far as I can see, while KUML is comming along nicely, nobody is interested in developing a Gnome UML tool, though the potential to share code and resources early on is there. Support for C++ Gnome development is comming along quite slowly, and gIDE is a long way behind KDevelop. These cultural reasons, rather than reasons of idealism, are enforcing the divide between the KDE and Gnome projects, I can only hope that in future the choice will simply be based on which environment the developer prefers. -- Oliver White www.worldforge.org
Date: Sun, 22 Oct 2000 14:01:41 -0300 From: Horst von Brand <email@example.com> To: firstname.lastname@example.org Subject: Red Escolar (Re: Stop the colors already!) Peter Samuelson <email@example.com> said: [...] > So now, according to the LWN sidebars, we have the five mentioned above > plus Black Cat Linux, BluePoint Linux, White Dwarf Linux and Green Frog > Linux, not to mention the variations Darkstar Linux, Red Linux, Redmond > Linux, Think Blue Linux and the Red Escolar Project. Oh, and don't > forget the ones that incorporate the Red Hat name directly, like VA/Red > Hat and KRUD. "Red Escolar" is Spanish for "School Network", "red" is "network". No colors were harmed when naming this. -- Horst von Brand firstname.lastname@example.org Casilla 9G, Vin~a del Mar, Chile +56 32 672616
Date: Sat, 21 Oct 2000 08:24:28 +1100 From: Tim Josling <email@example.com> To: firstname.lastname@example.org Subject: Undefined expressions in C "The hunt for undefined code. Here's one kind of problem that a new compiler can turn up. Most C programmers learn early on to avoid code like: a[i] = i++; The results of this kind of code are undefined; the array assignment could happen either before or after the value of i is incremented." The expression above, as no doubt many people have pointed out, is actually OK. Section 3.3 of the 1988 ANSI C standard says that you can only assign once to a variable in an expression. So for example i = i++ + 1; is not allowed because i gets assigned to twice. But a[i] = i++; is OK - i is only assigned to once, and the value used for the array subscript is the value before the auto-increment. Tim Josling
Date: Fri, 20 Oct 2000 15:42:41 +0100 From: John Winters <email@example.com> To: firstname.lastname@example.org Subject: Kernel development page - 2000-10-19 Hi there, At the risk of flogging a dead horse I'd just like to pick up on something said on your kernel development page this week: Quote============================ The hunt for undefined code. Here's one kind of problem that a new compiler can turn up. Most C programmers learn early on to avoid code like: a[i] = i++; The results of this kind of code are undefined; the array assignment could happen either before or after the value of i is incremented. End Quote======================== The final sentence is the problem. Yes, it's undefined but the last part gives more than a passing impression that the undefinition is confined to when the increment occurs. That's not true at all. The code simply has no meaning within the confines of the C language - you might get the result you expect; you might get a result consistent with the increment having happened before or after the assignment; you might get any behaviour at all. The classic defence of such code is, "I don't care whether the increment happens before or after. Either will do what I want." This alas fails because there's no guarantee that the increment will happen at all (or that the assignment will happen, or that the code will even compile). Apologies if you already know all this but even as a simplified explanation the quote above can lead to problems. Regards, John Winters -- John Winters. Wallingford, Oxon, England. The Linux Emporium - the source for Linux CDs in the UK See http://www.linuxemporium.co.uk/