![[LWN Logo]](http://old.lwn.net/images/lcorner.png)
![[LWN.net]](http://old.lwn.net/images/bigpage.png)
|
|
|
Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise
news for all interests
 Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Linux History Letters
Other LWN stuff:
Archives/search
Recent features: Here is the permanent site for this page. See also: last week's LWN.
|
Leading items and editorialsCray goes into the Linux cluster business. Cray has long been the definitive manufacturer of "big iron" supercomputer systems. From the original Cray 1, released over twenty years ago, through to upcoming products like the SV2, Cray has been the king of huge, expensive, blindingly fast systems - though competition from Japanese supercomputer makers has tarnished that reputation somewhat in the last decade. Your author, who had the dubious honor of programming on Cray 1 serial 3 (using punched cards!) many years ago, can get very nostalgic about Cray's heyday. The big iron market is a hard place to be, however. The technology to produce that kind of processor is extremely expensive to develop and manufacture; note, for example, that the development of the SV2 is being supported by the U.S. government, and has been underway for quite some time.
But the real problem, of course, is that clusters made from cheap,
off-the-shelf components can achieve supercomputer performance for a
fraction of the cost. Many one-time big iron customers are realizing that
No longer. On January 29, Cray announced that it will soon begin selling Alpha-based Linux clusters. The company has not yet released a whole lot of details on the "SuperCluster(TM)" product, but a few things have come out. It will be built using dual-processor, 1U Alpha-based CS20 servers from API Networks. A Myricom interconnect will be used, and Cray plans to scale the systems up to "thousands of nodes." One customer (BioNumerik Pharmaceuticals) for the new cluster systems has been booked already, with others expected by the time the systems ship (toward the middle of the year). The SuperCluster is, according to Cray's Steve Conway, the successor to the company's popular T3E parallel Alpha supercomputer; the average price for one of these clusters is expected to be "in the single-digit millions." On the software side, Cray will be adding management software for tasks like failure rollover, job checkpointing, and accounting. It will be possible to manage the cluster as a single system, and to easily schedule user jobs. And, of course, there will be service and support plans available. Cray has, of course, done exactly what it needed to do to survive. It has been clear for some time that off-the-shelf clusters were going to take over much of the supercomputing and high-availability markets. By offering a Linux-based cluster system of its own, Cray has simultaneously helped to bring that takeover about (by putting a very high-profile name on a Linux cluster product) and to ensure its own future as big iron systems get harder to sell. (See also: API Networks' announcement of its alliance with Cray to build the SuperCluster systems, and Cray's presentation (PDF format) on the SuperCluster product). Cray will not have the cluster market to itself, of course. LinuxWorld has brought out a whole set of cluster-related announcements; here's a few of them:
A first report from LinuxWorld. LWN's staff at the LinuxWorld Conference and Expo has put up a report from the first day covering some of the events that took place there. Worth noting separately: the "Linus Torvalds award" at LinuxWorld has been awarded to the Samba team. Liz Coolbaugh reports: "Both Andrew [Tridgell] and Jeremy [Allison] kept the audience laughing. They commented that they hope someday Samba will no longer be necessary (which brought cheers) and mentioned that it is now shipping with most Microsoft-based appliances, having become a standard. Jeremy thanked everyone for the award, briefly mentioned the upcoming release of Samba 2.2 and promised, 'You haven't seen anything yet.'" Hard business models. It has often been said that nobody has figured out how to make money from Linux. That is not true, but it is evident that quite a bit of work still needs to be done in that area. One thing that is worth doing is examining business models that appear not to work; an increasing number of those are coming to light. Consider, for example, VistaSource. Less than a year ago, VistaSource was split out from Applix as a separate activity; at the time, the hopes appeared to be that VistaSource could go public in its own right. Since then, the reception for Linux companies wanting to go public has been something other than friendly, meaning that VistaSource needs to show that its model makes sense as a money-making business. Applix has released its fourth quarter results which paint a bleak picture: For fiscal year 2000 revenues were $50.5 million, compared to fiscal year 1999 revenues of $55.8 million, a decrease of nine percent. The decrease was attributed to an $8.7 million, or 46 percent reduction in revenues from VistaSource, Inc., the Company's Linux subsidiary.
Applix is now actively trying to sell off VistaSource, even though it anticipates losing up to $5 million in the process. What are the lessons to be learned from VistaSource's problems? Here's a beginning. Selling Linux office suites is hard. None of the Linux office products has made any real headway against Microsoft's products. In the purely Linux world there is severe competition between ApplixWare, StarOffice (a.k.a. OpenOffice) and WordPerfect. And the free alternatives are getting better every day. A few years ago if a Linux user needed a reasonable spreadsheet, they would almost certainly pay for ApplixWare; now there are multiple free alternatives that work very well. Auctioning developer services is hard. CoSource.com is VistaSource's effort in that arena; it was launched in May of 1999. According to the statistics on CoSource.com's completed projects page, in almost two years all of 20 projects have completed, with a total transfer of $16,304. It is hard to make a business run on that kind of cash flow. Collabnet's SourceXchange competes with CoSource.com; it has only completed ten projects, though it has 20 in progress currently. SourceXchange will be doing better due to the fact that its projects generally carry a much higher price tag. Nonetheless, Collabnet has been moving over toward other corporate services for some time now. In the end, any software project of any significant size will require a personal relationship between those doing the work and those paying for it. It would appear that not too many companies are willing to go out and contract with random developers on the net to get important work done. Another example: Stormix Technologies, creators of Storm Linux, has filed for bankruptcy protection. One year ago, Stormix had a large, fancy booth at LinuxWorld and gave all the appearances of making a success of its Debian-derived distribution. Now the company may not survive at all. See this article on NewsForge for more on Stormix's trouble. Between Stormix and Corel, one could well be led to the conclusion that making money from a Debian-derived distribution is hard. Why might that be? The distribution market is crowded in general, of course, so any new entrant is going to have a tough time. But a number of distributions derived from Red Hat Linux have found success. Perhaps the commercial world really does expect to be able to use RPM. Or perhaps everybody who wants to use Debian simply uses it directly, without the need to buy from an intermediary. Whatever the reason, Debian appears to be hard to sell despite being a high-quality distribution. The one possible exception here, of course, is Progeny, which, by all accounts, is doing well. Progeny, however, has not yet gotten past the beta release of its distribution, so claims about its success are, as yet, premature. Progeny is aiming at certain segments of the market with a high degree of focus, however, and might just pull it off. All of the companies mentioned above may yet succeed, but at the moment the prospects look dark. Those who are trying to make a business of Linux will want to look at examples like these and be sure that they will not encounter the same troubles. Making a business work has never been easy, even in well understood markets. Free software businesses are operating in uncharted territory; we still have a lot to learn on how to make them work. Inside this week's Linux Weekly News:
This Week's LWN was brought to you by:
|
February 1, 2001
|
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Security page. |
SecurityNews and EditorialsAnother set of vulnerabilities in bind came to light this week. Bind, of course, is the DNS server used over most of the Internet. So vulnerabilities in this package need to be taken seriously.An overview of the problem can be found in this CERT advisory. As they say, "...these vulnerabilities present a serious threat to the Internet infrastructure." Those craving more detail may want to look, instead, at this advisory from COVERT Labs, which gets down into the code and explains exactly how a couple of the bugs come about. There are two problems with bind 8.2.2. The most serious is a buffer overflow in the handling of "transaction signatures." This overflow happens regardless of the nameserver's configuration options; it appears to be difficult to exploit, but somebody will probably achieve it anyway - they usually do. There is another bug that can expose the nameserver's environment variables. Bind 4 has a couple of additional problems of its own. Fixes are available for this ancient version of the server, but such a critical service should really be running with more modern software. The Internet Software Consortium and Nominum (which wrote bind 9) responded with this press release entitled "Upgrade to BIND Version 9.1 Software Imperative." In fact, upgrading to 9.1 is not "imperative;" version 8.2.3 contains fixes for all of the known problems. It is true, however, that version 9 is where the current development activity is happening, and that administrators should be thinking about an eventual upgrade. Meanwhile, the major Linux distributors all still ship bind 8, and most have been quick to come out with updates: Bind vulnerabilities have, in the past, been widely exploited. It would be nice if it were different this time. The information and the updates are all available; the exploits do not yet exist. People who move quickly need not worry about this problem. DirecTV strikes back. For those who have not seen it, a perusal of this SecurityFocus article is worth the time. DirecTV is a large satellite television provider in the U.S. It seems that the DirecTV receivers are set up so that DirecTV can reprogram them via the satellite. On January 21, the company made use of that capability to permanently disable a large number of receivers that had been, shall we say, "modified" to allow reception of more programming than had been paid for. One estimate we've seen says that over 100,000 receiver cards were destroyed. Those who traffic in pirated cards are apparently referring to the event as "Black Sunday." There are a couple of interesting aspects to this story. The first is, once again, the difficulty of protecting information in modern times. Even well-guarded information gets out; imagine the challenges in protecting something that you (1) broadcast to an entire continent via satellite, and (2) deliver via a receiver that is under the user's control. Dealing with pirates will be a never-ending hassle and expense for a company like DirecTV, and it may well be a battle that the company ultimately loses. Charging for information is a hard way to go. Then, one can look at DirecTV's tactics. One need not have sympathy for TV pirates to wonder about the propriety of remotely programming somebody's hardware to destroy itself. In the free software world, we like to know what is running on our hardware and exactly what it can do. Consumer electronics, instead, is increasingly heading toward proprietary code that implements the vendor's agenda. That code is often quite hostile and restrictive; consider, for example, the DVD region coding scheme. Or, for that matter, a satellite television receiver that self destructs for Canadian citizens who can not legally buy the service. If DirecTV can program a receiver to destroy itself, what other, hidden functionality can it implement? Just how closely does that box monitor your viewing habits? How easy would it be for somebody other than the vendor to invoke the "self destruct" mechanism? What sort of (InterBase-like) backdoors live in that code, unknown even to the vendor? Wouldn't it be nice to know what is really happening inside that box? Linux is poised to be a dominant force in embedded systems; it is increasingly showing up in places like, well, TV set-top boxes. The use of Linux in such a box requires that the vendor make the GPL-covered source available. There are no such constraints on any add-on code produced by the vendor. But the first set-top box vendor who distributes all the source, and provides a way for users to update their software, may find that a whole community of people is out there just waiting to write useful add-ons. Such a device could sell well indeed, and could reward the vendor well. Assuming, of course, that said vendor does not wish to include capabilities that users do not want. Call for testing: a new secure FTP server. Chris Evans has written a new FTP server called "vsftpd." It is designed from the beginning to have a higher level of security than other FTP servers, and is licensed under the GPL. He has now made a beta release and is looking for people who can help him test it out and audit the code. "Security holes protect your equipment" Many companies try to gloss over their security holes. Others issue a fix and try to put the whole thing behind them as quickly as possible. But it's rare to see a web page like this Asanté product page that brags about security holes as a positive feature. Yes, of course, the "holes" in question are physical holes in the case allowing the product (a network hub) to be tied down. Security ReportsDebian/Sparc-specific OpenSSH update. Debian reported a PAM-based problem with the OpenSSH packages for Debian on the Sparc this week. They also issued an updated version of the original advisory with a corrected description of the problem and recompiled OpenSSH packages. Upgrading to the packages listed in the second advisory is recommended.Trustix-specific OpenLDAP bug. Trustix issued updated OpenLDAP packages to fix a "silly bug in the rpm spec file", which set OpenLDAP to run by default. Trustix users should check the status of OpenLDAP on their system and disable it if they do not need to use it. Resource exhaustion bug in Red Hat 6.2 inetd. Red Hat has issued an update to inetd for its 6.2 release. It seems that inetd, when implementing internal services (such as echo), forgot to close the socket for the connection. Eventually it will run out of sockets and things will stop working. Red Hat 6.2 shipped with all of the internal services disabled, so this fix only really matters for people who explicitly turned them on. Format string trouble with man. A format string problem has been reported with man on (at least) the SuSE and Debian distributions. Thus far, neither exploits nor fixes are known to be available. The man command, of course, is not a terribly privileged operation, so the level of worry is probably pretty low.FreeBSD turns up some problems. FreeBSD has posted a few alerts resulting from problems they found while auditing their code. They are:
cgi-bin scripts. The following cgi-bin scripts were reported to contain vulnerabilities:
Commercial products. The following commercial products were reported to contain vulnerabilities:
Updatesmicq remotely exploitable buffer overflow. Check the January 25th LWN Security Summary for the original report or BugTraq ID 2254. This vulnerability can be exploited remotely to execute arbitrary code. micq 0.4.6p1 contains a fix for the problem.This week's updates: Previous updates:
icecast format string vulnerability. Check the January 25th LWN Security Summary for the original report. This can be exploited remotely to execute arbitrary code. Exploits for Slackware and Red Hat have been published.This week's updates: Previous updates:
glibc local write/ld.so.cache preload vulnerability. Check the January 25th LWN Security Summary for the initial report. This can be exploited to create/overwrite files without authorization.This week's updates: Previous updates:
MySQL buffer overflow. Check the January 25th LWN Security Summary or BugTraq ID 2262 for the original reports. This can be exploited remotely to gain access to the system under the uid of the mysql server. MySQL 3.23.31 and earlier are affected. MySQL 3.23.32 fixes the problem.This week's updates: Previous reports:
webmin tmpfile vulnerability. Check the January 25th LWN Security Summary for the original report. webmin 0.84 contains a fix for this problem.This week's updates: Previous updates:
crontab file access vulnerability. Check the January 25th LWN Security Summary for the original report.This week's updates: Previous updates:PHP Apache Module per-directory and virtual hosts vulnerabilities. Check the January 18th LWN Security Summary for the original report of the problems. An upgrade to PHP 4.0.4pl1 will resolve the issues.This week's updates: Previous updates:
tinyproxy heap overflow attack. Check the January 18th LWN Security Summary for the initial report. This can be exploited to cause a denial-of-service. tinyproxy 1.3.3a has been released to fix this problem.This week's updates: Previous Updates:
squid tmprace problem. Check the January 11th LWN Security Summary for the initial report.This week's updates: Previous updates:
Apache tmprace problem. Check last week's LWN Security Summary for the initial report.This week's updates: Previous updates:
inn tmprace problem. Check last week's LWN Security Summary for the initial report.This week's updates: Previous updates:
exmh symlink vulnerability. Check the January 18th LWN Security Summary for the initial report. The Debian and FreeBSD advisories are the first distribution updates for this problem we have seen.This week's updates: kdesu password sniffing vulnerability. The KDE "kdesu" utility has a vulnerability that can allow a local user to steal passwords; see the January 25 LWN Security Section for the initial report. This week's updates are:
LPRng format string vulnerability. It took them a while, but TurboLinux has finally come out with a fix for the LPRng vulnerability first reported in the September 28, 2000 LWN Security section. The full set of updates, now, is:
ResourcesA Python AES implementation. Bryan Mongeau has released an implementation of the Advanced Encryption Suite in Python.
Ramen detection and cleansing (Linuxlock.org). The Institute for Security Technology Studies has posted a detection and removal script for the reported Linux Ramen virus. Bill Stearns is working on a shell script that both detects and removes the Ramen Virus, from RedHat machines. Even though the Media has made a big deal about the Ramen Virus, I am afraid that this shell script solution may be overlooked. This shell script is not just for the security community but the RedHat community as a whole. If you are not sure if you've been infected, please check this script out. (Thanks to Christopher Carella) Linux Advisory Watch. The LinuxSecurity.com Linux Advisory Watch for January 26 is out, with an overview of outstanding Linux security issues. See also the Linux Security Week posting from the same source. EventsUpcoming security events.
For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net. Section Editor: Liz Coolbaugh |
February 1, 2001
LWN Resources | |||||||||||||||||||||||||||||
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Kernel page. |
Kernel developmentThe current kernel release is 2.4.1; it was released on January 29. It contains a fair number of fixes for problems that came up with 2.4.0 and, of course, ReiserFS. Alan Cox's latest, meanwhile, is 2.4.0-ac12. It has almost everything that's in 2.4.1 along with a vast number of other fixes, many of which have been sent in by a squad of kernel "janitors" who are going through looking for things to clean up. More fun with ECN. ECN (Explicit Congestion Notification) is an experimental IETF standard for TCP traffic. By making use of a couple of "reserved" bits in the TCP header, ECN allows routers to signal the presence of congestion on a network path; the systems sending data can then throttle back their output somewhat and avoid dropped packets. It can be a significant improvement for wide-area network communications. The Linux networking stack in 2.4 supports ECN (thanks to the efforts of Jamal Hadi Salim), and will use it if told to do so. Unfortunately, not all systems on the net react well to ECN; in particular, a set of Cisco firewall products will refuse connections with the ECN bits set (Cisco has a patch available, but many sites have not applied it). The end result is that, if you use ECN, a significant part of the network will be unreachable. Thus, most people using 2.4 have to disable ECN, either by configuring it out of the kernel completly or by disabling it at run time:
echo 0 > /proc/sys/net/ipv4/tcp_ecn
All the above has been known for some time, but the discussion got a fresh start this week when it was pointed out that Hotmail is one of the sites that is unreachable when ECN is used. Some interesting questions came up as part of that discussion. The first was, simply, "why bother with ECN, since it breaks so much of the net?" The answer, of course, is that ECN will, eventually, make the net work better. In the mean time, people have to start implementing and deploying it. As the net becomes more ECN-compliant, the networks that still do not work with ECN will feel an increasing pressure to fix the problem. Next question: wouldn't it be possible to automatically retry failed connections without ECN? There are two issues with that approach. The first is that the systems in question reject the connection with a TCP reset (RST) packet. To ignore that RST and retry the connection would violate the TCP protocol and risk creating no end of problems. The other is again one of pressuring sites to fix their software; if the net silently works around their breakage, they'll never feel the need to upgrade. Of course, not everybody agrees with the need to pressure people to upgrade. There are two camps on the question of whether the firewalls in question are really broken. One side, championed by networking hacker David Miller, says that "reserved" means that the bits in the header will be used for something cool at some point. When that use happens, older software shouldn't break. Others, however, believe that a firewall should reject packets that contains bits it doesn't recognize. Those bits could well indicate a new feature that subverts the firewall's security scheme. The fact that the ECN standard is still considered "experimental" also gives some ammunition to those who say the non ECN-compliant systems should be accommodated. David Miller feels strongly about the issue, however, and has stated his intent to put an ECN kernel on vger.kernel.org "in four weeks time." At that point, anybody who is behind a firewall that does not speak ECN will lose access to all of the mailing lists served by that host. Note that ECN is not required on any particular system - all that is necessary is that the firewall not reject packets trying to use ECN. For those who are concerned about the issue, David also posted a way to test your network to see if it works properly with ECN. Linux has reached a point where its weight can be used to push things like network standards. One can only hope that this influence will be used wisely. A wealth of filesystems. Not that long ago, ext2 was the Linux filesystem. It's unlikely to give up its dominant position anytime soon, but ext2 is increasingly having to share the stage with other filesystems that have native Linux ports. ReiserFS, of course, is now a standard part of the kernel. This week also saw news of three other filesystems for Linux; they may not be quite as production-ready as ReiserFS, but they are getting there.
Avoiding bad sleeps. Conectiva's Arnaldo Carvalho de Melo recently announced his Kernel Janitor's TODO list; it's meant to be a clearinghouse for people who are going through the code cleaning things up. Going through code to be sure it returns error codes properly would seem to be far less attractive than, say, writing another filesystem for Linux. There are quite a few people interested in doing janitorial tasks at the moment, however, and that work results in a more stable kernel. As part of that effort, it was suggested that the janitors look for and fix all code that calls sleep_on() (and, more commonly, interruptible_sleep_on(), but sleep_on() is easier for kernel page editors to type) since (1) almost all such code is incorrect, and (2) Linus has agreed that those functions should be removed in the 2.5 development series. It quickly became clear that quite a few people, even those familiar with kernel code, didn't understand what the problem with sleep_on() was. So, for the curious, here's a description of an obscure bug that lives within a lot of kernel code. The purpose of sleep_on() is to suspend the current process until something of interest happens. That something could be a read from a disk, the arrival of data from the network, the availability of a kernel data structure, the expiration of a timer, or many other things. Running "ps aux" will show a lot of processes with "S" in the "STAT" field; they are all sleeping in this manner. The problem with sleep_on() is that there is necessarily a delay between the decision to sleep and actually sleeping. Code that sleeps usually looks something like:
while (something_is_missing) {
take_steps_to_make_it_available ();
sleep_on (proper_wait_queue);
}
If the thing that is being slept on happens between the test in the while loop and the process actually going into a sleeping state within sleep_on(), the wakeup event will be lost and the process could sleep for a very long time. In the days of the 2.0 kernel and before, this problem did not arise often; nowadays, instead, with SMP systems and fine-grained locking, this kind of race condition is much more likely to come about. It's still a rare occurrence (the window is quite small, usually), but, within operating system kernels, one-in-a-million events are regular occurrences. The proper way to handle this situation involves, essentially, going to sleep and getting on the wait queue prior to testing for the needed condition. Essentially, the process "sleepwalks" while testing to see if it really needs to wait. If the wakeup happens before the process gives up the processor, the process just gets put back into the running state and everything works as it should. The actual coding to sleep in this way is rather more complex than a simple sleep_in() call; see this posting from David Woodhouse for an example of how it should be done. Alternatively, programmers can use the (relatively) new wait_event macro, which hides a lot of the details. Or one can set up a timeout to happen in a short while to wake up the process if nothing else does. A quick grep through the 2.4.1 kernel source shows well over 400 calls to sleep_on() and interruptible_sleep_on(). The kernel janitors have quite a bit of cleaning up to do. Other patches and updates released this week include:
Section Editor: Jonathan Corbet |
February 1, 2001 For other kernel news, see: Other resources: |
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Distributions page.
Lists of Distributions |
DistributionsPlease note that security updates from the various distributions are covered in the security section. News and EditorialsDistributions come out with the 2.4 kernel. LinuxWorld presented a good opportunity for few distributions to announce new versions utilizing the 2.4 kernel. SuSE announced the release of SuSE 7.1, the first major distribution to come out with a 2.4 kernel version. An option for loading a 2.2.18 kernel will be provided as well. Also included in this release are OpenGL drivers for the FireGL1, GL2, and GL3 cards. SuSE 7.1 will be available February 12. SOT has announced that it will release "Best Linux T-1/2001" next week. This release of the Best Linux distribution will feature the 2.4.1 kernel and KDE 2.1. Red Hat has announced the release of 'Fisher', a new beta version of its distribution. This beta is, presumably, what will eventually become Red Hat 7.1. New features include Itanium support, tighter security out of the box, Japanese support, the 2.4.0 kernel, KDE 2.1-beta, "gcc 2.96-RH," Mozilla, and more. Check it out, and be careful out there. Debian Weekly News. The Debian Weekly News for January 30th is out. It covers (among other things) the project leader elections: Wichert Akkerman will not be trying for a third term, and, at this point, Ben Collins is the only candidate on the ballot. Here is Ben's position statement from when he ran in 1999. Presumably his position hasn't changed much since then. Turbolinux Server 6 for the S/390. Turbolinux has announced the availability of Turbolinux Server 6 for the IBM S/390 and eServer z900 mainframes. The company is also offering support services for Linux on that platform via Linuxcare and other support companies. Why is deepLINUX now a news site, when it used to be a distribution?. Rick Collette, developer of SPIRO-Linux and deepLINUX, explains what happened. "I had taken a job with a company in Wayne, NE to feed my kiddo and wife, and be able to have a bit of free time to work on my Linux distro. Within a couple of weeks the CEO of that company had expressed an interest in SPIRO. I actually had a job where I could devote 100% of my time to doing what I truly loved doing, and to be perfectly honest with you folks reading this, I had never been happier in my life." Unfortunately, the narrative becomes increasing less upbeat after this point. Distribution ReviewsReview: Conectiva 6.0 (DukeOfUrl). The Duke of URL reviews Conectiva 6.0. "The second, and even more important feature that makes Conectiva unique, is that version 6.0 of their distribution has APT (Advanced Package Tool) enabled RPM package management. Finally, a better way to install RPMs. This distribution now has automatic dependency checking and the ability to pull the required files off the Internet if not available locally. Debian users may laugh at this as they have had this for years, however; this is a first in the RPM realm and will hopefully take the world by storm." Review: SuSE Linux 7.0 Professional (LinuxGurus.com). According to this review of SuSE Linux 7.0 Professional, "SuSE 7.0 is a big step in the right direction for SuSE. The GUI installer and configuration tools are vastly improved and very usable. The incredible amount of documentation included (both print and online) far outstrips anything included with any other distribution. The hardware support is also unparalleled." Review: Phat Linux 3.3. Here's a review of Phat Linux 3.3 which appears on the SignalGround site. "There is one thing that is both good and bad about Phat Linux...the applications that are installated [sic] are pretty much all choosen [sic] for you. There isn't any opportunity to customize what you're going to get." New DistributionsTelemetry Box Distribution. Version 1.0 of the Telemetry Box Distribution has been released. The Tbox distribution is a Debian GNU/Linux 'potato' based custom Linux version for remote monitoring and maintenance of networks.General-Purpose DistributionsLinuxPPC's non-profit announcement. Here's LinuxPPC's announcement that it is becoming a non-profit organization. See also our interview with LinuxPPC co-founder Jason Haas for more information on this transition. The folks at LinuxPPC see the move as a way to put more back into the distribution and continue to make a living. Debian. Here is the report about packages that need work and the Bug stamp-out list both for Jan 26, 2001. Also, James Troup is working on a cruft cleaning exercise in experimental. Embedded DistributionsTimeSys Corporation unveiled TimeSys Linux/RT Version 2.0. The platform is a Linux distribution with enhancements to meet embedded real-time quality-of-service requirements.Mini/Special Purpose DistributionsMSC.Software Corp. released MSC.Linux, a distribution which is oriented toward clustering. The press release also mentions that HP servers running MSC.Linux were going to be displayed at LinuxWorld.Section Editor: Rebecca Sobol |
February 1, 2001
Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.
|
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Development page. |
Development projectsBrowsersStandardizing a BROWSER environment variable. Eric Raymond is promoting the use of a new environment variable, BROWSER, to complement the existing PAGER, MAILER, and EDITOR variables. This effort is being tested as an experiment in hacking social systems. The Browser War: Nobody's fault but yours. Scott Andrew presents some interesting ideas on web applications versus web pages and how to avoid domination of new web standards by a single corporation: "Netscape 6, Mozilla, Opera -- any browser that supports DOM/CSS -- should be regarded as application browsers. This is different than a web browser. A web browser is designed to view pages on the Web. An application browser is specialized. It's made for working with web applications." Galeon 0.9 pre3 available. Version 0.9 pre3 of the Galeon Browser is available on Sourceforge. Enhancements in this version include open url dialog autocompletion support, customization options for tabbed browsing, session saving, and a lot of bugfixes EducationGGradebook 0.91 (Ofset). Version 0.91 of GGradebook, a gradebook program that runs under GNOME, is now available. ElectronicsXcircuit 2.2.0. Version 2.2.0 of the Xcircuit schematic drawing program is available as a stable release. This version has pcb compatible netlist file outputs, a whole new set of menus, circuit elements with electrical parameters, and more. Embedded SystemsEmbedded Linux Newsletter for Jan. 25, 2001 (LinuxDevices.com). Rick Lehrbaum has posted the latest edition of the Embedded Linux Newsletter to the LinuxDevices.com site. Highlights include a review of the results from last year Embedded Linux Survey and Lineo's trio of Embedix SDK advancements. GamesAtlas C++ 0.40 released. A new, stable release of Atlas C++, version 0.40, has been released. Atlas C++ is a library that implements the Atlas object-oriented protocol for interprocess communications, it is a key component of the WorldForge game architecture. See the Atlas Tutorial for more information on the Atlas protocol. InteroperabilityWine Weekly News for January 29, 2001. Issue 80 of the Wine Weekly News is available. Check it out for the latest developments in the Wine world. Office ApplicationsEazel releases Nautilus Preview 3. As seen on the GNOME news site: Eazel has released the third and final preview version of its Nautilus desktop. Warning, the installation takes a 32MB bite out of your hard drive and may take a small eternity to download on a slow link. GNOME Office page gets a facelift. The GNOME Office meta-project's web page has had a face lift. The new page offers a quick description of the various GNOME Office components as well as links to the project web pages. (Thanks to David Wheeler) The Gmail email client. Robert Bernstein writes about Gmail in an Earthweb article. " An MUA (Mail User Agent) featuring an innovative approach to email message storage is now under development, and it bodes well for those email users who number their messages in the thousands. Gmail (http://gmail.linuxpower.org/), the brainchild of Wayne Schuller, a young Australian programmer, uses the MySQL database server, and retrieves, sorts and displays messages via SQL, the well known 'Structured Query Language.'" ANNOUNCE: Mr Project (Gnotices). A new project management application known as Mr Project has been announced. "Mr Project is a project management program that can help build project plans, and track the progress of a project." On the DesktopThe People behind KDE: Wolfram Diestel. This week's People Behind KDE features an interview of Wolfram Diestel, a rather humorous picture is included. New KDE Tutorials. Several new and/or improved KDE tutorials have been published, Richard Moore has written one on Kpart Plugins for KDE2, and Antonio Larrosa Jimènez has updated his info on developing KDE2 applications. A developer's perspective on the GPLing of Qt (LinuxDevices.com). LinuxDevices.com reopens the whole Qt licensing debate. "Regardless of whether you accept this 'infant industry' justification for initially releasing software under proprietary licenses, from a software developer's point of view it now seems hard to improve upon Trolltech's licensing." Berlin: A replacement for X? (LinuxToday). LinuxToday has posted a discussion by "Hawkeyes" that discusses Berlin, an alternative to the X window system. "Many people complain about the X-windows standard. It's clearly not the perfect way to bring a graphical user interface to Linux, and it's been around for such a long time. Recently XFree86 has become hardware accelerated, in version 4.0.x, but in many ways it is still dragging user interface designers down. The lack of a single uniform toolkit, lack of support for alpha transparency and sluggish/heavy network transparency have always been problems in X." Check out the Berlin web site as well. Talking with John Heard of Sun about GNOME. LinuxPower talks with John Heard about Sun's membership in the GNOME Foundation. Christian: I would guess that partaking in free software development needs a different workform than in-house development. What measures are being put in place to ensure real engagement with the community on issues instead of needing to wait for slow bureaucratic wrangling before announcing contributions ?
Gnome Installation Guide. Karsten Reincke has recently published a Gnome Installation Guide that presents lots of useful information to those who wish to install development versions of GNOME from source code. Printing SystemsCUPS v1.16 is available. Version 1.16 of CUPS, the Common Unix Print System, is available. Lots of bugs have been fixed in this release. Web-site DevelopmentGetting to know Midgard (IBM developerWorks). IBM's developerWorks site has put up a detailed article on getting started with the Midgard application server. On a very basic technical level, Midgard provides a content management API for PHP that makes managing such articles a whole lot easier and administering them a snap. It introduces some of its own content management concepts to help you organize articles more logically and deal with them easily. It can implement security, allowing only authorized users to update or view content, and recording personal information about users. (Thanks to Henri Bergius). Midgard Weekly Summary. The Midgard Weekly Summary for January 26 is out. Among other things, it includes an interview with Midgard founder Henri Bergius. Zope 2.3.0 released. Zope 2.3.0 final has been released. There is quite a bit of new stuff in this release; see the announcement for details. Perl scripting available for Zope. Digital Creations and ActiveState have announced the first release from the "Perl for Zope" project. Zope scripting is no longer limited to the Python language. Section Editor: Forrest Cook |
February 1, 2001
|
|
|
Programming LanguagesERLANGNew Erlang User Contributions. The Erlang.org site lists several new user contributions including an improved Unicode support module and a package for working with skew-binary random-access lists. Markup LanguagesXML-RPC Howto. An XML-RPC HOWTO has been posted to Sourceforge. "XML-RPC is a simple, portable way to make remote procedure calls over HTTP. It can be used with Perl, Java, Python, C, C++, PHP and many other programming languages. Implementations are available for Unix, Windows and the Macintosh." The author of the XML-RPC HOWTO, Eric Kidd, has also announced the release of xmlrpc-c 0.9.6 - an XML-RPC implementation for Linux. Processing XML with Perl (ISPworld). ISPworld has run an article by Michel Rodriguez that covers the use of Perl to process XML files. "Being the most popular CGI language, it should come as no surprise that Perl offers many ways to process XML. Actually, it offers lots of ways, no less than 14 different ways, implemented by 14 different modules, are available for XML transformation." PerlPerl 5 Porters for January 30, 2001. The January 30 edition of Perl 5 Porters is out. Topics include Test::Harness, the Perl hashing function, examples using chop, PerlIO programming documentation, and more. Perl 5.6.1 available (use Perl). According to use Perl, the second trial version of Perl 5.6.1 has been released and needs testing. PHPPHP Weekly Summary for January 29, 2001. Issue 22 of the PHP Weekly Summary is available. Topics covered this week are DOMXML docs, PDFLib support, Chora, a tiny PHP for embedded systems, and more. PythonWhat's new in Python 2.1. For those of you who are curious about the upcoming Python 2.1 release, we recommend a look at A.M. Kuchling's What's new in Python 2.1 document. It presents the significant changes in this release in a clear and useful manner. This week's Python-URL. Here is Dr. Dobb's Python-URL for January 30 with the latest from the Python development community. One interesting item is that Python 2.1a1 has been released. Dive Into Python. A new python book by Mark Pilgrim, Dive Into Python, is available online in numerous file formats. "This book is still being written. What's here already is a solid overview of Python programming. In future chapters, I plan to cover specific topics, like XML processing, in more depth. This is not a teaser site for some larger work for sale; all new content will be published here, for free, as soon as it's ready." Highlight Project: VPython (Linux Programming). Linux Programming takes a look at takes a look at VPython, a 3D graphical programming module. Also, take a look at the VPython project's home page. Python 2.0 RPMs available. Sean Reifschneider has announced the availability of Python 2.0 and Python 2.1a1 source RPM files. Advanced Encryption Suite for Python. Bryan Mongeau has released pyaes, the Advanced Encryption Suite for Python. Snack Sound Toolkit v2.0.6. Kare Sjolander announced the Snack Sound Toolkit v2.0.6 for Python. This version has bug fixes and updated demos. Tcl/TkThis week's Tcl-URL. Here is Dr. Dobb's Tcl-URL for January 29, 2001 with the latest goodies from the Tcl/Tk development world. There are links to articles on the Tcl/Tk user meeting in Hamburg in June of 2001, the Tcl'ers Wiki, using canvas coordinates, and using C++ to manipulate pointers. TclTidy: convert HTML to XHTML. Scott Redman announced TclTidy, a program that helps to convert HTML to XHTML. Software Development ToolsLinux Development Platform Specification 1.1beta. The Free Standards Group has released version 1.1-beta of the Linux Development Platform Specification. This document describes programming and software support standards intended to make Linux applications portable across distributions. It's a sort of stopgap effort on the way toward the Linux Standard Base. 1.1-beta will be in a public review period for two weeks, after which the official 1.1 release will come out. If you have suggestions for improvement, now is the time to get them in. Section Editor: Forrest Cook |
Language Links Caml Caml Hump Tiny COBOL Erlang g95 Fortran Gnu Compiler Collection (GCC) Gnu Compiler for the Java Language (GCJ) Guile Haskell IBM Java Zone Jython Free the X3J Thirteen (Lisp) Use Perl O'Reilly's perl.com Dr. Dobbs' Perl PHP PHP Weekly Summary Daily Python-URL Python.org Python.faqts Python Eggs Ruby Ruby Garden MIT Scheme Schemers Squeak Smalltalk Why Smalltalk Tcl Developer Xchange Tcl-tk.net O'Reilly's XML.com Regular Expressions |
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Commerce page. |
Linux and BusinessBountyQuest Awards $40,000 for Information Challenging Patent Validity. It's an interesting business model, but will it pay the bills? BountyQuest will reward people to show evidence of a prior art that will invalidate a patent. So far four people have won a total of $40,000. BountyQuest investor Tim O'Reilly is quoted: "Patented ideas can command an entire marketplace. As consumers, it is in our best interest to use powerful tools like the Internet to ensure that only true innovation is rewarded." O'Reilly launches ONLamp.com. O'Reilly has announced the launch of its ONLamp.com site. "LAMP" stands for the combination of Linux, Apache, MySQL, and Perl, PHP or Python; the new site will cover web site development using those tools. Adaptec Embraces Open Source/Linux Community. Adaptec has put out a press release proclaiming its support for the Linux community. The company will be releasing more drivers and has set up a new linux.adaptec.com web site with information and the latest source. Linux management products. A big theme at LinuxWorld this time around would appear to be system and network management products. Here are a few press releases:
On the free software front Ganymede 1.0p1, a directory management system, has been released. Dresdner Kleinwort Wasserstein announces openadaptor. Dresdner Kleinwort Wasserstein (DrKW) is the investment banking division of Dresdner Bank AG. DrKW developed 'openadaptor(TM)', which is both a toolkit and a platform that allows system administrators to integrate applications across disparate systems, and has used the software in over 40 projects since 1998. Now DrKW is releasing the source code. openadapter is written in Java and it has been used by DrKW to deploy its global equities derivative trading system. openadpator's source code license is modelled after the MIT X license and the project, openadaptor.org, will be hosted by CollabNet. Here's CollabNet's press release on the subject. IBM's LinuxWorld announcement. Here's IBM's big press release describing what the company is announcing at LinuxWorld. It includes investing $300 million in new Linux services, which include "Linux e-business enablement and migration services," open source consulting, and high availability cluster services. Also in the announcement is the "IBM eServer x430," a Linux-powered, 64-way server box. There's a bunch of other stuff in there as well. Covalent gets $13 million investment, launches products. Covalent Technologies, a company which is working at making money with products and services for the apache web server, has announced the receipt of $13 million in venture investments, with Sequoia Capital leading the pack. Covalent has also announced the launch of a new set of products, including the "Covalent Secure Server" (an SSL add-on with intrusion detection and other security features); "Covalent Commerce Server" (a credit card handling package); and "Covalent Managed Server" (an installation and monitoring product). NuSphere contributes transactional capability to MySQL. NuSphere has announced that it has contributed a chunk of code to the MySQL project that adds transactions, row-level locking, and automatic crash recovery to the popular relational database system. This contribution fills in a major gap in MySQL functionality and should be welcome to those trying to place MySQL in corporate settings. NuSphere, of course, is trying to do exactly that... Oracle debuts MySQL-to-Oracle data migration software. For all of you looking to move from free to proprietary software: Oracle has announced the availability of a utility that facilitates the move from MySQL to Oracle's products. IDC predicts big growth in the Linux support market. IDC has recently published a report on the Linux support services market. You can't actually see it without paying a lot of money, of course, so most of us will have to content ourselves with IDC's press release on the topic. The claim is that the market will grow from $28 million in 2000 to $285 million in 2004 - a factor of ten. The Real Time Linux Foundation. An announcement has gone out regarding the creation of the Real Time Linux Foundation. Its purpose, of course, is to help promote and standardize Real Time Linux implementations. Some help will be useful - real time Linux is currently a highly fragmented area. Freshmeat II launches. The Open Source Developer Network (otherwise known as VA Linux Systems) has announced the launch of Freshmeat II, a complete rework of the Freshmeat site. Eazel and Red Hat form alliance. Eazel and Red Hat have announced a deal to integrate their software services. Red Hat will put Nautilus in future releases, and Eazel's services will be integrated with the Red Hat Network. SGI's latest Linux announcements. SGI has issued an omnibus press release describing its many announcements for LinuxWorld. They include the new 1100 server, the "Internet Server for E-Commerce" (a 1U box with Linux installed), the "SGI Internet Server Environment" (a management and monitoring package), and "Kasenna Mediabase" (a distributed streaming media server package). There are also seperate press releases for:
Another Cluster of Announcements. Here are some of the announcements about clustering that didn't make it onto the front page.
The view from MontaVista. MontaVista has created a PR pile of its own this morning. Perhaps most interesting is this retrospective on the company's first full year of operation. The company received $30 million in funding, "captured over 80 customer design wins," grew from 12 to 160 employees (without any acquisitions), and increased its revenue by a factor of ten - evidently 15% above what their plan had called for. One assumes that they are reasonably well pleased with life at the moment. Other announcements from MontaVista include:
ADS cranks down the power on StrongARM (LinuxDevices.com). This article on LinuxDevices looks at Applied Data Systems' "true sleep mode" support for Embedded Linux on Intel's StrongARM SA-1110 processor. "The new support, which reduces the SA-1110's power drain from half a watt (full on) to less than ten milliwatts, is of major potential significance to battery operated systems and handheld devices." ADS will be demonstrating this at LinuxWorld. See also this press release from ADS and this one about the ADS Tandem product, a two-headed single board computer system, available with embedded Linux. Coventive supplies Linux for handheld systems in China. Conventive Technologies has announced that it will deliver "a total embedded Linux software solution" for a StrongARM-based handheld system produced by Legend Computers in China. They'll be demonstrating the system at LinuxWorld. Announcements from Dell. Naturally Dell had to get in on the action with its own sprinkling of press releases.
Borland's PR storm.
Awash in press releases. They just keep rolling in. Naturally there are plenty more in the press release section below. This is just a small sampling of a few of the more interesting ones that we've found (and reported on so far).
LPI begins Level 2 exam development process. The Linux Professional Institute has announced the availability of its "Job Analysis Survey" for its Level 2 exam. By filling out the survey, Linux administrators can help the LPI work out a set of requirements for Level 2 certification. MandrakeSoft acquires Coursemetric, launches new sites. MandrakeSoft has announced the acquisition of Coursemetric Corp, "an ASP-software and information services company specializing in the provision of Web-based evaluation tools for education and training organizations." There is evidently a plan to deploy an open source version of Coursemetric's web-based evaluation system. Also announced is the launch of MandrakeCampus.com, which will start with a set of (open source) Linux courseware. Finally, the company is also launching MandrakeExpert.com, a sort of support marketplace. Linux Stock Index for January 25 to January 31, 2001.
LSI at closing on January 25, 2001 ... 41.17
The high for the week was 43.91
Press Releases:Open Source ProductsUnless specified, license is unverified.Proprietary Products for Linux
|
![[Cluster]](/2001/0201/cray-cluster.jpg)