![[LWN Logo]](http://old.lwn.net/images/lcorner.png)
![[LWN.net]](http://old.lwn.net/images/bigpage.png)
|
|
|
Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise
news for all interests
 Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters
Other LWN stuff:
Archives/search
Recent features: Here is the permanent site for this page. See also: last week's LWN.
|
Leading items and editorialsOpening up OpenMail? As was originally reported in ComputerWorld, Hewlett-Packard has announced that it will cease development on its OpenMail ![[OpenMail]](/Gallery/i/openmail.jpg)
product. Version 7.0, which became available on February 28, will be
the last major release of this system.
This announcement may seem like just the death of yet another proprietary software product. But it matters. OpenMail is the only "enterprise ready," Exchange-compatible mail server product which is available on Linux. Its demise leaves an important corporate function with no Linux-based solution; all that's left is windows-based, proprietary systems - and not very many of those. For the moment, this looks like a setback for the World Domination program. There is an important lesson here, however, for the users of proprietary software. Companies that have deployed OpenMail have invested heavily in it. But, with proprietary systems, you never really know if it will be there tomorrow. OpenMail is going away, and there is nothing its users can do about it. It can not be maintained - even by those willing to pay for that maintenance. If a proprietary system's owner so wills, the software simply vanishes. It is worth pointing out that HP is paying more than the usual amount of attention to its users' interests in this case. The announcement went out with OpenMail 7.0, rather than after customers had paid for upgrades. And HP will be providing bug fixes and other support for the next five years, so there is plenty of time to find a replacement. HP is to be commended for being clear about its plans, rather than just quietly ramping down development. One of the first thoughts that comes to mind, of course, is that HP should release OpenMail under an open source license. HP, after all, has taken some criticism at times for seemingly being more interested in talking about free software than actually supporting it. Here is, it seems, HP's chance to bolser its open source image while simultaneously doing the free software world a real favor. Life, of course, is not so simple. Bruce Perens has sent around a note on the future of OpenMail and the possibility of releasing it as open source. Most of the usual problems apply. For example, HP does not own all of the code that is in OpenMail, so the company will have to go through, track down all of the various licenses it owns, and figure out how they impact an open source release. Over twelve years, a large system can accumulate quite a few of these licenses. Once they have been found, it will be necessary to "sanitize" the code, removing everything that can not be released. That is a big job, and the resulting system is likely to function poorly, if at all. Then, of course, it's not just a simple matter of tossing the code onto an FTP site and hoping for the best. There needs to be CVS archives, project management, documentation, web pages, etc. And getting people interested in the code could be a challenge. After twelve years, one can assume that this system has grown complex and full of cruft. It may not be for the faint of heart. The end result is that releasing OpenMail as free software would not be a cost-free action for HP - it could, in fact, be quite expensive. Perhaps the best case scenario, in the end, might be for some other company to take on the open-sourcing of OpenMail. Even in these (relatively) hard times, it seems like it should be possible to build a business on this product, much in the same way that NuSphere and Great Bridge are hitching their wagons to open source database systems. A small business could perhaps be built around nicely-packaged OpenMail box sets, but OpenMail seems like a system that would support a large market in design and support services. Companies that depend on OpenMail would probably be willing to pay for further development and support services; they could redirect the funds currently going into license fees. What's needed is a company that can build this business. Sendmail, Inc. seems like it would be a natural for this line of work; OpenMail already uses sendmail, and would be a strong weapon in Sendmail's quest to make money from enterprise services. Red Hat, too, could perhaps benefit from the package. And VA Linux, of course, has made a major goal of replacing its dotcom customers, who have not been the most reliable lately, with blue-chip enterprise companies. If HP can not find the resources to free OpenMail, certainly one of these other companies should be able to step in and help out? Let's make HP come up with a different excuse for holding onto the source. (See also: The OpenMail Showdown: Is Bruce Perens Just a Pretty Face? by Don Marti for a more cynical look at the situation). HP gets into Linux-based stereo gear? Since OpenMail is no longer an appropriate fit with HP's strategy....what is? For one clue, see this press release describing a new partnership with RealNetworks. The details are sparse, to say the least, but the picture that emerges is that the two are working on a Linux-based box which would plug into a living-room stereo system and make music available from the Internet. The real set of products and services are due to come out later this year. One could be forgiven for wondering if the companies aren't targeting the Napster customer base. A paid service providing a "universal juke box" functionality could well be popular, especially if it is easy to use (without a user-visible computer) and lacks legal challenges. In that context, a quote from this TechWeb article is interesting: [HP VP John] Spofford said a Web-connected home-entertainment device is a logical step for HP, whose CD-Writer rewritable drive, which has sold 10 million units, lets consumers make media from the Internet and PCs accessible on other devices.
A network-based music device which avoids the wrath of the music industry is unlikely to provide a straightforward connection to one of those CD writers. We are waiting to see how they resolve that problem. The other question, of course, is that of just how open this box will be. A Linux-based system designed for audio applications would be a fun toy to play with. We can only hope that HP will provide an open interface to this box so that others can write their own applications for it. Somebody will figure out a way in regardless; why not make it easy and let a wider set of applications drive sales for the device? Bruce Perens said two years ago: Open Source has de-emphasized the importance of the freedoms involved in Free Software. It's time for us to fix that. We must make it clear to the world that those freedoms are still important, and that software such as Linux would not be around without them.
Perhaps Bruce, in his high-profile HP role, could help to make this new product line support freedom? Inside this week's Linux Weekly News:
This Week's LWN was brought to you by:
|
March 8, 2001
|
|
Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Security page. |
SecurityNews and EditorialsStrong ES vs Weak ES in TCP/IP implementations. This week, the most prolific discussion on BugTraq focused on the implementation of RFC 1122, which covers the TCP/IP communications protocol layers: link layer, IP layer, and transport layer. In the portion that discusses how to handle multi-homed hosts and the implementation of the loopback device, the RFC is somewhat ambiguous, providing two possible implementations without recommending between them. This week, a note was posted that pointed out the security implications of one of those two implementations. Elias Levy posted an excerpt of the portion of the RFC that applies to this issue. The two implementations it describes are entitled "Strong ES Model" and "Weak ES Model". Under the Strong ES Model, packets arriving from one network interface will not be forwarded to other network interfaces unless forwarding is enabled. Under the Weak ES Model, the reverse is true, packets will be forwarded even with forwarding disabled. The Weak ES Model is the one that has some people concerned. Why would this be a problem? Take a common setup, a host with two ethernet cards, one connected to an external network and the other connected to an internal network. If IP forwarding is disabled, an administrator might assume that a network service that listens only on the internal interface is not accessible to probing from hackers coming in on the external interface. Under the Weak ES Model, this is incorrect; unless a firewall is in place to prevent it, packets coming in on the external interface can be forwarded to the internal interface and therefore access (and possibly exploit) that network service. So what model does Linux use? Following the BugTraq thread, we did not get a consistent answer. The original post claims that Red Hat 6.2 is not affected, other posts claim that Linux 2.2 follows the Weak ES model while 2.4 does not, still others claim that they've tested Linux 2.2.16 and it is not vulnerable, while tests of Linux 2.4 show that it is vulnerable. At this point, we can only sum it up by saying, "We don't know" (but we'll ask our resident kernel expert to look into it ...). So two camps emerge from the discussion. One camp feels strongly that, because the Strong ES Model is slanted towards providing more security, it should be the default model (if not the only model). It is true that we are all advocating moving Linux in the direction of security-by-default; would the Strong ES model be a best-fit as a result? The other camp quickly pointed out the functionality currently in use that depends on the Weak ES Model, including load balancers such as the Linux Virtual Server project, upon which Red Hat Piranha is based. In addition, there was a strong feeling that any security issues associated with the Weak ES Model can be fixed via a properly-configured local firewall. In the end, the ability to choose between the Strong ES Model and the Weak ES Model seems to be highly desirable. Which model is chosen as the default can be easily left to the Linux distribution, possibly eventually defaulting to the Strong ES Model, as long as changing the configuration is a simple matter. Whether or not that gets done, of course, is a decision that will be made by the kernel developers. Meanwhile, a clear problem that has been identified is the failure of our current HOWTOs to document the current model being used and the security implications of that model. Right now, systems administrators do not have the correct information they need to make the right configuration choices. Uncovering the secrets of SE Linux: Part 1 (IBM developerWorks). Author Larry Loeb looks at the SE Linux code, the open sourced security-enhanced version of the Linux 2.2 kernel released by the National Security Agency. "If you haven't been following the cryptography area lately, let me assure you that this action by the NSA was the crypto equivalent of the Pope coming down off the balcony in Rome, working the crowd with a few loaves of bread and some fishes, and then inviting everyone to come over to his place to watch the soccer game and have a few beers." A review of Intrusion Detection Systems. Back in January, we briefly discussed free software Intrusion Detection systems. This month, Dragos Ruiu has posted an in-depth evaluation of Snort, along with several commercial IDS systems; it's a worthwhile read for anyone interested in deploying an intrusion detection system. "IDS is a relatively new technology, but it is increasing in popularity, driven by the number of people starting to entrust valuable or mission-critical data to computer systems that they feel a need to install good risk management for. Along with this popularity comes a large number of commercial entrants, and new products, all with varying marketing claims - making purchase and evaluation difficult, particularly as the operation of these early-generation systems is still an enormously technical task, requiring a fairly deep and broad knowledge of networking protocols and technology." The review shows the investment of a great deal of time and research; we look forward to the promised updated versions over time. Turbolinux issues updated public key. Turbolinux has a new public key. Turbolinux users will want to download the new key in order to properly check the signatures on new Turbolinux security updates. Security ReportsApache directory listing error. In some circumstances, Apache 1.3.18 and earlier can be made to display a directory listing instead of an error message, by artificially creating a very long path with many slashes. A fix for the problem can be found in the recently-released Apache 1.3.19. Check this SecurityPortal posting for more details./bin/mail buffer overflow. A buffer overflow in /bin/mail was reported by SosPiro to the vuln-dev mailing list on February 28th, 2001. Note that the buffer overflow is not exploitable unless the binary is setuid or setgid, a configuration issue that differs between distributions. A quick check of the permissions on your local system is recommended, especially since the permissions may not be the same as the distribution's installation defaults.
PHP-Nuke 4.4.1a saveuser vulnerability. Security reports for PHP-Nuke continue to come in fast and furiously. This week, PHP-Nuke 4.4.1a was reported vulnerable via its saveuser function, which does not check input rigorously enough and, as a result, can be used to change another user's email address or gain their password. However, saveuser was singled out solely as a demonstration; apparently other PHP-Nuke functions can be exploited in the same manner. No patch or response from the PHP-Nuke team has been seen yet.PHP 4.0.4 IMAP fix repercussions. A security fix for IMAP in PHP 4.0.4 can unfortunately break under some circumstances, causing the IMAP module to fail. PHP 4.0.4pl1 appears to contain a fix for the problem. Alternately, a patch for the problem is available that closes the original buffer overflow but reverts IMAP behavior otherwise back to match 4.0.3.Mailman potential privacy hole. A potential privacy hole in Mailman has been fixed in the latest release, Mailman 2.0.2. The hole could allow list administrators to gain user passwords. Directly, the user passwords would be of little use to an administrator, but since many people use the same password in multiple places, the privacy violation is a concern. This is a recommended upgrade, if not for the privacy concern, then due to other "important" bug fixes in the release.ePerl buffer overflows. Fumitoshi Ukai and Denis Barbier found and reported buffer overflows in ePerl which can be exploited if ePerl is installed setuid root. ePerl is used to expand Perl statements inside text files. If it is installed setuid root, then it can switch to the UID/GID of the script owner. As a result, even if not installed setuid root by default, some sites may choose to change the permissions to get this functionality.
man2html denial-of-service vulnerability. man2html, a program for converting files from the man page format to HTML, to allow them to be read via a web browser, has been reported to contain a denial-of-service vulnerability. Details on the problem are currently lacking, since we've seen the problem only via the Debian advisory below, at least so far.
mc binary execution vulnerability. Again, we have few details on this vulnerability, since it has not been reported on BugTraq but was instead first seen (by us) via the Debian advisory below, which describes the problem in general without giving technical specifics. It seems that Midnight Commander can be used by one local user to trick another user into executing a random program under uid of the person running Midnight Commander. Andrew V. Samoilov provided a fix for the problem.web scripts. The following web scripts were reported to contain vulnerabilities:
Commercial products. The following commercial products were reported to contain vulnerabilities:
UpdatesZope security update. Digital Creations released a security update to Zope (all versions up to 2.3b1) fixing a security vulnerability in how ZClasses are handled the week of March 1st. An upgrade is recommended.This week's updates: Previous updates:
joe file handling vulnerability. Check the March 1st LWN Security Summary for the initial report.This week's updates: CUPS buffer overflow and temporary file creation problems. Check the March 1st LWN Security Summary for the initial report. This week's updates: Previous updates:
sudo buffer overflow. Check the March 1st LWN Security Summary for the original report.This week's updates: Previous updates:
Analog buffer overflow. An exploitable buffer overflow in analog was reported in the February 22nd LWN Security Summary. Version 4.16 contains a fix for the problem, which affects all earlier versions.This week's updates: Previous updates:
LICQ/GnomeICU denial-of-service vulnerability. Check the February 15th LWN Security Summary for the original report, which also noted a similar problem in kicq.This week, Bill Soudan noted that the CVS code for kicq has been corrected, with thanks to Bernhard Rosenbraenzer at Red Hat. Multiple vulnerabilities in ProFTPD. Check the February 8th, 2001 LWN Security Summary for details. ProFTPD 1.2.0rc3 contains fixes for all the above problems.This week's updates:
mgetty tmp file race problem. mgetty was one of twelve packages reported in January to contain tmp file race problems. Check the January 11th LWN Security Summary for the initial report.This week's updates:
EventsRAID 2001 - Call for Papers. The Fourth International Symposium on the Recent Advances in Intrusion Detection, better known as RAID 2001, will take place on October 10th through the 12th, 2001, in Davis, CA, USA. The deadline for their Call-for-Papers is coming up soon, March 30th, 2001. Upcoming security events.
For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net. Section Editor: Liz Coolbaugh |
March 8, 2001
LWN Resources | ||||||||||||||||||||||||||||||||
|
Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Kernel page. |
Kernel developmentThe current kernel release is still 2.4.2. Linus has resumed work toward 2.4.3; his current prepatch release is 2.4.3pre3. Alan Cox, meanwhile, has kept up his pace and reached 2.4.2ac14. A reader asked us to figure out how much of the "ac" patches have made it into Linus's kernel. Unfortunately, there is no easy answer to that question. Linus's changelogs just say "Alan Cox: continued merging". The only person who actually knows the answer, in all likelihood, is Alan, and he does not have the time to make a list. No new 2.2.19 prepatches have been released in the past week. SnapFS alpha release. Peter Braam and his colleagues at Mountain View Data have announced the alpha release of SnapFS, a new filesystem add-on. As an alpha release, it's not something that you are likely to want to put on that big departmental server. It has some interesting features, though, that make it definitely worth a look. Essentially, SnapFS enables a filesystem to preserve its history. One could compare it to the old VMS file versioning scheme, but SnapFS is far more flexible than that. It can preserve the state of an entire filesystem at any given time; it can also be set up to preserve every revision that is ever made of every file on the system. That latter mode, presumably, is recommended only for users with very large disks. To many, SnapFS may just seem like a way of filling up excess disk space. But, in fact, there are some truly useful applications for such a filesystem:
Whenever a file is to be modified, and its contents must be preserved in a snapshot, SnapFS creates a new inode in the filesystem to hold the snapshot version. An extended attribute which points to the snapshot inode is then attached to the visible version of the file. The actual blocks of the file are shared between the current file and the snapshot until they are changed; at that point the SnapFS "copy on write" mechanism makes copies of the affected blocks. Snapshots are thus relatively efficient in their use of storage, especially in situations where only parts of files are changed. For example, a snapshot of that huge web server log file, which is only appended to, does not duplicate the log entries that are shared between the current and archived versions. This mechanism also makes the creation of snapshots very fast. Since no data is copied at that time, making a snapshot is really just a matter of filling in a table entry. A set of tools is provided with SnapFS to handle the management of SnapFS filesystems, performing rollbacks to older versions, etc. Mountain View Data's revenue model is starting to come into focus, though - a number of additional management tools will be proprietary. For example, there will be utilities to stabilize and quiesce Oracle and MySQL databases for snapshots. The basic SnapFS code, however, is licensed under the GPL. What should the kernel do with DOS-formatted scripts? A user recently turned up a little problem. Imagine that you have a perl script that starts with the usual incantation: #!/usr/bin/perlYou would expect the kernel to be able to run the perl interpreter when the script is invoked. But now imagine that the script is in DOS format - each line ends with a carriage-return and a line feed (\r\n) rather than just a line feed (\n), which has been the Unix standard forever. The kernel, in this case, will see the carriage return as part of the interpreter name; as a result, the user gets a "no such file or directory" complaint from the shell. This user, Ivo Timmermans, included a patch that would make the kernel strip out the carriage return in scripts like this. The initial response from Alan Cox was not particularly receptive: "Fix the script. The kernel expects a specific format." That approach makes sense to some - why should the kernel go out of its way to support scripts that are not in the specified format? It was subsequently pointed out, however, that the kernel will happily strip away other sorts of trailing white space, such as space characters and tabs. Should not carriage returns, which are generally recognized to be white space as well, be stripped too? Good question, with no answer from those who would eventually have to accept the patch. For now, "fix the script" is the order of the day. Other patches and updates released this week include:
Section Editor: Jonathan Corbet |
March 8, 2001 For other kernel news, see: Other resources: |
|
Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Distributions page.
Lists of Distributions |
DistributionsPlease note that security updates from the various distributions are covered in the security section. News and EditorialsWhat is a Linux Distribution?. Three years into writing this weekly column, it seems appropriate to stop and define some of the terminology that we so freely use. To start with, we'll take a moment to define what we mean when we use the term "Linux Distribution".
A Linux distribution is, in essence, a software package.
Anything that fits this model is, essentially, a Linux distribution. That can mean anything from a package small enough to fit in a 4MB Flash card to a package large enough to require multiple gigabytes of hard disk space. Because the Linux kernel itself is highly flexible and supports an amazing number of hardware platforms, it scales very well in size from very small to very large. From the diagram, you can also see that any two Linux distributions can actually look very different to the end-user. The choice of packages that are included with the distribution will determine the look-and-feel. Two different distributions might have in common only the kernel and the C library, while supporting an entirely disparate set of applications. Correspondingly, to confuse the issue, there are operating systems out there that look a lot like Linux. For example, the Debian GNU/Hurd operating system is based on the Debian system, but with the Linux kernel replaced with a Debian GNU/Hurd kernel. Once completed, the Hurd will essentially be an operating system that looks like Linux, acts like Linux, feels like Linux to the end-user, but is not Linux, because it does not contain the Linux kernel. The *BSD operating systems are another example of this. As shown in the diagram, BSD tools are often included in Linux distributions, since they are also Free Software. In turn, many applications popular on Linux systems are also included by default in FreeBSD, NetBSD and OpenBSD. So to the end-user, the difference between Linux and BSD may appear very small, depending on what applications they use and how far into the operating system kernel they delve for their basic work. However, we would not call NetBSD a "Linux distribution". Why not? Well, to start, the NetBSD folks might very well get offended, since they've been around a lot longer than Linux. This may seem to be a moot point, but back in December, Sun's Scott McNealy actually referred to Solaris as "our implementation of Linux". Now Solaris doesn't run the Linux kernel, but it can run binaries compiled on Linux systems and it can support most of the Free Software applications that you'll find on Linux systems. So, since Sun apparently doesn't find the notion offensive, should we consider Solaris a Linux distribution? Well, the final arbiter on that will be Linus, since he is the holder of the Linux trademark. For our purposes, though, Solaris will not be included, simply because it is not Free Software. No proprietary operating system will ever, in this column, be deemed a Linux distribution. However, we would uphold Sun's rights to claim that Sun is "Linux-compatible", given the amount of effort they've put in to supporting the Linux API. We'll talk a bit more next week about the criteria used to add or remove distributions from our set of distribution links. New DistributionsIcepack Linux. Henry Westbrook dropped us a note mentioning another distribution not currently on our list. Icepack Linux is a new general-purpose distribution out of Germany that started shipping January 29th (Henry was one of the beta-testers). Icepack is focused on the home Linux user, costs about $35 (including shipping) and comes with unlimited email support. Note that businesses are not eligible for the unlimited support. Icepack is definitely not a light-weight distribution. It use the Gnome desktop by default (KDE support is promised in version 2.0) and a minimum of a gigabyte of space is recommended for the installation (2GB if you plan on using StarOffice, etc.). Unique features to icepack include their own graphical boot manager (icepack boot manager), a new package format, 'ice', and a configuration manager for configuring new hardware. The distribution is not based on any other distribution but is, instead, entirely developed from scratch. Supported languages so far appear to be German (Icepack is based in Germany) and English, though they do provide a version of their website in French as well. For a brand-new distribution, the website for Icepack is in excellent shape and contains a lot of good information. Henry, as a beta-tester, gives the distribution very high accolades. We will look forward to hearing how well it works for Linux home-users in the future. NIC Linux. We first mentioned Oracle's NIC (New Internet Computer) back in July of 2000. It is an appliance (or X-terminal) that allows access to the Internet for as low as $199 (without monitor), contains no hard drive, uses a 4MB Flash disk and runs Linux off of the CDROM drive. Included with the NIC is Netscape, VNC, some games and a few basic applications. Back in November, a link to the on-line version of the NIC packages was included on our development page. Recently, however, one of our readers (thanks, Jerry!) pointed out that NIC Linux could also be considered for addition to our distributions list. We have to agree, particularly since a community is developing of NIC users wanting to add features into their NIC 4MB Flash drive or burn new NIC CDs with additional applications included. Since the base NIC CD occupies less than 200MB of the 680MB CD disk capacity, there is lots of room for additional software. Anyone interested in playing around with NIC Linux may also want to check out the ThinkNIC group on Yahoo, which appears to be an active source of support for the new ThinkNIC community. GNU Brutalware. A new addition to our line-up of floppy-based distributions, Brutalware comes out of Slovakia. It loads onto three floppies and provides basic networking (requires bootp), lynx, ssh and a few other packages. It is designed primarily to be used on public systems running Microsoft. As such, it loads by default via the MS-DOS Loadlin package. That will allow Linux to load even if the system is configured not to boot off the floppy drive. Of course, once you're done, the floppy can be removed and the system rebooted to restore the original operating system. (Thanks to Richard Jelinek). Distribution NewsDebian News. The Debian Weekly News is back this week after a one-week hiatus, but is much briefer than usual. As a result, we can guess that DWN Editor Joey Hess is even more inundated with activity than usual. The Debian Project Leader elections started yesterday, March 7th. Here are the platforms we found for the nominees Ben Collins, Branden Robinsen and Bdale Garbee. We did not find a platform for Anand Kumria, though he also nominated himself for election. For discussion of the election, check the debian-vote mailing list archives. Slackware News. The big development news for Slackware this week was the upgrade to KDE 2.1, which has been performed on all three platforms (Intel, Alpha, Sparc). In addition, upgrades to openssh-2.5.1p2 and proftpd-1.2.1 were performed. The Alpha platform saw more activity than this, though, with the addition of AfterStep-1.8.8, bbkeys-0.3.5, and the Simple DirectMedia Layer, plus upgrades to blackbox-0.61.1, icewm-1.0.6, parted-1.4.9 and pinfo-0.6.0. A new Linux 2.2.18 kernel has been generated as well, along with matching boot disks. Last, a large amount of cleanup work has been performed. On the Sparc platform, an upgrade to RPM 4.0 was done. In addition, new SILO boot disk images are now available and much in need of testing. Check the Changelog for relevant notes before you test these out. The topic of Ximian-Gnome came up on the Slackware developer forum. The main upshot is that Ximian doesn't support Slackware and Slackware won't install Ximian as a default -- you'll have to wait until the features are part of the stable Gnome. [From userlocal.com]. Linux-Mandrake News. Tractopel explained: the new beta for Linux-Mandrake 8.0 is named "Tractopel". We figured an explanation would show up eventually and, sure enough, here it is. An FAQ for the first beta of Linux-Mandrake 8.0 is now available. If you're a MandrakeForum fan, you might also be interested in checking out this tip on how to use KWebDesktop to display MandrakeForum headlines on your background. Meanwhile, for people running Linux-Mandrake 7.2, KDE 2.1 rpms are now available. Red Hat News. From the wolverine mailing list (Red Hat 7.1 beta 2), it appears that the next version of Red Hat will be shipping with Mozilla 0.7, which has been judged a better option than Netscape 6. Netscape 4.76 will also be shipped. Meanwhile, ReiserFS will not be included; it is still considered to be too unstable. Red Hat has not made the same manpower commitment to ReiserFS that SuSE has, for example, which makes it hard for them (Red Hat) to ship a stable version of that filesystem. Minor distribution updates. Distribution ReviewsActiveWin.com reviews Linux-Mandrake 7.2. ActiveWin.com is best known in the Microsoft community. Reviewing Linux software is simply just "not what they do". However, they decided to make their first exception with their review of Linux-Mandrake 7.2. Overall, they appeared to like it quite a bit, "Linux Mandrake is a great step for the Linux world. It makes the operating easy to install, use, and live with and it is extremely reliable. The MandrakeSoft team has made a great job with this new user-friendly revision but some bugs still exist." [From MandrakeForum]. Trustix Secure Linux 1.2 (Duke of URL). Security is the focus of the Trustix Linux distribution, according to a review by the Duke of URL, and it delivers what it promises. "Trustix Secure Linux is a distribution that has one focus and one focus only - to provide a server distribution that is secure. There are no frills with this distribution. When you install Trustix, you very quickly realize that you are on the business end of the server. There is no GUI, nor are there any real configuration tools. What you get is very close to a traditional UNIX server." Linux Terminal Server Project (LinuxLookup). LinuxLookup has a short article on one man's trip into the Linux Terminal Server Project. "For those who may not see any particular application for this project, consider a diskless client running an X windows front end WITH NO FAN! I thought that in itself was worth the effort to explore the LTSP. Imagine running a small internet appliance on your desk that only comes to life when you tap the keyboard or move the mouse and doesn't have the constant noise of a fan. Nice, to say the least". Section Editor: Liz Coolbaugh |
March 8, 2001
Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.
|
|
Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters See also: last week's On the Desktop page.
|
On The DesktopCommercial page layout update. I checked in with Mediascape's CEO Howard Luby this week to ask about their page layout package, Artstream. We're still plugging along here. We have been posting updates, but unfortunately it's mainly been to fix problems that have been caused by XFree86 4.0 bugs, and new differences in the Mandrake and RedHat distributions. We hope to stabilize on RedHat 6.2, Mandrake 7.2 and XFree86 4.02 or nVidia X/OpenGL drivers in the next couple of weeks. After that we get to work on features again.
And while we're on the subject of page layout, have you looked at Chilliware's iceSculptor package? I saw it at LinuxWorld but couldn't really tell if it was a real page layout package or not. My take, after looking at the downloadable demonstration version, is that iceSculptor is sort of a layout/word processor hybrid. At the moment it lacks text along a curve and has a few glaring user interface problems. Chilliware had one of the fanciest booths in New York this past February at the LinuxWorld Expo, and their plans include a suite of desktop applications aimed at the individual user - a real applications company in the Linux marketplace. The question is whether they can deliver on their promises. LinuxWorld reported on iceSculptor this week, stating they thought it shows promise and immaturity. Author Joshua Drake went on from there to say I also noticed some inconsistencies with the product on launch. It honored the color scheme that I set up with KDE, but did not honor the text style settings. The text on the menu bar was about two sizes larger than the text I have on all other windows. At startup, the software presents you with a single-framed window that appears to be drawn incorrectly. Creating a new document is simple: just click on the now-industry-standard icon that looks like a blank piece of paper, and you are prompted to specify the type of document you would like to work with.
The author had quite a few problems getting the package to run under his KDE-based system, including problems with running on AMD processors. I, however, was able to bring up the demo package, which I pulled from Chilliware's website in RPM format, on the first try. Then again, I live under FVWM with the KDE and GNOME libs installed but without the GNOME or KDE environments running. It appears he had a bad package distribution, since the package he pulled from their website also appeared to work. While LinuxWorld mentioned briefly that CorelDraw has been around longer than iceSculptor, I have to say that really isn't much of an advantage. Wine-based applications just don't cut it. Native is where it's at, and Chilliware's products are Qt-based, Linux native applications. Besides Corel's recent fizzle, the only other possible page layout tool for Linux was coming from Deneba. Like CorelDraw, their Mac and Windows-based Canvas package had been ported to Linux via Wine. But late last year, a note from their support group informed me that the Linux version was on indefinite hold. In the meantime, users continue to wait for a real page layout solution for the desktop. Late Mozilla = Opera acceptance. It appears that the 1.0 release of Mozilla has moved out to the 4th quarter of 2001, assuming a worst case scenario (which isn't as unlikely as it seems in the software business). While free software has many advantages, many projects seem to have forgotten the "release often" rule. Long cycles for projects like Mozilla (4 years to the 1.0 release) and GIMP (2 years between 1.0 and the next major release of 1.2) leave ordinary users wondering just where the added value of open source really lives. The truth is that large scale open source projects are constrained by the same rules proprietary software has lived by for years: difficult standards compliance verification, backtracking to the design phase when implementations show limitations in original designs and poorly defined production goals. From a developers perspective, none of these problems are impossible to solve, they're just not made any easier with open sourced code. But whatever the developmental issues, end users are primarily interested in products that are available now and meet their current needs. While they might be willing to wait for future promised features, they won't be using beta or prerelease products during the intervening period. This moves user acceptance cycles - where users begin to build loyalty to a product - out even further and give competitors, either open source or commercial, a chance to earn users loyalty. So while Mozilla lags behind in order to get things just right, alternatives like the cross-platform, commercial Opera browser and the open source Galeon and Konqueror browsers make big gains. In my own testing, I've found Opera to be quite stable and easy to use. Minor nits with how it imports my existing Netscape bookmarks (it sorts them when I don't want them sorted) are easy to overlook when nearly all the sites I normally visit are presented accurately. Konqueror and Galeon are on my radar screens due in no small part to very positive comments from local users groups. I just have to find a free hour to put together a test system where I can install both GNOME and KDE in their full glory. In the meantime, I'll continue to watch all of these browsers in the hopes that one of them will be both easy to use and aesthetically soothing. In other words, a browser that bans any site that opens windows on my desktop without my request from any future contact with me. I don't ask for much. Desktop EnvironmentsTalking with Gael Duval of Linux Mandrake about GNOME (LinuxPower). LinuxPower interviews Gael Duval of Linux Mandrake about their involvement in the GNOME Foundation. "The problem is that GNOME and KDE are very different by nature: they don't use the same graphical libs, they don't offer the same programming API, and they are not really designed to communicate with each other even if some progress have been made in this last area. As a result, applications written with GNOME libraries or KDE libraries won't run on all Linux distributions because some of them install only KDE, the others only GNOME etc. In Mandrake, a common installation provides both KDE and GNOME libs and users appreciate that because they can run all the Linux apps they find on the net, regardless of the graphical environment they prefer!" Evolution's latest mutations (LinuxWorld). Joe Barr looks at the latest in the evolutionary lines of Evolution in this LinuxWorld expose. "I wrote an inquiry to the development team and Evolution's project lead, Ettore Perazzoli, responded that the summary page lets you add plug-in applets to summarize how much mail you have waiting, remind you of appointments from your calendar app, or perhaps show you the latest Slashdot headlines. It's going to be much more useful than I had imagined." GNOME 1.4 Beta 2. GNOME 1.4 Beta 2 was released late last night (or was it early this morning?) to testers interested in helping shake down the upcoming 1.4 release. Additionally, the GNOME Fifth Toe 1.4 Beta 2 is released, which is a collection of packages that are not part of the GNOME core. Red Carpet 0.9.1 Released. Ximian pushed a new release of Red Carpet to the servers this past week. While the release is welcome, users on the bleeding edge will need to note that this release won't work with the latest RPM, version 4.0.2, installed. GNOME to Conquer Denmark. Details of the speaker lineup for the GUADEC conference in Denmark, April 6-8, have been posted on the GNOME News site. Release plan for KDE 2.1.1 (KDE Dot News). Plans for the next stable release of KDE, release 2.1.1, have been posted on KDE Dot News. Printing Mania: New KDE Printing Architecture Unveiled (KDE Dot News). Like most Unix systems, printing under KDE has never been a strong point. KDE Dot News looks at developer Michael Goffioul's attempts to change that situation. "Special emphasis is put on CUPS (Common Unix Printing System). The API is identical to the Qt API to enable developers to make use of it easily, but is significantly more flexible and configurable. For example, developers can easily add additional configuration pages to the print dialog to configure application-specific printing options, and can add filters to the printing structure to process the output." GNUstep Weekly Update, February 25th. The GNUstep weekly update for the week ending February 25th arrived this morning. Issues covered include French and Italian localisation, updates to the GUI frontend library (gnustep-gui) and some documentation updates to the Java Interface for GNUstep (aka JIGS). "GNUstep is a set of general-purpose Objective-C libraries based on the OpenStep standard developed by NeXT (now Apple) Inc", to quote Freshmeat. System G desktop manager for Linux. Another entry in the desktop file managmenet category, System G, has reached version 2.0 according to news from the maker of the software, New Planet Software, Inc. Office ApplicationsWhy You Should Support AbiWord (LinuxToday.com.au). This LinuxToday.au author likes Abiword. "What an outstanding contribution to the open source world! While word processors such as StarWriter (part of OpenOffice), KWord are available for Unix Variants, and Microsoft Word and a variety of others are available for Windows and the Mac OS, you could run AbiWord on any different modern OS that you could care to, and find the basic feature set available on each!" Desktop ApplicationsAppgen implements new business model. Appgen Business Software, Inc. announced the formation of Appgen Personal Software, LLC which, along with Appgen Business Software, Inc., will jointly market business and personal financial management products as "The Appgen Software Companies". The Appgen Software Companies will sell prepackaged products directly to consumers of business and personal financial software. HealthEdge Brings Home Healthcare to the Linux World. FireLogic, Inc. announced today the release of the first of its HealthEngage Technology Platform products, HealthEngage-Asthma. HealthEngage-Asthma is a software application that allows users to track their health data. Loki at March conferences. Loki developers Sam Lantinga and Bernd Kreimeier will be giving a talk at the upcoming Game Developers Conference March 20-24 in San Jose. Also Loki President Scott Draeker will speak at the Colorado Linux Info Quest on March 30th. Section Editor: Michael J. Hammel |
March 8, 2001
|
|
Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Development page. |
Development projectsAudioMP3 alternative takes the open source trail (ZDNet). Ogg Vorbis continues to make news as an alternative to the license restricted MP3 format, and ZDNet is watching the development team. "They've made some considerable inroads in the eight months since their first beta release. The format is already supported in the latest version of the Sonique digital music software and in plug-in format for AOL Time Warner's Winamp player." DocumentationLDP Weekly News, March 6th. David Merrill has posted the latest issue of the LDP Weekly News. Updates this week were made to the SLIP/PPP, Modem, and LDAP Howto's, among others. EducationLinux in Education Report #39. Doug Loss has issued the latest Linux in Education Report which covers, among other things, a discussion on user interfaces for kids. ElectronicsgEDA-gaf 20010304 snapshot. A new development snapshot of gEDA-gaf has been announced This package contains the gschem schematic drawing program and other software. Also on the gEDA site, a new version of the Icarus Verilog compiler has been released. Embedded SystemsEmbedded Linux Newsletter for March 1, 2001 (LinuxDevices.com). LinuxDevices.com has posted the weekly Embedded Linux Newsletter, covering the past week's events in the embedded Linux world. InteroperabilityWine Weekly News for February 28 and March 5, 2001. The February 28 edition of the Wine Weekly News arrived shortly after LWN published last week. Topics include dealing with TCP/IP from Wine, making a Wine test harness, and library renaming. Just in time for this week's LWN, here is the March 5 edition of the Wine Weekly News. This week's topics include a Wine speed up, press coverage of Wine, and C coding style. LibrariesGTK+, GLib 1.2.9 released. Owen Taylor has announced the release of the latest versions of the GTK family, GTK+ 1.2.9 and GLib 1.2.9. This release includes an experimental theme-engine-only API for themes to change geometry parameters. This makes possible a number of things which were possible only by unsafe-hacks in prior versions of GTK+. The new code is available for download. Mail SoftwareMailman 2.0.2 released. Version 2.0.2 of Mailman, the GNU Mailing List Manager has been announced. This release fixes a privacy hole and other bugs. Web-site DevelopmentWebware 0.5 for Python. A new release of Webware for Python is available. "Webware for Python is a suite of software components for developing object-oriented, web-based applications." Release notes are also available for two related components, PSP and MiscUtils. CMF 1.0beta for Zope Released. Version 1.0beta of CMF has been released. "The Zope Content Management Framework provides a set of services and content objects useful for building highly dynamic, content-oriented portal sites. As packaged, the CMF generates a site much like the Zope.org site. The CMF is intended to be easily customizable, in terms of both the types of content used and the policies and services it provides." Section Editor: Forrest Cook |
March 8, 2001
|
|
|
Programming LanguagesErlangErlang R7B-2 available. A new bug-fix release of Erlang, version R7B-2, is available for downloading. JavaOpen Source Java: Ant (O'Reilly). David Thomson writes about Ant, an open-source XML based alternative to Make in an O'Reilly onJava.com article. Jikes 1.13 released. Noted in a very brief announcement posted to the news page of the Jikes project: version 1.13 of the Jikes compiler has been released. The Jikes release notes can be found online as well. (Thanks to Mo Dejong) Revisiting Java technology on the client (IBM devloperWorks).
Joseph Sinclair
talks about client-side Java in an IBM developerWorks article.
"When the Java platform was first announced, it was heralded as the
way to take the Web -- a mostly static collection of simple pages -- to
a stunning level of interactivity. The primary goal of the Java
initiative was to provide developers the ability to create small
applications that could run on any client machine and provide highly
interactive experiences using a combination of client processing and
server-provided data.
Markup LanguagesAbstracting the interface, Part II (IBM developerWorks). Martin Gerlach continues his look at XML data and XSL style sheets in an IBM developerWorks article. You might want to read the first article in the series for the full story. XML tutorial (Troubleshooters.com). This tutorial on XML features an open source perspective on learning XML. The article focuses on Linux and the Apache Software Foundation's Xerces-Java, covering DOM, SAX, and DTD's. PerlPerl 5 Porters for March 5, 2001. The March 5, 2001 edition of the Perl 5 Porters digest is out. Topics include locale support, finding memory leaks, Unicode, and more. Perltidy: unobfuscate your Perl code. A new version of Steve Hancock's perl code cleaner, Perltidy is available. Perltidy seems to do a decent job of cleaning up ugly code as shown in this example. PHPAnnouncing PHP-GTK. A new use has been found for PHP, talking to GTK. See the announcement of PHP-GTK for the details. "Too often PHP is thought of as only an HTML-embedded Web scripting language. But it is also a very full-featured general purpose language that can be used for much more. One of the goals behind this project was to prove that PHP can be used to write client-side GUI applications." PHP Weekly News for March 5, 2001. The March 5, 2001 edition of the PHP Weekly News is out. This edition covers the PHP GTK+ extension, PHP and Solid DB 3.5, function renaming, Japanese Multibyte support, and more. PythonDr. Dobb's Python-URL!, March 5th. The weekly Dr. Dobb's "Python-URL!" is available. It noted Guido van Rossum's release of Python 1.6.1 to fix the GPL incompatibilities in the license and the Python 2.1b1 release among other things. On the topic of Python 2.1b1, see Guido's announcement. Python Development Summary, 2001/02/15 - 2001/03/01. The traffic summary for the python-dev mailing has been posted for the period of February 15 through March 1, 2001. Python Software Foundation launched. Guido van Rossum has announced the launch of the Python Software Foundation, whose job will be "to provide educational, legal and financial resources to the Python community." Among other things, the PSF will hold Python's intellectual property - the copyright to the code. The board of directors is David Ascher, Paul Everitt, Fredrik Lundh, Tim Peters, Greg Stein, Guido van Rossum, and Thomas Wouters. wxPython for newbies (IBM developerWorks). An IBM developWorks article covers GUI development with the wxPython library. "The wxPython library's windows are real live native windows and can do anything native windows can do, allowing your wxPython program to be a much better-behaved citizen. And the whole shebang can be wrapped into an easy installation package. Maybe I'm just a curmudgeon, but I find all this to be much easier than the same thing under Java." Recipes wanted for New Python Cookbook. ActiveState and O'Reilly are putting together a Python cookbook, which will be available for download. They are currently looking for "recipies", useful bits of Python code and documentation to be included in the cookbook. More information is available on the Python Cookbook web page. O'Reilly has also announced the release of the second edition of Programming Python, which has been updated to cover Python 2.0. PythonWare PY20 for Linux. The PythonWare PY20 Python package is available for Linux in RPM format. "The Pythonware PY20 distribution is a collection of some of the most useful modules packed in a small self installing package. Don't be fooled by its size. This is a complete Python environment." Tcl/TkMoodss-14.0 announced. Version 14-0 of Moodss, the Modular Object Oriented Dynamic Spread Sheet has been announced by Jean-Luc Fontaine. Moodss requires tclpython and a new release of that has also been announced. ASED Tcl/Tk IDE version 2.0.8 released. A bug fix release of ASED, a Tcl/TK IDE has been announced by Andreas Sievers. ASED is released under the Gnu Public License (GPL). Alphatk text editor 8.0fc1. A new release of Alphatk has been announced. "Alphatk is a text editor. It's most useful for programmers, those writing a lot of TeX or LaTeX documents, and for editing of HTML source files. It has very rich features to aid in writing and editing files of those document types." Section Editor: Forrest Cook |
Language Links Caml Caml Hump Tiny COBOL Erlang g95 Fortran Gnu Compiler Collection (GCC) Gnu Compiler for the Java Language (GCJ) Guile Haskell IBM Java Zone Jython Free the X3J Thirteen (Lisp) Use Perl O'Reilly's perl.com Dr. Dobbs' Perl PHP PHP Weekly Summary Daily Python-URL Python.org Python.faqts Python Eggs Ruby Ruby Garden MIT Scheme Schemers Squeak Smalltalk Why Smalltalk Tcl Developer Xchange Tcl-tk.net O'Reilly's XML.com Regular Expressions |
|
Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Commerce page. |
Linux and BusinessZero-Knowledge Systems Names Technology, Privacy and Legal Leaders to Its Advisory Board. Zero-Knowledge is the provider of privacy enabling technologies and services for both consumers and enterprise. They will be known to many as the developer of the multi-platform, open source Freedom 2.0 Internet Privacy Suite. Released under the GNU GPL, the suite includes a personal firewall, form filler, cookie manager, ad manager and a keyword alert. Zero-Knowledge has signed on an impressive list of people to head its advisory board. The eight new board members include Bruce Schneier, Founder and Chief Technical Officer of Counterpane Internet Security and author of Applied Cryptography and Secrets & Lies: Digital Security in a Networked World; Whitfield Diffie, co-creator of public key cryptography and co-author of Privacy on the Line: the Politics of Wiretapping and Encryption; and Stanford Law School professor Lawrence Lessig. The other five members are just as impressive. The company expects the Board to provide senior management with strategic guidance, help the company create new privacy products and services for customers, and act as company resources and liaisons in their respective communities. Lineo to acquire Convergence Integrated Media. Lineo, Inc. announced it has obtained a signed letter of intent to acquire Convergence Integrated Media. Convergence is a developer of operating systems and software for digital communications products, such as personal video recorders (PVR) and digital video disk (DVD) devices. With this acquisition Lineo hopes to become the first and only provider of Linux-based development tools for digital television products. Terms of the deal were not disclosed. ARM Launches University Contest for New System Designs. ARM, a provider of 16/32-bit embedded RISC microprocessor solutions, launched the ARM Design Contest for Education. Participation is open to individual students or groups of students from universities and high schools. The subject of the design is open but the system must include or simulate at least one ARM processor. Design examples could include hardware & software: uHAL embedded RT Linux applications, cryptography, and low-power applications. Plexis Group Director Addresses GIS Conference. Plexis Group, LLC director Scott Stephens' presentation illustrated diverse uses of GIS through the Linux operating system. Landmark Information Group, Ltd., employs a 1 Ghz Linux PC to run Linux GenaMap, a product of Gena Warehouse Ltd. Using this operating system and software, Landmark Information Group provides free access to first edition historical ordnance survey maps of Great Britain, between 1846 and 1899. Borland Kylix Now Available. Borland announced the immediate availability of Borland Kylix. Kylix is a native rapid application development (RAD) environment for the Linux operating system. SAS Introduces Linux Cross-Hosted Compiler For S/390 Environments. SAS Institute announced the planned availability of Version 7.0 of the SAS/C and the SAS/C++ Cross-platform Development System for Linux, targeted at OS/390 and VM/ESA. Open Motif supports 2.4 kernel. ICS has released an updated version of Open Motif Everywhere. This new release officially incorporates Open Group Patch 3 and Patch 4 into the Open Motif release. These patches include numerous bug fixes and updates to the Motif libraries, clients and the demo source code. RPMs (version 4) are also provided for both Red Hat Linux 7, SuSE Linux 7.1 and other distributions using glibc 2.2. LPI News for February 2001. In this issue:
Linux Stock Index for March 01 to March 07, 2001.
LSI at closing on March 01, 2001 ... 32.54
The high for the week was 34.41
Press Releases:Open source productsUnless specified, license is unverified.
Proprietary Products for Linux
Servers and Desktops
Products and Services Using Linux
Products With Linux Versions
|
![[SnapFS diagram]](/2001/0308/snapfs-diagram.png)
it's restoring files that some user (usually the same user)
destroyed. With snapshots, that process is much easier.
![[Structure of a Distribution]](/2001/0308/dist_structure.png)
As
demonstrated by this graphic, that
package generally includes three layers of software: the Linux
kernel, the C library and then an arbitrary set of applications
to provide the specific functionality required.