![[LWN Logo]](http://old.lwn.net/images/lcorner.png)
![[LWN.net]](http://old.lwn.net/images/bigpage.png)
|
|
|
Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise
news for all interests
 Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters
Other LWN stuff:
Archives/search
Recent features: Here is the permanent site for this page. See also: last week's LWN.
|
Leading items and editorials
Loki cuts staff, but remains for the long haul
Not hardly. Like many companies in the high tech arena, Loki has to deal with the realities of a tight economy and, on top of that, a small market niche. While games on Linux seem to thrive and be one area the public is not overly concerned with paying cash for software, there really isn't a large enough market to support a large development team at Loki. The desktop world needs to evolve further to expand Loki's penetration. "The Linux market is still very small--much smaller than the Mac market," said Loki co-founder and President Scott Draeker in an email interview with LWN.net. While the community as a whole has been very good to the company, and the press has offered high praise for their products and support, no one is making a fortune at the small California based company. "Some [people] have assumed that all the good news and good work we were doing meant that we had all become instant millionaires. Not a chance." In fact, Draeker says they aren't even making money yet. Then again, that doesn't mean they're ready just yet to shut the doors to the business. "We're in this for the long haul. We want to build a Linux gaming industry. That takes time and plenty of sweat and cash. And no, we are not profitable. But we aren't going anywhere either." Finding cash has been a high priority for Draeker since last year. He says the company knew back in December that funding wasn't becoming available and that employees were told about the situation. "We told them they were welcome to stay," noted Draeker, "or start to look for other jobs. A number of people left over a period of 3 months. At that point most had gone about as far they could with the ups and downs associated with being a start up in a down market." Now the company is running at break even levels. Says Draeker, "We've cut back to a size where we can sustain our operations exclusively from sales revenue. That said, we are still looking for funding partners." Loki is in the midst of a releasing two new games for the Linux platform: Tribes 2 and Sid Meier's Alpha Centauri. Tribes 2 is a first person shooter based on team tactics, where players work within teams to do battle with human and AI opponents. Alpha Centauri is a simulation and strategy game where players conquer entire planets or build their own utopian society on earth. They've also started a bonus program to offer discounts on multiple purchases from their Web site, as well as a program for LUGs (Linux User Groups) that can purchase products in quantity at a discount with Loki picking up the shipping charges. While the release of two new games can likely help maintain revenue to keep the company going, Loki's software plans are not designed for porting games alone. "A great deal of the work we've done on projects like SDL and OpenAL lays the foundation for us to access larger markets for our products. Our open source projects aren't really designed for porting games, but for creating them." At the recent Colorado Linux Info Quest conference, Draeker compared the gaming industry to Hollywood. "Lots of movies get made but just a few blockbusters make the profits. Loki is looking for a blockbuster." Although he alluded to the possibility of Loki working on games for console systems in the future, he said the recently canceled Linux-based game console Indrema was never more than vaporware. Loki hadn't been working on games for that system. In the short term Loki remains focused on building revenue streams. In a tough economy that often requires cutting back, even for a Linux favorite like Loki. But it's not the end. Just a speedbump. World domination, at least for Loki, may still just be a point and click away. Fun laws in Europe. The United States has taken a lot of grief in recent years for a number of laws that, shall we say, were not particularly well thought out. Every now and then, however, the world makes it clear that the U.S. has no monopoly on legal silliness. This has been one of those weeks. Consider, for example, the new copyright directive issued by the European Council of Ministers. As good a summary of any, perhaps, can be found in this congratulatory message from the European Commission. The purpose of the directive is to "harmonize" European laws on copyright, and, incidentally, "bring European copyright rules into the digital age." That, of course, is code for adopting something that looks much like the American Digital Millennium Copyright Act (DMCA), which has already caused more than its share of problems. Consider, for example, the following: Firstly, rightholders have complete control over the manufacture, distribution etc. of devices designed to circumvent anti-copying devices. A more flexible solution in this regard would have carried a greater risk of abuse and piracy. This language is described as "a balanced compromise." This is exactly the sort of provision that got the DeCSS code in trouble in the U.S.; expect similar problems in Europe. The directive has little interest in fair use in any form. Even time shifting of television programs is regarded as an actionable use for which compensation should be expected. In general, the directive is fearful of digital copying: However, as far as private copying is concerned, the quality and quantity of private copying and the growth of electronic commerce all mean that there should be greater protection for rightholders in digital recording media (whereby unlimited numbers of perfect copies may be made rapidly). When a government is trying to restrict rights, it always helps to have an enemy. Copying is now that enemy, and any sort of means is justified in attacking it. But the free software world thrives on copying and freedom of information. The new European copyright directive reduces that freedom; it is only a matter of time until the free software community runs afoul of it. Web site registration in Italy. Italy, it seems, has a new law which defines web sites, especially those which are periodically updated, as "editorial content," and makes them subject to the laws covering newspapers. What that means, essentially, is that Italian web sites must:
Those interested in the details can see Come mettersi in regola con le norme sulla stampa ("How to comply with the press regulations") on the InterLex site. (The text, strangely enough, is in Italian). The attitude behind this whole thing, perhaps, is best summarized by this quote from Paolo Serventi Longhi, the secretary of the Federazione nazionale della Stampa (the national journalists' union), as found in Punto Informatico: Thus ends, at least in Italy, the absurd anarchy which allows anybody to put information online without regulation, controls, or guarantees of a minimal quality or standards to the user of information products... (Translation by the editor). The law places responsibility on Internet service providers as well; ISPs can find themselves responsible for the operation of a "clandestine press." It also applies to servers that are hosted outside of Italy - as long as the content originates in Italy or is transmitted into Italy. Violators are subject to fines and up to two years in jail. We talked briefly with Michel Morelli, producer of the Italian Linux news site ZioBudda, who sees this law as "a threat to 3/4 of the Italian Internet," and who pointed out this online petition calling for the repeal of the law. The petition had almost 34,000 signatures as of this writing; certainly it could use more. This sort of law is scary, even in Italy, which is full of weird laws that are widely ignored. Regularly-updated web sites are not uncommon - the other variety is generally called "dead." In particular, any site hosting free software certainly needs regular updates, or it is useless. Any kernel.org mirror could find itself in trouble. Even if it is not widely applied, this kind of law can be used to shut down sites that somebody in power finds inconvenient. It also does not take a whole lot of paranoia to imagine this sort of reasoning leading to the conclusion that distribution of software, too, needs more "regulation, controls, and guarantees." Consider that Italy is about to elect a Prime Minister who controls half the television channels in the country (to a post that controls the other half), and who has stated his intent to create a new "ministry of information" under the control of an industry leader. And consider that these sorts of bad ideas have an unpleasant habit of spreading across borders. Free software will not get very far without freedom, and threats to freedom come in many forms. We have a lot of battles to fight, still. Inside this week's Linux Weekly News:
This Week's LWN was brought to you by:
|
April 19, 2001
|
|
Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Security page. |
SecurityNews and EditorialsRed Hat mkpasswd limitations. A limitation in the Red Hat mkpasswd command was discussed on BugTraq this week. Mkpasswd is an expect script that can be used to generate random passwords. Similar to a recently reported problem with a password generator for the Palm, it seems that mkpasswd uses an inadequate seed, based on the process ID, which results in a much smaller pool of passwords than is expected. Of course, the smaller the pool of passwords, the easier it is to brute-force a password. In addition to the importance of using a good random seed in the password generator, the need to reseed was also discussed. Using the Tcl 8 rand() function as an example, it was shown that seeding only once produce in the range of 22,000 passwords before duplicates began to occur. The Tcl 8 rand() function uses the system clock for a seed. Alternately using a weaker seed but reseeding with each invocation, more than 45,000 passwords were generated without a duplicate occurring. We expect an update for the Red Hat mkpasswd command will be provided in the near future. Meanwhile, sites that use password generators to assign passwords may want to look more closely at the algorithms upon which they are depending. Disabling Module Loading Caveat. A piece of information was accidentally left out of last week's lead-in editorial, which talked about using the capability bounding set to disable the loading of kernel modules. In June of 2000, Patrick Reynolds sent in a Letter to the Editor pointing out that "/proc/sys/kernel/cap-bound maps directly to the cap_bset variable in kernel memory". As a result, unless CAP_SYS_RAWIO is disabled (it controls access to /dev/mem), it is possible to use /dev/mem to load new code into the kernel (this will require access to a valid System.map file). Unfortunately, disabling /dev/mem will break many things, including X and potentially many other user-space programs. The use of capability bounding sets will still assist in protecting systems from many current rootkits that use loadable kernel modules, but, as common with most security issues, they only provide a partial solution. (Thanks to Neale Pickett for pointing out our error in omitting this information last week). Carko distributed-denial-of-service tool. A new distributed denial-of-service tool, named Carko, was reported on various systems this week. Carko is a clone of stacheldraht+antigl+yps, with apparently as little as one source code line difference. However, it has been updated to leverage much newer vulnerabilities, in particular a buffer overflow in snmpXdmid under Solaris. Although Carko is not currently targeting Linux vulnerabilities, it is a reminder that the problem of distributed denial-of-service attacks has not been resolved. For now, the best defense for all of us is not only to close all vulnerabilities on our own systems in a timely manner, but also to encourage and support everyone else we know to do likewise. Carko is spreading because the availability of hosts with open vulnerabilities is vast. CRYPTO-GRAM newsletter. Bruce Schneier's CRYPTO-GRAM newsletter for April is out. It covers computer security from a military defensive point of view, the fake Microsoft certificates, and more. Microsoft: Closed source is more secure (SecurityFocus). SecurityFocus has put up a report from Microsoft security head Steve Lipner's talk at the RSA Conference. "Lipner slammed the open source development process, suggesting that the often-voluntary nature of creating works like the Linux operating system make it less disciplined, and less secure. 'The open source model tends to emphasize design and development. Testing is boring and expensive.'" Reading through the comments posted to SecurityFocus revealed little support for Lipner's words, but that could be expected from an audience that is both security-savvy and extremely familiar with Open Source software. The most relevant comment we found was from "Will" who pointed out that the majority of advisories from Microsoft credit people outside their own staff for finding the security holes. That indicates that a "dedicated, trained, full time and paid" staff isn't the answer either. Neither closed source nor Open Source software is as secure as it needs to become. Security ReportsLinux Kernel 2.4 Netfilter/IPTables vulnerability. Under Linux 2.4, IPTables is used for building firewalls. It is implemented under the NetFilter framework, a raw framework for filtering and mangling packets. A vulnerability has been reported in the manner that the RELATED state is implemented which can be exploited to potentially bypass a firewall and access ports that are assumed to be protected.The NetFilter team has provided a patch for Linux 2.4.3. Note that the patch may be subject to future revision; a URL is provided where the latest version can be found. Presumably the patch, or its future incarnation, will be provided in an upcoming version of 2.4. Meanwhile, the original posting provides details that network engineers will want to examine to improve and tighten the use of the RELATED state. Samba 2.0.8 security issue. Andrew Tridgell posted a note to BugTraq that Samba 2.0.8 has been released to address a significant security vulnerability that allows local users to corrupt local devices (such as raw disks).
cfingerd format string vulnerability. A format string vulnerability has been reported in cfingerd ("Configurable Finger Daemon") which can be used remotely to gain root privileges and execute arbitrary code. An exploit for this vulnerability has been published and a patch to fix the problem is available.
Debian Security Advisory for exuberant-ctags. Colin Phipps discovered that the exuberant-ctags package, as distributed with Debian GNU/Linux 2.2, creates temporary files insecurely. This has been fixed in version 1:3.2.4-0.1 of the Debian package, and upstream version 3.5. Other distributions that ship this package will also be impacted.bubblemon kmem permissions vulnerability. bubblemon, an application that displays CPU and memory load as bubbles in a jar of water, is installed setgid kmem under FreeBSD. As a result, it can be exploited to execute arbitrary commands under group kmem. It has not been reported whether or not the same problem crops up on other BSD systems or on Linux. A new version, Bubblemon 1.32, has been released with a fix for the problem.web scripts. The following web scripts were reported to contain vulnerabilities:
Commercial products. The following commercial products were reported to contain vulnerabilities:
UpdatesNetscape 4.76 GIF comment vulnerability. Check the April 12th LWN Security Summary for the original report. The vulnerability can be used to embed executable Javascript in GIF comments which are then executed by the viewer when loading the GIF file. This has been fixed in Netscape 4.77, which is available for download from ftp.netscape.com.This week's updates: Previous updates:
ntp remotely exploitable static buffer overflow. An exploit for a static buffer overflow in the Network Time Protocol (ntp) was published on April 4th. This exploit can allow a remote attacker to crash the ntp daemon and possibly execute arbitrary commands on the host. Patches and new packages to fix this problem came out quickly. It is recommended that you upgrade your ntp package immediately. If you cannot, disabling the service until you can is a good idea. For more details and links to related posts, check BugTraq ID 2540.This week's updates: Previous updates:
IP Filter fragment caching vulnerability. Check the April 12th LWN Security Summary for the original report. IP Filter 3.4.17 has been released with a fix for the problem. BugTraq ID 2545.This week's updates: Multiple FTP daemon globbing vulnerability. Check the April 12th LWN Security Summary for the original report.This week's updates: Previous updates:ptrace/execve/procfs race condition in the Linux kernel 2.2.18. Exploits were released the week of March 29th for a ptrace/execve/procfs race condition in the Linux kernel 2.2.18. As a result, an upgrade to Linux 2.2.19 is recommended.Last week, Alan Cox put up the Linux 2.2.19 release notes, finally giving the specifics on all the security-related fixes in 2.2.19 (all thirteen of them!) and giving credit to the Openwall project and Chris Evans, for the majority of the third-party testing and auditing work that turned up these bugs. Fixes for the same bugs have also been ported forward into the 2.4.X kernel series. This week's updates: Previous updates:
OpenSSH 2.5.2p2 released. OpenSSH 2.5.2p2 was announced the week of March 29th. It contains a number of fixes (including improvements in the defenses against the passive analysis attacks discussed in the March 22nd LWN security page) and quite a few new features as well.This week's updates: Previous updates:
pico symbolic link vulnerability. Check the December 14th, 2000 LWN Security Summary for the initial report of this problem. Note that this has also been reported as a pine vulnerability, but the vulnerable component is still pico, not pine. Check BugTraq ID 2097 for more details.This is the first distribution update we've seen for this four-month-old vulnerability. This week's update: ResourcesHacker Tools and Their Signatures, Part One: bind8x.c. Toby Miller has started a series of articles detailing hacker exploits/tools and their signatures. The first article in this series focuses on bind8x.c. "The discussion will cover the details of bind8x.c and provide signatures that will assist an IDS analyst in detecting it. This paper assumes that the reader has some basic knowledge of TCP/IP and understands the tcpdump format". New Security Mailing Lists. In an apparent effort to lessen the load on the BugTraq mailing list, Security Focus has announced four new mailinglists:
Adore Detection. Duncan Simpson wrote in this week to point out a couple of tools that can be used to detect the Adore worm, including rkscan and checkps 1.3.2. "Checkps 1.3.2 in kill scanning mode should now detect adore due to two additional tests as to whether a pid really exists (adore "fixes" the kill system call)". EventsUpcoming Security Events.
For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net. Section Editor: Liz Coolbaugh |
April 19, 2001
LWN Resources | |||||||||||||||||||||||||||||||||||||||
|
Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Kernel page. |
Kernel developmentThe current kernel release is still 2.4.3. Linus's 2.4.4 prepatch has reached 2.4.4pre4; it includes much more stuff from Alan Cox's "ac" series, a number of fixes, and, interestingly, the zero-copy networking patch (see below). Alan Cox's series (currently at 2.4.3ac9) is getting smaller as the patches get into the mainstream kernel, but there's still quite a bit of stuff there. Some of what's there, including the user-mode Linux patch, will evidently not go to Linus at all, at least for now. Zero-copy networking will be in 2.4.4. This patch, by David Miller, Alexey Kuznetsov, and others, has been in development and testing for some time, and was incorporated into the "ac" kernel series back in 2.4.2ac4. In a way, it is a surprising change to see in a stable kernel series, since it makes fundamental changes deep in the networking code. From all reports, however, it is solid, and, in certain situations, it should produce significant performance benefits. Zero-copy networking speeds things up by avoiding, whenever possible, copies of the data to be transferred. In an optimal case, a buffer full of data sent over the network by an application (an FTP server, say) will go directly to the network interface from the application's memory. Without zero-copy networking, however, that's not how things are done - at a minimum, the data is copied into kernel space and assembled into one or more packets before going to the wire. All that copying can slow things down and fill up the cache; it's not surprising that people want to eliminate it. Making zero-copy work is not straightforward, and the patch is large. Various issues have to be dealt with, including:
To handle all of this stuff, the zero-copy networking patch makes some fundamental changes to the networking core code. Traditionally, packets are passed around via a struct sk_buff structure, usually referred to as an "skb." The skb contains the entire packet, headers and all. With zero-copy, an skb can now be "paged," or "nonlinear," meaning that it consists of several pieces which are not contiguous in memory. Much of the code which handles skb structures must be changed to take this new structure into account. The driver interface has also seen changes. There is a new "features" variable in the netdevice structure which is used to mark some of the capabilities of the device (and its driver); these include the ability to perform checksums, deal with high memory, and do scatter/gather I/O. This variable was actually added in 2.4.0-test12, just before the official 2.4.0 release, but it's only with the zero-copy patch that it is seeing some real use. The change in the driver interface means that zero-copy I/O is only possible if the relevant network driver has been updated to support it. So far, only the AceNIC and Sun HME drivers have been fully converted. The work required appears not to be large, assuming that the hardware is reasonable, so more drivers will likely be updated in the future. Zero-copy networking is not a win for everybody; it really only makes sense on high-end hardware and very fast networks. In that situation, though, it should be a real performance win; expect more amazing web server benchmark results in the near future. Children first. Adam Richter posted a patch which makes a subtle change in the way the fork() system call works. It is interesting to look at as an example of how little tactical changes can affect operating system performance. On Unix-like systems, the child of a process that forks gets a copy of the parent process's entire address space (normally). Actually copying everything, of course, would be most inefficient. Read-only memory (such as program code) can be simply shared, but writable memory requires a bit more cleverness. The technique used is to share the data space, but to mark it "copy on write" (or "COW"). Both processes see the same COW pages, until one of them tries to make a change. At that point, the kernel makes a copy of the relevant page, making it private to the process, which is unaware that anything has happened. The 2.4.3 kernel, on a fork(), puts the child process into the run queue and resumes executing in the parent. The child will run sometime later as part of the normal timesharing of the processor. It turns out that this is not the best way of doing things from a performance point of view, though. The parent process will likely go on modifying its private data, causing the system to make copies of the various COW pages shared with the child process. But the child, in most cases, is unlikely to ever look at those pages; instead, it will probably perform a few operations, then go and exec() some other program, which breaks its attachment to the shared pages. If the child were to run first, the parent would probably not need to copy all those pages, and performance would be improved. And, in fact, according to Linus, the performance difference is visible. As a result, this patch went into 2.4.4pre4 (though it does not show up in the changelog). Other patches and updates released this week include:
Section Editor: Jonathan Corbet |
April 19, 2001 For other kernel news, see: Other resources: |
|
Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Distributions page.
Lists of Distributions |
DistributionsPlease note that security updates from the various distributions are covered in the security section. News and EditorialsSlackware faces new obstacles, challenges. LinuxToday broke the news this week that Wind River, having purchased BSDi and vocalized its displeasure with all things under GPL and particularly with Linux, has laid off the Slackware development staff. Patrick Volkerding later confirmed the news, indicating that he, too, would be laid off, but stating strongly that Slackware is not folding up shop. He has sufficient funds to publish the next edition of Slackware, which is nearing release, but not enough funds to pay Chris Lumens, David Cantrell, and Logan for their on-going work. Note that Slackware is one distribution that has always paid its own way, bringing in sufficient revenue to keep the project going, without making millionaires of anyone. As long as Patrick Volkerding continues to lead the project, it is probable that Slackware will continue. The major impact of these new money problems will be a temporary distraction from development (noticeable already in this week's Changelog entries, or lack thereof) and possibly a difficulty supporting the new Alpha and Sparc versions of Slackware. In our experience, Slackware has possibly the most loyal following of all Linux distributions, even if that following is not large compared to the number of Red Hat Linux users. The next few months will demonstrate the worth of that loyalty. For those Slackware users that would like something concrete they can do to show their support, Slackware now has a Paypal account. Simply donate money via Paypal to "paypal@slackware.com". MandrakeSoft's Donations Page. On a similar note, though not accompanied by similar bad news, MandrakeSoft's Donations page is now on-line. In response to customer demand, MandrakeSoft has promised to provide a mechanism by which fans of the Linux distribution can donate money. In particular, many Linux-Mandrake fans that download the software for free have asked for a means by which they could also support the company. The page accepts donations and allows the contributor to specify the Linux-Mandrake project they would like to support. The Linux-Mandrake donations page and Slackware's Paypal account will be interesting tests to see how much, if any, money can be raised on a regular basis via voluntary donations. It is a particularly interesting way to support a commercial company and an interesting contrast, for example, to LinuxPPC's decision to become a non-profit organization, allowing such donations to become tax-deductible. We will be watching the results with interest. Red Hat Linux 7.1. Here is the announcement from Red Hat on the release of Red Hat Linux 7.1. It includes, of course (and among other things), a 2.4 kernel, tighter "out of the box" security, a new "customization guide," and the TUX web server. Although the most impressive improvements have been made in the server arena, desktop users can also look forward to new versions of Gnome, KDE, XFree86 and Mozilla. A new graphical version of Kickstart is intended to improve unattended installations. The security enhancement include such common-sense ideas as disabling network-based services by default and extend to configuring a firewall as part of the installation. Also announced by Red Hat was its new "Software Manager," which makes more Red Hat Network services available. Ratatosk closes down. The Ratatosk Project was an effort by Martin Skjoldebrand to provide a database of available distributions. Unfortunately, due to time commitments, Martin has closed the site down and moved on to work on the mhd helpdesk system. He has offered to make a copy of his distributions database available to people that ask. Distribution NewsSuSE News. Joshua Uziel pointed out a couple of weeks ago that the Sparc version of SuSE Linux was available for download. This week, SuSE Linux announced the release of the media-kit for SuSE Linux 7.1 for the Sparc architecture, containing a jewel case with the CDs. No printed documentation is included; the on-line documentation must be used. Tomsrtbt News. Tomsrtbt comes out in favor of free beer. Seemingly in response to this week's LWN article on how some distributions are making it harder to download a CD image for free, Tomsrtbt has announced that the distribution will be "available as a downloadable media image forever". Incidentally, tomsrtbt-1.7.250 has been released. (Tomsrtbt is a floppy-based distribution). Turbolinux News. Turbolinux, Inc. has announced the availability of Turbolinux Server (TLS) 6.5, its enterprise level Linux distribution. TLS 6.5 supports five languages, including English, Japanese, Korean and Chinese (traditional and simplified). This version includes a journaling file system. Debian News. Debian 2.2r3 has been released. This is a bugfix release, consisting mostly of security updates. Debian has posted a press release noting how to go about adding the 2.4 kernel to a Debian 2.2 distribution. Red Hat News. In addition to the release of Red Hat Linux 7.1 this week, Red Hat also put out a bugfix advisory for their Update Agent. This bugfix closes multiple bug reports and applies to Red Hat Linux 6.2 and 7.0. New packages are included for up2date, python-xmlrpc and rhn_register. deepLinux News. A package manager has been added to deepLinux ExOp, at customer request. The DeepLinux package manager is based on the Slackware package manager, with minor cosmetic changes intended to make the package manager easier for people migrating from support Unix systems such as Solaris. Slackware News. A new version of the Slackware Administrators Security Toolkit has been released, version 0.1.2.1. "This release fixes an installer issue and a potential race condition, includes more documentation, clarified XFree86 versions (not updated for X 4.0 yet), and removes shell limits". Linux-Mandrake News. From the MandrakeForum website, here are some interesting headlines from the past week:
More Distribution updates
Distribution ReviewsSuSE Linux 7.0 Professional review. Bill Henning has resurfaced with a review of SuSE Linux 7.0 Professional, the version of SuSE Linux aimed at proficient technical users. Of course, SuSE Linux 7.1 is already out there, but the review of the documentation provided with SuSE Linux is worth a peek. "The documentation is nothing short of excellent - it is very comprehensive, and they have had much more success in removing "germanisms" from the documentation with this release". Section Editor: Liz Coolbaugh |
April 19, 2001
Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.
|
|
Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters See also: last week's On the Desktop page.
|
On The DesktopTaxing software: Considering the time of year here in the US, it isn't all that surprising that I was recently asked if I knew of any software for Linux that could help with producing tax returns. While the question is a bit moot at this point for US users, it is still interesting to note just what options are available in this category of applications. First, there are plenty of financial packages around for Linux, starting with the very popular GNUCash. While a decent clone of Quicken (with quite a few features still to go, however) GNUCash does offer extensions for writing tax software. There just doesn't seem to be any written yet. While GNUCash is great for managing finances in general, you can't handle your taxes with it. The problem isn't that projects don't exist to handle tax processing, there are plenty of those:
The bigger problem is that writing tax software is a difficult proposition. An extended discussion on finding and writing tax software took place late last year on Slashdot. The gist of the story is that because tax laws change and can be interpreted very loosely it's difficult to write accurate software for helping to calculate taxes. We're talking about something more than just an online form that adds numbers. It needs to be something that understands tax law. While tax software is difficult to write, it's not impossible. In fact, it's already been done - in Germany. Last week we reported on the release of Buhl Data Services' Tax2001, a tool for creating German tax forms that apparently runs on WINE. And this isn't the only country outside the US with projects for making Tax forms - a project is underway to help Canadian's handle their taxes, too. Even though there is a lack of available native software, it's not impossible to do your taxes using Linux. You just need a Web browser. Sites like SecureTax.com or TurboTax for the Web offer online services for users of any platform, though it has been reported that this latter service may require your browser to be Netscape or IE or else it may not work. Tax season is over for most Americans, and I'm not sure when taxes are due elsewhere, but managing your money using Linux is a year round process. While I use the Applix spreadsheet program to keep my budget, there are many other financial tools available. These include tools ranging from managing stock portfolios to balancing checkbooks to doing payrolls. Don't expect all of these to provide beautiful windowed interfaces just yet. Most tools are still primitive in form, but they are getting better. Expect to see a big advance in these tools over the next year since both of the major desktop environments - KDE and GNOME - now have very stable and extensible interfaces. KDE's KParts is not MICO. It was pointed out to me after last week's column on Bonobo's use of a CORBA implementation that my report on KDE using MICO was, well, just a little out of date. That was an understatement. The move from the CORBA-based MICO to the current KParts happened long before KDE2 was released. KParts is a non network transparent, shared library approach that was considered easier to develop with and provided better performance. The best clarification came from Daniel Burckhardt, who stated: Bonobo uses ORBit as a CORBA implementation while KDE experimented with MICO long before KDE2 was out. KDE abandoned CORBA-based interprocess communication because there were performance and compilation issues with MICO and because they felt that they could still fill their needs with a simpler approach. So they based DCOP (KDE's alternative to Bonobo) on libICE, part of the X11 libraries. KParts has an extension called XParts, which is how KDE embeds non KDE parts such as Gecko. Interestingly, searching for CORBA on KDE's web page didn't show anything about KParts. While this is understandable - KParts isn't CORBA - there was no information that said "KParts provides the equivalent to or similar functionality as CORBA". I just needed something that would point me to KParts when looking for KDE's counterpart to Bonobo. It was late and I really didn't know what exactly I was looking for anyway. Hopefully that's a problem I'll rectify as I get some test systems put together and can experiment more thoroughly with KDE and GNOME. Daniel also provided a note that KDE leader Matthias Ettrich is considering bringing CORBA back into the fold: To everyone's surprise, KDE's founding father Matthias Ettrich recently started a discussion about maybe bringing CORBA back to KDE, this time based on ORBit instead of MICO. For a good summary about possible advantages and disadvantages of that approach, have a look at Kernel Cousin KDE #5
Monkey business. Finally, it seems that while Ximian may be a barrel full of monkeys, the Bonobo project can't claim such a close heritage. Thanks to M Carling who pointed out the fact that Bonobos are not monkeys at all, but rather sit just off the branch that spawned humans. Carling also offered an update on the Bonobo's mating habits, but we'll leave that for a Discovery channel special.
Desktop EnvironmentsXimian hires new CEO. Co-founder Nat Friedman is stepping over to a VP role at Ximian to make room for a veteran CEO, David Patrick. KOffice 1.1 approaching Beta 1. In a posting to the KOffice Development mailing list, David Faure notes that the 1.1 Beta 1 release of KOffice is scheduled for packaging on April 18th. He included a release plan for the KOffice 1.1 release as well. Interoperability -- Progress at GUADEC. GNOME hacker David Mason wrote this GUADEC II coverage, reflecting on the progress made in ensuring GNOME/KDE interoperability. "We were graced by the presence of four or five KDE members. This was one of the more positive events to occur during the whole show. We had one formal meeting in the form of a BOF and many informal conversations throughout the show." Trolltech announces Qt 3.0 preview. Trolltech has gotten around to announcing its preview of Qt 3.0. The announcement includes a list of the new features in this upcoming release. GNUStep Weekly Update. The GNUStep project posted their weekly update. While GNUStep continues drive towards a desktop environment to rival GNOME and KDE, this update is probably of more interest to developers than users. Enlightenment gets a facelift. Noted in passing - the Enlightenment web site got a major update this past week. While most of the site is still under development, the Goodies page does give a nice overview of how the 0.17 release will be breaking out components of the window manager into low level back end services that can be used by other projects. FVWM2 update. FVWM2 also slipped in a little update on their web site back at the end of March - a new release candidate: 2.3.31. Desktop ApplicationsIt's Play Time: Linux Games Shipping Next Week. Loki has announced they are shipping two new games next week: Tribes 2 and Alpha Centauri Planetary Pack. They're offering both at a discount price when bought together. On the go...A developer's perspective on Agenda's VR3 Linux PDA (LInuxDevices.com). LinuxDevices presents a developers point of view on the new Agenda VR3. "It is encouraging to report that the VR3 is a fairly successful implementation of a Linux PDA, from both a user's and a developer's point of view." Guadec Diaries. In one of the more amusing and thorough diaries covering the recent GNOME User and Developer European Conference (GUADEC), Telsa Gwynne tells of her travails following (and leading) Alan Cox and company around the conference. Thanks to Havoc Pennington, who let us know about Dave's report and sent in one of his own. More GUADEC summaries can be found here. Section Editor: Michael J. Hammel |
April 19, 2001
|
|
Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Development page. |
Development projectsNews and EditorialsPostgreSQL 7.1 is out, almost exactly one year after the 7.0 release. PostreSQL, of course, is a full-featured relational database management system with a long history. It remains the most feature-rich free database implementation (but MySQL claims better performance, still). The major additions in 7.1 can be seen in the announcement; in general, development this time around has been oriented toward the removal of long-standing PostgreSQL limitations. New features include:
The era of free software database management systems is getting closer, as the available software approaches the proprietary systems in power and performance. Given the current pace of development and the increasing level of commercial support behind free software databases, it would be surprising if corporate adoption did not begin to increase. Consider, for example, the success story related in this Linux Journal article by Great Bridge CEO Robert Gilbert: Just Sports saved itself a boatload of money by using the Linux operating system and PostgreSQL, a powerful open-source database management system, all running on Apache-powered servers. The final product is fast and highly customized with functions not available to users of Microsoft, Oracle or other proprietary software. Companies are understandably nervous about their relational database systems - if the database doesn't work, the rest of the system is guaranteed to have problems. As the performance, reliability, and features of the free alternatives become clearer, though, the economics of free databases are likely to inspire many more stories like the one related above. Samba 2.2.0 released. The Samba Team has released samba-2.2.0, the first major Samba release in some time. The list of new features can be found in the announcement; it is long, and is oriented, of course, toward even tighter integration between Windows and Unix/Linux systems. AudioCSL 0.1.1. The initial release of CSL - the Common Sound Layer - has been announced. CSL is an attempt to encapsulate audio code into a single module in order to facilitate the easy creation of portable code.BrowsersQt Mozilla released. The effort to port Mozilla to the Qt toolkit began sortly after the initial Mozilla source release. As of April 17, the results are actually available as part of the regular Mozilla source tree; see the announcement for details.ClustersAlinka Clustering Letter. The Alinka Clustering Letter is celebrating its first birthday. This newsletter provides a rundown of interesting conversations, events, and announcements from the Linux clustering community.DocumentationLDP Weekly News for Apr. 17, 2001. The latest issue of the LDP Weekly News carries word of updates to the XML-RPC and Apache Overview HOWTO's, among others. EducationLinux in education report #42 for April 16. The latest issue of the Linux in Education report has been published. Embedded SystemsBuilding a Linux/RTAI based software radio (LinuxDevices). LinuxDevices.com describes a do-it-yourself demonstration of the capabilities of RTAI, a real-time Linux add-on. The demo consists of a floppy-booted Linux system that uses an RTAI task to create a radio carrier on which synthesized music is superimposed. FinancialThe Finicky Financial Trading System. Version 0.5 of the Finicky Financial Trading System is out. FFTS is oriented toward front-office trading and risk management; it looks like a good tool for the more advanced investors out there. It is based on Qt and PostgreSQL, and it is licensed under the GPL.GamesThe Chopping Block returns. After a bit of an absence, the Chopping Block, an electronic newsletter covering the WorldForge project, has released an April issue. It covers the Acorn 0.3 release, WorldForge outreach efforts into the gaming community, an interview with Acorn team head Al Riddoch, and more.InteroperabilityWine Status A new Wine Status Report came out on April 16. It is terse and oriented toward those who know the code, but it does give an overview of where the various Wine components stand.Mail SoftwareMailman 2.0.4 has been released. The biggest changes in this release are fixes to make it work with Python 2.1; for people who aren't upgrading their Python soon this release is considered "optional."Network ManagementOpenNMS Update. The OpenNMS Update for April 17 is out. It covers the 0.7.3 release, upcoming road shows, and more.Office SystemsGNU HaliFAX Viewer 0.21. Version 0.21 of the GNU HaliFAX Viewer has been released. It is the fax viewer component for the HaliFAX project, which plans to provide a set of client applications for free fax systems.ScienceLinux in Science report #9 for April 17. The latest issue of the Linux in Science report has been published. Software DevelopmentSavannah status report. Savannah, the GNU Project's answer to SourceForge, has posted a status report. It seems that Savannah will be open to free software projects that are not part of GNU, something which had not been clear until now. There is, however, trouble in that a web interface is needed for GNATS, and nobody is currently on the job. If you're looking for a project to help out GNU, this could be the one.SourceForge more popular than beer? Here's a news item on the SourceForge site pointing out that a search on Google for "SourceForge" turns up 3,570,000 hits, while searching for "beer" only gets 3,120,000. This presumably means something... StandardsDraft 6 of the POSIX/Single Unix Specification available. The Austin Common Standards Revision Group has announced the release of draft 6 of the "Joint Revision to POSIX and the Single Unix Specification." This standard draft is a mere 3698 pages long; nonetheless review and comments are being requested. The comment period will be open until May 21.Web-site DevelopmentZope 2.3.2 beta 1. The first beta of Zope 2.3.2 has been released. This release fixes some problems with Zope 2.3.1; it looks like a small patch, and no further changes are planned before the official 2.3.2 release.Zope 2.4 will require Python 2.1, to the evident disgruntlement of some Zope users. People who follow the bleeding-edge Zope code will need to get Python 2.1 installed fairly soon; everybody else can wait until they decide to install Zope 2.4, which, of course, does not exist yet. The 2.4 release will contain a number of internationalization improvements, and those require the better Unicode support that Python 2.1 provides. PHP Networking (ONLamp). ONLamp has posted a tutorial article on PHP's networking functions. It gives particular attention to sending mail from PHP scripts, but it also gives an overview of the networking functions in general. Window SystemsNew developer releases of GTK+ libraries. Owen Taylor posted to various mailing lists yesterday the release of new libraries for the GTK+ family. Included here are GTK+-1.3.4, GLib-1.3.4 and Pango-0.15. Pango is the library for the layout and rendering of text being written for the upcoming 2.0 release of the GTK family of libraries. Note that these are all developer releases, not intended (just yet) for production applications. Section Editor: Forrest Cook |
April 19, 2001
|
|
|
Programming LanguagesCFree ISO C reference manual. Sandro Sigala has released a reference manual for the C language under the GPL; it is available as PostScript or as LaTeX source.CamlCaml weekly summary. David Mentré has kindly sent us his overview of events in the Caml programming community.HaskellGlasgow Haskell Compiler version 5.0 released. A new version of the Glasgow Haskell compiler, which is a Haskell 98 implementation, has been released. JavaVolano Report. A new Volano Report on Java network performance is out. Linux-based systems do well on the network messaging benchmark, and the Blackdown Java implementation maxes the scale on the network scalability test. As was stated by John Neffenger, who ran the tests: "Blackdown's Java VM using green threads on Linux is the only hope for pure Java servers with lots of connections -- at least while we're waiting for the Java 1.4 'new I/O' (or a different Linux threading model)."PythonPython 2.1 is out; the announcement went out on April 17. It includes a number of new features, including nested scopes, the __future__ mechanism, weak references, function attributes, support for more platforms, and more.
This week's Python-URL. Here is Dr. Dobb's Python-URL for April 16, with coverage of the 2.1 release, Python interfaces, and other news from the Python development world. Python-dev summary. The Python-dev summary for April 11 is also out. It talks about the magic __debug__ variable, inverse string interpolation, and other topics relating to the development of the Python language. Tcl/TkThis week's Tcl-URL. Dr. Dobb's Tcl-URL for April 16 is out, with coverage of the Tcl/Tk 8.3.3 release and more. Section Editor: Forrest Cook |
Language Links Caml Caml Hump Tiny COBOL Erlang g95 Fortran Gnu Compiler Collection (GCC) Gnu Compiler for the Java Language (GCJ) Guile Haskell IBM Java Zone Jython Free the X3J Thirteen (Lisp) Use Perl O'Reilly's perl.com Dr. Dobbs' Perl PHP PHP Weekly Summary Daily Python-URL Python.org Python.faqts Python Eggs Ruby Ruby Garden MIT Scheme Schemers Squeak Smalltalk Why Smalltalk Tcl Developer Xchange Tcl-tk.net O'Reilly's XML.com Regular Expressions |
|
Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Commerce page. |
Linux and BusinessOpen source software in EU public administrations. A European Commission initiative called IDA ("Interchange of Data between Administrations") ran a symposium on "Open source software in EU public administrations" back in February. The presentations from the symposium are now available online, in PDF format. The presentations are worth a look; they provide a view into how a number of European governments are looking at open source software. For those who would rather not deal with PDF files, Stéfane Fermigier has kindly provided us with one of these documents, the conclusions, in plain text. In short, their conclusions are good news for the open source community. ActiveState launches ASPN Initiative. ActiveState has announced the ActiveState Programmer Network (ASPN), which delivers tools and knowledge to enable programming with open source technologies. For example, the ASPN includes quality-assured binary distributions of Perl, Python and Tcl; multi-language and platform IDEs; technical references, sample code and other helpful information. Access to ASPN is not completely free and open, at least not for all resources that ActiveState has to offer. There are three levels at which developers can join. ASPN Open provides a free online resource for casual and new programmers. ASPN Komodo builds on ASPN Open and is designed for professional programmers. The Komodo IDE and updates for a year are included with ASPN Komodo, priced at $295 for an annual subscription. ASPN Perl includes access to all O'Reilly Perl texts and other Perl programming resources, on top of everything ASPN Komodo offers, and has an annual subscription fee of $495. Samsung, Lineo form Lineo Korea. Samsung and embedded Linux maker Lineo have formed a joint venture called Lineo Korea. National Semiconductor, Samurai announce Brazilian Linux system. National Semiconductor and Samurai have announced that, in response to a challenge from the Brazilian government, they have designed an inexpensive, Linux-based computer intended to provide affordable Internet access. It uses a flash drive, and has no moving parts. BSDi to Become iXsystems, Inc.. The sale of the BSD operating system units to Wind River haven't closed down BSDi. They apparently will be changing their name to iXsystems, licensing BSD/OS from Wind River and concentrating on rack mounted systems, server appliances and advanced systems. New IBM Chips to Drive Innovative, Lower-Power Internet Appliances. While mostly just hype for new IBM chips, this press release states a fairly obvious point of view for the future of computing. "In the PC environment, one proprietary operating system and one standard chip type defined how the products would look and perform. Internet appliances, however, are expected to take many forms, made possible by software like Linux and IBM WebSphere, as well as adaptable chip technology like PowerPC IAP." Linux Stock Index for April 12 to April 18, 2001
LSI at closing on April 12, 2001 ... 29.47
The high for the week was 31.83
Press Releases:Open source
Proprietary Products for Linux
Servers and bundled products
Products and Services Using Linux
Products With Linux Versions
Java Products
Books & Training
Partnerships
Personnel
Financial Results
Linux At Work
Other
Section Editor: Rebecca Sobol. |
April 19, 2001
Warning: Failed opening '/web/docs/lwn/stocks/LLSI.narrow.table.html' for inclusion (include_path='.:/usr/share/pear') in /web/docs/lwn/2001/0419/commerce.php3 on line 102 |
| </ |
Rumors have flourished recently regarding the demise of popular Linux games
maker