![[LWN Logo]](http://old.lwn.net/images/lcorner.png)
![[LWN.net]](http://old.lwn.net/images/bigpage.png)
|
|
|
|
Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise
news for all interests
 Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters
Other LWN stuff:
Archives/search
Recent features: Here is the permanent site for this page. See also: last week's LWN.
|
Leading items and editorialsA challenge for the free software community. One frequently-heard criticism of free software is that it lacks innovation. According to this claim, the free software development process can do well at reimplementing others' good ideas, but is not able to produce those good ideas itself. Free software advocates dismiss that criticism with plenty of counterexamples. But it still hurts a bit sometimes. There is currently an opportunity, however, for the community to show what it can do. A challenge which should be accepted if we want to remain in control of our computing future. That challenge, of course, is Microsoft's ".NET" initiative, and the HailStorm component in particular. HailStorm is Microsoft's bid to be the intermediary in authentication and business transactions across the net. If the company has its way, everybody will have a Microsoft "Passport," which will be required to be visible on the net. The protocols behind this system will be "open" (based on standards like XML and SOAP), but Microsoft will hold the copyrights and decide what is acceptable. It is interesting to note that these protocols have been explicitly designed to be independent of little details like which operating system you're running. Microsoft is saying, essentially, that, at this level of play, who owns the desktop is no longer important. Linux could yet conquer the desktop, but lose the net. Scattered responses have been seen across the community, including .NET implementations, talk of a free C# compiler, or a "dotGNU" framework. But these are catching-up actions. There is little new there; it is more an effort to keep up with what Microsoft is doing. That approach should be seen as a serious mistake. It is time for the free software community to take the lead. Doing so will require the presentation of an alternative proposal. What is needed is a compelling vision of how we will deal with each other on the net of the future. The community needs to design a framework which handles tasks like authentication and transactions, but which meets a number of goals that may not be high on Microsoft's agenda:
The success of the Internet is due to a great many things, but one aspect, in particular, was crucial: nobody's permission is required to place a new service or protocol in service on the net. Where would we be now if Tim Berners-Lee had been required to clear the World-Wide Web through a Microsoft-controlled standards process - and let Microsoft copyright the protocols too? Any vision of the net of the future must include the same openness to be acceptable. The free software community could generate that vision, but it is going to have to set itself to the task in a hurry. It is also, for better or for worse, going to need some serious corporate involvement. Companies are needed to help fund the development of a new set of network standards, make sure they meet corporate needs, and, frankly, to insure that it is all taken seriously. There should be no shortage of companies with an interest in a net that is nobody's proprietary platform. It is time for them to step up and help with the creation of a better alternative. The community needs to act here. Playing a catch-up role in the design of the net of the future is no way to assure freedom, or even a whole lot of fun. Large-scale architectural design is hard to do in the free development mode, but we need to figure out how to do it well. Either that, or accept the criticism that we can't really innovate. The Linux Standard Base, version 1.0, is out. The release happened with surprisingly little fanfare (none, actually) on June 29. We have since gotten an announcement of sorts from the Free Standards Group's Scott McNeil, but the group was clearly more focused on the work itself than publicity. This is, regardless, an important moment. The Linux Standard Base project was conceived in early 1998, with the proposal and call for participation coming out of a Linux Expo BOF at the end of May. Some of the conceptual roots, however, had some out a little earlier when Bruce Perens proposed a new Linux distribution which shared a number of goals with the LSB - in particular, an open, non-commercial reference implementation of the system known as Linux. The LSB was endorsed at the May 30, 1998 Linux International meeting. Its goals included: Rather than require uniformity among distributions, it will define only what is required to boot a system and run an application. The goal will be to build a reference platform quickly, within a two month time-frame, that will be open-source and available to the community. After that, work will begin on a paper standard, estimated to take approximately two years.
Those were optimistic times, of course; in reality, things didn't happen so quickly. Under Bruce Perens' leadership the project got off to a bit of a rocky start, with some serious differences of opinion over priorities - not everybody agreed with Bruce's desire to start with a reference implementation. Bruce's tenure as the leader of the LSB was relatively short, but the project seemed to languish for much longer. It is only in the last year that it appears to have gotten serious and finished out the task. Appearances do not tell the entire story, however. The LSB is a complicated specification, and much of the necessary background work was not immediately visible to outsiders. Other parts of the LSB, such as the Filesystem Hierarchy Standard (FHS), have been available for a long time and have already influenced the development of most distributions. The LSB may have taken longer than desired, unlike most other software projects, but the delays do not indicate a lack of effort or interest. The real purpose of the LSB was, and is, this: to allow the packaging of an application such that it would be installable on any compliant distribution. The vast number of Linux distributions is a great wealth for the user community, but it does present challenges for application vendors. The LSB should make it possible for vendors to support all compliant distributions with a single package. Application vendors like that sort of thing. To achieve this goal, the LSB describes many facilities which must be provided by compliant systems. These include specific library versions and commands, as well as filesystem layouts. In places, it has been necessary to work around entrenched differences between distributions. Thus, for example, there is no defined location for system initialization scripts; instead, a command install_initd which will put a script in the right place must be available. The LSB also envisions a larger role for the Linux Assigned Names and Numbers Authority (LANANA); until now, LANANA has essentially been H. Peter Anvin's work maintaining the device number list. The makeup and governance of LANANA is not clearly laid out. If it is going to take on other tasks (such as registering names of init scripts), its operation should probably be clarified before it has to take on a contentious decision. The key to the success of the LSB, of course, is the degree to which the distributors move their products into compliance. The signs here are good; much of the effort behind the LSB has been put in by the distributors in the first place. Most distributions are not all that far away from compliance, mainly thanks to the longer-term effect of the FHS. LSB-compliant distributions should be available in the near future. There has been a bit of grumbling from some Debian developers, mostly over the fact that the LSB specifies the RPM package format as the standard for application distribution. Debian, of course, does not use RPM. Complaints, however, are both late and unfounded. The decision to go with RPM was made back at the beginning, over three years ago. It does not require compliant systems to use RPM as their native package format; it is sufficient that RPM-packaged, LSB-compliant applications be installable. And, in this context, "RPM" does not mean the moving target that is Red Hat's current format; it is, instead, specified as a subset of the older, version 3 format as documented in Maximum RPM. The Debian alien tool should be more than up to the task. The full, formal rollout will happen at LinuxWorld this August. Between now and then, the LSB crew will be working to get the test suite and sample implementation in shape. No doubt there will be press conferences and photo opportunities as the commercial Linux world shows its unity behind this important standard. But the standard itself is available now. Strong congratulations are in order for all who have worked on the LSB for the last three years. This LWN.net weekly edition is one day early and, perhaps, a bit thin in spots due to the July 4 holiday in the U.S. and staff vacations. We'll be back to our regular publishing schedule next week. Inside this LWN.net weekly edition:
This Week's LWN was brought to you by:
|
July 4, 2001
|
|
Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Security page. |
SecurityNews and EditorialsReport from the USENIX security module BOF. The Linux Security Module project got its start at the Kernel Hackers' Summit back in March; there, Linus Torvalds said that he wanted to see a single, well-defined interface for the addition of enhanced security mechanisms to the Linux kernel. Numerous security hackers have been working on this interface since then; a fair amount of real code has been produced.The security module group met in person, perhaps for the first time, at a BOF session at the USENIX technical conference in Boston. Thanks to Emily Ratliff, we have a summary of what happened there. It is an interesting view into the future of enhanced Linux security. For example: should security-related modules be allowed to implement policy that is more permissive than what the system would do normally? The conclusion at the BOF seems to have been that security modules should only have veto power. This decision restricts the scope of the security policies that can be implemented, but it also makes it easier to have confidence in the security of the resulting system. When security modules can open new doors, they can also open new holes; disallowing this capability for now will make it easier to get a secure framework in place soon. There still hasn't been a decision on whether the Linux capability mechanism should be split out and implemented as a security module. Capabilities are currently wired deeply into the kernel and would take some work to extract. Implementing them as a security module would increase flexibility, however, and provide a heavily-used demonstration of the security module interface. Should security decisions relative to files be made based on the pathname of the file, or on its inode? Different projects have made different decisions in this regard, and the security module structure currently supports both modes. Some fear that this implementation may be seen as an excessive duplication of functionality. Finally, should the security module implementation be submitted for inclusion in 2.5, once that series opens up? Probably not, as it turns out. There's a number of issues still needing to be worked out, including basic things like the locking requirements for security hooks. It would be a good idea, however, to get this patch into 2.5 relatively early. It will need a great deal of testing and review before it is ready for a stable release. A study in scarlet. Shaun Clowes has posted the text of a presentation of his entitled A Study In Scarlet; it covers a long list of security traps in the PHP programming language. PHP provides a great deal of functionality and makes life easy for the programmer, but it also makes it easy to open up security holes on the system. Anybody who writes PHP code for the net should probably have a look at this text, followed by a long look at the code. Another IPFilter license change. The difficulties with the licensing of the BSD IPFilter package were covered in the May 24 LWN weekly edition. Now, according to the OpenBSD Journal, the license has changed again. The new license allows modification and redistribution, and thus appears to be a free software license. It resembles the BSD license, with one exception: it explicitly disallows placing the code under the GPL. Security ReportsUser input validation error in GNATS. Joost Pol found a problem in the GNATS bug tracking system; a properly-constructed URL passed to the help system can result in the reading of any (accessible to GNATS) file on the system. See this advisory for details and upgrade information.
PHP 4.0.5 vulnerabilities.
Joost Pol has reported a couple of
vulnerabilities in PHP 4.0.5. Both of them require that the attacker
be able to load PHP scripts on the target machine. The first involves a
new argument to the mail() function, which can be used to execute
commands on the server. The second is a violation of the "safe mode"
policy which can expose unwanted files to the net. No fix is available at
this time.
web scripts.
UpdatesSamba buffer overflow See the June 28 LWN security page for the initial report on the Samba macro vulnerability.
Previous updates:
scotty (ntping) buffer overflow See the June 28 LWN security page for the initial report of this buffer overflow problem with scotty.
xinetd buffer overflow. Check the June 14th LWN Security Summary for the initial report. The buffer overflow is in the ident logging portion of xinetd, so one workaround to the problem is to disable ident logging. Since then, more extensive problems have been found in string handling in xinetd, and the current round of updates addresses them.This week's updates:
Previous updates:
Zope Zclass security update. This week's updates: Previous updates:
EventsUpcoming Security Events.
For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net. Section Editor: Jonathan Corbet |
July 4, 2001
LWN Resources | |||||||||||||||||||||
|
Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Kernel page. |
Kernel developmentThe current kernel release is 2.4.6, which came out just as this page was going to "press." The changelog shows no additions after 2.4.6pre9, which appears to have been stable for most, if not all users. Alan Cox, meanwhile, is up to 2.4.5ac24. Now that 2.4.6 is out, 2.5.0 release in the near future would not be all that surprising. Quieting the kernel. It all started with a small patch to the journaling flash filesystem (JFFS) code which caused the following to be printed at system boot:
Portions (C) 2000, 2001 Red Hat, Inc.
Also included was a rather pointed comment directed at a competing company
which, it is alleged, had taken liberties with the code in the past.
Linus, as is occasionally his wont, decided that it was time to draw a
line; he turned down the patch saying that he
doesn't like printed copyright messages.
You're allowed to remove offensive printk's, that's not a copyright notice in Linux, that's just a big ugly bother. The copyright notice is that big comment at the top of the file. Later he took the argument further, saying that these sorts of messages should be removed from the kernel: So let's simply disallow versions, author information, and "good status" messages, ok? For stuff that is useful for debugging (but that the driver doesn't _know_ is needed), use KERN_DEBUG, so that it doesn't actually end up printed on the screen normally. At that point the developers got into a full discussion on the utility of these sorts of messages. Those who want them removed, Linus in particular, cite the following arguments:
Just to show that things don't always go Linus's way: he actually backed down, mostly in the face of the debugging argument. So the messages probably will not go away entirely, but they may well become harder to see. The most likely outcome is that driver success messages will be dropped to the KERN_DEBUG logging level, meaning that they will not normally be visible on the console or in the log files. (There is also talk of a separate logging level for these messages, but that seems unnecessary). When the messages are needed, they can be recovered with dmesg, or, for boot failures, by booting with the "debug" option. JFS 1.0 released. IBM has announced the 1.0 release of its Journaled File System (JFS). JFS provides the obligatory journaling capability, of course; it also includes a number of scalability features. The extent-based allocation scheme is set up for the efficient handling of large files, and the data structures are "designed to scale beyond practical limit." Another important feature of JFS is that it requires no changes to the rest of the kernel to install. In this regard, it differs from SGI's XFS, which requires patches to the mainline kernel code. As a result, JFS stands a better chance of being integrated into the 2.4 kernel series than XFS. In the 2.5 series, however, all journaling filesystems are likely to see large changes as the result of memory management changes and the possible implementation of a more general journaling layer. (See also: Steve Best's overview of JFS on the IBM developerWorks site). Concerns about ACPI. The Advanced Configuration and Power Interface is the industry's current answer to power management. It is supposed to fix all of the problems with the older APM specification, and provide a great many new features as well. And, in fact, ACPI does promise some nice things. Kernel hackers have always been a bit concerned about ACPI, however, and the level of that concern seems to be rising as the implementation (led by Intel's Andy Grover) increases in functionality. The concern arises from the complexity of both the ACPI specification and its implementation. There is no doubt that the specification is intense - it is available from the ACPI web site as a 450-page PDF file. The real problem, however, is not the size of the specification itself, but in the way it expects to handle device control. The ACPI specification defines a language called AML ("ACPI Machine Language"), and an (allegedly) human-readable version called ASL ("ACPI Source Language"). An example from the specification:
Device(EC0) {
Name(REGC,Ones)
Method(_REG,2) {
If (Lequal(Arg0, 3)) {
Store(Arg1, REGC)
}
}
Method(ECAV,0) {
If (Lequal(REGC,Ones)) {
If (LgreaterEqual(_REV,2)) {
Return(One)
}
Else {
Return(Zero)
}
}
Return(REGC)
}
}
Think of it as a sort of verbose C++ subset with lots of capital letters and no semicolons and that's probably all you really need to know. BIOS writers are supposed to provide AML code (with the motherboard BIOS or the device itself) which helps each device implement parts of the ACPI specification. Systems implementing ACPI are required to run this code in a privileged mode when required. In other words, to implement ACPI, the Linux kernel must:
The fact that it takes more code to parse and interpret ACPI than it does to route traffic on the internet backbones should be a hint something is badly wrong either in ACPI the spec, ACPI the implementation or both Beyond standard-variety bugs, ACPI code could be a point of entry for surveillance software, "content management" code, and no end of other, malign functions. And it all runs in kernel mode with full access to the system. People don't trust it, and with good reason. Given all that, one could find it tempting to do without ACPI altogether, and that is what most Linux systems do now. Systems are starting to appear, however, which do not implement the old APM standard, meaning that ACPI must be used for power management tasks. And power management is important; anybody running a large server farm in California would certainly be pleased with better control over power consumption. More importantly, however, ACPI is also becoming the means for hardware discovery and configuration in general. There will likely come a time, before too long, when an understanding of ACPI will be necessary simply to get a system up and running, even if power management is of no concern. Itanium systems, already, can not run without ACPI. Ignoring ACPI is not an option. All of this has led some hackers to propose a new approach to ACPI. Instead of implementing the whole specification, interpreter and all, why not put together a minimal subsystem which extracts the needed information from the ACPI tables and ignores the rest? There would be some work involved in this approach; there would certainly be AML control routines which would have to be disassembled and reimplemented. But the result could be a simpler, smaller system that does not need to run external, binary code in order to function. Of course, the ACPI team, which has put years of effort into the current implementation, sees things a little differently. To them, the full ACPI interpreter is the proper way to deal with changes in the hardware industry, and the concerns being raised are overblown. ACPI detractors should, they say, at least demonstrate some real problems before throwing away that much work. It may take years to resolve how Linux will deal with ACPI in any definitive way. The possibility of a dual implementation, where both the minimal and the complete ACPI subsystems are available, is real. Other patches and updates released this week include:
Section Editor: Jonathan Corbet |
July 4, 2001 For other kernel news, see: Other resources: |
|
Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Distributions page.
Lists of Distributions |
DistributionsPlease note that security updates from the various distributions are covered in the security section. News and EditorialsSlackware 8.0. The latest edition of Slackware, Slackware 8.0, has been officially released. This is a major upgrade, affecting almost all the packages in the distribution. It includes KDE 2.1.2 (with Qt 2.3.1), GNOME 1.4, ReiserFS, kernel support for XFree86 4.1.0 DRI, Linux kernels 2.2.19 and 2.4.5, glibc 2.2.3, and all the usual utilities. Additions include ProFTPD, OpenSSH and OpenSSL, mod_ssl and mod_php, and full support for the 2.4 kernel series. The Slackware team also opened a new online store. Playstation 2 Linux kit based on Kondara MNU/Linux. As reported in last week's Distributions page, the PS2 Linux Kit is being based on Kondara MNU/Linux. We now have word that a web site has gone up for this kit, but the site is in Japanese currently. The only English text says that the kit is targeted for the Japanese market only with no plans for overseas distribution at this time. For the hardcore types, a dump of dmesg from a boot of this system is also available. (Thanks to t-nakata) New DistributionsNew secure distribution in planning stages: Blue Linux. A call for participation in a new secure Linux distribution was sent to LWN.net this week. The new distribution appears to be called Blue Linux. Linux Esware. A distribution coming out of Spain, Linux Esware arrived on the Linux scene this past week. Offerings include both server and workstation versions, a 2.4.3 kernel, and an option for XFree86 4.0.2 (3.3.6 comes standard). Mindi Linux. A Mindi Linux update to version 0.26 showed up on Freshmeat this past week. Mindi Linux is a utility to build a distribution from your existing system. New to this release are the ability to generate 2.88MB El Torito bootable floppy images and CD-R(W) images, as well as the usual 1.72MB floppy disk sets. Distribution specific name and kernel versions are also now included in Mindi's boot-up message. MSC.Linux May 2001. The initial release of MSC.Linux was made to Freshmeat this past week. This new distribution appears targeted at high performance desktops. According to the announcement, MSC.Linux is "a lean distribution delivering all the required pieces to support extreme performance computing. This delivery includes Linux kernel and extensions, office productivity tools, engineering tools, Beowulf tools, and engineering desktop. These components will support the common desktop environments, based on the open source desktops, such as KDE or GNOME. Technical support is also available. Distribution NewsSuSE Linux. SuSE Linux announced a their new SuSE Linux Firewall on CD. "Instead of being installed on the hard disk, SuSE Linux Firewall is so-called a live system that enables the operating system to be booted directly from a read-only CD-ROM. Since it is impossible to manipulate the firewall software on CD-ROM, the live system constitutes a security gain. The configuration files for the firewall, such as the ipchains packet filter settings, are placed on a write-protected configuration floppy." At about the same time, the company posted their 7.2 distribution to their FTP and mirror sites for download. Linux Online interviewed SuSE Vice President for Marketing Heiner Maasjost. "Home and small business users will find everything they'd expect in a desktop system - without having to pay the big license fees. You get software such as Netscape Navigator for Web-browsing; Acrobat Reader for reading and printing .pdf files; StarOffice for word processing and other familiar office tasks; the sophisticated computer graphics program GIMP; and e-mail and organizer tools." Debian. The Debian project announced this week that the official freeze on the Woody branch has begun. The freeze will be comprised of a four part process, starting with a freeze to policy, followed by freezes to the base system, standard installs, and finally the remainder of the Debian packages. The upcoming week will also be a busy one for the Debian Project, with four exhibitions and conferences taking place in France, the United Kingdom, Germany and Mexico. Look for the Debian Project at Debian One (France), UK Linux Expo 2001, LinuxTag 2001 (Germany) and CompuVenta 2001 Mexico. In their Weekly News summary the Debian project noted discussion on a Debian-BSD project has picked up yet again. This project has never gotten past the chat stage in the past, however. A pointer to using GCC3.0 with Debian was also provided. Mandrake. The latest issue of Mandrake Cooker Weekly News was posted on Monday. Discussions included a new tool for Mandrake Control Center called logdrake, the new XFCE 3.8.3, and a look at NetHack, one of the oldest games available for Linux. Also in the news this week for Mandrake was the announcement that the new Mozilla 0.9.2 release was available in RPM format from the Cooker mirrors. Trustix Secure Linux 1.5 release candidate. Trustix has posted news of the first release candidate for the Trustix Secure Linux 1.5 distribution. Minor Distribution updatesROCK Linux. The ROCK Linux team announced that they will be at the upcoming LinuxTag conference, July 5-8, 2001 in Stuttgart, Germany. The team will be demonstrating ROCK Linux running on a Compaq AlphaServer DS20, thanks to the assistance of Compaq Germany. Redmond Linux build 35. A new build of Redmond Linux was released this past week. Updates include a new Linux kernel (2.4.5-ac13), Mozilla 0.9.1, XFree86 4.1.0 and updated Glide libraries. Vine Linux. Version 2.0 for the PowerPC of the Vine Linux distribution was announced this past week. The Japanese site provides more detailed information. Distribution ReviewsReview: Trustix XSentry Firewall 1.5 (Duke of URL). The Duke of URL reviewed the Trustix XSentry Firewall distribution this past week. "I have to give kudos to Trustix for including excellent documentation. They have gone to great lengths to make sure you can easily configure your system and have everything you need at your finger tips. The documentation resides on the CD in a PDF file, which I had open in Acrobat Reader on the client system." Section Editor: Liz Coolbaugh |
July 4, 2001
Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.
|
|
Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters See also: last week's On the Desktop page.
|
On The DesktopSpell Checkers and Dictionaries.
Spell checking on Linux is always tied to a dictionary of one form or another. The dictionaries are provided either locally or across the network at remote servers. Many spell checkers are actually back end tools that communicate with dictionary databases, often using high level GUI-based front ends or simple command line interfaces. Databases. dict. This natural language client/server dictionary protocol specification, also known as RFC2229, has been implemented in a variety of programming languages, ranging from C to Rebol, and on a number of platforms. Servers provide dictionary look up mechanisms while client tools (either as backends or directly from front ends) make requests. A complete list of freely available databases (see middle to bottom of link page) is available, with some already converted to dict format. The list includes Webster's Revised Unabridged 1913 Dictionary, Eric Raymond's The Jargon File, the Dictionary of Technical Terms for Aerospace Use, and The U.S. Gazetteer (1990) census bureau information. Internet Dictionary Project. One of the projects that supports the dict protocol is the Internet Dictionary Project. This is a royalty-free language translation project. Backends. ispell. The grand daddy of spell checkers for Unix systems was known simply as spell. This was a useful tool for English speakers but lacked international support. Ispell, which also began life as spell but was changed in 1974 (or possibly 1978), supports multiple language dictionaries. Ispell contains direct support for files formatted using LaTeX, nroff and troff. Since neither spell nor ispell is particularly user friendly they tend to be used with simple front end tools such as the popular ispell.el Emacs module. Unfortunately, documentation on using ispell under emacs is rather limited, unless you like reading source code. Note that the generic spell command found on Linux systems today is actually a wrapper around the GNU ispell command using the -l command line option. aspell. Aspell is the expected replacement for ispell, providing both multiple language support and better word replacement algorithms. There are a large number of language-specific dictionaries available for use with aspell. While aspell provides better replacement suggestions, it doesn't support editing nroff formatted files. Like ispell, aspell itself isn't particularly user friendly. In fact, Aspell isn't intended to be used directly, even as an API. The developers of this spell checker recommend the use of pspell as the API instead. pspell. Intended as a generic interface to spell checkers, pspell is now used in some of the more popular editing packages available for Linux, including Balsa, Lyx, Mozilla, and AbiWord. This package is not an end user tool, however. It is a library of functions linked into other programs. Those other programs provide the front ends to the spell checking system. Think of pspell as one of the only middlemen in the spell checking market. KSpell. Another programming interface, KSpell provides functions for accessing a backend dictionary. The default backend for KSpell is ispell. KSpell is already in use in a number of base KDE applications including KMail, KEdit, and KWrite. Frontends.
gidic. This GTK+ based tool provides a front end to the Internet Dictionary database. Ding. Ding is a Tk based front end to multiple dictionaries, including both dict and ispell dictionaries. It provides English to German to English translations and even includes a thesaurus lookup utility. KDict. Possibly the most sophisticated of the spell checker tools is KDict. The interface supports Unicode displays for language translations of words and selection of multiple databases for lookups. Unfortunately the provided Red Hat 7 RPMs don't seem to work, but the source seems to build easily enough. WordInspector. Another GTK+ entry, this one uses a dict backend dictionary for its lookups. Features are limited to searching for the word entered in a dialog box or having the program use the highlighted text from the X Clipboard. Emacs/XEmacs. This is a slightly more powerful Emacs front end than ispell.el or flyspell.el. It connects to a dict-based backend dictionary. The module provides hypertext lookups on text within a previous lookup which makes nested searches fairly straightforward. It also provides for backwards navigation of the nested searches. Even better - this package provides some real documentation on how to use it (though you still need to be familiar with Emacs before you attempt it). gdict. (Web site may not work) Gdict is the GNOME interface, written in C using the GTK+ widget set, to the MIT dictionary server. It simply contacts the server with the request and returns the definition. Originally included with GNOME 1.2, you can now download it with the larger gnome-utils package. flyspell.el. Like its ispell.el cousin, flyspell.el is an Emacs front end to the ispell spell checker. Flyspell works on the fly, however, providing recommendations to misspelled and unknown words as you type. The ispell.el version, on the other hand, requires a manual pass over the document to search for and update spelling problems. Translators. QTrans. This tool is a translator based on KDE and the Windows-based (and commercial) Babylon dictionaries. You need to download the dictionaries before you can use the software, of course, but the dictionaries can currently be downloaded for free. User choice. The trick to finding a spell checker (or dictionary tool) is to decide whether you need a simple dictionary lookup used manually or if you need some form of dictionary and spell check feature added to your application. A number of these tools can be launched from a script and use the highlighted text from the X clipboard (for example, highlighting text in Netscape). Others are more interactive in nature, such as gaspell. Like most things in Linux, its a matter of user choice, and needs. It might interest readers to note that LWN.net uses emacs together with flyspell and ispell modes to edit the weekly pages. Unfortunately, in a world dominated by acronyms and creative code names, we still manage to let a few bad spellings slip by.
KIllustrator author fined by Adobe (Heise Online). Adobe has set lawyers in Germany against the author of KIllustrator (German language news). According to the Babelfish translation (which is exceptionally poor) it appears that Adobe never contacted the author about changing the name of the program prior to sending lawyers after him and the University of Magdeburg. The official word posted by KIllustrator author Kai-Uwe Sattler to the KOffice Developers mailing list was more to the point: "I have just received a dissuasion from an Adobe lawyer the name "KIllustrator" would violate Adobe's trademark and I should pay 2500 euro." The KIllustrator web site is currently down pending resolution of this issue. (Thanks to Thomas Meinders) The thread which followed the announcement in the KOffice Developer list was interesting in that at least one person felt compelled to denegrate trademarks. Remember that trademark law is what prevented William R. Della Croce, Jr and a Korean company (and others) from usurping "Linux" in countries outside the US for something other than our beloved OS. While patents are arguably a problem, copyrights and trademarks can serve a useful purpose. That said, Adobe has some serious issues to resolve here. The first is the fair use of the term "Illustrator". In essence they have to prove that Illustrator (in capitilized form) is more protected than, say, Word or Draw. Second, the student who is being sued isn't the copyright holder of the application. The "KOffice Team" is. Adobe has to show that the individual holds the responsibility for the application name in some way. Guilt by association probably won't be enough in this case. The student simply managed the web site on his University's computers. And if Adobe can't attack the individual, they'll have to step into deeper waters - how do you sue an unofficial (re: not officially organized by law) group for compensation? The truth is, Adobe could have just asked for a name change, but they didn't. Instead they went for monetary compensation. It's possible such tactics are required in order to show claim to existing trademarks, but we're not lawyers here at LWN.net. And the actual outcome of this action may lay a foundation for future encounters between existing products and open source alternatives. So how should the community react? It shouldn't - it should be proactive. Many projects start life with an intended goal of replacing an existing commercial application. It is easy to name a project something that won't, even to the most thorough examiner, be misconstrued to be taken from the original product's name. Common sense rules here. If your project has taken its name based on a commercial product with matching features or target use, then change it. And speaking of conversion.... One of the most overlooked tools on Linux has got to be units, one of the many GNU provided utilities. This package allows the user to specify a measurement in one format and have it converted to another. For example, to convert from feet to meters you could try this command:
You have: 10 feet
You want: meters
* 3.048
/ 0.32808399
The number of supported unit types is long. Running the program with the
-V option will tell you where the configuration file is located. You can
view this file with any editor to find a measurement of interest.
Other fun conversions you can try:
mjhammel(tty8)$ units -v
2112 units, 59 prefixes
You have: 1 mile
You want: nauticalmile
1 mile = 0.86897624 nauticalmile
1 mile = (1 / 1.1507794) nauticalmile
You have: 1 homestead
You want: acre
1 homestead = 160 acre
1 homestead = (1 / 0.00625) acre
You have: 5 gallon
You want: hogshead
5 gallon = 0.079365079 hogshead
5 gallon = (1 / 12.6) hogshead
You have: 1 egg
You want: pound
1 egg = 0.11023113 pound
1 egg = (1 / 9.0718474) pound
Unfortunately, it won't tell us how many eggs are in a hogshead or will
fill a homestead. At least not without complaining.
Desktop EnvironmentsKDE moved to LXR. The entire KDE source tree has been moved to LXR. According to Kurt Granroth, this is a major improvement in cross referencing. "If I go to the KConfig class in LXR, though, I see that all objects and methods in the file are hyperlinks. If I click on KConfig, I get a list of where it is defined, where it is declared as a forward declaration, and where it is referenced (in 939 files!). I can click on any of those links to go directly to where it is used." Kernel Cousin KDE #15. Despite the recent departure of Mosfet, the status of his code was not the most talked about thing on the KDE mailing lists this past week, according to Kernel Cousin KDE. The more pressing topics included compiling KDE with the new GCC3 compiler and multithreading issues. KDE 2.x Systems. How many systems does KDE 2.x run on? The Dot counts, "... three BSDs, eight Linuxes and four other Unices, ... " GNOME Board Meeting, 26 June 2001. The summary of the weekly GNOME Board meeting has been posted. GNOME 1.4 programming book(in Japanese). A new text on programming with GNOME 1.4 has been published in Japan, according to this report from the GNOME News web site. Office ApplicationsThe StartX Files: An AbiWord to the Wise (LinuxPlanet). The first of what is promised as a series on word processor reviews has been posted over at LinuxPlanet. The first review examines the GNOME Office entry - AbiWord. "Since the whole thing's built with GTK, then of course there is no anti-aliasing in sight, so on-screen fonts in AbiWord are the usual Linux fun-fest of jagged edges. If I seem embittered about this, you'd be correct. The lack of anti-alias support in this area of open source development is just one more glaring example that proprietary developers can point too and say 'See? They can't even manage that.'" AbiWord Weekly News #50. The AbiWord Weekly News #50 has been released. Printing on UNIX has been improved, bugs have been squashed, and much more. KWord 1.1beta3 review. KDE Dot News noted the beginnings of a review of KOffice 1.1 Beta 3. The review currently only covers KWord (over 5 pages - be sure not to miss the link at the bottom of each page to navigate to subsequent pages). "After I finished entering my bogus financial information, I moved the mouse cursor out of the KSpread frame, and clicked on the KWord document. Then I created the border by selecting the KSpread frame. This is different from selecting the KSpread object and editing it. The way KWord works is to place the KSpread object in a frame, which gave me the flexibility to resize, add borders, and layer other frames on top of it." Eventually, the reviewer expects to cover all the major applications in KOffice. 1st release of GnomeMeeting. The first public release of GnomeMeeting, an H.323 compatible video conference client, has been announced over at Gnotices, the GNOME News site. Desktop ApplicationsGIMP 1.2.2-pre3. The GIMP development team has released another release candidate for the 1.2.2 version. Release 1.2.2-pre3 is available from the official GIMP FTP site and its mirrors. And in other news...Ford looks to open source (Silicon.com). Ford Motor Company's European division is looking to replace up to 33,000 desktop systems with open source systems running either KDE or GNOME, according to this story from Silicon.com. "Asked if he would consider a Linux desktop, he said `I think ultimately we will look for an open source desktop. I think that's eventually where the industry will go.`" Programming Linux Games (NoStarch). No Starch Press and Loki Software today announced a new text for developing games for Linux. Programming Linux Games: Learn To Write The Games Linux People Play, which covers development tools and gaming APIs, including the Simple DirectMedia Layer (SDL), is produced by Loki Software. Section Editor: Michael J. Hammel |
July 4, 2001
| ||||
|
Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Development page. |
Development projectsNews and EditorialsCross-Language development An article on the use Perl site notes the creation of a new mailing list for language developers. The list is meant to include developers of Perl, Python, Tcl, and Ruby developers and has been set up to discuss common problems in language development including Unicode, threads, and numeric conversion.This list represents the kind of collaboration that is only likely to occur in an open-source software environment where everybody is free to share their ideas as well as their source code. Normally, developers of those three languages work in a friendly competition mode, it is heartening to see that they are also trying to work together for the gain of all. Developers of other languages should also consider the idea of this type of cross-pollination effort. The idea could also be tried with other open-source projects that involve parallel work on similar projects. Areas that seem likely to gain from such a collaboration include KDE, Gnome, and other window environments, database projects, CAD/CAM projects, game developers, and audio editor packages, just to name a few possibilities. It will be interesting to see if the mailing list proves to be beneficial to its members. AudioAlsa 0.9.0 beta 5 released. A new beta release of the Alsa sound driver has been announced. This release features uniform support for multichannel cards and raw IEC958 (S/PDIF) audio interfaces. CORBAomniORB 4.0 and omniORBpy 1.4 available. AT&T has released a preview version of omniORB, a CORBA2 ORB and omniORBpy, a CORBA to Python mapping. The current stable version of omniORB is 3.0.4. The omniORB project is being released under a GPL license, the libraries are being released under the LGPL license. Embedded SystemsHoney, I shrunk the Linux system! (LinuxDevices.com). LinuxDevices.com looks at the movement towards SBC's (single board computers) running embedded Linux, in this case using the CerfCube as an example implementation. InteroperabilityNew Wine Snapshot. The was announced on June 29, 2001. The new version contains better font metrics support in the PostScript driver, an in-progress major window manager redesign, 64 bit file size support, and several bug fixes. ScienceReview: Free Practice Management (Linux Med News). Ignacio Valdez from Linux Med News reviews FreePM, an open-source medical practice management system. "This is the first review of an open source medical software project that LinuxMedNews has done. That this review is possible is a milestone in and of itself as only recently has open source medical software come far enough for a useful review. What is more astonishing however, is that FreePM has reached its current beta 3 state of development in only 1.5 years. According to the company, it is ready for comparison to its closed-source competitors that cost far more." FreePM has a GPL license and is based on Zope and Python. System AdministrationPowertweak 0.99.1. A new version of the powertweak tool has been released. Powertweak allows users to configure CPU, network and other low level hardware options using a graphical or curses based interface. (Thanks to Lenz Grimmer) Web-site DevelopmentZope Weekly News. The July 1, 2001 issue of the Zope Weekly News is out. This issue looks at the EuroZope Conference, Zope sales, and the Zope 2.4 beta 2 release. Zope 2.4.0 beta 2 released. Version 2.4.0 beta 2 of Zope has been released. This version supports and requires Python 2.1, and includes improved WebDAV support, product refresh without restart, and more. Analog version 5.02 released. Version 5.02 of the Analog web log analyzer is available. This release features improved support for non-English languages. Window SystemsNew releaes of Gtk-Perl. A new release of the Gtk-Perl bindings (version 0.8008) has been released. It can be retrieved from the CPAN archives or from the Gtk-Perl web site. Section Editor: Forrest Cook |
July 4, 2001
|
|
|
Programming LanguagesCamlCaml Weekly News. The June 27 through July 3, 2001 edition of the Caml Weekly News is out. Topics include an ocaml-ldap binding, a Functional Constraint Library over integer finite domain, and A preliminary Caml/Java interface. FORTRANg95 Progress. Work continues on the g95 Fortran 95 compiler project. The developers have been making steady progress towards the goal of a running compiler. JavaJanos Virtual Machine v0.5.0 released. Version 0.5.0 of the Janos Virtual Machine has been released. "The Janos Virtual Machine (JanosVM) is an Open Source virtual machine for executing Java bytecodes. Unlike any available virtual machine, the JanosVM supports multiple, separate process-like entities (called 'teams' in the JanosVM) within a single VM, without reliance on any underlying OS or hardware support for such separation." JSP Security for Limiting Access to Application-Internal URLs (O'Reilly). Jamie Jaworski writes about securing Java based web applications in an O'Reilly OnJava article. "A Web application that is accessible via several URLs is susceptible to URL-probing attacks. You may intend that your users access the individual application URLs in a way that makes sense for your application. However, some users (and most hackers) may not comply. Instead, they'll jump straight to the middle of your application and request URLs that are carefully calculated to circumvent your application's security features." LispLisa 0.9.3 Beta released. A new beta release of LISA has been released. LISA version 0.9.3 Beta contains a number of building and portability updates. ECLS 0.2 released. Version 0.2 of ECLS, the Embeddable Common Lisp "Spain" has been released. This version features rewritten error system, an included ANSI test suite, and bug fixes in the bytecode compiler. PerlPerl Leads Sun Web Client Survey (use Perl). A informal survey of Web languages, first noted at use Perl, shows that developers appear to use Perl more than PHP, C or JSP for Web development. The original survey can be found on Sun's Solaris Developer Connection. Perl.com gets revamped. O'Reilly has revamped the perl.com site. It looks more like an O'Reilly site now and has a slight problem with page width. The site carries some new articles, including one which explores the question of converting Perl code to C. YAPC::America 2001 Reports. Reports from the recently concluded YAPC::NA 2001 event have been placed online. Object technologies and HTML templates in CGI programming (IBM developerWorks). Eugene Logvinov illustrates the use of object oriented Perl applied to cgi scripting in an IBM developerWorks article. "Object-oriented implementation in CGI-scripting is unpopular, as I discovered while trying to find a good guestbook script. I wanted a script that I could easily modify by changing the design, adding new features, etc., and that I could use to build a forum. Of the thirty free guestbook scripts on the Web, none was suitable for me. So I turned to object technology as a solution for reusable Web applications based on HTML templates." For more background on Perl cgi programming, the same author also looks at the Perl CGI.pm module in another article. (Thanks to Kelli Wiginton.) Perl 5 Porters for July 2, 2001. The July 2, 2001 edition of the Perl 5 Porters is out. Topics include freestanding modules, testing mechanisms, and more. This Fortnight in Perl 6 (17 - 30 June 2001). The Perl 6 Porters for the most recent fortnight is out. Topics include a comparison of Perl to Java, Multiple classifications, the internal string API, and more. PHPPHP Weekly Summary for July 2, 2001. The July 2, 2001 edition of the PHP Weekly Summary has been published. Topics include dealing with out of memory conditions, issues with upgrading DOMXML, the Zend Engine 2 roadmap, the pcntl extension, the MetaL - XML Meta Language compiler, and more. PythonFunctional programming in Python, Part 3 (IBM developerWorks). In this next installment of a series on Python programming, author David Mertz examines higher order functions of the Xoltar Toolkit. SOAP.py 0.9.7 released. Version 0.9.7 of SOAPpy, a SOAP implementation in written in Python, has been announced. This version features several bug fixes and the ability to specify an http_proxy. SchemeNew Scheme FAQ available. The Scheme Language FAQ has been rewritten and is available online. Scheme is a derivative of Lisp. Tcl/TkDr. Dobb's Tcl-URL! for July 2, 2001. The July 2, 2001 issue of the Dr. Dobb's Tcl-URL! includes discussions ranging from compiling Tcl with the free Borland C++ 5.5 compiler, to a Tcl binding for FLTK, to the desktop publishing package Impress. XMLElectronic Publishing with XML (O'Reilly). John McKeown and Benjamin Jung look at the process used to generate the XML Europe 2001 conference proceedings. The proceedings were written in XML, of course. "In the past, the proceedings for XML Europe have been available in both paper and electronic formats. For various reasons, the conference organizers, GCA, discarded the paper version this year and opted for an electronic publication only. This was distributed on CD-ROM to each of the conference delegates. Additionally, the GCA used this publication as the basis for an online version on their web site. XML technologies were used throughout the creation process." XML on the Cheap (O'Reilly). Ed Dumbill looks at several free XML tools and resources in an O'Reilly XML.com article. "If you're new to XML, or simply want a starting point to play around with it a little, there are plenty of resources on the Web you can use for free, many without even installing software on your computer. Section Editor: Forrest Cook |
Language Links Caml Caml Hump Tiny COBOL Erlang g95 Fortran Gnu Compiler Collection (GCC) Gnu Compiler for the Java Language (GCJ) Guile Haskell IBM Java Zone Jython Free the X3J Thirteen (Lisp) Use Perl O'Reilly's perl.com Dr. Dobbs' Perl PHP PHP Weekly Summary Daily Python-URL Python.org Python.faqts Python Eggs Ruby Ruby Garden MIT Scheme Schemers Squeak Smalltalk Why Smalltalk Tcl Developer Xchange Tcl-tk.net O'Reilly's XML.com Regular Expressions |
|
Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Commerce page. |
Linux and BusinessLinux Applications Increase More Than 30 Percent. Still hearing that tired old line, "Not enough applications run under Linux." ? This press release from IBM, announcing a 30 percent growth in the number of enterprise-level applications for Linux in the last six months, counters that argument. IBM claims there are now more than 2,300 Linux applications available from IBM and the industry's top independent software vendors (ISVs). IBM is working with ISVs like SAP (e-business software solutions); QAD (collaborative commerce applications); SAS (business intelligence, e-commerce and customer relationship management solutions); and many others, to provide a wide range of applications running under Linux on Intel platforms and IBM mainframes. IBM and the Open Source Community Deliver New Enterprise Capabilities to Linux. IBM announced a series of Linux technologies developed in conjunction with the open source community to enhance the enterprise capabilities of Linux. These include a Journaled File System (JFS) for Linux (covered in this week's Kernel page, Version 1.0 of Next Generation POSIX Threading (NGPT), and the Linux Test Project, "a project for the discussion, development and posting of open source test suites". YesSoftware Releases 15 Open Source Web Applications. YesSoftware announced the launch of www.GotoCode.com, a new community website with open source applications in PHP, Perl, JSP, ColdFusion, ASP and ASP.NET/C#, generated using CodeCharge, the company's new code generator. In addition to source code, the site provides examples, tips and tutorials and provides a discussion forum for the developers and users of CodeCharge. Toshiba Picks Hard Hat Linux for Embedded Processors. MontaVista Software Inc. announced a deal with Toshiba Corporation to develop embedded products for the printer, set top box and digital television markets. MontaVista's Hard Hat Linux will initially be ported to Toshiba's TX39 and TX49 embedded processor families. Court overturns Microsoft remedies. We don't really want to cover MS, but for those who are interested, the ruling can be found at the USCourts site. Linux Stock Index for June 28 to July 03, 2001.
LSI at closing on June 28, 2001 ... 29.51
The high for the week was 30.03
Press Releases:Open source products
Distributions and bundled products
Proprietary Products for Linux
Products and Services Using Linux
Products With Linux Versions
Books & Training
Investments and Acquisitions
Linux At Work
Other
Section Editor: Rebecca Sobol. |
July 4, 2001
Warning: Failed opening '/web/docs/lwn/stocks/LLSI.narrow.table.html' for inclusion (include_path='.:/usr/share/pear') in /web/docs/lwn/2001/0704/commerce.php3 on line 84 |
|
Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Linux in the news page. |
Linux in the newsRecommended ReadingLinux standard eases programming (News.com). C|Net looks at the impact of the newly released LSB (Linux Standard Base). "Further standardizing Linux is a key part of making it easier for companies to make software that works on Linux. But [executive director for the nonprofit Free Standards Group Scott] McNeil doesn't believe it will remove the need for companies to certify their software as working with a particular version of Linux." Linux: At a Turning Point? (IEEE Computer Society). This article from the IEEE Computer Society discusses some of the perceived problems with Linux and shows, in most cases (though not all), that the problem is mostly in the perception and not the implementation. "The LSB has already released the Filesystem Hierarchy Standard, which SuSE and other companies are using. FHS aims to standardize file and directory locations within Linux systems, which would make it easier for the different distributions to run and compile applications without developers having to write multiple versions of their programs. The LSB expects to complete version 1.0 of its overall standard this summer." Jargon File 4.3.1. Eric Raymond released a minor update to the Jargon File today with few new entries but lots of minor corrections. Why is Microsoft Attacking the GPL? (Linux Journal). An editorial from Linux Journal uses historical context to examine some of the possible reasons Microsoft has accelerated its attacks on Linux. "Business history teaches the following lesson: When a market-dominating firm engages in a FUD campaign of this magnitude, it's not merely because they're scared of competition from a new market entrant. Often, it's because the new market entrant is seen to challenge the business model that has enabled the market-dominant firm to make huge gobs of money." Is BSD the tortoise? (ZDNet). The BSD world is to Linux as the tortoise is to the hare, or so this ZDNet article says. And even Apple would do best to let them continue unabated. "If Apple didn't have to allocate engineers to maintaining Apple-only variants, it could spend more time improving and innovating its OS. Hiring Jordan Hubbard will hopefully add considerable momentum to the improvement of this situation. Such improvement would benefit Apple and its customers, but would also provide ample benefit to the FreeBSD community in the long run as well." Hoax virus alert targets MP3 (Register). The Register reports on a hoax warning to MP3 users about a virus in downloaded music files. "Jack Clark, European product manager at Network Associates, said that it was impossible to spread malicious code through MP3 files, which are data files that cannot execute by themselves." Others consider the possibility of an MP3 virus to be a real threat, see this week's LWN letters section for more on the topic. Linux On Steroids (TechWeb). TechWeb looks briefly at the Sandia National Labs Linux-based supercomputer cluster software known as Cplant. CompaniesIBM prods Linux toward bigger servers (News.com). IBM releases several new software components to help make Linux perform better on high end computing systems. "IBM's JFS isn't the only journaling file system in development. Others include ext3, ReiserFS and XFS, version 1.0 of which SGI released in May." Caldera looks to make money from Linux (IT-Director). IT-Director thinks Caldera's per-seat license makes reasonable business sense if Linux is to penetrate further into the IT world. "It points out in its press release that this is aimed at commercial users who should not be too concerned at the $59 price tag. At the same time Caldera will be enhancing the credibility of its own business as well as the overall view of the Linux marketplace without taking too much away from any individuals." Solaris blueprints still open to viewing (News.com). Sun has reversed its decision to end the program allowing users to view, but not change, the Solaris source. VA Linux Scaling Back (Wired). Wired News reports on the changes at VA Linux. "In a press release issued Wednesday afternoon, VA Linux CEO Larry M. Augustin called the shift in strategy a logical move. 'Our differentiating strength has always been our software expertise,' Augustin said." VA Linux quits hardware ahead of PC bloodbath (Register). Here is The Register's take on VA's change in direction. "VA says it expects its revenues to decline steeply - with its burn rate cut to $8 million a quarter. On that reckoning, its $70 million cash pile expires by early next year, and it remains to be seen if VA will by then be attractive enough to be acquired by one of the more Linux-clueless commodity box shifters such as Dell, or as an in-house development team for one of the big five consultancies." VA Linux Gives Up The Hard Stuff (Forbes). Forbes says that VA's statement that the shedding of its hardware business is a s |
