![[LWN Logo]](http://old.lwn.net/images/lcorner.png)
![[LWN.net]](http://old.lwn.net/images/bigpage.png)
|
|
|
|
Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise
news for all interests
 Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters
Other LWN stuff:
Archives/search
Recent features: Here is the permanent site for this page. See also: last week's LWN.
|
Leading items and editorialsLinux distributors are branching out in their attempts to find ways to make money with free software. Here's a couple of interesting announcements from the last week:
The common thread here shows where the money may really be in the Linux distribution business: providing integrated solutions that "just work." Linux enthusiasts are happy to pull together software from several sources and make the combination work well. People who are experimenting with deploying Linux in their companies often prefer not to have to do that; if they can get a single CD set (or 3490 tape) with everything they need, their lives are easier, and they feel more confident in proceeding. So it would not be all that surprising to see the number of distributions actually increase in the future, even if the number of distributors drops. And the real winners may be the company that can crank out special-purpose, customized distributions in a way similar to how Dell cranks out computers. Customers who get exactly what they need tend to come back for more. On the costs of full disclosure. A message on the Bugtraq list asked can we afford full disclosure of security holes?. The motivation for the posting was, of course, the Code Red worm, which, according to some of the more breathless accounts, has cost billions of dollars worldwide. Implicit in the posting is a claim that Code Red would not have happened in the absence of the advisory and exploit posted by eEye. eEye, of course, denies (convincingly) that its advisory enabled the Code Red worm in any way. But what if it had? Is full disclosure of security vulnerabilities an irresponsible act? In the proprietary software world, it is tempting to say that only vendors should be given details of vulnerabilities. They can then fix the problem and get patches in the hands of their customers without making exploit information available to the bad guys. This view misses some important points, however. One is that malware authors will figure out the problems anyway; a clever cracker with debugging tools will be able to determine just what problems a binary vendor patch fixes. Even if the license agreement says they can't do that. Vendors also tend to be slow about fixing problems until there is a real need. Independent vendors of security products and services have a legitimate interest in the details of security problems. But the real point is that those who use buggy software - and that is all of us - have a right to know about the problems in the programs we run on our systems and depend on. Proprietary software vendors, of course, like to withhold such information; that has a lot to do with why many of us use free software instead. In the free software community, there really are no alternatives to full disclosure. Once the source for a patch has been released, all the details are easily available anyway. And the free software community only benefits from its preference for not hiding problems in general. So free software users need not be involved in this debate. But the truth of the matter is that the situation is not all that different for proprietary software. The information will get out - crackers have a sort of full disclosure policy of their own. Anything other than full disclosure on the "white hat" side serves only to put people with vulnerable systems (i.e. all of us) at a disadvantage. LWN Coverage of the O'Reilly Open Source Convention.
A note to our readers. A few of our readers with eagle-eyes will have noticed that Managing Editor Liz Coolbaugh's name has been missing from the section by-lines for a couple of weeks. Here's the scoop: Liz has been ordered by her doctors to take a medical leave of absence and will therefore not be contributing directly to the journalistic side of LWN.net for a period of time. Liz, get some rest, we're looking forward to having you back. Those who are interested should see the message to our readers from Liz. Meanwhile, the rest of us are clearly going to have to scramble to fill the gap left by Liz's absence. This scrambling will likely include cutting back on LWN's content for a while; we're still working on what the exact changes will be, but they will be intended to keep LWN on a sustainable basis while not sacrificing that which makes us truly valuable to our readers. Stay tuned. Inside this LWN.net weekly edition:
This Week's LWN was brought to you by:
|
August 16, 2001
|
|
Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Security page. |
SecurityNews and EditorialsWarhol worms? Nicholas C Weaver has done a worst-case analysis on just how quickly a virulent worm could infect essentially all of the vulnerable systems on the net. The answer: 15 minutes. One could quibble with the details and assumptions of the analysis, but the answer remains the same. A carefully-written worm could propagate worldwide in a very short period of time.This, of course, is a scary result. In 15 minutes, very little can be accomplished with things like security alerts, worm analysis, and patches. By the time anybody knows there is a problem, it's over. Some malware writer is sure to see an analysis of this type as a challenge; the probability of a high-speed worm in the near future seems high. The net, as it stands now, is a frighteningly vulnerable place. The August CRYPTO-GRAM newsletter. Bruce Schneier's CRYPTO-GRAM newsletter for August is out. Topics discussed include Code Red and the arrest of Dmitry Sklyarov. The truth is that we all got lucky. Code Red could have been much worse. It had full control of every machine it took over; it could have been programmed to do anything the author imagined, including dropping the entire Internet. It could have spread faster and smarter. It could have exploited several vulnerabilities, and not just one. It could have been stealthier. It could have been polymorphic.
The newsletter also points to a biography of 'Alice' and 'Bob' by John Gordon that is well worth a read. Against all odds, over a noisy telephone line, tapped by the tax authorities and the secret police, Alice will happily attempt, with someone she doesn't trust, whom she cannot hear clearly, and who is probably someone else, to fiddle her tax returns and to organize a cout d'etat, while at the same time minimizing the cost of the phone call. A coding theorist is someone who doesn't think Alice is crazy.
Security ReportsBuffer overrun vulnerabilities in fetchmail. "antirez" (Salvatore Sanfilippo) has posted an advisory regarding two buffer overrun vulnerabilities in the much-used fetchmail program. Given a hostile server, arbitrary code can be run on the system running fetchmail. The solution is to upgrade to fetchmail 5.8.17. Distributors have been a bit slow in coming out with updates; here's what we have so far.Debian security update to Window Maker. The Debian Project has issued a security update to Window Maker fixing a buffer overrun problem that could, conceivably, be exploited remotely. Debian groff update. Debian has posted a security advisory for groff to address printf format string vulnerabilities. No other distributors have yet issued updates for this problem. Local root vulnerability in TrollFTPD. The TrollFTPD FTP server contains a buffer overflow problem which could result in root access for local users. The solution is to upgrade to version 1.27 or later. Note that the Pure-FTPd server, which is derived from TrollFTPD, is not vulnerable to this problem.
web scripts.
Proprietary products. The following proprietary products were reported to contain vulnerabilities:
UpdatesVulnerabilities in Horde IMP Horde IMP has several vulnerabilities which are fixed in version 2.2.6; see Bugtraq ID's 3066, 3079, 3082, and 3083 for more details.Previous updates:
Previous updates:
This week's updates: Previous updates: Squid httpd acceleration ACL vulnerability. This vulnerability could result in unauthorized access to the squid server. See the July 26 Security page for details.This week's updates: Previous updates:
Multiple vendor telnetd vulnerability. This vulnerability, originally thought to be confined to BSD-derived systems, was first covered in the July 26th Security Summary. It is now known that Linux telnet daemons are vulnerable as well.
This week's updates: Previous updates:
Previous updates:
Progeny also gets moving. Progeny Linux systems also caught up on its security updates this week. Beyond the alerts listed above, we have: ResourcesThe Log Analysis mailing list has been announced. This list exists for people interested in setting up and using a central logging infrastructure; "most of the discussion will focus on the care and feeding of syslog"Linux Advisory Watch. The LinuxSecurity.com Linux Advisory Watch for August 10 is out, as is the Linux Security Week Newsletter for August 13. Linux IPsec Gateways Using FreeS/Wan. SecurityFocus has put up a beginner's article on setting up FreeS/WAN. "FreeS/WAN has one interesting feature that makes it distinct from most other IPsec implementations: DES encryption is unsupported. According to the FreeS/WAN home page, 'DES is, unfortunately, a mandatory part of the IPSEC standard. Despite that, we will not implement DES. We believe it is more important to provide security than to comply with a standard which has been subverted into allowing weak algorithms.'" A new system fingerprinting tool. Xprobe is a new operating system identification tool by Ofir Arkin and Fyodor Yarochkin. It claims more accurate results while needing to send fewer probes to the target system; there is also a white paper describing how it all works. Snort 1.8.1 has been released. It contains a number of fixes and new features; see the announcement for details. EventsUpcoming Security Events.
For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net. Section Editor: Jonathan Corbet |
August 16, 2001
LWN Resources | ||||||||||||
|
Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Kernel page. |
Kernel developmentThe current kernel release is 2.4.8, which was announced by Linus on August 10. It includes much of the recent virtual memory work, many fixes, a new emu10k1 driver (see below), and a bunch of unspecified stuff from the "ac" releases. On the prepatch front, Linus is, as of this writing, up to 2.4.9pre4; it contains a number of fixes, but, unless you've been bitten by a 2.4.8 bug or have a need to export VFAT filesystems over NFS, there's not too much that's exciting. Alan Cox's latest is 2.4.8ac5. Included in this patch is a substantial set of IDE driver updates, a number of ReiserFS portability fixes, the integration of the intermezzo distributed filesystem code, the beginnings of the merge of the 64-bit PowerPC code, and a great many other fixes and updates. It's currently missing the virtual memory and emu10k1 code from 2.4.8. According to Alan: "This is a fairly experimental -ac so please treat it with care." SB Live gets an update. The most controversial change in 2.4.8, perhaps, is the inclusion of a new emu10k1 (SB Live) driver. This patch was put together from the Creative Labs CVS archive by Robert Love. Mr. Love is not the official emu10k1 maintainer - but, then, it's not at all clear who is. The driver packaged with the kernel had not been updated for a year, and had a number of known problems. Of course, the new driver also has some problems - in some cases breaking things for people who had a working system before. Stable kernels aren't really supposed to break things that way, so there has been a certain level of disgruntlement. Some of the new problems, at least, are easy to fix; those who build the driver as a module should go with the 2.4.9 prepatches or apply this patch. Some of the other problems may require some more serious debugging work. It probably will not take very long before the inclusion of the new driver looks like a good thing to all involved. The old driver was clearly stagnant and in need of attention; the new one fixes a number of known problems, meaning that it actually works for some people for the first time. Development activity has already picked up, patches to enable more features and fix some problems, enable even more features, and add documentation have found their way onto the list. With luck, long-suffering Linux emu10k1 users will be much happier soon. Where should patches go? As the "ac" series looks increasingly like the anteroom to the official Linux kernel, some kernel hackers have been known to wonder where their patches should go. Should they go to Alan, to Linus, or to both? Things are not helped by the fact that patches sent to Linus often seem to simply disappear into the void. An acknowledgement (or explicit rejection) from the Great Penguin is rare. The answer from Linus is pretty straightforward: he wants to see the patches, even if he has silently dropped them in the past: Re-sending is always the right thing to do. Sometimes it takes a few times, and you can add a small exasperated message at the top by the third time ("Don't you love me any more?"). This system evidently works for Linus, but it does leave some of the other developers wondering just what is going on. A more organized approach to patch management has been advocated many times, but it doesn't ever seem to happen. Linus likes things the way they are. Logical Volume Manager updates. Heinz J. Mauelshagen has announced the 1.0 release of the Logical Volume Manager (LVM) for Linux. With this release, LVM is said to be stable and production ready. Note that, for those currently running an LVM release older than 0.9.1-beta8, there are some upgrade issues; be sure to read the instructions carefully. Chris Mason has released a patch which makes LVM snapshots work properly with ReiserFS (and other filesystems as well). There is also an updated version that works with the recent superblock handling changes. Other patches and updates released this week include:
Section Editor: Jonathan Corbet |
August 16, 2001 For other kernel news, see: Other resources: |
|
Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Distributions page.
Lists of Distributions |
DistributionsPlease note that security updates from the various distributions are covered in the security section. News and EditorialsMission Critical Linux makes layoffs (ZDNet). Rumors say Mission Critical is up for sale, with Red Hat the expected buyer. "Mission Critical Linux has laid off much of its marketing staff and says it's developing business partnerships that will take care of publicizing its high-end Linux software. But some think the moves herald an acquisition by Linux leader Red Hat. About 17 Mission Critical Linux employees were laid off, less than 20 percent of the hundred or so total employees on staff." Conectiva launches 7.0. Here's the press release for the launch of Conectiva 7.0. Of course, LWN Weekly readers learned about this release on August 2... Debian adds XFree86 4.1. According to their weekly news site, Debian has added the XFree86 4.1 distribution to their unstable branch. New DistributionsNew Red-Hat based Sparc distribution planned. A posting to the sparc-list@redhat.com mailing list has noted that a new Sparc distribution is in the works, though not necessarily sponsored by Red Hat. Castle. Castle is a new distribution - as far as we can tell - from a Russian group called Alt Linux. This distribution appears to be a security-enhanced distribution with full Rule Set Based Access Control (RSBAC) support aimed primarily at server systems. Most of the information at the main site is in Russian though the Freshmeat site may provide a little more detail in English. Distribution NewsDebian Weekly News. The latest edition of the Debian Weekly News carries news that a German supermarket chain has switched over about 480 systems to Debian GNU/Linux. Also in this edition: XFree86 4.1 was added to the unstable branch, another project to get OpenOffice on Debian, and news of a Debian-based thin client product. Mandrake news. Lots of news from Linux-Mandrake this week, including two new distribution releases.
SuSE sells Linux for IBM iSeries models (ZDNet). SuSE is now shipping a version of its distribution that works with IBM's iSeries of servers. The new distribution runs along side IBM's standard OS/400. The new version will retail for about $178US. Minor Distribution updatesCoyote Linux 2.2. Coyote Linux, a single floppy distribution of Linux that is derived from the Linux Router Project, was rev'd to version 2.2 this past week. The updates in this release provide minor bug fixes. JBLinux 2.2. JBLinux, a Linux distribution designed primarily for security and performance, was upgraded to release 2.2 this past week. This release marks a major enhancement to the product, including support for the jfs filesystem, software RAID support, XFree86 4.1.0, Mozilla 0.9.3, Galeon 0.12pre1, Evolution 0.12, and AbiWord 0.9. Midori Linux 1.0.0. The third beta release of Transmeta's Midori Linux 1.0.0 is now available for download. Highlights of this release include the inclusion of the 2.4.6 kernel, XFree86 4.0.3 (with X starting in init instead of from Xinitrc), and complete compilation support on Red Hat 7.1. Mindy Linux 0.37. A new release of Mindy Linux was made available this past week to add a few minor feature enhancements, such as support for OSS kernel modules and better log messages. Sorcerer GNU Linux snapshot 20010810. Sorcerer GNU Linux is a source-based ix86 Linux distribution designed for advanced Linux administration. A new snapshot was released to address a problem where LILO was failing to install a boot block. ttylinux. ttylinux was rev'd again this week, to version 1.10. This is a minimalistic Linux distribution that can fit in 2.88 MB of disk space. Distribution ReviewsWhich Linux? (Byte). Byte's Jerry Pournelle looks at Linux-Mandrake and Slackware. "In our case, Mandrake turned on some processes that got in the way, and the USB support wasn't quite what we needed. After a week of frustrations: lost radio signal, slow fail-over to the NetWinder and its landline modem, unexpected logouts, difficult to impossible FTP, alternating with intervals in which everything worked just fine, Dan bowed to the inevitable and scrubbed Mandrake. Four hours later the system came up under Slackware. There were a couple of tweaks to FTP, and then ? nothing. It works. It's reliable. It's fast, and far more secure than a Windows 2000 system would be." Section Editor: Michael J. Hammel |
August 16, 2001
Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.
|
|
Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters See also: last week's On the Desktop page.
|
On The DesktoptheKompany rumbles while Loki stumbles While the Linux desktop marketplace may be quaking another victim, it still hasn't taken all the competitors out of the game. In an interview on The Linux Show, theKompany's President and CEO Shawn Gordon, along with lead engineer Peter Harvey, talked about the pains and successes of application development on Linux. According to the interview (which is available in both MP3 and RealAudio formats) TheKompany was looking for something less restrictive for application infrastructure than the GPL when they got started. They wanted that infrastructure to be pervasive in Linux distributions so that they could then build applications on top of that. Kivio, a chart tool, was the first project built on this model and it has been very successful. Lately they've added some alpha blending features and other behind-the-scenes enhancements that they feel will, in the long term, turn Kivio into a generic vector graphics tool. However, they only touched on this subject momentarily and offered no time frame for such a release. Much of the interview centered on licensing issues. Shawn says that those who spend money on something, referring to end users, are less likely to give it away. The GPL is difficult for him to work with, though their Aethera (PIM/Groupware application) is GPL. The idea they want to work with is to have commercial plug-ins. They would like to make some of those plug-ins closed source - something which would help to guarantee income. The GPL (and LGPL) can confuse developers on how to make this happen. The problem is how to protect a going concern - the company and its employees - from the reduction of income that might happen with a too freely redistributable product. Gordon says that integrating open source ideals with commercial needs is a tough thing to balance. Lately theKompany has been working with TrollTech to make their applications work across platforms. They started with BlackAdder - a GUI based Python IDE. Their first product to use Qt3 (TrollTech's latest edition of their cross platform graphical toolkit) was Data Architect, which is now available on multiple platforms. The advantage of cross platform tools like Qt3 is that vendors don't have to ship multiple copies of their product for multiple platforms. One copy, many systems - that reduces developer time wasted on packaging and recompiling, not to mention reduction in the overhead (labor and costs) of maintaining all those platforms. That makes tools like cross platform Qt3 very attractive. TheKompany focuses on developer and desktop tools. Eventually they'll look at vertical markets including plug-ins and groupware tools more seriously. Gordon says that other than Peter Harvey, (who was also on the show) he's never met any of his employees - it's truly a virtual company. "I'm not even sure if they all speak english, but they can write it," he says. They often solve problems using nothing more than ICQ. Gordon says that Kapital, their Quicken like tool, was been the biggest seller initially, but the other applications are catching up. "Kapital was the number one thing people had been asking for," which is the incentive they used to start work on the program. Loki releases Kohan but still files for Chapter 11 Loki Entertainment Software has filed for Chapter 11 - short term protection from creditors while they devise a plan to get back into the game. They aren't down for the count just yet, but the clock may be ticking for a community favorite. A report in The Linux Review pointed readers to a PDF copy of the bankruptcy notification letter, dated August 7th, 2001. Before word broke of the filing, Loki and TimeGate Studios released a demonstration version of Kohan: Immortal Sovereigns for Linux. The full version is to be released sometime in the near term, with pricing still to be determined. Hopefully, this popular Linux company will find a way to weather the economic downturn that has slowed the growth of Desktop Linux. Is Linux ready for the corporate desktop? Miguel de Icaza has written a piece for ComputerWorld online showing how the Linux Desktop is not a thing of the future, the a phenomenon of the present. Building on the Gnome project and the contributions of free software developers worldwide, the Ximian Gnome desktop environment provides more than a dozen productivity applications, including a Web browser, e-mail client, word processor, spreadsheet and photo/image editor, as well as personal finance, instant messaging and multimedia tools.Building on the Gnome project and the contributions of free software developers worldwide, the Ximian Gnome desktop environment provides more than a dozen productivity applications, including a Web browser, e-mail client, word processor, spreadsheet and photo/image editor, as well as personal finance, instant messaging and multimedia tools. Note that while he does plug Ximian in a few places, he also mentions KDE in a few as well. The gist of the article is that the Linux Desktop is making inroads in business and government today, and will continue to do so for at least the next few years. Calendaring updates. Last week's note on the ical calendar program brought news that while the program has been dropped by its author, you can still pick up versions of the software online from both Scriptics and the NetBSD repository. Thanks to Geoff Burling for pointing that out (from a note by Larry W. Virden on the pilot-unix mailing list). Another option we missed is the open source PHPGroupWare solution. This is a web based solution, but running with PHP as an open source project it's certainly one worth investigating. And finally, one other groupware calendaring option, with native (though Motif based) Linux clients and servers is CorporateTime, from Steltor. This package appears to fill all the requirements of a group calendaring system including conflict resolution and client/server encryption options. Additionally, clients exist for Windows, Mac and Linux, making it fit easily into existing and evolving workplaces. (Thanks to Steve Phillips) ReefKnot correction Last week's discussion on calendaring solutions included a reference to the ReefKnot project. LWN.net mistakenly noted Dan York of e-smith as playing a pivotal role in that project. Dan replied that he has never been a part of ReefKnot but that some of his coworkers are: The credit for Reefknot goes entirely to Shane Landrum (srl), Kirrily Robert (Skud), Rich Bowen, Martijn van Beers, and the host of other developers working on the project. Our apologies to all involved. We hope this sets the record straight. Desktop EnvironmentsKDE 2.2 ships. Here's the press release announcing the availability of KDE 2.2. It includes no end of new stuff, including improved performance, better HTML rendering, IMAP support in KMail, printing improvements, and much more. See the changelog for the full list. LWN.net will have more on KDE 2.2 after LinuxWorld, where we're scheduled to talk with members from the KDE League. Netscape Releases Non-Beta Version 6.1 Browser Suite. It's official, less than a week after marking another preview beta release, AOL made Netscape 6.1 available. The download page no longer references a beta version, but downloads are probably pretty slow right now. Kernel Cousin KDE Issue 30. Kernel Cousin KDE #30 was published this week, covering topics including the KDE Usability project, speed enhancements, an improved Konqi, and KDE 3.0 plans. Office ApplicationsGnumeric 0.69 released. Gnumeric 0.69, codenamed "diaper duty," has been released. It's mostly a bugfix release, but there are a few new features, including Psion import support. AbiWord Weekly News. The 56th edition of AbiWord Weekly News is now online. Updates include news of the 0.9.1 (and upcoming 0.9.2) release, the result of a new policy of frequent releases leading to the 1.0 release and a long thread on the discussion list regarding UI improvements. Late to press, but just barely in time, comes news of a new release from the AbiWord team: AbiWord 0.9.2 is another bug fix release on the way to 1.0. Desktop ApplicationsOpera 5.05 for Linux adds Java. Opera Software has released Opera 5.05 for Linux Technology Preview (TP), which adds support for Netscape plug-ins including Java. Postscript previewers. A nearly stable version of ggv, a GNOME postscript previewer was announced this week. This version is bleeding edge, but is said to be more reliable. GSView 4.0 is also now in beta. Gaim: The game for AOL Instant Messaging on Linux (FreeOS.com). While Gaim authors struggle with AOL's "name-alike" warnings to developers, FreeOS says this program is a very useful instant messaging solution for Linux users. "In the case of Gaim, it not only clones the original perfectly, but the authors have succeeded in created a program that is, in fact, far better than the original." Gimp-Print 4.1.99-a3. The gimp-print project has released another alpha release on their way to the stable 4.2 version. Gimp-Print 4.1.99-a3 includes lots of updates for the Epson family of printers and a new test program that shows how to use the new libgimpprint API. And in other news...Linux is going to Hollywood, and IBM wants a lift. IBM is set to release its Linux Digital Studio package, made up of workstations, server computers and data storage machines on Wednesday, a move to keep IBM in step with the wholesale migration of Hollywood visual effects companies to Linux. ATI to ship FIRE GL 8800 cards with Linux drivers. ATI's FIRE GL 8800, a new mid-range 3D worstation video card, is expected to ship in October. KDE Kiosk Mode HOWTO. KDE Dot News carried news of a KDE-based thin client project that has written documentation - and patches - for running KDE in a kiosk mode. Tux Typing 1.0. The 1.0 release of Tux Typing, a simple game using the Simple DirectMedia Layer (the same library used by Loki for their games) that teaches users to type, has been released. Section Editor: Michael J. Hammel |
August 16, 2001
|
|
Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Development page. |
Development projectsNews and EditorialsThe PLEAC project plans to reimplement all of the programs from the Perl Cookbook in a variety of other languages. The Perl Cookbook is published by O'Reilly and was written by Perl heavyweights Tom Christiansen & Nathan Torkington."If successful, this project may become a primary resource for quick, handy, and free solutions to most common programming problems using higher-level programming languages. It could also be useful for comparison on ease-of-use and power/efficiency of these languages." PLEAC stands for "Programming Language Examples Alike Cookbook". The current list of supported languages includes Perl, Merd, Ruby, Haskell, Python, Masd, and Nasm. The Merd and Ruby implementations are both about 25% finished. Python, Haskell, and the assembly languages are trailing at below 10% completion. The project maintainer is seeking help for the implementation of solutions in ocaml, scheme, tcl, and C++/stl. Despite the incomplete status, PLEAC already has many useful examples for the various languages. As it fills out, PLEAC should become a very handy resource for programmers who need to reinvent the wheel, a common task indeed. AudioVorbis RC2 released. Release Candidate 2 of the Ogg Vorbis audio compression software is available. The changes file lists some interesting developments to libvorbis including the use of channel similarities to reduce the bit rate, the addition of more bit rates, and an improved decoding engine. Also, several of the Vorbis utilities have been updated to support better functionality for embedded comments and improved file manipulation capabilities. DatabasesGNOME-DB/libGDA/gASQL 0.2.90. A set of three new Gnome database component utilities have been released. "GNOME-DB/libGDA are a complete framework for developing database-oriented applications, and actually allow access to PostgreSQL, MySQL, Oracle, Sybase and ODBC data sources. Apart from this development framework, they also include several applications and utilities which make them quite suitable for many database-related taks. gASQL is a database administration tool based on libgda and GNOME-DB, featuring visual tools for managing any database supported by libgda/GNOME-DB." DocumentationLinux Documentation Project updates. A number of modifications were posted to the LDP this week, including updates to the XFree86 HOWTO, the XFree86 Video Timings HOWTO, and the Wacom Table HOWTO. EducationSeul/Edu reports in Spanish. Three new translations of the Linux in Education report are available in Spanish. Issue 48, Issue 49 and Issue 50. (Thanks to Astroboy) Embedded SystemsLinuxDevices.com Embedded Linux Newsletter. The LinuxDevices.com Embedded Linux Newsletter for August 9 is out. Topics include a new guide on ready to go embedded Linux systems, the RTLinux patent, Linux Point of Sale (POS) terminals, and more. InteroperabilityWine Weekly News for August 2, 2001. The August 2, 2001 edition of the Wine Weekly News is now online. Topics include the use of native DLLs, problems using 16 bit header files, the dangers of Shared Source, and more. System AdministrationLinux Backup Tutorial (IBM developerWorks). While often neglected, regular backups are probably the single most important job that a system administrator has to do. Before your hard drive starts making whining and pinging sounds, check out Daniel Robbins' tutorial on Backing up your Linux Machines (registration required). Web-site DevelopmentDevelopment branch of mnoGoSearch availbale. A new development branch of the mnoGoSearch web site search engine package is available. Changes in this version include gzip content encoding and bug fixes. Mod_python 2.7.6 released. A new version of mod_python, the Apache/Python integration package, is available. This release adds support for Python 2.1. The latest Zope News. The latest Zope News contains an announcement of the latest edition of the Zope Book, mention of a new beta release of DCOracle2, which supports the latest versions of Oracle, and more SMS: Case study of a Web services deployment (IBM developerWorks). Cameron Laird presents a case study of Web services in an IBM developerWorks article. "Web services brings crucial benefits for this application that CORBA and DCOM can't match. DCOM essentially limits clients to those running on Windows desktops. On the other hand, CORBA is 'heavier' than needed for the simple processing the gateway requires. Moreover, real-world CORBA projects have the reputation of stumbling over firewall and interoperability problems that Web services handles gracefully." Java and Web Services, Part I (O'Reilly). Al Saganich explains Web services in an O'Reilly article. "Over the past six to twelve months we've begun to see a new Web programming paradigm, that of the Web Service. But exactly what are these Web services anyway? In a nutshell, Web Services are the natural evolution of basic Remote Procedure Calls. In fact, we shall see that Web Services are in fact not a much more advanced technology than RPC of the past, but similar concepts applied in new ways!" SkunkWeb Web Application Server 3.0 beta 2 released. A new beta release of the SkunkWeb Web Application Server has been released. This version includes much updated documentation and lots of bug fixes. Section Editor: Forrest Cook |
August 16, 2001
|
|
|
Programming LanguagesCamlCaml Weekly News for August 14, 2001. The latest Caml Weekly News is out, with coverage of a new version of LablGTK and a new extended thread synchronization model. JavaMaking P2P interoperable: The Jxta story (IBM developerWorks). Sing Li discusses Jxta and Peer to Peer technology in an IBM developerWorks article. "Peer-to-peer networking is coming, and it promises to create a computing world fundamentally different -- and, in some ways, better -- than the one based on the old client/server model. Project Jxta is a community-run attempt to build a utility application substrate for peer-to-peer applications." An easy JDBC wrapper (IBM developerWorks). Greg Travis explains data access with a JDBC wrapper on IBM's developerWorks. "JDBC provides a powerful, comprehensive interface for accessing databases from Java programs. For smaller projects, JDBC can seem overwhelming, driving some programmers to avoid using a database altogether. This article describes a simple wrapper library that makes basic database usage a snap. You'll find yourself wanting to use JDBC for every program you write." Web FORM-Based Authentication (O'Reilly). Dion Almaer presents a tutorial on setting up FORM-Based Authentication in an O'Reilly onJava.com article. "In this article, we will walk through the various security settings that we can set up in the Web Application framework, going into detail on how you can set up FORM-based authentication." PerlQuantum::Entanglement, Perl and quantum mechanics (perl.com). Perl.com looks at the Perl Quantum::Entanglement module, which assists in quantum mechanical calculations. "The Quantum::Entanglement module attempts to port some of the functionality of the universe into Perl. Variables can be prepared in a superposition of states, where they take many values at once, and when observed during the course of a program, will collapse to have a single value. If variables interact then their fates are linked so that when one is observed and forced to collapse the others will also collapse at the moment of observation." Perl 5 Porters for August 15, 2001. The August 15, 2001 edition of the Perl 5 Porters is out. Topics include a rewritten perlpod, Unicode normalization, threading semantics, and shrinking the standard Perl installation, among other things. SPAM eater. If you are tired of getting too much spam, use Perl and Eliza to generate automatic replies. Fortunately, the program doesn't actually mail the response, which would waste more bandwidth and would likely never be read, it just amuses the recipient. "I've made a few modification to her default vocabulary to adapt to a few of the cheesy things found in spam." PHPPHP Weekly Summary for August 14, 2001. This week's PHP Summary discusses TODO items for the upcoming PHP 4.0.7 and 4.1.0, problems to be solved with PHP and Apache 2.0, work on Autoconf for making PHP, security and PHP, and more. PythonUnifying types and classes in Python 2.2. Guido van Rossum has posted a paper on Unifying types and classes in Python 2.2. He is looking for feedback. And, if that isn't enough to keep Guido busy, he is also seeking feedback on PEP237, which covers the topic of unifying long integers and integers. Dr. Dobb's Python URL for August 13, 2001. The August 13, 2001 edition of the Dr. Dobb's Python URL is out. Topics include tricks with string quotation, an explanation of tuples and lists, and a few hints from Guido on Python evolution. Python in the Sourceforge Trove (O'Reilly). Stephen Figgins looks at a few of the thousand Python programs on Sourceforge. A geneology program called Gramps and the Nareau Cluster Tools are examined. Python shows exponential growth. Just van Rossum has presented a graph of Python posts from comp.lang.python, labeled Python world domination. The graph has a nice exponential curve that shows rapid expansion. It would be interesting to see similar plots for traffic on Perl and other languages. PyOpenGL status. Tarn Weisner Burton has posted a status update for the PyOpenGL project. PyOpenGL is a Python implementation of OpenGL, it has recently been undergoing intense development. RubyThe latest from the Ruby Garden. This week, the Ruby Garden features articles on Ruby Behaviors, a new interactive Ruby reference, dealing with string literals, the AOS virtual machine, and more. SmalltalkSqueak News for August 15, 2001. The August 15, 2001 edition of Squeak News is apparently out, but it appears to still be partly under construction. Topics include a focus on beginners, controlling submorphs, and an interview with John Maloney. Tcl/TkDr. Dobb's Tcl URL for August 13, 2001. The August 13, 2001 edition of the Dr. Dobb's TCL URL is out. Topics include the release of Tcl 8.4a3, TclSOAP, home automation with Tcl and the Rivendell project which aims to put Tcl on the palm platform. XMLGetting Loopy (O'Reilly). Bob DuCharme discusses for and while loops under XML in an O'Reilly xml.com article. Integrated Development EnvironmentsAnjuta 0.1.6 is released. A new stable release of Anjuta, a C/C++ Integrated Development Environment (IDE) for GTK+/GNOME, has been announced. Miscellaneousoprofile 0.0.4 released. An alpha level version of oprofile, a binary file profiler, has been announced. (Thanks to John Levon) Section Editor: Forrest Cook |
Language Links Caml Caml Hump Tiny COBOL Erlang g95 Fortran Gnu Compiler Collection (GCC) Gnu Compiler for the Java Language (GCJ) Guile Haskell IBM Java Zone Jython Free the X3J Thirteen (Lisp) Use Perl O'Reilly's perl.com Dr. Dobbs' Perl PHP PHP Weekly Summary Daily Python-URL Python.org Python.faqts Python Eggs Ruby Ruby Garden MIT Scheme Schemers Squeak Smalltalk Why Smalltalk Tcl Developer Xchange Tcl-tk.net O'Reilly's XML.com Regular Expressions |
|
Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Commerce page. |
Linux and BusinessNew IDC Survey on Linux spending. Here's a new pronouncement from IDC; it seems their latest survey shows continued growth for Linux, up to 9% of total information technology spending in 2002. "Many of the hurdles to Linux adoption are being addressed by platform vendors, and we expect that competition among operating systems as well as among Linux vendors will increase dramatically. Only a few vendors have significant mindshare in the Linux market, indicating major untapped opportunities for hardware and software vendors alike." The widespread economic woes may be creating hard times for many Linux companies, especially those who are exploring unproven revenue generating tactics. However, these same hard times may actually increase adoption of Linux and open-source software due to the freedom from licensing and upgrade fees, not to mention Linux's proven high reliability and lack of viruses. Intel Itanium and Linux used in TeraGrid. Intel announced that its Itanium family of processors will be used to build a distributed scientific computing system expected to be the largest of its kind in the world. The computing system, dubbed the "TeraGrid," is part of a $53 million award by the National Science Foundation (NSF) to four facilities. The goal of the project is to build a Distributed Terascale Facility (DTF) that will be used to solve complex scientific problems such as genetic modeling, research on alternative energy sources, and atmospheric simulation. The system will consist of clustered IBM servers at distributed sites, all running the Linux operating system. The TeraGrid will be connected by a Qwest high-speed optical network. Linux for Chemistry project update. A new packaging of chemistry related software for Linux is now available from the Random Factory. Just published: Perl for the Web. New Riders has just published Perl for the Web by Chris Radcliff. Happily, the entire book is available on the web as well; no license is specified for the online version. ATI to ship FIRE GL 8800 cards with Linux drivers. ATI's FIRE GL 8800, a new mid-range 3D worstation video card, is expected to ship in October. Linux Stock Index for August 09 to August 15, 2001.
LSI at closing on August 09, 2001 ... 27.85
The high for the week was 28.08
Press Releases:Open source products
Proprietary Products for Linux
Hardware and bundled products
Products and Services Using Linux
Products With Linux Versions
Java Products
Books & Training
Partnerships
Investments and Acquisitions
Personnel & New Offices
Linux At Work
Other
Section Editor: Forrest Cook. |
August 16, 2001
Warning: Failed opening '/web/docs/lwn/stocks/LLSI.narrow.table.html' for inclusion (include_path='.:/usr/share/pear') in /web/docs/lwn/2001/0816/commerce.php3 on line 98 |
|
Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Linux in the news page. |
Linux in the newsRecommended ReadingSklyarov articles in Newsweek, Time. Newsweek has printed an article by Steven Levy called Busted by the Copyright Cops. "Actually, it was Congress that let private industry call the shots, particularly in certain passages of the DMCA that outlaw not only programs that circumvent copy protections, but dissemination of such information. When it comes to protecting the business plans of those who publish books and music, academic freedom and free speech are apparently expendable." Throwing The E-Book At Him comes from Time. "As a rule, computer geeks might best be described as laid-back libertarians--they don't like laws encroaching on their territory, but they're usually too busy to care. Sklyarov's arrest changed all that." Rallies Impress Cryptographer Held in E-Book Case (NY Times). The New York Times interviews Dmitry Sklyarov (registration required). "'I can't say I was depressed or panicked,' he said yesterday. 'I was curious that I was in such a situation, because I never considered I would be in jail in anytime of my life.'" Sklyarov case shows business outweighs First Amendment (Register). The Register received an essay from noted security expert Bruce Schneier which is to be published on August 15th. "One of the main points Schneier makes is that provisions in the DMCA that allow for security research "which I and others fought hard to have included" are being ignored in the Sklyarov case and others, such as the DeCSS case against 2600 Magazine." The End of Innovation? (OpenP2P). OpenP2P talks with Lawrence Lessig. "I'm actually quite surprised that the government would have picked [Dmitry Sklyarov] as their first criminal prosecution under the Digital Millennium Copyright Act because it's not a clear case of piracy or of somebody developing a technology to enable people to steal lots of content. This technology enabled owners of e-books to do things with the e-books that, in many cases, would clearly have been fair use of the e-book." Expo Focus on Securing E-Books (Wired). At the BookTech West Expo this week publishers are expected to debate the issues of copyrights and e-books. As a director for acquisitions at one e-book manufacturer says, encryption doesn't guarantee secure copyrights, nor does it guarantee loss of income. "Have any book sales been lost because this Russian guy cracked the encryption and made the decryption software available? Doubt it." Software Double Bind (NY Times). Here's a worthwhile article in the New York Times (registration required) on problems with the DMCA. "The law also makes it illegal for individuals to use such a program - even to make a back-up copy of a book or movie or song for themselves, the type of copies traditionally allowed under copyright law. That is where the double bind comes in. Actually making such copies for personal use is not illegal. But it is against the law to break through the copy-protection measure to make the legal copies." Secretaries use Linux, taxpayers save millions (NewsForge). NewsForge has run an interesting case study of the use of Linux in the Largo, Florida city government. "One of the great anti-Linux screeds we hear is, 'The secretaries will never be able to figure it out.' If that is so, then Largo employee Judy Judt must be one of the world's smartest office workers. She is sitting at her desk, happily accessing an online city directory that lists all employees, vendors, and other important contacts, using a simple Rolodex-like program that is running on top of an attractively-themed KDE 2.1.1 desktop." CompaniesBorland creates a RAD tool for the rest of us (LinuxWorld). Kylix may spur faster application development, according to this story from LinuxWorld. "If you've had the urge to write some GPL'd code for Linux, but lacked the know-how to cope with X, Qt, or GTK, you lost your excuse. Kylix builds widgets quickly and easily, without getting widget grease under your fingernails." Why we should hail IBM's ode to open source--the Purple Book (ZDNet). ZDNet explains why IBM's Purple Book - the technical reference manual detailing the original IBM PC - relates so well to the open source movement. "Nevertheless, it's close enough for the Purple Book to serve as an important historical validation for the all-for-one-and-one-for-all approach to software development and the mandated sharing required by the open-source General Public License." IBM unveils slew of developer tools (ZDNet). At their Solutions technical developers conference, IBM announced a number of new developer tools, including the WebSphere Studio Workbench for Linux. "On the Linux/Unix front, [IBM's Senior Vice President of Software Steve] Mills told reporters in a question-and-answer session that Linux could become the eventual successor to its AIX Unix offering and many other Unix systems. "It has the potential to get there, but 'When?' is the question, as Linux just doesn't yet have all the functionality to do that just yet," Mills said." IBM's own press announcement on their Software Evaluation Kit offers even stronger news for applications on Linux. "According to Evans Data Corp., more than 40 percent of developers surveyed are likely to write Linux-based applications in 2001." A sneak preview of IBM's Linux/Java enabled TechMobile (LinuxDevices). The TechMobile is a modified Ford Explorer with a couple of Linux-based embedded Java PC's controlling it. "Drivers and passengers can use voice commands to "read" email, play music, and control vehicle functions such as the headlights, door locks, open or close the car's windows, sound the horn, etc. Commands can also be given from a console-mounted touch screen, or from Bluetooth-enabled mobile devices such as PDAs, laptops, and even IBM's Linux wristwatch." IBM: Open standards hold key to dynamic e-business (ZDNet). ZDNet covers the keynotes at IBM's technical developer conference called `Solutions.' ``"We are embracing Linux across everything we do," [IBM's vice president of technology and strategy, Irving] Wladawsky-Berger said. "It is the only operating system that will run on architectures not yet invented."'' Lineo states continued commitment to RTAI (LinuxDevices). LinuxDevices.com has a statement from Lineo on its commitment to RTAI after having licensed the RTLinux patent (see this week's LWN front page). "Lineo established this license in response to an existing patent that presented fear, uncertainty and doubt (FUD) in the minds of some embedded developers who would otherwise utilize the robust RTAI open source technology." Microsoft seeks Linux-bashing .NET evangelist (Register). Red(mond) headed behemoth with delusions of grandeur seeks (ev)angelic(al) follower to join battle of the ages. The Register says its really an external MS job posting, though. "The Developer Evangelist will be responsible for identifying and engaging J2EE and Linux focused developers in existing accounts..." Netscape Releases Non-Beta Version 6.1 Browser Suite. It's official, Netscape 6.1 is golden. The download page no longer references a beta version, but downloads are probably pretty slow right now. Red Hat moves beyond Linux with e-commerce suite (Reuters). Reuters reports on Red Hat's e-commerce move. "The individual pieces of Red Hat's suite, which includes the Apache Secure Webserver, an open-source database called PostgreSQL and Red Hat Linux itself, are thus available for free on the Internet. A central component of the suite, Akopia's Interchange e-commerce platform, came to Red Hat when it bought the open-source developer earlier this year." BusinessStudy: IT Budgets Opening Up to Linux (osOpinion). IDC surveyed end-customers to find their spending on Linux-related hardware, software, services and staffing and found a lot of tire-kicking going on. "... with nearly half of 800 survey respondents reporting use or experimentation with Linux. IDC says the market share for Linux is expected to triple from 3 percent of the average IT budget in 1999 to 9 percent by 2002." Linux has arrived. But where is it going? (IT-Director). In another evolution of Linux editorial, this IT-Director story tells us that Linux is in its troubled adolescence but maturing quickly. "Linux on the desktop is still a fairly rare sight, but is showing no signs of falling away. Indeed, as the GUI front ends become more user friendly and application availability increases |
![[shared source panel]](sharedpanel.jpg)