![[LWN Logo]](http://old.lwn.net/images/lcorner.png)
![[LWN.net]](http://old.lwn.net/images/bigpage.png)
|
|
|
Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise
news for all interests
 Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters
Other LWN stuff:
Archives/search
Recent features: Here is the permanent site for this page. See also: last week's LWN.
|
Leading items and editorialsLinux in the schools. Red Hat CEO Matthew Szulik lectured LinuxWorld attendees on the importance of getting Linux into the public schools. One might argue that his position is a little self-interested, but, in truth, he has a point. The Linux community should be working at getting free software into schools worldwide. The effort will benefit both our children and free software. One can come up with a number of reasons why the schools should be running free software. Often it is simply the best alternative available. Schools do not need to hassle with daily crashes and ongoing security problems. What they need is stable software that runs on modest, perhaps ancient hardware and provides the capabilities that students need. For much of what's done in schools now, Linux is more than adequate. The financial justification for scholastic Linux requires little argument. Public schools seem to operate with a chronic cash shortage; it makes little sense for them to pour large amounts of money into proprietary software licenses. Schools also should not have to deal with Microsoft software audits and other such indignities; they should be putting their efforts into teaching our children. But the real reason to put free software into the schools is to teach our children about software freedom and taking control of our computers. Children who have seen how free software works are likely to remain interested in using it later in their lives. After all, going back to proprietary software after using the free variety is usually not very much fun. Going back to licensing hassles, corporate release schedules, and black box software after experiencing free redistribution, collaborative development, and total control can be intolerable. Children who experience free software in the schools will turn into some of its strongest advocates later in their lives. Besides, some of those school kids will probably send in some great patches. Of course, there are some obstacles to massive deployments of Linux in the schools. Many schools have already built infrastructures around proprietary software; school networks are often run by fairly conservative people who are not inclined to tear things out and start over again. Convincing them to give Linux a try could be hard. Then, there is the lack of high-quality educational software. There is a whole class of software for tutoring, drilling, and entertainment of students that is simply not available for Linux. Until more software is either written or ported, Linux systems will be unable to perform a number of tasks in the classroom environment. One thing that would help in the solution of both problems would be a higher level of hacker interest in school deployments. The number of educational projects is low; KDE has a short educational software listing; GNOME has no educational category at all. Neither desktop project appears to have an organized educational effort. A look at SourceForge's educational category turns up a more encouraging 581 projects, but only 66 are listed as being production-ready. Clearly there's some hacking to be done still. Free software advocates also have not, as a whole, made school deployments a priority. It will be interesting to see how that changes as more free software developers get older and start having children. Having your children complain that they cannot produce a Word-compatible report tends to get your attention. Children are the future, and they will have a large effect on the future of free software as well. The sooner the two are brought together, the better it will be. (See also: the SEUL/edu page for a comprehensive listing of educational software, regular reports, and more. Update: Thanks to Bill Soudan for pointing out the KDE Edutainment Project and the kde-edu mailing list, of which we had been unaware.) More hard times. In case anybody still needed a confirmation that we are in a different and difficult economic climate, consider the following developments:
Seen together, that's a disturbing pile of bad news. The shutdown of AppWatch suggests that there is not room for more than one large free software directory on the net. After all, one presumes that CNet knows how to keep a web site going. The SuSE bailout says something similar: might there truly be room for only one large Linux distributor? In some ways, the shutdown of the NOW project is the scariest of all. If the Linux community is unable to fund and sustain long-term development projects, where will it be in a few years? Of course, that view is overly pessimistic on all counts. We are in the middle of an increasingly severe economic downturn; of course there will be consequences for Linux businesses just as there is with all other computing sectors. The easy money boom period of the last 1990's made the problem worse by funding businesses that never had a serious chance at success before their bubbles burst. Still, it is a difficult today even for well-run companies with solid business plans to find profitability. This, too, shall pass. When it is over, Linux will still be there, getting stronger, and attracting more users. That much is easy to predict. The success of Linux says little for the prospects of any individual Linux company, however. The Linux business community will certainly see more changes before things pick up again, and they will not all be pleasant. GFS is no longer free software. The Global Filesystem (GFS) is a clustered filesystem developed by Sistina. It is meant for the implementation of high-performance, high-availability filesystems on "storage area networks." It has long been available under the GPL, and was considered as a candidate for inclusion into the Linux kernel if and when the 2.5 series comes into existence. That was until version 4.2 came out under the new "Sistina Public License." This license looks somewhat like a free software license, in that source is available. The similarity ends there, however. Redistribution requires that a license fee be paid to Sistina; one must also pay if GFS is used to offer a commercial service, even if the software is not redistributed. The SPL is certainly not a free software license. It has more of a "shared source" smell to it. One can certainly argue that Sistina, as the copyright holder, has the right to change the licensing on its code. It is yet another business that is trying to find a way to make money, after all. One would think that only those who think that proprietary software should be illegal would complain about this license change. It is not quite that simple, though. GFS, after all, must be linked into the Linux kernel to be useful. And linking GFS is not just a matter of inserting a binary module; it requires some extensive patches to the kernel source itself. By reaching past the module interface, GFS exceeds the GPL exemption granted by Linus to binary modules. With the 4.2 release, Sistina has separated the kernel patches into a separate, GPL-licensed file, but that is unlikely to satisfy many people. There is already a challenge out there: Alan Cox believes that GFS violates his copyright, and has sent Sistina a letter to that effect. If they were simply doing a non-free release that used existing kernel API's I'd be annoyed but not bothered, as it is they seem to be doing dirtier things and more blatantly than any company before. I'm hoping they will resolve this sensibly, we shall see. A few days have passed, but Sistina shows no signs of budging. Meanwhile, the OpenGFS project has started up, using the last GPL release of GFS as a starting point. Sistina may well find itself in a position similar to that of SSH Communications Security - a free version of an early release could overtake its more recent, proprietary products. See also: the Sistina Public License FAQ. Dmitry Sklyarov update. The Sklyarov story is moving into a slower mode as the U.S. Justice system grinds along. A few developments:
Inside this LWN.net weekly edition:
This Week's LWN was brought to you by:
|
September 6, 2001
|
|
Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Security page. |
SecurityNews and EditorialsTrouble with Apache SQL authentication modules. The Apache web server supports several modules which can perform user authentication from a relational database. They are certainly widely used; a site does not have to grow very large before the classic htpasswd mechanism becomes unusable. So this advisory pointing out "SQL insertion" vulnerabilities in several of these modules is worthy of some concern.SQL insertion happens when a hostile user, through a clever request to the web server, is able to pass arbitrary SQL code through to the underlying database. This code can disclose or modify data, or corrupt the integrity of the database in a number of ways; it can also, usually, be used to allow unauthorized access to the web site. This type of vulnerability comes about as a result of the combination of inadequate checking of user-supplied data and the passing of that data across module boundaries. It is an easy sort of mistake to make, and it is certain that numerous other, database-driven web applications have similar vulnerabilities. Fixing this sort of problem is relatively easy, once the programmer thinks of it. A "white list" of allowed characters filters out most such attacks without trouble. But, when passing user strings between modules, filtering in one module can require a knowledge of what strings can cause problems in the other. This kind of knowledge goes against the information hiding techniques that are usually seen as good, modular programming. As a result, programmers can be surprised, even if they are thinking about properly sanitizing user-supplied data. As applications become more component driven, the chances are that this sort of cross-module interaction will be seen more often. Security is hard, and it's not getting any easier. The X.C worm is apparently loose. This work takes advantage of the buffer overrun vulnerability in telnetd (see updates, below) to infect new systems. So far, this worm does not appear to have caused a lot of problems; many systems are no longer running telnet services, and, hopefully, most of those that still do have applied the updates. Nonetheless, for those who are concerned, a X.C discovery and removal tool has been made available by William Stearns. Security ReportsA security audit of xinetd. Solar Designer has performed an extensive audit of xinetd looking for certain types of security vulnerabilities. So many problems were found in the code that the resulting patch weighed in at over 100KB. This patch was only fully merged as of xinetd 2.3.3. The patched xinetd will certainly be safer, but Solar Designer's disclaimer is worth noting: To summarize the results, xinetd may be reasonably safe to use with these patches, but the code remains far from clean and certain bugs are there by design.
Distributor updates seen so far include: Fun with Bugzilla Users of the Bugzilla bug tracking system should upgrade to the new 2.14 release, which fixes several security holes. The worst of these vulnerabilities could lead to the disclosure of "confidential" bugs, or the compromise of the Bugzilla server as a whole. A new lpr vulnerability. A new buffer overrun vulnerability in lpr has been reported. This time around, an attacker crafts a special, incomplete print job; a subsequent request to view the printer queue causes the overrun to happen. The advisory only mentions BSD systems, but numerous Linux distributions run BSD lpr as well. Stay tuned for updates... An HTML injection vulnerability with gnut. The "gnut" Gnutella client is vulnerable to the injection of arbitrary HTML (including scripts) if a hostile user shares a file with HTML tags embedded in its name. This bug is compounded by the fact that gnut, apparently, loads a lot of files from the local drive; browsers impose fewer security restrictions in this situation. Upgrade to gnut 0.4.27 for a fix. POP3Lite message processing vulnerability. The POP3Lite POP server fails to escape leading dots in mail messages, opening it up to denial of service attacks and the creation of untraceable forged messages. Upgrading to version 0.2.4 fixes the problem.
SuSE updates screen. SuSE has issued a security update to screen fixing a local
root exploit vulnerability in that package. It seems that, if screen is
installed setuid root, a clever user can engage in some /tmp
trickery to get root privileges. SuSE's fix deals with the problem in the
code, and also removes the setuid bit. That, in turn, reduces the
functionality of screen slightly; see the advisory for information on
whether you might need to restore the setuid bit after applying the
update.
web scripts.
Proprietary products. The following proprietary products were reported to contain vulnerabilities:
UpdatesBuffer overrun vulnerabilities in fetchmail. (Found by Salvatore Sanfilippo). Two buffer overrun vulnerabilities exist in the much-used fetchmail program. Given a hostile server, arbitrary code can be run on the system running fetchmail. The solution is to upgrade to fetchmail 5.8.17. See the August 16 Security page for the initial report. Previous updates:
Previous updates:
This week's updates:
Previous updates:
Multiple vendor telnetd vulnerability. This vulnerability, originally thought to be confined to BSD-derived systems, was first covered in the July 26th Security Summary. It is now known that Linux telnet daemons are vulnerable as well.
This week's updates: Previous updates:
Buffer overruns in Window Maker A buffer overrun exists in Window Maker which could, conceivably, be exploited remotely if the user runs a hostile application. This problem initially appeared in the August 16, 2001 LWN security page. New updates: Previous updates:
Previous updates:
ResourcesThe LinuxSecurity.com Weekly Newsletter for September 3 is available.EventsComputer Security Mexico will be held November 24 to 30 in Mexico City. The call for papers has been issued; with submissions being due by October 12.Upcoming Security Events.
For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net. Section Editor: Jonathan Corbet |
September 6, 2001
LWN Resources | |||||||||||||||
|
Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Kernel page. |
Kernel developmentThe current kernel release is still 2.4.9. The latest prepatch from Linus is 2.4.10-pre4, which was released on September 3; it contains the usual array of fixes and updates. Also included is a new set of functions for access to the PCI configuration space; how this access is done has changed somewhat, but the API visible to drivers and such remains the same. A large PowerPC update is also part of this patch. Linus has kept a relatively low profile on linux-kernel since this patch came out. Alan Cox's latest is 2.4.9-ac9. It contains a merge of 2.4.10pre4 and many more changes, including a set of knobs for virtual memory tuning, a new MODULE_LICENSE tag (see below), a big PowerPC-64 merge, and more. Andrea Arcangeli has released 2.4.10pre4aa1, which contains some direct and raw I/O fixups and User-mode Linux. License tagging in modules is now a part of the "ac" kernel series. A new macro has been added, and all loadable modules should specify their licensing with a line like:
MODULE_LICENSE("GPL");
The next version of the modutils package (and the insmod command
in particular) will complain when presented with modules that lack the
license metadata. People who maintain modules will probably want to add
these tags soon.
Some people have, reasonably, asked what the purpose of this information is. The answer is that there's a few things one could do with licensing information; for example, one can imagine a tool that verifies that a particular system is running only free code. The Lineo GPL Compliance Toolset could make use of this information. The real purpose, however, is that Alan Cox is tired of receiving bug reports from people who are running proprietary modules in their systems, and wants an easy way to throw them out. Unfortunately I get so many bug reports caused by the nvidia modules and people lying when asked if they have them loaded that some kind of action has to occur, otherwise I'm going to have to stop reading bug reports from anyone I don't know personally. In other words, the loading of a proprietary module will "taint" a running kernel, and greatly reduce the user's chance of getting help from the core kernel hackers. This has always been the case; the only change is that it has, evidently, become necessary for the kernel to track its own taintedness. This tracking will happen via a sysctl flag like /proc/sys/kernel/tainted; the loading of a non-GPL module (or one lacking license information) will cause that flag to be set. Once set, the tainted flag can not be reset without rebooting. The tainted flag will be printed whenever the system panics, and post-mortem tools (i.e. ksymoops) will recover it as well. So anybody trying to track down a kernel problem will be able to see quickly if proprietary modules have ever been loaded. Of course, if users lie about which modules they load, they could conceivably mess with the tainted setting. But people aren't too worried about that happening; most users who would be able to do that are probably not the type who actually would. And, besides, as Alan points out, in the U.S. such an act could be seen as defeating a digital rights management scheme, and subject the guilty party to a five-year prison sentence, plus extra for conspiracy... The case of the conflicting block ioctls. How do you access the last sector on a odd-sized disk? The Linux kernel (normally) likes to deal with a 1K block size, which (normally) gets mapped into two contiguous, 512-byte sectors on a disk drive. But, if the drive contains an odd number of sectors, this scheme leaves the last sector unreachable. That is not normally considered to be a big problem; one missing sector does not make a very large dent in the capacity of a modern disk drive. It turns out, however, that the IA-64 architecture has defined a new partitioning scheme which stores a copy of the partition table in the last sector on the disk. With this scheme, it matters if that sector is not reachable - there is no way for an administrator to change the partition table when running under Linux. This kind of limitation can lead administrators to do irrational things, like install Windows. Clearly a fix was required. So, back in February, Michael Brown created a new ioctl call specifically to provide access to the last sector on a disk; that call is now part of the IA-64 port. It is not, however, to be found in the mainstream kernel at this time, which is part of the problem. Ben LaHaise, meanwhile, needed an ioctl call that would retrieve the size of a device as a 64-bit quantity - disks are getting big, after all. So he put together a patch with the new ioctl call. Part of his patch was to the ext2 utility programs; that patch was accepted and distributed as part of the e2fsprogs distribution a little while back. The problem: both new ioctls needed a new ioctl number. The block I/O ioctl numbers are defined in linux/fs.h, and it is a natural thing to do to pick the next one in series. There is no central registry for these ioctl numbers other than the source itself; if you have not put in a patch reserving a given ioctl number, it's not really yours. Unfortunately, Michael Brown did not put in any such patch. Ben LaHaise also failed to do so before (accidentally) getting the ioctl number included in the e2fsprogs distribution. Of course, both chose the same number. This week, Ben put in a patch to reserve the number for his ioctl. His reasoning: renumbering the IA-64 ioctl will be less disruptive than changing e2fsprogs. He also believes that the ioctl is the wrong solution to the problem; it should have been fixed for all systems in the general block code, rather than being an IA-64-specific ioctl. Michael has also sent in a patch trying to reserve the same ioctl number. Just asking for a number is not enough, though, as can be seen from Alan's reaction to Michael's patch: Rejected. I still think this is an ugly evil hack and want no part in it Ben, meanwhile, gave up on the old ioctl number and put in a new patch using a higher number. That one, too, turned out to be problematic, causing BLKGETSIZE64 to move up one more time... A new 64-bit PCI interface has been posted by David Miller. This iteration is different from previous versions in that it looks a lot more like the standard, 32-bit interface. All of the pci64_ calls have gone away, and the dma_addr_t type can be used in all drivers again. There is a new set of pci_dac_ functions for drivers needing (and able to support) a 64-bit DMA space. It has been pointed out that the PCI interface still lacks one important capability - peer-to-peer DMA transfers. There are situations where it would be helpful to move data directly between two PCI devices; for example, moving an image from a video capture device directly to video memory. There is some interest in supporting this sort of operation; an API will likely be developed in the near future. Page aging is broken? Much work is going into the improvement of the virtual memory system in 2.4 - one of the biggest remaining problems. It would be hard to summarize everything here, but one development stands out: Jan Harkes has discovered that the page aging algorithm in the kernel does not work at all. Page aging is the process of tracking the usage of pages in memory in the hopes of identifying those which have not been used in the longest time. The "oldest" pages are the first candidates to throw out when memory is tight. The 2.4 kernel, however, is aging pages so aggressively that almost all pages on the system look ancient. So a significant part of the VM system is essentially inactive, and nobody noticed until now. Alan Cox responded with a claim that the "ac" series has better VM performance due to a more disciplined approach to VM patches. Jan Harkes pointed out that the "ac" series has serious page aging problems as well. "I guess it is just more carefully papering over the existing problems." The solution, according to Rik van Riel, is to be found in the "reverse mapping" patch that he is currently working on. The current page aging scheme looks at virtual memory, via process page tables. It would be far more efficient to look at physical memory, since that is, in the end, the resource that is being managed. But it is currently difficult to find the page tables that reference a given physical page. Once reverse mapping is in place, a lot of page aging (and VM in general) problems should become easier to manage. Of course, reverse mapping looks like a fairly serious patch to be considering for the 2.4 stable series... (Those interested in trying out the reverse mapping patch should look at this posting for the latest version and a changelog). Other patches and updates released this week include:
Section Editor: Jonathan Corbet |
September 6, 2001 For other kernel news, see: Other resources: |
|
Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Distributions page.
Lists of Distributions |
DistributionsPlease note that security updates from the various distributions are covered in the security section. News and EditorialsEmbedded Distributions in the news. Embedded Linux is hot stuff right now. Now that Linux has a strong foothold in the server market, the embedded market is the next obvious target and bundled tools, such as Red Hat's Embedded Linux Developer Suite (covered on this week's Development page), will make all the difference between a superior OS and a superior OS that gets used. Consider MontaVista Software's announcement of VisualAge Micro Edition 1.4 (VAME) for Hard Hat Linux 2.0. VAME is a development and deployment solution from IBM/OTI, used for building multi-modal Java applications and the embedded devices that run them. This package combines the J9 Virtual Machine and Hard Hat Linux. Having your embedded OS run on more platforms is always helpful as well. To that end MontaVista and Tensilica disclosed a technical and marketing agreement that puts Hard Hat Linux on to Tensilica's Xtensa processor architecture. The Xtensa platform has a configurable processor core so the devices which could be built would have more flexibility than the average embedded device. MontaVista Software Hard Hat Linux support for Tensilica's Xtensa processor architecture will be available in second quarter 2002 and will be included in Hard Hat Linux Professional Edition. LynuxWorks Inc. also understands this as can be seen in this announcement of a new series of "bundle options" to include service and support with enhanced tools for the BlueCat Linux operating system platform. At the core of the bundle options is LynuxWorks BlueCat Linux 3.1, which supports architectures including Intel IA-32 and XScale micro-architecture, MIPS, ARM family (including Thumb extensions), StrongARM, PowerPC (including PowerQUICC) and Hitachi SuperH. REDSonic is expanding into the industrial control and automation market. Soon REDICE-Linux will be running a variety of automation projects. Distribution NewsDebian News. The Debian Weekly News for September 3 reports on German use of Debian by professionals with Linux experience and incompatibilities with Red Hat C++ binaries. Anyone interested in integrating Kerberos into Debian should probably join this mailing list. The Kernel Cousin Debian Hurd #105 For 28 Aug discusses available jobs and fixing stat, CD GRUB extras, Hurders Unhappy As Lookup Of "" Must Fail (differing symlink semantics), and other topics. Mandrake News. This week's newsletter from Mandrake-Linux (issue #12) covers updates in Mandrake 8.1 Beta 2, the U.S. Air Force's use of Mandrake for public Internet access, and MacWorld coverage of Mandrake for the PPC. The Mandrake Cooker Weekly News - September 3rd, 2001 contains the latest news about Mandrake Linux 8.1 (Raklet) beta (bugs found and why two betas); Cooker is frozen - new versions and features are banned from cooker, now its just bug fixes and more testing; there are tips on reporting bugs; and more. OpenBSD drops qmail, djbdns. Those of you who enjoy licensing flamewars may want to wander into this incendiary discussion on the OpenBSD list. It seems that OpenBSD has dropped Daniel Bernstein's software due to licensing concerns - the same concerns that have kept qmail and djbdns out of most Linux distributions as well. (Found on LinuxFR.org). Minor Distribution updatesCoyote Linux. The primary archive for Coyote Linux is being changed from ftp.vortech.net to ftp.coyotelinux.com. ttylinux. ttylinux released version 1.12 on August 31. See the ChangeLog for details. Section Editor: Rebecca Sobol |
September 6, 2001
Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.
|
|
Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters See also: last week's On the Desktop page.
|
On The DesktopHancomLinux merges with theKompany.
Hancom announced the merger of its product line with long time KDE stalwart theKompany. Shawn Gordon, CEO and founder of theKompany, was appointed the CEO of the U.S. division of the combined operations, to be known as HancomLinux, USA. Gordon is currently staffing the new Orange County offices of HancomLinux USA. "The word processor started out as a Windows application which was ported via Wine initially," said Gordon during a LinuxWorld interview with LWN.net. "The other applications, as I understand it, were written directly for Qt. The word processor has now been ported to Qt, though it's still beta quality right now." All of theKompany's products, which include the Visio-like Kivio and the PIM application Aethera, have been ported to the new Qt3 windowing toolkit. That makes them readily portable to Windows and the Mac, along with Linux. But Hancom's products still require porting to the new widget set. "We plan on starting that process next week with the completion scheduled for a November release," said Gordon. HancomOffice 2.0 will include the standard word processor, spreadsheet, presentation graphics and raster graphics tools along with a flowcharting tool, database management package, web page designer and PIM (Personal Information Manager). theKompany brings their Aethera PIM product, renamed as QuickSilver in HancomOffice 2.0, to the table in this deal, along with Kivio (flowchart tool). With a complete package like this, KDE becomes more attractive to desktop solutions providers. Despite GNOME's strong design and energetic development effort, it still lacks production level applications of this nature. HancomLinux, which has approximately 80 employees in 3 locations, was formed in 1999 to take the Linux product line from Korean software company Haansoft. Haansoft has been the reported market leader in the word processing market in Korea with an estimated 83% share in 2000. We'll be posting the full interview with Shawn Gordon later, after some of the post LinuxWorld dust has had a chance to settle here. Desktop EnvironmentsKDE wins 'Best Open Source Project' at LinuxWorld. KDE dot News reported that the KDE project won the "Best Open Source Project" award at LinuxWorld. KDE was well represented by both developers and the KDE League, which helps promote the environment. A summary of the event for KDE has been posted, along with a fair number of related images. KMail 1.0.x, 1.1 billionth second problems. KMail users take note: versions prior to 1.0.29.x of this email package will stop working and cause mail folder corruptions on September 9th! Users of version 1.0.29.x will only lose functionality, but no folders will be damaged. The problem stems from improper handling of the billionth second of Unix time, which started officially on January 1st, 1970. It is, essentially, a minor Y2K of Unix time, though this is the first instance of a known problem stemming from this magic date. Interview With KDE's Konqueror Team (OSNews). OSNews is running an interview with the Konqueror development team. "No, the goal is to make Konqueror as fast as Galeon, and preferably even faster, without stripping it down. Any stripping down would have to happen in Konqueror (which provides the user-interface) because KHTML only provides the rendering engine, there is little that can be stripped from the rendering engine without sacrificing standards compliance." (Thanks to Stéfane Fermigier). KC KDE Issue #21. The latest Kernel Cousin KDE is out. This issue is devoted to the events surrounding the start of KDE3 development and the Qt3 porting efforts. This week's GNOME Summary. The GNOME Summary for September 1 is available. It covers the GNOME Accessibility Framework release, Sun's desktop division, and more. GNOME 1.4.1 Beta 2. Another beta of the upcoming 1.4.1 point release for GNOME has been announced. GNUstep Community site. The GNUstep project has a new web site. The site is expected to have a new user oriented editorial each Friday helping end users make use of the evolving environment. Xfce news. A new release of XFce was announced last week. The new version, 3.8.7 adds a few new features like disabling user configuration options (for use in kiosks and set top boxes, for example) and fixes numerous bugs. In other XFce news, the XFce developers agreed to drop their file manager, known as xftree, in favor of an independently developed file manager known as ROX filer. Office ApplicationsSun shows new version of StarOffice (News.com). News.com looks forward to StarOffice 6.0. "But the current version, 5.2, has been roundly criticized as a large and sluggish product. By default, the program tries to take over many desktop functions, coming with its own 'Start' button and file browser, and all its programs load at once. Version 6.0 will break these programs into individual applications that can run independently, said software demonstrators at the LinuxWorld Conference and Expo where the software has been demonstrated this week." Is StarOffice ready to take on Microsoft Office? (ZDNet). This article on StarOffice is mostly targeted at the Windows platforms but is still relevant to users of StarOffice on Linux. "China views Microsoft's desktop dominance with suspicion, raising the possibility that it will adopt Linux or even StarOffice on Windows. Microsoft's recent increase in licensing fees has inadvertently helped make StarOffice more attractive to Latin America and also to extremely budget-conscious organizations." Desktop ApplicationsMacGIMP reviewed. GIMP for MacOS X was reviewed this week by MacWrite.com. "As possibly the first packaged application for Mac OS X, MacGIMP opens up a new chapter in OS X's fresh history. It may well usher in a host of X11 applications meant to run locally on your Mac. This one also uses the X Window System very effectively, and sets a benchmark for other applications to reach for." (Thanks to GIMP News) Appgen, Macmillan to launch Moneydance 3.0 and MyBooks 5.1 for Retail Vision. Are these Linux based retail editions? Yes, they are. Review them a little. GNOME applets 1.4.0.4. A new release of the GNOME Applets package was announced this past week. The GNOME Applets are a series of small applications such as clocks, file browsers and sound mixers that can be embedded in GNOME Panels. This is mostly a bug fix release. And in other news...Another new Linux-based Korean PDA expected soon (LinuxDevices). LinuxDevices.com previews an upcoming Linux PDA, complete with picture. "The new PDA's application software includes PDA PIM (Personal Information Management) applications, Internet functions (web browsing, email, etc), and extensive multimedia capabilities (players for MPEG, MP3, etc.). A Korean-English dictionary and several games are also included with the device." gdkxft 1.1 released - Anti-Aliased fonts for GTK+ 1.2. Within days of the 1.0 release, a 1.1 release of gdkxft has been announced. This package permits existing GTK+ 1.2 applications to incorporate anti-aliased text rendering in their widgets without recompiling the application. This works only with dynamically linked applications, of course. There are varied reports of success with this and the primary web site for the project presents an ominous disclaimer: A botched install of gdkxft has the potential to make your X configuration unworkable. Note that gdkxft only works with XFree86 4.x, with 4.1 recommended. GTK+ 1.3.7. Owen Taylor posted a note for the release of GTK+ 1.3.7, a developers version of the pre-GTK+ 2.0 series. This one still has lots of bugs, so only developers wishing to learn more about what 2.0 will be like or who are interested in working on GTK+ itself should take the plunge. Section Editor: Michael J. Hammel |
September 6, 2001
| |
|
Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Development page. |
Development projectsNews and EditorialsRed Hat's Embedded Linux Developer Suite. Following a relatively quiet week at LinuxWorld, Red Hat announced a new offering this week: the Red Hat Embedded Linux Developer Suite. The suite includes an embedded version of Red Hat Linux, the gcc cross-development tool suite, an embedded boot loader, and the usual set of associated services. Support is provided for several processors. Red Hat recently announced a number of other initiatives including an e-commerce offering and a PostgreSQL based database package. But their foray into the embedded Linux marketplace, ignoring their eCOS alternative, has been rather minimal up to this point. Red Hat has supported the tools essential to embedded work (i.e. gcc, binutils, and glibc), but as avoided the creation of its own embedded distribution. One of the few bright spots of late for computing has been the embedded space, which Linux vendors have nearly saturated. Vendors such as MontaVista, Lineo, LynuxWorks and RidgeRun already market Linux based distributions for embedded systems. The question is whether Red Hat can use it's relatively well known name to power its way into a growing but well seeded arena. Red Hat's advantages, of course, are its long experience (by way of Cygnus) and its high-profile name. Given those, the company may just be able to muscle its way into the embedded distribution market, despite a late start. Research Triangle Park, N.C. based Red Hat is expected to ship the new embedded product sometime in October. Mozilla leader laid off from Netscape. Mitchell Baker, lead wrangler of Mozilla.org, was laid off last Thursday from Netscape (or rather AOL's Netscape Division). Her personal notice to the Mozilla project members states that while she is no longer with Netscape, she intends to remain active with the Mozilla project. There have been unconfirmed reports that this may be have been part of a larger layoff, which spawned rumors that it was all part of Netscape's earlier announcements stating that company's intent to exit the browser market. However, as of press time, LWN.net has been unable to confirm the larger layoff reports. A brief notice was posted to Bugzilla noting Baker's departure, but there has been little added discussion there. Users of Bugzilla have requested that visitors not burden the server looking for what isn't there. The story didn't escape Slashdot's faithful. One feedback post says Baker was fired from Netscape, though Mitchell's own account says her position was eliminated. Requests for comments on this situation from various Netscape and Mozilla members has produced no additional information as yet, though we're still looking into the matter. It should be pointed out - though it shouldn't need to be - that even if AOL/Netscape were to completely eliminate all staff actively working on Mozilla, the project wouldn't die. Therein lies the beauty of open source. The company need not continue the financial burden of such a project, but the project need not be held hostage to corporate whims or economic downturns. Well wishes go out to Baker and any other ex-Netscape Mozilla contributors with hopes that they'll land on their feet in short order. LSB Filesystem Hierarchy Standard 2.2 test suite. The LSB Filesystem Hierarchy Standard 2.2 test suite is now available. The FHS, of course, specifies where files should be located in a Linux distribution as part of the Linux Standard Base. This test suite may be used to verify a distribution's compliance with version 2.2 of the FHS. Embedded SystemsA walk on the embedded side . . . of LinuxWorld SF 2001 (LinuxDevices.com). Rick Lehrbaum of LinuxDevices.com says embedded Linux is on the rise as he takes a walk on the embedded side of LinuxWorld. "In the past, Embedded Linux products and technologies accounted for roughly 10 percent of what was showcased at LinuxWorld. At this show, the Embedded Linux fraction seems to have increased to around 15-20 percent. Not surprising, given the strong growth in developer interest in Embedded Linux reported in recent months by market analysts VDC (story), Evans Data Corp (story), and others (story)." DatabasesNuSphere MySQL (Unix Review). Unix Review reviews NuSphere MySQL. "All in all, I'm disappointed that NuSphere did not do a better job of documenting their product. Remember, most of the software included in NuSphere MySQL is freely available. What a user is really paying for is convenience, information and support." MiniSQL updates. MiniSQL, known more commonly as mSQL, has had a couple of new releases this past week. The first is the last stable release of the 2.0 series, version 2.0.12. This release fixes a security problem with the w3-auth access control. Also this week, the third beta release for the new 3.0 version was announced. Database Gorilla Hunter (TechWeb). TechWeb reviews PostgreSQL 7.1 from GreatBridge. "If your business has hefty database requirements, it's hard to imagine an open-source option that's a true alternative to the established commercial database engines. Great Bridge, however, brings software, service and support together in a product that can be safely considered for many smaller organizations or apps." phpMyAdmin 2.2.0 released. phpMyAdmin 2.2.0, a web administration tool for MySQL, has been released. There are security fixes in this release, so an upgrade is recommended; there's also a long list of new features. EducationSeul/EDU Linux in Education Report. The Seul/EDU Linux in Education Report for September 3 is out; this issue has a strong emphasis on putting Linux systems in schools, and delves into the question of whether an education-specific distribution is called for. Why should open source software be used in schools?. LinuxMedNews pointed us to an article on why open source software should be used for general education. "Students should, at least, be given the opportunity to see how their new tools work. They should be given the opportunity to examine the inner workings of software. They should be given the opportunity to extend the functions of their tools, where they see or imagine possibilities. They should not be held back by locking the toolbox of the Information Age and told they must not peer inside, must not try to discover how it works, must not share their tools with others, must not use their tools without paying proper tribute to the software overlords, under penalty and punishment of law." Plenty of links are used to back up the arguments here, making this is a useful reference for educators working on Linux in the classroom projects. Electronicsgerbv 0.0.2 and prerelease Savant. The gEDA site pointed out the releases of two early-stage projects: gerbv 0.0.2 and Savant. Printing SystemsCUPS Book. A book on CUPS, published by SAMS and written by Easy Software Products founder Michael R. Sweet, is now available from the Easy Software website. Omni printer driver 0.4.2. Another release of the Omni printer driver has been made available from IBM's Linux Technology Center. This release was created to allow Omni to be used with the latest levels of Foomatic and printconf. StandardsWorld Wide Web Consortium Issues SVG 1.0. W3 has issued the SVG 1.0 specification as a recommendation, meaning that the specification is stable, contributes to Web interoperability, and has been reviewed by the W3C Membership, who favor its widespread adoption. Web-site DevelopmentZope News for August 31. The Zope News for August 31, 2001 is out. It covers the Zope 2.4 beta release, a new ZEO beta release, the SecurityJihad project, Paul Everitt's new son, and more. Zope 2.4.1 released. Zope 2.4.1 has been released; it is primarily a bugfix release, which includes the recent security updates. Section Editor: Michael Hammel |
September 6, 2001
|
|
|
Programming LanguagesLispLISA 1.0 released. The official release of LISA 1.0 was announced this past week. LISA is a platform for the development of Rete-based intelligent systems in Common Lisp. The most significant new feature in Version 1.0 is full support for rule redefinition within a running inference engine. The full announcement can be found online. CMU CL CVS server move causes temporary service disruption. The CVS repository for CMU CL is being moved to a new server, which will keep the sources and binary distributions unavailable from their normal locations for a few weeks. Until then, backup repositories have been made available. PHPPHP Weekly Summary #52. This week's summary for PHP development includes talk of some new gettext additions, a fix for broken output buffering, and word of tighter Apache integration in future versions. PythonImproving the social infrastructure of Python (developerWorks). Here's an article on Python documentation and distribution utilities on IBM's developerWorks site. "By way of background for any Python beginners reading this, Python has long had some semi-formal documentation standards. These standards have not attempted to constrain developers unduly, but rather to offer the 'one obvious way to do it.' Fortunately, Python developers, as a rule, have always been far better documenters than typical developers in other languages." This week's Python-URL. Here is a relatively thin Dr. Dobb's Python-URL for August 30, 2001. Topics include a look at WebWare, WebDAV module progress, a look at Tinter, and file locking issues. Tcl/TkThis week's Tcl-URL. Here is Dr. Dobb's Tcl-URL for August 31, with the latest from the Tcl/Tk development community. This issue looks at XML and XSL, tcl plugins, and new versions of e4graph, sgxTools, ActiveTcl, and moodss. Section Editor: Forrest Cook |
Language Links Caml Caml Hump Tiny COBOL Erlang g95 Fortran Gnu Compiler Collection (GCC) Gnu Compiler for the Java Language (GCJ) Guile Haskell IBM Java Zone Jython Free the X3J Thirteen (Lisp) Use Perl O'Reilly's perl.com Dr. Dobbs' Perl PHP PHP Weekly Summary Daily Python-URL Python.org Python.faqts Python Eggs Ruby Ruby Garden MIT Scheme Schemers Squeak Smalltalk Why Smalltalk Tcl Developer Xchange Tcl-tk.net O'Reilly's XML.com Regular Expressions |
|
Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters See also: last week's Linux in the news page. |
Linux in the newsRecommended ReadingNow Showing: Dmitry Sklyarov's Las Vegas Gamble (Planet PDF). Planet PDF has posted a detailed description and commentary on Dmitry Sklyarov's Las Vegas presentation. "At that point, a voice from the darkened room shouts a question, seemingly wanting to verify whether the full commercial version of AEBPR is still available. 'Not at this time,' Sklyarov says. The voice persists, apparently seeking further explanation on the product and on ElcomSoft's intent. 'We don't make our mind up to hit publisher,' Sklyarov says. 'We must prove that eBook distribution based on PDF technology is insecure.' During the remainder of the presentation, he methodically proceeds to do so." Senator plans anti-piracy copyright legislation (NewsBytes). As if the DMCA weren't enough: here's a NewsBytes article on the next bright idea from Washington: "Consumer electronics hardware makers, including computer manufacturers, would be required to develop anti-piracy technology to be included in their products under proposed legislation from Senate Commerce Committee Chairman Ernest 'Fritz' Hollings, D-S.C." Commentary: Making the move to Linux (News.com). The Meta Group, via News.com, says, Linux is still a fringe player in the corporate world, however the "Meta Group now recommends that large enterprises consider a limited number of Linux server deployments or pilot projects." This is about as positive as Meta has ever been... LinuxWorldLinux debate focuses on future (News.com). News.com has put up a series of video clips on discussions about the future of Linux. Participants include Linus Torvalds, Dirk Hohndel, and Brian Behlendorf. MS Hailstorm is no threat - Torvalds (Register). The Register reports from the "Future of Linux" panel at LinuxWorld. "Torvalds' genius for project management, and specifically for resolving the most acrimonious disputes amicably is often remarked upon, but here was a perfectly example of it in practice. His soundbyte incited the largely libertarian audience to an ovation, but contained the message that governments do have the power to draw boundaries around private greed." (Thanks to Dave Killick). Linux World Starts with a Bang (IT-Director). IT-Director reports from LinuxWorld as a way of looking at the Linux industry as a whole. "As Linux begins to be significant in the Enterprise space, organisations must use suppliers that have a global presence. In this respect SuSE needs to face the challenge posed by market leader Red Hat. It will be a tough fight for SuSE." Red Hat CEO pushes Linux in schools (News.com). Here's a report on Matthew Szulik's LinuxWorld keynote on News.com. "Linux developers must take some of the time they now devote to programming and put it toward boosting open-source software in education, Red Hat Chief Executive Matthew Szulik said Thursday." Lawyer Lessig raps new copyright laws (News.com). News.com covers Lawrence Lessig's LinuxWorld keynote. " Lessig accused programmers of two counterproductive attitudes that will lead to the collapse of the current climate of innovation. Under the first, programmers argue that they're just writing code and that they'll leave politics to the politicians. Under the second, programmers argue that 'what goes on in Washington is a pathetic waste of life,' and that 'we should build a world of freedom that they can't penetrate.'" CompaniesEgenera to debut $250,000 Linux server (News.com). News.com reports on the new high-end server from Egenera. "Egenera hopes to succeed where other server specialists such as VA Linux Systems, Cobalt Networks and Network Engines have struggled. Analysts say Egenera's market--financial-services companies and service providers--is small but lucrative." Compaq boosts Red Hat ecommerce suite (Register). The Register looks at the Red Hat/Compaq e-commerce offering. "One point worth considering before anyone ventures out and buys the five system cluster is that of the database. Red Hat's database is based on the PostgreSQL database which, although fine under normal loads, has little in terms of proof points when it gets into real heavy-duty work. It is, essentially, unproven at the high end which is, presumably, the kind of work it will encounter on a five node cluster." TurboLinux Intros Automated Configuration Software (TechWeb). Here's TechWeb's take on Turbolinux' PowerCockpit. "The software lets the IT manager set up each Linux configuration separately and then collect an image from the fully configured server and put it into a repository. Later, if that configuration is need on another server, it can be redeployed. One configuration might be TurboLinux with IBM WebSphere, another might be Red Hat with Apache. " Turbolinux tool eases provisioning of Linux servers (ZDNet). ZDNet has an article on the new, proprietary "PowerCockpit" tool from TurboLinux. "Enterprise users and manufacturers spend a lot of time configuring and deploying systems, and Linux, with its flexibility, makes that task even more challenging. The time-consuming process of upgrades and incremental adds to corporate IT infrastructures has been taking its toll, so Turbolinux focused on providng a solution that offers flexible processing power." Sun shows new version of StarOffice (News.com). News.com looks forward to StarOffice 6.0. " But the current version, 5.2, has been roundly criticized as a large and sluggish product. By default, the program tries to take over many desktop functions, coming with its own 'Start' button and file browser, and all its programs load at once. Version 6.0 will break these programs into individual applications that can run independently, said software demonstrators at the LinuxWorld Conference and Expo where the software has been demonstrated this week." Corel sells Linux desktop OS to Xandros (ZDNet). This ZDNet article looks at Xandros's acquisition of Corel Linux. "'In terms of the deal, we get the code to Corel's Linux distribution and all licensing rights,' [Xandros president Michael] Bego said. 'Corel has also signed an 18-month non-compete agreement. So, essentially, we have bought Corel's Linux operating system, including its as-yet unreleased third-generation software, as well as access to its channel, support and sales pipeline.'" When VA was the news (NewsForge). NewsForge looks at VA Linux Systems. "Whatever the deficits of VA's business plan, it was brilliant compared to businesses that decided that the Internet was the ideal way to sell broccoli or Kibbles n Bits. Unfortunately for VA, by the time the company had fully ramped up to sell to this market it had disappeared." BusinessA month Microsoft won't forget (ZDNet). ZDNet looks back at a hard month for Microsoft. "All you need to do is scan the headlines for the last 30 days to see that Linux and open source have gained significant momentum, beautifully leveraging the turmoil in which Microsoft now finds itself. In all its life, IBM OS/2 never achieved the popularity Linux has in just the past month. Fortunately, for IBM, the company couldn't have picked a more precise moment to announce its big customer wins that include Linux running on a range of systems that span low-end servers to big iron." ReviewsLSP: migrate from Windows NT to Linux (ZDNet). ZDNet reviews DAS Technology's LSP, a utility that automates migrating file and print sharing services from a Windows machine |
