![[LWN Logo]](http://old.lwn.net/images/lcorner.png)
![[LWN.net]](http://old.lwn.net/images/bigpage.png)
|
|
|
Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise
news for all interests
 Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Letters
Other LWN stuff:
Archives/search
Recent features: Here is the permanent site for this page. See also: last week's LWN.
|
Leading items and editorialsThe war requires closed source? Consider, for a moment, this eWeek article, which covers Microsoft VP Jim Allchin's testimony at the antitrust trial:
A senior Microsoft Corp. executive told a federal court last week that sharing information with competitors could damage national security and even threaten the U.S. war effort in Afghanistan.
Mr. Allchin, of course, is worried about the technical disclosure requirements that the nine dissident states are trying to work into the antitrust settlement. A high-profile, upstanding, public company like Microsoft would certainly never dream of using the war in Afganistan just to avoid some commercial discomfort, so one concludes that this threat must be real. The national security of the United States, it would seem, is dependent on the continued security-through-obscurity of closed source code. Of course, there is no way, really, to know if that claim is true or not. The code is closed, so we will never know where the problems might be until somebody breaks it. The public does not know, the government does not know. There is no way to verify the security of code that is running in truly mission critical situations. Not cool. The time for entrusting one's security to closed code has certainly passed. That time has passed whether the system in question is used by the kids to play games, is a corporate web server, is used by the CEO to play games, or is used by a general to run a military operation. If you cannot look at your software, you are depending entirely on the "trust me" claims of a corporation which has its own interests at heart. That is not a good position to be in, and it is increasingly unnecessary. The sooner that free software finds its way into "mission critical" applications, the safer we will all be. Software and warranties. Software is a strange business, in that it manages to escape the consequences of its mistakes in a way that few other industries can manage. If your disk drive explodes, your car's wheels fall off, your toaster catches fire, or your beer fails to make you attractive to the opposite sex, you can sue the manufacturer for damages. Well, maybe the brewer will get away with it. But, in general, vendors cannot escape liability for the things they sell - except for software vendors. There is a rumbling in the distance, however, that suggests that pressure for change is increasing. The National Academy of Sciences has called for software vendors to be liable for defects in their products. Bruce Schneier has also called for liability as a way of reducing security problems:
If we expect software vendors to reduce features, lengthen development cycles, and invest in secure software development processes, they must be liable for security vulnerabilities in their products.
No doubt liability would change life for software vendors; they would be forced to concentrate far more attention on reliability and security. The cost of software would go up to fund that effort and to pay for liability claims. It would be a different world. Life would change for free software too, however. If a developer can be sued for a bug which appears in software which was released for free, the supply of free software will dry up in a hurry. Free software developers do not have the resources for fanatical quality control procedures or to buy insurance against liability suits. The free software development process depends heavily on users to help find problems. Distributors of free software also have much to fear from exposure to product liability suits. Some Linux distributors are more careful than others, but they all package up vast amounts of software that they did not write, and for which they are in no position to write guarantees. The software business as a whole, perhaps, is not yet in a position to assume liability for its products. The state of the art in software development remains primitive. Yet it would be a good thing to encourage software producers to focus more on the reliability and security of their offerings. But any such change must be done in a way that does not destroy the free software ecology. One possible position to take could be that closed-source software, being a proprietary black box, should come with warranties and liability coverage. By making its source available (not necessarily with a free license) a company could enable others to audit its software, and, in the act, transfer liability to the users of that software. All free software would, thus, retain its current "no warranty" status. Don't expect proprietary software companies - and the congressmen they buy - to be pleased with that idea, however. 2600 case appeal denied. A U.S. Federal Appeals Court declined to review the 2600 DVD case, leaving the lower court ruling unchanged. Thus, it is still illegal to post the DeCSS code, or even a link to it. The one remaining option at this point is to appeal to the Supreme Court; no decision, yet, has been announced as to whether that course will be followed or not. The LWN.net Weekly Edition will not be published next week so that the LWN staff can enjoy the Memorial Day holiday, and so we can finish up a surprise that we hope to make available soon. The daily updates page will be maintained as usual, and the Weekly Edition will return on June 6. Inside this LWN.net weekly edition:
This Week's LWN was brought to you by:
|
May 23, 2002
|
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Letters See also: last week's Security page. |
SecurityNews and EditorialsLegacy, security-free protocols: goodbye rlogind (OpenBSD Journal). OpenBSD Journal reports that rlogind and rexecd have been removed from OpenBSD. "Hopefully other operating systems and software vendors will take note and cease having installation or runtime dependencies on r* programs." We certainly agree. Verifying that rlogin and telnet are disabled has been part of securing a Linux installation for as long as your editor can recall. CRYPTO-GRAM newsletter. Here is Bruce Schneier's CRYPTO-GRAM newsletter for May. It looks at Kerckhoffs' Principle (no security through obscurity) and a technique for fooling fingerprint scanners with fake fingers made of gelatin. "Gummy fingers can even fool sensors being watched by guards. Simply form the clear gelatin finger over your own. This lets you hide it as you press your own finger onto the sensor. After it lets you in, eat the evidence." International Developers Finger Biometrics as Most Effective User Authentication Method. In contrast to Bruce Schneier's comments (above), Evans Data Corporation has announced the results of the Evans Data Spring 2002 International Developers Survey. "The Evans Data Corp. survey of more than 400 programmers working outside North America found that biometric solutions generally -- and signatures and fingerprint identification specifically -- have the strongest backing among developers seeking tools to help keep computer networks free from unwanted intrusions and other security breaches." OpenSSH 3.2.2 released. The OpenSSH developers have released OpenSSH 3.2.2. Security fixes and other changes are available in this release. Mailman 2.0.11 released. Mailman 2.0.11 has been announced. There are fixes for a couple of cross-site scripting vulnerabilities in this release, so an upgrade is recommended. Security ReportsRemotely-exploitable vulnerability in fetchmail. Unpatched versions of fetchmail prior to 5.9.10 have a remotely-exploitable buffer overflow problem. Updates which fix the problem have been released by:
SuSE alert for shadow/pam-modules. A security announcement has been released by SuSE for shadow/pam-modules. "The shadow package contains several useful programs to maintain the entries in the /etc/passwd and /etc/shadow files. The SuSE Security Team discovered a vulnerability that allows local attackers to destroy the contents of these files or to extend the group privileges of certain users." Caldera security update to imapd. Caldera International has issued a security update to imapd fixing a buffer overflow vulnerability in that package. Red Hat updates for mpg321. Red Hat has issued an update for mpg321 that fixes a network streaming buffer overflow bug. SuSE alert for lukemftp. SuSE has issued a security alert for the lukemftp,, ftp client. "A buffer overflow could be triggered by an malicious ftp server while the client parses the PASV ftp command. An attacker who control an ftp server to which a client using lukemftp is connected can gain remote access to the clients machine with the privileges of the user running lukeftp. [...] The lukemftp RPM package is installed by default."
ViewCVS cross site scripting vulnerability The
problem exists in ViewCVS version
0.9.2 and under. The ViewCVS team is working on a fix.
"ViewCVS is a WWW interface for CVS Repositories."
web scripts.
Proprietary products. The following proprietary products were reported to contain vulnerabilities:
UpdatesDHCP remotely exploitable format string vulnerability. The May 8, 2000 release of ISC DHCP 3.0p1 fixes this serious vulnerability in ISC DHCPD 3.0 to 3.0.1rc8 inclusive. We encourage dhcp users to upgrade, disable dhcp or, at a minimum, consider using ingress filtering as described in the CERT advisory. (First LWN report: May 16). Note: Distributions which use version 2 of ISC DHCP, such as Red Hat Linux, are not vulnerable. This week's updates: Previous updates: GNU fileutils race condition. A race condition in rm may cause the root user to delete the whole filesystem. The problem exists in the version of rm in fileutils 4.1 stable and 4.1.6 development version. A patch is available. (First LWN report: May 2). This week's updates: Previous updates:
Problem loading untrusted images in imlib. Versions of imlib prior to 1.9.13 used the NetPBM package in ways which "make it possible for attackers to create image files such that when loaded via software which uses Imlib, could crash the program or potentially allow arbitrary code to be executed." (First LWN report: March 28). This week's updates:
Previous updates:
Mozilla XMLHttpRequest file disclosure vulnerability. This XMLHttpRequest security bug impacts all Mozilla-based browsers. "The bug is found in versions of Mozilla from 0.9.7 to 0.9.9 on various operating system platforms, and in Netscape versions 6.1 and higher." (First LWN report: May 2). This week's updates: Previous updates:
ZDNet also covered the vulnerability with a focus on its presence in Netscape. Buffer overflow in OpenSSH's sshd. According to the advisory, it could be remotely exploitable, but only under a set of relatively rare conditions: "AFS has been configured on the system or if KerberosTgtPassing or AFSTokenPassing has been enabled in the sshd_config file. Ticket and token passing is not enabled by default." (First LWN report: April 25). The problem is fixed in the OpenSSH 3.2.2 release. This week's updates: Previous updates: Both PHP3 and PHP4 have vulnerabilities in their file upload code which can lead to remote command execution. This one could be ugly; sites using PHP should apply updates at the first opportunity. If an update isn't available for your distribution, users of PHP 4.0.3 and later are encouraged to consider disabling file upload support by adding this directive to php.ini: file_uploads = Off CERT has issued this advisory on the problem. This article in the Register also talks about the vulnerability. (First LWN report: March 7). Developers using the 4.2.0 branch, are not vulnerable because because file upload support was completely rewritten for that branch. This week's updates: Previous updates:
Update: Despite some concern expressed in an earlier report by LWN, these updates do, in fact, fix the problem. The original update from the php team fixes the security hole but introduces a "rare segfault condition" that is not a security problem. Sharutils potential privilege escalation using uudecode. According to the CVE entry, "uudecode, as available in the sharutils package before 4.2.1, does not check whether the filename of the uudecoded file is a pipe or symbolic link, which could allow attackers to overwrite files or execute commands ." (First LWN report: May 16). This week's updates: Previous updates: Multiple vulnerabilities in tcpdump. Version 3.5.2 fixed a buffer overflow vulnerability in all prior versions. However, newer versions, including 3.6.2, are vulnerable to another buffer overflow in the AFS RPC functions that was reported by Nick Cleaton. (First LWN report: May 9). Both problems appear to have been reported and fixed in FreeBSD some months ago. The CIAC report on the vulnerability in versions prior to 3.5.2 is dated October 31, 2000. Nick Cleaton's FreeBSD security advisory on the AFS RPC bug, and reference to a fix for FreeBSD, is dated July, 17, 2001. Tcpdump 3.7 was released on January 21, 2002. This week's updates:
Previous updates:
This one is scary. The session ID spoofing vulnerability allows the "possibility that arbitrary commands may be executed with root privileges." Upgrading is strongly recommended. At a minimum avoid the "preconditions for a successful exploit" by disabeling password timeouts under Webmin->Configuration->Authentication. This week's updates: ResourcesLinux security week. The Linux Security Week and Linux Advisory Watch publications from LinuxSecurity.com are available. Cross Site Scripting FAQ. Cgisecurity.com has published The Cross Site Scripting FAQ "which covers frequently asked questions in relation to Cross Site Scripting Attacks." EventsUpcoming Security Events. Canadian Security & Intelligence Conference for 2002 announced. CSICON will be held August 19-21, 2002 at the Hyatt Regency, Calgary, Alberta Canada. "This is a technical security conference aimed at IT Professionals, and IT Security Managers. Enjoy three days filled with presentations and discussions around IT Security issues free of vendor pitches." ICICS 2002 call for papers. The 4th International Conference on Information and Communications Security will be held December 9-12, 2002 in Singapore. "Original papers on all aspects of information and communications security are solicited for submission. The proceedings of ICICS'02 will be published in Springer-Verlag's Lecture Notes in Computer Science series."
For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net. Section Editor: Dennis Tenney |
May 23, 2002
LWN Resources | ||||||||||||||||||||||||
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Letters See also: last week's Kernel page. |
Kernel developmentThe current development kernel is 2.5.17, which was announced on May 20. This release includes the new quota code (see below), some VFS changes, and quite a few other improvements and fixes. Linus released 2.5.16 on May 18; it contained a bunch of low-level x86 paging changes, the usual IDE patches, the 64-bit jiffies patch (no more uptime wraparounds), a bunch of USB updates, an IrDA update, and various other fixes. Linus has been posting changelogs in a new, shorter format; for those who prefer the details, here are the long-format logs for 2.5.16 and 2.5.17. The latest prepatch from Dave Jones is 2.5.15-dj2. The current 2.5 status summary from Guillaume Boissiere is dated May 22. The current stable kernel release is 2.4.18; Marcelo has not released any 2.4.19 prepatches since May 2. Alan Cox released 2.4.19-pre8-ac5 on May 20; it contains the latest reverse mapping VM, various copy_to/from_user cleanups (see below), a bunch of aacraid and I2O changes, and many other fixes. Alan has also released 2.2.21, which contains only one small fix added after the last release candidate. The new disk quota code went into 2.5.17. The reimplemented quota system is the work of Jan Kara, who has posted a brief summary of the changes. With the new quota implementation there is, of course, a new quota file format. It brings a number of advantages, including 32-bit user IDs and accounting for files sizes in bytes rather than blocks. Filesystems like ReiserFS, which take pains to store very small files efficiently, will benefit from the more accurate quota accounting. The old quota format is still supported, however, along with any other format that people might wish to implement: quota formats may now be implemented by separate modules and plugged in as needed. The filesystem interface to quotas has changed, of course. Filesystems now have much more flexibility to override, modify, and extend quota operations. Thus, for example, journaling filesystems can journal quota operations as well. The old quota tools can be supported through a compatibility interface, but really taking advantage of the new code will require new tools. Those can be found on the Linux quota SourceForge page. Software suspend goes in. Pavel Machek posted a new version of the software suspend code (written originally by Gabor Kuti) asking "What can I do to make this applied?" The answer, according to Linus, is nothing - he has accepted it for 2.5.18. The swsusp patch provides a laptop-style suspend capability to any machine, whether the underlying BIOS power management code supports it or not. When you tell your system to suspend (via a "magic sysrq" key, a user-space tool, or /proc/acpi/sleep), it starts by flushing everything to disk that it can. Files are synced to disk, processes are swapped out, and in-kernel data structures are reduced to a minimal state. This step is required to save important data, of course, but it also has the effect of freeing up a great deal of memory which will, then, not need to be saved separately. The suspend code then sets up a new set of page tables for all remaining memory which must be saved; the swap code, at that point, can be used to save the rest to disk. Once that is done, the system can be halted. Restoring the system is done by booting with the "resume=" option; it pulls in all of the saved memory and generally reverses the steps taken above. Suspending a running system in this way is a task with many potential pitfalls, and, no doubt, one or two of them remain in the code. It is marked "experimental" for a reason. Nonetheless, this patch has been circulating for a long time, and has been tested by quite a few people. It was time for it to go into the mainline kernel. Still waiting for kbuild. Keith Owens has sent out his 'third and final attempt' to get a response from Linus on when and how the new kernel build patch might get merged. Linus still appears to not have answered Keith directly, but he did let this slip in a thread on a completely different subject: I'm hoping we can get there in small steps, rather than a big traumatic merge. I'd love to just try to merge it piecemeal.
This suggests that somebody needs to split apart the kbuild patch into a number of small, incremental steps. Of course, this patch is not the easiest to split in that manner... /dev/port goes out. Martin Dalecki, seemingly, has not been flamed enough despite all of his IDE work. So he set out to remove the /dev/port device. /dev/port is a pseudo device which makes it easy for suitably privileged application programs to access (x86) I/O ports via read and write calls. Martin cites a number of problems with the code, including the fact that nobody is using it. Interestingly, Martin didn't get his desired flames, despite a separate attempt to stir them up. Linus agrees that it should probably go; about the only dissent came from Alan Cox, who claims to have seen it used, especially in scripting languages. Linus has not issued a final decree, but it looks like /dev/port is no more. copy_*_user and errors. The kernel, of course, runs in its own memory space that is distinct from the address space given to each user process. So some care must be taken when moving data between the two; it's not just a matter of following a pointer. The kernel provides a whole set of functions that copy data between kernel and user space; the two most general are called copy_to_user and copy_from_user. A common convention for utility routines within the kernel is to return zero on success, and an error code (suitable for passing back to user space) on failure. But the copy functions are different: they return the number of bytes that were not actually copied. For most operations, that value will be zero - everything is copied as requested. When something goes wrong, however, the return value tells just how far into the operation the error happened. Rusty Russell sees a problem with this interface: kernel programmers get confused and expect that the copy functions follow the same conventions as most other kernel utilities. That leads to code like the following (taken from the Intermezzo filesystem):
error = copy_from_user(&hdr, buf, sizeof(hdr));
if ( error )
return error;
The problem, of course, is that the "error" returned to the user does not
look like an error code. Thus problems are not caught and bugs result.
That's when the programmer is happy that liability laws have not caught up
to software yet.
Rusty states that, of the 5500 copy calls in the kernel, 415 are incorrect, despite an audit done one year ago. He would like to change the copy functions to return an error code like most other utilities, or to send a segmentation fault signal and return nothing at all. Either solution would eliminate what he sees as a trap which trips up many or most kernel programmers sooner or later. (Of course, being Rusty, he expressed it in a rather more colorful manner). Making internal kernel interfaces safer to use seems like a good cause, but Rusty seems to be mostly alone on this one. The main counterpoint is that the "partial success" return value can be useful in some situations: restarting system calls after signals or simply reporting a partial result back to user space. There are, however, very few places in the code where that information is actually used. On the other hand, it has been pointed out that a partial success value "n" need not indicate that the first n bytes were copied. Trying to speed things up with fancy MMX instructions could cause things to be copied in strange orders. Andrew Morton has also pointed out a bug in the copy code that can corrupt data (though it's not something that comes up in normal use). That bug could be fixed by copying from the far end of the array first in some situations. The point of all this is that a partial success might not tell you which bytes were actually copied. That notwithstanding, it looks like very little will actually change - Linus has spoken: The current interface is quite well-defined, and has good semantics. Every single argument against it has been totally bogus, with no redeeming values. One can not accuse Linus of not being clear on what he thinks. So the one remaining approach, it seems, is to simply go through and fix all of the broken copy calls on a regular basis. Arnaldo Carvalho de Melo has already jumped into that task, posting fixes for intermezzo, OSS, ISDN, block drivers, and USB. But chances are more mistakes will creep in with future patches. Other patches and updates released this week include:
Kernel trees:
2.4 backports
Core kernel code:
Device drivers
Filesystems:
Kernel building:
Miscellaneous:
Section Editor: Jonathan Corbet |
May 23, 2002 For other kernel news, see: Other resources: |
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Letters See also: last week's Distributions page.
|
DistributionsPlease note that security updates from the various distributions are covered in the security section. News and EditorialsClustering and the Linux distribution. Distributions that manage computer clusters have a somewhat different task than the usual server or workstation distributions. Good clustering software will create a whole that is greater than the sum of its parts. But when the software is not properly configured, the cluster could instead become less than the sum of its parts. There are several cluster distributions already on the LWN list, scattered over several categories. For example, the Rock Linux Massively Parallel Processing(MPP) project is closely tied to its well known parent. MSC.Software built MSC.Linux for high-performance, high-availability, cluster computing. Clearly it's a special purpose distribution. Also specialized, but listed under CD-based, is ClumpOS. ClumpOS is a Linux/MOSIX mini-distribution designed to allow you to quickly, or temporarily, add nodes to a MOSIX cluster. Scyld Beowulf, from the original Beowulf development team, is tied to its hardware, as is the PowerPC-based Black Lab Linux. In addition to these distributions, there are a number of clustering packages that are designed to run on top of an operating system. There are commercial packages that will even support the use of multiple operating systems within the cluster. These products are not in the scope of this page. However, other projects provide a specially configured distribution, bundled with its unique cluster management software. These later products may evolve into unique distributions. Thanks to Andrew Shewmaker, we'll introduce two cluster projects that may have crossed that fuzzy line between a software package and a Linux distribution. Red Hat based OSCAR is a fully integrated and easy to install software bundle designed for high performance cluster computing. OSCAR v1.2.1rh72 is based on RH 7.2; OSCAR v1.2.1 is based on RH 7.1; and OSCAR v1.0 is still available, and is based on RH 6.2. NPACI Rocks is built on top of Red Hat 7.2 releases, and supports x86 processors. Rocks makes complete OS installation on a node the basic management tool in order to reduce the complexity of cluster management. New DistributionsClosedBSD. ClosedBSD is a firewall and network address translation utility which boots off of a single floppy disk or CDROM, and requires no hard drive. ClosedBSD is based off of the FreeBSD kernel, and uses ipfw as its native ruleset management system, and natd as it's network address translation utility. (Thanks to Werner vanWaesberghe) Distribution NewsDebian News. The Debian Weekly News for May 15 is available, with coverage of the bug tracking system redesign, the second Debian Conference, the new SGML/XML policy group, and numerous other topics. Debian Leader Bdale Garbee has sent out his second 'Bits from the DPL' column; this one looks at the numerous architectures supported by the Debian distribution. "A more recent example (that we are working through right now) is how our security team can quickly get a new package version built and uploaded for all of our architectures. A good solution, that involves giving them a high priority path through our autobuilders, is nearly implemented and is the last major hurdle before woody releases." Here is final Debconf schedule, barring any changes of course. Mandrake Linux. MandrakeSoft has released new grpmi packages for ML 8.2 on PPC systems. This should fix that segfault you got when downloading updates with rpmdrake. Red Hat kernel enhancement for S/390. Red Hat has released updated 2.4 kernel packages for Red Hat 7.2 on S/390 and zSeries systems. Included in the new kernel is the Open Source LCS driver for both the OSA-2 Ethernet Token Ring card and the OSA-Express Fast Ethernet card in non-QDIO mode. Slackware Linux. Slackware Linux has another long list of changes to Slackware-current for this week. Turbolinux. Turbolinux has announced the availability of Turbolinux (TL) 8 Workstation. This release has the latest volume management capabilities and provides a complete desktop solution for development and multimedia environments. Minor Distribution updates2-Disk Xwindow System. The 2-Disk Xwindow System has released v1.4rc12 with major feature enhancements. ALT Linux. ALT Linux announced a new ALT Linux Master for education program which includes discount prices on ALT Linux Master 2.0 for educational institutions which use or plan to use Linux-based training in their educational programs. There is also a new mailing list, created to discuss issues of using free software in education. Subscribe to Freeschool@altlinux.ru here. Astaro Security Linux. Astaro Security Linux has released its stable version 2.024 for Sun Cobalt with minor security fixes. Kondara MNU/Linux. Kondara MNU/Linux has a number of security fixes available for hanibi. Lunar-Linux. Lunar-Linux has released the latest version of its Lunar Linux XFCE theme. Lunar-Linux is still working toward version 1.0. There is a progress report, of sorts, here. Sorcerer. Sorcerer has a new Install/Rescue ISO9660 available. "Due to a few reports of people having trouble with the May 1st ISO9660, I rechecked it, smote a few small and inconsequential bugs, updated the installed software, and uploaded a new one. The xdelta update is half a meg." Distribution ReviewsThe Debian Packaging System (LinuxGuru). LinuxGuru looks at the Debian packaging system. "Debian's packaging system contains a very useful and advanced (speaking in a coders point of view) feature called 'apt-get'. 'Apt-get,' is a command of the Debian packaging system that allows you to get applications off of the Internet, or CD-ROM." Mandrake Linux 8.2 reviews. MandrakeForum points to three reviews of ML 8.2. Reviews of SuSE Linux 8.0. This review on Linux and Main is not very flattering. "It's unlikely that anyone who is not already running SuSE Linux is going to show much interest in the new version. There is no compelling reason to switch on 8.0's account, nor is there any technical reason among current distributions to abandon another one in favor of SuSE. This means the question comes down to whether there is anything about 8.0 that would lure existing SuSErs to upgrade. If there is, we didn't find it." Tux Reports does not paint a better picture. "After only spending the weekend with the system we can't recommend this distribution on the PL133 chipset board. Red Hat 7.2 seems to have worked beautifully but SuSE 8.0 is too slow. The system slows and stops - sometimes at random." SuSE fans. Instead of writing to us to tell us why these reviews are "wrong", please point us to better reviews, or write your own, to let people know the good things about SuSE 8.0 Pro. Section Editor: Rebecca Sobol |
May 23, 2002
Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.
Distribution Lists:
|
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Letters See also: last week's Development page. |
Development projectsNews and EditorialsGNU Compiler Collection 3.1Version 3.1 of GCC, the Gnu Compiler Collection, has been announced. "In this release, we focused more on quality than new features; many bugs were fixed. We worked very hard to fix bugs that were introduced in GCC 3.0, but that were not present in previous releases of the compiler. We also worked hard to eliminate new bugs.
We have continued to improve the standards conformance in the C, C++ and
Java compilers, added support for profile-directed optimizations,
improved support for many chips used in embedded systems, added an Ada
compiler, and added support for the x86-64 architecture."
The Changes document shows a long list of new features: Caveats include deprecation of the -traditional option, and a change of the default debugging format from the stabs format to DWARF2. Optimizer improvements include the contribution of the infrastructure for profile driven optimizations from SuSE and Red Hat. The tree in-lining infrastructure has been generalized, allowing more optimization opportunities. The back end of several targets now have support for data pre-fetching, and macros can now emit debugging information. Many improvements have been added to the C, C++, Objective-C, Java, and FORTRAN compilers. An Ada 95 front end has been added, work is still in progress. New targets include the MMIX, the CRIS, and the SuperH. Other targets have had improved support. A number of old target architectures have been declared obsolete - Elxsi owners better speak up now if they don't want to lose support.. See the updated online manual for more information. GCC 3.1 is available here. (Thanks to Pat Eyler.) Audio ProjectsJack news. The latest news from the Jack low-latency audio server project includes a new FAQ entry on tuning Jack's performance, and rumors of an upcoming public release. DatabasesSAP DB Version 7.3.00.23 released. Version 7.3.00.23 of SAP DB has been announced. This is mainly a bug fix release, see the release information for all of the details. ElectronicsIcarus Verilog 20020519. A new development snapshot of the Icarus Verilog electronic simulation language compiler has been released. A number of bug fixes are included, see the release notes for the details. Embedded SystemsLinux Devices Embedded Linux Newsletter. The May 16, 2002 edition of the Linux Devices Embedded Linux Newsletter looks at the SNOM 100 VOIP phone, the Rio Central digital audio center, the ELC's platform standard, NIC contest winners, and more. LibrariesOverride the GNU C library -- painlessly (IBMdeveloperWorks). Here is a developerWorks article on working around glibc return arguments. "What do you do if you don't have the source for your application and it's failing because a GNU Library for C (glibc) function is returning something bad to the application? Because glibc is open-source, you can of course get the source code, make your changes, rebuild, and install. This is not for the faint of heart, however, because although the API is well documented, the internal organization of the GNU C library is not. Finding the correct function prototypes is only the first of many challenges. It's a big package as well, so the first time you compile, it will take some time (glibc 2.2.2 has 8,552 files and 1,775,440 lines of code, including comments)." Mail SoftwareMailman 2.0.11 released. Mailman 2.0.11 has been announced. There are fixes for a couple of cross-site scripting vulnerabilities in this release, so an upgrade is recommended. System AdministrationPoor Sysadmin's Guide to Remote Linux Administration (O'Reilly). O'Reilly is running an article by Kendall Clark that shows how to set up a Daemon Monitoring Daemon (DMD). " I suppose for many free software users, uptime mania is something of an occupational hazard. There is a kind of Zen-like sysadmin virtue which comes from implementing a clever, efficient, and inexpensive hack, but especially if that hack increases uptime and service quality." Web-site DevelopmentMnoGoSearch version 3.2.4. Version 3.2.4 of the mnoGoSearch web site search engine is available. Lots of improvements and bug fixes are included - see the change log for the details. Analog version 5.23. Version 5.23 of the Analog web log file analyzer is available. The What's New document lists the changes, which are mainly security related. Zope Members News. The latest Zope Members News examines new releases of TextIndexNG, MySQL User Folder, and External Editor. Using Zope With Apache (Developer Shed). Developer Shed looks at Zope/Apache integration. "While Zope is a remarkably full-featured solution, it's not always the best one for a live Web site or Web application. If you're developing a complex Web application with sophisticated business logic and lots of interconnected routines, Zope is a great sandbox to play in. If, on the other hand, you're merely putting up Grandma's chocolate chip cookies on the Web, you're going to find Zope way too complex for your relatively-simpler needs." MiscellaneousGuikachu 1.2.0: 'The Inevitable Return' released. A new version of Guikachu has been announced. "Guikachu is the premiere solution for creating PalmOS resource files on UNIX operating systems, and it is also available as Free Software, as defined by the GNU GPL." This version features support for string list resources, usability improvements, support for the eBookMan palmtop, better font support, and bug fixes. OpenSSH 3.2.2 released. OpenSSH has released OpenSSH 3.2.2. Security fixes and other changes are available in this release. O'Reilly's Linux DevCenter features an article by Noel Davis that looks at the new version of OpenSSH in addition to a few more security updates. Schedutils 0.0.5 released. A new release of the schedutils suite of tools for manipulating the Linux scheduler has been announced. |
May 23, 2002
|
|
|
Desktop DevelopmentAudio ApplicationsAlsaPlayer 0.99.70. AlsaPlayer version 0.99.70 has been released. Changes include: "lots of bug fixes, brandnew libalsaplayer API, new FLAC input plugin, new JACK output plugin. XING header parsing, etc." WaveSurfer version 1.4 released. A new version of the WaveSurfer audio file visualization and manipulation tool has been released. Version 1.4 features new pitch and formant tracking capabilities, bug fixes, and better documentation. See the changes file for more information. Web BrowsersGaleon 2 beta coming soon (FootNotes). According to FootNotes, a new beta release of Galeon 2 is coming soon. Mozilla Status Update. The May 16, 2002 Mozilla Status Update covers module updates for Necko, Imagelib, and XPCOM. Netscape 7.0 Preview Release 1 (MozillaZine). MozillaZine has an announcement for a new version of Netscape. "Netscape today unveiled Netscape 7.0 Preview Release 1, the first beta of its successor to Netscape 6. The preview is based on the recent Mozilla 1.0 RC2 build and features most of the enhancements that have been added to Mozilla since Netscape 6.2 was released, including tabbed browsing, print preview, the ability to save complete web pages, email return receipts, message labels and S/MIME support." Desktop EnvironmentsKnoda 0.5.2 has been released. Version 0.5.2 of the Knoda relational database GUI for KDE has been released. This version features bug fixes and a newly rewritten grid widget, among other things. KDE on Cygwin: 2.2.2 Beta 1 Release Available. Version 2.2.2 Beta 1 of KDE on Cygwin has been announced. "The KDE on Cygwin project, the project to port Qt and KDE to Windows, has announced the first beta release of KDE 2.2.2 for Cygwin and Cygwin/XFree86." GNOME 2.0 Desktop Beta 5: "Reciprocity". The GNOME 2.0 Desktop Beta 5 release, "Reciprocity", is ready for your bug-busting and testing pleasure! This week's GNOME Summary. Here's the GNOME Summary for May 18. It looks at the fifth GNOME 2 beta, the upcoming Galeon2 release, Freedesktop.org, and numerous other topics. GamesNew stuff on PyGame. The PyGame site features new versions of Pyddr and Cog engine. GUI PackagesFLTK news. The latest news additions on the FLTK site include a new version of fltdj, The Daily Journal 0.6.1, and a chooser design contest for FLTK. Open Motif Call for Participation. There is a Call for Participation on the Open Motif site. "The OpenMotif team is looking for people to help define and develop OpenMotif 2.3! A lot of progress has been made since the original 2.2 release, but there is much more to be done." Glade 1.1.0 released (FootNotes). The FootNotes site mentions a new release of the Glade GUI builder for GTK+ 2 and GNOME 2. Testers are needed. InteroperabilityKernel Cousin Wine #123. Issue #123 of Kernel Cousin Wine covers the May 9 release of Wine, component owners, patch trading, global Wine configuration, WineLib, Cross-compiling Wine, and more. Office ApplicationsAbiWord Weekly News #92. This week's AbiWord Weekly News is out, with the latest development news from the AbiWord word processor project. Bug fixing continues to be the main topic. |
Desktop Environments GNOME GNUstep KDE XFce XFree86 Window Managers Afterstep Enlightenment FVMW2 IceWM Sawfish WindowMaker Widget Sets GTK+ Qt |
|
|
Languages and ToolsCamlThe Caml Weekly News. The May 21, 2002 edition of the Caml Weekly News covers C stubs, COM binding with CAMLIDL, Dynamic Caml v0.2, Surreal-0.0.3, and solutions for OCaml packaging problems. The Caml Hump. This week's Caml Hump looks at Hevea - A quite complete and fast LATEX to HTML translator, Surreal - An exact real arithmetic library for objective Caml, Dynamic Caml - A high-level run-time code generation library for Objective Caml, and mlglade - A Glade to OCaml compiler. HaskellHaskell Communities and Activities Report. The second edition of the Haskell Communities and Activities Report has been announced. Check it out to see what the Haskell community has been up to in the last six months. JavaDouble-checked locking and the Singleton pattern (IBM developerWorks). Peter Haggar writes about pitfalls with Java's Double-checked locking. "The Java programming language contains several useful programming idioms. It also contains some that further study has shown should not be used. Double-checked locking is one such idiom that should never be used. In this article, Peter Haggar examines the roots of the double-checked locking idiom, why it was developed, and why it doesn't work." Why Data Binding Matters (O'Reilly). Brett McLaughlin discusses the Java Data Binding API for XML. "OK, I know what you're thinking: 'So now I'm going to be told that I need another API for working with XML. Come on, give me a break!'" PerlThe Perl You Need To Know - Part 3 (O'Reilly). Stas Bekman continues his series on Perl with Part 3. "This article is the third in our series talking about the essential Perl basics that you should know before starting to program for mod_perl. You will hear a lot about namespaces, symbol tables and lexical scoping in Perl discussions" Perl 6 Answers (use Perl). Use Perl has the answers to the questions that were asked in last week's online poll for Perl 6 questions. PHPUsing Java objects in PHP scripts (Zend). John Coggeshall discusses the use of Java objects in PHP scripts in a two part article. See part 1 and Part 2 of the article. PythonPy in Print (O'Reilly). Stephen Figgins talks about the Python technical journal, Py. "When Bryan Richard wrote me a few months ago to ask if I thought a Python magazine would make it, I told him it probably would, if it were a labor of love. I didn't think he would make much money off the venture, but it would sure be great to have something out there. Maybe it could take off the way The Perl Journal did. Bryan decided it was love, and a few months later, the first issue Py was mailed out to early subscribers." The Daily Python-URL. This week, the Daily Python-URL looks at stackless Python, MoinMoin, Python's evolution, a new Python Business Forum, and wxHTML for beginners. RubyThe Ruby Garden. This week, The Ruby Garden looks at nested classes, a rand method for Enumerable, Perl's Parrot and Ruby, Ruby hashes, and more. The Ruby Weekly News. The Ruby Weekly News for May 20, 2002 looks at the following Ruby projects: REXML 2.3.3, DBTalk 0.6, FXRuby-1.0.10, JRuby 1.6/0.5.0 beta, RubyRED 1.0 alpha, XML Serialization 1.0.pre3, and the RubyEclipse IDE. MiscellaneousRevenge of the Nerds. Paul Graham has expanded on his keynote on programming languages, with the paper entitled revenge of the nerds. The pointy-haired boss miraculously combines two qualities that are common by themselves, but rarely seen together: (a) he knows nothing whatsoever about technology, and (b) he has very strong opinions about it. Lisp programmers, in particular, should like this piece. Section Editor: Forrest Cook |
Language Links Caml Caml Hump Tiny COBOL Erlang g95 Fortran Gnu Compiler Collection (GCC) Gnu Compiler for the Java Language (GCJ) Guile Haskell IBM Java Zone Jython Free the X3J Thirteen (Lisp) Use Perl O'Reilly's perl.com Dr. Dobbs' Perl PHP PHP Weekly Summary Daily Python-URL Python.org Python.faqts Python Eggs Ruby Ruby Garden MIT Scheme Schemers Squeak Smalltalk Why Smalltalk Tcl Developer Xchange Tcl-tk.net O'Reilly's XML.com Regular Expressions |
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Letters See also: last week's Commerce page. |
Linux and BusinessFSF Files Brief Amicus Curiae in Eldred v. Aschroft Supreme Court Case. The Free Software Foundation (FSF) has filed a Brief Amicus Curiae in the pending Supreme Court case, Eldred v. Aschroft. The future of copyright law in the digital age is at issue in this case, which seeks to extend copyright protection and withhold material from the public domain. Ericsson Joins Open Source Development Lab (OSDL). Ericsson has joined the Open Source Development Lab. "Open Source Development Lab (OSDL) today announced that telecommunications industry leader Ericsson has been added to its roster of members aligned to guide Linux development for the telecommunications market segment. Ericsson will participate in the OSDL Carrier Grade Linux Working Group established earlier this year. Together, OSDL industry leaders and open source community members are developing feature roadmaps to enable Linux for the telecommunications and enterprise market segments." Open Letter from Lavi Lev, Cadence Design Systems, Inc.. Lavi Lev of Cadence Designs is calling for EDA companies to adopt an open source database API for Integrated Circuit design companies. "If we all open our databases, the industry will reduce unnecessary costs to the customer and allow the EDA and electronics industries' combined energies to focus on addressing the complexity of chip designs. This will provide significant benefits for both the EDA and electronics industries." VA Software reports results. Here's a press release from VA Software on its quarterly results. The company lost $7.7 million over the quarter ($4.7 million if you ignore the stuff they sweep under the rug) on $5.1 million in revenue. "SourceForge continued to gain acceptance and is currently installed in more than 20 customer accounts." Reuters Supports Adoption of Linux in Financial Services Industry Using Intel Based Servers. Here is a press release from HP about Reuters' plans to make the Reuters Market Data System (RMDS) available on Intel-based servers with Linux, with the help of HP, Intel and Red Hat. Embedded Linux Journal Ceases Print Publication. Here's a copy of a note sent to Embedded Linux Journal subscribers. ELJ will no longer be available in print. You can expect to find an Embedded Linux section in the print copies of Linux Journal, beginning in August. (Thanks to Alex Perry) Sun releases StarOffice 6.0. Sun has released Star Office version 6.0 for Solaris, Linux, and Windows. It is, of course, commercial software and the price is $75.95. (Thanks to Martin Rowe.) Linux Stock Index for May 21 to May 22, 2002. Press Releases:Open Source Products
Distributions and Bundled Products
Proprietary Products for Linux
Linux Hardware
Embedded Linux Products
Products and Services Using Linux
Products With Linux Versions
Linux At Work
Java Products
Partnerships
Financial Results
Other
Section Editor: Rebecca Sobol. |
May 23, 2002
Warning: Failed opening '/web/docs/lwn/stocks/LLSI.narrow.table.html' for inclusion (include_path='.:/usr/share/pear') in /web/docs/lwn/2002/0523/commerce.php3 on line 119 |
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Letters See also: last week's Linux in the news page. |
Linux in the newsRecommended ReadingMaking Copy Right for All (Wired). Wired examines the Creative Commons. "Inspired in part by the Free Software Foundation's General Public License (GPL), Creative Commons is developing a Web application that will be launched this fall to help reduce legal barriers to creativity." New alternatives to the standard copyright are part of the scheme: "Creators will be able to go to the Creative Commons website to choose from a set of custom licenses that will allow them to indicate, in a machine-readable format, how others may use their intellectual works." Bell, Torvalds usher next wave of supercomputing (CNN). Here's an article from CNN, covering the unveiling of a new, compact supercomputer. "Gordon Bell, one of the original brains behind the minicomputer, and Linus Torvalds, creator of the Linux operating system, joined a collection of scientists for the unveiling of the supercomputer, a Beowolf cluster called Green Destiny that was built from hundreds of so-called blade servers -- compact servers stripped down to their most basic components." Is mainframe Linux toast? (ZDNet). ZDNet looks at two opinions on the future of Linux on the mainframe. "Here's something you don't see every day. Two reputable and veteran IT research outfits --- Giga and META --- taking diametrically opposite positions on an issue. The META Group has released a stinging report that essentially says there is no future for Linux on the mainframe. Meanwhile, Giga says there is." Linux, GNU, and freedom (LinuxWorld). LinuxWorld is running a column by Richard Stallman where he responds to various criticisms and goes on the attack himself. "The use of Bitkeeper for the Linux sources has a grave effect on the free software community, because anyone who wants to closely track patches to Linux can only do it by installing that non-free program. There must be dozens or even hundreds of kernel hackers who have done this. Most of them are gradually convincing themselves that it is ok to use non-free software, in order to avoid a sense of cognitive dissonance about the presence of Bitkeeper on their machines." The DMCA: It's Now Comedic (PC Magazine). John Dvorak writes about the DMCA in this PC Magazine column. "A long-term attack on freedom of speech is what is really going on here. Just ask that poor Russian kid who was arrested for doing nothing more than talking about the Adobe copy-protection schemes in a public forum. These are the same folks who want to license software in such a way that critical reviews would be deemed illegal by license agreement. This is serious stuff. The fact that the general news media seems nonplussed by all this concerns me greatly." The DMCA Is the Toast of D.C. (Wired). Wired reports on a party that was held to celebrate the DMCA. "Nearly everyone who has or hopes to have influence on copyright legislation showed up for the shindig, including luminaries like Jack Valenti of the Motion Picture Association of America; Hilary Rosen of the Recording Industry Association of America; Marybeth Peters, the Register of Copyrights; and key Bush administration officials. The official justification for the celebration, hosted by the International Intellectual Property Alliance (IIPA), was to cheer a global copyright treaty that takes effect on Monday. But an equally important, unofficial reason was to demonstrate broad support among key legislators and industry groups for the DMCA, which has come under ever-increasing attack in the courts and from technologists. " 2600's DMCA Challenge Blocked (Wired). Wired covers the attempt by 2600 Magazine to combat the DMCA. "On Thursday, a federal appeals court unceremoniously rejected the latest attempt by 2600 magazine to fight the Digital Millennium Copyright Act (DMCA). The Second Circuit Court of Appeals said in a one-line ruling that it was not going to revisit an earlier decision in which 2600 was found to be unlawfully distributing a DVD-descrambling utility." Door-to-Door for DMCA Reform (Linux Journal). Linux Journal covers the efforts of a group of people in New York who are working for reform of the DMCA. "In response to the growing threat of digital rights management systems and legal extortion that threatened our public libraries, and public school system, a few of us joined together last May for the first meeting of NY Fair Use at the Killarny Rose in downtown NYC. Through that summer and through the most difficult fall anyone could ever imagine, NY Fair Use has been a beacon for freedom, individual rights and political action, and it continues on. Every week we knock on doors in targeted congressional districts, fighting to save libraries from the AAP and collecting signatures." Embedded Linux crying out for standards (ZDNet). ZDNet reports on Linux domination at the Embedded Systems Show in London. "[ELC chairman Inder] Singh framed the choice between Windows CE and Linux as a matter of freedom against outside control: Linux allows companies to make choices for themselves, while choosing Windows means companies must toe the Microsoft line. "With Windows CE you're stuck with Microsoft's choices, while Linux has an open market mechanism," he said." Open source review would aid Windows security: Gartner (Register). The Register reports on a Gartner Group suggestion that Microsoft open up its source for security audits. "The open source review bit is something so utterly alien, communist and horrible to the mind of Bill Gates that it's almost worth us running a competition to find what he'd rather do (Sacrifice of firstborn? Auction mother on eBay? Tell Steve Jobs he was right?)..." CompaniesTrial date set for ElcomSoft case (News.com). News.com covers Elcomsoft vs. the DMCA. The trial is scheduled to start August 26 in San Jose, Calif., federal court. IBM bundles up Linux (vnunet). Vnunet looks at IBM's Integrated Platform on Linux. "IBM will initially offer its xSeries Intel-based servers with the WebSphere Application Server and DB2 database for Linux." Microsoft dealt another blow on Lindows (News.com). News.com reports on developments in the Microsoft/Lindows trade name case. "Microsoft's claim to the word 'Windows' suffered another blow this week when a federal judge again questioned the company's assertion that the term is not generic." Sun grants unlimited copies of StarOffice 6.0 to China (DesktopLinux.com). DesktopLinux.com reports that Sun Microsystems has donated unlimited copies of StarOffice 6.0 to China's Ministry of Education. (Thanks to Rick Lehrbaum.) BusinessLinux Looks For Enterprise Success (TechWeb). This TechWeb article says Linux is gaining ground in the corporate environment. "Still, it's always on the verge of a business breakthrough: Linux server sales continue to grow faster than sales of Windows or Unix servers. What's more, hardware and software vendors are learning they can't ignore the platform. The open-source OS battle is being waged day by day, with free-and-reliable beating expensive-and-easy more often than you might think." Top IT Spending Priority Is Cutting Costs, Investors Told (TechWeb). TechWeb examines survey results that say the top enterprise IT spending priority is cutting costs. Ironically, the survey listed Linux servers as the lowest ranked priority. "Products that ranked highest on the survey included: security software, Windows 2000, and security hardware. The lowest-ranked product, according to the survey, is Linux servers, which Sherlund noted "was very popular in the dot-com community but has moved to the back burner."" Linux grabs big win with Reuters (News.com). Reuters plans on making its financial information software available on the Linux platform. "Reuters will announce plans Thursday to bring its financial information software to Linux in conjunction with Red Hat, Intel and Hewlett-Packard, sources said, a major achievement for the comparatively young open-source operating system." New Number One Linux Vendor to Port Reuters Financial App (Linux Journal). Linux Journal chimes in on the HP, Red Hat, Intel, Reuters deal. "The Reuters software is designed to integrate market data and news for thousands of users within a financial institution. Financial institutions are demanding that more and more software run on Linux. Tom McDonald, executive director at Morgan Stanley, said "Support for this platform from Reuters is important to our efforts and is strategic to Morgan Stanley."" Shoring up software is new group's aim (News.com). This News.com article looks at some proprietary code from Carnegie Mellon that's aimed at making software more reliable, secure and less buggy. "The open-source software community is already raising concerns about the licensing terms for the technology resulting from the SCC's efforts, [SCC director, Bill] Guttman said." Open source shunned by monopolists' 'good code' initiative (Register).
The Register covers the
Sustainable Computing Initiative (SCI), a joint effort between Microsoft,
Cisco, Oracle and NASA; engineered by Carnegie Mellon University.
"Leading lights from the software libre community were sounded out
about support for the project, but discovered that any innovations would
be owned by CMU. Which meant that the University owned the code, leaving
it in prime position to exploit it commercially. Mere Open Source (Open For Business). Here's a look at the definition of open source from Open for Business. "What is Open Source? It is a simple enough question, yet the answer has become so obscure that it is anything but simple. The phrase is undisputedly at the core of what drives the Linux community even while it eludes nearly everyone as to what its exact definition is." ReviewsMozilla: The King of All Browsers (LinuxGuru). Linuxguru reviews Mozilla. "Sometimes you just need a bit more besides a browser. Mozilla comes with some extra 'goodies', as does Netscape. Mozilla currently ships with ChatZilla, an IRC (Internet Relay Chat) client, Mozilla Mail, an address book, and Mozilla Composer, a WYSIWYG (What You See Is What You Get) HTML Editor. Mozilla also has the capabilities to have separate 'profiles' or users with different bookmarks and screenames (found in Mozilla's home directory)." Boffins work on Napster successor (vnunet). Vnunet takes a look at the Open Content Network. "The Open Content Network aims to be the world's largest content delivery network, based on P2P technology known as the Content Addressable Web (CAW) which, in turn, relies on individual contributions to the open source movement through donations of spare bandwidth and disk space." The value of StarOffice (IT-Director). Here's a positive review of StarOffice in IT-Director. "Let's face it, this is a major product still being sold much cheaper than the established competition. It will meet the needs of all but a few. This is a choice worth paying for." Why it's real hard not to try StarOffice (ZDNet). Here's a review of StarOffice with a nod to OpenOffice. "A better question is, why pay $76 when you can download the free open-source equivalent from openoffice.org?" StarOffice suite may be bitter pill for MS to swallow (ZDNet). ZDNet gives a fairly positive review of StarOffice 6.0. "Anyone who was paying attention as Microsoft wasted Lotus, WordPerfect, and then Corel in the office-suite contest, might well wonder what in the world Sun is thinking by trying seriously to rejoin the contest with its StarOffice 6.0 product at this late date. " ResourcesAmateur Video Production Using Free Software and Linux (Linux Journal). In this Linux Journal article, the author looks at converting VHS tapes to DVDs, using free software of course. "Even when compressing a video stream before writing it, hard disk speed is important in digitizing video. It follows that the filesystem used is a large factor in performance. I have experimented with the ext2, ReiserFS and XFS filesystems. My experience is that capturing video to an XFS filesystem generally outperforms capturing to ext2- or ReiserFS-formatted disks. XFS has the additional benefit over ext2 of being a journaling filesystem." Installing Red Hat 7.3 using NFS (Aynik). In an article on Aynik (All You Need Is Knowledge), Aschwin Marsman shows how to do a text-based install of Red Hat version 7.3 over NFS. 802.11 Wireless Networks: The Definitive Guide (Linux Journal). Linux Journal reviews '802.11 Wireless Networks: The Definitive Guide'. "When its time to microwave your house, neighbors or office, this is the book you need. (Microwave as in wireless Ethernet, that is.) With some minor exceptions, this book is a great reference for all things WiFi." Email filtering: Stopping viral attachments with Exim Version 1.0 (LinuxOrbit). LinuxOrbit has published a HOWTO that explains spam filtering with Exim. The Debian Packaging System (Linuxguru). Linuxguru.net explains the operation of Debian's dpkg package management system. Linux System Administration Tools (Linux Journal). The Linux Journal has posted a survey of Linux administration tools. "Linux old-timers revel in reminding newcomers that they used to have to do everything by hand, at the command line, uphill, both ways, with duct tape for shoes. What really gets some of these folks sputtering is today's collection of system administration tools that introduce quite a bit of automation. There's good reason for this, actually; if you don't know how to administer your system by hand then you are sunk if something goes wrong. However, this factor doesn't mean you shouldn't take advantage of available helping hands." InterviewsEric van der Vlist on W3C XML Schema (O'Reilly). O'Reilly's xml.com features an interview of Eric van der Vlist on the topic of the W3C XML Schema. "XML was born as a simplification of SGML, to make it usable on the Web. The most effective part of this simplification is the rejection of a mandatory DTD (which is a type of XML schema language). The current tendency to systematically use a schema and to build new base specifications such as XPath and XSLT 2.0 on top of W3C XML Schema can thus be considered a regression; was it necessary to remove the SGML DTD to impose W3C XML Schema, which is not really a simple specification?" Interview with the Chair of the ELC's Core Platform Working Group (LinuxDevices). LinuxDevices.com's Rick Lehrbaum interviews Mark Brown, Chair of the Embedded Linux Consortium's Core Platform Working Group. "Brown: I (and others) agree that the IPA needs a set of Frequently Asked Questions and Answers to simplify understanding. The ELC is virtually an all-volunteer organization looking for some qualified individuals from our membership to help develop that set of FAQs. If no one steps up to the challenge, the ELC Board will have to find others ways to fill the gap." MiscellaneousA Scan to Monitor Earth's Health (Wired). Wired looks at how scientists are monitoring the health of the planet using open source tools. "...the huge amount of computing power required to conduct planetary-sized scans made such projects impossible. But mega-computing power is increasingly available to scientists through connected computer projects such as The Grid." You Can Hear Andy Warhol Roll Over In His Grave (TechWeb). TechWeb reports on a display at the New Museum of Contemporary Art which features Hacking as Art. "In one installation, visitors can scan the network-security condition of servers at a business without actually accessing data. " Wired covers the story with a little more detail. Special Report: Linux Goes Mainstream (Business Week). Business Week is running several articles under broad heading of "Linux Goes Mainstream". (Thanks to Stefane Fermigier) Part one covers the increasing popularity of Linux. "For Mindbridge Chief Operating Officer and founder Scott Testa, the impetus for shifting to Linux came from a change in Microsoft's licensing policies. The new licenses, which push customers to pay annual subscription fees, would have boosted software costs at Mindbridge, a 300-employee intranet software company, by tens of thousands of dollars annually. " There is an interview with Red Hat CEO Matthew Szulik for part two. "Szulik believes the world has moved from laughing at Linux to fighting it. At least, the part of the world that Microsoft rules, one of the few places in the information-technology universe where Linux has remained systema non grata." Part three looks at the software counter culture, beginning with a shop called Zumiez. "By the end of May, the 1,200-employee, privately held chain will have installed open-source software on the PCs at all its retail locations." Part four delves into legislative issues. "Linux guru and Hewlett-Packard consultant Bruce Perens says Hollings-style copyright protection schemes are "a high-level concern" for open-source advocates, a point he has made to Hollings' aides and to protechnology Representative Rick Boucher (R-Va.)." Section Editor: Forrest Cook |
May 23, 2002 |
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Letters See also: last week's Announcements page. |
AnnouncementsResourcesNew KDE Mailing-List For German Speakers. A mailing list for German speaking KDE users has been announced. Users and developers are invited to subscribe. EventsEuropean Python and Zope Conference. Here's a new announcement for the European Python and Zope Conference 2002, to be held June 26 to 28 in Charleroi, Belgium. There's a few more details about the event, including keynotes to be given by Guido van Rossum, Eric Raymond, Jim Fulton, and Paul Everitt. New York Linux Scene - a public demonstration. The New York Linux Scene and CUNY Graduate Center are holding a public demonstration of GNU/Linux in the workplace for small to medium sized businesses on Friday, May 24th (10am-5pm). Boston Perl Classes (use Perl). A set of Perl classes will be held in the Boston area from July 1-3, 2002. Linux Expo Birmingham cancelled. The Linux Expo Birmingham has been canceled, due to the bankruptcy of Sky Events. This is, it turns out, bad news for some of the event's planned speakers, who have expenses that will not be reimbursed. Events: May 23 - July 18, 2002.
Additional events can be found in the LWN Event Calendar. Event submissions should be sent to lwn@lwn.net in a plain text format. Web sitesPolish Linux News Site. If you read Polish, check out Linuxnews.pl, a Polish language Linux news site. (Thanks to Adam Ryba.) MiscellaneousCommitted to Linux or Just Devoted? (Linux Journal). Linux Journal is running a Linux Fanatic Contest. "In the spirit of the old MTV show Fanatic, we will be hosting a contest to discover the most dedicated (rabid) Linux devotee (fanatic). If you can prove to us that you are the superlative Linux zealot, you will win complimentary passage on the Linux Lunacy 2002 Caribbean cruise and a chance to meet some of the most renowned people in the Linux and Open Source communities, including Linus Torvalds, Ted Ts'o, Guido van Rossum and our own Phil Hughes. Ports of call include Jamaica, the Cayman Islands and Holland-America's private Caribbean island, Half Moon Cay." PHP Coding Contest (PHP News). PHP News mentions that Code Walkers is sponsoring a bi-monthly PHP Coding Contest. "Every two weeks, there is a new problem to solve, a new script to write. The winner receive prizes provided by the sponsors, Zend Technologies and Sams Publishing." Section Editor: Forrest Cook. |
May 23, 2002 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
![[GCC]](/2001/0621/gcc.jpg)