LWN Weekly Edition
Leading itemsSecurity
Kernel development
Distributions
Development
Linux in Business
Linux in the news
Announcements
Letters to the editor
->Multipage format
This page
Previous weekFollowing week
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
LWN.net Weekly Edition for October 10, 2002The BitKeeper non-compete clauseCertain subjects return to these pages over and over again; one of those, certainly, is the BitKeeper source management system. Despite concerns about its proprietary nature, BitKeeper has become the tool of choice for many Linux kernel developers. Those who are concerned about BitKeeper use for kernel development found new flame fuel in a previously unnoticed clause in the BitKeeper license, version 1.38, which reads:
Notwithstanding any other terms in this License, this License is
not available to You if You and/or your employer develop, produce,
sell, and/or resell a product which contains substantially similar
capabilities of the BitKeeper Software, or, in the reasonable
opinion of BitMover, competes with the BitKeeper Software.
The purpose of this clause is to say "you can use BitKeeper free of charge, but only if you are not using it to develop a competitor to BitKeeper." It is arguably a reasonable licensing clause; regardless of what one thinks of BitKeeper or proprietary software in general, BitMover can not be expected to willingly provide its tools for the purpose of creating new competition. And BitMover does fear this competition. Many years of effort went into the development of BitKeeper and the associated business; the creation of a suitably capable free replacement could wipe out that investment in a short time. BitMover founder Larry McVoy believes that the free software community is not capable of creating from scratch a source management system of BitKeeper's quality and with BitKeeper's innovations. He does, however, think it could produce a clone that, while inferior, is good enough to cost BitMover a lot of business. Coming up with ideas in the first place is expensive; copying them is far easier. BitMover wants the space to earn something from its (expensive) efforts to create BitKeeper; it also wants to be able to develop the product into a far more capable tool, a task requiring, they think, about four years. They have stated their intention to fight back with every weapon at their disposal - including copyright and patents - against anybody who threatens their ability to carry out that plan. Is all this a problem for free software and the Linux kernel? It could be, but probably not on the scale that some people fear. The immediate concern with the clause quoted above is that a number of free software developers and companies do deal with other source management systems. In the case of developers, the situation is fairly clear: if you work on a free source management system, BitKeeper is not available to you. To emphasize the point, Larry McVoy publicly told Ben Collins, a kernel FireWire driver developer (and Subversion hacker) that he could not use BitKeeper:
And you made it clear that you'd be delighted if Subversion was
made good enough to replace BK and you were working towards that
goal. I can't imagine a better example of someone who we
absolutely do not want to support and do not want using BK. I am
explicitly stating that it is our view that your use of BK is
violation of our license.
Ben's kernel work will not be affected, since he was not using BitKeeper for that project. Other kernel developers could eventually run afoul of this rule as well, however. For example, the ReiserFS team has no end of ambitious plans for its filesystem; some of them, such as version management, begin to push into BitKeeper's turf. Larry told us that, in his opinion, it was "very likely" that ReiserFS would eventually cross the line and become a BitKeeper competitor; at that point its developers would be unable to use BitKeeper. That is about as far as it goes, however. The license, says Larry, went too far by excluding anybody whose employer works on source management systems. The next "debugging" release of the license will tighten that term so that it only affects developers working directly on source management, and, perhaps, those very close to them. Thus, for example, Red Hat developers will not lose their access to BitKeeper just because Red Hat puts some patches into CVS. It is also BitMover's position the Linux kernel developers as a whole will not lose their BitKeeper access even if Linus merges a version of ReiserFS which costs the ReiserFS team its access. In evaluating the whole BitKeeper controversy, it is worth remembering a few things. One is that BitMover could have avoided all this pain simply by never giving gratis access to its product. Other vendors of commercial source management systems do not make their products available for free-of-charge use, and they are not routinely flamed the way BitMover is. BitMover, instead, has chosen to make its product freely available to groups developing free software. Kernel development has benefitted from this gift in a number of ways:
It is also worth pointing out that nobody has been forced to use BitKeeper. Many top-tier kernel developers have chosen not to use it, and they have not had to change their ways of working. Getting repositories and patches into and out of BitKeeper is easy by design; BitKeeper has a stated "no lockin" policy. It is not even necessary to use BitKeeper to keep track of Linus; several sites (like this one) provide frequent access to the updates in his tree. In other words, the adoption of BitKeeper has brought good things to anybody who uses the Linux kernel. This has happened free of charge, with no visible costs of any significance. Except, perhaps, for the time lost in flame wars. Access to BitKeeper is a gift that its creator was under no obligation to make. It is unfortunate that some members of the community expend so much effort criticising those who have made that gift. It is hard to see how the free software community would be better off if BitKeeper were withdrawn. All this is not to say that there is no reason for vigilance and concern. The denial of access to some developers is a discriminatory action, to say the least. If Larry McVoy (or his board of directors) wakes up hung over one morning and decides to end free access to BitKeeper, the show is over. Larry is uninclined to do that - he has maintained free access despite the constant flames because he wants to support the kernel project. But Larry could have an unfortunate encounter with a bus (though, as Linus has pointed out, buses are rare in California), or BitMover could be acquired by another company; in either case, the new management could make changes to the license. The BitKeeper binary does not come with source; it could be doing no end of evil things and it would be difficult for people to know. Currently, BitKeeper makes it easy to extract all data and metadata from a repository; moving an entire repository into a different source management system is an easy task. Linus also uses the BitKeeper interfaces to export patches and tarballs in the same way he always has. Future versions of BitKeeper, however, could quietly shift over to a closed format that is harder to escape from. And so on. These are issues that come up with any proprietary package, and they are certainly no worse than the issues raised by that other proprietary source management platform which is even more heavily used in the free software community: SourceForge. In the end, people who use software should always look at the license, and not use a particular package if the license is not to their taste. In the case of BitKeeper, those who chose not to use it are no worse off than they were before, and an easy path is open should a quick evacuation to another source management system be required. BitKeeper is worth watching; one never knows where a company might decide to go tomorrow. But the situation at the moment is not that bad.
Update on LWN and subscriptionsAs of this writing, there are almost 1800 subscribers to LWN.net; we have also sold a small number of (small) corporate subscriptions. This level of support is almost sufficient for two full-time staff at minimal salaries - a huge step in the right direction, but still not enough to keep LWN going in its current form. While we hope and expect that the number of subscribers will continue to grow, we will have to take steps to live within our available means for the near future. It is fully our intent to deliver on the full term of the one-year subscriptions that many of you have bought; to do that we will have to be careful now.So there will be some changes to LWN. We're working on the details now, and will post another update soon. But it looks like LWN is here to stay, and that is good news. Let it never be said that the free software community is unwilling to support the services it finds valuable. A few other notes:
As always, thank you all for supporting LWN.net.
Security Brief items Sendmail source hit by a trojan horseAs detailed in this CERT advisory, the sendmail source distribution on ftp.sendmail.org was replaced by a version containing a trojan horse. The modified code stayed on the server from September 28 through October 6. The trojan was invoked during the build process; it would fire off a process that would listen for commands on port 6667. If you downloaded and installed sendmail during that time period, you need to take a serious look at the integrity of your systems.Free software is supposed to be more secure because the source can be examined for this sort of thing. Yet this particular bit of malware managed to stay on a high-profile server for over a week. When you consider that, for example, the Interbase back door went undiscovered for over a year, one week does not seem all that bad. But one week is plenty of time to compromise a great many systems. What is truly surprising is that we have not seen more of this sort of problem. Trojanized source distributions are scary; a compromised binary package is truly terrifying. There will be more - and worse - episodes of this nature in the future. Of course, we have the tools to defend against most of these attacks. If you put up software for others to download, you should sign it with a cryptographic key. If you download software, you should check that signature. As long as the signing keys are handled carefully (i.e. not stored on the FTP server!), this bit of hygene will detect almost all tampering attacks. Without such checks, administrators are placing a great deal of trust in the security of every system they download software from.
New vulnerabilities Apache shared memory scoreboard vulnerabilities
SSL certificate validation vulnerability in evolution
Buffer overflow in nss_ldap
Multiple-use vulnerability in Safe.pm
Temporary file vulnerability in tkmail
Updated vulnerabilities Apache 2.0 cross-site scripting vulnerability
Heap corruption vulnerability in at
bind buffer overflow vulnerability in DNS resolver libraries
Multiple vulnerabilities in bugzilla
Potential unauthorized root access vulnerability in dietlibc
Ethereal buffer overflow, infinite loop and memory management vulnerabilities
Filename disclosure vulnerability in fam
Another set of fetchmail buffer overflows
GNU fileutils race condition
Potential remote root exploit in glibc
Buffer overflow in groff
Buffer overflow in gv
Buffer overflows in heimdal
HylaFAX 4.1.3 fixes multiple vulnerabilities
UW imapd remotely exploitable buffer overflow
Cross-site scripting vulnerability in Konqueror for KDE 3.0.3
Kerberos 5 unauthorized root access to KDC host vulnerability
LPRng accepts jobs from any host.
Cross-site scripting vulnerability in mhonarc
PHP Remote Compromise/DOS Vulnerability
Mozilla XMLHttpRequest file disclosure vulnerability
String format bug in pam_ldap logging
Safemode vulnerability in PHP
Remotely exploitable vulnerability in pine
Buffer overflow vulnerabilities in PostgreSQL
PXE server denial of service vulnerability
Local arbitrary code execution vulnerability in Python
sendmail smrsh bypass vulnerability
Sharutils potential privilege escalation using uudecode
Multiple vulnerabilities fixed in Squid-2.4.STABLE7
File overwrite vulnerability in tar and unzip
Malformed NFS packet buffer overflow vulnerability in tcpdump
Multiple vendor telnetd vulnerability
Tomcat 4.x JSP source code exposure vulnerability
Local root vulnerability in chfn
webalizer: reverse DNS buffer overflow vulnerability
Webmin/Usermin vulnerabilities
Multiple vulnerabilities in wordtrans
Problems with libgtop_daemon
Wwwoffle remote privilege escalation vulnerability
Local privilege escalation vulnerability in XFree86
Denial of service vulnerability in xinetd
Resources Linux Security WeekThe LinuxSecurity.com "Linux Security Week" newsletter for October 7 is available.
Sun exec defends open-source security (News.com)News.com has a report from Whitfield Diffie's talk at the RSA conference. "Diffie also said that security cannot be delegated, nor can a user rely on one company for security. 'Openness is essential for trust,' he said, referring to open-source code, as well as compatibility."
Securing Linux (O'Reilly)Michael D. Bauer talks about Linux security issues on O'Reilly. "I don't presume to know in any definitive way whether Linux is more or less securable than other Unix variants. What I do know is this: Linux is useful, stable, and securable enough to warrant the time and effort required to "harden" it against Internet threats. This article explains some of the reasons I believe it's both possible and worthwhile to secure Linux for use as an Internet server platform."
Events Chaos Communication Congress 2002The 19th annual Chaos Computer Club Congress will be held in Berlin on December 27 to 29. The Call for Papers has gone out; no deadline for submissions has been specified. "So, do you dare to speak in front of people who might have downloaded your script from your computer in advance and spotted all the logical errors?"
CFP for 2003 CFP conferenceThe 2003 Computers, Freedom, and Privacy conference will be held April 1 to 4 in New York. The Call for Papers is out, with a deadline of November 15.
Page editor: Jonathan Corbet Kernel development Brief items Kernel release statusThe current development kernel is 2.5.41, which was released by Linus on October 7. "Mucho merges with the 'A-Team' (Alan, Al, Alexey, Andrew, Anton, Arjan, Arnaldo and Art), but the 'M-Team' (Maksim, Marcel, Martin's and Mike) is a close runner up." There's a bunch of patches from Alan Cox, more disk management reworking, more memory management work, some SCSI work, a big ALSA update, an ISDN update, some kbuild work, a big S390 update, and numerous other fixes. The long-format changelog has all the details.Linus's BitKeeper repository, which is destined to become 2.5.42, currently contains some driver model work (with an emphasis on IDE devices), another s390 update, the large block device patch (see below), the beginning of the "asynchronous I/O for networking" merge, the return of IDE tagged command queueing support, indexed directories for the ext3 filesystem, a number of NUMA and discontiguous memory enhancements, long lists of small patches via Dave Jones and Alan Cox, and quite a few other fixes and updates. The current development prepatch from Alan Cox is 2.5.41-ac2. Since 2.5.41 came out, the -ac patches have been mostly concerned with compilation fixes and other small updates. The latest 2.5 status summary from Guillaume Boissiere is dated October 9. The current stable kernel is 2.4.19. Marcelo released 2.4.20-pre10 on October 8. The lists of patches applied are getting smaller, suggesting that there just might be a release candidate before too long.
Kernel development news A new way to watch LinusThe lengthy BitKeeper flame war was not entirely without useful results. Some developers expressed a wish to have a better view into what patches were being applied without having to run BitKeeper to extract them; the response was the creation of a couple of "bk commits" mailing lists on vger.kernel.org. Every time Linus merges a patch, the "bk-commits-head" list gets a message containing that patch. A similar list (bk-commits-24) exists for those who want to track what's up with the 2.4 kernel instead. Now there's no excuse for not knowing what got merged into 2.5 ten minutes ago.See the vger majordomo page for information on how to subscribe to these lists.
Unexporting the system call tableA linux-kernel reader recently complained that Red Hat had applied a patch to the kernel in its 8.0 distribution which made the sys_call_table data structure unavailable to modules. He will not have been pleased with the 2.5.41 kernel release, which did the same thing.sys_call_table is a special table used to dispatch system calls within the kernel. It is a simple array, indexed by the system call number passed in from user space. The reason for wanting this array to be exported, of course, is to allow modules to add or modify system calls. A classic example is a module implementing the "streams" interface, which is unlikely to ever be part of the mainline kernel. Some users need streams, though; an exported system call table allows them to load a module and have the streams call work as expected. So why would this capability be taken away? The stated reason is that tweaking the system call table is nonportable and unsafe. Each architecture has a different system call table format, so code which wants to be portable has to understand how each architecture does things. There is also no locking mechanism for the system call table, so run-time changes are subject to race conditions. And finally, there are even errata problems on some processors; changing a table used the way sys_call_table is used can have unfortunate and unexpected results. Many of these problems could be worked around with a bit of coding. But the simple fact is that many kernel developers do not want loadable modules to be able to add or change system calls. Binary modules are tolerated as long as they stick to the "published" interfaces and implement straightforward features (such as device drivers and filesystems). A module which can add or change system calls can go well beyond that interface. Removing access to the system call table keeps modules in their place. Working around this problem not all that difficult for modules which need to do so. A patch was quickly posted which made streams work again, for example. The solution is to have a set of stub system calls wired into the kernel; when the associated module is loaded, the stubs can make the appropriate calls with the necessary locks. Otherwise they return an ENOSYS error.
A different new Linux configuration schemeOne would think that, after Eric Raymond's experience with trying to overhaul the kernel configuration scheme, nobody else would want to venture into that area for a long time. One would be wrong, however; Roman Zippel has been working on his "LinuxKernelConf" package for some time, and has recently posted version 0.8, with a statement that it is ready for inclusion.LinuxKernelConf, like the ill-fated CML2 effort, defines a new configuration language (specification) and creates a single parser that can be used by all configuration interfaces. The new language is purely declarative, unlike the old one, which was really an imperative programming language. A configuration file (there are now many, spread throughout the source tree) contains declarations for the various configuration options, including all the relevant information in one place. A typical entry looks something like this:
config NETFILTER_DEBUG
bool "Network packet filtering debugging"
depends NETFILTER
help
You can say Y here if you want to get additional
messages useful in debugging the netfilter code.
![[Qconf]](http://old.lwn.net/images/ns/qconf-sm.png)
Note that, among other things, this scheme includes the help information with the rest of the configuration details. Unlike CML2, Mr. Zippel's scheme avoids fancier scripting languages and works with basic tools. That will help to avoid one set of flame wars. LinuxKernelConf may well stumble over a different obstacle, however: the (quite nice) graphical configuration tool is built on Qt. That is, in fact, the source of Linus's biggest concern about this patch:
But the fact that xconfig depends on QT is going to make some
people hate it.... In other words, I really think this needs to
pass the linux-kernel stink test. Will Al Viro rip your throat out?
Will it generate more positive feedback than death threats?
In fact, there have been very few death threats so far, perhaps because not too many people have looked at the code. Regardless of the level of promised violence, however, it looks like LinuxKernelConf may be merged with some evasive action: the graphical interface will simply be omitted. The kernel will thus ship with the basic configuration language; anybody who wants to use a graphical tool will need to obtain and install it separately. One a few other, smaller issues are resolved, it looks like Linus may go ahead and merge this patch.
Breaking the 2TB barrierOne set of patches which Linus has merged into his pre-2.5.42 BitKeeper tree is the "large block device" patch by Peter Chubb. Current Linux systems are limited to a mere 2TB in any one block device; this limitation is beginning to hurt users of very large RAID arrays. With the LBD patch, that limitation goes away.The solution, of course, is to simply redefine the sector_t type as a 64-bit quantity. Mr. Chubb's patches (which can be found in the "patches" section below) do exactly that. Generally, the transition is not that hard; the bulk of the changes, seemingly, are to format strings in printk calls. Much of the rest is changing variables which were defined as int or long over to the sector_t type. For the most part, it is said to work. Note, however, that software RAID volumes are still limited to 2TB.
Patches and updates Kernel trees
Build system
Core kernel code
Development tools
Device drivers
Filesystems and block I/O
Memory management
Networking
Architecture-specific
Security-related
Benchmarks and bugs
Miscellaneous
Page editor: Jonathan Corbet Distributions News and Editorials Red Hat TrademarksRed Hat 8.0 is out, and already a few gripes have crossed the LWN mailbox. This latest version has removed support for Intel 80486, as was bound to happen sooner or later. It seems they have also removed the national flag of Taiwan from the KDE 3.0 Control Center. This may well make it easier to do business in mainland China, but it doesn't create good relations in Taiwan.Then there were rumors that RH 8.0 is not completely free software anymore. We checked into that and found that statement to be false. Red Hat has always included some proprietary software packages in its boxed sets, but the base Red Hat code is still released under the GNU General Public License. Looking at the licensing agreement, we see Red Hat, Inc. trying to protect its trademark. In order to do this the Red Hat agreement asks those making copies for resale to modify files identified as "Redhat-logos" and "anaconda-images" to remove "All use of images containing the "Red Hat" trademark or Red Hat's shadow man logo". To make this just a tad more difficult the license also says, "Note that mere deletion of those files may corrupt the software." This implies that somewhere in the code there are checks to see that the files still exist. So the files must be edited to remove these trademarked logos. However we note that this only applies to those who wish to resell the distribution without entering into a reseller agreement with Red Hat. Why would the Linux giant do this? U.S. law takes a "use or lose it" stance to trademarks. If Red Hat does not defend its trademarks they may be lost. So Red Hat is taking steps to more vigorously protect its trademarks. Then consider what happens when a third party modifies Red Hat 8.0 before resale. If a bug is introduced, Red Hat takes the blame. With the trademarks removed, Red Hat is distanced from the bug. Since Red Hat doesn't know what unlicensed resellers are doing with their code, it is better for them if the end user doesn't see the Red Hat logo. The restriction also slows down those that download the distribution and make copies for resale, giving Red Hat a chance a sell a few more copies for itself. This won't result in big sales for Red Hat, but every little bit helps. All in all, the restriction does not seem terribly onerous. Those who modify Red Hat before resale must edit a couple of extra files. The code itself is free, and Red Hat maintains better control of what goes out under its brand name. Look for a review of Red Hat 8.0 in the review section below, along with reviews of Libranet 2.7, Mandrake 9.0 and SuSE 8.1 Professional.
Distribution News Debian Weekly News for October 8, 2002This week's DWN covers the Free Standards Group release of Linux Standard Base 1.2 (LSB) and asks, 'is anything missing?' Also read about OpenSSL with CPU optimization; the problematic BitKeeper license; and much more.
New Distributions AbulÉduAbulÉdu is a Mandrake-based distribution for primary schools. It is currently in French but most of the tools can be translated. An AbulÉdu server can handle Mac (netatalk), Windows (samba), GNU/Linux and X terminal (with LTSP) clients.Development version 1.0.11 beta 4 features new French-Arabic keyboard support (you can now use some applications such as Mozilla, write with a French keyboard, or press AltGr and write with an Arabic keyboard), some updates, and new features (new mathematical applications and childrens software).
Minor distribution updates Aurora SPARC Linux Build 0.42 (Douglas) releasesThe Aurora SPARC Linux Project announced Build 0.42 (Douglas). This release is primarily for sparc64, since it fixes a nasty bug that caused disk operations to take 10X as long. As such, the kernel has been reverted to 2.4.18-1.000sparc.
floppyfwfloppyfw has released 2.0.3 with minor security fixes.
Linux From ScratchLinux From Scratch has a new stable release, version 4.0. The list of changes is quite extensive, so please read the changelog for the details.
Mindi LinuxMindi Linux has released v0.66 with improved logging. Mindi now works around Debian's eccentricities more effectively and handles DevFS better, too.
Distribution reviews Debian on Steroids: Libranet 2.7 (Linux Journal)The Linux Journal reviews Libranet 2.7. "Libranet offers a straightforward installer, simplified partitioning, automatic detection and configuration of video and sound, system administration tools and a well organized selection of applications, all of which get a generously endowed Debian installation up and running in short order. And since Libranet is fully compatible with Debian, it offers fast and reliable system updates and upgrades."
Linux Orbit Reviews Libranet GNU/Linux 2.7Libranet GNU/Linux 2.7 is reviewed by Linux Orbit. "We focused a lot for this review on the desktop aspects of Libranet GNU/Linux 2.7, since the effort to create an easy to use desktop Linux distribution has obviously been considerable. But let's not forget what lies underneath. Libranet 2.7 is based on Debian GNU/Linux 3.0 (now officially "stable"), with Libranet enhancements, like the latest stable kernel and more. And if you don't need a desktop system, seasoned Debian users can choose a minimal installation and rely on installing their favorite server software packages via apt."
Mandrake 9.0 vs. Mandrake 8.2 for new Linux users (Register)The Register describes a basic Mandrake 9.0 installation and compares ML9.0 to ML8.2 on a ThinkPad T20. "I stick the coaster (CD #1) into the cupholder (CD Drive) and look at the install screen. It's similar to the one I saw in earlier Mandrake versions, with its choice of upgrade, rescue or full install. I choose full install by hitting "Enter." The install begins. Mindlessly, I click on the default choices as I begin, and partitions are created automatically, with my 12 GB hard drive split more or less equally between / and /home (ext3) partitions separated by a 243 MB swap partition. Nothing radical, no work to do, no thought required. It has been a while since partitioning was a concern for new Linux users who chose "commercial" distributions, and this latest Mandrake has made the partitioning process literally invisible unless you choose the "expert" option."
Mandrake Linux 9.0 distro for Xbox now available (Register)The Register takes a look at Mandrake 9.0 on the Xbox. "Mandrake was chosen, according to the Project, for purely utilitarian reasons. Red Hat is "quite conservative with its package versions, and we wanted to provide the most modern distribution available." SuSE doesn't have a GPLed distribution download, and "Debian isn't the typical distribution for the end user, and besides, Debian for the Xbox is already available." They also say that of the four, they found Mandrake ran with the least modifications."
Red Hat 8.0's bid for the simple, easy to use Linux desktop (Register)The Register reviews the installation of Red Hat 8.0 on an IBM ThinkPad laptop. "Shock number one was it installed without any hassle. No comments here on partitioning and dual booting, as I was happy just vaping the hard drive(which I appeared to have vaped already for some reason anyway), and accepting the defaults."
SuSE 8.1 Professional Review (LinuxLookup)LinuxLookup.com looks at SuSE 8.1 Professional. "SuSE software has always impressed me by the attention to detail they employ in generating their best-in-class Linux OS. The installation routine is simple and straightforward, the progress bar (lie meter) is generally accurate, and the finished install is relatively painless to configure. This release is no different in those aspects and more improvements have made their way into the finished product as well."
Page editor: Rebecca Sobol Development System Applications Database Software PostgreSQL 7.2.3 ReleasedVersion 7.2.3 of PostgreSQL has been released. "In order to address a potentially critical bug in the VACUUM code, the PostgreSQL Global Development Group is releasing v7.2.3 of PostgreSQL. This release includes a fix for a serious problem that has affected all 7.2.* releases: if a VACUUM command is run by a non-superuser, it is sometimes possible for the system to prematurely remove old transaction log data (pg_clog files). This can result in data becoming unrecoverable. All 7.2.* installations are urged to update to 7.2.3 as soon as possible."
Education Linux in Education ReportIssue #80 of the Linux in Education Report is out. Topics include the Free Software Foundation Europe's educational task force, interviews with Pete St. Onge and Ben Armstrong, a proposal for Software Freedom Season, several conference calls for participation, Linux-based video bulletin board software, and more.
Printing CUPS v1.1.16 is Released!Version 1.1.16 of the CUPS printing system is available. "CUPS 1.1.16 adds support for a new CUPS printer driver for Windows NT/2000/XP that provides accurate page accounting as well as support for the banner, job billing, job priority, and page label options. The new release also contains many small bug fixes and enhancements, including better USB printing support, support for printer names containing any printable character (123print, my-long-printer-name, etc.), and French language localization of the web interface and documentation." See the release notes for all of the details.
Web Site Development Apache 1.3.27 ReleasedThis release of Apache is principally a security and bug fix release. The announcement details a possible buffer overflow in ab.c, a XSS vulnerability in error 404 handling, and a SysV shared memory-based scoreboards attack. You can download the new release from any of Apache's mirrors.
Quixote 0.5.1 releasedVersion 0.5.1 of the Quixote Python-based web publishing framework is available. See the source code for change information.
Serving it up fast: Efficient CGI page generation (Builder.com)Builder.com has an article by Nigel McFarlane about the optimization of cgi-bin programs. "Efficient delivery of dynamic Web pages remains a challenge for Internet developers, especially when moving static HTML pages to CGI. I will review some performance numbers I obtained from testing three CGI strategies during the generation phase of page delivery."
Zope Members NewsThe most recent headlines on the Zope Members News include: the Infrae Content Management Sprinathon, RenderPM 0.3 released, TextIndexNG 1.05 beta 2 released, DCOracle2 1.2 Released, and ZWiki 0.11.0 released.
mnoGoSearch-php-3.2.0.rc1 is availablemnoGoSearch-php-3.2.0.rc1, the php front-end to the mnoGoSearch web site search engine has been released. See the ChangeLog file for release details.
Miscellaneous Procps 2.0.10 announcedVersion 2.0.10 of Procps is available. "Procps is the package containing various system monitoring tools, like ps, top, vmstat, free, kill, sysctl, uptime and more. After a long period of inactivity procps maintenance is active again and suggestions, bugreports and patches are always welcome on the procps list. The plan is to release a procps 2.1.0 around the time the 2.6.0 kernel comes out, with regular releases until then. Code cleanups and all kinds of enhancements are welcome."
GStreamer Pipeline EditorVersion 0.2 of the GStreamer Pipeline Editor is available. "A first release of gst-editor, the GStreamer graphical pipeline editor, is now available for public consumption! This tool allows easy, graphical construction, inspection, and operation of media processing pipelines. It can be used as a rapid prototyping tool as well as a method to learn more about GStreamer."
Desktop Applications Audio Applications WaveSurfer 1.4.5 releasedVersion 1.4.5 of the WaveSurfer sound visualization and manipulation tool is available. Changes include a new sound mixing functionality, three new time display formats, bug fixes, and minor improvements. See the Changes document for the full history.
Rosegarden-4-0 availableVersion 4-0 of Rosegarden, a MIDI and audio sequencer and musical notation editor, is available.
Desktop Environments KDE 3.1beta2 Hits the 'NetKDE.News reports on the release of KDE 3.1beta2. "On top of the large number of improvements over KDE 3.0 which have already been announced, this release offers a number of significant improvements, such as a new Exchange 2000® plugin for KOrganizer and a KVim plugin for KDevelop."
KDE e.V. on the KDE LeagueKDE e.V., "the KDE developers' organisational body which controls the KDE League," has put out a statement on the current furor over the KDE League's activities (or lack therof). "The Board of KDE e.V. has at this point and with the current knowledge absolutely no reason to believe that there are any irregularities in the bookkeeping of the KDE League.... The Board of KDE e.V. acknowledges that the KDE League has been mostly dysfunctional the last few months. This is partly due to lack of enthusiasm on the part of the KDE League members, partly due to KDE e.V. having been dysfunctional itself."
GNOME Development Series Snapshot 2.1.0Snapshot 2.1.0 of the GNOME Development Series, dubbed "88MPH" is available. Testers are being recruited.
GNOME SummaryThis week's GNOME Summary looks at more SVG candy; new GNOME Accessibility Themes; GNOME Development Series Snapshot 2.1 released; and much more.
FootNotesTopics on the GNOME desktop FootNotes site include: Sodipodi 0.27, an Owen Taylor and Havoc Pennington Interview, OpenOffice.org Developer Build 643, Glade Beta for GTK+ 2 And GNOME 2, Gnumeric 1.0.10 & 1.1.9, GNOME Accessibility Themes released, and more.
Games The Chopping BlockThe October, 2002 issue of the World Forge Games Chopping Block is out. topics include project news, lagrangian mechanics, head textures, the Kokatrix 2D World Editor, and more.
GUI Packages FLTK 1.1.0 Now Available!Version 1.1.0 of FLTK, the Fast, Light ToolKit, is available.
Interoperability Kernel Cousin WineIssue #138 of Kernel Cousin Wine has been published. Topics include a LindowsOS 2.0 Review, DIB Engine, That Darn $!$!, Anti-alias For Smaller Fonts, Remote Procedure Call Patch, and Listview Changes.
Wine developers release 20021007 is availableDeveloper Release 20021007 of Wine has been announced. Changes include a massive listview rewrite, a new MS RLE codec, a fixed winemaker, the beginnings of Direct3D 8 support, and lots of bug fixes.
Office Applications Open Office developer build 643Developer build #643 of OpenOffice is available and ready for testing.
AbiWord Weekly NewsIssue #112 of the AbiWord Weekly News is out. Topics include the AbiWord developer's release version 1.1.0, browser width issues, elevators and the reload button, and lots more.
Kernel Cousin GNUeIssue #49 of Kernel Cousin GNUe is out with the latest GNU enterprise issues. This week's topics include GNUe in use in production environments, a wxWindows bug in Designer Property Window, Time and Expenses functionality, a GNUe developers meeting in Germany, New Releases of the GNUe Tools, and more.
KVim Stable Release 6.1.141KDE.news has an announcement for a new release of KVim, a GUI version of the classic VI editor. "It provides many new features and improvements: a new GUI for Qtopia systems, a new KDE toolbar, full DCOP support, much improved support for internationalisation and encodings, and improved portability."
Web Browsers Mozilla status updateThe October 2, 2002 Mozilla Status Update is out with the latest Mozilla project news. topics include Mozilla releases, Phoenix 0.3, Spellchecker, OS/2, a dll/so cleanup, footprint reduction ideas, Spam/Junk mail filtering, Typeahead, a Mozilla Book, and Xft/fontconfig support.
mozillaZineThe latest mozillaZine topics include Thunderbird, a lightweight stand-alone mail client, Phoenix 0.3 Delayed, Mozilla in the Chicago Sun-Times, Tree to Close for 1.2 Beta, Mozilla Featured in Open Source Study, Adding Pop-up Blocking to Netscape and Spell Checking to Mozilla, and more.
Languages and Tools Caml Caml Weekly NewsThe Caml Weekly News for September 10 through October 8, 2002 is out with lots of Caml news topics.
The Caml HumpThis week, the new software on The Caml Hump includes one item, htmlc, An HTML files generator.
Eiffel ELJ 0.4 Eiffel projectsRelease 0.4 of the ELJ Open-source projects and library bindings for Eiffel have been released. Extensive Linux support has been brought to the project with this version.
Java Top Ten New Things You Can Do with NIO (O'Reilly)Ron Hitchens writes about Java's NIO on O'Reilly's OnJava.com. "New I/O? Why do we need a new I/O? What's wrong with the old I/O? There's nothing wrong with the classes in the java.io package; they work just dandy -- for what they do. But it turns out there are quite a lot of things the traditional Java I/O model can't handle. Things like non-blocking modes, file locks, readiness selection, scatter/gather, and so on. These capabilities are widely available on most serious operating systems today (and a few comical ones, as well). They're not just nice to have; they're essential for building high-volume, scalable, robust applications, especially in the enterprise arena."
Lisp LISA 2.0a1 releasedVersion 2.a1 of LISA, the Lisp-based Intelligent Software Agents Lisp platform is available.
Perl Perl 5 Porters digest (use Perl)The latest Perl 5 Porters digest is out. topics include Hash::Util::lock_keys inhibits bless, Just in time subroutine loading, Collections, Overriden built-in misparsing, The void context, make too slow, a Safe.pm security hole, Memory stats interface, and more.
This week on Perl 6O'Reilly's This week on Perl 6 for September 30 - October 6, 2002 is out. Topics include a Parrot getting started guide, debugging the Parrot debugger, Patch Master status, a New allocator, Patches, library name collisions, core.ops ate my (miniscule) RAM, a Parrot file list, Interfaces, Subject-Oriented Programming, Matching, Who's Who in Perl6, and more.
The Perl Foundation NewsletterThe October, 2002 edition of The Perl Foundation Newsletter is out. Topics include YAPC 2003, and an interview with White Camel winner Tim Maher.
How Hashes Really Work (O'Reilly)Abhijit Menon-Sen explains hashing in the context of Perl. "It's easy to take hashes for granted in Perl. They are simple, fast, and they usually "just work," so people never need to know or care about how they are implemented. Sometimes, though, it's interesting and rewarding to look at familiar tools in a different light. This article follows the development of a simple hash class in Perl in an attempt to find out how hashes really work."
PHP PHP Weekly SummaryTopics on this week's PHP Weekly Summary include Embedded PHP, XSLT directions, More .phps support, Fixing streams, cURL extension, String functions [clean|speed]ups, and Rounding out Apache 2 support.
Python Python 2.2.2b1 releasedGuido van Rossum has released Python 2.2.2 beta 1. "Python 2.2.2 has a large number of bug fixes in all areas of the interpreter and the library".
Python-dev SummaryThe Python-dev summary for September 30 is now available. It looks at an extended type system proposal, the upcoming Python 2.2.2 release, and several other topics.
The Daily Python-URLThis week's Daily Python-URL topics include Win32 Extension Snapshot Builds, Python 2.2.2 beta 1, the ICFP programming contest results, an Introduction to random access files with module 'shelve', ZPT basics (part 1), and more.
Ruby The Ruby Weekly NewsTopics on this week's Ruby Weekly News include JRuby beta 1.6/0.5.2, Blogtari 0.0.2, WNS XFormer version 0.0.0, xmlscan-0.1.0rc1, ZenTest 1.0.1, ZenWeb 1.14.0, Inline::C meeting, thoughts on typelessness, an announce only mailing list, Things That Newcomers to Ruby Should Know, RubyConf: insurance problems solved, and a discussion about a MetaRWN.
Scheme Scheme Weekly NewsThe October 7, 2002 edition of the Scheme Weekly News is out. Topics include a request for more Scheme articles, TeXmacs 1.0.18, and SISC 1.6.0 beta.
Tcl/Tk Dr. Dobb's Tcl-URL!The October 7, 2002 edition of the Dr. Dobb's Tcl-URL! is out with all of the latest Tcl news.
XML Duplicate and Empty Elements (O'Reilly)Bob DuCharme shows how to clean up XML data on O'Reilly's XML.com. "Any manipulation of XML documents, whether with XSLT or not, often involves cleaning up the documents. Perhaps some company sends XML data to your company, and while it may be valid XML, it still needs to be beaten into shape a bit before your systems can use it. Dealing with duplicate elements and empty elements are typical tasks of a cleanup process. Through no fault of XSLT, finding them can be a little trickier than you might at first think, but it's not too bad, and XSLT includes several features to make these cleanup tasks go more easily."
Working with a Metaschema (O'Reilly)Will Provost talks about metaschemas on O'Reilly's XML.com. "In this article we'll investigate the uses of metaschemas and the techniques for creating them. This will bring us in close contact with the existing WXS metamodel, an interesting study in and of itself. We'll consider several strategies for bending this metamodel to our application's purposes, and we'll see which strategies best suit which requirements. (To tip the hand a bit, the prize will go to the WXS redefine component as a way of redefining parts of the WXS metamodel itself.)"
Page editor: Forrest Cook Linux in Business Business News TowerGroup: Linux gaining in financial firmsAn analyst company called TowerGroup has put out a press release on the use of Linux in financial firms. "TowerGroup estimates that Linux is now deployed on 14% of total servers at North American brokerage firms. In contrast, Microsoft has 54% of the market (both NT and 2000 combined), while Unix has 27% of the market. However, TowerGroup believes Linux use will grow at an annual rate of 22% in the North American securities server market between 2002 and 2005, outpacing growth in Windows 2000, NT and Unix deployments over that same period."
W3C board votes for royalty-free patent policyBruce Perens reports that after a year of argument and see-sawing, W3C's patent policy board has voted to recommend a royalty-free patent policy. This recommendation will be put in the form of a draft and released for public comment.
Press Releases Open Source Announcements
Distributions and Bundled Products
Software for Linux
Products and Services Using Linux
Hardware with Linux support
Linux at Work
Books and Documentation
Training and Certification
Trade Shows and Conferences
Partnerships
Financial Results
Personnel and New Offices
Miscellaneous
Page editor: Rebecca Sobol Linux in the news Recommended Reading O geeks, what has become of us? (Register)Here's an editorial in The Register expressing fears that the "geek worldview" is becoming too uniform. "If geekdom becomes tied to a Little Red Book of permitted beliefs, it is likely to go the same way as so many other fixed belief systems, into decline. Another way of putting this is to ask this question: If DRM comes crashing down on our heads, and we can't do anything about it, do we all have to spend the rest of eternity fighting the last war? And if we're fighting that war, who's going to be taking care of the next one?"
Real Hacking Rules! (O'Reilly)O'Reilly has an article by Richard Thieme on the meanings of the term "hacker". "In essence, hacking is a way of thinking about complex systems. It includes the skills required to cobble together seemingly disparate pieces of a puzzle in order to understand the system; whether modules of code or pieces of a bigger societal puzzle, hackers intuitively grasp and look for the bigger picture that makes sense of the parts. So defined, hacking is a high calling. Hacking includes defining and defending identity, creating safe boundaries, and searching for the larger truth in a maze of confusion and intentional disinformation."
Perspective: The patent threat to the Web (News.com)Bruce Perens has written an editorial that looks at the W3C recommendation to maintain a royalty-free policy. "Had the decision gone for so-called "RAND" patents--licensed with "reasonable and non-discriminatory terms," but sometimes requiring royalty payments--the effect would have been to create a tollbooth on the Internet, owned by the largest corporations, collecting a fee for the right to implement open standards. Open-source developers, who do not collect royalties--and thus cannot afford to pay them--would have been locked out entirely. Smaller companies that develop proprietary software would have been at a disadvantage, compared with the largest corporations, which cross-license their patent portfolios to each other and thus would not be burdened by royalty payments."
Has Apache peaked? (ZDNet)ZDNet looks at reasons for the slow adoption of the Apache 2 web server. "Unfortunately, the changes in 2.0 necessary to implement the performance improvements were significant, and they break all of Apache's old module code. It all needs to be rewritten and--amazingly--six months after the release of 2.0, much of the job remains undone."
Virus writers get Slapper happy (News.com)News.com covers the most recent worm to threaten Linux users. " The newest variant, dubbed "Mighty," exploits the same Linux Web server flaw that other versions of the Slapper worm have used to slice through the security on vulnerable servers. Russian antivirus company Kaspersky Labs said in a release Friday that more than 1,600 servers had been infected by this latest variant as of Friday morning and are now controlled by the worm via special channels on the Internet relay chat system." Kaspersky's press release can be found here.
Companies Ballmer heads for Oz to staunch Telstra Windows defection (Register)The Register reports that Microsoft will be sending Steve Ballmer to Australia, in an effort to head off Telstra's switch to Linux. "Whatever, the real Telstra deal's already gone anyway, and the best Microsoft can now do is to the stop the backshop lockout it's already sustained from turning into a whopping loss of 45,000 desktop software licences and a massive PR triumph for whichever other company gets the gig instead. Microsoft should surely be in with a shot at avoiding this, because junking tens of thousands of Windows and Office installations and setting up an alternative (e.g. Linux-StarOffice) remains a non-trivial exercise."
IBM signs Linux server 'utility' deal (News.com)IBM has a new service that lets customers rent access to IBM managed Linux servers. News.com covers the service and its first major customer. "[Mobil Travel Guide] will use the service to meet seasonal peak demands, IBM said. The Linux Virtual Services offering from IBM lets customers pay for the computing capacity they use instead of purchasing computing power to accommodate peak demands."
Evesham bundles Lindows on PC (Register)According to the Register, a UK chain store known as Evesham will be selling inexpensive Linux-based PCs. "Evesham is bundle the open source Lindows OS on a new bargain basement PC knocked out at £249 inc.VAT. Evesham's E-scape Li PC comes with Lindows preloaded, features a VIA C3 processor and the VIA Apollo PLE133 integrated chipset, 40Gb Hard disk, 256MB DRAM, CD drive, modem and mouse. Monitors, speakers and other peripherals cost extra."
Novell Drives Home Linux (eWeek)eWeek covers Novell's new interest in Linux. "While Linux support has already been built into some Novell products and solutions, the efforts have largely been piecemeal. The goal now is to make all Novell products run on Linux or be Linux-enabled." Thanks to Peter Link
SCO abandons Linux desktop--for countertop (ZDNet)ZDNet covers SCO Group's changing focus, away from desktop Linux. "The increased focus on point of sale devices does not mean that SCO is totally giving up on the desktop. Although the company no longer sells a desktop operating system, it is continuing to develop its Volution Manager product, which helps system administrators manage desktop versions of Linux, automatically installing patches and so on, and plans to extend its reach to desktop versions of Windows too."
SGI funds Linux advocate (News.com)News.com covers Jon "maddog" Hall's new position with SGI. "At SGI, Jon "maddog" Hall will continue his company-neutral role as executive director of Linux International, said Paul McNamara, SGI vice president of products and platforms. SGI is sponsoring Hall the way VA Linux Systems and Compaq Computer have done in the past, McNamara said."
Sun's Linux PCs might just work (ZDNet)ZDNet's Larry Seltzer thinks that Sun may have a chance for success with its attempt to put Linux on the desktop. "Devaluing the desktop is central to Sun's strategy, and there's a lot to be said for this approach, which is why I think it might be well received. Even with Windows-based networks I've always thought it's a good administrative idea for an enterprise to centralize things and generally to make desktop systems as replaceable as possible."
Sun to restore Intel support for Solaris (News.com)News.com reports that Sun will revive Solaris on Intel. "Sun is relying on the community of Solaris-x86 users to help support the product. Lovell said the company will release the programming tools it uses to build the "driver" software that lets Solaris communicate with hardware such as network cards. Creating and supporting those drivers is a big part of the expense of supporting Solaris on a wide variety of servers, not just the limited number of models Sun sells." If sales are good for this product it could impact future development of Sun Linux.
Business Is Linux taking over the enterprise? (ZDNet)This ZDNet article takes a long look how Linux is doing at "world domination". "Linux continues to play a role in enterprise markets, but its growth spurt of recent years appears to have slowed a little. In 2001, Linux server environment shipments declined in revenue by five percent to $80 million, according to IDC, after two years of solid growth. That decline does need to be seen in context, however."
Announcing WindowsRefund.net (Linux Journal)Linux Journal further explores the process of getting a refund for unused copies of Windows. "Common Misconception #1: "Microsoft is the problem. The OEMs are not at fault."""There is nothing to win by going after Microsoft for resolution. The End User License Agreement (EULA) already includes the provision for a refund. At this point, is is the OEM's responsibility to make good on this."
ExxonMobil Travel Guide Migrating To IBM Linux Virtual Services (TechWeb)According to TechWeb, ExxonMobil Travel Guide will be using Linux for its online travel-planning and database system. "ExxonMobil Travel Guide this week begins the process of migrating newly developed travel-planning and database applications for its Mobil Companion service to IBM, which will host and maintain them on a mainframe running Linux."
Lindows to AOL: surely some mistake? (ZDNet)ZDNet delves into the truth about deals between Lindows.com and AOL Time Warner. "On Thursday, however, Lindows suggested that AOL might not have its facts straight. "Our engineers have been to Dulles, Virginia, and have worked with AOL," said Lindows' public relations director, Cheryl Schwarzman. "It may be the case that the spokesperson was not informed of that information." In response, AOL reiterated that it has "no formal relationship" with Lindows.com."
AOL surprised to be a Lindows partner (Register)Here's the Register's take on Lindows' "AOL PC". "In answer to its own bullet point, "why 35 million AOL users should buy a LindowsOS computer", Lindows PR bunnies suggest strongly that the OS is ready to connect at the click of a mouse button:"
Attack of the freebie software (U.S. News)U.S. News has an article about the increasing spread of Linux. "... Linux may be picking up interest from end users. Erica Simon, a San Francisco State University psychology major "fed up with Windows crashing and doing weird things," switched to Red Hat Linux on a Dell notebook computer. She needed help from her programmer fiancé but says the learning curve "was not really that hard, and the benefits far outweigh any pain."" Thanks to Dan Kegel.
Legal Tech giants back Fair Use bills (Register)The Register takes a look at a new bill announced by Congressman Rick Boucher. "Boucher's bill will specify that share denial CDs are labeled clearly, and like Lofgren's attempt to superseded the draconian provisions of the DMCA. "Boucher would essentially reverse the outcome, and fix the problems that gave us the 2600 case, the Felten case and the Sklyarov prosection," the EFF's Senior Intellectual Property Attorney Fred von Lohmann told us today."
Congress asked to unpick copy lock laws (News.com)News.com examines new legislation designed to defeat the DMCA. "Boucher, the most outspoken opponent of the DMCA on Capitol Hill, has spent more than a year rallying support for this measure. After Dmitry Sklyarov, a Russian programmer visiting the United States, was arrested in Aug. 2001 on charges of violating the DMCA, Boucher called the prosecution "a broad overreach.""
Coming to terms with copyright (News.com)Here's an article from News.com examining the status of copyright laws in the United States. "In their legal briefs, Lessig and the other law professors correctly stress the importance of paying attention to both of these two vital parts of the U.S. Constitution: The copyright clause, which gives Congress the power to create copyright laws for a limited time, and the First Amendment, which prohibits Congress from curtailing speech or expression."
Law School in a Nutshell (LawMeme)For anybody who has had trouble wading through a legal document: the "Law School in a Nutshell" series on the LawMeme site is worth a read. "To understand why legalese is so incomprehensible, think about it as the programming language Legal. It may have been clean and simple once, but that was before it suffered from a thousand years of feature creep and cut-and-paste coding." The first and second parts are available now.
Interviews Mr Linux basks in the limelight (BBC News)The BBC News interviews Linus Torvalds. "Part of doing Linux was that I had to communicate a lot more instead of just being a geek in front of a computer. It has made me more used to talking to people. I still like coding but I have other things to do."A companion article, Linux Lowdown, provides a brief introduction to Linux. Thanks to Paul Sladen
Interview: The Future of Linux on IA-64 (IBM developerWorks)IBM developerWorks interviews David Mosberger about Intel's new 64-bit chip.. "David Mosberger has been a 64-bit Linux guy since day one. While pursuing a graduate degree at the University of Arizona in the early '90s, Mosberger led the Linux port to the Alpha processor and soon found that his Linux hobby was taking up as much time as his graduate work."
The Register interviews Monte DavidoffThe Register has interviewed Monte Davidoff, one of the authors of the original Microsoft BASIC interpreter. ""I'm really excited about Linux," he says. "Having used Unix all these years and put out professional Unix products, they've done a really good job." His other passion, he tells us, is Python."
Doing the Samba on Windows (Financial Review)The Australian Financial Review talks to Andrew Tridgell about Samba and other programs. "One of his programs, rsync, was based on his PhD, and looks like it might become a standard part of web browsers. It reduces, by up to 90 per cent, the amount of data that has to travel over a network when someone requests a web page." Thanks to Con Zymaris
Resources Embedded Linux NewsletterThe October 3, 2002 edition of the LinuxDevices Embedded Linux Newsletter is out with the latest Embedded Linux news.
On2 and Xiph Release alpha version of TheoraOn2 Technologies and the Xiph.org foundation have announced the first alpha release of Theora, a combination of VP3, Vorbis Audio, and the Ogg media framework. ""This preliminary code release represents the first time developers will have access to a completely license- and royalty-free system that includes world-class video and audio codecs in an integrated, streaming-friendly format, with all the source code and intellectual property open, customizable, and available for immediate, anonymous download," said Dan Miller, CTO and Founder of On2 Technologies.
Security Tools in Linux Distributions (Linux Journal)Linux Journal looks at some of the security tools available in different Linux distributions. Part 1 looks at various HIDS and NIDS that come with Red Hat distributions. Part 2 is an overview of various tools included in SuSE distributions for hardening, monitoring and securing your system.
Reviews WYSIWYG Web page editors (PCLinuxOnline)PCLinuxOnline introduces some WYSIWYG (What-You-See-Is-What-You-Get) Web page editors. "Amaya is an especially interesting project. It was created by the W3C specifically to be 100% standards-compliant (like Mozilla). If you didn't like the interface before, you should know that it was recently ported to GTK+."
Phoenix 0.2 Web Browser: Lean, Mean Mozilla (LinuxOrbit)Linux Orbit reviews the Phoenix 0.2 Web Browser. "Depending on what you are looking for in a web browser, Phoenix may be just the ticket. Though still in heavy development, it's fast, snappy, surpassingly stable, somewhat configurable and very useable. If it's not what you are looking for now, check back from time to time as new features seem to be added on an almost daily basis."
Miscellaneous Will open source finally kill off the $1.2 million CMS money pit? (ZDNet)Builder.com investigates the world of open-source content management systems. "We asked two experts, EuroZope Foundation founder Paul Everitt and CMS guru Gregor Rothfuss, to explain this open source CMS movements goals and motivations. The open source advocates compare the status of current CMS optionswhich run the gamut from simple flat-file data storage to robust database solutionsto that of Linux as it flirted with corporate acceptance a few years ago."
Nigeria Puts Bio-Identity System To The Test (TechWeb)TechWeb looks at how Linux blade servers will create a flexible architecture for Nigeria's first civilian-run election since military rule ended. "BioLink will deploy 456 800i single-processor Linux blade servers from RLX Technologies Inc. to voter-registration sites in Nigeria's 37 states. The blades will process data from scanned voter-registration cards, which will include voters' thumbprints. BioLink's software will run on the blades, checking for fraud or duplication."
Page editor: Forrest Cook Announcements Upcoming Events Workshop on Linux Clusters for Super Computing CFPA CFP has been issued for the 3rd annual workshop on Linux clusters for super computing, to be held in Sweden on October 24 and 25, 2002.
educationaLinux 2003 miniconference CFPA Call For Papers has been issued for the Australian educationaLinux 2003 conference, to be held in Perth, Australia on January 20, 2003.
Events: October 10 - December 5, 2002
Web sites The Perl Journal On The Ropes (use Perl)Use Perl comments on the state of the Perl Journal. "Rochlin writes "Looks like The Perl Journal might not make it up for air after all. This blurb is on their website. 'Time is running short and we need your help if The Perl Journal is to get another chance at being the real deal."
Software announcements This week's software announcementsHere are the software announcements, courtesy of Freshmeat.net. They are available in two formats:
Page editor: Forrest Cook Letters to the editor BitKeeper License
Hello, lwn.net had a long time the letters to the editor section. Nowadays it seems to be gone, but the discussion around the BitKeeper license is worth my first letter to the editor. I tried today, 6 October 2002, to download the BitKeeper software from the BitKeeper website. The download page contains a link to the license, so I read http://www.bitkeeper.com/Sales.Licensing.Free.html The headline says "Free Use License" but right below it is called BitKeeper License version 1.37 02/18/02. The definition section clarifies: It is the BitKeeper license. But I couldn't find the clause, which triggered all the discussion on the Linux kernel mailing list. Using the download link I had to fill an "Are you a sales opportunity?" mask. The email response had a quite simple user name and password. Annoying, next step: Calling the URL from the E-Mail and entering the simple user name and password. There BKL 1.37 is printed again, this time without the "Free Use License" header. I still couldn't find the now infamous clause. I downloaded the binary 2.1.6-pre5 binary for Linux and glibc-2.2. The binary creates a directory full of other binaries, including GNU diffutils and GNU patch. The GNU source code is available under ftp.bitmover.com. There is no file with license in its name. I found the license with grep in the bkhelp.txt file. This is a verbatim copy from the file: bk bkl(1) BitKeeper User's Manual bk bkl(1) NAME bk bkl - BitKeeper License version 1.37, 02/18/02 LICENSE BitKeeper License version 1.38, 03/28/02 The name says 1.37 and the license says it is 1.38. I assume that's indeed 1.38, because the discussion-triggering clause is there. A simpler way to display it, is $ bk help bkl Tell me now under which terms I've licensed BitKeeper 1.37 or 1.38? I don't know, I'm not a lawyer. But at least I've now an explanation, why it took six month until the posting on the linux kernel mailing list. Anyway for a company selling configuration management tools, this is quite a mess. I repeat here the discussed clause from the BitKeeper license version 1.38 from 03/28/02 from section 3 LICENSE OBLIGATIONS: (d) Notwithstanding any other terms in this License, this License is not available to You if You and/or your employer develop, produce, sell, and/or resell a product which contains substantially similar capabil- ities of the BitKeeper Software, or, in the reason- able opinion of BitMover, competes with the BitKeeper Software. This is quite straight, this license takes away freedom from you. For an open-source developer that means you can't use BitKeeper free of charge if you want to build a "technical" better source repository tool. According to the language you wouldn't even be able to improve GNU diffutils and patch, if you use BitKeeper. Both packages contain of course substantially similar capabilities. Larry McVoy isn't better than Disney. He build upon work of others (diffutils and patch), but doesn't allow others to build upon his own work. Linus gave Lary the incredible marketing position of managing the Linux kernel sources with his proprietary tool. Larry paid a price by providing BK free of charge and the T1 file for the open logging server, which it is his tool to enforce the license. I don't understand why the Linux kernel developers didn't require Larry to negotiate any license change with them. Obviously the GNU Public License doesn't protect you from political blindness. There is no problem, using non-open-source tools to develop open source or free software---it happens all the time: think about Java open source tools. Even Microsoft doesn't prevent the Mono developers to use the C# SDK, free of charge, to develop a competing open-source implementation. I don't have the power to stop kernel developers to use a tool, that limits the freedom of developers. But I've removed BitKeeper from my computer and I will stay with CVS until a better tool with a GPL or BSD style license will become available. I've had a look at the alternatives, Arch looks very promising and Subversion has a far to complicated architecture. The most simple thing about the whole story, is the prediction about the future. I can't remember exactly, because nowadays it seems to be in a galaxy far, far away: Linus said once, that if Motif doesn't become open source, it will be history. Exchange Motif with BitKeeper and you will have a clear view on the events to come. Uli Kunitz -- Ulrich Kunitz (ulrich.kunitz@freenet.de)
BitKeeper license
Dear LWN Editors,
I trust you are aware of the recent discussion around the BitKeeper
license on the kernel mailing list[1]. (Also see the thread[2] on
debian-devel.) Tom Gall noticed that the gratis BitKeeper license has
the following clause in Section 3:
(d) Notwithstanding any other terms in this License, this
License is not available to You if You and/or your
employer develop, produce, sell, and/or resell a
product which contains substantially similar capabil-
ities of the BitKeeper Software, or, in the reason-
able opinion of BitMover, competes with the BitKeeper
Software.
Larry McVoy has specifically stated[3] that Ben Collins (a developer
of Subversion, a replacement for CVS, and also a part-time kernel
developer) has no gratis license for BitKeeper as a result of this
clause. Elsewhere in the thread, he asserted[4] that if certain
(planned[5]) features were added to the kernel, the gratis license
would terminate (and, therefore, all kernel developers using BK would
have to scramble to find alternatives). In light of these
developments, I hope that you will reconsider your position from 1999:
In a front page article, you suggested[6] that the restrictions in the
BK license were not very severe:
The interesting thing is that, on a list for kernel hackers who
intend to use the system, nobody really cares all that much. Even
members of the OSI board have posted there, saying that the
license is a good one, and that the lack of the "Open Source"
designation should not be a problem. BitKeeper is free enough for
that crowd, and they tend to be pretty fussy on these things.
The license has changed since you wrote this; in particular, the
clause above was apparently added about 6 months ago. However, there
is another clause in the BK license requiring you to use the latest
version of the license. Here we see that BitKeeper is, in fact, quite
far from open source or free software: The non-free terms of the
license are being used to exert leverage, in exactly the same way that
(say) Microsoft exerts pressure on OEMs.
Larry McVoy and the BitMover corporation are, of course, free to
license BitKeeper however they want. But I would urge free software
developers to think carefully before relying on the tools of a vendor
that is so willing to change their license terms to satisfy personal
aims.
Sincerely yours,
Dylan Thurston
[1] http://www.uwsg.indiana.edu/hypermail/linux/kernel/0210.0/1496.html
[2] http://lists.debian.org/debian-devel/2002/debian-devel-200210/msg00245.html
(Oddly, the original message from Branden Robinson seems to be
missing from the archive.)
[3] http://www.uwsg.indiana.edu/hypermail/linux/kernel/0210.0/1725.html
[4] http://www.uwsg.indiana.edu/hypermail/linux/kernel/0210.0/2096.html
[5] http://www.uwsg.indiana.edu/hypermail/linux/kernel/0210.0/2133.html
[6] http://old.lwn.net/1999/features/BitKeeper.php3
(Please feel free to include this on the Letters to the Editor page.)
Apache 2.0 and Red Hat
I know there's a lag between writing an article and its publication, but Apache 2.0 _is_ the default Web server for Red Hat. In version 8.0, released this past week. (You can see that at http://www.redhat.com/software/linux/technical/packages.html) That information was long available via the public beta releases. Your article also mischaracterizes the Apache development process: although the current version is 2.0.43, the first 'production' version in the 2.0 series was 2.0.35. Everything prior to that was a beta, as is documented at http://www.apacheweek.com/features/ap2 I suspect that the API has been quite stable since 2.0.35 was released in April of this year, though I'll admit to not having verified this. To characterize the Apache release process as having 30 incremental releases is to misunderstand the open-source development process as it applies to Apache. Surely you wouldn't claim that the Linux 2.4.2 kernel was the 63rd incremental release of the system? (There were 51 patches in the Linux 2.3.x development series, plus 9 patches at the 2.3.99 level.) As far as the performance of Apache goes, it's true that Apache 1.3's primary concern was stability, not performance. But, as a consultant and system administrator, I've found few instances where the performance of the Web server was the bottleneck. (More often, it's poorly-architected dynamic content that can be accelerated via a code rewrite or mod_perl.) None of the production environments I work in have upgraded to Apache 2.0. Why not? Because what isn't broken, and what isn't a performance bottleneck, doesn't get replaced. This is not, as the article suggests, a failing of Apache 2.0 but a mark of Apache 1.3's success. I look forward to using Apache 2.0, either when it comes preinstalled on a system I am using, or when I develop a site that needs its power. Until then, as both a Web developer and a Unix systems administrator, I'm satisfied with Apache 1.3. Jon Lasser -- Jon Lasser Home: jon@lasser.org | Work:jon@cluestickconsulting.com http://www.tux.org/~lasser/ | http://www.cluestickconsulting.com Buy my book, _Think_Unix_! http://www.tux.org/~lasser/think-unix/
Consumer's Rights
I wanted to thank Congresswoman Zoe Lofgren in her attempt to balance the interests of copyright holders and consumers. To that affect I have written her the following letter and I am seeking some feedback from the readers of LWN as to their thoughts on the issue. ----------------------------------------------------------------------- Congresswoman Lofgren, I want to thank you for addressing the issue of Consumer's Rights. I live in Sacramento so I cannot actually vote for you but if I could you would have my vote for sure. I believe that the Internet -- including the content that is transmitted by it -- has the largest potential to transform the world as any invention since Johannes Gutenberg's printing press. I'm not talking about transmitting a copy of a song to a million of my closest friends but about transmitting a copy of a song from my home file server to my home entertainment system or my office PC for my personal enjoyment. I'm talking about information not falling into the void because the applications that are needed to access it have become obsolete. I'm talking about politicians being able to publish something that can be easily accessed by those intended -- all of us (most importantly their constituents). The ability to obtain tools that can transform information from one format to another so that everyone (who is legally authorized) can listen, view, or read it. I will be writing my representatives to encourage them to support this legislation. Again I would like to thank you for your courage in introducing this legislation in the face of opposition from organizations such as the MPAA and the RIAA. I would like to put the seed of another thought into your head if at all possible: the distinction between the cost of the media and the cost of the Intellectual Property that it contains. Perhaps this seed could flourish and grow into a future piece of legislation. I, like many millions of other Americans, own both a VCR and a DVD player. I have purchased a number of movies on VHS tapes and some of them I have also purchased on DVDs. I have paid for both the tape of a movie and a DVD of the same movie. I can understand paying twice for the media since I have both a tape and a DVD but I have been forced to purchase the same Intellectual Property twice! That doesn't seem right to me. The same thing happened when I replaced many of my old phonograph records with CDs: I had to repurchase the Intellectual Property that I had already purchased once before. This is going to be happening again soon as a new medium for home audio recordings will be coming out soon: DVD audio. My right of 'first sale' would enable me to sell the older works at a second hand store and recoup some of the expense but, as the old formats are being phased out, demand for them is light and therefore my return will be small. A final thought for you in your pursuit for consumer rights might be the right not to have equipment become obsolete after a very short time. I bring this to your attention as it relates to the 'broadcast flag' that the content creators wish to incorporate into digital TVs and the audio/video content that they will be presenting. If this becomes law then EVERY television sold on store shelves at the moment would instantly become obsolete. Even the brand new high definition digital ones that cost thousands of dollars. If you (as in Congress) wish to move Americans to a digital TV format you should assure them that their investment in the technology will last more than a few years. Budget forecasts call for the auctioning off of the analog TV electro magnetic spectrum; if this doesn't happen in a timely fashion then the money from the auctions will not become available to help balance the budget. But why should I (and other Americans) go out and spend money on new equipment when the standard has not even been finalized yet? The short answer is I won't and I don't believe a majority of others will either. This has created a 'chicken and egg' scenario with the complication of continuously modifying the chicken's genetic sequence. Which egg will hatch into the correct chicken? Thank you for your time in reading this and your efforts on behalf of consumers. Sincerely yours, Tres ****** Registered and Active Voter Sacramento, CA P.S. I have included the text of this email in my correspondence with my Senators and Representative. ----------------------------------------------------------------------- Regards, Tres
Page editor: Jonathan Corbet
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||