LWN Weekly Edition
Leading itemsSecurity
Kernel development
Distributions
Development
Linux in the news
Announcements
Letters to the editor
->Multipage format
This page
Previous weekFollowing week
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
LWN.net Weekly Edition for January 20, 2005Whither Fedora Legacy?Users of the Fedora Core distribution (or any other distribution, for that matter) are well advised to understand its security update policies. Fedora does not backport security fixes into the version of the affected program which was originally shipped with the distribution; instead, the application is simply updated to the current version. Security updates are made for approximately one year, after which the Fedora project moves on to supporting its newer versions. Sometimes the support period is shorter; Fedora Core 2, which was released on May 18, 2004, is currently scheduled to become unsupported on March 21.It is worth noting that, for as long as it lasts, the Fedora Project's security support is excellent. Updates are released quickly, and are easily tracked using yum, up2date, or apt. When Fedora stops supporting a release, it "transfers" that release to the Fedora Legacy project. Fedora Legacy is not part of Fedora itself; it is, instead, a separate, community-based effort dedicated to making security updates available to older Fedora Core and Red Hat Linux releases. The project's policy, as stated in the FAQ, is to support old Fedora Core releases for two release cycles after the transfer. When Fedora Legacy is working well, it is a highly useful service. With a simple tweak to a yum configuration file, it is possible to keep an older system current with almost no effort. Unfortunately, the last update to Fedora Core 1 came out on December 3, 2004. Any Fedora Core 1 systems which rely upon Fedora Legacy for updates are currently vulnerable to holes in the kernel, xpdf, vim, KDE, PHP, sudo, etc. The process, it would seem, has come to a complete stop for over a month. We attempted to ask (via the posted contact address) what was going on, but got no response. A look at the project's mailing list shows that there are still signs of life. There is an open issues document which is still being maintained; it shows a substantial number of packages needing updates, along with their bugzilla URLs. There was also one message about the stoppage and whether support for Fedora Core 1 had been dropped:
No, but a combination of lack of manpower, downtime on the build
server and the fact that we are releasing Red Hat 7.3, Red Hat 9
and Fedora Core 1 packages together means that the project is
grinding to a halt. As soon as the build server comes back I will
try and clear a lot of the backlog.
Keeping a distribution current with security patches is hard, tedious, and often thankless work. It's the sort of work that people tend to demand to be paid to do. Projects like Debian and Gentoo demonstrate that this job can be done, and done well, on a volunteer basis, however. But it would appear that the requisite effort is not there for the Fedora Legacy project. Without the needed resources - developer time, systems to build packages on, and testing - a project like Fedora Legacy will fail. People who care about the security of older Fedora Core distributions - and the long-term value of Fedora releases in general - might want to think about what they can do to help the Fedora Legacy project get its process restarted.
A look at Quasar AccountingWhile Linux has made great strides in terms of application availability in recent years, one area where Linux is still quite weak is accounting software. More than a few open source diehards still turn to Quicken, QuickBooks and/or TurboTax when it comes time to do the counting up.When the GPL'ed version of Quasar Accounting was announced last week by Linux Canada, Inc., we decided it was time to take a look to see if Quasar could give Linux users the features they need to do their accounting solely on Linux. We also interviewed Linux Canada's Phil Tonnellier about the application, and the decision to release parts of the application under the GPL. The GPL'ed components of Quasar include its client and server accounting software. The point-of-sale components are not available under the GPL and require a commercial license. Still, the accounting software components provide all the features necessary for users who need to use Quasar for small business accounting. Tonnellier said that the company chose to release Quasar under the GPL for several reasons. First, he said that the company "wanted to give something back" since the company had been using Linux for retail systems since 1995. He also said that there is a bit of pride in the product as well:
We believe in our product. We believe in the quality of the source code,
and we believe that FOSS is the future of software. We feel that Quasar in
GPL can be the leading FOSS accounting system for the world. There is a
desire to get more eyes on the code and more testers to make Quasar a
better product.
In addition, Tonnellier said that making the source code available was part of trying to build a strong reseller network for Quasar. As for keeping part of the code closed, Tonnellier said that the company's revenues have been primarily derived from sales to retail businesses, and that "most retailers requiring point-of-sale can easily afford the Quasar license fees, and indeed they may feel better knowing we have an income stream and will remain strong for them in the future." Quasar requires a database backend, either PostgreSQL, Firebird or Sybase. Since MySQL is also extremely popular with the open source community, we asked Tonnellier why Quasar didn't support MySQL as well. According to Tonnellier, they didn't feel MySQL was quite ready in 2000 when Quasar development started:
We felt that MySQL did not meet all of our requirements for handling
referential integrity and PostgreSQL actually failed some tests. Thus we
chose Firebird and Sybase to work with. Since then PostgreSQL and MySQL
have come a long way in features and reliability. But to be honest, we have
been so busy working on features that we did not revisit the use of
PostgreSQL and MySQL. With the release to open source, we did take another
look at PostgreSQL and created the interface. One day we want to do the
same for MySQL, but just have not had the time.
Since Quasar has long been a closed-source application, we asked what kind of preparation Linux Canada had to do in order to release the code under the GPL. Tonnellier said that it was more complicated than just throwing the source out into the wild:
There is a tremendous amount of work to prepare for open source. Especially
when you consider that the work has to be done in addition to running your
regular business to maintain a revenue stream. We needed to make sure that
the code is presentable and easy to build. We needed to remove any third
party dependencies. We needed to figure out a way to earn a living after
open source. We needed to define all of our new support packages. We needed
to prepare the web site and all of the manuals. We needed to set up proper
mailing lists and support forums. We needed to ensure our Internet server
could handle the traffic and was properly configured.
How does Quasar compare with QuickBooks? Tonnellier noted that Quasar is missing QuickBooks' payroll component, but that Quasar "has very powerful inventory control, including auto ordering and merchandise cost landing." A list of Quasar's features can be found on the Linux Canada website.
This reporter downloaded the Quasar packages for SUSE Linux 9.2. and took
Quasar for a test drive. Linux Canada has provided source code and packages
For Linux users who want an accounting package for individual use, Quasar is probably overkill. However, the package has plenty of features that make it attractive to small businesses that have to manage invoices, inventory, purchase orders, vendor payments and so forth. The interface was fairly intuitive, even though this reporter is decidedly not well-versed in accounting. Quasar also includes an extensive online help system so that almost every window and dialog has an associated help file that explains the current operation. We did run into the occasional glitch, such as the Item Lookup dialog. When searching for a Department for an item, clicking on "New" brings up a "Department Master" dialog that refuses to accept user input until the Item Lookup window is closed. However, we didn't find many glitches of this nature. Overall, Quasar is a decent accounting application that seems to have most of the features that a small business would need, excepting the payroll functions that Tonnellier alluded to. This is, of course, a feature that many businesses will still need to have, and will probably keep many businesses from turning to Quasar. Despite the rough edges, we'd recommend that users evaluate Quasar to see if it would suit their needs. Since Quasar is now licensed under the GPL, the Linux community can help Linux Canada add the features and polish it needs to be competitive with proprietary accounting applications. Given the number of users and organizations that would benefit from, and have been looking for, an open source accounting software system, Quasar shouldn't have any shortage of developers willing to take it to the next level.
This week's Bad Law ProposalThe state of California has long been known for innovative public policies and laws. Sometimes, the state can be truly visionary in its policies, and, sometimes...Senator Kevin Murray, from Los Angeles, has put forward a proposed law which would attack the dreaded scourge of peer-to-peer file sharing networks. In particular, the proposed law reads:
Any person or entity that sells, offers for sale, advertises,
distributes, disseminates, provides, or otherwise makes available
peer-to-peer file sharing software that enables its user to
electronically disseminate commercial recordings or audiovisual
works via the Internet or any other digital network, and who fails
to exercise reasonable care in preventing use of that software to
commit an unlawful act with respect to a commercial recording or
audiovisual work... is punishable, in addition to any other penalty or
fine imposed, by a fine not exceeding two thousand five hundred
dollars ($2,500), imprisonment in a county jail for a period not to
exceed one year, or by both that fine and imprisonment.
Of course, "peer-to-peer file sharing software" is a vague term, so Sen. Murray makes it even more so:
As used in this section, "peer-to-peer file sharing software" means
software that once installed and launched, enables the user to
connect his or her computer to a network of other computers on
which the users of these computers have made available recording or
audiovisual works for electronic dissemination to other users who
are connected to the network.
It does not require a particularly expansive reading of that language to conclude that, say, a Linux distribution with an FTP client or web browser meets that definition. The law does not address what "reasonable care" means, but, presumably, "no attempt whatsoever to prevent the distribution of proprietary materials" would not make the grade. The paranoid among us might well see an attempt to outlaw free software here....except for the little problem that this law would be equally applicable to any general-purpose, proprietary operating system. This bill will most probably encounter a rough road, and, with luck, will not be passed. It is, however, another result of a view which is being encouraged by the entertainment industry (and others): software is an inherently dangerous tool which must be heavily regulated. Manufacturers and distributors of cooking knives, hand guns, gasoline, automobiles, etc. are not required to design their products in such a way as to prevent the commission of the obvious crimes which those products enable. But software is a riskier item, and cannot be trusted. The free software community values the freedom it has: if we have a particular need, the only thing that stands between us and satisfying that need is the requisite hacking time. Increasingly, however, we are hearing that our code is illegal in some part of the world or other, regardless of its intent or legitimate uses. This problem is only likely to get worse as the Powers That Be try to get a handle on the strong, but relatively uncontrolled free software world.
Security Vulnerabilities and updates in 20042004 was another busy year for those concerned with the security of their systems. The LWN security database shows that the top-tier distributors issued 1660 updates in 2004 in response to 396 vulnerabilities. Once again, the kernel leads the list for the sheer number of vulnerabilities: 19 of them last year. Apache comes in second with 12 vulnerabilities - though that figure mixes versions 1 and 2 which, arguably, should be kept separate.For the curious, here's the beginning of our table showing vulnerabilities and resulting alerts for 2004:
For the full table, in its bandwidth- and browser-busting glory, see this page over here. When viewing this table, please keep in mind one fundamental limitation it has: we have no way of marking when a given distribution is not affected by a vulnerability. So, if no alerts show for a specific combination of distributor and vulnerability, it means either (1) the distributor did not bother to issue an update, or (2) that distribution was not vulnerable. Someday we hope to get to where we can distinguish between those two situations.
Brief items Verizon persists with European email blockade (Register)The Register reports that Verizon has come up with a novel way of reducing spam delivered to its customers: blocking all email from Europe. "Verizon three million DSL customers waiting for emails from Europe were advised to use alternative forms of communication. 'If it's really important you might want to make a phone call...'"
New vulnerabilities apache: temporary file vulnerability
chbg: buffer overflow
gatos: buffer overflow
gopher: multiple vulnerabilities
kernel: i386 SMP page fault handler privilege escalation
imagemagick: .psd image file decode vulnerability
mozilla: buffer overflow
mysql-dfsg: insecure temporary files
playmidi: buffer overflow
queue: buffer overflows
Squid: multiple vulnerabilities
tnftp: arbitrary file overwriting
twiki: arbitrary shell command execution
vim: symbolic link attack
xpdf: buffer overflow
Updated vulnerabilities a2ps: input validation error
bmv: insecure temporary file
cdrecord: failure to drop privilege
cups: multiple vulnerabilities
cyrus-sasl: remote buffer overflow
dhcp: format string vulnerability
dillo: format string vulnerability
ethereal: multiple vulnerabilities
exim: buffer overflows
Foomatic: Arbitrary command execution in foomatic-rip
FreeRADIUS: denial of service
gaim: buffer overflow in MSN protocol
Gallery: cross-site scripting vulnerability
gtk2, gdk-pixbuf: buffer overflows
gettext: Insecure temporary file handling
ghostscript: symlink vulnerabilities
glibc: Information leak with LD_DEBUG
glibc: tempfile vulnerability in catchsegv script
gnome-vfs: backend script vulnerabilities
groff: insecure temp file
groff: insecure temporary directory
gtkhtml: malformed messages cause crash
hylafax: weak hostname and username validation
imlib: buffer overflows in image decoding
imlib2: buffer overflows
iptables: missing initialization
kdelibs: unsanitzied input
kerberos5: execution of arbitrary code by authenticated user
kernel: race condition, privilege escalation
kernel-utils: setuid vulnerability
Konqueror: Java sandbox vulnerabilities
libgd2: buffer overflows in PNG handling
libpng: multiple vulnerabilities
libtiff: buffer overflow
libxml2 - arbitrary code execution
libxml2: multiple buffer overflows
libxpm4: stack and integer overflows
lintian: insecure temporary directory
lvm10: creates insecure temporary directory
mailman: cross-site scripting
mikmod: buffer overflow
mozilla products: arbitrary code execution and other vulnerabilities
mpg321: format string vulnerability
mysql: several vulnerabilities
namazu2: cross-site scripting vulnerability
nasm: Buffer overflow vulnerability
netkit-telnet: invalid free pointer
nfs-utils: denial of service
nfs-utils: arbitrary code execution
o3read: buffer overflow during file conversion
openssl: der_chop script temp file vulnerability
OpenSSL: denial of service vulnerabilities
php: remotely exploitable memory errors
php: multiple vulnerabilities
phpgroupware: information disclosure vulnerability
poppassd_pam: unauthorized password changing
ProZilla: Multiple vulnerabilities
qt3: BMP image parser heap overflow
rp-pppoe, pppoe: missing privilege dropping
ruby: infinite loop
samba: integer overflow vulnerability
sharutils: arbitrary code execution
sox: buffer overflow
SpamAssassin: Denial of Service vulnerability
Subversion: Remote heap overflow
sudo: environment variable sanitizing
File overwrite vulnerability in tar and unzip
tiff: buffer overflows
TikiWiki: arbitrary command execution
unarj: buffer overflow vulnerability
UnRTF: Buffer overflow
vilistextum: buffer overflow vulnerability
vim: modeline problems
wv: buffer overflow
XChat 2.0.x SOCKS5 Vulnerability
xine-lib: arbitrary code execution
xine-lib: buffer overflows
xine-ui - insecure temporary file creation
xorg-x11: integer overflows
xpdf: buffer overflow
xpdf: integer overflows
xzgv integer overflows
zip: arbitrary code execution
zlib: denial of service
Events CPLUG Security Conference (March 5 2005)The Central Pennsylvania Linux Users Group will be holding a security conference near Harrisburg on March 5. Speakers include Russell Coker, Brandon Hale, and Ed Reed; click below for the details.
Page editor: Jonathan Corbet Kernel development Brief items Kernel release statusThe current 2.6 prepatch remains 2.6.11-rc1.Linus's BitKeeper repository contains, as of this writing, some networking updates, an ALSA update (to version 1.0.8), some enhancements to the "circular pipe buffers" code introduced in -rc1 (see below), the ioctl() method rework (see below), in-inode extended attributes for ext3, and various fixes. The current prepatch from Andrew Morton is 2.6.11-rc1-mm1. Recent additions to -mm include the Linux Trace Toolkit (LTT), relayfs, ext3 in-inode extended attributes (subsequently merged), the filesystems in user space (FUSE) patch set, an update to the random driver, and a copy of Dave Jones's "post-halloween" document (in the hope that somebody will be motivated to update it). Andrew added LTT and relayfs with the explanation: "This is a discussion which needs to be had." The discussion has indeed been lively. Many developers see the value in this code, but object to the implementation. As a result, LTT and relayfs are likely to be slimmed down significantly, with more of the work shifted to user space or a separate loadable module. We may also see the Linux Kernel State Tracer patch submitted to -mm for comparison before the discussion is over. The current 2.4 kernel is 2.4.29, released by Marcelo on January 19. One change was made since -rc3: the removal of one patch which was causing trouble. The changes since 2.4.28 are mostly bug fixes and driver updates; 2.4 is past the point of getting much in the way of new features.
Kernel development news Quote of the week
Given that base 2.6 kernels are shipped by Linus with known unfixed
security holes anyone trying to use them really should be doing some
careful thinking. In truth no 2.6 released kernel is suitable for
anything but beta testing until you add a few patches anyway....
-- Alan Cox
I still think the 2.6 model works well because its making very good progress and then others are doing testing and quality management on it. Linus is doing the stuff he is good at and other people are doing the stuff he doesn't.
The new way of ioctl()The ioctl() system call has long been out of favor among the kernel developers, who see it as a completely uncontrolled entry point into the kernel. Given the vast number of applications which expect ioctl() to be present, however, it will not go away anytime soon. So it is worth the trouble to ensure that ioctl() calls are performed quickly and correctly - and that they do not unnecessarily impact the rest of the system.ioctl() is one of the remaining parts of the kernel which runs under the Big Kernel Lock (BKL). In the past, the usage of the BKL has made it possible for long-running ioctl() methods to create long latencies for unrelated processes. Recent changes, which have made BKL-covered code preemptible, have mitigated that problem somewhat. Even so, the desire to eventually get rid of the BKL altogether suggests that ioctl() should move out from under its protection. Simply removing the lock_kernel() call before calling ioctl() methods is not an option, however. Each one of those methods must first be audited to see what other locking may be necessary for it to run safely outside of the BKL. That is a huge job, one which would be hard to do in a single "flag day" operation. So a migration path must be provided. As of 2.6.11, that path will exist. The patch (by Michael s. Tsirkin) adds a new member to the file_operations structure:
long (*unlocked_ioctl) (struct file *filp, unsigned int cmd,
unsigned long arg);
If a driver or filesystem provides an unlocked_ioctl() method, it will be called in preference to the older ioctl(). The differences are that the inode argument is not provided (it's available as filp->f_dentry->d_inode) and the BKL is not taken prior to the call. All new code should be written with its own locking, and should use unlocked_ioctl(). Old code should be converted as time allows. For code which must run on multiple kernels, there is a new HAVE_UNLOCKED_IOCTL macro which can be tested to see if the newer method is available or not. Michael's patch adds one other operation:
long (*compat_ioctl) (struct file *filp, unsigned int cmd,
unsigned long arg);
If this method exists, it will be called (without the BKL) whenever a 32-bit process calls ioctl() on a 64-bit system. It should then do whatever is required to convert the argument to native data types and carry out the request. If compat_ioctl() is not provided, the older conversion mechanism will be used, as before. The HAVE_COMPAT_IOCTL macro can be tested to see if this mechanism is available on any given kernel. The compat_ioctl() method will probably filter down into a few subsystems. Andi Kleen has posted patches adding new compat_ioctl() methods to the block_device_operations and scsi_host_template structures, for example, though those patches have not been merged as of this writing.
The evolution of pipe buffersLast week, this page looked at the new circular buffer structure used to implement Unix pipes in 2.6.11-rc1, and noted that the plan was to evolve that structure into something more general. Since then, Linus has taken a couple more steps; it must be time to catch up.One change which has already been merged is the addition of a set of operations for pipe buffers:
struct pipe_buf_operations {
int can_merge;
void *(*map)(struct file *, struct pipe_inode_info *,
struct pipe_buffer *);
void (*unmap)(struct pipe_inode_info *, struct pipe_buffer *);
void (*release)(struct pipe_inode_info *, struct pipe_buffer *);
};
The can_merge flag addresses one of the issues raised last week: coalescing of writes into existing pages in the buffer. If can_merge is non-zero, coalescing will be performed. Otherwise, each write to a pipe buffer will result in the creation of a new circular buffer entry, and, by default, the allocation of a new page. The map() and unmap() methods are charged with controlling the visibility of pipe buffer pages in the kernel's virtual address space. The default map() operations for buffers implementing Unix pipes is quite simple:
static void *anon_pipe_buf_map(struct file *file,
struct pipe_inode_info *info,
struct pipe_buffer *buf)
{
return kmap(buf->page);
}
Since the mapping operation has been abstracted out, there are now fewer assumptions regarding how data is really stored within a pipe buffer. This opens the door to different pipe implementations, such as pipes which implement a direct window into device memory. The release() method should clean things up when the pipe buffer is no longer needed. Linus has also created an initial implementation of a splice() system call, though this work is clearly not ready for merging at this point. This system call looks like:
long sys_splice(int fdin, int fdout, size_t len, unsigned long flags);
fdin and fdout are two file descriptors; a call to sys_splice() will result in len bytes being copied from fdin to fdout, one of which is expected to be a pipe. The flags argument is not currently used by the sample implementation. To make sys_splice() work, Linus added two new methods to the ever-expanding file_operations structure:
ssize_t (*splice_write)(struct inode *in_pipe, struct file *out,
size_t len, unsigned long flags);
ssize_t (*splice_read)(struct file *in, struct inode *out_pipe,
size_t len, unsigned long flags);
The patch includes a generic splice_read() implementation suitable for filesystem-backed file descriptors. It simply populates the page cache with some pages from the file, then loads those pages into the pipe buffer represented by out_pipe. Like ordinary read() and write() methods, the splice variants can transfer fewer bytes than requested. Linus's version will stop at the maximum capacity of a pipe buffer - 16 pages, currently. As Linus acknowledges, there are a number of shortcomings to the current implementation - it is incomplete, the interfaces are ugly, and it will oops the system if anything goes wrong. It is, however, an indication of where he expects this work will lead. Stay tuned.
API changes in the 2.6 kernel seriesThe 2.6 kernel development series differs from its predecessors in that much larger and potentially destabilizing changes are being incorporated into each release. Among these changes are modifications to the internal programming interfaces for the kernel, with the result that kernel developers must work harder to stay on top of a continually-shifting API. There has never been a guarantee of internal API stability within the kernel - even in a stable development series - but the rate of change is higher now.This article will be updated to keep track of the internal changes for each 2.6 kernel release. Its permanent location is:
http://lwn.net/Articles/2.6-kernel-api/ This page will, doubtless, remain incomplete for a while. If you see an omission, please let us know by sending a note to kernel@lwn.net rather than by posting comments here. The chances of a prompt update are higher, the article will not become cluttered with redundant comments, and we'll be more than happy to credit you here. If you are a Linux Device Drivers, Third Edition reader looking for information on changes since the book was published: LDD3 covers version 2.6.10 of the kernel, so only the changes starting with 2.6.11 are relevant. Last update: January 5, 2006
2.6.15 (January 2, 2006)
2.6.14 (October 27, 2005)
2.6.13 (August 28, 2005)
2.6.12 (June 17, 2005)
2.6.11 (March 2, 2005)
2.6.10 (December 24, 2004)
2.6.9 (October 18, 2004)
2.6.8 (August 13, 2004)
(We are still in the process of filling in the earlier API changes - stay tuned).
AcknowledgementsThanks to the following people who have helped keep this page current:
Patches and updates Kernel trees
Core kernel code
Development tools
Device drivers
Filesystems and block I/O
Janitorial
Memory management
Networking
Architecture-specific
Security-related
Miscellaneous
Page editor: Jonathan Corbet Distributions News and Editorials A Look at Xandros Desktop 3Xandros Corporation released a new version of its flagship product, Xandros Desktop, shortly before Christmas last year. This was in line with the company's previous two releases, coming out in roughly annual intervals and targeting mostly home and business users who are interested in migrating to Linux, but would prefer not to have to learn bash. There are two editions of Xandros Desktop 3 - a $50 Standard edition and a $90 Deluxe edition, with the main difference between the two being the inclusion of CrossOver Office in the Deluxe edition. As the previous two Xandros releases received highly positive reviews by the Linux media, we expected the same high quality, attention to detail, and intuitive, user-friendly desktop as in the company's previous releases, and we weren't disappointed.Xandros Desktop 3 Deluxe came in a standard software box with two CDs (installation and application CDs), a 9-page Getting Started Guide, and a hefty, 350-page User Guide. The User Guide turned out to be a pleasant surprise and a valuable resource for users just starting to explore a Linux-based operating system. The guide is still based on the old Corel Linux manual, but it is much more comprehensive with screenshots, illustrations, tips, and step-by-step instructions for completing tasks. Xandros has to be applauded for making an honest effort to provide solid printed documentation; nowadays, even those few distribution makers that still ship their products in traditional software boxes rarely include good printed documentation (with SUSE LINUX possibly the only exception to the rule). After examining the content of the box, we proceeded with installing the brand new Xandros Desktop on a test computer with the following specifications: Intel Pentium 4 1.4 GHz, ASUS P4T mainboard with Intel 850 chipset, 384 MB RDRAM, Matrox Millennium G450 graphics card, two 7200RPM hard disks (120 GB Maxtor and 80 GB Western Digital), PlexWriter CD-RW drive, Realtek 8139too (on board) network card, and Lemel TF700 17 inch LCD monitor. Surprisingly, things didn't go well - the installation media would hang during the hardware detection stage. Upon closer examination it turned out that the installer was trying to check all 18 partitions on the first hard disk (that's what a test computer of somebody testing distributions for living looks like) and would not go any further after the 15th partition. This was due to what seemed like a bug in Xandros' boot sequence (there was no problem booting Xandros 1.0 or 2.0 on the same system). We had to physically disconnect the first hard disk before we could complete the installation of Xandros Desktop on the second hard disk, which didn't have as many partitions. We decided not to hold this against Xandros since no user in their target spectrum is likely to have more than 15 partitions on their hard disk; probably much fewer than that. There is not much to say about the installer except that it worked as expected. Xandros has produced what surely is one of the best installers of any distribution - simple enough without it being dumbed down Linspire-style, but still powerful enough if one chooses the custom install option. Hardware detection was almost perfect, with only the screen resolution requiring a minor adjustment after the installation. The system, running on top of the kernel 2.6.9, boots into graphical environment with KDE 3.3.0, but the default applications for various tasks are not always KDE packages; as an example, the default browser and mail applications are Mozilla (with pre-configured Flash and RealPlayer plugins) and Mozilla Mail. Neither Firefox, nor Thunderbird are installed, although Firefox is available for download through Xandros Networks. There is an Updates applet in the system tray to alert the user to the fact that a security or bug fix patch has been released. All the other best-loved features of Xandros Desktop, such as the desktop switching utility or the Xandros File Manager are also present. What are the most important new features in Xandros Desktop 3? One of them is the ability to encrypt home directories of users on the system. This option can be selected from the "User Manager" module in the KDE Control Center where the system administrator can choose one of the 12 available cryptographic algorithms and two (fast or slow) creation methods. The only downside of this feature is that, depending on the selected options, it can take up to several hours to complete the encryption process. Once a home directory of a user has been encrypted, no other user, not even the superuser, can see what is inside that directory; it will simply appear to them as an empty directory. (Of course, the superuser could always install a modified kernel to capture plain text or the encryption key). Needless to say, it is not possible to delete an encrypted directory. Xandros Desktop 3 also comes with a new firewall wizard which, designed in the usual Xandros-style user-friendly manner, allows even non-technical users to setup and run an effective firewall on their computers connected to the Internet. As an example, the user can simply tick the "Peer to Peer file-sharing server" checkbox in the wizard to enable BitTorrent traffic, which is so much more intuitive than the usual "punch a hole through ports 6881-6999", often found in FAQs or online documentation. The firewall can be turned on and off from the main menu, with an option to start it at boot time. The firewall is definitely a useful addition; we were surprised to see quite a few services running by default on a stock Xandros system (including Samba and ProFTPd), but turning unneeded services off was not nearly as intuitive as setting up the Xandros Firewall. The Xandros-specific application that allows drag-and-drop CD burning from within its file manager has been further enhanced by the addition of a DVD burning tool. No matter how excellent K3b is for this purpose, it is always a pleasure to open a file manager, then simply drag files from a hard disk folder and drop them into the CD or DVD drive. This action then launches a pop-up wizard that guides the user through creating a new data or media project. And while on the subject of dragging and dropping files around the Xandros File Manager, this feature is available not just for mounted devices, such as USB drives or NTFS partitions (read only), but also remote file systems, like NFS, Samba or FTP - all automatically set up and ready to use. Packages in Xandros are managed through Xandros Networks. This is essentially a web browser with a hierarchical folder structure listing applications in the left pane. Besides providing security and bug-fix updates for the product, Xandros Networks also lists a number of packages that are not on the installation CD, but are available for download. As an example, there is a whole lot of development tools and server software that can be downloaded and installed with a single mouse click, but these are not deemed essential for most users so they are not installed by default. Some might be surprised to see that GIMP or Evolution are not installed either, but this might be due to the fact that the Deluxe edition comes with CrossOver Office, which supports Adobe Photoshop and Microsoft Office. Xandros Networks also includes an online store, which contains a curious mix of free and commercial applications. Some of these are available for free after registration (e.g. GnuCash), others require that a user become a Premium member of Xandros Networks at a cost of $39 per year (e.g. several game demos), and still others require cash payments (e.g. StarOffice, CrossOver Office, Xandros Desktop User Guide in PDF format). Other new features include newly added VPN client (konnectvpn), a VoIP application for Internet Telephony (KPhone), a scanner application (Kooka), better support for wireless networking, ISDN connections, web cams, software modems, and Palm Pilot. However, support for proprietary media formats is still missing and so is playback of encrypted DVDs. Interestingly, although Xandros is based on Debian, which has yet to follow most other distributions and migrate from XFree86 to X.Org as its preferred X window system, Xandros Desktop 3 comes with X.Org (version 6.7.0). There is not much wrong with Xandros Desktop 3. The developers have created a fine product that can be safely recommended to users wishing to try out an alternative operating system without having to go through a steep learning curve. And although we didn't care much for CrossOver Office, those users who cannot be without Photoshop, or have complex macros and VBA code in their MS Office files, will find the application invaluable. For the rest of us, the $50 Standard edition is a fair price for a product that has matured to become one of the best, if not the best, Linux distribution for novice and non-technical computer users.
Distribution News Fedora Core 4 plans announcedA tentative schedule and plan for the Fedora Core 4 release has been posted; the first test release is due on February 21. The plans include the possible incorporation of GCC 4, GNOME 2.10, KDE 3.4, Xen, an SELinux "targeted" policy with more targets, better Java support (including Eclipse), and more; click below for the details.
Fedora Core 2 Status UpdateThe Fedora Steering Committee has proposed to transfer Fedora Core 2 to the Fedora Legacy Project at the point Fedora Core 4 Test 2 is released. This is currently scheduled for March 21, 2005.
Debian and Mozilla: a new proposalGervase Markham, the Mozilla Foundation representative charged with negotiating an agreement with Debian over the use of Mozilla's trademarks, has posted a new proposal to that end. Mozilla would retain control over trademark use, but would no longer be able to exercise that control after a package is frozen for a stable release.
Debian GNU/LinuxHere's a call for papers and registrations for Debian Miniconf, which will take place in Canberra, Australia on April 18 and 19, 2005.There is also a call for papers for the Asia Debian Mini-Conf 2005, which takes place February 28 and March 1, 2005 in Beijing, China. Bits from the dpkg maintainer looks at the stable version which is in a state of freeze and a new experimental version. The Final Report on the 5th Debian Conference is now available.
Ubuntu Community Council meeting 2005-01-11The Ubuntu Linux Community Council meeting on January 11, 2005 covered a number of issues but there are two major issues which are of particularly noteworthy: new Local Community Teams and getting community members involved in contributing to and maintaining pieces of Universe. Both a summary and a full log are available, or click below for more information.
Fedora updatesFC3: gpdf (update to 2.8.2), w3m (fixed a duplicated w3mimgdisplay), gimp (major version upgrade from 2.0.x to 2.2.x), NetworkManager (update to latest CVS), gimp-help (new version 2-0.6), gimp (clip thumbnail quality at 75), dovecot (bug fix update for the Dovecot IMAP server), dhcpv6 (adds Relay Agent support, fixes bugs), dhcp (updates DHCP and DHCLIENT packages), bind (updates), vixie-cron (updates), sysklogd (updates and bug fixes), gpdf (minor security patch).FC2: gpdf (update to 2.8.2), system-config-kickstart (rebuilt 2.5.19 for FC2 to fix bug #143946), dovecot (bug fix update for the Dovecot IMAP server), gpdf (minor security patch).
Slackware LinuxSlackware has a few changes noted in the slackware-current changelog. Upgrades include cups-1.1.23, udev-050, glib2-2.6.1, gtk+2-2.6.1, libtiff-3.7.1, gnupg-1.2.7, stunnel-4.07, gimp-2.2.1, sane-backends-1.0.15, xine-lib-1.0. Gnupg-1.4.0 is in testing.
Trustix Secure LinuxTSL has a bug fix advisory for glibc, iproute, setup and tsl-utils. Click below to find out more.
Distribution Newsletters Debian Weekly NewsThe Debian Weekly News for January 18, 2005 is out. This issue covers the Call for Papers for the Asia Debian Mini-Conf, a list of packages in contrib which should be forced into the testing stage of contrib, ten ways to give back to the Free Software community, the final DebConf 4 report, and more.
Gentoo Weekly NewsletterThe Gentoo Weekly Newsletter for January 17, 2005 looks at Gentoo name and logo usage guidelines, and other topics.
DistroWatch Weekly, Issue 83The DistroWatch Weekly for January 17, 2005 is out. "Welcome to this year's 3rd edition of DistroWatch Weekly! Lots of new releases over the weekend, especially for gaming enthusiasts, with new versions of Linux Live Game Project and Hikarunix. Also in this issue - a comment on the recent distribution comparison feature in Linux Format, news about the upcoming Fedora Core 4 and Beyond Linux From Scratch 6.0, as well as a review of DistroWatch by NewsForge. Happy reading!"
Newsletters and articles of interest Site review: Distrowatch.com (NewsForge)NewsForge reviews the web site Distrowatch.com. "Distrowatch is one of the best resources for people who want to choose a Linux distro they'd find suitable. The site also raises awareness for smaller distributions. It has a large database with just about every Linux distribution currently available, along with useful information about each one that will help Linux searchers find the best one for them."
More FreeBSD for Linux Users (O'ReillyNet)Dru Lavigne examines some of the common command differences a Linux user might encounter on a FreeBSD system. "One of the minor irritations that comes with using another operating system is the change in the environment. Some of the first things many Linux users discover about a default FreeBSD installation are that it doesn't include bash and doesn't colorize the output of ls. Fortunately, if you've become accustomed to these features, it only takes a moment or so to integrate them into FreeBSD."
Distribution reviews Installing Debian From Scratch (NewsForge)NewsForge covers Debian From Scratch installation. "DFS started last summer when John Goerzen, a long-time Debian developer and author of several books on Debian and Linux, found himself faced with two problems at the same time. He wanted an installer for Debian's AMD64 port, and a rescue CD that would support filesystems like Reiser4 that are not available in the standard Debian rescue set. (The new Debian-Installer has since made DFS's AMD64 installer unnecessary.) A bootable CD, he decided, would solve both problems. Modifying an existing bootable CD such as Knoppix seemed too complex, so he developed his own."
Novell Linux Desktop Gathers Enterprise Strength (eWeek)eWeek reviews Novell Linux Desktop. "eWEEK Labs tested Novell Linux Desktop 9, the first specifically Novell-branded Linux operating system to ship since the company began flying its penguin flag, and we found the product to be as capable and well-made as any desktop Linux distribution we've seen yet."
My workstation OS: NetBSD (NewsForge)Alan Dipert lists his reasons for choosing NetBSD, on NewsForge. "On the NetBSD Web site, you'll find that the NetBSD team prides itself on NetBSD's "clean design," and with good reason. As a Slackware Linux refugee, I could appreciate the BSD rc initialization and configuration scripts. I was also happy with the relatively low amount of software that comes with a default install. I've had trouble in the past paring down Linux distributions to installations of software I actually require. It's my philosophy, and apparently NetBSD's, to start with software sets of absolutely essential programs and libraries, then let users add what they require after the system has booted on its own. Though NetBSD installs with X11 by default, the environment is sparse to say the least. There are no automatic setup or configuration scripts, graphical or otherwise. After my installation was all said and done, NetBSD consumed less than 300MB of space on my machine, including XFree86."
Page editor: Rebecca Sobol Development PostgreSQL Version 8.0.0Version 8.0.0 of the PostgreSQL database was announced this week.
In addition to significant improvements in scalability, features, and
performance, PostgreSQL 8.0 demonstrates the unparalleled development speed
of open source. More than a dozen companies, including Red Hat, Fujitsu,
Afilias, Software Research Associates, Inc., 2nd Quadrant, and Command Prompt
Inc., as well as hundreds of individual developers, contributed to add more
major features to 8.0 than have been seen in any previous version.
![[PostgreSQL]](/images/ns/postgresql2.jpg)
The primary new features of this release include:
PostgreSQL continues to hold a position among the forefront of open-source development projects, its rapid evolution proves that the development model works well for large-scale projects. The native Win32 support is likely to cause more widespread usage of PostgreSQL, it may also bring new development talent to the project. We expect to have a more detailed look at the 8.0 release next week.
System Applications Audio Projects JACK Applications List UpdatedThe list of applications using jack, the Jack Audio Connection Kit, has been updated with a number of interesting audio applications.
Planet CCRMA ChangesThe latest changes from the Planet CCRMA audio utility packaging project include test packages for the ALSA 1.0.8 audio driver, and a new version of Hyperspec.
Interoperability Possibilities for Samba 3.0 / Samba4 IntegrationThe Samba news site mentions the availability of a new paper on integration of Samba 3 and 4. "The paper explores past attempts at merges between the current production Samba 3.0 release and the Samba4 development branch. The paper moves through an overview of existing interfaces in Samba 3.0 and Samba4 and examines the possibilities for future integration between the two code bases and their vastly different interface designs."
Mail Software Sendmail 8.13.3 is availableVersion 8.13.3 of the Sendmail mail transfer agent has been released. "It contains fixes for a regression that was introduced in 8.13.2. Moreover, sendmail now keeps proper track of closed connections and will not reuse them erroneously."
Web Site Development AOLserver 4.0.10 released (SourceForge)Version 4.0.10 of AOLserver, a multithreaded web server for large web sites, has been announced. "This release adds two enhancements and one API change. The major enhancement is the adding of configurable transparent gzip compression of HTTP responses from ADP pages."
Zope 2.7.4 final is outVersion 2.7.4 of the Zope web development platform has been released with several bug fixes.
Web Services Freeze the Core (O'Reilly)Rich Salz discusses the state of secure web services standards on O'Reilly. "I've recently spent a bit more time than usual talking to analysts and reporters. Almost all of these discussions end up circling around this question: what standards do we need for secure web services, and are they ready? The answer is yes, they basically are, and we'll review them below. But more importantly, I'll show that, for the most part, the web services community should stop working on new versions of fundamental standards."
Miscellaneous DCE to be released under the LGPLOnce upon a time, the distributed computing environment (DCE) was going to be the future of enterprise computing. DCE is back in the news: The Open Group has just announced that DCE is being released under the LGPL, click below for the details. It appears that there is not, yet, a release available for downloading.
Desktop Applications CAD Twenty-first release of PythonCAD now availableDevelopment release 21 of PythonCAD is available. "The twenty-first release of PythonCAD adds the ability to save the visibility and locked status of entities when saving a drawing. This release also includes improved code for handling the undo/redo operations by simplifying various routines as well as making similiar routines in various modules consistent. Like all previous releases, numerous bug fixes and code improvements have been applied."
Desktop Environments Xfce 4.2.0 releasedVersion 4.2.0 of Xfce, a lightweight desktop environment, is available. "The new Xfce desktop, while still being lightweight and easy to install, offers several new and awaited features in comparison with its previous 4.0 stable release like a brand new session manager, keyboard shortcuts, a graphical desktop menu editor, multihead support (Xinerama and Multi-Screen mode), Kiosk Mode support (to lock down Xfce in cooporative environments), optional support for icons in the desktop menu, a desktop menu plugin for the panel, CUPS and BSD-LPR printing support, a new icon theme, and various other small enhancements."
Around the Planet (GnomeDesktop)GnomeDesktop has published another Around the Planet article, take a look for pointers to a wide variety of recent GNOME developments.
GNOME 2.9.4 Development Release (GnomeDesktop)GnomeDesktop has an announcement for development release 2.9.4 of GNOME. The change log has more information. "This release is a snapshot of development code. Although it is buildable and usable, it is primarily intended for testing and hacking purposes."
GNOME Software AnnouncementsThe following new GNOME software has been announced in the last week:
Sneak preview of Gnome 2.10 (GnomeDesktop)GnomeDesktop reports that Davyd Madeley has created a sneak preview of GNOME 2.10, with a look at new features, new programs and screenshots.
KDE CVS-Digest (KDE.News)The January 14, 2005 edition of the KDE CVS-Digest is online with the latest KDE news. Here's the content summary: "KDevelop implements KScript interface. KStars adds more device support, scripting and Observing lists. Digikam adds Superimpose Template. KDM adds sessreg support. KDE PIM adds support for custom pages in the incidence editors. KNotes implements search. Kontact adds ability to select default startup part. Kexi adds database forms with record navigation."
KDE 3.4 goes into Beta Phase (KDE.News)KDE.News has the announcement for the first beta release of KDE 3.4. "A lot of development has happened since KDE 3.4 Alpha, so we are now happy to publish KDE 3.4 Beta 1 code named Krokodile."
KDE Software AnnouncementsThe following new KDE software has been announced in the last week:
Financial Applications Quasar Accounting under the GPLLinux Canada has announced that it is releasing its Quasar accounting package under the GPL; it can be downloaded from the Linux Canada web site. From a brief look, Quasar appears to be a reasonably capable accounting package with a KDE interface. The company's retail and point of sale applications remain proprietary.
Games BZFlag 2.0.0 is Released! (SourceForge)Version 2.0.0 of the game BZFlag has been announced. "BZFlag 2 introduces a slew of major new features making this probably the "biggest" release in BZFlag's history in terms of development time put into it and features being added since the last publicly released version. Major new features include support for vastly more complex worlds, physics drivers, graphics improvements, weather (rain, snow, frogs), tank treads and tracks, animations, record and playback, new flags, new commands, optimizations and much more."
Interoperability Wine 20050111 is outVersion 20050111 of Wine (Wine Is Not an Emulator) has been announced. Changes include OLE bug fixes, MSI dll work, support for update regions, initial typelib generation support, code cleanup, and bug fixes.
Multimedia Streaming QuickTime with Java (O'ReillyNet)Chris Adamson works with QuickTime streaming media in an O'Reilly article. "Realtime multicast streaming came to QuickTime in version 5, but now, years later, it's not widely realized that it can be called from QuickTime for Java. Chris Adamson, author of QuickTime for Java: A Developer's Notebook, shows how it works."
Music Applications MusE 0.7.1 is hereVersion 0.7.1 of MusE, an audio and MIDI sequencer application, is out. "This release is mainly a bugfix release, though a number of new features have been added. All users are encouraged to upgrade."
Office Applications HylaFAX 4.2.1 releasedVersion 4.2.0 of HylaFAX, a Fax modem package, has been announced. Changes include a security fix, support for GCC 3.3, support for fax batching, and more.
Office Suites The Importance of KOfficeKDE.News takes a look at KOffice. "The functionality KOffice has already reached in its short life is significant. And still, KOffice has good performance and is fully usable on low-end hardware, which makes it suited for organizations and individuals. This could even save costs when upgrading or migrating the office software and old hardware can be reused."
Video Applications Avidemux 2.0.36 releasedVersion 2.0.36 of Avidemux, a graphical video editing tool, is out with bug fixes and lots of new features.
Web Browsers Mozilla 1.8 Alpha 6 Released (MozillaZine)Version 1.8 Alpha 6 of the Mozilla browser has been announced. "This latest alpha version of the Mozilla Application Suite features around 450 bug fixes." See the Release Notes for more information.
Mozilla Foundation Testing Hendrix Feedback System (MozillaZine)A new web-based Mozilla.org feedback mechanism has been announced. "Gervase Markham has introduced a new feedback webtool for mozilla.org. Dubbed Hendrix, the new tool is a simple Web form for people who want to leave feedback but cannot be bothered to wrestle with Bugzilla. Comments submitted using Hendrix are posted to a newsgroup, where they can be accessed by Mozilla contributors."
Bugzilla 2.18, 2.16.8 and 2.19.2 Released (MozillaZine)Three new versions of the Bugzilla bug tracking software have been announced. "Bugzilla 2.18 features more improvements than we could possibly mention. See the Bugzilla 2.18 Release Notes for more information. The team have also released two other Bugzilla versions. Bugzilla 2.16.8 fixes security and other bugs in version 2.16.7 and is aimed at those who want or need to stick with the 2.16 codebase. More details in the Bugzilla 2.16.8 Release Notes and security advisory (the security issues also affect versions 2.18rc3 and 2.19.1). Finally, Bugzilla 2.19.2, the latest development snapshot, has been released."
Word Processors AbiWord v2.2.3 Released (GnomeDesktop)Version 2.2.3 of the AbiWord word processor has been announced. "This release contains a great amount of bug fixes and improvements over the previous release. This is especially true for the MacOSX platform".
Miscellaneous JChassis TermUI v. 0.1 released (SourceForge)Version 0.1 of JChassis TermUI has been announced. "JChassis TermUI v. 0.1 has just been released and is available for download. TermUI is an API for simple GUI-like user interfaces on ANSI/VT100-compliant terminals and terminal emulators, such as Linux virtual terminals, Gnome Terminal and KDE Konsole. The intent is simlar to that of the ncurses library, but done in pure Java. Several commonly used widgets are available."
Nvu 0.70 released (MozillaZine)Version 0.70 of the Nvu web authoring system has been announced. "Apart from usual enhancements and bug fixes (the changelog is also on my blog), this is major milestone since it's the first one to be based on Firefox 1.0's code. So the extensions and themes managers are now fully functional and the first extensions are already here!"
Track+ 3.0.0 released (SourceForge)Version 3.0.0 of Track+, a Java-based artifact tracking system, has been announced. "Release 3.0.0 adds many new features like overview diagrams, Gantt charts, Unicode attachment file names, a report query language, extended access control and much more."
Languages and Tools C GCC NewsletterThe January 17, 2005 edition of the GCC Newsletter is online, the main contributor has exited, volunteers are needed. "I thank Mr. Lacage for beginning GCCNews and for his excellent work on it. It is to be hoped he will have time to contribute to it occasionally, as I try to build on his efforts. I don't think I'll be able to match Mathieu's fine quality thus far, but I will try my best. I would welcome any help."
Caml Caml Weekly NewsThe January 18, 2005 edition of the Caml Weekly News is online with the week's Caml language articles and discussions.
Java Mock Objects in Unit Tests (O'ReillyNet)Lu Jian works with EasyMock to assist in the unit testing of Java. "Unit testing your code against a service or process that's either too expensive (commercial databases) or just not done yet is something you can deal with by simulating the other piece with a mock object. EasyMock can suffice in some cases, but it can only create mock objects for interfaces. Mocquer, based on the Dunamis project, can create mocks for classes, too."
Perl This Week in Perl 6 (O'Reilly)The January 3-11, 2005 edition of This Week in Perl 6 is available with the latest Perl 6 language discussions.
Python Programming Tools: Code Complexity Metrics (Linux Journal)Reg. Charney writes about Code Complexity Metrics under Python in a LinuxJournal article. "For the rest of us, I decided to write an open-source program to produce metrics that end users can compute and modify. The program is written in Python and currently is limited to analyzing Python--thus the name PyMetrics--but the principles can be extended to any language. By writing the code in Python, you should be able to understand the program better than if I had written it in almost any other language."
Dr. Dobb's Python-URL!The January 15, 2005 edition of Dr. Dobb's Python-URL! is out with the week's Python language articles.
Tcl/Tk Dr. Dobb's Tcl-URL!The January 15, 2005 edition of Dr. Dobb's Tcl-URL! is online with the latest Tcl/Tk articles and resources.
XML Python-Powered Templates with Cheetah (O'ReillyNet)Andrew Glover introduces Cheetah in an O'Reilly article. "It's true; XSLT isn't the be-all, end-all of templating and transformation systems. If you use Python, consider instead Cheetah, a template engine based on Python. Andrew Glover demonstrates its simplicity and power for producing text in all kinds of formats."
Parsing an XML Document with XPath (O'ReillyNet)Deepak Vohra shows how to parse XML documents with XPath on O'Reilly. "Pulling just a single node value or attribute from an XML document can be inefficient if you have to parse over a whole list of nodes you don't want, just to get to one you do. XPath can be much more efficient, by letting you specify the path to the desired node up front. J2SE adds XPath support, and the JDOM API also offers support through an XPath class."
XQEngine 0.66 (SourceForge)Version 0.66 of XQEngine has been announced. "XQEngine is a Java component for searching collections of XML documents that uses an XQuery front end. This release fixes several bugs, including a namespace-related bug reported by Danny Ayers, adds a dozen new junit tests, and implements XQuery if-then-else functionality, among others."
Editors Bluefish 1.0 released! (GnomeDesktop)GnomeDesktop covers the release of Bluefish 1.0, a GUI-based HTML editor. "Bluefish 1.0 has a new, very extended manual, has better gnome and kde integration, much improved bookmarks functionality, many performance improvements, many new and improved highlighting patterns (if you are upgrading: reset them to the new defaults in the preferences panel), better encoding detection, and many minor bugfixes."
Page editor: Forrest Cook Linux in the news Recommended Reading The Prospect for 2005 (IT-Director)Robin Bloor looks forward to 2005 in this IT-Director article. "The successful growth of Open Source in any market puts price pressure on the dominant proprietary vendors and we expect this pressure to show in the database market in the coming year with customers adopting Open Source database products for some applications and using this as a lever to negotiate the price of Oracle, DB2 and SQL Server downwards. In our view few companies will think to migrate their mission critical applications to Open Source database products, but we are already hearing of some companies that intend to do just that."
Companies A Way to Hammer at Windows (Business Week)Business Week sees IBM's release of 500 patents as a move against Microsoft. "It's striking how different IBM's strategy is from Microsoft's. Microsoft, which declined to comment, is building a legal team to enforce intellectual-property claims. In so doing, it hopes to protect its monopoly: When makers sell PCs and servers loaded with Windows, Microsoft has the best shot at selling an array of applications. IBM has a different tack. In a strategy it calls 'collaborative innovation,' it shares some of its intellectual property, hoping to bolster open-source alternatives to Windows, such as Linux."
HP to rejuvenate OpenVMS on Monday (News.com)News.com reports that HP plans to release OpenVMS 8.2. "OpenVMS for Itanium will come with many of the abilities of the Alpha version--in particular a famed reliability feature called clustering that links separate machines into a tightly knit group. One machine in a cluster can fill in for another that's taken down for equipment failure or an upgrade, for example."
Red Hat tries again with Linux enthusiasts (ZDNet)ZDNet looks at the history and future plans for Red Hat's Fedora Core project. "Three versions of Fedora have been released so far, and the company is happy with how users have helped RHEL. But the community effort has fallen short at a time when students and open-source enthusiasts have plenty of other channels for their cooperative energies. "One of the mistakes we made early on when we made the split between RHEL and Fedora was we told everybody that Fedora was public, come help us out," said Greg Dekoenigsberg, Red Hat's community relations manager. "We got lots of people responding," but Red Hat couldn't accept much beyond simple bug reports."
Sun license gets open-source nod (News.com)News.com reports that the Open Source Initiative has blessed Sun's new CDDL. "Sun won't comment on whether the CDDL will govern Solaris, but sources familiar with the situation say it will. Sun has said it will release Solaris under an OSI-approved open-source license by the end of January."
Linux Adoption Chilean schools welcome Linux (Silicon.com)Silicon.com reports that EduLinux will be used in 600 schools in Chile. "EduLinux was evaluated in 25 establishments during 2004, according to El Mercurio. This study concluded that Linux would let schools make the best use of old computers with limited processing power."
Interviews An Interview with the KDE Team (LinuxTimes)LinuxTimes interviews George Staikos, the KDE North American Representative.Q: "What is the one area of KDE that needs the most work, or, What is the first priority for the KDE project at the present moment?" A: "Actually due to the timing, KDE's priority at the moment is KDE 4 - porting to Qt 4 and fixing architectural issues in KDE. This will be the main focus for 2005, and it should make a huge difference for KDE overall. Qt4 promises much better performance and the ability to take advantage of more advanced technologies and cleaner designs. As a part of this, there will be a focus on sharing more specifications and interoperating with other desktop software (GNOME, OpenOffice, Mozilla), and an effort to choose and integrate with a new multimedia framework."
At the heart of the open-source revolution (News.com)News.com has published an interview with Mitch Kapor. "The great thing that's happened of late is to see the early, huge momentum of Firefox, attracting millions of users and beginning to grow its market share appreciably. That represents proof that a well-done, well-wrought open-source product can have global impact as an application--and I consider a Web browser to be one of those everyday products."
Resources More FreeBSD for Linux Users (O'Reilly)Dru Lavigne discusses the differences between FreeBSD and Linux in an O'Reilly article. "Today's article examines some of the common command differences a Linux user might encounter on a FreeBSD system. One of the minor irritations that comes with using another operating system is the change in the environment. Some of the first things many Linux users discover about a default FreeBSD installation are that it doesn't include bash and doesn't colorize the output of ls." Of course, several of your LWN editors de-colorize ls and vim at the earliest opportunity after installing a new version of Linux.
Free Software Magazine #1A new publication entitled Free Software Magazine has launched the first issue, it is available for download. Here's a sample article: "Free software, not just Linux, is a major problem for Microsoft. Its a big mistake thinking they dont understand free software, or its mechanics. They understand it all too well, and they dont like it - not one little bit! The problem Microsoft have with free software is that it benefits the customer directly, not the software IP holders."
Linux MIDI: A Brief Survey, Part 4 (Linux Journal)Here's a Linux Journal article looking at interesting MIDI software. "Improv controls real-time MIDI communication between a host computer and an external synthesizer. In a typical program, the computer receives MIDI input from the synthesizer, immediately alters that input in some preprogrammed manner and sends the altered data stream to the specified MIDI output port. Some Improv examples have the computer produce a MIDI output stream that can be altered by the external keyboard, creating interesting possibilities for a musical 'dialog' with the program."
Network Installation of Windows Printers from Samba (O'Reilly)Carla Schroder details the process of making cross-platform printing work on O'Reilly. "The combination of Samba and CUPS makes network printing on a mixed Linux/Windows LAN easier than ever. You can share Linux printers with Windows clients, and Windows printers with Linux clients. A Linux/Samba/CUPS printer server is reliable and reasonably simple to set up and maintain."
Reviews Site review: Snazzy zazzybob.com (NewsForge)NewsForge reviews the web site zazzybob.com. "What's a zazzybob? I don't know, but zazzybob.com is a Linux site that has a "particular lean" toward scripting, with a full repository of Linux and Unix scripts free for the taking under the terms of the GNU GPL. The scripts perform all sort of useful and automatic functions, like adding a user, clearing the screen, opening a bash xterm, or converting a decimal number to hex (or vice versa)."
KMail In Depth (Linux Planet)Linux Planet looks at KMail. "KMail has long been my Linux email client of choice for a number of reasons: nice clean interface, easily customizable and configurable, stable, and more features than you can shake a stick at. Today we'll dig into migrating from other email clients, encrypting messages and key signing, and configuring multiple accounts and identities." (Found on KDE.News)
Bitten By the aKregator (OSdir.com)O'Reilly's OSDir has an article by George Staikos about the new RSS/RDF/Atom Aggregator that is included in KDE 3.4 beta. "Recently a new addition was made to the code that will become KDE 3.4. The application known as aKregator was imported. aKregator is a feed reader for KDE that supports RSS/RDF and Atom feeds. Many news sites offer this technology as a means to access the headlines and brief story summaries without loading the full content of the pages."
Miscellaneous FeedBurner: Mozilla Firefox Third Most Popular RSS Reader (MozillaZine)MozillaZine covers a Netcraft report that finds Mozilla Firefox to be the third most popular RSS reader. "The data comes from RSS/Atom feed post-processing service FeedBurner, who analysed the readers accessing their 800 most popular feeds. Firefox's Live Bookmarks feature came in third behind the Web-based Bloglines and the Mac OS X client NetNewsWire. As the figures came from users of just one service and have a lot of potential caveats, we'd be careful about trusting them."
Page editor: Forrest Cook Announcements Non-Commercial announcements CE Linux Forum Established as a California Non-Profit CorporationCE Linux Forum has announced that it was officially established as a California non-profit corporation on January 1 of this year. CELF's headquarters will be located in San Jose, Calif., and Scott Smyers, who had been the chair of the organization's steering committee, will serve as the chair of the CELF Board of Directors.
Andrew Tridgell joins OSDLThe Open Source Development Labs has announced that Samba hacker Andrew Tridgell ("tridge") has joined as the lab's second "Fellow."
PhoenixPM RFP's Due January 28th, 2005 (LinuxMedNews)LinuxMedNews mentions the posting of an RFP for the PhoenixPM project. "The purpose of the PhoenixPM project is to develop an Open Source Practice management Software solution for a network of small safety net clinics in Northern California." Volunteer help is needed.
Commercial announcements Fervent Software Announce Studio to Go! for SchoolsFervent Software has announced the availability of their Linux-based commercial Studio to Go! live CD. "Studio to Go! is an integrated Live CD of score, MIDI and audio software and one of the most sophisticated combinations of music software anywhere in a single value-for-money package."
Finearch Announces Ogg Vorbis-Compatible Sound Decoder LSIFineArch Inc. has announced the development of a Sound Decoder chip with support for the Ogg Vorbis sound compression format. "The existing playing process of Ogg Vorbis with multipurpose CPU software required running of the CPU with a high-clock frequency; external RAM such as SRAM was necessary as a working space for the software. FS-500, however, will allow the running of Ogg Vorbis Stereo Sound Processing with an internal LSI SRAM with an 8 MHz system running frequency."
LynuxWorks Introduces User-Mode Linux Software for PowerPCLynuxWorks has announced a PowerPC version of User-Mode Linux (UML) based on the latest Linux 2.6 kernel and available for the Apple PowerPC G5. LynuxWorks has also announced a new embedded Linux point-of-sale (POS) solution using BlueCat Linux.
XenSource gets $6 MillionXenSource, a company formed around the Xen virtual machine, has announced the receipt of $6 million in venture capital. Evidently there really is money in Linux virtualization technology.
X-Plane 8.03 for LinuxLaminar Research has announced version 8.03 of their commercial X-Plane flight simulator application. A Linux compatible partially functional test version can be downloaded for free. Thanks to M. Jones.
Xybernaut to Co-Chair LINUX Competency GroupXybernaut has announced that it will co-chair an international consortium focused on next-generation applications for Linux. "The overarching mission of the consortium, called the Open Systems Competency Center (OSCC), is to address scientific research on the practical applications in industry for LINUX and Xybernaut will being providing extensive perspective and experience in mobile, wireless and wearable computing to the group and its efforts. Dr. Edwin Vogt, European Director for Xybernaut will co-chair the consortium on behalf of Xybernaut."
New Books "The Book of Postfix" Released by No Starch PressNo Starch Press has published The Book of Postfix by Ralf Hildebrandt and Patrick Koetter.
Resources Apache 2.0 Documentation Now in ThoutReader FormatOSoft has announced the availability of the Apache 2.0 web server documentation in the ThoutReader Format. "The ThoutReader is an open source documentation platform that allows software developers to browse, search, bookmark, and append all their open source documentation as well as favorite reference books in one standard format, at the same time -- even off-line."
The LDP Weekly NewsThe January 19, 2005 edition of the Linux Documentation Project Weekly News is online with the latest new documentation releases.
Contests and Awards Ubuntu Website Look'n'Feel ContestCanonical is sponsoring the Ubuntu Website Look'n'Feel Contest to give the Plone 2 based Ubuntu website a new look. There is a US$1000 first prize for the winning design. Click below for details.
Surveys Evans Data on open source databases - Firebird most popular?Evans Data has done another survey; this one is about database management systems. "FireBird is the most used open source database for Enterprise applications, more database developers use FireBird for single purpose applications and FireBird is tied for the most used database for workgroup applications. Further, MySQL and FireBird are locked in a virtual tie in the open source database space with each being used by just over half of database developers who use open source databases."
Upcoming Events Free and Open Source Software Workshop 2005The Syrian GNU/Linux Users Group has announced the Free and Open Source Software Workshop, to be held in Damascus, Syria on March 2-4, 2005.
Security-Enhanced Linux Symposium Keynote AnnouncedThe SELinux Symposium has announced their keynote speaker: Daniel G. Wolf, director of the Information Assurance Directorate at the National Security Agency (NSA). The event will be held from March 2-4, 2005 in Silver Spring, MD.
Southern California Linux ExpoThe Southern California Linux Expo will be held on February 12 and 13, 2005 at the Los Angeles conference center.
Events: January 20 - March 17, 2005
Page editor: Forrest Cook Letters to the editor The early ThunderBird adopters are not techies
> "I do think it [Thunderbird] will benefit from this groundswell
eChannelLine article on Linux: Alec Taylor's comments
Please forward as appropriate.
Page editor: Jonathan Corbet
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
![[Quasar screenshot]](/images/ns/quasar-sm.jpg)
