LWN Weekly Edition
Leading itemsSecurity
Kernel development
Distributions
Development
Linux in the news
Announcements
Letters to the editor
->Multipage format
This page
Previous weekFollowing week
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
The LWN.net Weekly Edition for November 21, 2002 is available.Book review: Linux In The Workplace![[Book cover]](/images/ns/litw.gif)
We have not managed to write a great many book reviews over the last couple
years - they take a lot of time, and were never our most popular feature.
Linux In The Workplace, however, is sufficiently interesting that we
took the time to read it through. Read on for our impressions and thoughts
on why this book is worth noting.
Linux In The Workplace is published by the Linux Journal Press. Interestingly, no authors are named on the cover; instead, it is credited to "SSC, publishers of the Linux Journal." It is, in fact, the result of the Linux Journal's staff's experience with running a Linux-based office over the last few years. As a result, it is well grounded in a lot of real-world, Linux-based office work; it is also deeply tied into the Journal's way of doing things. The cover does not go out of its way to make it clear, but this book is mostly about KDE. GNOME-based applications are mentioned in spots, but anybody wanting to set up an office around the GNOME desktop will not get what they need from Linux In The Workplace. There is no problem with this - trying to cover both desktops would likely turn the book into a confusing mess - but it's a good thing to be aware of. Actually, anybody wanting to "set up" an office around any desktop will need to look elsewhere. Linux In The Workplace is very much a user's manual; it expects that somebody else has already gone through the trouble of installing Linux and making it work:
This book is different in that we assume you don't want to install
Linux, don't want to learn how to be a system administrator, and
aren't concerned with doing some of the more complicated tasks. We
assume you already have a working Linux system on your desk and
need to use it to get your work done.
Again, that is appropriate; serious use of Linux in offices is only feasible if most users do not have to deal with the administrative issues - something which is also true of Windows in the office. So, what's covered in this book? After a quick "what is Linux" chapter, we learn how to log into a KDE-based system, deal with user accounts ("A good password combines upper- and lowercase letters with nonalphanumeric keys. Passwords such as *nCk&Ve or *nG]y$Uds- are good examples."), and deal with the basics of the KDE desktop. The approach is low-level and detailed - we learn about what most of the icons and menus do. Anybody who is used to working with a Linux desktop at all may find the "now click here" pace a bit tiresome, but readers who are entirely new to Linux will likely welcome the detail. In subsequent chapters, the reader will encounter:
There are a number of shortcomings and strange omissions. For example, office workers are likely to want to view PDF files, but there is no discussion of how to do that - even though gv, which reads (most) PDF files happily, is briefly covered. Printing is mostly passed over, as are multimedia applications. And (by design), there is almost no mention of proprietary software packages that can be useful in real office situations. But, then, few books are perfect. This one is important as proof that you can get a lot of work done on a Linux system without ever having to mess with partitioning menus, shell prompts, mount commands, and so on. The existence of this sort of book is an important prerequisite for widespread adoption of Linux for desktop use. Desktop Linux is, increasingly, being taken seriously; Linux In The Workplace is full of good examples of why that is happening.
OASIS to create an open office application formatThe OASIS Standards Consortium has announced the creation of a "technical committee" which will develop an open, XML-based file format specification for office applications. The goal of the project, of course, is to facilitate interoperability and data exchange between applications. Should they succeed, the days of trying to reverse engineer Word files could come to an end.It is hard to overemphasize the importance of this effort. Microsoft's office suite monopoly is based on two things: (1) that suite's feature set, and (2) the ability to exchange documents with the rest of the world. There are numerous other office suites which are closing the feature gap (though there is still some ground to cover for the free applications, to say the least). But, without the ability to easily exchange documents with MS Office users (and have them look good when they get there), adoption of alternative office suites will remain limited. And there, of course, lies the rub. A new, XML-based office suite file format will have a rough life if Microsoft does not play along with it. It is worth pointing out that Microsoft is a member of OASIS; the company has also said that Office will use an XML-based format in the future. But the list of supporting companies in the press release (Arbortext, Boeing, Corel, Drake Certivo, and Sun) does not include Microsoft. Even without Microsoft, standards for document data can only be a good thing. This particular standard is getting a jump start from Sun, which is contributing the OpenOffice.org format under royalty-free terms (OASIS, in general, is quite happy with RAND or UFO (uniform fee only) terms). Should the committee create a standard based on this format, the existence of a free reference implementation should encourage adoption of the standard in both free and proprietary packages. Proprietary data formats are a problem for a number of reasons, of which proprietary lockin is only one. Another is the ability of proprietary applications to surprise users by retaining information in documents that those users had thought they had deleted (or never put there in the first place). Future historians will find that much of the documentation of this era is encoded into formats which are no longer readable. An Open format for office information will not, by itself, solve any of these problems. But it sure would be a good start.
Notes from LWNThere is a relatively small amount of news to report this week. The individual subscriber count stands almost unchanged from last week - which is not entirely a bad thing, since a number of accounts have expired in that time. We will have to figure out a way to bring in the next round of subscribers, however.We think we have worked out the problem that made it difficult for lynx users to log into the site. Please let us know if it still fails to work for you. (The longer-term task of making the site more lynx-friendly in general remains on the "to do" list). Next week is the Thanksgiving holiday in the US. We'll be publishing a (perhaps a little smaller than usual) Weekly Edition one day early - on November 27 - because we'll all have eaten too much food to reach the keyboard thereafter. We'll return to our regular schedule for the following week (but there will be no Weekly Edition the week of December 25).
Security Brief items When should one apply security patches?When one considers the question of when security patches should be applied, the standard answer is "immediately." That answer neglects an important question, however: what if the patch itself is broken? Overzealous application of problematic updates could end up causing more trouble than the vulnerabilities that the patches were meant to fix. In an attempt to quantify the risk of that happening, and come up with an optimal time to apply security patches, Steve Beattie et al. carried out a study, which is now available on the net.Finding the optimal time is a matter of finding the intersection of two curves. One curve is determined by the cost of recovering from a failed update, multiplied by the probability of such a failure. The probability of applying a bad update will fall over time, since these updates are discovered and fixed. The other curve, instead, is the cost of dealing with a security breach, multiplied by the probability of that breach happening. The chances of a particular vulnerability being exploited grow over time, of course, especially in the free software world, where vulnerabilities tend to be disclosed before they are actively exploited. The two curves will thus cross at some point; once they intersect, the costs of not applying the patch exceed those of pressing forward. To find the probability of applying a bad patch, the authors dug through the CVE database, examining 136 entries. For those, they found twenty cases where patches were withdrawn or revised. The median time to revise a patch, it turns out, was just over 17 days; one patch was fixed after a year and a half. To finish the calculation, one must try to determine the probability of an unpatched system being compromised. The authors punt on this one, saying that it must be calculated "locally" for any individual network. In the absence of that second probability, the authors make their final conclusions from the "bad patch" data. Looking at a graph of when issues were "resolved" (a good patch released), they note a couple of obvious plateaus. "However, since [the probability of a compromise] is difficult to compute, the pragmatist may want to observe the knees in the curve ... and apply patches at either ten or thirty days." One should bear in mind that the calculation would be different for a vulnerability which is being actively exploited, however.
November CRYPTO-GRAM NewsletterBruce Schneier's CRYPTO-GRAM Newsletter for November is out. It's a short one - Bruce is finishing up a book project.. "My new book, still untitled, is a book about security. Not computer security, but security in general. Its goal is to teach readers how to think differently, how to tell good security from bad security, and to be able to explain why."
New vulnerabilities Courier sqwebmail: buffer overflow
dhcpcd: Character expansion vulnerability
kernel: local denial of service vulnerability
lynx: CRLF injection vulnerability
nullmailer: denial of service
samba: buffer overflow
tcpdump: buffer overflow
Updated vulnerabilities Apache shared memory scoreboard vulnerabilities
Heap corruption vulnerability in at
BIND8: Multiple vulnerabilities
bind buffer overflow vulnerability in DNS resolver libraries
Potential unauthorized root access vulnerability in dietlibc
dvips: command execution vulnerability
Filename disclosure vulnerability in fam
Another set of fetchmail buffer overflows
GNU fileutils race condition
Potential remote root exploit in glibc
glibc: DNS stub resolvers contain buffer overflow vulnerability
Buffer overflow in groff
Buffer overflow in gv
html2ps: arbitrary code execution
UW imapd remotely exploitable buffer overflow
Cross-site scripting vulnerability in Konqueror for KDE 3.0.3
kdenetwork: buffer overflow
kernel: several security issues fixed
kgpg: keys generated in wizard have an empty passphrase
krb5: Buffer Overflow in Kerberos Administration Daemon
perl-MailTools: remote command execution
masqmail: buffer overflow
Cross-site scripting vulnerability in mhonarc
PHP Remote Compromise/DOS Vulnerability
mod_ssl: cross site scripting problem
Mozilla: Privacy leak and other vulnerabilities
ypserv: NIS information leak
Buffer overflow in nss_ldap
PHP: vulnerability in mail function
Remotely exploitable vulnerability in pine
Buffer overflow vulnerabilities in PostgreSQL
Local arbitrary code execution vulnerability in Python
Multiple-use vulnerability in Safe.pm
sendmail smrsh bypass vulnerability
Multiple vulnerabilities fixed in Squid-2.4.STABLE7
squirrelmail: cross-site scripting vulnerability
syslog-ng: buffer overflow vulnerability
File overwrite vulnerability in tar and unzip
Multiple vendor telnetd vulnerability
Tomcat 4.x JSP source code exposure vulnerability
traceroute-nanog: buffer overflow and root exploit
webalizer: reverse DNS buffer overflow vulnerability
Webmin/Usermin vulnerabilities
wmaker: buffer overflow in Window Maker image handling code
Multiple vulnerabilities in wordtrans
Problems with libgtop_daemon
Wwwoffle remote privilege escalation vulnerability
Denial of service vulnerability in xinetd
Resources The Peon's Guide To Secure System DevelopmentFor those of you who are looking for a bit more character in security writing, The Peon's Guide To Secure System Development might just fill the bill. "Increasingly incompetent developers are creeping their way into important projects. Considering that most good programmers are pretty bad at security, bad programmers with roles in important projects are guaranteed to doom the world to oblivion. The author feels that a step toward washing himself clean of responsibility is by writing this document. Checking your memcpy() and malloc() calls have been lectured to death. It's not working. The approach used by this document is to instead shame developers into producing better systems."
Security holes ... Who cares?Eric Rescorla has announced the availability of a study of user response following the disclosure of the OpenSSL remote buffer overflow vulnerability. When the problem was announced, Mr. Rescorla started monitoring a set of vulnerable servers to see when they were patched up. "Two weeks after the bug announcement, more than two thirds of servers were still vulnerable." Even after the "slapper" worm hit the net, many servers remained vulnerable.
Linux Security Week and Advisory WatchThe Linux Security Week and Linux Advisory Watch newsletters from LinuxSecurity.com are available.
Butterfly Security releases CodeSeekerButterfly Security has announced the forthcoming release of "CodeSeeker," a firewall and intrusion detection system. Open source licensing is claimed for CodeSeeker, but the actual license has not been made available as of this writing.
Page editor: Jonathan Corbet Kernel development Brief items Kernel release statusThe current development kernel is 2.5.48, which was released by Linus on November 17. This one includes the new module loader - so expect surprises if you compile with modules, and note that you need a new set of module utilities (available as a source tarball or source RPM). Other changes include boot process cleanups (part of the initramfs effort), more IPSec fixes, high-resolution times in the stat64() system call, some SCSI cleanups, a bunch of include file cleanup work, and lots of other fixes. And, of course, the fix for the denial of service vulnerability. The long-format changelog has the details.Linus's pre-2.5.49 BitKeeper tree includes a number of module fixes, nanosecond time support for the NFS filesystem, an S/390 update, and a large number of other fixes. The current development kernel prepatch from Alan Cox is 2.5.47-ac6. Alan continues to issue patches against 2.5.47 because "the 2.5.48 tree is a little bit too broken to run IDE development against." The current stable kernel is 2.4.19. The second 2.4.20 release candidate was released by Marcelo on November 15; it includes a fix for the denial of service vulnerability and several other updates. Alan Cox's latest 2.4.20 prepach is 2.4.20-rc2-ac2, which adds a number of fixes to the second release candidate. Alan has also released 2.2.23-rc2, which is primarily motivated by the denial of service fix.
Kernel development news The state of the feature freezeThe 2.5 feature freeze is now three weeks old. At this point, it mostly appears to be working as intended. The biggest exception (the new module loader) will be looked at in a separate article.One of the goals of the freeze was to give developers a well-known target date so they would not flood Linus with last-minute patches. There was a big wave of patches that came through in October, but it was small and well organized compared to the deluges that came after previous (surprise) feature freezes. These patches were, for the most part, in reasonably good shape. With relatively few exceptions, the post-freeze kernel is in relatively stable condition. The freeze is holding reasonably well. The only really new features that have gone in recently are the new module loader and high-resolution times in the stat64() system call. Linus has put his foot down when faced with a number of destabilizing changes, such as some overzealous header file "cleanup" work. He is still considering a few new features (kexec, kernel probes, and POSIX timers), but they are relatively small and went into the queue well ahead of the freeze date. Of course, it is far too early to conclude that the freeze will actually hold - we have to wait to see what happens in 2003 for that. The 2.5 stabilization process will, hopefully, be helped by the bugzilla database that has been set up by OSDL. Proper tracking of 2.5 bugs is clearly necessary if they are to be dealt with before the stable release. Whether this database will really fill that need remains to be seen; after a week of operation, it only lists sixty bugs. The 2.5 kernel clearly must have more problems than that; now is the time for people who have encountered problems to put them into bugzilla so they do not get overlooked. Not all of the kernel developers have shown great enthusiasm for working with the bugzilla system; to some of them, it looks like a lot of bureaucratic work that distracts from the real job of fixing bugs. This should not be a problem as long as people who are interested maintain the bug database and keep it current. Back at the kernel summit, there seemed to be a consensus that, at this stage, an assistant to Linus would be named to help with stabilization. Linus, by his own admission, does not always do a great job of the release management task. The assistant would help review patches and might also, eventually, become the maintainer of the stable release. That prospect, of course, would help motivate the assistant to look hard at proposed changes and exclude anything that was not really necessary. This idea was well received at the summit, even by Linus. But this person has not been named, and there has not really even been any discussion of the subject. Following through soon on the appointment of somebody to help stabilize the kernel is probably one of the best things the development community could do to ensure that the freeze (and stable release) are successful.
The x86 denial of service bugThe current 2.5 and 2.4.20-rc releases both contain a patch for a newly-discovered vulnerability in the Linux kernel. Simply put, anybody who can run an arbitrary program on a Linux system can bring it down in flames. Your editor, who is not an expert on x86 assembly (but who can still describe the difference between CDC 6xxx A, B, and X registers), has made an effort to figure out just what is going on here, for those who are curious.The x86 processor contains many flags which affect its operation. Two of these flags are abused in this exploit:
The DOS attack works, essentially, by setting both flags (TF and NT), then jumping into the kernel with an lcall instruction. The kernel code did not clear those flags when entered via that path. Thus, the setting of TF would cause an immediate processor trap within the kernel code. That, by itself, is relatively harmless, except that the trap handler returns via iret. That instruction, seeing that the NT flag is set, attempts to perform a task switch via the TSS - an operation the kernel was not expecting, and which had not been prepared for. So the kernel switches into a nonexistent task, and everything comes to a stop. It is at this point that one begins to appreciate the virtues of journaling filesystems. The solution, as coded up by Linus, is simply to clear those flags when the kernel is entered via a call gate. End of problem - once you get the patch installed. The call entry code has not changed in a long time, so even very old kernels are affected. The current 2.4.20 release candidate includes a fix, and the distributors are beginning (slowly) to release updates which fix the problem. 2.2 kernels are also vulnerable; if you have a 2.2-based system running with untrusted users, you may want to rebuild the kernel with this patch from Matthew Grant applied.
Fun with modulesSo... The feature freeze is in effect, the 2.5 kernel appears to be relatively stable (for this stage of development), and all seems well with the world. Then Rusty Russell's new module loader patch goes in, and all hell breaks loose. What's going on?The inclusion of the module patch is consistent with the policy Linus laid out toward the end of October: the freeze date would be considered the deadline for submission to him. Linus would, when it seemed appropriate, merge new features after the deadline. He has done very little of that sort of merging, but the new module code was one of the exceptions. There are a few problems with the new module subsystem, most of which have to do with the facts that the job is not complete (i.e. features are missing), and that many of the changes had not been seriously tested out and reviewed prior to being merged. The work is not complete because Rusty never knew whether the patch would go in or not, and was busy enough just keeping it up to date with kernel releases. The lack of testing and review is explained by Rusty in this way:
Think back: who in their right mind would compile and test patches
to a rapidly-changing kernel, when those changes required userspace
tool changes and you didn't know if it was going to go in or not?
If you care about modules in 2.5, you're probably a developer who
needs modules to do their job, so why rock the boat?
In other words, the nature of the patch was such that the people who most needed to test it out were uninclined to do so. Many of those people are the ones who are upset by the current state of affairs. The initial module patch did, indeed, lack some features. Little things like module parameters, device table support (needed for hotplug support), unloading of modules, a working modprobe, modversions, etc. In other words, when the module patch first went in, loadable modules stopped working for almost everybody. Broken features are not that unusual for a development kernel, but this is a much-used feature in a kernel that was supposed to be in a feature freeze, so people complained. The situation was not helped by the fact that the first module patches were merged just as Rusty got on a plane to the other side of the world. Even so, he has been working frantically to fix up his patches and get them off to Linus. By the time 2.5.48 came out (the first actual kernel release with the new code), some of the worst omissions had been taken care of, and the rest are being addressed quickly. The level of complaints over missing features has dropped significantly. Other sorts of complaints remain, however, as people try to actually make things work with the new scheme. The biggest controversy has related to Rusty's attempts to eliminate some of the race conditions that tend to crop up during module loading and unloading. A common bug found in module initializion routines is to make resources (i.e. a /proc file or a registered device) available to the kernel, then to fail module loading later on. If some other process has accessed that resource in the mean time, it could find itself trying to execute within a module that was never fully loaded. Rusty's solution is to add a "live" flag to each module. Any code which calls into a module must first increase that module's reference count with the new try_module_get() function. This function will return a failure status if the live flag is not set. This flag remains cleared until the module initialization function has finished its work. This mechanism guarantees that a module's code will not be called until the module is ready, and it is clear that the module load process will succeed. (It is also used to unload modules safely; see Rusty's FAQ for more information on how this all works). The problem is that, sometimes, there are legitimate reasons for wanting to call into a module before that module has finished initialization. For example, when a disk driver registers a disk, the upper layers immediately want to have a look at the partition table. Under the new scheme, that look would fail (since the module was not yet marked as being alive) and the drive's partitions would not be registered. Thus, a patch which was intended to fix theoretical problems (very few people have actually been bitten by module load race conditions) ended up creating real problems with drivers that, previously, had been working just fine. That did not go over particularly well. This problem has been fixed by marking a module as being alive while its initialization function runs. In other words, initialization is, once again, unprotected, and driver authors need to be very careful to not export any interface to the rest of the kernel until they are ready for that interface to be used. Which makes basic sense. Driver code also needs, in many cases, to be more fault tolerant. Rusty asked a related question: how does one register two /proc files? If the registration of the second file fails, there is no way to safely unregister the first one and fail the module load. Linus's answer makes basic sense once you look at it: the module simply can not fail to load at that point. Once the module has exported an interface, it must be there to handle uses of that interface. It is better to simply do without the failed /proc file than fail the whole load and risk race conditions. The complexity required to allow failing at any time is not justified by the benefits. Various other problems (such as the requirement that every module have an initialization function, or explicitly include a no_module_init line) are being worked out. Before too long, with luck, modules will just work again (better than before), and the kernel developers will be arguing about something else.
Patches and updates Kernel trees
Core kernel code
Development tools
Device drivers
Documentation
Filesystems and block I/O
Janitorial
Memory management
Networking
Architecture-specific
Security-related
Benchmarks and bugs
Miscellaneous
Page editor: Jonathan Corbet Distributions News and Editorials United LinuxThis week at COMDEX in Las Vegas the UnitedLinux group announced the release of Version 1.0 of its UnitedLinux product, with a launch event sponsored by HP and IBM.UnitedLinux 1.0 was not designed to be a standalone product, but instead will be the engine that powers distributions from its four founding members, Conectiva S.A., The SCO Group, SuSE Linux AG, and Turbolinux, Inc. All four companies were expected to announce new versions of their Linux enterprise distributions, powered by the UnitedLinux core, this week, according to this eWeek article. This announcement for SuSE's Linux Enterprise Server 8 is the first official 'powered by UnitedLinux' announcement we've seen. Each of the four new 'powered by UnitedLinux' offerings will have its own local language support, value-add features, and pricing. So what's in the basic package?
Distribution News Debian GNU/LinuxThe Debian Weekly News for November 19, 2002 is available. This week you can read about the Debian art collection; the soon-to-expire LZW patent; and much more.Anthony Towns reports on packages with release-critical bugs that have been removed from Debian testing (and in some cases unstable). More will likely be removed in the near future if bugs are not fixed. The Debian Board of Directors of Software in the Public Interest would like to expand. According to the by-laws, the Board should include 8-12 people, and we may have a number of advisers as well. This message solicits applications and nominations. A second Bug Squashing Party for the Sarge release will take place during the next weekend (22-24 of November). A fire at the computing facilities of Twente University has taken out the server known as satie, which may disrupt some services temporarily.
Mandrake Linux Community Newsletter - Issue #68The Mandrake Linux Community Newsletter for November 14, 2002 is available. This week: 9.0 Packs are shipping; the Advanced Extranet Server is cookin'; MandrakeClub has multilingual forums; and much more.
MontaVista Linux Professional Edition 3.0 LaunchesMontaVista Software has announced the launch of the MontaVista Linux Professional Edition 3.0, the next generation of this embedded operating system and development platform. "Offering enhanced networking capabilities, increased tools coverage and the latest Linux technology, this newly updated version of the product enables embedded equipment manufacturers to develop an even broader range of devices."
Slackware LinuxSlackware has some more upgrades to the the Slackware current tree, mostly in the KDE packages. Also glibc was patched and recompiled to improve compatibility with older binaries. See the change log for complete details.
Trustix Secure LinuxTrustix Secure Linux has released TSL 2.0 Technology Preview 1 (also known as Rainstorm).TSL 1.5 users should check out these bug fix advisories for samba and apache/mod_ssl. The apache/mod_ssl update also applies to older versions of Trustix Secure Linux. Trustix recommends that all systems with these packages installed be upgraded, or if you are not using these packages you should remove them from your system.
Minor distribution updates Bootix Linux Becomes Phrealon LinuxThe Slackware-based CD-ROM distribution formerly known as Bootix has been renamed to Phrealon Linux due to some trademark issues.
LindowsOSAccording to this article in News.com, Lindows has released LindowsOS 3.0 as an independent product. Previously, LindowsOS was bundled with low-cost PCs, not available as a standalone product. "The company said the LindowsOS 3.0 package will sell for about $129 and support dozens of Linux applications, including ones that mirror Windows applications. The software package, which is available online including at Walmart.com, also features Sun Microsystems' StarOffice 6.0 word processing software and supports more than 800 printers." Thanks to Jay R. Ashworth
LycorisLycoris and Ericom Software team up to release Desktop/LX InterConnect, a simple corporate desktop with full office suite and outstanding host connectivity tools.Lycoris is now offering $199 Desktop/LX Certified Microtel PCs on WalMart.com.
Distribution reviews Interview: Klaus Knopper, Creator of Knoppix (DistroWatch)DistroWatch interviews Klaus Knopper, creator of Knoppix - a Linux distribution which runs from CD-ROM. "I have heard of some unusual ways of using Knoppix, apart from the usual "coaster" thing, if someone has no success in booting a computer with exotic chip sets with Linux. The CD is used as a certified running Linux system for commercial proprietary products (which is perfectly legal in the sense of the GPL), and some are working on a version with a Mosix kernel or other clustering stuff to boot an array of PCs without hard disk installation."
Page editor: Rebecca Sobol Development The OpenOffice Installation ProjectThe OpenOffice office suite project has announced a new initiative, known as the OpenOffice Installation Project. The project aims to address some of the deficiencies of the current installation system.
Though this has been proven to be as painless as possible, even for
novice users, it does not integrate very well with the different
installation standards found on the various operating systems. It is
neither possible to install or uninstall OpenOffice.org using the
systems installer nor does it appear in the list of installed packages.
The project aims to make installation of OpenOffice follow the systems native installer for the user's Linux distribution. This sounds like a very good idea, since the majority of applications on most distributions are installed as packages, and packaging the code should allow it to be correctly integrated into the chosen distribution. Package support is being planned for several commercial UNIX varients, RedHat Linux, Windows, OS X, Debian Linux, FreeBSD, and as generic tar.gz files. Your development page editor recently made several attempts at installing OpenOffice on a new Debian system. The first attempt involved following the instructions found on the OpenOffice.org in Debian site, which recommended doing: apt-get install openoffice.orgThat attempt failed to find the package at all, even after pointing the /etc/apt/sources.list file to several different sources and OS versions. I will admit to being a very new Debian user, although I've been using UNIX and Linux for a long time. Ultimately, it was necessary to download the enormous tar.gz file from the OpenOffice site. I had to uncompress the file, and run the install script to get the files plugged into the system. I then had to further install the software from a user account, which nicely duplicated a huge tree of already-copied files into my home directory. Not pretty, although it did eventually produce a working program. Once OpenOffice was actually installed, it took a fair amount of digging around to figure out that the command to run OpenOffice was soffice, not openoffice or OpenOffice. This is, no doubt, a relic from StarOffice, the project from which OpenOffice was derived. Clearly, an effort to make installation of OpenOffice easier will greatly expand the OpenOffice user base. The installation experience as it currently exists, will likely scare off many potential users. This is a project that is past-due, it may even be critical for the long-term success of OpenOffice.
System Applications Audio Projects applications using jackAlsaModularSynth and JACK Rack have been added to the JACK Audio Connection Kit's list of applications. JACK allows multiple audio applications to simultaneously share the same sound card.
Database Software SAP DB Beta Version 7.4.03.07A new beta version of the SAP DB database and accompanying documentation is available. Change information is in the code.
Education Linux in Education ReportIssue #83 of the Linux in Education Report is out. Topics include European Schools Projects Finland, SchoolNet Namibia, Sun's aim to oust MSOffice from UK schools, the Northwest Educational Technology Consortium, the National Meeting of Free and Open Source Software, and a bunch of new educational software releases.
Electronics a VHDL front-end for GCCA VHDL front-end for GCC, known as GHDL, has been announced. "GHDL has been developped on a GNU/Linux x86 system, and only this configuration has been tested (porting to other processor or system should not be an hard task, but there are system dependent files in the run time)." Thanks to Andi Kleen.
Printing LinuxPrinting.org newsLinuxPrinting.org lists some new changes to the Foomatic printer support database. New stuff includes an option setting bug fix, new converters for plain text printing, a bug fix for custom paper size support, and a fix for the Lexmark Z31 printer support.
Science Open source in the biosciences (IBM developerWorks)Cameron Laird looks at the use of open-source software in the bioscience and bioinformatics fields. "Bioinformatics and the use of open source in the biosciences are both still in the take-off phase. There's a lot of growth ahead of us. Here are a few of the technical software developments that will matter most in bioinformatics over the next year."
Web Site Development NemeinNavBar library releasedThe initial public release NemeinNavBar, a URL parsing and navigation bar system for Midgard, is available.
Zope Members NewsThe most recent headlines on the Zope Members News include: New York ZUG - November 21, 2002, ZAnnot 0.3 released, File System Cache Manager 0.1, DZUG-Meeting: Call For Papers, File system storage version of MSWordDocument, Austrian Government Deploys Zope, CMF in Portal to Public Services, NeoBoard 1.1 alpha 2 released, and Turkish Zope Hosting.
Standards lsb-runtime-1.2.3-1 for IA32Version 1.2.3-1 of the binary lsb-runtime test suite for the IA32 platform has been released. This is a maintenance release.
Desktop Applications Audio Applications Ardour changesThe latest changes to the Ardour multi-track audio recording program include new meter and tempo editing, mix templates, and changes to undo/redo to support branching.
Desktop Environments FootNotesHeadlines on the GNOME desktop FootNotes site include: Yarnobs-0.2 released, GnuCash 1.7.3 beta, Gnumeric 1.1.12, Dropline GNOME Desktop 1.2.2, Mozilla gtk2 port progress update, An Inside look at Abiword Development, GNOME 2.1.2 available for FreeBSD, Rhythmbox 0.4 is out, Robin Rowe Interview, GNOME Development Series Snapshot 2.1.2: ''Life Preserver'', GNOME Summary for 2nd to 9th November, Evolution 1.2 available!, Sawfish 1.2 released, and an OpenOffice.org Project Update.
KDE.NewsThis week's headlines on KDE.News include: Quickies: Boson, K3b, KDE-Forum.de, and OfB.biz: Geramik Reduces KDE/GNOME Style Differences.
Games Announcing Durabuild 0.0.9 (World Forge)World Forge games has an announcement for Durabild version 0.0.9. "zzorn has released Durabuild 0.0.9. Durabuild is a python program for building html versions of Worlds documents from CVS for web deployment and LaTeX post processing."
Boson 0.7 releasedGame lovers may want to check out the new release of Boson. "Boson is an OpenGL real-time strategy game, with the feeling of Command&Conquer(tm) or StarCraft(tm). It is designed to run on Unix (Linux) computers, and is built on top of the KDE, Qt and kdegames libraries. A minimum of two players is required, since there is no artificial intelligence yet."
Interoperability Kernel Cousin WineIssue #144 of Kernel Cousin Wine is out. Topics include: WineX 2.2.1, TransGaming Highlights, New Wine FAQ, Updated To-Do List, Fun Projects, Preliminary Supported Applications List, Cabextract Offered to Wine, MPlayer Supports Sorenson SVQ3, Better OpenGL Separation, Filesystem Change Notifications, Wine Visual Basic Compatibility, and Screenshots-R-Us.
Office Applications AbiWord Weekly NewsIssue #118 of the AbiWord Weekly News is out with the latest AbiWord word processor development news. "Great week for news! First, Mark is already tagging pre-releases for 1.0.4! If you want to know what's different, visit the Release HackDown And if you're in the gtk2 world and are just dying to test out the next developer's release, feel free to keep your eyes peeled for the upcoming 1.1.2. You may have noticed 1.1.1 didn't really go anywhere (not even in links on SourceForge), but 1.1.2 will be very pleasing, especially printing with XFT (i.e. it's there now!)."
Gnumeric 1.1.12 releasedVersion 1.1.12 of the Gnumeric spreadsheet has been released. "This release marks the start of the run up to the next stable release. While there are still some big pieces left to arrive, much of the 1.2 checklist is complete and we're starting to audit things."
Web Browsers mozillaZineThe latest mozillaZine topics include: Mitchell Baker Joins OSAF Staff, Spell Checker for 1.2 and Trunk Builds, MozTweak 1.2 Beta Released, Minotaur Update, Project Documentation Updates, Linux Kernel Bugzilla Database Launched, Mozilla 1.2 Status, and Junk Mail Classification Turned On in Trunk Builds.
Languages and Tools Caml Caml Weekly NewsThe November 12-19, 2002 edition of the Caml Weekly News is out. Topics include exuberant ctags for ocaml, Aqua (non-X) labltk on Mac OS 10, The need for opcode GRAB?, and Even at compile time 2*2=4!.
The Caml HumpThis week, the new software on The Caml Hump includes OCaml-HTTPA, a "library inspired from perl's HTTP::Daemon that permits to write simple HTTP daemons in OCaml."
Java EJB Inheritance, Part 3Emmanuel Proulx continues his series on EJB Inheritance with Part 3. "A session bean's life revolves around pure business logic. Implementing session bean inheritance is nowhere near as hard as it is with entity beans. Home interfaces are plain, containing no tricky business logic. The problems we had with entity beans were regarding access or lifecycle of the bean, not the actual bean invocation. There were issues also regarding the mapping of in-memory objects to database tables. These problems are gone in the case of session beans."
Developer's introduction to JAX-RPC, Part 1 (IBM developerWorks)IBM's developerWorks has an article on JAX-RPC. "The Java APIs for XML-Based Remote Procedure Call (JAX-RPC) are an important step forward in the quest for Web services interoperability. In this first of two articles, Joshy Joseph takes you to the heart of that interoperability effort: the JAX-RPC type-mapping system. You'll learn how XML types are translated into Java types to ensure a smooth exchange of data between Web service clients and Java-based applications."
Learning the New Jakarta Struts 1.1, Part 2Sue Spielman finishes her two part series on Jakarta Struts 1.1 on O'Reilly. "The whole point of having nested tags is that the tags can relate to each other and describe the structure of the model they're managing. The assumptions made by the tags simplify the necessary coding. Struts 1.0 developers can heave a sigh of relief knowing that they won't have to mangle code any longer to render a display of a list within a list."
Perl This Week on perl5-portersThe November 11-17 edition of This Week on perl5-porters is out. Topics include Non-ASCII in POD, Test::* modules change, Assertions in Perl, CPAN::MakeMaker, Version bug, and more.
This week on Perl 6 (Dr. Dobb's)This week on Perl 6 for November 3-10, 2002 is out. Topics include: The Myth of Fingerprints, on_exit not portable, Should Memory be Washed?, string_set Is Back, Unifying Invocant and Topic-Naming Syntax, UTF-8 and Unicode FAQ, Supercomma!, The Interminable Operator Thread, FMTWYENTK about :=, Junctions and Laziness, Primitive vs. Object Types, perl6-documentation was born, Meanwhile, in perl-documentation, Who's who in Perl 6?, and more.
Object Oriented Exception Handling in PerlArun Udaya Shankar covers Perl exception handling on O'Reilly. "The main goal of this article is to discuss in detail about exception handling in Perl and how to implement it using Error.pm. On our way, we'll be touching upon the advantages of using exception-handling over traditional error-handling mechanisms, exception handling with eval {}, problems with eval {} and the functionalities available in Fatal.pm. But by and large, our focus we'll be on using Error.pm for exception handling."
PHP PHP Weekly SummaryTopics on this week's PHP Weekly Summary include: Compiling with LCC, snaps.php.net, 4.3 branched, Manual translations, Errors with URLs, Log() with bases, Squashing bugs for 4.3.0, Changelog bugs, CLI without .ini, Improved string speeds, GD filters, Session survey, Range() enhancement, and Birdstep (Velocis) support.
PHP 4.3.0RC1 releasedVersion 4.3.0RC1 of PHP is available. The release blurb on PHP.net says: "This is the first release candidate and should have a very low number of problems and/or bugs. Nevertheless, please download and test it as much as possible on real-life applications to uncover remaining issues."
Python Python-dev SummaryThe latest Python-dev Summary, covering activity through November 15, is out. It looks at the process of becoming a Python contributor, the Snake Farm, "metaclass insanity," and numerous other topics.
The Daily Python-URLThis week's Daily Python-URL article topics include: Mnet, the open-source successor to MojoNation, Cooperative multithreading with generators and signal handling, Proper XML output in Python, Python - language of choice for EAI, Python Journal 3(1), Variety is the Spyce of Python, and more.
Ruby The Ruby GardenNew topics on the Ruby Garden include Move "timeout" method into its own class, and Should Ruby have static typing?.
The Ruby Weekly NewsTopics on this week's Ruby Weekly News include New signs of life [Cardinal], RubyConf 2002 FreeRIDE slides, Enumerable#zip, Sydney RUG, RUG mailing lists, and Ruby NEWS maintainers [wanted]. New Ruby software includes rdep, YAML.rb 0.47, FXRuby 1.0.16, Radical 0.5, and ncurses-ruby 0.6.
Scheme Scheme Weekly NewsThe November 18, 2002 edition of the Scheme Weekly News is out with the latest Scheme development news.
Tcl/Tk Dr. Dobb's Tcl-URL!The November 19, 2002 edition of Dr. Dobb's Tcl-URL! is out with lots of Tcl information.
XML Proper XML Output in PythonUche Ogbuji delves into the production of XML output from Python on O'Reilly. "First, I consider ways of producing XML output in Python, which might make you wonder what's wrong with good old print? Indeed programmers often use simple print statements in order to generate XML. But this approach is not without hazards, and it's good to be aware of them. It's even better to learn about tools that can help you avoid the hazards."
Normalizing XML, Part 1 (O'Reilly)Will Provost writes about XML normalization on O'Reilly. "As regular readers of the XML Schema Clinic likely know, I tend to view the world of XML through object-oriented glasses. For this installment, though, we're reaching out to the relational data folks, switching lenses for one eye at least. The goal is to see what relational concepts we can usefully apply to XML. Can the normal forms that guide database design be applied meaningfully to XML document design?"
RDF, What's It Good For? (O'Reilly)Kendall Grant Clark covers RDF on O'Reilly's XML.com. "The Resource Description Framework is still among the most interesting of W3C technologies. But it's got persistent troubles, including having had its reputation beaten up unfairly as a result of the many and often nasty fights about RSS."
Miscellaneous nocrew's PDP-10 stuffFor those of you who collect old computers, a group known as nocrew has been porting GNU software to the pdp10 computer platform. Thanks to Lars Brinkhoff.
Page editor: Forrest Cook Linux in the news Recommended Reading AUUG hails govt stance on Open Source (The Age)The Age covers a new strategy launched this week by the Australian Minister for Communications, Information Technology and the Arts, Senator Richard Alston. "The Australian UNIX and Open Systems User Group (AUUG) has welcomed the identification of Open Standards and Open Source as critical factors for the "Efficient Application of Technology" in the high level e-government strategy Better Services, Better Government, a media release from the group says." Thanks to Gordon Hubbard
iSeePet: a remote pet-communication system powered by LinuxThe iSeePet is a remote pet-communication system powered by Linux, popular in Japan. Here is an article from Japan Corporate News Network: "Weighing 3kg, iSeePet is composed of a web cam-equipped water tank and a food dish. Beginning November 29, owners can log on to the Internet or mobile-phone service (www.iseepet.jp/), to see animated or static images of their pet waiting for food. At meal times the owner presses the Call button over the Web, and the remote-controlled system plays a melody to catch the pet's attention."
According to AlphaOmega's pages (in Japanese) [1][2], this machine
(iSeePet) is powered by Linux.
Open-Source Milestone: UnitedLinux Ships (TechWeb)TechWeb reports on the release of UnitedLinux version 1.0. "UnitedLinux backers say the new common release -- which will compete most directly with Red Hat Linux, the most widely-used version of Linux in the enterprise -- will be welcome for its business focus and the strong support, training and certification programs backing it. Hardware vendors, including IBM and Hewlett-Packard, which participated in the announcement, like the consolidated operating system because it means they have to certify their hardware to fewer Linux distributions."
Companies Race for fastest computer heats up (CNN)CNN covers a couple of new supercomputers from IBM. "At the SuperComputing 2002 conference in Baltimore on Tuesday, U.S. Energy Secretary Spencer Abraham was to announce a $290 million contract with IBM to build two new supercomputers, one of which, dubbed ASCI Purple, is expected to clock in at 100 teraflops, or trillions of calculations per second."Here's IBM's press release.
IBM's Linux Push Shows AIX Is No Sacred Cow (TechWeb)TechWeb examines IBM's Linux commitment and its effect on the company's proprietary AIX OS. "That is, as Linux continues to take on more enterprise features, it could come into conflict with AIX. But the vendor seems to be encouraging that development, rather than resisting it. It's got 250 or so programmers working on Linux development and, most recently, came out with a high-end, aggressively priced system that will run AIX, Linux or both."
Metrowerks Set To Acquire Lineo (eWeek)eWeek speculates that an Metroworks is about to acquire Lineo. "Sources close to Lineo said the company had 'not to date been acquired,' but indicated an announcement was imminent. Metrowerks officials confirmed that it is making an announcement next week but would not disclose its nature."
Motorola subsidiary Metrowerks to acquire Lineo? (LinuxDevices)LinuxDevices examines rumors that Motorola's Metrowerks software tools subsidiary may acquire Lineo. "Rumors have surfaced of an impending acquisition of Lineo (aka Embedix Inc.) by Motorola's Metrowerks software tools subsidiary. Metrowerks is well known for its popular CodeWarrior integrated development environment (IDE), which is used for embedded system software development. Lineo and Metrowerks have had a long standing strategic partnership including a $22.5 million investment by Metrowerks in Lineo in September 2000."
Business Japan may drop Windows to boost security (Forbes)Forbes is carrying a Reuters article stating that the Japanese government is taking a hard look at switching over to Linux. "The Ministry of Public Management, Home Affairs, Posts and Telecommunications will set up a panel of experts to study how other countries are using open source operating systems as early as the next fiscal year that starts next April, the paper said." (Thanks to Maya Tamiya).Robert Hawkins also sent us a pointer to an article in Japanese on Asahi.com for those who can read it.
Red Hat wins over Windows convert (News.com)Here's a News.com article about a company called Acuity Lighting Group. This company decided to use Red Hat's Advanced Server version of the Linux operating system to run Oracle's 9i RAC database software atop a group of Dell Computer servers. "Acuity is running three new Linux databases, Dell said. The first is spread across a four-computer cluster, each database system a four-processor Dell PowerEdge 6450. The second database runs on an eight-processor PowerEdge 8460, while the third is on a four-processor PowerEdge 6450."
Open-source CMS: On the rise (ZDNet)ZDNet looks at free content management systems. "But the advantage of open-source solutions goes beyond cost savings. Content management, by its very nature, requires a degree of customization, and by having access to the source code, developers can do things like add support for a unique content type right into the codebase--an option not possible with proprietary tools."
Legal Tux Fights Bux for the Soul of India (Linux Journal)Linux Journal takes a look at open source vs. Bill Gates in India. "November 12 - Business Times Asia runs "Bill Gates lands in India amid a Linux debate", adding this about the initiative: Just weeks before Mr Gates' impending arrival, officials in India's Department of Information Technology in New Delhi leaked details of an effort called the Linux India Initiative. It is meant to promote Linux for use in government departments and corporations. Information Technology Minister Pramod Mahajan has declined to discuss the initiative. "I don't want to comment on Linux so close to Gates' visit," he said last week."
Interviews Interview with Don Eigler: What's wireless and miniscule? (IBM developerWorks)IBM's developerWorks has an interview with Don Eigler on the miniaturization of wireless devices. "It seems that every generation of new wireless technology is smaller than the last. At IBM's Almaden Research Center, IBM Fellow Don Eigler and his research group are reaching whole new frontiers of miniaturization, building molecule-sized logic gates, one atom at a time. Ira Kalb talked to Don to learn what today's developers can do to prepare for the future of wireless."
Resources Embedded Linux Newsletter for Nov. 14, 2002Get all the Embedded Linux News with the Embedded Linux Newsletter from LinuxDevices.com
Reviews Sharp upgrades Linux handheld (News.com)News.com looks at the latest version of Sharp's Linux-powered Zaurus. "The Zaurus has some appeal for a small section of the market--people who like the control they can have through the version of Linux from Lineo that Zaurus uses. "That certainly could be a benefit that could be a draw for leading-edge technophiles," Slawsby said."
A Linux smartphone that does Bluetooth (Register)The Register covers the Swiss Army knife of smartphones. "CDL's Paron is a practical industrial handheld capable of using GPRS 2.5G packet data networks, runs Opera and Trolltech Qtopia-based embedded applications, and boasts a biometric fingerprint sensor, 320x240 color screen and USB. It's also a phone."
Tool of the Month: K3b (Unix Review)Unix Review looks at K3b, a CD burning utility for KDE. "Do you miss the nice, slick GUI CD burning programs under Windows and Mac OS X? Or just want to stop using command-line tools to burn your CDs? K3b might just be what the doctor ordered."
Insided UnitedLinux (developerWorks)IBM developerWorks has taken a lengthy look at UnitedLinux (in the form of SCO Linux 4.0), with the usual emphasis on the installation process. "In my opinion, the UnitedLinux 1.0 base product demonstrates excellent hardware scalability and every capability to meet the demands of a wide range of deployment scenarios. There is a generous level of support for hardware RAID devices, software raid, logical volume management, high performance and high bandwidth ethernet, and more. It will be interesting to see what OEM bundled platform deals this new platform will inspire."
Why Linux is a desktop dud (ZDNet)Despite its title, this ZDNet article is a reasonably positive look at the Linux desktop. "To refine the user interface and evolve more useful tools, development must move beyond creative cloning. To prevail over proprietary systems, it must take the lead in providing both ease of use and productivity for the desktop user."
Linux--doomed on the desktop? (ZDNet)ZDNet talks with Gartner research director Phil Sargeant about Linux on the desktop. ""There's quite a lack of tools in that particular space," said Sargeant. "We are going to need to see more tools if it's to make any inroads." He cited StarOffice and OpenOffice.org as examples of the few good tools available."
Lindows.com Introduces Version 3 Of Linux Desktop (TechWeb)TechWeb takes a look at the recently released LindowsOS 3.0. "For Linux to achieve popularity on the desktop, it will require channels offering PCs for sale with Linux pre-installed, Robertson said. That's already starting to happen; Lindows.com is available on PCs from Wal-Mart and Tiger Direct, and Lindows.com is also working to recruit enterprise channels."
Sun plays safe with Linux device (News.com)News.com covers a new product from Sun. The Sun LX50 Firewall/VPN appliance runs a version of Linux with enhanced security and uses firewall and virtual private network (VPN) software from Israeli-based Check Point. "Sun plans to unveil the new network security device at the Comdex Fall 2002 trade show during a keynote speech by Sun CEO Scott McNealy."
Geramik Reduces KDE/GNOME Style Differences (OfB.biz)Open for Business covers the Geramik theme. "Craig Drummond has released a new theme and "engine" for GTK programs that provides something many people have been looking for: a common look and feel for KDE and GNOME applications. While Red Hat's Blue Curve attempts to do something similar, Mr. Drummond's Geramik is the first theme implementation to provide smooth integration between environments."
Miscellaneous UCLA CIO 'Humbled' By Open Source Quality (LinuxMedNews)LinuxMedNews reports on comments made by UCLA CIO Mike McCoy, MD on the quality of open-source software. "...I am humbled by the quality of open source software. [Medical software] Vendors have awful software behind the scenes because they don't have a review process. Vendor companies frequently have 500 employees: 495 in sales, the rest in support...Most companies cannot afford to maintain quality sources themselves..."
Linux Professional Institute raises the bar on testing (Register)The Register looks at LPI certification. "So far, more than 6,000 people have been certified through LPI. [Evan] Leibovitch says they have distributed some 20,000 examinations. A quick math check points out the obvious: LPI ain't easy, so don't stroll into LWCE to take the free test on a whim."
Page editor: Forrest Cook Announcements Commercial announcements Mark's Work Wearhouse adopts Linux-based POS systemMark's Work Wearhouse has replaced and centralized its point-of-sale (POS) system and reduced operating and maintenance costs with a new Java-based Retek Point-of-Service (RPOS) solution running Linux on IBM SurePOS 500 systems.
IDC Reports Latest Supercomputer Rankings Based On The IDC Balanced Rating TestIDC has announced the newest rankings of supercomputer performance based on its comprehensive test, called the IDC Balanced Rating. Linux NetworX is the newest vendor entering the top ten list. See also this press release from Linux NetworX.
Linux NetworX Supercomputer Ranked as Fifth Fastest in the WorldLinux NetworX has achieved the rank of Fifth Fastest computer for its 2,304-processor cluster, coming in at 5.694 teraFLOPs.
MontaVista Linux powers NEC's new home serverMontaVista Software has announced that NEC's new AX10 "home server" product will be based on MontaVista Linux. The AX10 looks like another TiVo-style home recorder system, with the added ability to network with (and distribute content to) other systems.
Starbase Introduces StarTeam DatamartStarbase Corporation has introduced StarTeam Datamart, their new decision support system for software developers.
SuSE and Arrow Electronics announce distribution agreementSuSE and Arrow Electronics have announced an agreement whereby Arrow will distribute SuSE's products in the United States. SuSE, in other words, is making another attempt to get into the U.S. market, but they are outsourcing the sales work, rather than setting up an entire U.S. operation.
Terra Soft Installs BioPhysics Cluster at U of ColoradoTerra Soft Solutions, Inc. announced the installation of a 30-node Xserve cluster running Yellow Dog Linux and Black Lab at the University of Colorado.
uClinux and Linux set to mergeSnapGear Inc. announced that their core contributions to the uClinux project are making their way into mainstream Linux.
World Wide Web Consortium Releases Last Call Working Draft of Patent PolicyThe World Wide Web Consortium (W3C) has announced a revised, Last Call Working Draft of its Royalty-Free Patent Policy whose goal is to enable W3C Recommendations to be implemented on a royalty-free basis. To achieve the goal of producing royalty-free (RF) specifications, all who participate in the development of a W3C Recommendation must agree to license essential claims (that is, patents that block interoperability) on a royalty-free basis. Last Call Working Drafts are published when a W3C Working Group feels it has solved internal issues and is seeking outside review. The Last Call comment period is open for public and Member comments through 31 December 2002.
Resources Jacking Pd and Ardour - a tootorial (Quick Toots)Quick Toots has a new tutorial on doing realtime musical synthesis while using the JACK Audio Connection Kit. "Realtime synthesis is one of the cornerstones of digital audio recording and performance. This toot gives you a helping hand into the world of Pure Data - One of the most popular and powerful synthesis applications/environments. With JACK it is now possible to stream more audio than ever before through applications like Pd and Ardour is there to help record the results."
RedHat Sendmail::Milter installation mini-howto (milter.org)Oliver Schulze has put together a mini-faq on using the Perl Sendmail::Milter mail filtering module under RedHat 7.3.
New PHP Magazines announcedPHP.net has announcements for two new PHP magazines, the online php|a, and the print publication PHP Magazin.
Joint revision of POSIX and Single UNIX Specification ApprovedISO/IEC Joint technical committee has approved the joint revision to POSIX and the Single UNIX Specification as an International Standard. Designated as ISO/IEC 9945:2002, the joint revision forms the core of The Open Group's Single UNIX Specification Version 3 (IEEE 1003.1-2001, POSIX.1).
Upcoming Events Free Software Event in PortugalA free software event called Porto Cidade Tecnológica 2002 will be held in Porto, Portugal on November 28 and 30, 2002.
Linux Bangalore/2002 announces first sponsorLinux Bangalore/2002, to be held in Bangalore, India on December 3-5, 2002, has announced that Hewlett Packard will be the event's first sponsor.
Linux Financial Summit to Debut at LinuxWorld Conference & ExpoIDG World Expo announced the launch of its first-ever Linux Financial Summit at LinuxWorld Conference & Expo/New York 2003. LinuxWorld will be taking place January 21-24, 2003 at New York City's Javits Center.
Linux.Conf.Au speakers announcedThe list of speakers has been announced for the Linux.Conf.Au 2003, to be held in Perth, Australia on January 22-25.
O'Reilly Emerging Technology Conference CFPA call for participation has been sent out for the O'Reilly Emerging Technology Conference, to be held on April 22-25, 2003 in Santa Clara, CA.
Events: Nov 21, 2002 - Jan 16, 2003
Software announcements This week's software announcementsHere are the software announcements, courtesy of Freshmeat.net. They are available in two formats:
Page editor: Forrest Cook Letters to the editor Release of LWN to non-subscribers
Hi, I must admit to being surprised at the 2300 subs level. Are there only 2300 people interested in reading the most informative bunch of electrons about Linux that is around? Although it may go against the "information just wants to be free" idea, I want to ask what the imacpt of releasing LWN weekly edition, 1 month later to non-subs would be. I would imagine you have an idea of how often pages are visted vs time. Do you see a large number of people visiting the weekly edition once it is released for free? My subscription to LWN was pure altruism. I could easily wait 1 week but I value the information you supply and are happy to pay for it. Regards, Stephen Howell
Re: Why Linux is a desktop dud
Hi, You article on ZDNet was very interesting and very positive towards Linux. I think you should look at the recent Linux distributions and you will find that normal tasks are pretty easy, and they will be much easier soon. I would say that you missed the real reason why Linux will be a dud for some time to come on the home desktops. The reason is lack of native games. That is the single biggest reason why people want Windows. There are emulators for running Win apps on linux but running games is not very useful, because it will not work as well as on Windows. That is what interests most users. But I expect that the situation is beginning to improve. Hardware is already not a problem for Linux, as its got big in the Server space. Atleast you can buy a Linux PC from Walmart. On the desktop first Linux is getting into POS devices. Next would be corporate desktops, in positions that have not to use speciallized apps available only on Windows (This is already happening). Then we will see a demand for those speciallized apps for Linux just like the special effects industry went through recently. I expect this to happen by the end of next year. When we start getting speciallized apps (2-3 years down the line) Linux penetration would be enough for the game industry to start looking at Linux more seriously. When we get moderate no. of games on Linux, we will be above 20% penetration in the home user base. This should happen by 2006. regards, -anand
Page editor: Jonathan Corbet
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||