LWN Weekly Edition
Leading itemsSecurity
Kernel development
Distributions
Development
Linux in the news
Announcements
Letters to the editor
->Multipage format
This page
Previous weekFollowing week
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
LWN.net Weekly Edition for December 12, 2002Restarting free SourceForge developmentBack when VA Linux Systems (now VA Software) launched SourceForge, the company put the underlying source code out under the GPL. VA was, at that time, very much an open source company, so releasing the code was a natural thing to do. Since then, VA has transformed itself from an open source hardware company to a proprietary software company based on SourceForge. So it is not all that surprising that VA's enthusiasm for free SourceForge code releases has waned; the last such release (from the "alexandria-dev" project) is dated November 4, 2001. Since then, VA has limited itself to proprietary releases.The free SourceForge releases are just that, however: free. And since they are free software, there is no need to wait for VA to make new releases. So it should come as no surprise that a number of SourceForge fork projects have appeared. Most of these are the basis for other SourceForge-like development sites:
All of these projects have provided useful resources for the free software community. They all have, however, gone off in their own directions to attain their specific goals; in none of these cases has the general development of the SourceForge code been one of those goals. (This is not a criticism - realistic projects can only take on so much). Thanks to a note from Rick Moen (which is also the source for the version information above), we have been clued in to the GForge Project, which is trying to get development of the SourceForge code back on track. GForge is headed up by Tim Perdue, who certainly has the right credentials for the job: he was the original author of a good chunk of the original SourceForge system. GForge has started with the most recent code from the SourceForge.net CVS server, which has been deemed version 2.61. It has since been enhanced with Jabber support, an improved interface, a new forum system, and easier installation. Quite a bit of effort has also gone into cleaning up the code; optimizations for hundreds of thousands of users have been deemed unnecessary, and "foundries and related nonsense" have been excised from the code base. And, of course, the whole thing is licensed under the GPL. GForge should become the new focal point for development of the SourceForge code. The Debian-sf project is already working with GForge; Debian users can, with a suitable configuration file entry, install GForge with an apt-get command. One can only hope that GForge will lead to a new set of free software development sites popping up on the net, and further diversification away from the "official" SourceForge site. SourceForge remains a very expensive form of advertising for a company which has lost interest in free software; relying on its continued existence forever would be foolhardy. As LWN has said before, VA has done the free software a great service by running SourceForge for the last three years. In the long run, however, it may turn out that the greater service was releasing the SourceForge code under the GPL. That release has allowed the community to continue to use and develop the SourceForge code after VA's business needs drew its attention elsewhere. We will reap the benefits of that gift long after SourceForge.net has shut down.
Linux and the total cost of ownershipWe have seen, in recent days, a flurry of reports and analyst proclamations to the effect that, while costing more up front, Windows ends up being cheaper than Linux when the "total cost of ownership" (TCO) is figured. This cost includes things like staff time, training costs, etc. Certainly it makes sense to take a broad view of what a particular computing system really costs to operate. And, certainly, the analyst reports are objective; they would never, ever, after all, bias their reports in favor of the large corporation that has paid for the work.Even so, some questions come to mind. Your editor, who, in a previous life, managed a medium-size system administration group, observed that a single Linux or Unix system administrator could handle about twice as many systems as a single Windows administrator. As Windows systems replaced Unix systems on desktops, the administration staff had to grow. Many others have publicly noted a similar pattern. The observations of people actually running system management groups do not carry the weight of a scientific analyst report printed on Very Heavy Paper, but one might still ask: how is it that Windows is cheaper to run when more people are required to do the job? Windows systems have well-known virus problems. Large scale virus attacks have led to direct costs for companies estimated in billions of dollars. Most large networks require constantly-updated virus scanning systems, active mail filtering, and regular "don't open that attachment" user cluestick sessions. All this is expensive; have these costs been figured into the TCO calculations? Amazon.com claims to have saved $17 million by switching to Linux. E*Trade, too, saved a lot of money by going to Linux. The City of Largo, Florida, claims to save at least $1 million each year from its switch to Linux desktop systems. Why didn't they switch to Windows, if it is so much cheaper? (As an aside, this NewsForge followup on Largo is well worth a read). Linux-based systems can often run on the same hardware, without upgrades, for longer. There is far less pressure for constant system upgrades - and no EULAs requiring such upgrades. Have the costs of the additional hardware and software upgrades required by Windows been taken into account? Software license management is expensive. Companies must track the license for every application installed on every system on their networks, and they must cope with occasional annoyances like BSA audits and raids. Tracking thousands of licenses on thousands of systems is not a part-time job; have licensing compliance costs been figured into the TCO studies? And so on. The real point is this: we should not give up the TCO argument easily. Linux systems are, beyond doubt, overly difficult to administer - especially for certain kinds of environments. There is a lot that can be done to reduce ownership costs for Linux systems. But, even so, the "Windows is cheaper" argument has not been made in any sort of convincing way.
Three important trialsThis has been a busy week for courts worldwide; important issues have been heard on three different continents. For those who have not been following them all...In the U.S., the ElcomSoft trial was finally held this week after having been delayed when the defendants were not allowed to enter the country. The defense has stressed constitutional issues and fair use, but the judge has not been interested. For example, ElcomSoft was not allowed to discuss legitimate uses of ElcomSoft's eBook reading software. As predicted, this case is working with a very tight reading of the DMCA, and it seems unlikely to go in ElcomSoft's favor. The trial will determine only whether ElcomSoft was in violation of the DMCA as it is written; any constitutional challenges to the DMCA will have to wait for the appeal. As of this writing, the arguments were complete, but the case had not yet gone to the jury for a verdict. In Norway, Jon Johansen is standing trial for his role in the creation and distribution of the DeCSS software. The prosecution is trying to prove that DeCSS's purpose is to help DVD piracy; this despite the fact that real pirates have no need for such a tool. Attempts have been made to discredit Jon's defense by pointing out that he developed the code on Windows. This trial is still underway as of this writing. (See also: this account of the first day of testimony). Meanwhile, in Australia, the country's high court has ruled that Dow Jones can be sued for libel in Victoria over an article published on its web site (in the U.S.). An increasing number of countries seem to believe that their laws apply to Internet activity anywhere in the world. If people can be hauled across oceans to face libel claims, they certainly can be made to face other sorts of charges - patent infringement or circumvention of copy protection, for example. This article in The Economist suggests that, in the future, publishers will block access to their material from countries with hostile libel laws. It would be a shame if distribution of free software had to be restricted in similar ways.
Security Brief items The Ptech Incident[Editor's note: this article was contributed by LWN reader Tom Owen.]Federal and state agents who visited Quincy, Mass. software house Ptech last week were probably mostly looking for financial links to al-Qaeda. So perhaps it's just an unfortunate co-incidence that by Wednesday morning the Ptech customer list had been removed from their web site. It was still cached at Google, though, and the names on it are a testament to the lure of the product and efficiency of the Ptech sales team. How happy the US Air Force, NATO, Mitre and the FBI are to discover that their knowledge management software comes from a firm under such detailed investigation has yet to emerge, but officials for the White House and the US Attorney in Boston have certainly been quick to say that the software presents no obvious risk. Which raises the question: how do they know? Sensitive government and defense agencies probably won't load their operational information on to a knowledge management system without some sort of scrutiny of the software. There's no need for an Open Source license -- any client with sufficient clout can cut a deal for source access. The trouble is that a $1000 per day security consultant, faced with half a million lines of Visual Basic and a non-disclosure agreement, is going to need extraordinary powers to find twenty lines buried in, say, user management, which phone home with a document index. Source access or not, it still comes down to trust, of the company and each individual developer. A true open source project is a very different matter. It's not possible to fool the whole developer community -- a secret like that just won't keep. It might be possible to corrupt individuals, and it's certainly possible for terrorists to join and contribute code. But the bent code is there for all to see, and the folks reading it are developers intimately familiar with the purpose and structure of the system. A trapdoor or a leak is still possible, but it's much more likely to be spotted. Wired quotes Michael Wendy of the Initiative for Software Choice:
"It's important to note that a development model is only a process,"
Wendy said. "It does not guarantee, in and of itself, that a product
produced under one type of model will be any better than another product
produced under a different model. In other words, no single development
mode inherently produces safer, more secure software."
It's not bad for a first try, but the ISC will have to do better than that.
Understanding the Windows EAL4 ratingMicrosoft has made a fair amount of noise about the "Common Criteria EAL4" rating recently awarded to Windows 2000. For those of you who are curious about what that actually means, this article by Jonathan Shapiro is well worth reading.
EAL4 means that the design documents were reviewed using
non-challenging criteria. This is sort of like having an accounting
audit where the auditor checks that all of your paperwork is there
and your business practice standards are appropriate, but never
actually checks that any of your numbers are correct. An EAL4
evaluation is not required to examine the software at all.
In other words, this certification does not mean a whole lot. People who are interested in the security of their systems still need to look at the systems themselves and draw their own conclusions; there is no magic rating that will take the brain work out of the process.
New vulnerabilities Canna server: exploitable buffer overrun
OpenLDAP2: remote command execution
smb2www: arbitrary command execution
wget:directory traversal bug
Updated vulnerabilities Apache shared memory scoreboard vulnerabilities
Heap corruption vulnerability in at
BIND8: Multiple vulnerabilities
bind buffer overflow vulnerability in DNS resolver libraries
dhcpcd: Character expansion vulnerability
Potential unauthorized root access vulnerability in dietlibc
dvips: command execution vulnerability
Filename disclosure vulnerability in fam
Another set of fetchmail buffer overflows
GNU fileutils race condition
freeswan: Denial of Service
Potential remote root exploit in glibc
glibc: DNS stub resolvers contain buffer overflow vulnerability
Buffer overflow in groff
gtetrinet: buffer overflows
html2ps: arbitrary code execution
IM: creates temporary files insecurely
UW imapd remotely exploitable buffer overflow
kdelibs: Vulnerabilities in KIO subsystem support
kdenetwork: buffer overflow
kernel: local denial of service vulnerability
krb5: Buffer Overflow in Kerberos Administration Daemon
lynx: CRLF injection vulnerability
perl-MailTools: remote command execution
Cross-site scripting vulnerability in mhonarc
PHP Remote Compromise/DOS Vulnerability
mod_ssl: cross site scripting problem
Mozilla: Privacy leak and other vulnerabilities
ypserv: NIS information leak
Buffer overflow in nss_ldap
PHP: vulnerability in mail function
pine: buffer overflow parsing "From:" addresses
Buffer overflow vulnerabilities in PostgreSQL
Local arbitrary code execution vulnerability in Python
Multiple-use vulnerability in Safe.pm
squirrelmail: cross-site scripting vulnerability
File overwrite vulnerability in tar and unzip
tcpdump: buffer overflow
Multiple vendor telnetd vulnerability
Tomcat 4.x JSP source code exposure vulnerability
traceroute-nanog: buffer overflow and root exploit
webalizer: reverse DNS buffer overflow vulnerability
Webmin/Usermin vulnerabilities
wmaker: buffer overflow in Window Maker image handling code
Multiple vulnerabilities in wordtrans
Problems with libgtop_daemon
Wwwoffle remote privilege escalation vulnerability
Resources Sourcefire announces Intrusion Management SystemSourceFire has sent out a press release describing its new "Intrusion Management System." "Sourcefire IMS provides users with advanced data management and event correlation capabilities, in addition to its industry leading intrusion detection and enhanced scalability."
/etc/inittab - The Most Overlooked Cracker HavenThe December 5 "Linux Security: Tips, Tricks, and Hackery" newsletter looks at /etc/inittab as a hiding place for cracker back doors.
Linux Advisory WatchThe LinuxSecurity.com Linux Advisory Watch newsletter for December 6 is available.
Page editor: Jonathan Corbet Kernel development Brief items Kernel release statusThe current development kernel is 2.5.51, which was released by Linus on December 9. It's a huge patch containing several hundred changesets; some of the more significant changes include a big frame buffer device merge, some memory management performance improvements, an ACPI update, various architecture updates (PPC64, S/390, x86-64, SPARC64), a reorganization of the AGP code, a Linux Security Module update, the addition of the Twofish and Serpent crypto algorithms, a new system call restart mechanism (see below), an XFS update, more driver model work, more loadable module fixes, and a long list of other fixes and updates. The long-format changelog has the details.The current 2.5 Status Summary from Guillaume Boissiere is dated December 10. Dave Jones has released a new version of his 2.5 Changes Document, which is a comprehensive look at what has changed in this development series. The current stable kernel is 2.4.20. Marcelo started the 2.4.21 process on December 10 with the first 2.4.21 prepatch. It includes a bunch of new IDE code, a number of driver updates, a Summit chipset support update, and, of course, a fix for the data=journal ext3 corruption bug (see below). "Test it carefully, since the new IDE code is not yet fully tested. Do not use it with critical data." Alan Cox has released 2.4.20-ac2, which adds a number of fixes (some backported from 2.5) to the 2.4.20 kernel.
Kernel development news The 2.4.20 ext3 corruption bugShortly after the release of the 2.4.20 stable kernel, word got out that there was a bug which could lead to corruption on ext3 filesystems. This particular bug will not affect all that many users: to be bitten, one must (1) use the non-default data=journal option, and (2) unmount the filesystem after making changes, but before those changes are synced to disk. Nonetheless, filesystem corruption is not a good feature to include in a stable kernel release.2.4.20 users who wish to be protected from this bug should apply this patch from Andrew Morton. Andrew also includes some information on how the bug came to be. The trouble, it seems, comes from a longstanding confusion between two operations:
The write_super() filesystem operation once performed the second operation above. A full sync, however, requires waiting for all of the I/O operations to complete. Most of the time, that is not what the kernel wants to do; it simply wants to get dirty buffers headed toward the disk sometime soon. So the ext3 write_super() method was made asynchronous, as a way of increasing performance. After another tweak went in, however, the lack of synchronization allowed the filesystem to be unmounted before the data actually made it to disk. And that, of course, led to corruption. The solution is to properly separate the two operations. So Andrew's patch adds a new sync_fs() operation; it writes everything to the filesystem, and does not return until the job is done. With this patch in place, write_super() can be safely made into an asynchronous flush operation; kernel code which needs to be sure that everything has been written out will use sync_fs() instead. Andrew has also posted a version of the patch for the 2.5 kernel. It is a more extensive change (though the patch is still small) in that it tries to improve performance by getting all sync operations going before waiting for any of them.
A new system call restart mechanismSystem calls often have to wait for things - I/O completion, availability of a resource, or simply for a timeout to expire, for example. Normally the process making the system call becomes unblocked at the appropriate time, and the call completes its work and returns to user space. What happens, though, if a signal is queued for the process while it is waiting? In that case, the system call needs to abort its work and allow the actual delivery of the signal. For this reason, kernel code which sleeps tends to follow the sleep with a test like:
if (signal_pending(current))
return -ERESTARTSYS;
After the signal has been handled, the system call will be restarted (from the beginning), and the user-space application need not deal with "interrupted system call" errors. For cases where restarting is not appropriate, a -EINTR return status will cause a (post-signal) return to user space without restarting the system call. In general, this mechanism works reasonably well. But, what about cases where the system call should not just be restarted from the beginning? The case which raised that question is the nanosleep() system call, which puts the process to sleep for a (potentially) short time. By the POSIX standard, nanosleep() should not return early as a result of a signal if the process has no handler for that signal. So the call should be restarted. The problem is that the argument to nanosleep() tells how long the process wants to sleep - not when it wants to wake up. When the call is restarted, it must take into account how long the process had slept before the signal, and how long it took to deal with the signal, and adjust the sleep time accordingly. In other words, it should save the absolute time when the process wanted to wake up, and the restarted call should sleep until that time (or just return if the time has already passed). But there is no easy place for a system call to save that sort of information. To solve this problem, Linus added a new mechanism to the 2.5.51 kernel, based on work by George Anzinger. This mechanism allows interrupted system calls to specify a different function to run when the call is restarted, along with information to be passed to that function. Specifically, the thread_info structure now includes a restart_block structure. A system call needing different restart behavior can put a restart handler function into that structure, along with some arguments for that function. Then, if interrupted, the system call should return -ERESTARTSYS_RESTARTBLOCK. After the signal is dispatched, and if there was no handler specified by the process (and the process still lives), the function in the restart block will be called, with the block itself as an argument. nanosleep(), which is currently the only user of this mechanism, need only save the wakeup time in the restart block, along with pointers to the user arguments. Interrupted sleeps will now be handled properly. It is not clear how many other system calls will make use of the new restart system; in most cases it is better to just return -EINTR in complicated situations. But, for cases where you really need to see the operation through, the new mechanism should help.
Shrinking the x86 stackThe kernel stack on x86 systems is two pages - 8KB - in length. This stack area exists for every process on the system; one can easily see that, in a system with a large number of processes, the amount of memory given over to stacks could get large. This memory is unpageable kernel memory; it also requires an "order one" (two page) allocation for every new process. As memory becomes fragmented, multi-page allocations get harder to satisfy, and creation of new processes can fail. So there are plenty of reasons for wanting to reduce the size of the kernel stack.Dave Hansen has posted a patch (originally by Ben LaHaise) which cuts the per-process kernel stack down to a single page. To accomplish that, this patch must do a few things:
This patch does not try to address the problem of kernel code which puts large variables on the stack. Heavy stack usage has always been considered poor form, but there are still kernel functions which do it. A smaller kernel stack would, undoubtedly, increase interest in fixing those functions. A variant of the smaller-stack patch has been circulated before, but Linus has not commented on it. It is not clear whether this patch, at this time, would pass the "feature freeze" test. The idea probably makes enough sense to be integrated at some point, however, whether in this development series or the next.
Patches and updates Kernel trees
Core kernel code
Development tools
Device drivers
Documentation
Filesystems and block I/O
Janitorial
Memory management
Networking
Architecture-specific
Security-related
Benchmarks and bugs
Miscellaneous
Page editor: Jonathan Corbet Distributions News and Editorials Linux for phones and other toysEmbedded Linux is widely used in all sorts of gadgets. Tiny computers running tiny versions of Linux can be found in all sorts of applications from cars to coffee pots. Unlike a desktop computer, most users never interact directly with the computer embedded in a device, or care about what operating system is making it all work. Of course, LWN readers are more likely to care about such things than the average user.There are over two dozen embedded distributions in the Embedded Section of the LWN Distributions List. At least a dozen more can be found scattered through other sections of the list. A testament to the volume of embedded distributions, and the need the get the LWN Distribution list into a real database so that embedded distributions, PDA distributions, firewall/VPN distributions, etc. can be found in all appropriate categories. The point is, there are many embedded Linux distributions that are rarely covered outside of their slot in the list, and probably many more that never made it to list. When we do cover them, its because some new gadget has been released -- and LWN runs a press release about the gadget while the underlying distribution gets at most a brief mention. However, since LWN no longer has a Commerce page and these press releases caught our eye, we have a couple of embedded distributions to talk about today. The first press release is from Eforce Holdings Limited, Culturecom Holdings Limited, and Mobile Telecom Network Holdings Limited, who have jointly introduced the Chinese 2000 Mobile Linux Operating System for mobile devices. Chinese 2000 Mobile, may or may not be related to a long time member of the LWN list Chinese 2000 Linux (website in Chinese), which appears to be a desktop and server distribution. The next announcement comes from MontaVista Software and Texas Instruments, who are working together to provide an embedded Linux platform for OMAP application processors to target 2.5G and 3G handsets and other applications. "With the industry-leading MontaVista Linux embedded operating system and cross-development platform, embedded application developers and original equipment manufacturers (OEMs) will be able to quickly create OMAP processor-based, multimedia-enhanced applications for advanced wireless devices, telematics, biometrics, enhanced gaming and specialized personal digital assistants (PDAs)."
Distribution News Debian GNU/LinuxThe Debian Weekly News for December 10, 2002 is available. This week covers: Changing the Bug Submitter Address; Additional TuxRacer Courses; Writing Packages Descriptions; and much more.Martin Schulze provides a status report for Debian GNU/Linux 3.0r1 (woody update). Colin Watson reports that the old close/reopen sequence for changing the submitter address on a bugs.debian.org bug report is now deprecated, since it had unwanted effects on merged bugs. Tollef Fog Heen announced the first public alpha of debian-installer, the next-generation installation system for Debian. Debian-installer is modeled after some of the points which make Debian so hugely successful: good configuration management (debconf, in a C reimplementation), good package management (through anna, whose acronym expands to anna's not nearly apt) and other custom, sized-down versions of the standard Debian tools like dpkg.
Mandrake LinuxA problem exists with devfsd handling of ida devices (aka compaq smart array). The system will not boot if "devfs=mount" is passed to the kernel on the boot loaded command line. The system will boot, however, if "devfs=nomount" is passed to the kernel. Devfsd would incorrectly set the old ida compatibility links to device entries in /dev. This new package corrects this problem.A bug in the arts spec removes /usr/lib/qt3/lib from /etc/ld.so.conf upon removal (which can be invoked during an upgrade as well). This update fixes the problem. Arkeia Corporation announced that its enterprise backup solution is now included with the new Mandrake Linux 9.0 software package.
Minor distribution updates Astaro Security LinuxAstaro Security Linux has released beta v3.318 with major feature enhancements. "Changes: This is the first BETA for the upcoming version of Astaro Security Linux 4.0. There are lot of new features, such as VLAN, WLAN, PPPoA, POP3 proxy with virus protection, LDAP authentication, PPTP with radius, enhanced IPSec, and much more."
floppyfwfloppyfw has released stable version 1.0.15 with minor feature enhancements. "Changes: The kernel was updated to version 2.2.23."
KNOPPIXKNOPPIX has released v3.1-07-12-2002 with major feature enhancements. "Changes: This version includes a rewrite of partition and filesystem detection, Spanish translations for scripts, automatic desktop icons for USB storage devices, the Linux kernel 2.4.20 with XFS and JFS, updates to hwdata, a Prism2 module, PCMCIA workarounds for Dell notebooks, DRI support for more graphic cards (esp. ATI, tested with chromium), and lots of small fixes and updates."
Mindi LinuxMindi Linux has released v0.80 with major feature enhancements. "Changes: On-screen progress reporting is more informative. LVM and RAID partition layouts are better supported. DevFS and Compaq Proliant support has been improved."
RxLinuxRxLinux has released v1.2.0 with major feature enhancements. "Changes: Rxlinux now support 3 types of software packages: iso, ziso, and tgz (iso9660 filesystem, compressed iso9660 filesystem, and regular tar.gz, respectively). Iso and ziso can be mounted directly from the cdrom. Software packages can also be deployed on the hard drive or in ramdisk. The rxmaster configuration tool as been redesigned for more simplicity and functionality."
uClinuxuClinux has released v2.4.20-uc0 with major feature enhancements. "Changes: Merging in the latest kernel updates from 2.4.20."
WarewulfWarewulf has released v1.6 with major feature enhancements. "Changes: This is a development release that incorporates a lot of changes that bring Warewulf in the direction that it needs to be going. The warewulf-init init.d script has been built to set up the node environment and hardware/drivers. RPMs have been configured to be 4 packages (warewulf, warewulf-node, warewulf-nodefs, and warewulf-isokit). The ability to try to mount any local node partitions at node boot has been added."
Distribution reviews Lindows 3.0 More Stable (ExtremeTech)ExtremeTech reviews Lindows 3.0. "This release promises a number of tweaks and additions to Lindows. The Lindows developers have focused on stability and they've addressed the "run as root" problem we highlighted in our earlier review by letting you add additional users, with different permission levels."
Page editor: Rebecca Sobol Development Turn-Key Linux AudioThe Eastman Computer Music Center has released their Turn-Key Linux Audio installation package."Turn-Key Linux Audio is a scripted installation package for the core set of linux audio applications used at the Eastman Computer Music Center (ECMC). It contains among its many tools over a decade's-worth of powerful shell scripts, smart aliases, tutorials, documentation, shell level environment variables for multi-media linux/unix workstations, and a library of powerful templates and macros (Csound, Score11, SMS, PVC, Rt, Vspace, etc) created by composer, teacher, and ECMC director Allan Schindler." Turn-Key Linux Audio is designed to install on the Mandrake 9.0 distribution. The Installation instructions appear to be fairly straightforward, involving the download of a tar file, and execution of an install.sh script from a root account. The installation script is designed to streamline the process of adding a big collection of audio software to the system, it handles the time consuming and sometimes difficult task of managing package dependencies. Turn-Key Linux Audio provides a wide variety of popular open-source software tools. The software categories include Sythnesis/Composition, Players/Recorders, Mixing, Utilities/Other, and a large number of scripts that address common audio processing needs. Some popular packages that don't show up in the software list include: The Festival Speech Synthesis System, compression utilities like Ogg Vorbis and mp3, and drum machines such as Robert Muth's Trommler. However, with the incredible list of available software, a few omissions are understandable. The Turn-Key documentation includes a typical set of package documents as well as a list of useful links to the many audio components that are part of the system. The Turn-Key FAQ is still fairly short at this point in time. One important question that doesn't appear to be answered is: "how much disk space does a full Turn-Key installation require?". Participation in the Turn-Key project is being encouraged, audio software writers may find it to be a useful way to get their wares into wider use.
System Applications Audio Projects GStreamer 0.5.0 releasedVersion 0.5 of the GStreamer streaming-media framework is out. "This release has mainly focused on code clean-up and rounding out of the features. Large chunks of GStreamer are API stable at this point."
libsndfile 1.0.3 releasedVersion 1.0.3 of the libsndfile audio library is out with a few minor bug fixes.
swh-plugins 0.3.3 announcedVersion 0.3.3 of the swh-plugins audio effects software is out. This version features a newly improved Bode shifter and an AM pitch shifter.
Audiality 0.1.0 releasedVersion 0.1.0 of Audality has been released. "Audiality is an audio engine originally designed for playing music and sound effects in games. It is designed from the ground up with real time operation in mind, which means that it can take advantage of real time scheduling on operating systems that support it, for fast response and reliable output. That means that with a suitable operating system, you can play Audiality like a MIDI synth, with no more latency than a well designed hardware synth." The main news is the creation of an Audality web page.
Ogg TrafficThe December 8, 2002 edition of Ogg Traffic is out with Ogg Vorbis development news. Topics include: A Message from Emmett Plant, Status Updates, Very Low Bitrate Encoding, YATT (Yet Another Transcoding Thread), Ogg Vorbis in Games, and (A kind of) Hardware Ogg Vorbis player.
Electronics gEDA development newsThe latest new software from the gEDA (GPL Electronic Design Automation) project includes version 0.7 of the Icarus Verilog electronic simulation language compiler.
Networking Tools gFTP 2.0.14 has been releasedVersion 2.0.14 of the gFTP FTP client is out. Changes include key bindings for edit dialogs, changed SSH behavior for bookmarks, fixes for "ext=" lines in the config file, and updated translations for French, German, Polish, and Chinese.
Top Five Open Source Packages for System Administrators (O'Reilly)Æleen Frisch covers Nagios (formerly called Netsaint) in part four of her series on open source packages for systems administration. "The second place in my top five tools list goes to Nagios, written by Ethan Galstad. Nagios is a feature-rich network monitoring package. Its displays provide current information about system or resource status across an entire network. In addition, it can also be configured to send alerts and perform other actions when problems are detected. This week, we'll look at the sort of monitoring that Nagios provides and also briefly discuss configuring the package."
Printing LPRng-3.8.19 releasedVersion 3.8.19 of the LPRng print system is available and features a bug fix. Version 3.8.18 was also released recently and has a new fifo option. See the CHANGES document for more details.
LinuxPrinting.org newsThe latest news on LinuxPrinting.org includes a fix for a foomatic-gswrapper bug, web site improvements, and the release of version 2.9.0 of the Foomatic printer support database.
Web Site Development Zope Members NewsThe most recent headlines on the Zope Members News include: ZWiki 0.13.1 released, RenderPM 0.4 released, Ordered List reaches develpment version 2.1, CMFCollectorNG 0.10 released, and Fle3 version 1.4.0beta released.
Zope NewbiesZope Newbies has the following article topics: Itamar on Zope3, Security Alerts, Top Five Open Source Packages for System Administrators, Manage Metadata with MusicBrainz, and Zope 2.6 and gzip.
ZODB3 3.1.1b1 releasedA new version of ZODB and ZEO are available. "We have made a beta release of ZODB 3.1.1 and ZEO 2.0.1. The primary change is a fix that allows transactions with multiple databases to run without deadlock. These release will correspond exactly to Zope 2.6.1b1, which will also be released today."
AdaptableStorage status updateA status update is available for the Zope AdaptableStorage project. "AdaptableStorage lets you store ZODB objects in your own database and in your format, *without* using special content classes. You can use a filesystem directory, a relational database, or whatever kind of database you might have as a ZODB."
Improving mod_perl Sites' Performance: Part 5 (O'Reilly)Stas Bekman continues his series on optimizing mod_perl performance with part five. "As we have learned in the previous article, sharing memory helps us save memory with mod_perl, giving us a huge speed increase; but we pay the price with a big memory footprint. I presented a few techniques to save memory by trying to share more of it. In this article, we will see other techniques allowing you to save even more memory."
Miscellaneous mdadm: A New Tool For Linux Software RAID Management (O'Reilly)Derek Vadala explains the use of mdadm for managing raid disk arrays under Linux.
Desktop Applications Audio Applications Sweep 0.5.12 availableVersion 0.5.12 of Sweep, an "audio editor and live playback tool", is available. This version features an updated Italian translation, new sample rate conversion capabilities, the capability to preview a cut wav file, preroll to curser for playing sound before the cursor, and lots more.
Desktop Environments KDE 3.1 release delayedKDE.News reports that the KDE 3.1 release has been delayed into January. It seems that a partially-complete security audit turned up enough stuff that the developers need a bit more time to clean things up. It is obviously the right decision; thanks are due to the KDE team for taking the best interests of its users into account.
KDE-CVS-DigestThe December 6, 2002 KDE-CVS-Digest is out with the latest KDE development news. Topics include: Patience is a Virtue, New Release Manager, Bug Fixes, and Security. New features are listed for KMail, Konqueror plugins, Konsole, Kate, and KWord.
FootNotesHeadlines on the GNOME desktop FootNotes site include: Gtk# 0.6 and Mono 0.17 released, Galeon 1.3.1 (unstable) Released!, GARNOME 0.19.3: ''Smack's up!'', Pan 0.13.2.91 released, Fontilus 0.1 released, LPT Desktop 1.0.32.2 for Red Hat released, and Dropline GNOME 1.3.0 for Slackware Released, and more.
Games Pygame updatesThe most recent Pygame project updates include Pyplatform 0.0.9, Jestur veryalpha, and Outerspace .5.13.
WorldForge Game UpdatesNew game software from the WorldForge Project includes King's Feast 0.0.2 and Sear 0.4.4.
Interoperability Wine Weekly NewsIssue #147 of the Wine Weekly News is out for December 6, 2002. Topics include: News: German Wine Site, iPod + Linux + Wine, Screenshots Preview, Updated To Do List, Janitorial Projects, IWebBrowser Status, Conformance Tests Need Help, Preserving DLL Separation, Moving Wine Headers, Wine + Cygwin Update, Self-Registering DLL's, Configuring Wine, Direct3D Test Programs, and Case of Guiness Offered for Working App.
Office Applications Early Developer Release of OpenOffice Scripting FrameworkAn Early Developer Release of the OpenOffice Scripting Framework is available. "We provide a NetBeans module and a JEdit plugin to support OOo script development and deployment. You have full access to the current OOo document from your script and can use any of the Java Uno API's to manipulate it."
AbiWord Weekly NewsEdition #119 of the AbiWord Weekly News is out with the latest AbiWord word processor development news.
Web Browsers mozillaZineThe latest mozillaZine topics include: Updating O'Reilly's 'Creating Applications with Mozilla', Netscape 7.01 Released with Pop-up Blocker, Mozilla Developer Day at FOSDEM 2003, Phoenix 0.5 Released, Mozilla 1.3 Alpha Just Around the Corner, XUL Version of Most Frequently Reported Bugs Page Available, and Delivering Rich Web-based Applications with Mozilla.Also, Mozilla.org looks at Phoenix 0.5, Mozilla 1.2.1, and Chimera 0.6.
Galeon 1.3.1 tarball updatedAn updated tarball of Galeon 1.3.1 has been announced. "The original galeon 1.3.1 tarball accidentally didn't include the nautilus-view files, so we've uploaded an updated tarball. Sorry for the confusion."
Languages and Tools C++ [C++ PATCH]: Covariant returnsNathan Sidwell has contributed a patch for GCC that implements covariant return thunks. "Covariant thunks are represented much like ordinary thunks, except that they themselves can be thunked to. A this-pointer adjusting covarient thunk looks like a this-thunk to a covariant-thunk to a base function. I tidied up the naming of the thunk adjustment accessors to use fixed_offset and virtual_offset appropriately (rather than delta and vcall_offset)."
Caml Caml Weekly NewsThe Caml Weekly News for December 3 to 10, 2002 is out with lots of useful Caml articles.
The Caml HumpThis week, the new software on The Caml Hump includes ocaml2, ocamlgsl, and ara, "A utility for doing boolean regexp queries on the the Debian package database".
Java JavaCC, parse trees, and the XQuery grammar (IBM developerWorks)Howard Katz introduces JavaCC in part 1 of a 2 part series on IBM's developerWorks. "After a brief discussion of grammars, parsers, and BNF, this article introduces JavaCC, a popular parser generator tool. You'll develop sample code that uses JavaCC to build a custom parser, starting from a BNF description of the grammar."
Programming Jakarta Struts: Using Tiles, Part 4 (O'Reilly)Chuck Cavaness concludes his series on Jakarta Struts with part 4. "The tiles shown so far add value to an application because they organize the layout of a page in a single resource, the layout JSP page. This can save development time and, more importantly, the time it takes to change the layout for an application. However, there is a problem with the approach used in the Storefront application shown earlier. In each of the non-layout tiles, there is redundant code that specifies what content to use for the header, menubar, and copyright content--the same attributes are being passed in every page. This may not always be the case, but in general, these values will be constant throughout an application. For instance, the same copyright is typically shown on every page."
Lisp LISA 2.0.1 releasedVersion 2.0.1 of LISA (Lisp-based Intelligent Software Agents), a Lisp platform, is available.
CL-SDL 0.1.0 releasedThe first public release of the new development tree of CL-DSK is available. "CL-SDL provides Common Lisp bindings for the SDL (Simple DirectMedia Layer) and OpenGL multimedia libraries. It is available for all the Lisp implementations supported by UFFI."
CLUnit 1.3 releasedCLUnit version 1.3 is available. "This version changes test objects to structures and makes sure that the system is both compilable and loadable. CLUnit is a unit test framework for Common Lisp similar to the ones used with the eXtreme Programming methodology. It runs under ACL, GNU CLISP, CMU CL, Corman Lisp and LispWorks."
Perl ActiveState Releases ActivePerl 5.8.0 Beta 1 (use Perl)Use Perl has an announcement for ActivePerl 5.8.0 Beta 1. "ActiveState has ActivePerl 5.8.0 Beta 1 available for download. Choice of Windows, Solaris, Linux binaries, as either Tar/Zip or native Installer (pkgadd, RPM, DEB)."
This Week on perl5-porters (use Perl)The December 2-9, 2002 edition of This Week on Perl5-Porters is out. Topics include: Alisiasing magic variables (in English.pm), Mathematics, getservbyport, $ENV{TERM} and taint checks, More UTF8 locale bugs, ExtUtils::ParseXS, and more.
Gtk+ 2.x wrapper released (use Perl)Use Perl mentions the release of Gtk+ 2.x wrapper. "To replace the stalled Gtk/Gnome wrappers for the old 1.x libraries, used by Gnome and lots of other applications, a pan-european team has been hacking furiously."
PHP PHP Weekly SummaryTopics on this week's PHP Weekly Summary include: Zend Fast Cache, FastCgi Sapi, Imagick 0.9.0.1, Handling fatal errors, ext/java, Reduce Codebase, More Iconv Functions, OpenSSL, and more.
Generating One-Time URLs with PHP (O'Reilly)Daniel Solin shows how to generate one-time URLs in PHP on O'Reilly's ONLamp site. "Imagine that you're selling a digital product online. Maybe you've written an article or a book and want to sell it on your site as a PDF. There are many ways one could do this, but one of the more convenient is to provide the user with a unique URL that only will work a limited number of times. This URL could, for example, be presented to the user (your client) on the last page of an orderflow, after payment has been made. We will look at code to generate a unique URL that will work a single time."
Python Dr. Dobb's Python-URL! (December 10)Here is the Python-URL with weekly Python news and links for December 10, 2002. This week: Andrew Kuchling describes "What's new in 2.3"; Terry Reedy and others show how to think about generators Pythonically; and much more.
The Daily Python-URLThis week's Daily Python-URL article topics include: The Daily Chump Bot, PyRapi version 0.2 has been released!, PyDBDesigner 0.1pre1, PyWiew 0.4, BitTorrent, and Python and Parrot.
Ruby The Ruby GardenNew topics on the Ruby Garden include: Provide a common ancestor for GetoptLong error classes, and require default index.rb.
Tcl/Tk Dr. Dobb's Tcl-URL! for December 5The Dr. Dobb's Tcl-URL! is out for December 5, 2002 with the latest Tcl development news.
Dr. Dobb's Tcl-URL! for December 10The December 10, 2002 edition of Dr. Dobb's Tcl-URL! is also available this week with even more Tcl information.
Page editor: Forrest Cook Linux in the news Recommended Reading Three reasons for newbie-centric culture shock (LinuxWorld)Is there such a thing as too many choices? Joe Barr thinks there just might be in this LinuxWorld article. "Choice. It's all about choice. That's why there is a Linux in the first place. The dark side prefers one choice on the ballot: upgrade to the next version of Windows. I suppose it shouldn't come as a surprise that those crossing over these days may be frightened by the long list of choices they have to make just to surf the Web, write a letter or IM that babe they met at the Seniors Activity Center."
Largo loves Linux more than ever (NewsForge)NewsForge follows up on the continued use of Linux in Largo, Florida. "We're back in Largo, Florida, checking on advances in the Linux-based network they use to run the city's computers that we wrote about last year. True to Largo's "City of Progress" motto, these guys have not been standing still. Now they're talking about Linux-based terminals in all the city's police cars. Microsoft has tried -- and failed -- to bring them into the proprietary fold. And, possibly most important, we have an amazing cost figure that ought to make you ask your local politicians why their IT operations aren't as efficient as Largo's."
Microsoft to offer Linux software? (CNN)CNN looks into a META Group study which predicts that Microsoft will start developing software for Linux. ""We believe that, beginning in late 2004, Microsoft (and its partners) will begin moving some of its (to-date) proprietary application enablers (e.g., .Net components) to the Linux environment; this will gradually include the major Microsoft back-office products, such as SQL Server, IIS, and Exchange," META Group said."
Raided Firm's Software Checks Out (Wired)Wired covers a company called Ptech, a Massachusetts technology firm U.S. federal agents suspected might be linked to terrorist groups. "Some said the Ptech incident proves that government should rely on open-source software. "This is exactly why open-source software advocates promote open code, to allow peer review and preclude such things from happening," said security consultant Richard Forno. "It works for both a security and operational stability benefit.""
Trade Shows and Conferences Linux Is No Longer Just an Upstart (Boston Globe)Here is an article from the Boston Globe reporting from the Enterprise Linux Forum. "...Linux has mastered the art of linking thousands of small computers together to form powerful data networks. For instance, Lawson Stores, a large retail chain in Japan, uses 15,000 networked Linux boxes as point-of-sale terminals. In addition, Linux is routinely used on clusters of powerful computers linked together to run demanding scientific and technical applications, as well as processing visual effects for popular movies like "Shrek.""
Companies IBM debuts new Linux-only server (News.com)News.com covers IBM's new Linux-only server. "IBM's pSeries machines already are available with Linux but have also required AIX, IBM's version of Unix. Now, as expected, Big Blue has modified Linux sufficiently that its p630 servers will start up without AIX."
Symbian to make Psion's OPL dev language open source (Register)The Register covers Symbian's plans to open source OPL, a development language for Psion EPOC devices. "And now, OPL is going Open Source - apparently on the say-so of Symbian. News of the move was broken on by All About Symbian by Ewan Spence of freEPOC.org, who says All About Symbian is going to be involved in the planning of turning OPL into an Open Source project."
RealNetworks to release more code (News.com)News.com covers an announcement from RealNetworks as the company plans to release more source code. "The release of the Producer source code will enable other software companies, as well as individual programmers and groups of programmers, to write their own software for encoding video and audio streams into the RealVideo 9 and RealAudio 8 format."
Business Indian Linux enthusiasts in upbeat mood (Forbes)Forbes.com covers Linux Bangalore and Bill Gates' visit to India. ""No one could have possibly arranged for more publicity for the open source movement and its importance than Bill Gates coming and giving $400 million to fight Linux," said Atul Chitnis, an adviser to the Bangalore Linux Users Group whose conference ended on Thursday. Bangalore is considered a key battleground in the tussle between the two platforms because of India's developer army which analysts say can help lower costs and boost innovation." Thanks to Biju Chacko
The true value of Linux (ZDNet)ZDNet is carrying a Meta Group pronouncement on what they think is the real value of Linux. "Astute IT organizations will recognize that Linux's true value is derived more from the price/performance of the commodity Intel hardware it enables than from its open source characteristics."
TCO RevisitedHere are two more articles looking at the Microsoft funded study by IDC which says Windows 2000 has a lower Total Cost of Ownership than Linux.ZDNet: " Certainly there are configuration issues, but having worked with both Linux and Windows, my experience over the last two years has clearly shown that Linux takes longer to configure and troubleshoot than Windows. Many of you will quickly counter that Linux servers, once they're configured, generally require significantly less troubleshooting than Windows machines. True. In fact, very true, provided you're running standard Linux installations--but who does that? The whole attraction of Linux is that we can modify its source to suit our needs." eWeek: "But this study is full of questionable assumptions. For example, it's based on a five-year technical lifetime, rather than the more common three years -- spreading upfront costs over a longer period."
Linux Adoption Open Source in the EU - how one agency introduced it (Register)The Register looks into how the European Agency for the Evaluation of Medicinal Products (EMEA) is planning on using Linux. "Hans-Georg Wagner, head of EMEA's communications and networking unit, is a self-confessed Linux fan, and hopes to be able to give Linux a bigger slice of the pie in the future, but is currently taking a hard-headed view of what Linux can and can't do for his organisation. EMEA requires 99.99 per cent uptime on its core systems, and in his view that pretty much dictates commercial Unix running on non-Intel platforms, because although Intel servers are attractive from the bangs per buck point of view, reliability can still be an issue, and Wagner can't afford to have his servers falling over. So for now, Unix does mission critical, while Linux comes in around the edges where uptime isn't quite such a necessity."
Open Nurse (LinuxMedNews)LinuxMedNews reports on a new site called Open-Nurse that aims to bring the benefits of open-source software into the world of nursing.
Use Of Contract Programmers, Linux Up Sharply (TechWeb)TechWeb examines a recent study by Evans Data Corp. which shows 70% of those surveyed are outsourcing some software work, and 60% use Linux on some servers. "While that's encouraging for Linux proponents, it isn't all good news: Linux deployment is being confined to less than one in four of a company's systems, while only 3% of companies say they use Linux on more than half their servers."
Legal Sklyarov testifies in copyright trial (News.com)News.com reports on Dmitry Sklyarov's testimony in the ElcomSoft trial. "The defense also played a tape of the speech that spurred Sklyarov's arrest. During his presentation on flaws in eBook security at the DefCon convention in Las Vegas, Sklyarov told the audience that a publisher of an eBook 'puts itself in danger' when it relies on the insecure software provided by software publishers including Adobe."
Adobe hacking case goes to the jury (News.com)Here's a News.com article about the end of testimony in the ElcomSoft trial. "Earlier in the trial, ElcomSoft had sought to enter evidence of the benign uses of the software, such as to allow visually impaired readers to transfer Adobe eBooks to reading devices for the blind. Judge Ronald Whyte refused to allow that line of defense, however, leaving the company few arguments to protest its innocence."
Stop the Broadcast Flag Mandate (Linux Journal)The Broadcast Flag Mandate is an FCC rule that would make receiving TV with free software illegal in the USA. Read more in this Linux Journal article. "Right now, the Federal Communications Commission of the United States of America is preparing to hand down a regulation, the so-called Broadcast Flag Mandate. This regulation would make it a felony to own, sell or use important free software tools of communication, such as GNU Radio, Project GNU's software-defined radio program. The issue here has nothing to do with copyright infringement, despite the claims of the RIAA, the MPAA and the AAP; the Broadcast Flag Mandate would make purely private use of GNU Radio a felony."
Adobe: Few eBook copies found (News.com)News.com reports on the ElcomSoft trial. "While cross-examining several government witnesses, including three current and former Adobe employees, [ElcomSoft attorney] Burton tried to make the case that companies are trying to use technological controls to quash a consumer's ability to perform tasks within his or her legal right--such as making a back-up copy of a document, for example."
Hacker hero, Hollywood nemesis on trial (CNN)CNN covers the trial of Jon Johansen. "The proceedings begin Monday in Oslo District Court and are expected to last five days, with Johansen taking the stand. But whatever the trial's outcome, the digital copycat is well out of the bag."
Digital copyright: overkill (Economist)Here's an article in The Economist about the ElcomSoft trial. "So far, the federal judge conducting the trial has dismissed ElcomSoft's constitutional arguments as irrelevant to the criminal case. But these are likely to become the key issues if the case, or another DMCA test case like it, goes all the way to the Supreme Court."
Interviews CNET Interview: Dan FryeNews.com interviews Dan Frye. "Four years ago, Dan Frye convinced IBM's management it would be smart to jump on the Linux bandwagon--a wise suggestion. Not only did that decision afford Big Blue a hipper image, but it also helped the company open doors that otherwise might have remained shut. A soft-spoken man with a doctorate in atomic physics, he now finds himself a spokesman for open source inside the world's biggest computer company."
CNET Interview: Bruce PerensNews.com interviews Bruce Perens. "Perens, who helped develop the Debian version of Linux, predictably expects open source to transform the governing constellation of power in the software industry. But he says this is not just the wishful thinking of an evangelist--with corporate customers increasingly fed up with strict proprietary software licenses, he maintains that open-source software will increasingly find its way into businesses no longer spooked by the concept."
Resources LinuxDevices.com Newsletter for Dec. 5, 2002Here's the LinuxDevices.com Newsletter for December 5, 2002, with all the latest news in Embedded Linux.
Manifestation of Assent (Linux Journal)Linux Journal examines some considerations and guidelines for creating software licenses that are enforceable. "Most open source licenses you'll find at www.opensource.org and all proprietary software licenses you'll find anywhere are to be interpreted under contract law. They can be enforced, like other contracts are enforced, against both a licensor and a licensee."
Group releases new Linux testing tools (News.com)News.com covers version 2 of the Scalable Test Platform from OSDL. "The software is used to test the speed of computer functions such as writing information to memory, running database software and juggling multiple tasks. OSDL says that use of its software can help offer proof that its improvements work better and therefore should be incorporated into the "mainline," or standard, Linux software."
Reviews 'Tis the season to frag with Linux (LinuxWorld)Joe Barr plays around with Cube, a first person shooter game that runs on Linux. "Cube is the name and killing is the game. Written with a single codebase to support both Windows and Unix platforms through the magic of open standards like OpenGL and SDL, the game is both free as in beer and as in speech. Cube is not bogged down with a long storyline or complex gameplay. According to the documentation, the official storyline goes like this: "You kill stuff. The end." Cube is free software, albeit not as in GPL'd code. It uses a GPL-compatible, free software-license called the Zlib license, which is similar to the BSD license."
PluggedIn: A $199 PC with no Windows, no Intel inside (Reuters)Reuters looks at $199 computers at WalMart and finds Lycoris Desktop/LX inside of some. "Freedom -- from Microsoft -- is a chief reason that consumers would buy a Linux-based machine, said Jason Spisak, marketing director of Lycoris, a nine-person start-up and one of two companies supplying Wal-Mart with an operating system for the $199 machines. The other, also Linux-based, is Lindows."
PHP5: Ready For The Enterprise? (TechWeb)TechWeb takes a look at PHP. "Combined with its favorite open source buddies, the MySQL database and the Apache web server, PHP enables even the semi-technically literate to create dynamic, database-driven, Web applications. The most popular platform for this powerhouse combination is affectionately known as LAMP (for Linux, Apache, MySQL, PHP), and is rapidly becoming one of the most potent platforms for building Web applications."
The Penguin Takes Flight (Business 2.0)Business 2.0 has an article about Miguel de Icaza and Mono. "Here's why Mono is hot: First, it promises to make translating most new Windows programs into Linux fast and easy. That means someday soon anything from Quicken to your company's supply-chain software could be ported over to Linux with the double click of a mouse. Second, Mono could speed up the development of new Linux applications by as much as a factor of three." Thanks to Ashwin N.
Absolute BSD: the Ultimate Guide to FreeBSD (Linux Journal)Linux Journal reviews Absolute BSD: The Ultimate Guide to FreeBSD by Michael Lucas. "Were one to evaluate the merit of Lucas's text based on its scope alone, one would be hard-pressed to provide sufficient praise. His 500-plus page text covers installation, help resources, backup and recovery, kernel configuration, networking, upgrading, security, the filesystem structure and hierarchy, system troubleshooting and system recovery. With such a breadth of information at our disposal, we should be empowered to perform spectacular feats with FreeBSD, right? Well, maybe."
Xandros File Manager (Consulting Times)Consulting Times takes a look at the Xandros File Manage (XFM), bundled with the Xandros Linux desktop. "What got me started on all this was a recent conversation I had with Ming Poon, the Xandros VP for software development, in which he explained why Xandros eschewed KDE's generic UNIX file manager in favor of a home-grown Xandros File Manager [XFM], that's tightly linked to the Linux OS. Now building a file manager has to be a huge task, and, in Ming's case, it's been his pet project ever since his days a manager of Corel Linux."
Miscellaneous Digital Robber Barons? (NY Times)The New York Times looks at how high-speed internet access is becoming subject to the moral equivalent of robber baron business practices. "Until recently, the Internet seemed the very embodiment of the free-market ideal ? a place where thousands of service providers competed, where anyone could visit any site. And the tech sector was a fertile breeding ground for libertarian ideology, with many techies asserting that they needed neither help nor regulation from Washington." (Registration Required) Thanks to Thomas Blankenhorn
Santa Tux's Corner: The Gift of Linux, Part 1 (Linux Journal)Linux Journal suggests the gift of Linux for your friends and family. "Can Linux banish the Blue Screen of Death to its rightful place as nothing but a bad memory? With every passing day, it seems more likely. You, my friends, know the joys of running Linux and can help bring that day a little closer. In doing so, you can make someone's holiday celebrations a little brighter. This holiday season, give the gift of Linux."
Page editor: Forrest Cook Announcements Commercial announcements Linux NetworX, HP announce clustering dealLinux NetworX has announced a deal with HP to help both provide better Linux cluster offerings. "As part of the agreement, HP will now offer Linux NetworX ClusterWorX software as a cluster supercomputing management tool and Linux NetworX will offer HP Itanium 2-based systems running Linux to customers wanting 64-bit capability for meeting their high-performance technical computing needs."
MandrakeSoft Shareholder NewsletterThe latest MandrakeSoft Shareholder Newsletter, covering the 2001-2002 fiscal year, is now available. Revenue is up to EUR 4.7 million, and the net loss has dropped to EUR 6.1 million (down from EUR 13.6 million for the previous year). The company claims that staff will continue to fall to 65 by February (down from 150 in March, 2001); "As a result, MandrakeSoft is likely to reach break-even (month by month) soon thereafter."
RealNetworks Releases Helix DNA Producer Source Code to Helix CommunityRealNetworks, Inc. has announced the Helix DNA Producer source code is now available to software developers through the Helix Community website.
First MySQL Certification Exam Goes BetaThe MySQL Core Certification exam is now into its beta period. "MySQL Core Certification is intended for individuals who assist in maintaining data in company databases, perform data analysis, import and export data, and perform other administrative functions. It covers creating and using databases and tables, as well as inserting, modifying, deleting, and retrieving data from a MySQL database."
Open Source Product Excellence Awards Expanded for LinuxWorld New York 2003IDG World Expo has announced new categories and criteria for the LinuxWorld Open Source Product Excellence Awards. Sponsored by OSDN and presented in conjunction with the UniForum Association, the Open Source Product Excellence Awards will recognize Open Source product and service innovations by LinuxWorld exhibitors.
Upcoming Events LAD Meeting at ZKM,There will be a meeting of the Linux Audio Developers (LAD) at the German ZKM conference from March 14-16, 2003 in Karlsruhe, Germany.
Streaming Video Available of First openMosix User Group MeetingThe first openMosix user group meeting was held in Bologna, Italy on November 28, 2002. Streaming Video speeches by A. Arcangeli, L. Genoni, and Moshe Bar plus the proceedings of the first openMosix user group meeting can be viewed online now. Stefano Martinelli of CINECA reports that, "All streaming video and most slides for the highly successful conference are available."
Call for Presenters for Open Source in Government ConferenceThe Center for Open Source in Government, along with The Cyber Security Policy and Research Institute (CSPRI) of The George Washington University and others, present the second Open Source in Government conference called "Open Source for National and Local eGovernment Programs in the U.S. and EU" to be held in Washington, DC, USA, March 17 - 19, 2003.
Photo Impression of KDE.nl at HCC DagenKDE.News has announced the availability of a Photo Report from the HCC Dagen/ GAMEXPO 2002 conference that was held in the Netherlands on November 22-24, 2002.
German Linux Events for 2003For the Linux enthusiasts in Germany, an LWN reader has sent us a nice list of German Linux events for 2003. Thanks to Alexander Stohr.
Events: December 12, 2002 - January 30, 2003
Web sites rpmseek.com - New rpm search engine for the Linux worldA new Linux portal www.rpmseek.com offers users of the Linux operating system a convenient search engine for rpm packages. The packages can be searched by various criterions, such as package name, file name, distribution, keywords, dependencies or files that a package contains. Dependecies between packages are resolved by cross references.
Software announcements This week's software announcementsHere are the software announcements, courtesy of Freshmeat.net. They are available in two formats:
Miscellaneous Pittsburgh.pm (Re)Activated (use Perl)Use Perl has an announcement stating that the Pittsburg Perl Mongers group has reformed.
New Aberdeen Study Details Pros and Cons of IBM's Linux Products and StrategyThe Aberdeen group has released some details of a recent study into the pros and cons of IBM's Linux products and strategy.
Page editor: Forrest Cook Letters to the editor The Unfortunate state of evms.
Dear sir, LVM has been available for 2.4 for some time. It works but is very painful to use. The IBM sponsored EVMS subsystem ( http://evms.sf.net ) has changed that. Evms provides a wonderful front end to a very powerful kernel back end. At last tasks such as: Expanding volumes and filesystems while mounted. Shrinking volumes and filesystems. Raid levels Snapshotting and more are not only possible, but positively joyous to perform. Evms is standard in the gentoo distribution but not mandatory. As the 2.5 feature freeze approached, tension mounted. There were many things queued for Linus, evms was one. It didn't make it, device mapper 2 (DM2) was merged instead. The reasons are technical ( ie. I don't understand). However, evms replaced rather than worked with existing kernel subsystems. That didn't go down too well. The evms people took stock of the situation and decided to change direction. Instead of replacing DM2, they would use DM2 to implement evms functionality. From the users point of view, its the user interface of evms thats so great. The internals are irrelevant. I congratulate the evms team on their coolly competent analysis and response to what must have been a body blow. This leaves us users in a quandry. I have a neat system with evms. But I cannot use the 2.5.X kernels with it! The latest patch was against 2.5.46 and with the new direction, future compatibility may not be possible. Evms is stunning, but until we are ready to make the move to 2.6.0 I cannot recommend using it. I would like to suggest to the editor that monitoring the development of evms would be a valuable service. I think everyone should use evms, but not perhaps, just yet. Yours, John Huttley New Zealand
Public relations and journalists, again
Hi all, It's the second time in a few days that I've seen an article speaking about Gforge as being the only real Free clone of Sourceforge. This one was on LWN[1]. While I appreciate the publicity that makes for free software, it's twice in a few days I've seen incorrect info posted on a news site. I have therefore written a rant^Wcomment on the latest one, where the status of the forks is explained. So that the next article about Gforge or Berlios (or whatever the next big one is) turns out not to forget the people who have worked for long hours. I tried to keep the tone cool, but I was rather angry when I first read it. Maybe I expect too much about journalists or reporters, but checking their info before posting would seem natural to me. I understand that Tim reviving the code that his own company made proprietary made for a good news article, but if you're going to mention others (which you should), just get your info accurate. Let me restate quite explicitly: there is no competition between the different forks. The Savannah people wanted something adapted to the GNU/FSF servers, we Debian-SF people want something that Just Works, the Gforge people (well, Tim actually ;-) wanted to clean up the code. Fine. Gforge and Debian-SF are trying to merge, we might get some code from Savannah, they might take some for ours. That's the rules of the game, we accept it quite gladly. End of rant from my part. Please read my comments on the LWN article[1]. For your penitence, Steve and Rick, you're condemned to wait for a month or three and then write an article about how Gforge and Debian-SF have merged and are now the best thing since sliced bread, and I'm Cc:ing LWN so that they can link to this forthcoming article when it's out :-) Roland. [1] http://lwn.net/Articles/17369/ -- Roland Mas Late frost burns the bloom / Would a fool not let the belt / Restrain the body? -- in Good Omens (Terry Pratchett and Neil Gaiman)
Re: Public relations and journalists, again
Roland, since I don't (yet) have a subscription to LWN (I know, I know!), I haven't seen what they wrote. I _do_ know what I sent in to LWN's letters column, and I did pretty clearly state (I think) that Debian-SF and GForge are aiming towards merger. I _didn't_ in any way claim GForge is the only Free clone, and I _did_ attempt to list (but not denigrate) the numerous forks that people have worked so hard to keep moving forward. I was of course trying to be brief (this being a letters column, not an article), and summarise information from diverse sources before LWN's then-pending publication deadline, in a hurry. I _hope_ my comments were generally inaccurate, and tried to ensure that. If I've inadvertantly given offence nonetheless, my apologies, as I was trying carefully to avoid giving any. -- Cheers, "To summarize the summary of the summary: Rick Moen People are a problem." rick@linuxmafia.com -- Douglas Adams
Scalability testing is not just a kernel issue
Scalability testing, especially scalability to the large, is not just a kernel issue. Suppose a kernel patch reduces the latency of a TCP connection to under a microsecond and achieves 95% of the theoretical bandwidth using TCP---very unlikely in my opinion. This is purely accademic if an absraction layer eats 10ms per packet. Some popular implementations of MPI are known to be more expensive than the current linux TCP implementation. As the author of the mpkern task parallel programming library it would be nice to be able to see how the scalability changes as the library evolves and continued access to a cluster would obviously be useful for this testing. Maybe STP is not the appropiate vendue but I would be interested in somewhere to do this on an occasional basis. At present the mpkern library has only been tested in anger on a linux cluster and a code freeze has been declared. P.S. The mpkern announcement on comp.os.linux.announce of a few days ago failed to mention that you can obtained mpkern at http://www.sourceforge.net/projects/ mpkern. For more information see the announcement. -- Duncan (-: "software industry, the: unique industry where selling substandard goods is legal and you can charge extra for fixing the problems."
Re: Think of Our Kin Overseas
I am disabled yet I had to get a part-time job because my disability
retirement isn't enough to live on. I'm also a single parent of a young
child. We make it one paycheck at a time.
I say this because, while money is extremely tight, I believe in
Software Libre and the work that LWN is doing so much that I will take
Mr. Myers up on his suggestion and offer to pay for subscription(s) for
some non-US techies who would like one. Email me if you are interested.
--
"Khaaaaamaaayyyy, Haaaaamaaaayyyy, HAAAAAAAAA!!!!!"
-- Goku, 'Dragon Ball'
[Kevin McIsaac] the true value of Linux
http://techupdate.zdnet.com/techupdate/stories/main/0,14179,2901102,00.html This article is full of furphies and `damnings with faint praise.' I'd be unsurprised to see faux pas in the talkbacks, but in the article itself it's obvious that Kevin is a stranger to Linux and writing `at arm's length'. > This is based on the flawed assumption that because Linux is "free" it > will reduce TCO. That assumption is not flawed. Linux really can be had for $0 (try http://www.linux-mandrake.com/en/ftp.php3 or http://www.debian.org/distrib/) and this does indeed reduce the TCO. > On closer inspection, it appears the recommendation is more an > emotionally driven reaction against Microsoft than a factual case for > Linux. Study after study based on real researched facts and not opinionated pontification or financial incentives draws the conclusion that it's typically a financially driven reaction against Microsoft and taken after much hang-wringing and planning. The second-teir method of Linux introduction is technicians who've had it up to the eyebrows with fancy and pretty systems which - for a variety of reasons - fail constantly or can't reasonably be made to do the assigned task in the first place. > Astute IT organizations will recognize that Linux's true value is > derived more from the price/performance of the commodity Intel > hardware it enables than from its open source characteristics. Astute IT organisations won't rely on opinion and unsupported projections, they'll either do their own research or look for original research which includes hard figures. Having done that, they'll notice a few crucial things which go totally unmentioned in your article, and presumably the Meta study. One of those things is that a Linux sysadmin will typically shepherd at least four boxes for every one a Windows sysadmin shepherds, function for function. IDC missed that one, http://www.ibm.com/linux/RFG-LinuxTCO-vFINAL-Jul2002.pdf shows that RFG didn't. Needless to say, it makes a complete mockery of your figures if you don't factor it in. > nor have many clients embarked on major Linux projects outside of Web > server farms, appliances (network-attached storage), or general > infrastructure servers (e.g., DNS and DHCP). Um, factor in email service and (a key and common task for Linux servers which you seem to have missed; rolling it into `general infrastructure' doesn't seem appropriate) and about the only major sectors you've really got left are databases, groupware or application servers. Oracle is working on the first. `Less money on OS == more left for Oracle,' a fairly straightforward equation; plus `more reliability == Oracle looks better' gives you about all the motivation you'd need if you were Oracle. Meanwhile, back that the fairly lengthy list of functions Kevin drew, the reason that Linux is being used in those areas is because you can just plug it in and forget it. As people try this out and see it for themselves, they'll also trust it for their databases and other traditionally `big iron' applications. > The Linux OS license is "free," but that does not ensure that total > cost of ownership will be reduced. Yes, it does. The point you should be making is that this reduction is not the be-all and end-all of TCO. But at each component of TCO you examine, it gets better for Linux. > Even if all other Linux costs were the same, But they're not. They're *all* lower. > It is only when other significant pieces of software can be licensed at > little or no cost (e.g., office suite, e-mail, and DBMS) that TCO > reduction is at a level significant enough to merit the additional > complexity, risks, and potential cost overruns of Linux. This one really gets under my skin. Why are you citing `complexity, risks, and potential cost overruns of Linux'? The potential for cost overruns exists with every OS, and in particular Windows is well known for doing the unexpected. Singling out Linux for mention in association with `cost overruns' is a cowardly way of talking it down. Be a man, explain why Linux in particular should be especially susceptible, or print a prompt retraction! Meanwhile, the office suites (plural), email and databases that you will find on your $0 copy of Linux (see above) are all $0 themselves. Linux may *look* complex to someone who sees a shell promtp and wets his pants, but the design is more orthogonal, more systematic and more predictable than Windows. You can also overlay it with a GUI and WYSIWYG management tools that are far prettier and more consistent than Windows, thereby keeping your pants dry. > The key attractions to Linux are: > Royalty-free distribution Again, you significantly undersell the point. No more licence tracking, no more BSA nightmares, no more worryig about what employees take home and install (or upload) using work's activation keys. > Access to source code: > All versions include source code, making Linux compelling for > technical staff. And again, you significant undersell by limiting the appeal to techies only. Users and management are often overjoyed that their techies can quickly tailor their $0 software to exactly suit their needs. > High levels of reliability: Give with one hand... > Although this was compelling compared to NT 4, increased stability > of Windows 2000 has narrowed this gap, making this less of an > advantage. ...take back with the other. Linux is still an order of magnitude less flakey than either Windows 2000 or Windows XP, especially should you (ghasp) venture away from Hardware Compatiblity List gear. > Linux is still missing native high-availability features such as > journaling file systems or clustering Now this, this is a flat lie! Linux has *four* native journalling filesystems: ext3, XFS, JFS, ReiserFS and on top of that can use Windows' own journalling filesystem, NTFS. Google for the term `Beowulf'. You'll learn a number things. The first is that you just used a huge Linux cluster to do your search, the other is that Linux clusters are bigger, better and badder than Windows clusters and have been for a long time. How many Windows-based supercomputers are there? None. Yet the 5th fastest (2nd fastest if you take peak values) computer in the entire world is a Linux cluster! Missing clustering? > Linux has its place in the data center, but it is not a silver bullet > for Windows. It's `place' is as a silver bullet, a bundle of oaken stakes and a whole coffin full of garlic, Kevin. > Where should I use Linux? > In an appliance where the OS is not exposed The City of Largo has 450+ Linux desktops, Kevin, and a lower IT spend by 60% than their municipal neighbours. Is that exposed enough for you? > Intel servers are widely used for scientific computing [...] Although > it is possible to use Windows in this application, many Unix-centric > organizations will be more sympathetic to Linux and will find the > skill transition much simpler. Kevin, not only is Windows a dead loss in a compute farm, but you just contradicted your previous piece of advice! A scientific computing node is an appliance; the OS is not exposed to the operator! > As a general-purpose infrastructure server (e.g., DHCP, DNS, or POP), > where solid reliability is required but high availability is not. Ah, that would explain Linux's recent uptake by telcos, then. Sarcasm aside, Kevin, how many industries have tougher HA requirements than telcos? Military, medical and space. Linux is used by all of those, too. > On the other hand, Linux should generally be avoided whenever there > is a requirement for single-image scalability above four CPUs (scale-up) > or high availability based on OS-level clustering. Remember that mention of faux pas? SGI will sell you a single-image 64-CPU Itanium-2 system running Linux (http://www.sgi.com/newsroom/press_releases/2002/september/stream.html) if you ask them. And we've already been over clustering. > Can I use Linux to replace Windows for file and print? > Although this is possible using Samba [...] it is not recommended. Ditch Active Directory and the specters you raise flee into the night, along with a host of other problems. Samba has a number of ways of seamlessly integrating with Windows domains. And if you want to keep AD, Samba 3 works now. > A switch to Linux for file and print might lower purchase costs, but > it would seriously affect the ease with which users can access the > services as well as increase management complexity, thereby driving > up the total cost of ownership. Since in practice the use of Linux dramatically drops the requirements for administrator intervention, and contrary to recent rumour integrating it seamlessly is a straightforward process, it actually drives *down* the TCO significantly. > Business impact > Inappropriate use of Linux as a Windows or Unix replacement will weaken > the IT infrastructure and reduce its business value. Appropriate use of Linux, which means in just about everything, will on the other hand strengthen the IT infrastructure and free IT staff to concentrate on more important issues than managing servers which should be acting like appliances but aren't. Inappropriate use of Windows is a rolling disaster. > Bottom line > Organizations that allow emotional reactions (e.g., against Microsoft) > to drive decisions to replace Windows or Unix with Linux will fail to > achieve anticipated savings, and will end up with an infrastructure that > is limiting and difficult to manage. True at face value, and I wouldn't complain except that you added a short burst of Latin and two words in English. Specifically, `exempli gratia, against Microsoft'. You see, Kevin, an emotional reaction against Linux, or more pointedly against anything *but* Microsoft, is the single most common cause of people continuing to use Windows inappropriately throughout their IT structure, in places where Linux would be ideal. The amount of wastage and damage that this causes worldwide could probably power several of the smaller African nations if you were able to recover it. Perhaps that's why Linux is taking off throughout Africa, as exemplified by SchoolNet Namibia (http://www.schoolnet.na/). Nevertheles, I almost agree with Kevin in one point: cost is a long way from the most important reason for adopting Linux and OSS applications in place of Windows and lock-in-ware, as he would discover through imbibing some real-world experience instead of quizzing a bucketful of Windows admins and PHBs. There are many better reasons for rolling out Linux, to do with things like stability, flexibility, control, localisation, security, auditability, standardisation, manageability, reliability, and a whole host of other abilities unique to OSS (some of them unique to Free Software). Better luck next time. Cheers; Leon -- http://www.cyberknights.com.au/ Modern tools, traditional dedication http://slpwa.linux.org.au/ Member, Linux Professionals West Aus http://conf.linux.org.au/ THE Australian Linux Technical Conf: 22-25 January 2003, Perth: be there!
Page editor: Jonathan Corbet
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||