LWN.net Weekly Edition for January 9, 2003
Two views of freedom and software
Feature freezes can be a relatively boring time to read the linux-kernel mailing list. Discussions of cool new developments tend to get put to the side in favor of benchmark results and bug fixes. But even people who wish for more interesting discourse are likely to agree that when Richard Stallman starts posting on linux-kernel, things have probably taken a wrong turn. But, stuffed in between some classic Stallmanisms ("Just as some people insist the Earth is flat, or that astrology makes valid predictions, others believe that the whole system is Linux.") is a discussion of a fundamental disagreement over the nature of freedom and software.
The issue at hand, yet again, is that of binary-only kernel modules. But the real, underlying issue has to do with where true freedom is to be found. Would users of a Linux system that disallowed closed-source modules be more or less free? In general, what effect does proprietary software have on freedom?
The point of view championed by Mr. Stallman (and many others) is that proprietary software is always bad for freedom. For example:
According to this point of view, the best case scenario is that a proprietary program weakens the motivation to develop free alternatives, and is thus bad for freedom.
The other point of view says that true freedom means letting the author of a program decide how that program is to be licensed, and letting users choose which programs they wish to use. A binary-only kernel module gives Linux users access to (say) more hardware and thus increases their freedom. Proprietary software can help fund innovation and, even, the creation of more free software. According to this viewpoint, restricting proprietary software not only has an immediate (negative) effect on freedom, it can also impact the availability of free software.
This argument highlights a fundamental division in the Linux community. It can be swept under the rug much of the time - Linux offers much that is good for everybody involved, and philosophical differences can be overlooked most of the time. But the division remains, and it can surface at inconvenient times.
Any vendor of proprietary kernel modules can not help but be nervous about this issue. Kernel developers are, as a whole, more concerned with making the kernel better than with making life difficult for proprietary software vendors (though they are not always entirely concerned about making life easy for those vendors). But the potential for lawsuits from a developer holding copyrights on the kernel source exists. This concern led developer Andre Hedrick to announce his withdrawal from Linux development (though he later backed down from that position).
It is thus good that one thing that might actually come out of this long linux-kernel flame war is a clearer statement of what sort of proprietary kernel modules are permissible. There may even be an early, rough consensus along these lines:
- Binary-only modules are acceptible as long as they stick to the
exported API. This is, essentially, the informal understanding which
has been in force for years.
- Kernel header files are considered to be a part of the exported API - something which has never been clearly stated before. Even more to the point, inline functions in header files (of which the kernel has many) are also deemed to be part of the exported API.
This statement, if it holds, makes it clear that proprietary kernel modules are generally acceptible. So far, there have not been public objections to this position. If the kernel developers can settle behind this sort of statement, vendors will have a better idea of where they stand, and uncertainty in general will be reduced. The difference over opinion on freedom will remain, but it need not get in the way of people and companies actually trying to do things with Linux.
Jon Johansen acquitted
Jon Johansen, one of the developers responsible for the creation and distribution of the DeCSS code, has been found not guilty of all of the charges which had been pressed against him in a Norwegian court. According to the court, if you buy a film on DVD, you have the right to access that film, even if you do not use the tools envisioned by the entertainment industry. In one country, at least, the DeCSS code is legal.This particular case may not be done yet, since Norwegian law apparently allows the prosecution to appeal an acquittal. It is, however, a major victory; the court looked at the fundamental issues and ruled in favor of freedom.
Mr. Johansen's acquittal, along with the ElcomSoft acquittal, gives rise to hope that 2003 may be the year in which the intellectual property takeover tide is turned. People (and courts) are seeing beyond the piracy rhetoric and looking at the real costs of increasing power over information. Maybe, just maybe, this particular power grab can be stopped before it's too late.
That outcome is far from assured, however. Proposed legislation worldwide threatens to impose DMCA-like anti-circumvention measures, and the CBDTPA will certainly return to the U.S. Senate. The entertainment industry is still flush with money and lawyers, and has shown no signs of changing its approach; Jack Valenti is still calling for "speed bumps to keep people honest." A couple of important - if small - battles have been won, but the real fight is just beginning. As beginnings go, however, this is a nice one.
The big noise over Open Publishing
[This article was contributed by LWN reader Joe "Zonker" Brockmeier]
There's been a lot of media attention focused on Prentice Hall's plan to publish books published under the Open Publication License branded as the "Bruce Perens Open Source Series." There's nothing wrong with that, of course, but what most of the media is failing to mention is that publishing books under open licenses isn't exactly a revolutionary idea.Books published under open licenses of one sort or another have been around almost as long as Linux. The Linux Documentation Project was published in a number of forms very early on, including the Linux Bible by Yggdrasil and the Linux Encyclopedia published by WorkGroup Solutions. For a while, that was just about the only printed documentation available for Linux. Other open source titles started to follow in 1999 and 2000 after Linux started to be viewed as a commercial opportunity by publishers.
The list of titles available under open source licenses these days is pretty hefty. This is a list of just a few titles that are relatively current:
- Advanced Linux Programming (New Riders).
- GIMP - The Official Handbook (Coriolis).
- Grokking the GIMP (New Riders).
- GTK+/GNOME Application Development (New Riders).
- KDE 2.0 Development (Sams Publishing).
- Learning with Python (Green Tea Press).
- The Linux Cookbook (No Starch Press).
- Linux Device Drivers (O'Reilly).
- Practical PostgreSQL (O'Reilly).
- Vi IMproved (New Riders).
- Using Samba (O'Reilly).
- The Zope Book (New Riders).
That's hardly a definitive list, there are many more out there. Nearly every publisher that has dabbled in Linux titles has released a few books under open licenses. Some publishers have tried to make a fast buck by compiling open source documentation, others have agreed to publish original works under open licenses. Some titles have sold well, and others not so well but the sales figures are more likely a reflection of the topic or content of the title than the license that the book is published under. In fact, Prentice Hall has published other books under open licenses, but with much less fanfare.
The unique thing about Prentice Hall's approach is that it specifically trying to create a brand centered around books under open licenses. Bruce Perens told us that Prentice Hall decided to brand the books with his name because they "felt that anyone could do an Open Source series, and they needed an additional differentiator. That differentiator is my leadership of the series, they feel I have credibility in this space." He says that he's very happy for the publicity. "I definitely want it. All the publicity that I could get because it definitely helps the Free Software community for people outside the community to see that more stuff is being done in the Free Software paradigm."
Perens says that the book will be published electronically about three months after the print versions hit store shelves. The reason for the lag is to give Prentice Hall time to "saturate the market" with the print version, to reduce the incentive for other publishers to republish the same content in print form.
Right now, Prentice Hall has three books available and several more in the works. Perens says that the company is not putting an upper limit on the number of titles that they will publish in this series. Authors writing for the series will be getting the same kind of publishing agreements from Prentice Hall, including comparable advances and royalties. Perens has received about twenty or thirty proposals since the series was announced, and he says he's game for more.
He also noted that the company does not intend to invoke any of the non-free optional clauses of the OPL, and that they may very well publish titles under other free licenses like the GNU Free Documentation License.
With any luck, if Prentice Hall is seen to be successful, other publishers will follow suit and commit more resources to publishing titles under free licenses. There are a number of advantages to having documentation freely available, aside from being able to get the title for free. Computer publishers are notorious for letting titles go out of print if the sales aren't up to par, making many good technology titles unavailable for all intents and purposes. Publication under a free license also opens the door for translations of titles that might not otherwise be produced, and updated versions when the author and/or publisher has lost interest in a title.
Free software benefits greatly from free documentation. This move by Prentice Hall is a welcome development in that it should produce more free documentation for our community. The community must keep in mind, however, that this sort of experiment will be short-lived if the market for books collapses. If we want free (as in speech) documentation, we need to put our money where our eyeballs are.
Security
Brief items
Xbox key defended by more than just length
[This article was contributed by LWN reader Tom Owen]
Someone thought this was urgent enough to work all evening.On Monday, this story was up on ZDNet with a dateline of 3PM Pacific. The Neo Project, an open source distributed computing effort, had started work to factorize the Microsoft Xbox public key. Just a few hours later, a little before midnight in Ontario, administrator Mike Curry posted this message on the Neo discussion board:
The Neo Project had spent six months grinding away on the RSA 576-bit factoring challenge while waiting for something worthier to come up. "Something worthier" turned out to be the Xbox Challenge, once Michael Robertson (Lindows and mp3.com) extended his offer of $100,000 for a procedure to boot 386 Linux on a Microsoft Xbox games console.
The games console business model was invented by King Camp Gillette as "razors and blades," but a better analogy for technical folks might be "printers and cartridges." The initial unit — razor, printer or console — is priced attractively regardless of the actual cost, and the profits are made on surprisingly expensive consumables. It takes technical subtlety and legal protection — to stop free-riding competitors. In the case of the Xbox, Microsoft charges a fat fee — many dollars per copy — to sign a game with the private xbox key; the console knows the public key and won't boot games signed by anyone else. Owners can fit so-called mod chips to bypass the check, but MS knows that most people won't poke around in the hardware. The Neo Project set out to crack the Xbox key to allow Linux to boot on an unmodified Xbox.
If the key only allowed booting Linux on the Xbox, Microsoft would probably not be too concerned. But that key would also allow anybody to sign any game, and thus bypass Microsoft altogether. And that, of course, is a direct threat to Microsoft's Xbox business plan.
The Xbox hacker site has an "unofficial quote" from a Neo Project source
So is Microsoft releasing its vicious assault lawyers in a desperate attempt to preserve the endangered xbox business model? Well, probably not. There was never any practical danger. One of the largest keys ever factored in public was the RSA 512 bit challenge, it took a few months work on a few hundred sub-500MHz class machines and nine days on a Cray. The 2048 bit Xbox public key is obviously more difficult, but it's truly astonishing just how much more difficult. RSA doesn't publish an estimate beyond 1620 bits, which they list as requiring a year with over 1000 trillion (1,000,000,000,000,000) 500MHz Pentiums, each with 120TB memory. Even the dotcom bust has not freed up that sort of hardware, so they expect this sort of key to stand for decades.
Instead, the Neo Project was hoping to get lucky; they were trying random keys in the hope that they might happen to hit the right one. In the day they were running, a few thousand machines tested almost a billion potential keys. Which is good progress, except that the number of potential keys is counted in a number with hundreds of digits. Odds like that make winning the lottery twice, or death in a meteorite strike into everyday occurrences. If they were really looking for a result "today, tomorrow or never," the smart money would be on never.
Microsoft -- assuming it was Microsoft -- bets with the smart money, but they shut down the Neo Project's Xbox effort anyway. It must take a firm nerve to keep faith in RSA and statistics when you learn that thousands of machines are working away on a lock that defends a future billion-dollar revenue stream. Compared with a risk like that, lawyers are cheap, even when they have to work nights.
New vulnerabilities
geneweb - information exposure
| Package(s): | geneweb | CVE #(s): | CAN-2002-1390 | ||||
| Created: | January 7, 2003 | Updated: | January 8, 2003 | ||||
| Description: | A security issue has been discovered by Daniel de Rauglaudre, upstream author of geneweb, a genealogical software with web interface. It runs as a daemon on port 2317 by default. Paths are not properly sanitized, so a carefully crafted URL leads geneweb to read and display arbitrary files of the system it runs on. | ||||||
| Alerts: |
| ||||||
http-fetcher - buffer overflow
| Package(s): | http-fetcher | CVE #(s): | |||||
| Created: | January 7, 2003 | Updated: | January 8, 2003 | ||||
| Description: | HTTP Fetcher is a small library that downloads files via HTTP. The HTTP
Fetcher library is exposed to very fatal buffer overflow which may
influence several other programs.
For more information see http://marc.theaimsgroup.com/?l=bugtraq&m=104187658217144&w=2 | ||||||
| Alerts: |
| ||||||
lcdproc - buffer overflows
| Package(s): | lcdproc | CVE #(s): | |||||
| Created: | January 8, 2003 | Updated: | January 8, 2003 | ||||
| Description: | lcdproc 0.4 contains several buffer overflow vulnerabilities which may be remotely exploitable; see this announcement for details. | ||||||
| Alerts: |
| ||||||
leafnode: denial of service
| Package(s): | leafnode | CVE #(s): | |||||||||
| Created: | January 2, 2003 | Updated: | January 15, 2003 | ||||||||
| Description: | - From leafnode advisory:
"This vulnerability can make leafnode's nntpd server, named leafnode, go into an unterminated loop when a particular article is requested. The connection becomes irresponsive, and the server hogs the CPU. The client will have to terminate the connection and connect again, and may fall prey to the same problem; ultimately, there may be so many leafnode processes hogging the CPU that no serious work is possible any more and the super user has to kill all running leafnode processes." Read the full advisory at http://marc.theaimsgroup.com/?l=bugtraq&m=104127108823436&w=2 | ||||||||||
| Alerts: |
| ||||||||||
libmcrypt: buffer overflows and memory exhaustion
| Package(s): | libmcrypt | CVE #(s): | CAN-2003-0031 CAN-2003-0032 | ||||||||||||||||
| Created: | January 6, 2003 | Updated: | February 27, 2003 | ||||||||||||||||
| Description: | libmcrypt versions prior to 2.5.5 contain a number of buffer overflow
vulnerabilities that stem from improper or lacking input validation. By
passing a longer than expected input to a number of functions (multiple
functions are affected) the user can successful make libmcrypt crash.
Another vulnerability is due to the way libmcrypt loads algorithms via libtool. When the algorithms are loaded dynamically the each time the algorithm is loaded a small (few kilobytes) of memory are leaked. In a persistant enviroment (web server) this could lead to a memory exhaustion attack that will exhaust all avaliable memory by launching repeated requests at an application utilizing the mcrypt library. | ||||||||||||||||||
| Alerts: |
| ||||||||||||||||||
monopd - buffer overflow
| Package(s): | monopd | CVE #(s): | |||||
| Created: | January 7, 2003 | Updated: | January 8, 2003 | ||||
| Description: | A buffer overflow was reported in the Monopd game server. A remote user can
execute arbitrary code on the system.
The vendor reported that a buffer overflow exists in the messaging framework and can be triggered by a remote user to execute arbitrary code with the privileges of the game server. See http://www.securitytracker.com/alerts/2002/Dec/1005856.html for more information. | ||||||
| Alerts: |
| ||||||
xpdf: integer overflow
| Package(s): | xpdf | CVE #(s): | CAN-2002-1384 | ||||||||||||||||||||
| Created: | January 2, 2003 | Updated: | February 6, 2003 | ||||||||||||||||||||
| Description: | - From iDEFENSE advisory:
The pdftops filter in the Xpdf and CUPS packages contains an integer overflow that can be exploited to gain the privileges of the target user or in some cases the increased privileges of the 'lp' user if installed setuid. There are multiple ways of exploiting this vulnerability. Read the full advisory at http://www.idefense.com/advisory/12.23.02.txt | ||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||
Resources
[ISN] Linux Advisory Watch - January 3rd 2003
The January 3 Linux Advisory Watch newsletter from LinuxSecurity.com is available.
Page editor: Jonathan Corbet
Kernel development
Brief items
Kernel release status
The current development kernel is 2.5.54, which was released by Linus on New Years Day. This release contains a large number of patches, most of which are the sorts of fixes that one would expect during a feature freeze. There is also a new bit of compiler trickery to issue warnings when deprecated functions are called, a number of kbuild fixes, a new dev_printk() function for standardized device error reporting, the removal of the much disliked hugetlb system calls (in favor of hugetlbfs), a new "kmalloc for each CPU" API, a partial lm_sensors merge (see below), and more loadable module fixes. As usual, the details can be found in the long-format changelog.Linus's (pre-2.5.55) BitKeeper tree includes a number of big architecture updates (PowerPC, ARM, x86-64), some kbuild work, a knfsd update, more module fixes, another set of driver model patches, some device mapper updates, a number of video4linux tweaks, and numerous other fixes and updates.
The current stable kernel is 2.4.20. Marcelo continued the 2.4.21 process with 2.4.21-pre3, released on January 6. This prepatch includes fixes for some (potential) security bugs, a number of USB driver updates, some IPv6 tweaks, and a number of otheir fixes and updates.
Alan Cox has released 2.4.21-pre3-ac1, which adds another set of fixes and updates. This patch no longer includes the reverse mapping virtual memory code. (Update: 2.4.21-pre3-ac2 came out, with an important bug fix, just as the Weekly Edition was being published).
Kernel development news
lm_sensors merged
Included in the 2.5.54 kernel was the long-awaited merge of (part of) the lm_sensors project. lm_sensors has existed as a separate patch for years, but has never found its way into the mainline kernel - partly as a result of concern over its tendency to destroy certain models of Thinkpad laptop. Linus evidently decided that the time has come, however.lm_sensors is really just a set of drivers which provide access to the health-monitoring hardware present on most motherboards. With lm_sensors, Linux users (or system monitoring daemons) can keep an eye on processor temperatures, supply voltages, fan speeds, and even cabinet intrusions on some systems. This is a worthwhile capability; it's nice to know that a fan has failed on a system before it's too late. So it's good to see that this patch has finally found its way in. See the lm_sensors page for detailed information, a lengthy FAQ, and user-space programs.
Kernel latency hits a new low
Tucked away in Andrew Morton's 2.5.54-mm3 patchset is a new bit of work aimed at reducing the latency of the Linux kernel. Latency, from the point of view of this work, is the time lag between when a high-priority process becomes runnable and when it actually gets the processor. Scheduling latency is important in a number of contexts, and it can be especially important for desktop users. When you move your mouse, it is nice not to have to wait until the pointer on the screen moves to keep up with it. Low latency is crucial for certain applications, including streaming media recording and playback, CD recording, data acquisition, and so on. If the system is not sufficiently responsive, these applications just do not work at all.The last source of long delays in the kernel, says Andrew, is in the page table teardown code. This delay is easily seen - simply shut down a large application (Mozilla or OpenOffice will do nicely) and try to get anything else done while the cleanup is happening. This delay happens because teardown code holds the process's page_table_lock for the entire cleanup task. If the process is large, the cleanup can take a long time. Since the kernel is holding a lock, it can not be dislodged from the processor even if the kernel is compiled for preemption. So anything else that wants to run has to wait until the whole cleanup job is done.
The solution is to create a new "uber-zapper" function (unmap_vmas()) which handles the page table cleanup task. The page range to be torn down is split into smaller chunks (between 256 and 2048 pages, depending on the architecture and kernel config options); between chunks, the lock is dropped and the processor rescheduled if necessary. When the high-priority task has finished doing its thing, the lock is reacquired and the next block of pages is freed. Along with reducing latency, the patch has the additional advantage of cleaning up the separate unmapping code which was duplicated in three different places.
The result, it is claimed, is a worst-case scheduling latency of 500 microseconds on a 500 MHz Pentium processor. At least, if you are using the ext2 filesystem and if you are not mounting and unmounting filesystems. That should be fast enough for most users.
Deprecated kernel functions
One small patch that slipped into 2.5.54 is the addition of a new __deprecated function attribute. With a suitably modern compiler (gcc 3.1 or newer), calls to a function marked as being deprecated will generate compile-time warnings. The hope is that the warnings will inspire people to remove calls to the deprecated functions, making it easier to remove them altogether.So far, this attribute has been used sparingly; the only functions which have been marked are check_region() (which has long been obsoleted by the race-free version of request_region() which returns a success value), and the old module use count macros (MOD_INC_USE_COUNT and MOD_DEC_USE_COUNT). Patches have been put forward to mark other functions, but there has been resistance to doing so, for a couple of reasons.
One reason, as expressed by Linus, is that the functions that have deprecated so far already generate far too many warnings. A quick grep turns up over 1000 check_region() calls in the 2.5 kernel. Adding more warnings to the mix is not going to help get things fixed, and may well just mask other warnings about real problems.
The other objection that has been raised is that trying to clean up use of deprecated functions at this stage distracts attention from the most important task: stabilizing the 2.5 kernel for release. The current code works, for the most part, even if it's using deprecated functions. It's hard to imagine cleaning up 1000 check_region() calls without breaking something, somewhere.
The end result is that, probably, not too many other kernel functions will be marked as deprecated in this development cycle. Some functions that had been expected to disappear (e.g. sleep_on()) will persist into 2.7 - they are still extensively used in some places. Cleaning up old stuff is never easy; it is simpler to put code into the kernel than to take it out.
Smatch - a Stanford Checker for the rest of us
The "Stanford Checker" (also known as "MC") is a project headed up by Stanford professor Dawson Engler; MC uses a modified version of the gcc compiler to find potential errors in C code. Occasionally, the Stanford Checker group surfaces on linux-kernel with a list of new problems found by MC; the last such posting listed a set of potential buffer overrun vulnerabilities on January 2.The Checker postings are appreciated by the kernel developers, since they have pointed out a large number of real bugs. It would be even nicer if the Checker were available for others to use, but that is not the case. The MC group still has not released its work, which, it claims, remains incomplete. So there is little to do except to wait for the next posting.
Dan Carpenter, however, got tired of waiting and set out to create his own MC-like system. The result is Smatch, which was announced on the kernel janitors' list on January 1. Smatch attempts to duplicate the techniques used in the Stanford Checker, as derived from papers published by the MC group. It is still very much a work in progress; rather than producing nice reports, Smatch creates large amounts of raw data which must then be filtered with Perl scripts. An initial set of scripts exists, but quite a bit of work remains to be done in that area.
So Smatch probably will not be putting the Stanford Checker out of business anytime soon. But it will provide a platform for the development of freely-available checking tool with similar capabilities. With luck, and some development time, Smatch should help in the creation of more stable kernels in the near future.
Patches and updates
Kernel trees
Architecture-specific
Core kernel code
Device drivers
Filesystems and block I/O
Janitorial
Memory management
Networking
Security-related
Miscellaneous
Page editor: Jonathan Corbet
Distributions
News and Editorials
Version numbers, what are they good for?
Somewhere in last year's LWN mail there were a couple of letters wanting to know more about the version numbers in Linux distributions. Do they mean anything? What do they tell you about a product? This subject has also prompted a lively debate on the Debian-devel mailing list (beginning with this post).The bottom line is, version numbers are arbitrary constructs and meaningless when comparing different distributions. Within a distribution the numbers do say more. For example, Red Hat Linux 8.0 is a major new release with lots of new features, while Red Hat Linux 8.1 will add mostly security and bug fixes. The same is true for other major new releases such SCO Linux 4.0 (powered by UnitedLinux 1.0) and Mandrake Linux 9.0.
The difference between a major and minor release can also be subjective. Is it the number of new packages that have been added? Maybe its just one or two new packages that add significant features. Are the upgraded packages bug fix releases of the previous version, or do they add new features. Is there a new Linux kernel packaged with the new version, and does it add new features or provide patches? While most new features are held until the next x.0 release, some may creep into a distribution by the x.3 release. It's all up to the distribution provider.
The major.minor scheme is not the only one. A version 3.0 might next become 3.0.1, if the developer feels it is somehow less than a 3.1 release. Names and dates are also used in distribution versioning. Debian GNU/Linux 3.0 is known as woody. Woody was preceeded by potato (2.2) and is succeeded by sarge. Sarge doesn't have a number yet, just the name. Red Hat names beta releases. The beta known as Psyche became 8.0. Phoebe is available now as an unnumbered beta, which when ready will become 8.1. In other schemes Phoebe could be called 8.1 beta or maybe 8.1rc1. Somehow calling a version a "release candidate" makes it sound more stable than a "beta", but that doesn't make it so. Adding a date to the version number is an easy way of telling whether or not the release is current. DistroX 20030108 would be more current than DistroX 20021103, but the major/minor aspect is lost.
Even where a distribution begins numbering is quite arbitrary. Some are released at version 1.0, others start at 0.5 or perhaps 0.0.1, or maybe 5.1 because they are based on someone else's 5.1 release. No wonder then that a 4.0 release from one distribution is as current as a 9.0 release from a another distribution. There is no standard, and there is not likely to be one any time soon. Names are fun, but pretty meaningless. Dates are great, especially when combined with a major.minor number such as KNOPPIX (currently at v3.1-2003-01-01). Whatever the scheme, we can only hope that each distribution provider picks one scheme and sticks to it, so that DistroX 20021103 doesn't become DistroX 3.2 next.
Distribution News
Debian GNU/Linux
The Debian Weekly News for January 7, 2003 is out. This week's issue looks at Improving Events Visibility and much more.Debian is a member project of Software in the Public Interest, Inc. (SPI), which is a non-profit corporation under US law that was created to provide legal and financial existence for projects like Debian. Debian Project Leader Bdale Garbee points out two things happening with SPI. A committee is forming to review the SPI bylaws and an upcoming election for new board members.
Dates have been set for Debconf 3 and a Debcamp hacking session. This year the event will be held at the University of Oslo in Norway. Debcamp will be July 12 to 17, 2003, followed by Debconf 3, July 18 to 20, 2003.
Hewlett-Packard (HP) offers public access to several machines running Debian GNU/Linux through their Test Drive program. Software authors and prospective users are offered an account on those machines in order to find out more about Debian GNU/Linux and a particular HP hardware. Four architectures are supported (Alpha, PA-RISC, IA-32 and IA-64). Compilers are installed to that software authors can test whether their software compiles on those platforms.
Gcc 3.2 is now the default compiler in unstable. This posting has more information on the C++ transition plan.
SystemImager is an easy way to clone your Debian cluster. The latest release includes many new features, including support for XFS, JFS, reiserfs, ext2, ext3, and FAT.
Gentoo Linux
The first issue of the Gentoo Weekly Newsletter for the New Year brings updates about improvements to Portage, including reverse dependency checking and other features that are sure to be popular with Gentoo Linux users everywhere.Gentoo Linux has announced the second release candidate for the upcoming 1.4 version of Gentoo Linux. New in 1.4_rc2 is the Gentoo Reference Platform: a suite of binary tarballs that allow for faster initial installation. Currently X, GNOME, KDE, Mozilla, and OpenOffice,org are available as binary installations for x86 architectures (optimised for i586, i686, pentium3, athlon, athlon-xp, and athlon-mp) and ppc architectures (optimised for G3 and G4), with sparc (ultrasparc optimisation) and alpha to follow soon.
Lindows.com Now Boasts Deluxe Font Collection
Lindows.com has licensed a core set of delta-hinted fonts from Bitstream. The license agreement also includes a set of more than 50 high-quality display and text fonts from Bitstream.Slackware Linux
Slackware Linux has made several changes to the current tree. XFree86 has been updated, along with screen, openssl, apache, mod_ssl, php, teTeX, mysql, apsfilter, hpijs, mc, yp-tools and ypserv. Lots of patches, security and bug fixes too. As usual see the change log for full details.Yellow Dog Linux
A slew of security and bugfix updates have been posted to Terra Soft's master FTP server recently.
New Distributions
ARSIG
ARSIG is a Russian diskless router distribution based on Openwall GNU/*/Linux (Owl). ARSIG is adapted to work on a read-only filesystem and boots from a (256 Mb) flash card. All components of the filesystem that need write access are mounted in RAM. This router can work well through many-many years, as it contains no spinning parts, except for the coolers in the power supply and CPU. Version 1.0_pre01 (PHDS) was released January 4, 2003.
Minor distribution updates
Coyote Linux
Coyote Linux has released v1.32 with minor bugfixes. "Changes: This version fixes problems with using static IP addresses with an ISDN connection, adds a replacement for the broken mail command, and fixes a problem with the PPPoE client adding the domain name multiple times in /etc/resolv.conf."
Fli4l (Floppy ISDN/DSL)
Fli4l (Floppy ISDN/DSL) has released v2.0.7 with minor security fixes. "Changes: This release moves to Linux kernel 2.2.22, adds some NIC drivers, and has security fixes for imond and httpd."
herbix
herbix has released v1.0-67 with code cleanup. "Changes: This release adds some bugfixes, updating of busybox/tinylogin, and support for the rtl8139 chipset."
IDMS Linux
IDMS Linux has released v2.2.8 with minor bugfixes. "Changes: There are various bugfixes. All packages have been updated to their current version. It is more stable and more reliable."
KNOPPIX
KNOPPIX has released v3.1-2003-01-01 with minor feature enhancements. "Changes: cdbakeoven has been replaced by k3b. Boot options keyboard= and xkeyboad= have been added. A contributed compressloop has been added to the cloop-utils package. Compression level for the compressed iso9660 image is now 9 by default. Hardware detection has been updated with the Trident X module and more wireless cards. There is some KDE menu restructuring and knx-hdinstall 0.37."
Phayoune Firewall
Phayoune Secure Linux has released v0.3.4 of the Phayoune Firewall with minor bugfixes. "Changes: This version includes bugfixes to the preport menu, rearranges all menus for easier use, adds iproute to the supported traffic shaper, and changes squid.conf so that it no longer keeps storelog or accesslog."
RUNT
RUNT has released 1.0 with minor feature enhancements. "Changes: Changes to rc.netdevice and rc.local to show PCMCIA cards if present, a new /runthelp command with commonly-used commands, and a script in /usr/bin to display it."
RxLinux
RxLinux has released v1.2.5 with minor feature enhancements. "Changes: A print server via lpd and samba, a dhcpd server, and iptables configuration to support masquarading were all added."
Distribution reviews
A Critical Look at Mandrake 9.0 (OfB)
Open for Business continues the OfB Distribution Shootout with Mandrake Linux 9.0. "The Mandrake-specific tools went through a complete revamp. Mandrake offers a good set of configuration and maintenance tools, most of them in both console and X11 versions. Many of them proved useful along the way. I like them because they take out the drudgery of many repetitive and cumbersome administrative tasks. Most of them are grouped in the Mandrake Control Center."
KDE Tips & Tricks in Mandrake 9.0
Two new chapters have been released on the trylinuxSD.com website titled "KDE Tips & Tricks in Mandrake 9.0" which offer some KDE3 tips that may not be so obvious to new users. Although the pages are geared toward Mandrake Linux 9.0, much of the content should also apply to anyone using KDE.Living with Red Hat 8 as a productivity client (Register)
The Register reviews Red Hat Linux 8.0. "Explaining to you that Linux is really quite simple to install these days is not however the point - this is established already. What I wanted to do was to determine how successfully and easily I could switch horses from Windows to Linux over a weekend, what - if anything - I'd miss, and what kinds of learning curves it would be necessary to climb."
Page editor: Rebecca Sobol
Development
GiantDisc mp3 / ogg vorbis audio jukebox
GiantDisc is an interesting audio jukebox project that is based on Linux. The basic operation of GiantDisk involves combining a dedicated, headless Linux box, a large disk drive filled with compressed audio files, and a Palm Pilot User Interface to make an audio file player that works as a hi-fi component.
![[GiantDisk]](https://static.lwn.net/images/ns/gdisk.jpg)
GiantDisk consists of a collection of software tools which includes
a set of Linux server scripts for playing and managing
compressed audio files, and a Palm Pilot remote control
applicaton for controlling the sound server.
The GiantDisk software is licensed under the GPL.
See the
Concept Page
for a more detailed overview.
The Palm Pilot is normally connected to the host computer via a serial port, the latest beta version adds tcp/ip capabilities which will allow for USB, IRDA, BlueTooth, W-LAN and GSM operation. Help is needed for testing these latest modes of connection.
A nice capability for the wish-list would be the ability to control GiantDisk from a GUI running on a remote Linux machine, or from a remote web browser. The tcp/ip support should make such applications fairly easy to code.
The GiantDisc Feature List includes:
- The ability to search for tracks and albums.
- The ability to hierachically browse tracks and albums.
- A playlist manager.
- Track recording capabilities.
- Support for hierachically organized genres.
- Network support.
- Support for synchronization between multiple GiantDisk servers.
- Support for streaming media.
- And more...
See the ChangeLog file for a detailed project history.
Version 1.30 Beta of GiantDisk was just released.
System Applications
Audio Projects
Ogg Traffic
The January 5, 2003 edition of Ogg Traffic is out with the latest Ogg Vorbis audio compression software news. Topics include status updates, Icecast 1 vs Icecast 2, new Software with Ogg Vorbis Support, and a DVD Player with Ogg Vorbis Support.Ceres, Mammut, and Vstserver updates
Kjetil S. Matheussen has announced new versions of Ceres, Mammut, and Vstserver. Ceres is used for displaying sonograms, adding sound effects, and editing in the frequency domain. Mammut is an audio FFT package, and Vstserver works with vstlib for playing Windows vst audio plugins.
Libraries
GNU libc project status
Ulrich Drepper has sent out a project status report for GNU libc development. Included is a summary of progress that was made during 2002. Apparently, the support for libc has fallen to the wayside for some of the non-X86 platform ports. Help is needed in bringing the Mips, PPC, and Arm ports up to date. (Thanks to Andrew Morton.)
Mail Software
Mail::Box needs feedback (use Perl)
Use Perl mentions the release of Mail::Box, an email handling module for Perl. "Mail::Box is designed as modern alternative to MailTools, MIME::Entity, Mail::Folder, and many more CPAN modules." Contributions and feature suggestions are being accepted.
Networking Tools
Synchronizing Networks with NTP (O'Reilly)
Glenn Graham illustrates the use of NTP, the Network Time Protocol, which is used for synchronizing system time to reference time servers. "If your server doesn't keep accurate time, your log files are useless in the event of an incident that requires log-dependent information, including security breaches. E-mail servers and other clients depend on accurate time to relay, send, and receive data. What good is the date stamp contained in an e-mail if the server that passed that information is inaccurate?"
Web Site Development
Zope Members News
The most recent headlines on the Zope Members News include: Strip-o-Gram 1.4 Released!, PropertyObject & PropertyFolder 1.3 released, Zope 3 reStructuredText Document 0.1, HTMLWidgets 3.00 Released, Get Paid to Write about Zope!, NeoBoard 1.1 beta 2 has been released, and PlacelessTranslationService.mnoGoSearch-php-3.2.0.rc2 released
Version 3.2.0rc2 of the mnoGoSearch web site search engine PHP frontend software is available. See the ChangeLog file for change information.Improving mod_perl Sites' Performance: Part 5 (O'Reilly)
Stas Bekman writes about forking issues under mod_perl on O'Reilly. "It's desirable to avoid forking under mod_perl, as when you do, you are forking the entire Apache server -- lock, stock and barrel. Not only is your Perl code and Perl interpreter being duplicated, but so is mod_ssl, mod_rewrite, mod_log, mod_proxy, mod_speling (it's not a typo!) or whatever modules you have used in your server, all the core routines."
Web Services
The UNO Web service proxy component
Jan Tietjens has published a paper that describes the UNO Web service proxy component. Uno brings web services to OpenOffice. "Web services are more and more emerging. Some examples are Google and Amazon which are providing a Web service interface for their traditional services, like searching the Web or querying the online bookstore. These interfaces could now be reached by UNO and StarBasic over the UNO Web service proxy. The access with StarBasic is very convenient because of special features of the StarBasic-UNO language binding, as you can see in the given examples."
Explore the Web Services Bus, Part 2 (IBM developerWorks)
Greg Flurry continues his series on the Web Services Bus with Part 2. "What does the Web Services Bus offer when compared to other Web services frameworks? Well, for one thing, its Web Services Invocation Framework (WSIF) heritage means that it always operates on a canonical form of data, not a SOAP-specific form." You may want to start with Part 1 first.
Miscellaneous
Koha 1.3.3 released
Version 1.3.3 of the Koha (book) library and collection management system is available. "This release features many bug fixes, improvements to MARC handling, and French, Spanish, and Polish translations (not yet complete but hey, this *is* a development release.)"
Desktop Applications
Audio Applications
GNUsound 0.5.1 released
Version 0.5.1 of the GNUsound sound editor has been released. "GNUsound 0.5.1 adds an amplitude treshold module, fixes a cuepoint drawing bug, fixes the behavior of the fast-forward/fast-rewind buttons, fixes a potential crash in the LADSPA dialog, and fixes a GCC 2.95 compilation problem."
Ardour news
The latest changes to the Ardour multi-track audio recorder program include sample rate conversions for export, export GUI improvements, a reimplemented scrub mode, zoom focus options, a GUI for Sends, working port inserts, general UI improvements, bug fixes, and more.ALSA Patch Bay 0.4.1 released
Version 0.4.1 of ALSA Patch Bay is out with a number of bug fixes.SpiralSynthModular 0.2.0 released
Version 0.2.0 of SpiralSynthModular is available. "SSM is a object orientated modular softsynth / sequencer / sampler." Significant changes have been included with this release.
Desktop Environments
GNOME Summary for January 3, 2003
Here is the latest GNOME Summary, with lots of news for the GNOME communtity.FootNotes
Headlines on the GNOME desktop FootNotes site include: LPT Desktop for Yellow Dog Linux 2.3, LinuxQuestions.org - Members Choice Nominations, GnuCash 1.7.7 RC2 released, Gnumeric 1.0.12 released, FOSDEM Weekly Interviews, Gnumeric 1.1.15 released, Pan 0.13.3 released, and more.KDE 3.1rc6: The Final Candidate?
KDEDot reports that KDE 3.1rc6 will most likely be the final KDE 3.1 release candidate. It is available for download and it incorporates all of the security fixes from the security audit that delayed the release of KDE 3.1.A New Document Management System (KDE.News)
KDE.News has an announcement for newdocms, which promises to be a new way to manage documents in KDE. "It is a move away from the now over 30-year-old hierarchical file system towards a meta-data-based document retrieval system. A 0.1 preview has now been released along with a description and screenshots."
KDE-CVS-Digest for January 3, 2003
The January 3, 2003 edition of the KDE-CVS-Digest is out. "This week read about some new KDE optimizations, Konstruct, Atlantik (screenshot) and Kalzium updates, as well as many bugfixes and various new features."
Games
Pygame updates
The latest new games entries from the Pygame project include Pyplatform 0.1.7pre, a full featured platform game engine, and Naptus, a follow the blinking lights game. Also, Pygame 1.5.5 was recently released, see the WhatsNew document for details.Falcon's Eye: The Making-Over of Nethack (O'Reilly)
Howard Wen looks at Falcon's Eye, a modern version of the venerable Nethack game. "Falcon's Eye aims for a much more sophisticated transformation, visually and otherwise. It overlays the ASCII characters with detailed graphics presented in an isometric 3D perspective -- accompanied with animation, sound effects, and music -- for the dungeons, player characters, creatures, and items. This particular windowing interface also adds mouse support, tooltip information for creatures and items, shortcuts for several keyboard commands, and many customization options."
Graphics
GIMP 1.3.11 Released
Development version 1.3.11 of the GIMP, the GNU Image Manipulation Program, has been released. "This release features some incompatible changes to the gimprc file format. If you installed earlier versions of the 1.3 series, you are adviced to remove your ~/.gimp-1.3 directory and do a fresh user installation."
GUI Packages
FLTK Software Updates
The latest round of new software for FLTK, the Fast, Light ToolKit, include: FL-Inventor 0.9.4, Fl_Contour 0.1, ESP Print Pro 4.3, a New Comment/Rating System On-Line, and SpiralSynthModular 0.2.0.wxWindows 2.4.0 released
Version 2.4.0 of wxWindows, a cross-platform open-source C++ GUI framework, has been released. "This is the first official stable-API release since 2.2.9 and contains many enhancements in just about every area. 2.4.0 is the first synchronized official release to include wxMac, wxX11 and wxOS/2."
Interoperability
Kernel Cousin Wine
Issue #151 of Kernel Cousin Wine has been published. The topics include: Visual-MinGW Under Winelib, Separating NTDLL and Kernel32, Best Win32 API Spy Tool?, Best Win32 API Spy Tool?, Winemaker Problems (and Solutions), and Special Characters in Resource Names.
Office Applications
AbiWord Weekly News
Issue #125 of the AbiWord Weekly News is out with the latest AbiWord word processor development news. "The NSIS 2 branch is in place, all thanks to that Win-devotee, Jeremy. A security bug was found in the wv library that has had a workaround put into place immediately. And, Andrew's attempt at bloodless coup against UCS-2 results in an extensive on list and in chat discussion."
GnuCash 1.7.7 released
Version 1.7.7 of the GnuCash money management system is available. Changes include the addition of scheduled transactions, a mortgage and loan repayment druid, new small business accounting features, OFX (Open Financial eXchange) import capabilities, HBCI support, redesigned menus, documentation improvements, and more.Kernel Cousin GNUe
Issue #62 of Kernel Cousin GNUe is out with the latest GNU Enterprise development news. Topics include: Parsing XML with GNUe's GParser, Translating error messages in python, Christmas songs applied to GNUe Supply Chain, Basic Front End for the AppServer API, GNUe in New York and Australia, Red Hat Packages (.rpm) for GNUe, GNUe Tools and Packages, Primary keys in AppServer, Primary keys in AppServer, GNUe Reports functionality, and Running GNUe on Apple iMac.LyX Development News
The January 3, 2003 edition of the LyX Development News is out. Topics include: LyX 1.2.2, XForms 1.0, lyx2lyx, wrapping text around figures, Language encodings in the Qt frontend, and the LyX bug database.
Web Browsers
Calendar Soon to be Included in Default Mozilla Builds
MozillaZine has mentions that Calendar will be included in future Mozilla builds. "The calendar is ready to be included by default in the Mozilla builds. We are currently under going a review process to get the code built by default. Once that happens, it's our hope that you'll be able to download a Mozilla build that includes a calendar."
Mozilla Status Update
The January 1, 2003 Mozilla Status Report is out. Several project timelines that document Mozilla development in 2002 have been included.
Languages and Tools
Caml
Caml Weekly News
The December 31, 2002 - January 7, 2003 edition of the Caml Weekly News is out. Articles in this issue include: Coyote Gulch test in Caml, and Native labltk for Mac OS X.
Java
Introduction to Thin Client Framework (IBM developerWorks)
Peter C. Bahrs and Barry A. Feigenbaum introduce TCF, the Thin Client Framework on IBM's developerWorks. See part 1 and part 2 of the series. "Thin Client Framework (TCF) is a lightweight, flexible, and powerful programming framework for Java client applications. In this two-part series, you will learn about TCF from two of its originators. Follow along as Drs. Barry Feigenbaum and Peter Bahrs use detailed discussion, a working example, and live code samples to introduce you to the TCF architecture, design, and implementation."
Lisp
SBCL 0.7.11 released
Steel Bank Common Lisp version 0.7.11 has been released. "This version features improvements to the compiler for generating better code, support for the upcoming FreeBSD 5.0, a new optimization for MAKE-INSTANCE, and several bug fixes."
Perl
This Week on perl5-porters (use Perl)
The December 30, 2002 to January 5, 2003 edition of the Perl 5 Porters Digest is out. The list of topics includes: Copy constructor contract, Simple segfault, Parens in pack(), Link black magic, and more.The Perl Review 0.7
Volume 0, Issue 7 of The Perl Review is out. Article titles include: Jotto: The Five-Letter Word Game, Processing RSS Files with XSLT, Separating code, presentation, and configuration, and Paying Homage to Perl (PHP).
PHP
PHP Weekly Summaries
Two new issues of the PHP Weekly Summary are available.Topics in the January 2, 2003 edition include: PHP 4.3, mail() quirk to workaround qmail bug, register_apache_shutdown_function(), snmp module, zip extension built-in on Windows, php-mix and option to start in PHP mode.
Topics in the January 6, 2003edition include: 2002 reviewed, PHP C code extension tutorial, Changelog not changing?, New Database extension, Win32 GD GIF support, Win32 build issues, Beyond 4.3.
Python
Python-dev Summary
The Python-dev Summary for December 31 is now available. It looks at the first 2.3 alpha release, the FixedPoint type, new import hooks, and several other topics.Dr. Dobb's Python-URL! - weekly Python news and links (Jan 6)
Here is the latest Python-URL with news of interest to the Python communtity.The Daily Python-URL
This week's Daily Python-URL article topics include: Develop Python/XML with 4Suite, Mailman 2.1, What is RSS?, SimPy simplifies complex models, Python 2.3a1 released, and more.
Ruby
The Ruby Weekly News
Topics on this week's Ruby Weekly News include: ruby-dev summary 19151-19226, Ruby in Linux Gazette, Ruby in The Perl Journal, and Drafting a "The Year in Scripting Languages".New Ruby software includes: Ruby Document Bundle, XTemplate -- XML Template Library, Ruby/Qte 0.3, win32_popen 0.1, ratlast 0.3, RAA/2.2, xml-configfile 0.2.0, String#title_case, and Ruby-GetText-Package-0.5.0.
The Ruby Garden
New topics on the Ruby Garden include: Hash |, a non in place update.
Tcl/Tk
This week's Tcl-URL
Dr. Dobb's Tcl-URL for January 8 is out with the latest news from the Tcl/Tk community.
XML
Named Character Elements for XML (O'Reilly)
Anthony Coates and Zarella Rendon show how to deal with special characters in XML. "HTML users are used to having a lot of named character entities available. They can use " " to insert a non-breaking space, "©" to insert a copyright symbol, and "€" to insert the symbol for the new European currency, the Euro. However, most symbols are not automatically defined in XML. To make them available, you have to use a DTD that defines them or you have to define them in the internal DTD subset of your document."
"Displaying" XLinks? (O'Reilly)
John E. Simpson covers XLink issues in his XML Q & A column on O'Reilly.Never Mind the Namespaces: An XSLT RSS Client (O'Reilly)
Bob DuCharme shows how to put together an RSS client on O'Reilly. "RSS is an XML-based format for summarizing and providing links to news stories. If you collect RSS feed URIs from your favorite news sites, you can easily build dynamic, customized collections of news stories. In a recent XML.com article Mark Pilgrim explained the history and formats used for RSS. He also showed a simple Python program that can read RSS files conforming to the three RSS formats still in popular use: 0.91, 1.0, and 2.0. While reading Mark's article I couldn't help but think that it would be really easy to do in XSLT."
Miscellaneous
LazyWeb and RSS: Given Enough Eyeballs, Are Features Shallow Too? (O'Reilly)
Clay Shirky talks about the Lazy Web on O'Reilly. "A persistent criticism of open source software is that it is more about copying existing features than creating new ones. While this criticism is overblown, the literature of open source is clearer on debugging than on design. This note concerns an attempt to apply debugging techniques to feature requests and concludes by describing Ben Hammersley's attempt to create such a system, implemented as an RSS feed."
Page editor: Forrest Cook
Linux in the news
Recommended Reading
Halloween VIII: Doing the Damage-Control Dance
Eric S. Raymond leaks another Microsoft memo. "This is an unusual Halloween memorandum in that it's not particularly redolent of evil. It's a reactionary memo about trying to become less reactionary, the sort of thing that gets churned out daily by clueless corporate droids everywhere. They're tired of constantly being caught by surprise and want to do something about it."
Linux security strong as ever (ZDNet)
ZDNet is running an opinion piece by Con Zymaris on the security of Linux. "The open source community has worked diligently to fight the good fight against security vulnerabilities. One of this community's basic security philosophies is, 'With enough eyeballs, all bugs are shallow.' This Linux axiom points to the fact that when a bug becomes an issue, many people have the source code, and it can be quickly resolved without the help of a vendor."
Perens, Prentice deliver Open Source books (Register)
The Register covers Open Content-licensed books from Prentice Hall. "It works like this. Prentice sells the paper version for several months until an electronic version is released. What happens next is entirely up to the community. The author retains the copyright and in the standard license, his name must be appear on the book's cover. Citations must be acknowledged, modifications must be identified, and derivative works must identify the original unmodified source document."
Companies
Start-up beats IBM for Linux software (News.com)
News.com covers Sistina Software's LVM 2.0, which is slated for inclusion into the 2.6 Linux kernel. "Sistina's LVM products are open-source and freely available. Although the company sells support for LVM to customers who want it, its major revenue source is file system software that works hand in hand with LVM."
MontaVista unveils Embedded Linux for consumer electronics (LinuxDevices.com)
LinuxDevices.com has an article about MontaVista's new "Consumer Electronics Edition" distribution, to be announced today at the Consumer Electronics Show. "CEE incorporates dynamic power management features, file system enhancements, and new tools to measure performance, system timing, and memory size. CEE also features support for XIP (eXecute In Place) in the kernel and applications, as well as streaming media optimizations."
SGI begins high-end Linux push (News.com)
News.com looks at SGI's new Altix 3000 series. "The Altix 3000 systems are essentially an adaptation of SGI's existing Origin 3000 systems, which use SGI-designed MIPS processors and Irix, its version of Unix. The Altix 3000 systems, though, use Itanium processors and Linux, a move that lets SGI benefit from others' research and development budgets and that weans SGI off its reliance on its in-house technology." See also this press release from SGI.
Business
Big [and not so big] ideas for 2003 (CIO Magazine)
CIO Magazine has published a special issue on 48 ideas which, it is claimed, will change the shape of business in 2003. Number 16 is Linux. "In retail, and likely in other industries that deploy thousands of PCs as terminals, a big wave of open-source pilots will occur in 2003, followed by deployment in 2004..." (Number 26 is Ogg Vorbis, and number 34 is about software patent problems).
Windows Users Should be Glad there's a Linux (ExtremeTech)
ExtremeTech has an editorial by Robin "roblimo" Miller on how the existence of Linux might improve Windows. "Perhaps 2003 will be the year Microsoft decides to actually compete with open source instead of just talking trash about it. We already see Microsoft offering enterprise customers better deals on some of its applications packages (notably Microsoft Office) than it did in the past because of competition from OpenOffice and its proprietary but amazingly inexpensive cousin, StarOffice."
Linux Adoption
Linux TCO edge: Lower labor costs (ZDNet)
Here is a different perspective on the "total cost of ownership" issue on ZDNet. "In the survey, Linux admin salaries were slightly higher than Windows admins, with Linux at $71,400 per admin, and Windows at $68,500 per admin. But Linux admins took care of an average of 44 servers and Windows admins an average of 10. So the salary per processing unit was Linux, $12,010, and Windows, $52,060."
Open Source Yields Savings, Minimizes Vendor Hassles For Texas Energy Company (TechWeb)
TechWeb looks at the use of Linux at Atmos Energy. "While [IT manager Scott Womer] had a $60,000-to-$80,000 budget to buy firewalls, he was able to buy two $5,000 servers and install the free open-source code for a total cost of just $10,000. Like many open-source users, however, he strongly emphasized the value of being able to address problems in open-source code internally and quickly, rather than relying on vendors to help in that effort."
Linux invades government servers (ZDNet)
Here's the latest Meta Group pronouncement on ZDNet; this one looks at Linux in government. "The international governmental focus on developing and using Linux on servers negates one of Microsoft's arguments against the rival OS--that little is being invested in developing the alternative platform. However, the danger is that these large organizations as well as vendors (e.g., IBM and Hewlett-Packard) using Linux will create semi-proprietary branches in Linux development (known as "forking"), which is what happened when the hardware makers of the 1980s adopted Unix."
Legal
Teen cleared in landmark DVD case (CNN)
CNN reports on the acquittal of Jon Johansen. "But Johansen argued his code was necessary to watch movies he already owned, on his Linux-based computer, for which DVD software had not yet been written. He said since he owned the DVDs, he should be able to view them as he liked, preferably on his own computer. The court, citing consumer laws which protect consumers' fair use of their own property, agreed."
Congress to take on spam, copyright (News.com)
News.com looks at the 2003 legislative agenda in the U.S. "On Tuesday, Rep. Rick Boucher, D-Va., and three other legislators reintroduced their bill from last year that would defang the DMCA. Their proposal, called the Digital Media Consumers' Rights Act, would let Americans bypass copyright-protection schemes for legitimate 'fair use' purposes."
Interviews
FOSDEM Weekly Interviews
FOSDEM has published 3 new interviews with three of the speakers who will give talks and tutorials during FOSDEM (February 8 and 9, 2003 in Brussels).Lindows CEO funds Xbox hacking contest (News.com)
News.com talks with Michael Robertson about his role in hacking the Xbox. "Robertson confirmed the SourceForge posting in an interview Thursday with CNET News.com, saying he funded the contest not for business goals but to promote open access to technology. "There is no business justification; that's not why I did it," he said. "I did it because I thought people should have the choice to run the software they want on the hardware of their choice...I don't think when you buy a car, they should be able to tell you what brand of gas to put in it.""
Resources
LinuxDevices.com Newsletter for Jan. 2, 2003
Here is the first Linuxdevices.com's Embedded Linux Newsletter for 2003, with all sorts of news about embedded Linux.Introduction to the ELC's new Embedded Linux platform spec (LinuxDevices)
LinuxDevices.com provides a brief explanation of the process that led to the development of the Embedded Linux Consortium Platform Specification (ELCPS) and a cursory description of its contents. "The ELCPS was designed to be an API specification, thus supporting source level portability of applications to different implementations. This design ensures a specification that provides developers of applications and middleware assurance that their products can be recompiled for a large variety of potential embedded Linux targets."
Linux Certification -- Certified to thrill (LinuxLookup)
LinuxLookup editorializes on Linux Certification. "Since Linux is relatively new in the vocational courses arena, the courses and requirements are few. Requirements of a certificate, that is. When a thousand people contest for thousand placement oppurtunities, there's no need for a certificate. But when these thousand companies, need to select from a number, multiple of their count, it results in chaos. A certificate aims to bring order to chaos."
Miscellaneous
xBox Linux donor extends prize offer (Register)
This Register article identifies the person offering the xBox Linux prize as Michael Robertson of Lindows, and says the prize has been extended. "He is extending the deadline for part B of the prize for another year. This is to enable hackers to produced a Linux capable of running on xBox with no hardware modifications. The original deadline was the end of 2002."
Page editor: Forrest Cook
Announcements
Commercial announcements
Aberdeen Group Announces Top Predictions for 2003 IT Trends
The Aberdeen Group has announced its top predictions for 2003. Among other predictions, they see a bright future for Enterprise Linux.LGP Competition and Prize Draw
Linux Game Publishing has announced a contest that involves guessing the titles of two commercial games that are being ported to Linux. Winners will receive free copies of the games.
Resources
Open Source Digest: Issue #1
The first issue of Open Source Digest, a new monthly online magazine devoted to bringing quality articles about open source to the open source community, is now available.LPI-News December 2002
Here is the December issue of the LPI-News. This issue looks back at 2002 and ahead to Linux World in New York; and much more.LinuxQuestions.org Members Choice Nominations
LinuxQuestions.org has announced their latest poll for the Members Choice Awards. Make your selections here, the poll closes on March 1, 2003.PostgreSQL Introduction (Linux Productivity Magazine)
Linux Productivity Magazine has a lengthy introduction to the PostgreSQL database available online. "PostgreSQL, often nicknamed "Postgres", offers SQL query support. It offers a high power command line front end called psql for a DBA to manage the database. It has excellent transactional support. Sophisiticated triggers and stored procedures are available thanks to the built in plpgsql programming language."
Upcoming Events
O'Reilly Open Source Convention Call for Participation
The 2003 O'Reilly Open Source Convention will be happening in Portland, Oregon on July 7 to 11. The call for participation has just gone out, with proposals being due by February 15. The theme this time around is "embracing and extending proprietary software."samba eXPerience 2003 CFP
We have received an updated Call For Papers for the samba eXPerience 2003. Submissions are due in by February 14, 2003.Open Source Workshop Call For Papers
A call for papers has been issued for the 3rd Workshop on Open Source Software Engineering, to be held on May 3, 2003 in Portland, Oregon. Papers are due in by February 1, 2003.Case Studies-Call for Submissions:OMG Days Europe 2003.
The Object Management Group and LogOn Technology Transfer announced a call for submissions for "Case Study" presentations done by End Users at the forthcoming series of OMG Days in 2003.Damian Conway Classes in Boston (use Perl)
Use Perl has an announcement for three more Perl classes by Damian Conway. The classes will be held in Boston, Mass. on January 21-24, 2003.Debconf 3
The University of Oslo in Oslo, Norway is hosting Debconf 3 this year, and the Debcamp hacking session preceeding Debconf 3. Debcamp starts July 12 to 17, 2003, followed by Debconf 3 July 18 to 20, 2003.Events: January 9 - March 6, 2003
| January 21 - 24, 2003 | LinuxWorld Conference & Expo | (Jacob K. Javits Center)New York, NY |
| January 22 - 25, 2003 | Linux.conf.au 2003 | Perth, Australia |
| January 27 - 31, 2003 | SAINT-2003 | Orlando, Florida, USA |
| February 3 - 6, 2003 | O'Reilly Bioinformatics Technology Conference | (Westin Horton Plaza.)San Diego, CA |
| February 4 - 6, 2003 | Linux Solutions 2003 | (CNIT)Paris, France |
| February 8 - 9, 2003 | Free and Open source Software Developers' European Meeting(FOSDEM) | Brussels, Belgium |
| February 10 - 14, 2003 | The fifth NordU/USENIX Conference(NordU2003) | (Aros Congress Center)Västerås, Sweden |
| February 22 - 24, 2003 | CodeCon 2.0 | (Club NV)San Francisco CA, USA |
Web sites
Linux Orbit Professional web site
The Linux Orbit Professional web site has been launched, the site will include a monthly journal publication.
Software announcements
This week's software announcements
Here are the software announcements, courtesy of Freshmeat.net. They are available in two formats:
- Sorted alphabetically,
- Sorted by license.
Page editor: Forrest Cook
Letters to the editor
creative commons
| From: | Theo de Raadt <deraadt@cvs.openbsd.org> | |
| To: | lwn@lwn.net | |
| Subject: | creative commons | |
| Date: | Mon, 30 Dec 2002 16:43:23 -0700 |
There is a serious problem with these new licenses: they are
contracts, or an agreement between two parties.
The typical 2-4 line BSD or MIT "licenses" that we are familiar with
are not contracts. These headers simply "give up" rights gauranteed
by the government under copyright law. As such, they do not need to
be contracts -- an agreement between two parties -- because the
government has established the exact rules under which copyright works
BY DEFAULT. (I don't need a contract with people that guarantees that
they will not kill me; the government has laws for that. In less
extreme cases the same applies to other laws too: the government
establishes laws and policies for ONE-WAY responsiblity. If a cement
truck runs into my house, there is a ONE-WAY responsibility
established by law).
Since the licenses I talk about just "give up" rights, there is no
need to have a two-way agreement. Regular copyright protections for
the publisher remain in effect, except for those explicitly waived.
A waiver is not a contract. A BSD or MIT copyright "rights waiver
attachment" is not a contract.
Anyways, I believe that heading towards contract law for these extra
things is a very serious mistake. The assumption here by the lawyers
who are drafting these, I suspect, is that they believe copyright law
will eventually fail us. (Or maybe they want it to?)
But is it really right that one hand our community is trying to get
copyright law to be reinforced as it is designed and was intended to
work -- and not weakened -- while the other hand there is an approach
which is heading towards give-money-to-lawyers contract law?
Oh wait! Perhaps in fact that is not what is going on. Perhaps these
creative commons people are just lawyers trying to capitalize in the
future on weak understanding by the public of how strong copyright law
is, and instead, are trying to guide a gullible community into the
financial quagmire of contract law.
Naw, that couldn't be...
Page editor: Jonathan Corbet