LWN.net Weekly Edition for January 23, 2003
Five years of LWN
The first LWN.net Weekly Edition was posted on January 22, 1998. We didn't really hit our stride until the following week, but the fact remains: LWN is now five years old.LWN was originally intended to be an attention-getting mechanism for a startup Linux support and consulting business. The whole plan was based on a number of misconceptions, beginning with the idea that demonstrating our expertise in an online newsletter would show the world that we could help them deploy Linux in their companies; somehow it never quite worked that way. We also thought that Red Hat was serious about its ill-fated "support partner" program, and that we might actually make some money with it. Perhaps worst of all, we were under the impression that helping people with their system administration problems would not drive us completely crazy. All told, it's not entirely surprising that things did not go the way we thought they would.
But, it appears that was maybe for the best. From the beginning, it can be argued that our heart was really in the LWN effort, rather than in the "money making" activities it was meant to publicize. Even so, we could never have imagined that LWN would still be around in five years - or that it would be such a wild ride.
At this point in its history, LWN is in as good a place as it has ever been. It's easy to miss the funner aspects of the Bubble Days - indeed, the money coming in is still not what it needs to be for the long term - but LWN is now sustaining itself by selling a service directly to almost 2500 individuals (and 30 companies - thanks to Zope Corporation for being the most recent subscriber) who find it worth paying for. Our success depends directly on keeping our readers happy, rather than trying to sell our readers' attention to a small number of big advertisers. We can, thus, concentrate on making our content the best it can be with no need to worry about conflicts of interest. Advertising will remain part of our income stream, but it's relatively small.
Looking forward, we'll soon be deploying a new version of our text ad code - there will be a separate announcement when that happens. Then, with luck, we can direct some effort away from site coding and toward content creation. We have been experimenting with content from external authors with some luck; we hope to be able to expand that program in the future. We are also working with the folks at Progeny as they expand their Programmers Toolkit offering; that partnership should help us to expand LWN's reader base. And, of course, we'll be looking for other ways to expand our list of subscribers; we'll tell you more about what we're doing when we figure it out ourselves.
In any case, it is our plan to be part of the Linux and free software community for the next five years; we expect them to be at least as interesting as the previous five. Many thanks to all of you for half a decade of support.
A couple of alternative DNS servers
One of our favorite things to worry about here at LWN is software monocultures. When everybody is running the same thing, a single vulnerability can compromise them all. The BIND nameserver package has thus occasionally come up as a topic of concern, since it has one of the strongest monopolies in the free software arena. There have been very few free alternatives to BIND which have become stable enough for people to trust them with their name service tasks.That situation is changing, however. Over the last week, two different free DNS server implementations have announced new releases. So it seems like a good time to give them a look.
The announcement of the first public release of the Oak DNS server went out recently. Oak is written entirely in Python, with the result that it is portable to many systems (even Windows) and should be relatively resistent to buffer overrun attacks. Oak is licensed under the LGPL, and supports most of the features one would expect in a nameserver: recursion, master and slave modes, etc.
That said, Oak is very much a work in progress. It comes packaged as one big Python module and a driver script; no distutils installation support in sight. It reads the usual DNS master file format to get zone information, but the top-level configuration takes the form of a screenful or so of Python code - not something every system administrator will want to get into. Documentation is scarce; those wanting to make serious use of Oak at this point will likely have to delve into the code. This is definitely not Aunt Tillie's DNS server.
But the core functionality of Oak appears to be solid, and the project's maintainer (Ed Stoner) is responsive to problem reports. It would not take all that much work to turn Oak into a simple, secure, high-quality DNS server, especially for smaller installations. If you like Python programming, Oak is worth a look now; with luck it will be ready for everybody else in the near future.
For a very different sort of nameserver, see the announcement for PowerDNS 2.9.4. PowerDNS was, for some time, a proprietary system; it was released under the GPL in November of 2002. The pace of development seems to have picked up since then, and PowerDNS is evolving into an impressive system.
While Oak may be best suited to small networks, PowerDNS is clearly aimed at large ISPs and others who must serve huge numbers of domains. It can obtain its DNS information via several backends; it can, for example, run from an existing BIND configuration, or talk (using a pipe) to an arbitary process via a simple and well-documented protocol. The most developed backends, however, would appear to be those which work with a MySQL, PostgreSQL, or Oracle database. PowerDNS comes with a database scheme that it expects to use, but the SQL it uses is easily changed via the configuration file. PowerDNS, thus, will happily fit in with just any sort of in-house system used for the management of domain information.
PowerDNS also includes its own built-in web server which provides information on performance and the most frequent queries. It can also produce statistics meant to be fed directly to MRTG. PowerDNS supports the usual security features (setuid, chroot), and has been written for high performance when dealing with thousands of domains. It is also extensively documented on doc.powerdns.com.
The one thing that PowerDNS lacks is support for recursive name resolution. With its default configuration, if PowerDNS is does not have an authoritative answer for a given query, it refuses to answer at all. It is thus suitable for handling primary and secondary nameserver duties, but not for handling name lookups for users. That is changing, though; version 2.9.4 includes a recursive nameserver which can be built and run as a separate process. The plan, apparently, is to integrate that functionality into PowerDNS itself in the 2.9.5 release.
Oak and PowerDNS are not the only alternative free nameservers, of course. Some others which appear to be reasonably stable and under active development include:
- MaraDNS (a simple, recursive nameserver).
- MyDNS (an authoritative-only system which works with MySQL or PostgreSQL).
- NSD (authoritative-only).
(And yes, in order to forestall a flood of email, we should mention that the not-quite-free djbdns package is also out there).
BIND is a package with a long history of service; the Internet is literally built on it. Its security record is not that bad, considering its wide deployment and the amount of energy that has gone into finding vulnerabilities. But the security of the Net as a whole can only be improved by the emergence of solid, well-supported alternatives.
A few announcements from LinuxWorld
[This article was contributed by Joe 'Zonker' Brockmeier]
Every trade show produces a slew of press releases from vendors, and this year's LinuxWorld Expo is no different. Here's a quick summary of some of the more interesting announcements made this year.AMD introduced a trial version of the 64-bit Opteron CPU at LinuxWorld. AMD and IBM announced that a 64-bit trial version of DB2 was ready for computers based on the Opteron. The company is planning to make about 500 Opteron-based systems available to system builders and potential customers. In further Opteron news, AMD and Scyld announced that they are working on a 64-bit version of Scyld Beowulf for Opteron machines.
While working together on DB2 on Opteron, AMD and IBM were touting separate Linux-based PDA solutions at LinuxWorld. AMD has partnered with Metrowerks to produce the OpenPDA platform. OpenPDA is designed to run on the AMD Alchemy Solutions Au1100 processor for PDAs and smart phones. AMD's reference platform includes Trolltech's Qtopia multi-language user interface, Insignia's integrated Java Virtual Machine (JVM), and the Opera Web browser.
SYS-CON Media plans to debut its own Linux-focused magazine, Linux Business & Technology, in May. The magazine is a spin-off of SYS-CON's Linux Business Week website and will be aimed at enterprise market. LBT will carry a cover price of $5.99. SYS-CON also publishes Java Developer's Journal, Web Services Journal and XML-Journal.
There were a few UnitedLinux announcements at LinuxWorld Expo, including plans to create a software developers program and partner with the Linux Professional Institute (LPI) to create a certification program. The United Linux developer program is designed to encourage development for the United Linux platform and includes a Software Evaluation Kit developed by IBM. LPI and United Linux will be rolling out the new certifications in the first quarter of 2003: a UnitedLinux Certified Professional (ULCP) certification and a UnitedLinux Certified Expert (ULCE) certification. UnitedLinux also announced that HP was becoming an UnitedLinux Technology Partner.
Speaking of HP, the company announced Tuesday that it is now raking in $2 billion a year on its Linux offerings. This announcement was actually made by Carly Fiorina at HP's annual storage and enterprise event in Amsterdam, but it seems to fit in nicely. At LinuxWorld, HP announced several new Linux-based products, including a line of workstations with Red Hat 7.3 pre-installed and a four-processor blade server.
The Ximian folks were also busy at LinuxWorld. Ximian announced a collaboration with Sun Microsystems, releasing the Sun ONE Connector for Ximian Evolution. Like Ximian's Connector for Microsoft Exchange, the product will allow users on Linux or Solaris systems to exchange calendars, schedules, address books and task lists. Ximian also announced the release of Red Carpet Enterprise 1.2, which adds rollback support so admins can return a system to a previous configuration.
Dell was somewhat low-key at LinuxWorld this year, but did announce a new line of server blades that will fit 84 servers in a standard rack. The PowerEdge 1655MC blade runs Red Hat Linux. Red Hat was also fairly quiet, though Michael Tiemann gave a keynote address with Jeffrey Birnbaum of Morgan Stanley on Wednesday.
SuSE unveiled its Desktop edition on Tuesday. The SuSE Linux Office Desktop includes CodeWeavers CrossOver 1.3.1, allowing users to run Microsoft Office and a number of other Windows applications on Linux. The Office Desktop also includes Sun StarOffice for companies that would prefer to migrate off of Office entirely.
MySQL AB announced that a few new features had been added to MySQL. MySQL 4.1 now includes subselects and improved SSL support. The company also used the occasion to announce their own conference. The MySQL Users Conference & Expo will take place in San Jose, April 10-12.
Some of the more interesting Linux-related products announced this year include the LTrix Engineering lice 1.7 Patchless Linux Kernel Debugger and the PTC Pro/ENGINEER Wildfire MCAD software for Linux.
The next LinuxWorld Expo is scheduled for August 4-7 at the Moscone Center in San Francisco.
Security
Brief items
The CVS vulnerability
[This article was contributed by LWN reader Tom Owen]
German web tools vendor e-matters somehow allows the time for PHP developer Stefan Esser to read source code. Earlier this week he reported serious vulnerabilities resulting from a programming error in the version control tool CVS. Since CVS is used by most free software development projects, this problem merits some attention.CVS can be configured to allow read-only access to anonymous users. Development projects use this capability to allow public access to the latest development versions without having to build a release every time a file changes. The e-matters advisory covers two levels of vulnerability based on read-only access:
-
Anonymous read-only users can obtain write access,
allowing the attacker to change code in the repository.
One obvious attack is to slip a trojan into the source.
If the change isn't spotted, it will be distributed as part of the next release.
- A poorly-documented feature allows CVS users with write access to execute arbitrary commands on the server.
The advisory does not make the holes seem easy to exploit. The (unpublished) proof of concept depends on features of BSD memory management; it might not work on other hosts. But the payoff for a successful attack is huge - it's conceivable that an attacker could get an undetected trojan in to a widely distributed package. So it is not surprising that the distributors are rushing out updates based on CVS version 1.11.5, which does not contain the fault.
The advisory also points out:
Esser offers a patch to control Update-prog and Checkin-prog from the CVS configuration.
There are numerous anonymous-CVS servers on the net, and all of them could, conceivably, be vulnerable. It is important that they get patched up in a hurry, or this vulnerability could be the source of no end of other problems later on.
January CRYPTO-GRAM newsletter
Bruce Schneier's CRYPTO-GRAM newsletter for January is out; it looks at cyber-war, the Randomized Message Authentication Code, and Yahoo. "Someone's birthdate isn't a secret, and is a terrible way to authenticate someone. But Yahoo goes one step further. 'My Yahoo,' the company's popular personalized news page, uses the information to put a 'Happy Birthday, <username>!' message at the top of your page when you visit on your birthday."
New vulnerabilities
bugzilla - insecure permissions, spurious backup files
| Package(s): | bugzilla | CVE #(s): | CAN-2003-0012 CAN-2003-0013 | ||||
| Created: | January 16, 2003 | Updated: | January 22, 2003 | ||||
| Description: | Two vulnerabilities have been discovered in Bugzilla, a web-based bug
tracking system, by its authors. The Common Vulnerabilities and
Exposures Project identifies the following vulnerabilities:
| ||||||
| Alerts: |
| ||||||
CVS - exploitable double-free bug in the CVS server
| Package(s): | cvs | CVE #(s): | CAN-2003-0015 | ||||||||||||||||||||||||||||||||||||||||||||||||
| Created: | January 20, 2003 | Updated: | April 7, 2003 | ||||||||||||||||||||||||||||||||||||||||||||||||
| Description: | CVS is a version control system frequently used to manage source code
repositories. During an audit of the CVS sources, Stefan Esser
discovered an exploitable double-free bug in the CVS server.
On servers which are configured to allow anonymous read-only access, this bug could be used by anonymous users to gain write privileges. Users with CVS write privileges can then use the Update-prog and Checkin-prog features to execute arbitrary commands on the server. All users of CVS are advised to upgrade to erratum packages which contain patches to correct the double-free bug. See also this CERT advisory | ||||||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||||||||||
dhcp - Buffer Overflows in ISC DHCPD Minires Library
| Package(s): | dhcp | CVE #(s): | CAN-2003-0026 | ||||||||||||||||||||||||||||||||
| Created: | January 16, 2003 | Updated: | January 23, 2003 | ||||||||||||||||||||||||||||||||
| Description: | The Internet Software Consortium (ISC) has discovered several buffer
overflow vulnerabilities in their implementation of DHCP (ISC DHCPD).
These vulnerabilities may allow remote attackers to execute arbitrary code
on affected systems. There are no known exploits at this time.
See CERT Advisory CA-2003-01 for complete details. | ||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||
fnord - buffer overrun
| Package(s): | fnord | CVE #(s): | |||||
| Created: | January 17, 2003 | Updated: | January 22, 2003 | ||||
| Description: | Ralf Wildenhues has discovered a buffer overrun in the CGI code in fnord 1.6. This function does not return, so this does not appear to be exploitable. fnord - yet another small httpd has an update to fix the problem in any case. | ||||||
| Alerts: |
| ||||||
printer-drivers - multiple vulnerabilities
| Package(s): | printer-drivers | CVE #(s): | |||||||||
| Created: | January 21, 2003 | Updated: | January 22, 2003 | ||||||||
| Description: | Karol Wiesek and iDefense disovered three vulnerabilities in the
printer-drivers package and tools it installs. These vulnerabilities
allow a local attacker to empty or create any file on the filesystem.
The first vulnerability is in the mtink binary, which has a buffer overflow in its handling of the HOME environment variable. The second vulnerability is in the escputil binary, which has a buffer overflow in the parsing of the --printer-name command line argument. This is only possible when esputil is suid or sgid; in Mandrake Linux 9.0 it was sgid "sys". Successful exploitation will provide the attacker with the privilege of the group "sys". The third vulnerability is in the ml85p binary which contains a race condition in the opening of a temporary file. By default this file is installed suid root so it can be used to gain root privilege. The only caveat is that this file is not executable by other, only by root or group "sys". Using either of the two previous vulnerabilities, an attacker can exploit one of them to obtain "sys" privilege" and then use that to exploit this vulnerability to gain root privilege. | ||||||||||
| Alerts: |
| ||||||||||
susehelp - remote command execution
| Package(s): | susehelp | CVE #(s): | |||||
| Created: | January 20, 2003 | Updated: | January 22, 2003 | ||||
| Description: | During a code review of the susehelp package the SuSE Security Team recognized that the security checks done by the susehelp CGI scripts are insufficient. Remote attackers can insert certain characters in CGI queries to the susehelp system tricking it into executing arbitrary code as the "wwwrun" user. Please note that this is only a vulnerability if you have a web server running and configured to allow access to the susehelp system by remote sites. | ||||||
| Alerts: |
| ||||||
vim - modeline vulnerability
| Package(s): | vim | CVE #(s): | CAN-2002-1377 | ||||||||||||||||||||||||
| Created: | January 16, 2003 | Updated: | February 10, 2004 | ||||||||||||||||||||||||
| Description: | VIM allows a user to set the modeline differently for each edited text file by placing special comments in the files. Georgi Guninski found that these comments can be carefully crafted in order to call external programs. This could allow an attacker to create a text file such that when it is opened arbitrary commands are executed. | ||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||
Events
Computer Security Mexico 2003
Computer Security Mexico will be held in Mexico City on March 6 and 7, 2003. Papers are being accepted through February 7.Call For Papers -- RAID 2003
The Sixth International Symposium on the Recent Advances in Intrusion Detection is scheduled for September 8 to 10 in Pittsburgh, Pennsylvania. The call for papers is out now, with a deadline of March 31.
Page editor: Jonathan Corbet
Kernel development
Brief items
Kernel release status
The current development kernel is 2.5.59, which was released by Linus on January 16. It includes a number of architecture-specific updates, an XFS update, support for the SHA-386 and SHA-512 algorithms in the crypto API, a new NUMA scheduler (see below), and some sysfs work. The long-format changelog has the details.This will be the last release from Linus for a bit, since he will be traveling through the end of the month. There are currently no additional patches merged into his BitKeeper tree.
The current stable kernel is 2.4.20; Marcelo has not released any 2.4.21 prepatches since January 6.
Kernel development news
The new NUMA scheduler
The O(1) scheduler was integrated relatively early in the 2.5 development cycle with great results. So it could be a bit surprising to see a new set of scheduler changes going in at this late, feature-frozen date. The inclusion of a new NUMA scheduler in 2.5.59, however, is a relatively safe move which will help Linux perform well on high-end systems.NUMA (non-uniform memory access) systems, of course, are distinguished by an architecture which makes some memory "closer" to certain processors than others. Each "node" in a NUMA system contains one or more processors, along with an array of local memory. Processors can access memory belonging to other nodes, but that access will be relatively slow. To get top (or even reasonable) performance on NUMA systems, the kernel must keep each process - and its memory - within a single node whenever possible.
The memory allocation side has been in place for some time; the Linux kernel memory allocator sets up one or more zones for each node, and allocates new pages from the current node's zones whenever possible. But the scheduler, as found in 2.5.58, will happily move processes between nodes in its efforts to keep all processors busy. There has been a NUMA scheduler patch floating around for a while, but it has not been merged, perhaps because it made too many changes to the scheduler for non-NUMA systems.
More recently, the NUMA scheduler patch has been reworked (by Martin Bligh, Erich Focht, Michael Hohnbaum, and others) around a simple observation: most of the NUMA problems can be solved by simply restricting the current scheduler's balancing code to processors within a single node. If the rebalancer - which moves processes across CPUs in order to keep them all busy - only balances inside a node, the worst processor imbalances will be addressed without moving processes into a foreign-node slow zone.
A simple (three-line) patch which did nothing but add the within-node restriction yielded most of the benefits of the full NUMA scheduler; indeed, it performed better on some benchmarks. Real-world loads, however, will require a scheduler which can distribute processes evenly across nodes. Occasionally it is necessary, even, to move processes to a slower node; a lot of CPU time on a lightly-loaded node will give better performance than waiting in the run queue on a heavily-loaded node. So a bit of complexity had to be added back into the new scheduler to complete the job.
The 2.5.59 scheduler distributes processes across NUMA nodes in two places. The first is in the exec() system call. A process which calls exec() is very simple to move, since almost all of its context, including memory, is being thrown away. For many loads, proper balancing at exec() time is enough to get good performance.
Some loads, however, will tend to pile up processes within a single node. Any process which forks many times, for example, will find itself competing with all of its children for the same node's resources (unless, of course, those children call exec() and are moved to a new node). To address this problem, the new NUMA scheduler will occasionally look for a large load imbalance between nodes, and, if one is found, move processes to balance things out. This rebalancing happens once for every ten or hundred intra-node rebalancings, depending on the architecture.
The scheduler has seen continued tweaking since 2.5.59 came out. The most significant change, perhaps, is to move the explicit load balancing out of the main scheduler code (where it could get called many times per second on an idle processor) and to restrict it to the scheduler's "timer tick" routine. That change allows more exact control over when the rebalancings happen. A recent patch from Ingo Molnar performs fairly frequent rebalancings (intra-node every 1ms, and globally every 2ms) when the current processor is idle; if the processor is busy the rebalancings only happen every 200 (local) and 400ms (global).
Linus raised an interesting point when he merged the NUMA scheduler: can this scheduler handle hyperthreading as well? Hyperthreaded processors implement two (or more) virtual CPUs on the same physical processor; one processor can be running while the other waits for memory access. Hyperthreading can certainly be seen as a sort of NUMA system, since the sibling processors share a cache and thus have faster access to memory that either one has accessed recently. So the same algorithm should really work in this case.
Treating hyperthreaded systems as NUMA systems has a a certain conceptual elegance, but it may not be the way the Linux kernel goes in the end. The most recent hyperthreading patch from Ingo Molnar takes a different approach: rather than mess with "rebalancing" processes across the same physical processor, why not just use the same run queue for both? Sibling processes on a hyperthreaded core are truly equivalent; it does not matter which process runs on which virtual processor as long as they are all busy. So NUMA and hyperthreading may stay as distinct cases for now.
What ever happened to 32-bit dev_t?
One of the things that has been on the 2.5 "to do" list since before there was a 2.5 is expanding the dev_t type to 32 bits. dev_t, of course, is currently a 16-bit value holding the eight-bit major and minor device numbers. The small size of the device number fields has been a constraining factor for people building systems with thousands of devices for some time; it had been pretty well assumed that it would be expanded in this development cycle.Almost three months into the feature freeze, the dev_t expansion is nowhere in sight. It remains necessary, however; consider this statement from Alan Cox:
32-bit dev_t as an added vendor patch would make for a big difference between the Linus kernel tree and that which is shipped by the distributors. But large distributor patches to the kernel are not that uncommon. The real issue here is that no 32-bit dev_t patch has been posted - whether for integration or not.
Expanding dev_t is not a trivial task. The interface with user space must be handled carefully to avoid breaking older applications. The kernel currently tracks devices through the static blkdevs and chrdevs arrays, which are indexed by the major device number. This approach works when there are only 256 possible device numbers, but falls apart when you can have thousands of them. And, despite a continued effort to stamp them out, there are, beyond doubt, many places in the kernel which assume implicitly that device numbers are eight bits wide.
So the dev_t expansion will be somewhat invasive and destabilizing - though certainly achievable. It really should happen sooner rather than later. If it is true that a larger dev_t will be a part of the 2.6 kernel actually seen by customers, then this work is one of the factors which is delaying the 2.6 release.
Patches and updates
Kernel trees
Architecture-specific
Build system
Core kernel code
Development tools
Device drivers
Documentation
Memory management
Security-related
Miscellaneous
Page editor: Jonathan Corbet
Distributions
News and Editorials
Linux Standards Base Certification for many distributions
The Free Standards Group announced "that every major Linux distribution vendor has now applied for and passed Linux Standards Base Certification." We would amend that statement to read "every major RPM-based distribution vendor". Notably missing from the list of LSB-certified distributions are Slackware and Debian.
For now at least, RPM is the standard, and that's unlikely to change any
time soon. Chapter 16 (Software Installation) of the LSB 1.3 begins,
"Applications should be provided in the RPM packaging format as
defined in this specification.
"
It's a reasonable standard given its wide use. Other distributions may have a "better way", but they are not as widely implemented as RPM.
Debian is LSB compliant in most respects. Though packaging is done with dpkg rather than RPM, support for the RPM format is supplied. Debian also includes a "lsb" package that sets up most of what is needed for LSB compliance. What Debian lacks, in particular, is a company that can deal with the paperwork, pay the required fees. Debian is a group of volunteers with no legal existence to sign all the paperwork. These are the issues that will prevent Debian from gaining LSB certification in the near future, even when it has achieved LSB compliance.
Distribution News
Debian GNU/Linux
The Debian Weekly News for January 21, 2003 is out. This week covers the EFF award nomimations; a Debian swirl seen from space; and much more.The Debian Project will be represented at events in Australia, USA and Germany.
Raphael Hertzog provides an update on the Package Tracking System and the DebianEdu subproject.
Gentoo Weekly Newsletter -- Volume 2, Issue 3
The Gentoo Weekly Newsletter for January 20, 2003 is out. This week, a sneak peek at the next release of Gentoo Linux (1.4_rc3) and a Gentoo PPC developer presentation at MIT.Lindows Offers Educational Package (TechWeb)
TechWeb looks at an educational package from Lindows. "Software maker Lindows.com Inc. is selling its desktop version of open-source Linux at a special rate to schools. The San Diego company will sell the Lindows operating system for an unlimited number of computers for $500 a year. The OS will come with educational software, Web-browsing, e-mail, and other basic programs."
Mandrake Linux
The Mandrake Linux Community Newsletter for January 16 is out. It looks at the Mandrake Linux 9.1 beta, RPM Voting, and several other topics - but there is no mention of the bankruptcy filing.A number of bugs have been fixed in new sane and sane-related packages. A number of new models of scanners are now supported, and a serious bug was fixed with the Epson Perfection 1260 support, which in older versions of sane could potentially physically damage the scanner. A new library is also provided (libieee1284) which provides additional support for parallel port scanners.
Slackware Linux
Slackware Linux has seen a number of changes in slackware-current. Extras such as docbook have been added, along with new non-English word lists for Aspell. There were several security fixes this week as well. You can find more about the security fixes in this week's security section. Visit the change log for complete details.SuSE Linux
SuSE Linux annnounced the availability of the SuSE Linux Office Desktop, which combines SuSE Linux 8.1 with Codeweavers CrossOver Office 1.3.1 to provide users a system for the office desktop.
Minor distribution updates
2-Disk Xwindow embedded Linux
2-Disk Xwindow embedded Linux has released 1disk1.0 final with major bugfixes. "Changes: This release actually works now, and includes various new features and bugfixes."
Astaro Security Linux
Astaro Security Linux has released v3.215 with major security fixes, quickly followed by 3.216 with additional bugfixes. "Changes: This Up2Date fixes security issues in the DHCP server, DHCP client, and HTTP Proxy. Some small improvements and changes are included too."
Aurora SPARC Linux Project
The Aurora SPARC Linux Project announced Build 1.0 (Ansel). This is the first "STABLE" build of Aurora.GNU-Darwin revs!
The GNU-Darwin project is in stable production status, and some key web pages have been updated..KNOPPIX
KNOPPIX has released v3.1-2003-01-20 with major bugfixes. "Changes: This version includes lots of updates and bugfixes, including fixes for the checkroot.sh script (it now adds the correct / entry after a HD install), better support in isdn-config for non-hisax ISDN cards, and more KDE menu reordering."
Lycoris Desktop/LX
Lycoris and Transgaming Technologies unveiled the GamePak gaming suite for Desktop/LX. The GamePak gaming suite includes 5 games, plus access to WineX, TransGaming's cross platform gaming software that gives users the ability to play over 150 Windows games on Desktop/LX.NSA Security Enhanced Linux
NSA Security Enhanced Linux has released v2003011510 with major feature enhancements. "Changes: The base 2.5 kernel version has been updated to 2.5.58. The base 2.4 kernel version remains at 2.4.20, but the LSM patch and the SELinux module for 2.4 have changed since the last release. New contributed policy analysis and policy management tools have been added to the provided tools and utilities. Hooks for xattr operations were added to 2.4. Inode security initialization has been reworked using the d_instantiate hook. The nfsd private file bug in 2.4 has been fixed and the task_kill bug in 2.5 has been fixed."
OpenPKG 1.2 released
Version 1.2 of the OpenPKG "cross-platform software packaging facility" has been announced. This release contains 361 packages wrapped up in a "roll your own distribution" packaging and build system.RxLinux
RxLinux has released v1.2.7 with minor feature enhancements. "Changes: The kernel was updated to 2.4.20. A PPTP connection dropping problem was fixed. The lvs patch was updated to 1.0.7. Support for PCMCIA network devices was added. Support for serial console was added. The missing libpam library was added. PPP dial-on-demand is now working."
Scyld Beowulf
AMD has announced that Scyld Computing Corporation is developing a 64-bit version of Scyld Beowulf, a clustering OS operating system, for systems based on the upcoming AMD Opteron processors.ttylinux
ttylinux has released v2.7 with minor feature enhancements. "Changes: This release updates dhcpcd, modutils, util-linux, and tinylogin to their latest versions and adds ipmasqadm."
xbox-linux
xbox-linux has released v11-01-2003 with major feature enhancements. "Changes: Ed's ISO 0.0.10 is available with support for v1.1 XBoxes. Note that the included bootloader is erroneous, so you have to download the postinstall images separately. Presentations and documents have been added."
Zool Linux
Zool Linux has released v3 which adds networking support.
Distribution reviews
Review of Mandrake Linux 9.1 Beta 2 (DistroWatch)
The second beta release of Mandrake Linux 9.1 is reviewed on DistroWatch. "So, is this beta 2 a significant improvement in relation to beta 1? My answer is yes, without any doubt. This beta 2 is still not for Linux beginners, it still has a few annoying bugs (but no show-stoppers) and quirks, and some essential packages are still missing (where is my kernel source?). But if MandrakeSoft can keep up with this rate of development, by beta 3 or 4 they could start concentrating on the eye-candy and their final 9.1 release would then be terrific."
Page editor: Rebecca Sobol
Development
Sweep 0.8.0 Audio Editor
One of the more popular audio file editors that is available for Linux and other Unix compatible platforms is Sweep. Sweep will work with a number of different audio file formats including WAV, AIFF, Ogg Vorbis, Speex, MP3 and others. Sweep supports the LADSPA plugin API, which allows a wide range of audio processors to be plugged in. Sweep works with both the OSS and ALSA sound drivers. Unlike many sound file editors, Sweep has a number of real-time audio effect capabilities, making it useful for live music DJ applications. Sweep also works well for more typical audio editor uses, such as the creation of CD audio tracks.Some of the major features of Sweep include:
- Unlimited undo/redo.
- Multithreaded background rendering and file import/export.
- Interactive Scrubbing.
- Support for multichannel files.
- Customizable keybindings.
- Support for French, Hungarian, Italian, German, Russian, and Polish languages.
- Support for the Speex speech codec.
- Cut, copy and paste insert.
- Support for discontinuous selections.
- Invert, double/halve, and shift left/right.
- Many wave visualization options.
- Numerous playback modes including reverse and looping.
- Tape loop recording.
Other features of Sweep include the ability to mix and speed-modify an unlimited number of samples and loops, and "piano style QWERTY playback", which allows the computer keyboard to be used to generate musical notes in real-time.
Version 0.8.0 of Sweep
has been released.
"This is the first milestone release for Sweep 1. Please test it
thoroughly for both general sample editing and live performance.
"
One interesting new features in version 0.8.0 is the inclusion of a new
monitoring system that allows people with two sound cards to listen to
a monitor track on one sound card while playing a main output on the other
sound card. This opens up a wide range of capabilities that are typically
performed by an audio mixing console. The release also features bug fixes
and an improvement to the Italian language support.
Sweep 0.8.0 may be downloaded here.
Sweep has been released with a GPL license.
System Applications
Audio Projects
JACK Software Releases
This week has been busy for JACK Audio Connection Kit software releases. The following new applications have come out: JACK Rack 1.1.2, JACK TimeMachine 0.0.1, k_jack v0.0.0.5 and Mammut v0.15, and JACK TimeMachine 0.0.2.Ogg Traffic
The January 19, 2003 edition of Ogg Traffic is out with the latest Ogg Vorbis audio compression software development news. Some of the topics covered include: Playing Ogg Vorbis with Windows Media Player, Replacing Real Audio with Low Bitrate Ogg Vorbis, User confirms Ogg Vorbis Support in DVD Player, and Speex RC1.
Database Software
MySQL Adds Subselects, Upgrades Performance and Security
MySQL Version 4.1 was announced at the LinuxWorld conference. "MySQL AB, developer of the world's most popular open source database, today announced a new version of the MySQL database that includes "subselects" and other enhancements designed to facilitate large-scale enterprise application development with MySQL."
Knoda 0.5.6 released
Version 0.5.6 of Knoda, a KDE frontend for Mysql, Postgresql and ODBC, has been released. New features include support for color forms and reports, syntax-highlighting in the queries-window, new command line tools for hk_classes, report can be opened depending on form values, tables and queries can be printed, and lots of bug fixes.
Electronics
Icarus Verilog Snapshot 20030116
Snapshot 20030116 of the Icarus Verilog electronic simulation language compiler has been released. Changes include: support for scaled system time, new PLI1.0 functionality, bug fixes, support for gcc 3.X, and more. See the release notes for more information.
Printing
LinuxPrinting.org news
The latest news on LinuxPrinting.org includes a new driver for the Epson EPL-5700L, EPL-5800L, and EPL-5900L printers, unidirectional printing support for the Lexmark Z12, support for the HP OfficeJet 520, 570, 580, 590, 610, 630, 700, 720, 725. 6110 printers, and text/URL/driver updates for the HP OfficeJet 500, 600, 625, 635, 710, D155 printers.LPRng-3.8.20 released
Version 3.8.20 of the LPRng printing system is available. Change information is in the source code.
Telecom
Introduction to the Parlay architecture (IBM developerWorks)
Veronika Megler introduces the Parlay API on IBM's developerWorks. "For too long, application development for the telecommunications industry has been an arcane art, relying on proprietary protocols and interfaces. In this two-part series, Veronika Megler introduces the Parlay architecture, an open set of APIs that could change all that. You'll learn how you can use the Parlay architecture to build telecommunications applications that will run on any telecom carrier's network with minimal human intervention. You'll also get an introduction to the tools and products you need to start writing the code that changes the way we'll use our telephones."
Web Site Development
Quixote 0.6 Beta available
A beta version of Quixote 0.6 is avilable. Quixote is a Python-based web application framework. Change information is in the source code.Free Online Version of Mason Book (use Perl)
According to Use Perl, an online version of "Embedding Perl in HTML with Mason" is available.Zope Members News
The most recent headlines on the Zope Members News include: Plone 1.0 Release Candidate 2 available, MySQL User Folder 0.9.0 released, ZWeatherApplet 1.51 (bugfix release), Silva Sample Content Types 0.1 released!, CMFCollector 0.20 beta 1 released, ASP404 1.0-beta2 Zope+IIS Connector, Nuxeo Collaborative Portal Server 2.2 beta1 released, and more.Zope Newbies
This week's Zope Newbies includes articles on Python's Design Goals, and Python success stories.
Web Services
Web services interoperability, Part 1 (IBM developerWorks)
André Tost demonstrates the use of web services on IBM's developerWorks. "In this article André Tost shows how a purchase order business process can be implemented across many different Web services environments. An example application defines different roles that play a part in the process of a purchase order, where each role can be played by a different vendor's implementation. André will describe what the application does, and how the individual parts of the application work together."
Desktop Applications
Audio Applications
Ecawave development stopped
Due to the wide variety of open-source audio editing packages that are now available, development of Ecawave has been stopped. Meanwhile, ecawave 0.6.0, has been released as the official last version.ecamegapedal 0.4.0 released
Version 0.4.0 of ecamegapedal, a real-time virtual guitar effects box, has been released. Changes include: "Sliders for parameter control and text inputs for lower and upper bounds have been added as well as support for LADSPA-1.1 and ecasound effect parameter hints. There has been some user interface improvements and a native JACK support has been added. Updated to use the new ecasound-2.2 libraries."
Desktop Environments
GNOME Summary for January 4 - 18, 2003
Here is the latest GNOME Summary. This week looks at the GNOME 2.2 Desktop Release Candidate 1 and much more.FootNotes
Headlines on the GNOME desktop FootNotes site include: High quality fonts donated to Free Software, Gnome Desktop SubDistro, MrProject 0.8 released, DiaSCE v1.3 released, GNU/Linux Media Player Round-up, Firestarter 0.9.1 released, Gtk# 0.7 released!, Mono 0.19 released, GTK2 Sodipodi soon to be released, New GNOME themes module, Screenshot of Lumiere working, and more.KDE-CVS-Digest
The January 17, 2003 edition of the KDE-CVS-Digest is out. The digest summary says: "VFolder support in KDE, more Apple updates in Konqueror, and security fixes. Also in this issue: commits to Kaplan are flowing in, the KMail merges from the different branches are finally coming together and much more."
Interoperability
Wine release 20030115
Release 20030115 of wine has been announced. The list of changes include: Much better header files compatibility in Winelib, A ton of Direct3D work, Many improvements in sound support, New wineboot tool to simulate a Windows reboot, and Lots of bug fixes.Kernel Cousin Wine
Issue #153 of Kernel Cousin Wine is out. Topics include: News: Wine-20030115; TransGaming Update; CodeWeavers Partnership, IWebBrowser Status / More Ideas, No C++ in Wine, Wineboot Progress, D3D Status Page, Accessing X11 Calls, and NTFS Filesystem Type.New release of ntfsprogs
A new version of ntfsprogs (formerly linux-ntfs) has been released. ntfsprogs allows linux to work with ntfs volumes. "The new release includes (for the first time) ntfsresize, ntfsundelete, ntfsinfo and also mkntfs and ntfslabel."
Office Applications
OpenOffice 1.0.2 available
Version 1.0.2 of OpenOffice is available. "It is a "micro" release and does not include new features. Rather it incorporates many bug fixes. Reports indicate that it is faster and more robust."
Open Office Japanese Language Project
OpenOffice.org has announced the creation of a new Japanese Language project for the OpenOffice office suite, led by Nakata Maho.GnuCash 1.7.8 available
Version 1.7.8 of GnuCash is out. New features include Scheduled Transactions, a Mortgage & Loan Repayment Druid, Small Business Accounting Features, OFX Import, HBCI Support, Multi-Currency Transaction Handling, new documentation, and improved menus.
Web Browsers
mozillaZine
The latest mozillaZine topics include: New Favorites Plug-in for K-Meleon, Chimera Not Dead Either, Trunk Freezes for 1.3 Beta Tonight, Reports of Phoenix's Death Greatly Exaggerated, Improved about:config Page, Rolling Out Mozilla Across an Organization, Automatic Image Resizing Checked In, and European Mozilla Developers Meeting 2003.Lynx 2.8.5dev.13 released
Version 2.8.5dev.13 of Lynx, a text-based web browser, is available for download. Tons of bug fixes and performance improvements have been added, see the documentation that comes with the source code for details.
Languages and Tools
Caml
Caml Weekly News
The Caml Weekly News for January 14 - 21, 2003 is out. Topics include Introduzione alla programmazione funzionale, ChartPak - a data visualization library for the web, and Coyote Gulch test in Caml.The Caml Light / OCaml Hump
This week, the new software on The Caml Light / OCaml Hump includes the HOL Light theorem prover, ChartPak for dynamically generating business graphics on the web, and Introduzione alla programmazione funzionale, an introduction to functional programming.
Java
Introduction to Thin Client Framework (IBM developerWorks)
Peter C. Bahrs and Barry A. Feigenbaum introduce the Java Thin Client Framework on IBM's developerWorks, the series is available as Part 1 and Part 2. "Thin Client Framework (TCF) is a lightweight, flexible, and powerful programming framework for Java client applications. In this two-part series, you will learn about TCF from two of its originators. Follow along as Drs. Barry Feigenbaum and Peter Bahrs use detailed discussion, a working example, and live code samples to introduce you to the TCF architecture, design, and implementation."
Using JMeter (O'Reilly)
Budi Kurniawan shows how to work with JMeter on O'Reilly. "JMeter is a Java-based tool for load testing client-server applications. Stefano Mazzocchi originally wrote it to test the performance of Apache JServ (the predecessor of Jakarta Tomcat). It has since become a subproject of Jakarta."
Introduction to Text Indexing with Apache Jakarta Lucene (O'Reilly)
Otis Gospodnetic explains Lucerne on O'Reilly. "Lucene is a Java library that adds text indexing and searching capabilities to an application. It is not a complete application that one can just download, install, and run. It offers a simple, yet powerful core API. To start using it, one needs to know only a few Lucene classes and methods."
Java Swing: Menus and Toolbars, Part 1 (O'Reilly)
O'Reilly has published an excerpt on Java Swing menus from "Java Swing, 2nd Edition". "This chapter discusses Swing menus and toolbars. Menus are the richer and more flexible of the two, so they encompass most of the chapter. They tend to be the first thing users explore in learning a new application, so it's fitting that Swing provides a great deal of freedom in laying out menu components."
Lisp
OpenMCL 0.13.3 released
Version 0.13.3 of OpenMCL, an open-source Common Lisp implementation, is available. "This version provides options for controlling the generation and retention of additional debugging and documentation information, exports symbols related to Grays Streams from a new package, improves ANSI compliance and fixes several bugs."
Lisp Announcements
Beta versions of three Lisp applications have been released. Araneida 0.69, CLiki 0.3.9 and db-sockets 0.58.
Perl
The Perl Review
Volume 0, Issue 7 of The Perl Review is out. Articles include: Jotto: The Five-Letter Word Game, Processing RSS Files with XSLT, Separating code, presentation, and configuration, and Paying Homage to Perl (PHP).What's new in Perl 5.8.0 (O'Reilly)
Artur Bergman explores new features in Perl 5.8.0 on O'Reilly. "It's been nearly six months since the release of Perl 5.8.0, but many people still haven't upgraded to it. We'll take a look at some of the new features it provides and describe why you should investigate them yourself."
This Week on perl5-porters (use Perl)
The January 13-19, 2003 edition of This Week on perl5-porters is out. "Another week, and its load of patches. A major evolution of the UTF8 implementation, some experimental surgery on the debugger, weak hashes, strong pack templates, Win32 modules and quite a number of new ideas are summarized in this week's summary."
This week on Perl 6 (O'Reilly)
The January 12, 2003 edition of This week on Perl 6 is out. Topics include: More Thoughts on DOD, The Perl 6 Parser, LXR - Source code indexing, Thoughts on Infant Mortality, Objects, Finally (try 1), The Benchmarking Problem, Meanwhile, in perl6-language, Array Questions, L2R/R2L Syntax, "Disappearing" code, Who's Who in Perl 6:Steve Fink, and more.
PHP
PHP Weekly Summary
Topics on this week's PHP Weekly Summary include: Dual PHP installations, GD 2.0.11 compatibility, Using PHP with Make, Spring International PHP Conference, SNMP additions, and PEAR is release quality.
Python
Python-dev Summary
The Python-dev Summary for January 1 to 15 is out; it looks at the Minimal Python project, extensions to divmod(), cross compiling, and several other topics.Dr. Dobb's Python-URL! for January 20, 2003
The Dr. Dobb's Python-URL for January 20, 2003 is out, with news and links, for the Python community.The Daily Python-URL
This week's Daily Python-URL article topics include: Jason Orendorff on path 1.0, A conversation with Guido van Rossum, part II: Python's design goals, Andrew Dalke on EUtils, Mark Paschal on PyFunk, Python success stories, Py 1.3, the Minimal Python project, Prototype Python package registry based on PEP 301, and more.
Ruby
The Ruby Weekly News
Topics on this week's Ruby Weekly News include: sorting with the Swartzian transform, Yet Another Test First Example ... in Ruby, ruby-dev summary 19198-19345, Unit Testing in dynamic environments, Automating Perl -> Ruby translation?, Using the Ruby DBI Module, and ruby-dev summary 19346-19379.New Ruby software includes: ruby-sumo-2003.01.08 and MacOSX package, FoxTails 0.1 for FXRuby, saprfc - Ruby extension for RFC calls to an SAP R/3 System, Ruby SunOS Packages, FXRuby API Documentation - Preview, dbi-dbrc 0.2.0, SOAP4R/1.4.8 with WSDL4R/0.0.2, Ruby/Google 0.5.0, and YAML.rb 0.49.2 -- YPath.
Tcl/Tk
This week's Tcl-URL
Dr. Dobb's Tcl-URL for January 22 is available with the latest from the Tcl/Tk development community.
XML
Creative Comments: On the Uses and Abuses of Markup (O'Reilly)
Kendall Grant Clark comments on some unusual practices being used with RDF. "The issue I want to raise here is the increasingly widespread practice of embedding information -- mainly using, but not limited to, RDF -- intended for machine consumption in a format, HTML comments, which is intended for human consumption. When I realized people were embedding RDF in HTML comments, claiming that the resulting document is part of the Semantic Web, I was confused."
Miscellaneous
Jext ProjectMaster 1.3
Version 1.3 of ProjectMaster, a plugin for the Jext programmer's editor, has been released. "ProjectMaster, the successor of CodeMaster, is a fully featured project manager for Java. You can either use it as separate frame or dock it in Jext interface. This plugin allows to compile projects very easily. It also supports ANT compiling tool."
Page editor: Forrest Cook
Linux in the news
Recommended Reading
Risky business: Keeping security a secret (ZDNet)
ZDNet is running a column by Whitfield Diffie on open source and security. "As for the notion that open source's usefulness to opponents outweighs the advantages to users, that argument flies in the face of one of the most important principles in security: A secret that cannot be readily changed should be regarded as a vulnerability."
Gartner: Customers Shouldn't Worry as MandrakeSoft Seeks Creditor Protection
Here's a Gartner Group pronouncement on MandrakeSoft's bankruptcy filing. "However, MandrakeSoft customers should not worry as the high portability of Linux distributions should make it easy to transition to a new supplier. Nevertheless, MandrakeSoft's woes underline the challenge of selecting Linux distributors in a consolidating market. To reduce their risk, enterprises should use distributions and features that align with the Linux Standards Base, one industry effort at coalescing around standard application programming interfaces." Gartner is figuring out that the relative vendor independence provided by Linux is a good thing.
Trade Shows and Conferences
LinuxWorld articles
Here are a few of the LinuxWorld inspired articles we have seen today.- It's a
LinuxWorld, after all (News.com) "
Linux advocates will convene at a trade show in New York this week to promote their wares, tout customers, swap business cards and make their case that the operating system is growing up.
" - Open-Source
Crowd Hits New York For LinuxWorld (TechWeb) "
When lovers of Linux take to the Javits Center next week in New York for LinuxWorld, scores of companies will be touting their newest hardware and software products, pitching them to crowds dissatisfied with Windows and enamored of open-source ideals.
" - MS
bids to intercept Unix defectors at LinuxWorld (The Register)
"
Redmond, Washington-based Microsoft will deploy 15 staff at the New York-based event in an attempt to spread the Windows mantra. The company will demonstrate four products and its gotdotnet.com online service for developers.
"
Dust-up hits desktop Linux confab (News.com)
News.com reports on the troubles with the Desktop Linux Summit. "An HP representative confirmed Friday that the company had withdrawn from the conference. Sun Microsystems, another big-name exhibitor, appeared on an earlier exhibitor list, but its name isn't on the current lineup. A Sun representative couldn't immediately confirm that it had withdrawn."
Companies
Commentary: IBM's open-source stance (News.com)
News.com is carrying a Forrester Research pronouncement on IBM's open source strategy. "IBM has earned the trust of the open source community. As vendors like HP and Sun step up their involvement, the risk that hypercompetitive IBMers will overstep the community boundaries increases. IBM can't let that happen. It must maintain the trust by keeping its agenda in its proper, democratic place."
Desktop Dreams in the Wake of MandrakeSoft's Bankruptcy (OfB.biz)
Open for Business has this take on MandrakeSoft's bankruptcy announcement. "Other great GNU/Linux companies have come and gone, and each time the Linux desktop "dies." Somehow, mysteriously enough -- and if anyone can explain this to me, please do -- this dead desktop seems to be able to keep dying and dying and dying. It's almost like the Energizer Bunny, or if it isn't, the critics most certainly are."
Linux Adoption
Linux Makes Mainstream Moves (TechWeb)
TechWeb says 2003 will be the year that Linux becomes a mainstream operating system used for mission-critical business processes, thanks to strong vendor support and the growing availability of apps ported to Linux. "Linux already is mainstream at Cendant Corp. The real-estate, travel-services, and hospitality holding company has 7,000 hotels, and there's nothing more mission critical than efficiently managing check-ins, departures, payments, and reservations. About 60% of the hotels use a property-management system from Hotel Software Systems Ltd. that runs on a Linux distribution from SCO Group, even though Cendant offers Windows-based property-management software."
Could Linux dethrone the software king? (Financial Times)
The Finanical Times has a lengthy article on the business of Linux. "While HP leads in the Linux business, claiming the free software drove sales of computer systems worth $2bn last year, IBM is probably the best-placed to benefit from this trend - hence its enthusiastic embrace of Linux. With the world's biggest IT services arm and a software business based on middleware - programs that sit between an operating system and the different software applications - Big Blue has ample incentive to reshape the corporate computing business in its own image." (Thanks to Richard Jones).
WSIS delegates fail to agree on open-source 'support' (InfoWorld)
InfoWorld covers U.S. opposition to a declaration for open source. "A three-day meeting that brought together Asian governments, organizations, companies and non-governmental organizations (NGOs) ended Wednesday morning with the approval of a declaration that, among other things, calls for encouraging the development of open-source software. A draft of the declaration had called for open source to be "supported" but was changed after objections from the U.S. government delegation late Tuesday night." Thanks to Magnus Lycka
Legal
A Double Chance for DMCA Reform (Linux Journal)
Linux Journal looks at two DMCA reform bills to be considered by the US Congress. "Again this Congress, we'll have two similar DMCA reform bills. Why two? Representative Zoe Lofgren (D-CA) is planning to reintroduce the Digital Choice and Freedom Act of 2002, a bill that would reform the controversial anticircumvention provisions of the Digital Millennium Copyright Act (DMCA). The bill would allow users to bypass copy restriction systems for fair use purposes, much like the Digital Media Consumers' Rights Act, cosponsored by Rep. Rick Boucher (D-VA), John Doolittle (R-CA), Spencer Bachus (R-AL) and Patrick Kennedy (D-RI), proposes."
Jon Johansen faces appeal
The word is out; Norwegian prosecutors will appeal the recent acquittal of Jon Johansen on DVD piracy charges. Covered in articles from CNN, Wired, and The Register.SCO casts wider net for infringers (News.com)
News.com has some more information on SCO's possible intellectual property moves against other vendors. "One particular area of concern is with companies that signed agreements to see proprietary SCO source code and whose programmers now are working on different projects that could use that proprietary code..." Access to proprietary code will always present a trap for free software developers, who could find themselves "contaminated" and subject to legal action if they contribute to free projects.
Piracy: ISPs must pay up (Reuters)
Reuters covers a change in strategy in the RIAA's fight against online music piracy: "The music industry is in a tailspin with global sales of CDs expected to fall six percent in 2003, its fourth consecutive annual decline. A major culprit, industry watchers say, is online piracy. Now, the industry wants to hit the problem at its source - internet service providers. "We will hold ISPs more accountable," said Hillary Rosen, chairman and CEO the Recording Industry Association of America (RIAA), in her keynote speech at the Midem music conference on the French Riviera."
Interviews
Bruce Perens and Eben Moglen on NPR
On Friday January 17, 2003 Bruce Perens will be interviewed on National Public Radio's "Talk of the Nation: Science Friday". The subject will be the philosophy and business of Open Source software. The interview will take place between 2:20 P.M. and 3:00 EST, that's 11:20 to 12:00 PST. Find your local NPR radio station here. For general information on the program, see http://www.sciencefriday.com/ .Eben Moglen, general counsel for the Free Software Foundation, will appear in an interview on PBS' NOW with Bill Moyers, Friday 17 January. The show will discuss the impact of Wednesday's ruling in the Eldred case and its implications for the way copyright legislation will impact us in the future. More information is available at http://www.pbs.org/now/politics/comingup.html.
Interview with Shamyl Zakariya (tinyminds)
Tinyminds.org has an interview with Shamyl Zakariya, one of the SlicKer developers. "As the second victim in the TinyMinds interview series we have picked the SlicKer project as our target. SlicKer aims to someday replace Kicker in KDE (ed's note: Kicker is the taskbar at the bottom of the screen) with its own more taskoriented approach."
Jaakko Peltonen on Falcon's Eye (O'Reilly)
O'Reilly has an interview with Jaakko Peltonen, author of the game Falcon's Eye, a graphical version of NetHack. "We're proud to present an interview with Jaakko Peltonen, creator of Falcon's Eye, who discusses some of the technical and social challenges his project has faced."
FOSDEM Weekly Interviews
FOSDEM has published four new interviews with speakers giving talks at FOSDEM, February 8 - 9, 2003 in Brussels.These four interviews are related to the "Education Track":
- Bruno Coudoin, author of GCompris
- Hilaire Fernandes, author of DrGenius
- Raphael Hertzog, author of Debian-Edu
- And a common interview
Microsoft's changing tune on Linux (News.com)
News.com talks with Microsoft's Peter Houston about Linux. "I still believe Linux is an extension of the Unix paradigm. It's a command-line-focused approach that's not particularly designed to be user friendly. The Windows approach is very different. I will say that the adoption of Linux is likely to be bounded by how many companies are happy with Unix."
Resources
LinuxDevices.com Newsletter
The LinuxDevices.com Newsletter for January 16, 2003 is out. Get caught up on all the embedded Linux news for the past week.Improving Linux kernel performance and scalability (IBM developerWorks)
IBM developerWorks discusses the performance of the Linux kernel. "The first step in improving Linux performance is quantifying it, but how exactly do you quantify performance for Linux or for comparable systems? In this article, members of the IBM Linux Technology Center share their expertise as they describe how they ran several benchmark tests on the Linux 2.4 and 2.5 kernels late last year. The benchmarks provide coverage for a diverse set of workloads, including Web serving, database, and file serving. In addition, we show the various components of the kernel (disk I/O subsystem, for example) that are stressed by each benchmark."
Reviews
IBM Introducing Linux Mainframe In A Box, Other Linux Tools (TechWeb)
Here's a TechWeb article about IBM's newest Linux tools. "IBM plans on Monday to introduce new Linux tools for devices from the handheld to the mainframe, including a pre-configured and tested Linux on mainframe installation, and Lotus Notes client software for Linux."
GNU/Linux Media Player Roundup (LinuxOrbit)
Linux Orbit compares several Linux friendly media players including Sinek, Totem, XINE_UI, Xmovie, and others.Review of Quanta+ and Quanta Gold (NewsForge)
NewsForge reviews Quanta+ and Quanta Gold. The review involves: "A side-by-side comparison of (free GPL) Quanta+ and (commercial) Quanta Gold, two popular HTML editors from theKompany."
SuSE throws desktop Linux at Windows (vnunet)
Vnunet takes a look at SuSE's new business desktop offering. "Dan Homolka, technical sales manager at SuSE, claimed that the vendor's Linux environment actually runs Microsoft Office faster than Windows "mainly because Linux is much better at context-switching"."
Miscellaneous
EFF Pioneer Awards Call for Nominations (Linux Journal)
Linux Journal covers the Electronic Frontier Foundation Pioneer Awards. Nominations are open to both individuals and organizations from any country. The deadline for nominations for the 12th Annual International EFF Pioneer Awards is February 1, 2003. "All nominations are reviewed by a panel of judges chosen for their knowledge of the technical, legal and social issues associated with information technology."
Spamtrap Race (Linux Journal)
Linux Journal is putting on a spamtrap race. Ladies and gentlemen, rev up those disposable email addresses. "Thought you'd never want to seek out spam intentionally? Think again! Are you sitting around with some extra time on your hands? Excellent. We've got the perfect meaningless task for you. If you're lucky, you could even win a prize ("Oooooh", the crowd roars.)"
World's first robot brain surgeon developed (smh.com.au)
Smh.com.au has an article about a linux-based robotic system that is being used for brain surgery. "A six-legged robot has been developed by Singapore experts and programmed to drill through the skull during surgery to remove deep-seated brain tumours in sharply reduced operating time."
Page editor: Forrest Cook
Announcements
Commercial announcements
GNOME Foundation and Bitstream Inc. to bring fonts to free software
The GNOME Foundation and Bitstream Inc have announced an agreement that will bring high quality fonts to the free software world. "'The donation of these fonts to the free software community is the final piece that will give full functionality to projects like Freetype, XFT2 and X Render extensions in the Xfree86 project, Pango, KDE and Trolltech's QT Rendering,' said Jim Gettys, GNOME Foundation board member."
APC announces recall on popular UPS models due to fire hazard
APC has announced a recall on 2.1 million of its BackUPS units worldwide due to a danger of fire. Details at http://www.apcc.com/rely/index.cfmThese are low-end units for both home and office, so it might be a good idea to check under your desk and in your server room!
Codehost and Easy Software Announce License Agreement
Codehost and Easy Software Products have announced that they will be integrating CUPS source code into a commercial product. "Software developers Codehost, Inc. and Easy Software Products announced today that the two companies have entered into a licensing agreement that will allow Codehost to utilize aspects of the Common UNIX Printing System (CUPS) source code. The CUPS source code will be used within BrightQ®, Codehost's popular turnkey printing suite for corporate UNIX and Linux users of multi-function devices and high-end printers."
Announcements from UnitedLinux
UnitedLinux has made a few announcements at LinuxWorld:- HP has joined as a UnitedLinux
"technology partner." Among other things, HP will have a seat on the
UnitedLinux technical advisory board, and will engage in "joint
marketing activities."
- UnitedLinux has announced a deal with
the Linux Professional Institute to create a UnitedLinux certification
program. It will be based on the standard LPI certification with an
additional test which is specific to the UnitedLinux distribution.
- There is also a new software developers program which seems to consist mostly of a mailing list and access to some IBM demoware.
UnitedLinux to Deliver Enhanced Linux Platform for Telecommunications Carriers
UnitedLinux announced plans to integrate the full OSDL Carrier Grade Linux (CGL) 1.1 feature set for UnitedLinux 1.0. The CGL features will be available as a Service Pack in the first quarter of 2003."Understanding the Linux Kernel, Second Edition" Released by O'Reilly
O'Reilly has released the second edition of "Understanding the Linux Kernel" by Daniel P. Bovet and Marco Cesati. The new edition of "Understanding the Linux Kernel" has been updated to cover version 2.4 of the kernel."Programming Web Services with Perl" Released by O'Reilly
O'Reilly has published the book "Programming Web Services with Perl".Qlusters, Inc. Introduces ClusterFrame(tm) for Enterprise Computing
Qlusters has announced the release of ClusterFrame(tm). Qlusters' ClusterFrame product brings mainframe features and capabilities to business applications and traditional compute-intensive environments. There are two new product configurations. ClusterFrame/VM(tm) is a virtual mainframe hosting any IA-32 Operating System. ClusterFrame/SSI(tm) is a true Single-System-Image Linux Cluster platform.PeerDirect announces technology for 100% Linux-distributed database apps
PeerDirect Corporation announced that its flagship product suite, PeerDirectT Distributed Enterprise, now provides native support for Linux.Wing IDE 1.1.8 announced
Archaeopteryx Software has released version 1.1.8 of their Wing IDE for Python.
Upcoming Events
LinuxWorld press releases
Each LinuxWorld brings with it a flood of press releases from participating companies. Here is a small sample of the many press releases we've seen today.- MySQL Adds Subselects, Upgrades Performance and Security
- Mellanox Partners with IBM to Power Enterprise Applications on InfiniBand IT Environment at LinuxWorld
- Ximian to Present Software Enabling Enterprise Linux Deployment and Management at LinuxWorld
- SCO Announces SCOoffice Server for Linux
- Dot Hill Displays New Linux Storage Solutions at LinuxWorld NYC
- SteelEye Announces Availability of SteelEye LifeKeeper for mySAP.com on Linux
- Red Hat to Keynote at LinuxWorld Event With Morgan Stanley
- SGI to Define Future of High-Performance Linux Computing at LinuxWorld Conference & Expo
- Technology Showcase: Linux Servers from NEC Solutions Showcased by Producers of LinuxWorld Expo
- CA Extends Leadership in Enterprise Linux Market With New Releases for Apache, Mysql and Websphere
- Progeny Announces Key Enhancements to the Linux Programmer's Toolkit -PTK- with HP
Wednesday LinuxWorld press release roundup
Here's a selection from the dozens of LinuxWorld press releases which have found their way to our inbox:- Dell has announced
a new set of high-density supercomputer cluster offerings.
- Egenera has
sold a number of its BladeFrame systems to JPMorgan Chase.
- HP has announced
a new set of big customers and various new offerings; the company
claims to have done $2 billion in Linux business in 2002.
- IBM's big
announcement is the availability of the Lotus iNotes client for
Linux. "
In addition, IBM announced enhancements to its Linux hardware and software offerings for Linux, including a new reference platform that makes it easier to create Linux-based smartphones and personal digital assistants (PDAs); Tivoli(R) systems management software for Linux; integrated software and services for its mainframe Linux support; as well as performance improvements for Intel(R) processor-based Linux servers running Linux.
" A separate announcement talks about new customers, including the PGA Golf Tour. - Linuxcare has announced
the general availability of its Levanta server consolidation software.
- LTrix Engineering is pitching
its kernel debugger (with the appealing name of "lice"); $2000/seat.
- RealNetworks has released
the code for its Helix DNA server. This pretty much completes the
set of code releases that RealNetworks promised to the community.
- Red Hat seemingly has no new products to announce at this time; instead,
the company has put
out a press release on what a good year 2002 was.
- SGI has announced
several new customers for its "Altix 3000" Linux-based
supercomputers. SGI has also announced
an expansion of its Linux developer program.
- Sun announces
the Sun ONE software stack for Linux (several new products), an
expansion of support for the Grid Engine project, the forthcoming
availability of "Mad Hatter" (Sun's Linux desktop), and a few other
things. There is also a
separate PR for the Grid Engine "portlet" code contribution.
- Sun and Ximian have announced the availability of the "Sun ONE Connector for Ximian Evolution."
Linux.conf.au 2003 draws record numbers
Registrations for the Australian national Linux conference, Linux.Conf.Au 2003, have closed online in a mad rush as punters secured their seats at this technically focused event. While the main conference is kicking off on Wednesday, January 22, 2003, numerous mini-conferences being held prior to the conference are already well under way.Linux Summit 2003, Finland
The Linux Summit will be held in Espoo, Finland on Febrary 27 and 28, 2003. "A two-day conference in Finland aims to convince IT managers of the commercial advantages of using GNU/Linux and Open Source, by presenting real-life examples."
OMG Days Europe 2003
OMG Days Europe 2003 will be held across Europe from February 18 to June 11, 2003. "An OMG Information Day is a one-day conference and exhibition with focus on Enterprise Integration."
Desktop Linux Summit Almost Sold Out
Lindows.com, Inc. has announced that the Desktop Linux Summit, to be held on February 20 - 21, 2003 in San Diego, is nearly sold out. Early registration ends January 17, 2003.Disagreement over the Desktop Linux Summit
DesktopLinux.com has posted an article on its withdrawal from the Desktop Linux Summit, which, they believe, has become dominated by a single vendor. "Then, last week, Lindows.com suddenly and unilaterally directed DesktopLinux.com to substitute a new agenda for the old one -- one that had not been discussed or reviewed with the Advisory Board. The agenda was a completely new one, with major changes such as substitution of Lindows.com CEO Michael Robertson for Open Source advocate Bruce Perens in the conference welcome keynote slot." (Thanks to Timothy R. Butler).
YAPC::NA::2003 CFP Announced (use Perl)
Use Perl has an announcement for YAPC::NA, to be held in Boca Raton, Florida on June 16-18, 2003. A CFP has been issued for the conference.OpenOffice.org Conference CFP
The first OpenOffice.org Conference will be held on March 20 and 21, 2003 in Hamburg, Germany. A CFP has been announced for the conference.Events: January 23 - March 20, 2003
| Date | Event | Location |
|---|---|---|
| January 23 - 25, 2003 | Linux.conf.au 2003 | Perth, Australia |
| January 23 - 24, 2003 | LinuxWorld Conference & Expo | (Jacob K. Javits Center)New York, NY |
| January 27 - 31, 2003 | SAINT-2003 | Orlando, Florida, USA |
| February 3 - 6, 2003 | O'Reilly Bioinformatics Technology Conference | (Westin Horton Plaza.)San Diego, CA |
| February 4 - 6, 2003 | Linux Solutions 2003 | (CNIT)Paris, France |
| February 8 - 9, 2003 | Free and Open source Software Developers' European Meeting(FOSDEM) | Brussels, Belgium |
| February 10 - 14, 2003 | The fifth NordU/USENIX Conference(NordU2003) | (Aros Congress Center)Västerås, Sweden |
| February 20 - 21, 2003 | Desktop Linux Summit | (Vivendi Universal Building)San Diego, CA |
| February 22 - 24, 2003 | CodeCon 2.0 | (Club NV)San Francisco CA, USA |
| February 27 - 28, 2003 | Linux Summit 2003 | (Dipoli Conference Center)Espoo, Finland |
| March 17 - 19, 2003 | Open Source for National and Local eGovernment Programs in the U.S. and EU | (The Marvin Center Grand Ballroom, George Washington University)Washington, DC |
| March 20 - 21, 2003 | First OpenOffice.org Conference(OOoCon2003) | (University of Hamburg)Hamburg, Germany |
Web sites
Linux Music and Sound Software Updated
Dave Phillips has updated his Linux Music & Sound Software page, check out the Musings and New Additions sections.
Software announcements
Helix Community Updates #3
The Helix Community Newsletter #3 is available. This issue looks at the Helix DNA Server release on January 22; new mailing lists; the Helix Community is hiring; and more open source news from RealNetworks.This week's software announcements
Here are the software announcements, courtesy of Freshmeat.net. They are available in two formats:
- Sorted alphabetically,
- Sorted by license.
Miscellaneous
LinuxWorld Names Finalists for Open Source Product Excellence Awards
Finalists have been announced for the LinuxWorld Open Source Product Excellence awards. The winners will be announced next week at LinuxWorld.
Page editor: Forrest Cook
Letters to the editor
MaraDNS is another DNS offering
| From: | Sam Trenholme | |
| To: | letters@lwn.net | |
| Subject: | MaraDNS is another DNS offering | |
| Date: | Sun, 19 Jan 2003 07:29:57 -0600 (CST) |
I have been working on MaraDNS for nearly two years
now. A 1.0 release was released over six months ago,
and I am currently working on a 1.2 release. MaraDNS
is both an authoritative and recursive DNS server, is
written with security in mind, and the 1.0 release is
public domain; the 1.2 release will be released under
a simple BSD license.
Unlike PowerDNS, it has recursive DNS and is free.
Unlike Oak DNS, it is written in C which is both
high-performance and portable. In fact, MaraDNS is
twice as fast as BIND and three times as fast as
TinyDNS for fetching authoritative DNS records.
It would seem that I am not marketing MaraDNS well
enough, since your editors seem to be ignorant of its
existance.
More information is at http://www.maradns.org/
Please keep my email address private; I am getting
enough spam as it is.
- Sam
Lessig laughs after 52 hours reading a humorous interview with Mickey Mouse.
| From: | Tres Melton <class5@pacbell.net> | |
| To: | editor@lwn.net | |
| Subject: | Lessig laughs after 52 hours reading a humorous interview with Mickey Mouse. | |
| Date: | Sat, 18 Jan 2003 13:02:53 -0800 |
While reading Professor Lessig's blog I stumbled across this: Reason Online has interviewed Mickey Mouse and "Disney's cartoon rodent speaks out on the Eldred decision." Mickey's interview includes such jewels such as: "Q: How does it feel to have your sentence extended by two decades?" -- "A: How do you think it feels? For almost 70 years, I've only been allowed to do what the Disney people say I can do. ... " and "In 1971, for instance, Dan O'Neill got me a part in something called Air Pirates Funnies. It was great: I got to have sex, I got to use drugs, I got to explore the whole underground comix scene. It was liberating." Mickey goes on to discus Disney's lawyers enforcing the laws that Walt Disney broke when he started it all. Lest we not forget that Steamboat Willie -- Mickey's original name -- was a direct parody of Buster Keaton's Steamboat Bill, right down to the opening music, or The Brothers Grimm who originally authored such jewels as: Rapunzel, Hänsel und Gretel, Cinderella, Little Snow-white, and Rumpelstiltskin. (Not having children, I'm not sure if Disney plagiarized all of these or just some of them.) -- Tres Melton <class5@pacbell.net>
Page editor: Jonathan Corbet