LWN Weekly Edition
Leading itemsSecurity
Kernel development
Distributions
Development
Linux in the news
Announcements
Letters to the editor
->Multipage format
This page
Previous weekFollowing week
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
LWN.net Weekly Edition for January 30, 2003SCOsource and LinuxRumors have been circulating for a few weeks: SCO, it is said, has hired a fancy law firm and will be pursuing intellectual property claims against Linux users and distributors. The level of concern has dropped somewhat as the company has announced its short-term plans, which are relatively uncontroversial. The full picture remains cloudy at best, however; SCO's intellectual property push could yet present the Linux community with its first serious legal difficulties.For the moment, SCO's plans can be seen in this press release from LinuxWorld. A new division (called "SCOsource") has been created for the express purpose of expanding the licensing of the company's intellectual property, "including the core UNIX source code." For now, SCOsource only has one offering: the company's System V libraries for Linux. These libraries allow users to run SCO Unix applications under Linux; nobody has ever really confused them with free software. SCO's desire to realize some revenue from use of this proprietary product is not likely to upset that many people. SCO seemingly does not intend to stop there, however; the company clearly believes that Linux (and other systems) may contain code or techniques which infringe upon its intellectual property. We asked Chris Sontag, Vice President of SCO's Operating Systems division, about this investigation and the uncertainty it creates in the Linux community; he responded:
The only way that SCO will be able to reduce that uncertainty is to
research and investigate whether any of our intellectual property
currently resides within Linux, which is what the law firm of
Boies, Schiller and Flexner are currently doing. We are actively
taking steps to try and reduce that uncertainty and we hope to
announce the results of their findings in the coming months.
So SCO thinks that the possibility of its intellectual property "residing"
with Linux is enough, at least, to justify the hiring of an expensive law
What sort of SCO property might be found within Linux? One possible issue, of course, is software patents; it is essentially impossible to know which patents might be infringed by any given body of code. Any patents that SCO might have picked up with its ownership of Unix are likely to be expired by now, but the SCO could have other patents up its sleeve. The patent threat is not new, of course, and SCO is far from the only company which could conceivably create patent problems for Linux. The other possible source of trouble is SCO's ownership of the Unix System V code. That SCO takes a broad view of what it owns can be seen in the impressive "SCO Intellectual Property Pedigree" that it has posted; it is a complicated set of diagrams with lots of arrows showing how just about everything (including Linux, QNX, Mach, Minix, and more) derives from the initial Unix system. A tiny piece of this diagram appears on the right side of this page. Linux, one would think, should not have copyright problems with regard to SCO's Unix code; it was, after all, reimplemented from the beginning. That should be true, as long as nobody who has contributed to any Linux application has borrowed from the Unix code base. Given the number of people and vast amount of code involved, it would not be entirely surprising if a bit of borrowed code showed up somewhere. What will SCO do if it finds something? As might be expected, the company is not willing to say much:
If we found unlicensed use of our intellectual property in a
product like Linux, any action we would take would have to be based
on the scope, source and impact of the violation. We do not feel we
can rule out any particular response without impairing our
fiduciary responsibility to our stockholders to protect their
property. Certainly our first choice in helping to resolve this
issue would not to be heavy handed in our response.
In other words, anything could happen, though SCO would try to not upset too many people. But if SCO turns up something that, it thinks, could be turned into licensing revenue, the company is likely to pursue that path. SCO is not in the strongest financial position, currently, and could use a new revenue stream. Of course, most other Linux companies are not going to be a great source of cash for SCO at the moment. It might well be that SCO's real target - if there is a target in the end - could be somebody with deeper pockets. Apple or Sun, say. Sooner or later, Linux is going to face a big intellectual property challenge. If it doesn't come from SCO, somebody else is certain to pick up the slack. Even if Linux and the companies working with it emerge victorious, this sort of challenge can only serve to create uncertainty and doubt around Linux and free software in general. It will be interesting to see how it all plays out.
Two new PDA platforms[This article was contributed by LWN reader Joe 'Zonker' Brockmeier] The long-fabled explosion of Linux-based PDAs may finally be right around the corner.A number of Linux-based PDA solutions have been announced, but only one has made it (so far) into mainstream retailers. The Sharp Zaurus has been out for some time now, though it hasn't made much of a dent in the handheld market. According to a report by Dataquest Palm-based devices account for 30.6 percent of the market, while Microsoft Pocket PC licensees account take up 28.8 percent of the market. Linux-based PDAs don't have an appreciable share of the market yet. However, that might change now that AMD and IBM are getting in to the act. AMD (along with Metrowerks) and IBM both announced Linux-based PDA platforms this year at LinuxWorld Expo. The AMD OpenPDA platform is aimed at PDAs and smart phones. The OpenPDA will run on an AMD Alchemy Solutions Au1100 processor, available at speeds of 333MHz, 400MHz and 500MHz. The The Au1100 is a system-on-a-chip (SOC) processor, and it includes the LCD controller, 10/100 Ethernet, USB device and host controller functions and is MIPS32 compatible. On the software side, the OpenPDA includes an embedded Linux kernel, Trolltech's Qtopia interface, Insignia's Java Virtual Machine and the Opera Web browser. Qtopia is the same application environment used on Sharp's Zaurus handhelds. It includes the Hancomm Office suite, standard PIM and productivity applications like the to-do list, text editor and e-mail client. The Qtopia environment also includes a number of games like Asteroids, a media player, and an image viewer. The OpenPDA platform is scheduled to be released by Metrowerks by the end of the first quarter of this year. No devices based on the OpenPDA design have been announced yet. IBM rolled out a reference design at LinuxWorld Expo based on a PowerPC 405LP embedded processor and MontaVista's Linux Consumer Electronics Edition (CEE). The IBM device, called the "embedded Linux application platform" or e-LAP, has support for speech and handwriting recognition, and is slated to include IBM's Websphere Micro Environment. IBM's design also makes use of Trolltech's Qtopia application environment, and Opera's Web browser. The e-LAP design shown at LinuxWorld Expo included 32 MB of SDRAM with 32 MB of flash memory, as well as a 64 MB DiskOnChip device. The 405LP has a range of 152 MHz to 380 MHz. Users who want to get their hands on an IBM PDA running Linux will have to wait a bit, as volume production isn't expected to begin until the third quarter of this year. MontaVista's CEE is supposed to be available sometime in the first half of this year. Obviously, Linux has quite a way to go before it catches up to the Palm OS or the Microsoft PocketPC in market share. Right now, the Linux PDA seems to be for early-adopters and Linux enthusiasts only. However, interest from major players like AMD and IBM is sure to bolster Linux's chances in this market.
The new LWN text ad systemLWN text ads are the small advertisements that appear in the left column of most pages on the site. They are, we hope, relatively unobtrusive (no bouncing, flashing animations), but, since they tend to be relevant to our readers' interests, they have response rates that are as good as banner ads. Text ads are a small but important part of LWN's revenue stream.Late last week, we transitioned over to a new version of the text ad system. The new code features some amazing innovations, such as being integrated into the rest of the LWN site. It is no longer necessary to create a separate account to place and manage text ads, and text ad transactions can be viewed along with the rest on the "My Account" page. The new system also allows advertisers to make more changes to ads as they are running. (Certain other desired new features, such as the ability to restrict ad delivery to specific countries, have been deferred for now). What has not changed is the basic method by which text ads are sold. LWN uses a sort of auction system; each advertiser names his or her own price for each ad. At the beginning of each day, the available ad exposures are divided up between advertisements according to how much is being spent on each. The result is that we can accommodate small advertisers (the minimum is $5) while providing a large portion of the site to those who are willing to pay more. See the text ad section of the LWN.net FAQ for more information on how the text ad system works. You can also head over to this page to see which advertisements are currently running on the site. LWN text ads are a great way of supporting the site while simultaneously drawing attention to your company or some other cause that you support. They are, for example, ideal for drawing attention to a free software project that could use more users or developers. Please consider placing your ad today.
Security Brief items Cross-site tracing attacks[This article was contributed by LWN reader Tom Owen] Last week, this Extremetech article was the first press coverage of Whitehat Security's whitepaper on a new type of cross site scripting attack. Whitehat has called it "cross site tracing", or XST.Cross-site scripting (XSS) is a simple idea at heart: the attacker loads exploitative HTML, including a client-side script, into a web site, typically one which allows public submissions and which does not properly quote HTML tags. Any user of the site who reads the story loads the exploit into their browser. The script uses the client browser's rights to cause mischief -- typically to access information and send it to the attacker. Recent XSS vulnerability reports focus on exposing cookie contents -- perhaps including session and authentication details -- to the attacker. Browser domain restrictions are supposed to stop clients from sending cookie contents anywhere except back to the server that issued them, but it's hard to enforce this restriction if scripts are allowed to access those contents, and many browsers have faults which allow scripts to bypass domain restrictions. Enter cross-site tracing, which is a new variety of XSS attack. It uses the TRACE command, which is an obscure part of the HTTP 1.1 protocol. It substitutes for GET, except that instead of replying to the request the server echoes it -- the TRACE string and the subsequent headers -- back to the client with a content type of message/http. It's intended as a debugging aid. Most web servers implement TRACE as part of the standard, and, as it's never been implicated in security problems, most sites leave it enabled. In essence, Whitehat report that some browsers can be scripted to send TRACE requests and return the echoed headers to the script. The report lists Mozilla (using XMLDOM) and IE (using XMLHTTP) as vulnerable. HTTP headers seem like they would be innocous, but unfortunately they carry cookies and HTTP authorization strings to the server. With the aid of one of the available domain restriction breaches, these data can be taken from the trace and sent to the attacker. Whitehat was obviously pleased with this discovery. The press release uses words like "pandemic" and refers to "a serious security flaw affecting all web server[s] world wide." The whitepaper is more tempered, but it implies that the TRACE method has a defect which compromises every web server. Opinion on Bugtraq (discussions here and here) and Slashdot ranges from "hyped, sensationalised snakeoil" to "a terrible security hole." The critics point out that there's no fault in TRACE, and client domain restriction breaches already offer scripted ways ways to read cookies. On the whole they seem to have won the argument as there's been little press coverage and no rebuttal from Whitehat. There have been some more positive responses noting that script access to the Authorization: header containing the HTTP Basic authentication is new and disturbing, and that client problems are sometimes best fixed at the server. Nobody is claiming that TRACE is needed on a production server -- it's as vestigial as HELP in Sendmail SMTP. So, as it's certain that a server that can't do TRACE won't ever allow its clients to be subverted through it, removing it may be the way to go. The Apache Limit directive can't suppress TRACE, so Whitehat and Apacheweek both suggest using mod_rewrite to force a forbidden (403) error in Apache:
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^TRACE
RewriteRule .* - [F]
RewriteEngine On needs to be repeated in every <VirtualHost> block. Experiment suggests that there's more to it than this, (no, I can't make it work ...) but it has to be easier than iPlanet/Netscape, which requires a binary edit. Security consultants feel pressure to find and publicise security holes, and it's inevitable that some of them will be less serious than the spin suggests. The community's loud and direct quality control is necessary to keep the numbers within limits. However, even snake oil may have something to teach us, and at least one Apache admin will be spending a few hours this week figuring out just what secures the DELETE method.
A look at the MS-SQL wormRecommended reading: this posting by Karsten Self on the MS-SQL (aka "Sapphire" or "Slammer") worm and why Linux users shouldn't be overly smug about this episode. "This means that the infected hosts were on the order of 1% of all potential hosts. That is, Microsoft users were attaining a 99% patch and/or secure rate of systems publicly visible to the worm. This is a pretty good compliance rate. It was also wholly inadequate in preventing this attack."
New vulnerabilities dhcp3 - ignored counter boundary
MySQL - double free vulnerability
noffle - buffer overflows
Updated vulnerabilities Heap corruption vulnerability in at
BIND8: Multiple vulnerabilities
bind buffer overflow vulnerability in DNS resolver libraries
bugzilla - insecure permissions, spurious backup files
Canna server: exploitable buffer overrun
cups - multiple vulnerabilities
CVS - exploitable double-free bug in the CVS server
dhcp - Buffer Overflows in ISC DHCPD Minires Library
dvips: command execution vulnerability
Filename disclosure vulnerability in fam
fetchmail: buffer overflow
GNU fileutils race condition
fnord - buffer overrun
Potential remote root exploit in glibc
glibc: DNS stub resolvers contain buffer overflow vulnerability
IM: creates temporary files insecurely
IMP - SQL injection vulnerability
KDE - command parameter quoting problems
kdelibs: Vulnerabilities in KIO subsystem support
kernel: local denial of service vulnerability
libmcrypt: buffer overflows and memory exhaustion
libpng, libpng3: buffer overflow
lynx: CRLF injection vulnerability
perl-MailTools: remote command execution
micq: Denial of service
PHP Remote Compromise/DOS Vulnerability
mod_php - buffer overflow
Mozilla: Privacy leak and other vulnerabilities
MySQL: multiple vulnerabilities
net-snmp: denial of service vulnerability
OpenLDAP2: remote command execution
PHP: vulnerability in mail function
Buffer overflow vulnerabilities in PostgreSQL
printer-drivers - multiple vulnerabilities
Local arbitrary code execution vulnerability in Python
Multiple-use vulnerability in Safe.pm
susehelp - remote command execution
File overwrite vulnerability in tar and unzip
Multiple vendor telnetd vulnerability
Tomcat 4.x JSP source code exposure vulnerability
traceroute-nanog: buffer overflow and root exploit
typespeed: buffer overflow
vim - modeline vulnerability
webalizer: reverse DNS buffer overflow vulnerability
wget:directory traversal bug
wmaker: buffer overflow in Window Maker image handling code
Multiple vulnerabilities in wordtrans
Problems with libgtop_daemon
Wwwoffle remote privilege escalation vulnerability
xpdf: integer overflow
Page editor: Jonathan Corbet Kernel development Brief items Kernel release statusThe current development kernel is still 2.5.59. Linus remains away from his keyboard.The current stable kernel is 2.4.20; Marcelo released the fourth 2.4.21 prepatch on January 29. It includes some MTD driver fixes, a couple of netfilter bug fixes, the new IPMI driver, fixes for the ethernet information leakage vulnerability, an x86-64 update, and various other fixes and updates. The latest prepatch from Alan Cox is 2.4.21-pre3-ac5; it has a few new IDE changes and a small set of fixes.
Kernel development news Anticipatory I/O schedulingIf an operating system is to perform well, it must get top performance out of its disk drives. The best use of disks is generally obtained by recognizing a couple of basic facts of life:
Unfortunately, minimizing seeks and prioritizing reads can be somewhat contradictory goals. The way to keep seeks small and relatively rare is to maintain a sizeable backlog of requests; that way, nearby requests can be grouped and executed together. Getting the best performance on writes, in other words, requires delaying write operations for a period of time. If reads are to be handled quickly, however, they cannot be delayed and kept in the request queue in this way. It is even worse than that, actually. A process which is writing a file can have several outstanding write requests at any given time, since that process usually does not care when any particular request is completed. Processes issuing reads, on the other hand, usually generate them one at a time. The next read operation will not be requested until the previous one completes. So, even if delaying read operations were an acceptible thing to do, accumulating a backlog of close read operations is an unlikely proposition. The 2.4 kernel tends to mix reads in with the queue of write operations. Given the way things work (a read is not particularly likely to be close to an unrelated set of writes), reads tend to get put toward the end of the queue and executed slowly. That is one reason why 2.4 can be slow to respond when there is a lot of write activity going on. In the 2.5 kernel, reads are not allowed to languish long before they are pushed to the head of the queue and executed. This change can improve performance significantly, but it still does not solve the whole problem. As Andrew Morton put it in the 2.5.59-mm5 patch set:
So far so good, but these fixes are still dumb. Because we're
solving the dependent read problem by creating a seek storm. Every
time someone submits a read, we stop writing, seek over and service
the read, and then *immediately* seek back and start servicing
writes again.
But in the common case, the application which submitted a read is about to go and submit another one, closeby on-disk to the first. So whoops, we have to seek back to service that one as well. As a result, overall performance suffers, since the disk is spending too much time seeking. 2.5.59-mm5 contains a new "anticipatory I/O scheduler" by Nick Piggin which attempts to address this problem. The basic idea is simple: if the drive has just handled a read request, assume that there is another one coming behind it and simply wait for a little bit. In this case, the request queue is plugged, the I/O scheduler sets a timer, and no more requests are passed down to the drive for a millisecond or so. If a "close" request shows up during the wait time, it is serviced right away; the distance that the kernel considers "close" grows as time passes. Eventually the close requests will stop coming, or the kernel will decide that it's time to get around to some writes regardless; at that point normal request dispatching resumes. Andrew reports a big improvement in performance (nearly a factor of six) over 2.5.59 for a simple test he was running. The code, it is said, still needs "quite some work," but it's a good start. 2.6 looks on track to be the most responsive Linux kernel yet.
Fast reader/writer locksThe Linux kernel contains a number of primitives for controlling mutual exclusion. Semaphores and spinlocks (in several varieties) have been around for a while, and the read-copy-update mechanism was added in the 2.5 series. Yet another mechanism, called "fast reader/writer locks," has found its way into Andrew Morton's -mm patch set, and appears likely to be forwarded on to Linus soon for inclusion. So this seems like as good a time as any to look at how "frlocks" work.Frlocks, as implemented by Stephen Hemminger, are aimed at solving a couple of problems with the gettimeofday() system call. One is simple performance; gettimeofday() is not particularly slow, but some applications (including anything using the X Window System) call it frequently. It also turns out that the current implementation, which uses reader/writer spinlocks, is susceptible to a denial of service problem. Frequent calls to gettimeofday() can delay or lock out timer tick updates. The frlock patch works by not blocking readers or writers at all. Code wishing write access to the protected data structure is given that access immediately (at least, in the absence of other writers), so there is no way that time updates can be blocked or delayed. Readers, too, get immediate access to the data structure. The catch is that readers must be prepared to retry the access if collides with a writer for access to the data. The lock works by maintaining "pre" and "post" sequence numbers. A writer process does the following:
Readers do something like the following:
In other words, as long as the sequence numbers match, the reader knows that no writer changed the data while the reader was doing its thing. In practice, the reader side tends to be expressed in code like:
do {
seq = fr_read_begin(&some_lock);
/* Copy the data */
} while (seq != fr_read_end(&some_lock));
Frlocks, clearly, will not be suitable for lengthy calculations, or those which have immediate side effects. In cases where a small data structure is changed infrequently but read often, however, frlocks may be the key to improved performance. In the introduction to the latest set of frlock patches, Stephen claims an 18% improvement in the speed of gettimeofday() - and the elimination of the timer tick lockout problem.
The return of modversionsPerhaps the biggest bit of unfinished work with the new kernel module loader is the module versioning support. Module versioning is an attempt to make binary loadable modules work with multiple kernel versions. It works by attaching a checksum to each exported kernel symbol; the checksum is calculated from the prototype or declaration of the symbol. As long as the checksums in a module match those in the running kernel, it is assumed that the module can be safely loaded. Kernel hackers tend not to use module versioning, which explains why it took so long to get this feature fixed. Production kernels shipped by distributors need this feature, however; otherwise it is essentially impossible for vendors to support binary-only modules.Kai Germaschewski has posted a modversions implementation which works with recent 2.5 kernels. The underlying idea is essentially the same as that found in previous implementations, but the implementation is entirely different. The old scheme used the genksyms program to generate the checksums, and to create a bunch of include files (ending in .ver) which redefined the exported kernel names to include those checksums. The effect was to create a bunch of preprocessor definitions like:
#define printk printk_R1b7d4074 (The actual definitions were a little more complicated). Loadable modules would thus be built to call printk_R1b7d4074() instead of printk(). The names were stored in that form in the kernel symbol table, so the insmod program simply needed to look for a direct match. If the interface had changed, the names would not match, and the module would refuse to load. The new implementation does away with the include files. It does still use genksyms, but the output is reprocessed into a set of structure declarations. One structure (containing the symbol name and its checksum) is created for each symbol used by the module; the array of structures is then linked into the module in a special section. When a module is loaded into the kernel, the checksums are used to verify compatibility, and the special section can be discarded. Among other things, this approach makes it easier to force the loading of a module with mismatched symbols, should anybody be unwise enough to attempt such a thing.
Patches and updates Kernel trees
Core kernel code
Development tools
Device drivers
Documentation
Janitorial
Memory management
Security-related
Miscellaneous
Page editor: Jonathan Corbet Distributions News and Editorials Plans from Red HatSeveral articles were published this week looking at Red Hat's plans. The Register starts off with this article about the recently announced end-of-life schedule. (See Red Hat's errata policy announcement). We understand the need to set an end-of-life to products, but announcing a December 31, 2003 end-of-life for 8.0 seems a bit extreme. After all, 8.1 isn't even due out until April.Next, Linux Journal takes a look at Red Hat's plans for a corporate desktop. The idea here is to get people familiar with Red Hat desktop at work. Then in a year or two they'll be ready to trade in their Windows systems for a Red Hat desktop at home. This seems like a good strategy. If the corporate sales are good, Red Hat should gain some users this way. Finally, vnunet looks at Phoebe and a new Samba configuration tool included with Phoebe. Phoebe is, of course the beta version of 8.1. "Without the new tool, most system administrators would configure Samba by editing text files on each system running the Samba software. Many administrators prefer this method of configuration because it makes it straightforward to back up and redistribute server configurations simply by copying one text file. However, other administrators who are used to working with Windows may be put off by the text-based interface." As long as 'vi filename' still works....
Linux Comes to Unisys Servers (via SCO) (Register)The Register reports that the SCO Group plans to release SCO Linux for Unisys Corps ES7000 servers and ClearPath mainframes.
Advantages of OpenMosix on IBM xSeries (IBM developerWorks)IBM developerWorks has a three-part series on setting up an openMosix mini-cluster on IBM xSeries. Part 1 introduces current clustering technologies available for Linux and and an introduction to openMosix. Part 2 steps through the process of getting a fully-functional openMosix cluster configured and running. Finally, in Part 3, gives some examples of how you can use your new cluster.
Distribution News Debian GNU/LinuxThe Debian Weekly News for January 28th, 2003 is available. This week: Netcraft added Debian to the list of operating system vendors; the security team finally got everything together and was able to release a whole bunch of advisories for the version of KDE in woody; and more.The nomination period for this year's Debian Project Leader election began on January 24; nominations will be accepted through February 14, and voting will begin on March 21. Click here for the full announcement from the Project Secretary. Meet people from the Debian Project at Solutions Linux 2003 / Linux Expo France (February 4 - 6, 2003 in Paris), and the Free and Open Source Software Developers' Meeting (FOSDEM) (February 8 - 9, 2003 in Brussels).
Gentoo Weekly Newsletter -- Volume 2, Issue 4The Gentoo Weekly Newsletter for the week of January 27, 2003 is available. This week looks at Gentoo Linux at LinuxWorld, and much more.
Mandrake Linux - Updated msec packagesMandrake Linux fixes a bug in msec with Multi Network Firewall 8.2. This version has improperly enabled password aging in msec level 4.
Slackware LinuxThis week's Slackware changes include an upgrade to cups-1.1.18; new stuff in a/devs-2.3.1-i386-11.tgz; an upgrade to LPRng-3.8.20; bunches of new gnome stuff; an upgrade to proftpd-1.2.7; and much more.
Yellow Dog LinuxYellow Dog Linux has some bug fix advisories available for gaim and nautilus.
New Distributions Emergency CD 2Emergency CD 2 is a bootable CD-ROM with a console-only mini-distribution based on Red Hat 7.3. It uses Linux kernel 2.4.19-xfs(i586) and includes many console tools and utilities. The first public release is v2.01.
Minor distribution updates Astaro Security LinuxAstaro Security Linux has released v3.383 beta with major feature enhancements. The 3.390 beta release adds bug fixes. "Changes: This Up2Date adds a new WLAN feature. It also updates WebAdmin, MiddleWare, Selfmonitor, HTTP proxy, and some other software. New versions of the DHCP server and client are also included."
EvilEntity LinuxEvilEntity Linux has released vDR-0.2.5 with major feature enhancements. "Changes: The Application Suite has been expanded, and was made more focused on multimedia. Packages have been updated system wide. Install speed has been increased, as well as system performance."
Gibraltar FirewallGibraltar has released v0.99.6a with minor security fixes. "Changes: This release fixes the recently discovered security hole in the dhcp3 daemon. If you have enabled it, please update to this release."
OpenZaurusThe second release candidate for OpenZaurus 3.1 is currently available for testing.
PXES Linux Thin ClientPXES Linux Thin Client has released v0.5.1-25 with major feature enhancements. "Changes: This new release introduces some expected changes. Maybe the most important is the migration to kernel 2.4.20, although the previous kernel is included too. You can select the desired kernel in the proces of image building. Some interesting inclusions are a graphical boot screen and the selection of boot messages level, with no messages at all. Support for a read-only root filesystem was added so you can create a PXES CDROM if you want, and support for multiple kernel architecture was fully added."
SmoothWallSmoothWall has released v2.0 beta 4 with major feature enhancements. "Changes: This release includes major updates to the networking capabilities. Support for the U.S. Robotics SureConnect USB ADSL modem and modems based on the ECI chipset (such as the Fujitsu FDX310) was improved, and the new USB Home Highway ISDN connections from BT are now supported."
TopologiLinuxTopologiLinux has released v2.0.0 with major feature enhancements. "Changes: Both NTFS and FAT are now supported, as are all versions of Windows."
XandrosXandros announced the release of the Xandros Desktop Standard Edition 1.0. The Standard Edition is a less expensive version of the previously announced Deluxe Edition.
Distribution reviews Red Hat Slips off a Curve (OfB.biz)Timothy R. Butler continues the Penguin Shootout with a look at Red Hat 8.0. He is not entirely pleased with the results. "Another small issue is the Red Hat Network. Unlike MandrakeSoft or SuSE's update utilities, RHN keeps a profile of your system to decide what updates you need. Besides the fact that Red Hat ends up knowing a lot about your system (you can opt out of giving various information), this also means that Red Hat doesn't allow you to have multiple systems hooked up to RHN without additional fees. While I can certainly understand why, after all, it takes a lot of space to store all of that information, Red Hat could avoid both the problem and the cause by simply having the RHN utility decide on the client side what needs updates rather than on the server side."
Page editor: Rebecca Sobol Development KDE 3.1 has been releasedThe much-anticipated release of KDE 3.1 has been announced with much fanfare.
"KDE 3.1 is easily the best overall Open Source desktop ever released," added Andreas Pour, Chairman of the KDE League. "From enterprise support to eye candy to security, this release is a testament to the success of Internet collaboration."
A few of the changes in KDE 3.1 include:
The Changes between KDE 3.0.5 and KDE 3.1.0 document details the changes in the following sections: kdelibs, kdeaddons, kdeadmin, kdebase, kdebindings, kdeedu, kdegames, kdegraphics, kdemultimedia, kdenetwork, kdepim, kdesdk, kdetoys, kdeutils, and Quanta Plus.
System Applications Audio Projects Ogg TrafficThe January 27, 2003 edition of Ogg Traffic is out with the latest Ogg Vorbis audio compression news. Topics include: Using Signal Difference for Quality Evaluation?, Icecast.org's New Face, Vorbis 1.0 GT3, and Is that a Portable Vorbis Player on the Horizon?.
Education Linux in Education ReportIssue #88 of the Linux in Education Report is out. Topics include A report from the educationaLinux miniconf in Perth, Australia, lesson plans for math and science, Sun's efforts to get StarOffice into UK schools, a TCO study for Linux in schools, a Lindows.com educational license offer, open source in Africa, an opening for the DebianEdu leader, and much more.
Electronics Icarus Verilog Snapshot 20030126Snapshot 20030126 of the Icarus Verilog electronic simulation language compiler is out from the gEDA project. "Support for real/realtime variables and expressions has been added." See the release notes for details.
Libraries International Components for Unicode (IBM)IBM has an open-source project known as International Components for Unicode. "The International Components for Unicode (ICU) libraries provide robust and full-featured Unicode services on a wide variety of platforms. ICU supports the most current version of the Unicode standard, and they provide support for supplementary Unicode characters (needed for GB 18030 repertoire support). As computing environments become more heterogeneous, software portability becomes more important. ICU lets you produce the same results across all the various platforms you support, without sacrificing performance." ICU has been released under the X License.
Web Site Development Midgard Lite 0.8.1 releasedVersion 0.8.1 of the Midgard Lite web development framework has been released. "The main goal of this release is to provide an easily installable package so everybody has the chance to look into the world of midgard. The core of Midgard Lite is more reliable than ever before, and only few important Midgard functions are missing".
Quixote 0.6 beta2 releasedThe second beta of the Quixote 0.6 Python-based web development platform is available. One serious bug in the beta1 release was fixed, among other things.
Aegir CMS 1.0 RC1 releasedThe first prerelease of version 1.0 of the Aegir CMS Open Source Content Management System is available. "Aegir CMS is a full-featured Content Management System built on the popular Linux, Apache, MySQL and PHP (LAMP) platform powered by the Midgard application server."
Zope Members NewsThe most recent headlines on the Zope Members News include: Open Letter to the Community, IssueTrackerProduct 0.4.9b, and SGI Supportfolio Powered by Zope.
Miscellaneous Twisted 1.0.2 releasedVersion 1.0.2 of the Twisted event-driven networking framework has been released, with a ton of new features.
Desktop Applications Audio Applications Tkeca 1.0.1 releasedVersion 1.0.1 of tkeca, a Tcl/Tk front end for the Ecasound audio utility, is available. This release features a new About TKECA button and a change to the GNU General Public License.
Tkeca 1.0.2 releasedTkeca 1.0.2 was also released this week, it contains a couple of bug fixes.
Ardour developmentsArdour, a multi-track audio recording package, has had some recent updates. The latest changes include a new timestretching user interface, implementation of "snap-to" for the selection process, the ability to deal with "chunks" of playlists, a new editor selection model, dither options for export, bug fixes, and more.
amSynth 1.0 rc2 announcedVersion 1.0-rc2 of amSynth, the Analogue Modeling Synthesizer, has been released. This version supports the Jack Audio Connection Kit. Other changes include a revised configure and build system, support for a virtual keyboard, a per-user installation, bug fixes, and support for the latest versions of GCC.
Desktop Environments KDE-CVS-Digest for January 24, 2003The January 24, 2003 KDE CVS Digest is available. "This week, Kaplan is reborn as Kontact (a personal information management application for KDE that integrates KMail, KAddressBook, KOrganizer, and other applications), KMail is moved and a new VCard parser makes an appearance. Also read about KHTML's continued improvements thanks to the Apple Safari work., and new improvements in the KOffice filters. A number of new applications were also added to the repository."
GNOME Summary for January 25, 2003The GNOME Summary for January 19 - 25, 2003 is out. This week covers GNOME Foundation and Bitstream announce free fonts; ExtremeTech interviews from LWE; GNOME 2 100% translated to Mongolian; and much more.
FootNotesHeadlines on the GNOME desktop FootNotes site include: GNOME 2.2 Desktop Release Candidate 2 (2.1.91): ''OUTATIME'', Sodipodi 0.29 released, GnomeMeeting 0.96 aka ''Seems, madam? I know not seems!'' released!, Desktop Enhancements!, libgda/libgnomedb/mergeant 0.10.0 released, GNOME 2.2 Desktop User Guide, GNOME 2.2 Desktop System Administration Guide, New Mongolian GNOME translation bursts onto scene, Camorama 0.16 released, Official Slackware Gnome2.2 out, Remote Gkrellm Over SSH, Linux World: The State of the Linux Desktop, and more.
Adopt-a-Geek: Put Old Hardware to Good Use!The Adopt-a-Geek program strives to put more computer resourses into the hands of KDE developers.
KDE PIM Hackfest SummaryKDE.News summarizes the results of the KDE PIM Hackfest. "The main purpose was to define a roadmap on the future of personal information management in KDE. Berndhard Reiter from Intevation wrote down a nice summary for your convenience."
Games Crystal Space 0.96r001 releasedVersion 0.96r001 of the Crystal Space 3D Engine has been released. "This is a VERY significant release compared to 0.94. Almost everything has changed :-) Lucky for you we have tried to make the transition as easy as possible."
GUI Packages FLTK DevelopmentsThe latest new software for FLTK, the Fast, Light ToolKit include: FL-Inventor 0.9.5-rev1, fl_connect 0.9, Cartesian, and Fl_Device.
Interoperability Wine Weekly NewsIssue #154 of the Wine Weekly News is out. Topics include: News: kerneltraffic.org, CrossOver Plugin 1.2, SuSE Offering, Kernel Module / Shared Memory Revisited, InstallShield 6 Insight, Where is fnt2bdf?, MSVC 4 & Explorer.exe Implementation, Executing Batch Files, Extracting Icons, Installing IE5.5, Wine Robustness?, CVS Vulnerability?, and Whither wine-releases ?.
Office Applications KOffice 1.3 Release Schedule (KDE.News)KDE.News covers the release schedule for KOffice 1.3. "According to it the release cycle begins with Beta 1 in April and ends with the final release in early September 2003. Among the many targetted features are hyphenation support for KWord and Presenter, over 100 new formulas for KSpread and much improved filters (development status)."
AbiWord Weekly News #127Issue #127 of the AbiWord Weekly News is out, with the latest AbiWord word processor development news. "Martin has improved footnote functionality to the point that they're more intelligent than Microsoft's attempts. As I type this, either 1.1.3 is now released, and 1.0.4 is almost out, leaving Mark with a US$20 bill to foot. Jeremy's ready to show off his screen shot of his spunky new wallpaper, I mean, NSIS2 development. Finally, a friend of Andrew's may soon be appearing in the credits of other people's commits."
AbiWord Weekly News #128Issue #128 of the AbiWord Weekly News is out. Topics include the AbiWord 2.0 release plan, abiword2.nsi, INS, Initial Barbarism support documentation, "can't open font" at startup, More Contributors to the TWiki, End Notes, Footnotes exported to/imported from RTF, Tree closed for 1.1.3, and a lot more.
Danish Native Language Project for OpenOfficeOpenOffice.org has announced the creation of the DA Project, which aims to bring Danish language support to OpenOffice.
Web Browsers mozillaZineThe latest mozillaZine topics include: mozdev.org Soliciting for Donations, Integrating Switch Accessibility into Mozilla, Ten Things Phoenix is Better at Than Mozilla, New Netscape 7.01 Base Installer for Windows, UK's 'PC Plus' Magazine Awards Mozilla Editor's Choice, evolt.org Interviews Eric Meyer, K-Meleon Update in Development, and Independent Status Reports.
Languages and Tools C GCC warningsSome changes are being implemented in the GCC warning software. "The ongoing effort to remove warnings from the GCC code base itself, spear-headed by Kaveh Ghazi, has paid off: For our development versions and snapshots, we now enable -Werror during a full bootstrap."
Caml Caml Weekly NewsThe January 21-28, 2003 edition of the Caml Weekly News is out. Topics include: load modules by name, uname for Ocaml, Books on FP, and New bug fix version of Camlimages library.
FORTRAN G95 FORTRAN work continuesWork continues on the G95 FORTRAN compiler project, subroutines are being added and bugs are being fixed.
Java Java Swing: Menus and Toolbars, Part 2 (O'Reilly)O'Reilly continues the series on Swing menus and toolbars. "In part 2 of this book excerpt on Swing menus and toolbars from Java Swing, 2nd Edition, learn about menu bar selection models, beginning with the JMenuBar class."
Fine-tuning Java garbage collection performance (IBM developerWorks)Sumit Chawla illustrates Java garbage collection on IBM's developerWorks, with a focus on the IBM Java Virtual Machine. "In this article, the author shows how to find out whether garbage collection, the task carried out by Java Virtual Machine in the background to reclaim unusable space, is finely tuned. He then provides several recommendations to address your garbage collection issues."
Deploying multiple applications in J2EE 1.2 (IBM developerWorks)Kyle Brown and Keys Botzum cover component reuse issues on IBM's developerWorks. "If you are developing with EJB technology, you are creating potentially reusable components. Unfortunately, plans to deal with reuse are often not put into place until it's too late. In this article, IBM enterprise developers Kyle Brown and Keys Botzum examine a common reuse scenario and explore some considerations that arise from it."
Lisp SBCL 0.7.12 releasedSBCL version 0.7.12 is available. "This is a minor maintenance release which changes the default compilation optimization policy of code processed by EVAL, provides an experimental implementation of the debugger's RETURN command, and fixes a few bugs."
Perl This Week on perl5-porters (use Perl)This Week on perl5-porters for January 20-26, 2003 is available on Use Perl. "This week, the P5P summary will attempt to entertain you with several low-level hacks. (A weird kind of entertainment if any.) Read about printf(), optimisations, internals, perldoc, and other code stories below."
This week on Perl 6The January 19, 2003 edition of This week on Perl 6 is out. Topics include: Objects (again), Optimizing and per file flags, The draft todo/worklist, Parrot Examples, Thoughts on infant mortality (continued), Operators neg and abs in core.ops, The eval patch, Pretty Pictures, Solaris tinderbox failures, Parrot compilers, ook.pasm eval, Array questions, L2R/R2L syntax. Again, Larry's state of health and employment, and more.
Screen-scraping with WWW::Mechanize (O'Reilly)Chris Ball shows how to scrape screens with Perl. "Screen-scraping is the process of emulating an interaction with a Web site - not just downloading pages, but filling out forms, navigating around the site, and dealing with the HTML received as a result. As well as for traditional lookups of information - like the example we'll be exploring in this article - we can use screen-scraping to enhance a Web service into doing something the designers hadn't given us the power to do in the first place."
PHP PHP Weekly SummaryTopics on this week's PHP Weekly Summary include: PHP and XML, Binaries for MacOS X, PHP 5, CVS checkouts from HEAD, ADT extension, Dump_node() changes, and Msession 1.2.
Python Dr. Dobb's Python-URL!The Dr. Dobb's Python-URL for January 27, 2003 is available, with lots of news and links for the Python community.
The Daily Python-URLThis week's Daily Python-URL article topics include: SQLObject, PyObjC, rlcompleter2, the EuroPython 2003 Conference, Eric3, a Python IDE, A conversation with Guido van Rossum, part III: Programming at Python speed, PythonMagick, SandBox, Perl 6 and Python 3000, kobra, a native .NET wrapper for Python, tn5250j features Jython scripting, path 1.0, and more.
Ruby The Ruby Weekly NewsTopics on this week's Ruby Weekly News include: mod_ruby - what is persistent and what is shared?, Ruby does not have enough libraries?, Hash#+?, ModuleBuilder, and Our own CPAN. New Ruby software includes: archive-tarsimple-0.1.0.
Tcl/Tk Dr. Dobb's Tcl-URL!The January 28, 2003 edition of Dr. Dobb's Tcl-URL! is out with the latest Tcl/Tk development news.
XML X+V 1.1 ---XHTML+VoiceIBM's developerWorks has published the specifications for X+V, which is geared toward voice-based interaction. "X+V brings spoken interaction to standard WWW content by integrating a set of mature WWW technologies such as XHTML and XML Events with XML vocabularies developed as part of the W3C Speech Interface Framework. X+V brings together voice modules that support speech synthesis, speech dialogs, command and control, speech grammars, and the ability to attach Voice handlers for responding to specific DOM events, thereby re-using the event model familiar to web developers. Voice interaction features are integrated directly with XHTML and CSS, and can consequently be used directly within XHTML content."
Parsing RSS At All Costs (O'Reilly)Mark Pilgrim talks about dealing with malformed RSS data on O'Reilly. "As I said in last month's article, RSS is an XML-based format for syndicating news and news-like sites. XML was chosen, among other reasons, to make it easier to parse with off-the-shelf XML tools. Unfortunately in the past few years, as RSS has gained popularity, the quality of RSS feeds has dropped. There are now dozens of versions of hundreds of tools producing RSS feeds. Many have bugs. Few build RSS feeds using XML libraries; most treat it as text, by piecing the feed together with string concatenation, maybe (or maybe not) applying a few manually coded escaping rules, and hoping for the best."
The Return of XML Hypertext (O'Reilly)Kendall Grant Clark writes about XML hypertext efforts on O'Reilly. "The first thing one might say about xml-hypertext is that its credentials suggest that it is a trustworthy source. A brief glance through its archive is like a glance through the Who's Who of the XML community. Not only is the roster of participants a good indication of the quality of conversation, but it also suggests that the list's motivating idea is not the product of a single person, but reflects broader community interests."
Introduction to XFML (O'Reilly)Peter Van Dijck introduces XFML on O'Reilly. "XFML is a simple XML format for exchanging metadata in the form of faceted hierarchies, sometimes called taxonomies. Its basic building blocks are topics, also called categories. XFML won't solve all your metadata needs."
Page editor: Forrest Cook Linux in the news Recommended Reading Copyrights: A radical rethink (Economist)The Economist has posted a column on copyright inspired by the Eldred v. Ashcroft ruling. "Copyright was originally the grant of a temporary government-supported monopoly on copying a work, not a property right. Its sole purpose was to encourage the circulation of ideas by giving creators and publishers a short-term incentive to disseminate their work. Over the past 50 years, as a result of heavy lobbying by content industries, copyright has grown to such ludicrous proportions that it now often inhibits rather than promotes the circulation of ideas, leaving thousands of old movies, records and books languishing behind a legal barrier. Starting from scratch today, no rational, disinterested lawmaker would agree to copyrights that extend to 70 years after an author's death, now the norm in the developed world." They argue for much shorter copyrights, but for giving copyright holders "legal backing" for copy protection technologies.Also in this week's Economist: an article on the BSA/CSPP/RIAA deal and a lengthy survey on the Internet society, with articles in privacy, copyright protection, direct democracy, and more.
Commentary: The way of Linux (News.com)Here's a lengthy Forrester Research pronouncement on News.com "CIOs making a commitment to open source should also commit to a team that can demystify licensing issues, manage code rollouts and check a project's sanity level. Staffing the center with skeptics--not gurus--will keep corporate technology policy far away from the open-source socialist fringe." Despite such language, it is actually a very positive report.
CEO Visions: Kinder, Gentler Software (TechWeb)Oracle's Larry Ellison on Linux (covered by TechWeb). "Our database operates on clusters of low-cost Linux machines. We've bet extremely heavily on Linux. We think Linux is a winner. If it's not, it's a bit of a problem for us. If it is, it's a huge win for us. ... In 25 years at Oracle, I've never seen movement like this toward an operating system. I've never seen anything with this much uptake. We're seeing Linux absolutely go over the moon."
Linux infiltrates Homeland Security, and other conspiracies (Register)The Register plants tongue firmly in cheek for this article about the US Department of Homeland Security's newly-launched web site. "Still, it's nice to see Linux defending the homeland, and to know that the Department of Homeland Security doesn't hold with this stuff about the GPL being communism. Unless... Now, there's another good conspiracy theory.."
Trade Shows and Conferences LinuxWorld: Baby It's Cold Inside (Wired)Wired attends LinuxWorld. "It's interesting to watch as new users of Linux, including reps from Merrill Lynch, Goldman Sachs, and VeriSign, are trotted out to explain how great Linux is to people who have probably spent the last decade elbow deep in kernel code. "It's like watching a baby discover its toes," said New Jersey coder Nick Nardine. "Not only does the baby think its toes are the coolest thing in the world, it insists you must discover your toes too. Watching these guys push Linux on us is endearing and annoying at the same time.""
Sun Hits Stride At LinuxWorld (TechWeb)TechWeb covers LinuxWorld announcements from Sun. "And Mad Hatter, the codename for Sun's Linux desktop, will roll into beta this spring, followed by general availability summer of 2003."
LinuxWorld Is Wall-to-Wall Good News (Linux Journal)Linux Journal wraps up LinuxWorld. "On the AMD side of the struggle, several vendors offered Opteron-based evaluation and development hardware. A running 1U system at the Angstrom booth had processors that were cool to the touch, with two small fans per processor. Although Angstrom can't release numbers and Linux Journal didn't have a thermometer, the Opterons feel cooler than current Athlons."
Microsoft wins Linux award (vnunet)Vnunet notices that the winner of LinuxWorld's best system integration software in the Open Source Product Excellence Awards is not exactly an open soure product. "But [Microsoft's Services for Unix 3.0] is still a Windows-based product, with the user needing to run Windows NT4, 2000 or XP Professional. The Unix/Linux element is needed in order to access the Unix operating systems. A purist might therefore argue that it is not open source at all."
Companies IBM Touts New Enterprise Linux Customers At LinuxWorld (TechWeb)This TechWeb article list some of IBM's big Linux customers. "Sales are the supreme test of a technology's value, and IBM is highlighting that point by parading nearly a dozen new Linux customers. The Armonk, N.Y., computer giant, which dove into the Linux market three years ago, said at LinuxWorld in New York on Wednesday that the PGA Tour was among the converts to the open-source operating system."
Intel gets 'big iron' partner (vnunet)Vnunet covers a deal between Intel and Fujitsu to develop high-end servers. "Fujitsu has reorganised its 300-strong Linux development team and it is expected that they will be concentrating on using open source for its server management software."
Red Hat intros 12 month only support on 'consumer' OSes (Register)The Register takes a look at Red Hat's current "end-of-life" schedule. "Microsoft comes under regular fire for its apparent eagerness to end-of-life its products, making them more difficult and expensive to support, and hence forcing users to upgrade to the next version. But without fanfare Red Hat has quietly introduced its own approach to end-of-life, and compared to this, Microsoft's idea of an upgrade cycle looks pretty sedate. As of the release of Red Hat 8.0, the company is only guaranteeing errata maintenance for the 12 months following a product's release."
SCO Group Readies New Platform (eWeek)eWeek covers a new platform under development by the SCO Group. Known as SCOx, SCO hopes it will drive the next generation of applications on both the network and the server, across both Unix and Linux. "SCO Group chief executive Darl McBride told eWEEK in an interview here at LinuxWorld Wednesday that two of the company's core customer segments the replicated site customer and the small- to medium-sized business customer are looking for a platform that melds their server-based solutions and the Internet."
Linux Adoption Morgan Stanley aids Linux learning curve (News.com)News.com looks at Red Hat customer Morgan Stanley. "Birnbaum wasn't just helpful in pushing Red Hat to build necessary features into Linux, Tiemann said. He also helped champion the cause of Linux among Wall Street companies."
Tablets good for healthcare staff (NZ Herald)The New Zealand Herald looks at a South Auckland Maori health provider that is carrying out the first local trials of Linux-based Tablet computers to gather health information at clients' homes and communicate wirelessly with base. Thanks to Kanchana Wickremasinghe
Interviews Linus has an open view (The West Australian)This year Linus went to Linux.conf.au instead of LinuxWorld. While there he spent some time talking with the press. Here is an interview with Linus in The West Australian. "Mr Torvalds appears to find Microsoft's angst over open source, and Linux in particular, more amusing than troubling overall. But he warns the battle could get serious."You can find another interview in AustralianIT. Thanks to Leon Brooks
Larry McVoy on BitKeeper, kernel development, Linus Torvalds and Bruce Perens (LinuxWorld)Joe Barr talks with Larry McVoy in this LinuxWorld article. "McVoy's biggest contribution to free software may be BitKeeper, his proprietary source management system. The story of how BitKeeper has come to be Torvalds' (and many other kernel hackers) tool of choice in maintaining the Linux development tree is worthy of a book. It's not just an unlikely outcome, given the animosity that often flares up when proprietary and open source types gather in the same space, it has been a frustratingly painful one. McVoy tells me that it was his desire to help Linus that has resulted, to use his own words, in "a miserable last five years.""
Resources LinuxDevices.com NewsletterHere is the LinuxDevices.com Newsletter for January 23, 2003. Get caught up on all that's new in embedded Linux.
Spam filtering techniques (developerWorks)developerWorks looks at six different ways to deal with spam. "At first blush, it would be reasonable to suppose that a set of hand-tuned and laboriously developed rules like those in SpamAssassin would predict spam more accurately than a scattershot automated approach. It turns out that this supposition is dead wrong. A statistical model basically just works better than a rule-based approach"
Reviews Langa Letter: Linux Has Bugs: Get Over It (TechWeb)Fred Langa revisits Linux bugs in this TechWeb article. "It's hard to imagine a less inflammatory or more obvious assertion--that all operating systems have bugs and security issues--but I won my bet: Linux and open-source fans thought I was attacking them or their preferred operating system. They deluged me with E-mails, many irate, claiming that CERT (and I) were dead wrong."
Not Your Father's Encyclopedia (Wired)Wired looks up Wikipedia, an open source encyclopedia. "In Wikipedia's second year, editors have added 80,000 entries to the English version and 33,000 more to the other language editions. The surge in growth has made it the world's largest and fastest growing open-content encyclopedia, according to its founders."
Miscellaneous Linux Australia votes in first female president (ZDNet Australia)ZDNet Australia covers Linux Australia's new president, Pia Smith. "Asked why she wanted to be president, Smith said she wanted to invigorate the organisation, so as to raise the profile and scope of the Linux operating system in Australia."
Page editor: Forrest Cook Announcements Commercial announcements IBM releases 2003 Linux Software Evaluation KitThe new IBM Linux Software Evaluation Kit that has been expanded to 4 CDs for 2003. In addition to the newest levels of DB2 Universal Database, WebSphere Application Server, and Lotus Domino, the 2003 SEK will also include WebSphere Studio Site Developer, WebSphere MQ, Tivoli Access Manager, Linux porting tools, along with many white papers and tutorials. Sign-up here and get the Linux Software Evaluation Kit mailed to you at no charge.
Pioneer-Standard Announces Alliance with HP to Support Linux-based Business Solutions for HP ProLiant ServersPioneer-Standard Electronics, Inc. has announced an alliance with HP to advance Linux-based HP ProLiant and Intel(R) Itanium(TM) server solutions in the marketplace.
Storever Introduces OpenBrick Wifi Extranet Server based on Mandrake LinuxStorever introduced the OpenBrick Wifi Extranet Server. Based on the OpenBrick Advanced Extranet Server, the new OpenBrick provides a simple solution to setup advanced secure WiFi networks.
OpenBrick Introduces Umigumi: The Instant Appliance Setup ProgramThe OpenBrick Community has introduced "Umigumi". Umigumi can reconfigure any embedded platforms or even a standard PC in just a few seconds, or change them into an appliance: router, firewall, VPN, OGG player, print server, thin client, etc. Umigumi is an open source product designed for the OpenBrick platforms by the OpenBrick community, but it can easily be extended to support any embedded hardware platforms running Open Source operating systems like GNU/Linux and FreeBSD/OpenBSD.
SCO Establishes SCOsource to License UNIX Intellectual PropertyThe SCO Group has announced the creation of a new division called "SCOsource" which will be charged with managing the company's "Unix intellectual property." Initially the division will be licensing SCO's System V libraries; it will be interesting to see where it goes after that.
Linux Journal Press Releases "Linux In the Workplace" Under GNU FDLLinux Journal Press has announced the release of Linux in the Workplace under the GNU Free Documentation License (FDL). (LWN reviewed this book last November).
Resources EDRi-gram: a new European digital rights newsletterThe first issue of "EDRI-gram," a new newsletter on European digital rights, has just been published. Topics covered include the implementation of the European Copyright Directive, the draft software patent law, updates from the UK and Germany, and more. Click below for the first issue, along with information on how to subscribe.
Upcoming Events Thursday's collection of LinuxWorld press releasesHere is another round of press releases from LinuxWorld:
LinuxWorld and linux.conf.au wrapupsRussell Pavlicek has sent us a wrapup of last week's LinuxWorld conference. "In all the booths, there was a different tone of communication. The magicians and campy actors who had once populated the demo areas were replaced with business presenters earnestly communicating the advantages of their respective corporations."Leon Brooks, meanwhile, has posted "A Triumphal Wrapup" from linux.conf.au. "A penguin ambled out on-stage at the opening session, and then off again. After a few minutes, Rusty appeared with a penguin head under his arm. 'Ha, ha' said everyone, very funny, Rusty wore a penguin suit, yay. Then when everyone was thoroughly disarmed, Linus came back on in his usual casual way, wearing the headless suit. It took a minute or two for the penny to drop for quite a few people, but the cheers came."
LinuxWorld Attendance Tops 19,000Here's the official LinuxWorld wrapup from IDG World Expo.
ESC San Francisco 2003 HighlightsCMP Media LLC announced its 15th annual Embedded Systems Conference (ESC) San Francisco will be held in the Moscone Convention Center in San Francisco, April 22 - 26, 2003. Registration is open.
OSCON 2003 (Python 11) CFPA call for participation has been posted for the O'Reilly 2003 Open Source Software Convention in Portland, Oregon on July 7-11, 2003. Submissions are due in by February 15.
CFP: 3rd Workshop on Open Source Software EngineeringA call for papers has gone out for the 3rd Workshop on Open Source Software Engineering, to be held in Portland, Oregon on May 3, 2003. Submissions are due in by February 15.
YAPC::Europe::2003 Call for Participation (use Perl)Use Perl has announced the call for participation for the YAPC::Europe::2003 conference, to be held in Paris on July 23-25, 2003.
YAPC::Canada Slated for May 15-16, 2003 (use Perl)Use Perl has an announcement for the YAPC::Canada converence, it will be held in Ottawa, Ontario on May 15 and 16, 2003.
More FOSDEM interviews postedThe latest set of FOSDEM speaker interviews is up: Jon 'maddog' Hall, Owen Taylor, and Havoc Pennnigton.
Events: January 30 - March 27, 2003
Software announcements This week's software announcementsHere are the software announcements, courtesy of Freshmeat.net. They are available in two formats:
Miscellaneous News on European PatentsMichel Rocard (former Prime Minister of France and now on the Committee on Culture, Youth, Education, the Media and Sport) is proposing an amendment (PDF format) to explicitly rule out patent-ability on information processing. The amendment is well written and we can only hope that it will have some influence on the European parliament. Thanks to Laurent Guerby
Page editor: Forrest Cook Letters to the editor latest Forrester report
To the editor,
Insecurity
Hi, Fred; with regard to your recent pontifications on security:
The Langa Letter - an opposing view
Fred's comment about "severity" is, as he points out, inherently
Page editor: Jonathan Corbet
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
![[SCO Pedigree]](/images/ns/sco-pedigree.jpg)