LWN Weekly Edition
Leading itemsSecurity
Kernel development
Distributions
Development
Linux in the news
Announcements
Letters to the editor
->Multipage format
This page
Previous weekFollowing week
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
LWN.net Weekly Edition for March 13, 2003The first big Linux lawsuitAs most LWN readers have doubtless heard by now, SCO has filed a $1 billion lawsuit against IBM, claiming that IBM has misused SCO's proprietary Unix technology in Linux. LWN posted a look at SCO's complaint on the day it was released. Since then, more detailed analyses (and rebuttals) of SCO's claims have come out. See, for example, Karsten Self's commentary and the proposed response on the opensource.org site. Both are currently in draft form. Rather than try to add to those well-researched responses, we'll take this space to try to ponder some of the implications of this case.But first, it's worth pointing out that there is some real amusement to be found in Eric Raymond's buyer's guide for Unix on PC hardware, dated 1993. He had a warning for SCO and other proprietary systems vendors:
A complete, working UNIX plus GNU tools plus X is now available for
around $60 --- *with sources*. Your prices have to drop by an
order of magnitude, or your service has to get a whole hell of a
lot better, if you're going to try and compete with that. Adapt or
die.
The message clearly was not heard. But, thanks to the net, it still exists to show to anybody who believes that SCO's entitlement to the x86 Unix market was unchallenged until IBM came along. It remains to be seen how this case will be resolved. What seems like an obvious answer to the technical community sometimes comes across a little differently to a court. Nonetheless, IBM is equipped with relatively fearsome weaponry for the intellectual property battlefield. SCO will not have an easy time of it. In the mean time, what can we expect?
This is the first of the big Linux intellectual property lawsuits; we should not expect it to be the last. Free software is too big a change, and it threatens too many interests, for things to go any other way. We are fortunate that the first attack was against a defendant with the resources and interest to defend itself - though the defendant could conceivably disagree. The burden of defending the next suit could well fall on somebody less able to shoulder it.
Going for BALANCE[This article was contributed by Joe 'Zonker' Brockmeier] If at first you don't succeed... Rep. Zoe Lofgren (D-Calif.) reintroduced the awkwardly-named Benefit Authors without Limiting Advancement or Net Consumer Expectations (BALANCE) Act last Monday. The bill was shot down last year in committee. Rep. Rick Boucher (D-Va.) is co-sponsoring the bill. Boucher has been outspoken on the need for reform of the Digital Millennium Copyright Act in the past, though he seems to be taking a back seat on this one (perhaps because he has a DMCA reform bill of his own on the table). The BALANCE Act does not do away with the DMCA, as many in the Linux community would like to see. Instead, it attempts to amend the DMCA to allow for the exercise of fair use. The act notes that the DMCA "failed to give consumers the technical means to make fair uses of encrypted copyright works." Not surprisingly, the Business Software Alliance (BSA) and the Motion Picture Association of America are against the BALANCE Act. Jack Valenti is quoted in the Mercury News as saying that the legislation "puts a dagger in the heart of the Digital Millennium Copyright Act," which is pretty much what everyone outside the entertainment and proprietary software industries would like to do. The BSA's press release says that Lofgren's proposed exceptions go too far:
The broad exemptions to the DMCA proposed by Representative Lofgren
would undermine the core purpose of the Act and violate the protections
that serve as the foundation of innovation and discovery for legitimate
copyright owners. In the digital age, broadly accepted technological
measures must be available and adhered to by consumers and enterprises
to curb piracy and its economic consequences...
Of particular concern, provisions of this legislation allowing the disablement of technological protection measures on copyrighted materials would provide safe harbor for pirates who could easily claim that the 'intent' of their actions were legal even if it resulted in knowingly unlawful infringement and economic loss to copyright owners. Interestingly, while the BSA comes out against the BALANCE Act, some of its member companies (i.e. Intel and HP) have been quick to endorse it and other bills like it that seek to undo some of the damage of the DMCA and the entertainment industry's relentless attempts to disallow fair use. A reading of the bill shows that the BSA's position is a stretch, at best. The bill would ensure rights to "reproduce, store, adapt or access the digital work" for archival purposes or to "perform or display the work, or an adaptation of the work, on a digital media device, if the work is not so performed or displayed publically." Circumvention of copyright protection would be allowed only if "such an act is necessary to make a noninfringing use of the work" and if "the copyright owner fails to make publically available the necessary means to make such noninfringing use without additional cost or burden to such person." In short, the bill seems to say that somebody could legally use or create something like DeCSS only if the movie studios do not provide, free of charge, a way for them to play DVDs on their devices. The BSA is right about one thing: the BALANCE Act may very well hinder shrinkwrap licensing, which the software industry loves so much. The act would not allow enforcment of "nonnegotiable license terms...to the extent that they restrict or limit any of the limitations or exclusive rights" under the act. In other words, movies studios and software companies could not apply shrinkwrap licenses that disallow backup copies or circumvention that allows fair use. It's hard to see how that would "stifle industry growth and limit consumer choices." So far, however, the DMCA hasn't been used to "promote continued innovation." It's been used to stifle competition and prevent fair use. Right now, the bill is in committee. The odds of passing the bill are a long shot, but one can always hope that this bill, or one very much like it, will make its way through Congress soon.
Security Brief items Red Sheriff[This article was contributed by Tom Owen] Check your cookie list in your browser for cookies from imrworldwide.com -- if they're there, then the red sheriff is watching you. You won't be alone. For well over a year, vexed users have been popping up on the newsgroups, in slashdot and on lists of all sorts with independent rediscoveries of Redsheriff's activities. Unscientific sampling suggests that machines not owned by paranoid technicians always have these cookies. The web was not designed to make marketing easy. Proxies and other caches mean that the server logs can dramatically undercount page views and downloads. Spiders and bots work the other way, but there's no reason to believe they balance out. The users share and reuse their IP addresses, you can't tell for certain what country they're in, and they even lie to their own PCs. Maybe M. Mouse is a legitimate name in Martinique, and a birth date of 01/01/01 might just mean that you saw Steamboat Willie first time round. But probably not. Advertisers hate this. They hate trusting the word of a site owner about page impressions, but even when those numbers make sense they still don't know if the campaign is reaching the target preteens, or is being wasted on middle-aged tax consultants who just really like Britney. Many of them prefer to stick with old media where they get respectable numbers from the likes of Nielsen and ABC. So the demand for better information is huge, and there's a long history of attempts to get it: doubleclick, web bugs and third-party cookies. The big accounts at the traditional end of the industry prefer to trust names and methods translated from broadcast media: closely monitored sample panels, surveys and focus groups. That would be fine, but one thing that no-one has ever been able to do is reconcile the numbers from these two approaches. Redsheriff want to bridge that gap -- by making the whole internet their panel. Founded in Australia in 1996 as a research firm, by 2001 Redsheriff was expanding into technical means. Along the way, they picked up global ambitions and some serious capitalists led by WPP, Martin Sorrel's advertising conglomerate. Earlier website versions on the Wayback machine couple horrifying wild-west copy with fairly explicit information about their offerings which is lacking from the current site. And in fact they keep a lowish profile all round. There are no secrets, but no fuss either and little interest in publicity. It doesn't matter: the evidence is easy enough to gather. Redsheriff client sites (try Selfridges) drop or reference two main components:
Redsheriff say they can report on movement within a flash site, as well as use of non-client sites, and it looks as though these are jobs for the applet. There doesn't seem to be an ActiveX component yet, but given MS's attitude toward Java, this is probably only a matter of time. So far, Redsheriff knows many of the sites you visit from day to day and year to year, and within some of them they know the pages you look at. This is a good start (for them), but technical means aren't enough: they don't know who you are. This next stage is probably what has piqued the interest of partners like WPP and Taylor Nelson Sofres What these buyers want is income, age, education, family status, and Redsheriff apparently gets it the easy way: by popping up a questionnaire with a chance of winning some prize. This questionnaire carries the client site branding, but the data goes to the Redsheriff servers. As a final touch, some percentage of the responses are qualified with telephone interviews. The privacy policy is surprisingly less clear than it could be -- it looks as though some identifying personal information will be held on the basis of the target's consent implied when they filled in the survey. Redsheriff is doing nothing all that weird, but the effect is still spooky. Assuming their software and datacenter work right, they'll know largely complete browsing histories stretching over years for vast numbers of computers. And if they can do the surveys right, many of these histories will carry trustworthy demographic information and many more will be similar enough to have it inferred. They can't quite equal a panel in joining up work and home browsing or breaking out multi-use PCs but their potential sample is so comprehensive they hardly care: the data are going to make them big money. If you don't want to be part of this database, it's easy to stop without marring the browsing experience: simply block third party cookies (erase any you have) and don't run applets. It's that easy. Maybe that's why they don't want the public gaze.
BIND 9.2.2: Slipstream Release?[This article was contributed by Tom Owen] The recent discussion on Bugtraq (e.g. here and here) raised the ugly possibility that ISC was fixing security problems in BIND and keeping quiet about them.In fact it does seem as though the release could have been better described in the BIND list. Two faults are described at the end of the current Bind vulnerability listing and the reason for the omission looks easy to guess: One is in the resolver library rather than the daemon itself, and the other is caused by linking with an unfixed version of OpenSSL. It's not wrong to keep up to date with BIND, but the earlier server is only vulnerable if you use DNSSEC and linked an older version of OpenSSL.
New vulnerabilities ethereal - format string vulnerability
mysqlcc - world readable file permissions
netscape-flash: buffer overflow
qpopper - buffer overflow
usermode - local root compromise
Updated vulnerabilities apcupsd - remote root vulnerability and buffer overflows
Heap corruption vulnerability in at
BIND8: Multiple vulnerabilities
bind buffer overflow vulnerability in DNS resolver libraries
BitchX - denial of service
Canna server: exploitable buffer overrun
CVS - exploitable double-free bug in the CVS server
dhcp3 - ignored counter boundary
dvips: command execution vulnerability
Filename disclosure vulnerability in fam
fetchmail: buffer overflow
file - memory allocation problem, stack overflow
GNU fileutils race condition
Potential remote root exploit in glibc
glibc: DNS stub resolvers contain buffer overflow vulnerability
IM: creates temporary files insecurely
IMP - SQL injection vulnerability
kdelibs: Vulnerabilities in KIO subsystem support
kernel-utils: setuid vulnerability
libpng, libpng3: buffer overflow
lynx: CRLF injection vulnerability
perl-MailTools: remote command execution
mhc - insecure temporary file
micq: Denial of service
MySQL: multiple vulnerabilities
nethack: buffer overflow
net-snmp: denial of service vulnerability
OpenSSL: plaintext exposure vulnerability
pam_xauth: root exploit
PHP: vulnerability in mail function
PostgreSQL - more buffer overflows
Local arbitrary code execution vulnerability in Python
Multiple-use vulnerability in Safe.pm
sendmail - Remote Buffer Overflow
slocate - buffer overflow
snort - buffer overflow
squirrelmail - cross-site scripting vulnerability
File overwrite vulnerability in tar and unzip
tcpdump - infinite loop
Multiple vendor telnetd vulnerability
typespeed: buffer overflow
vim - modeline vulnerability
vnc - replay and cookie vulnerabilities
eterm, vte: dangerous interception of escape sequences
wget:directory traversal bug
Problems with libgtop_daemon
Wwwoffle remote privilege escalation vulnerability
zlib 1.1.4 has buffer overrun
Page editor: Jonathan Corbet Kernel development Brief items Kernel release statusThe current development kernel is 2.5.64, unchanged from one week ago. Linus has been busy, however; his BitKeeper tree includes more driver model work, the continuing removal of unwanted stuff from devfs, a uClinux update, an x86-64 update, some block layer cleanups (see below), scheduler changes for improved interactive response (see below again), and a number of other fixes.Alan Cox has released 2.5.64-ac3 which adds a new set of IDE updates. "Handle with care." The current stable kernel is 2.4.20; Marcelo has not released any 2.4.21 prepatches over the last week. Alan Cox's current 2.4.21 prepatch is 2.4.21-pre5-ac3. Here you'll find an even newer set of IDE changes, along with quite a few other fixes and updates.
Kernel development news Improving interactivity on Linux systemsThe 2.5 kernel features a massively reworked scheduler which, among other things, improves the interactive feel of a desktop system. It goes to great lengths to try to separate interactive tasks from "background" processes, and to give a priority boost to the former. One way that this distinction is made is to look at how much time each process spends sleeping. Processes that sleep a lot are generally waiting for humans to do something, so the kernel tries to ensure that, when they wake up, they get quick access to the processor.This heuristic works well much of the time, but it also fails badly in some situations. Consider, for example, the case of a user dragging a window across the screen. That sort of operation can require a fair amount of computation on the part of the X server. If the system is busy anyway (with a kernel compilation, for example), the X server can end up using all of the processor time that is available to it. When the server stops sleeping, the kernel concludes that it is a compute-bound background task and drops its priority. At that point, the pointer stops keeping up with the mouse, and the desktop experience becomes generally unpleasant. A classic solution (which predates Linux) for this problem is to raise the priority of the X server. A higher-priority server can make things work better for some users, but it ignores the fact that similar situations can arise with other interactive processes that require a fair amount of processor time. Streaming media applications tend to work this way, for example. Raising the priority of the X server can make things worse for this sort of application. Also, as Linus points out, tweaking priorities in this way is an indication that the system has failed somehow:
Something is wrong, and we couldn't fix it, so here's the band-aid
to avoid that problem for hat particular case. It's acceptable as a
band-aid, but if you don't realize that it's indicative of a
problem, then you're just kidding yourself.
A few patches have gone into the 2.5.65 kernel which, by most reports, make things a lot better. One of them, which originally came from Linus, is based on the recognition that, if an interactive process is waiting for another process to do something, that other process should be considered interactive as well. The X server may be using a fair amount of CPU time, but, since interactive processes (i.e. the clients that the user works with) are waiting for it, the X server should still be seen as an interactive process. The ideal time to make this adjustment might be when an interactive process goes to sleep waiting for an event. Unfortunately, that is hard to do; the kernel has no way to know, in the general case, who will be waking up processes that sleep on a particular queue. On the other hand, when the wakeup actually occurs, the relationship is immediately obvious. So the new scheduler will, at wakeup time, look at the interactivity bonus for the process being awakened. If that process has maxed out its bonus (as processes that sleep a lot will), the "excess" interactivity bonus is given, instead, to the process which is performing the wakeup. Thus, a sleeping mail client gives some of its bonus to the X server, which wakes it up. This patch is said to improve the interactivity of X significantly. Ingo Molnar has taken Linus's patch and merged it into a larger set of scheduler changes (which, in turn, has gone into 2.5.65). Some of the additional changes that have been made include:
The end result of these changes is a kernel which provides a much more satisfying interactive experience. Note, however, that some causes of X server stalls - in particular, those related to disk I/O scheduling - still have not been resolved. Work is ongoing, however. (See also: Jim Houston's self-tuning scheduler patch, which takes a different approach to scheduler improvement).
Block device registration and 32-bit dev_tLong-suffering block driver maintainers will have to cope with a new change in 2.5.65: this patch from Andries Brouwer changes the prototype of register_blkdev(), which is used by block drivers to tell the kernel of their existence. The previous version of this function took a struct block_device_operations pointer, which contains some of the operations provided by the driver. That parameter has not been used for some time (block operations are now directly associated with disks, and are kept in the generic disk structure), so Andries removed it.Not everybody agreed with this change. With all of the work that has been done in the block layer, register_blkdev() does not actually do very much anymore. Its main remaining purpose is to associate a driver name with a major number, so that it shows up in /proc/devices. A block driver can now function nicely without calling register_blkdev() at all. The long-term plan is to remove register_blkdev() altogether. In the mean time, it was asked, why bother changing the prototype of a doomed function? Even so, the change was merged into 2.5.65. The real purpose of Andries's patch, however, was to get rid of the static blkdevs array used to keep track of block devices in the kernel. blkdevs is about the only static array left in the block subsystem, and thus is one of the remaining impediments to Andries's real goal: the long-awaited expansion of dev_t to 32 bits. The 32-bit dev_t is one of the final items on the 2.5 "todo" list. It is still considered important by many users: an Oracle engineer mentions 4000-disk systems that "want to go to Linux" but can't, and from IBM we hear about a 5000-drive system with waiting customers. There appears to be little opposition to the adoption of a larger dev_t, even at this late stage. But everybody agrees that it would be best to get this change done sooner rather than later. The amount of work remaining is said to be relatively small. The block layer, for example, is almost ready for a larger dev_t now. The char device subsystem could take more work - many drivers "know" that device numbers (especially minor numbers) are only eight bits. So a detailed audit of many drivers could be required. This suggestion from Alan Cox could make life a little easier, though. The idea would be to replace the venerable register_chrdev() function with a new register_chr_device() which takes a parameter indicating the largest minor number that the driver can deal with. A change to all char drivers would still be required, but, by defaulting the maximum minor number to 255, these drivers could be made safe without the need for a larger "audit and fix" operation. The few drivers that actually need more minor numbers could be fixed individually. There are, of course, other issues to deal with before a larger dev_t will be truly stable. Some protocols (i.e. NFSv2) aren't prepared for large device numbers. The interface to user space may well hold a surprise or two. And so on. These are all problems that can be solved, but the process will take time. (As an aside, Alexander Viro, who has been an active participant in the block layer and dev_t work, has been absent from kernel development for a few months. In a recent message, however, he proclaimed "I'm finally back - hopefully for good." Welcome back, Al).
Klibc and initramfsAnother incomplete 2.5 development item is initramfs - an initial filesystem attached to the kernel image. The plan is to move much of the early boot code into initramfs, so that it can be run in user mode. But there has not been a whole lot of progress in that direction.One part of the process is klibc, a small C library to be used in initramfs applications. A patch exists which adds a working klibc to the 2.5.64 kernel, but Linus is not ready to merge it:
However, I also have to say that klibc is pretty late in the game,
and as long as it doesn't add any direct value to the kernel build
the whole thing ends up being pretty moot right now. It might be
different if we actually had code that needed it (ie ACPI in user
space or whatever).
In other words, unless some code which really needs klibc does not show up soon, it may not get merged into 2.5 at all. That would have the effect of pushing the whole initramfs project back into the next development series. There are people working on creating this code, but, as Linus says, it's late in the game.
Smatch updateSmatch is Dan Carpenter's project to create a free version of the Stanford Checker. The project is making progress, and smatch is now capable of finding several classes of bugs in the Linux kernel. Some patches fixing bugs found by smatch have already begun to appear.The database of problems found by smatch is now hosted at kbugs.org. As of 2.5.64, there are just over 1000 potential bugs in the database. Many of them are certainly false alarms, but others will be real. An interesting feature of the kbugs.org site is the ability to "moderate" bugs as being real problems or not. With this capability, interested volunteers can help to sift out the real bugs, even if they don't feel able to contribute patches to fix them. The smatch project is still in an early stage, but it is already showing great promise as a tool which can help in the creation of a better kernel.
Edge-triggered interfaces are too difficult?The new epoll interface was covered here back in October, 2002. The epoll system calls offer a significant performance improvement for applications which must frequently poll large numbers of file descriptors. It does so by performing the setup work only once, and then trapping new I/O events as they occur.One aspect of the epoll interface is that it is edge-triggered; it will only return a file descriptor as being available for I/O after a change has happened on that file descriptor. In other words, if you tell epoll to watch a particular socket for readability, and a certain amount of data is already available for that socket, epoll will block anyway. It will only flag that socket as being readable when new data shows up. Edge-triggered interfaces have their own advantages and disadvantages. One of their disadvantages, as epoll author Davide Libenzi has discovered, would appear to be that many programmers do not understand edge-triggered interfaces.. Additionally, most existing applications are written for level-triggered interfaces (such as poll() and select()) instead. Rather than fight this tide, he has sent out a new patch which switches epoll over to level-triggered behavior. A subsequent patch makes the behavior configurable on a per-file-descriptor basis. The end result is a more flexible epoll interface that can be more easily used in existing applications. The patch has not been merged as of this writing, but there does not seem to be any reason why it shouldn't be. After all, epoll has not yet appeared in a stable kernel release; now is the best time to be making improvements to the interface.
The BitKeeper to CVS gateway goes liveLarry McVoy has announced the availability of the current BitKeeper kernel repository in CVS format. Things are still stabilizing, but the plan is to have the current 2.4 and 2.5 repositories available in CVS format in near real time. Almost all of the change and commit information will be available, making it easy for people who are unwilling or unable to run BitKeeper to peruse the kernel's revision history and track current developments. Says Larry:
Our goal is to provide the data in a way that you can get at it
without being dependent on us or BK in any way. As soon as we have
this debugged, I'd like to move the CVS repositories to kernel.org
(if I can get HPA to agree) and then you'll have the revision
history and can live without the fear of the "don't piss Larry off
license". Quite frankly, we don't like the current situation any
better than many of you, so if this addresses your concerns that
will take some pressure off of us.
Of course, when dealing with this sort of topic, things are never that easy. People will certainly be happy to have the CVS repository available, but one other aspect of the announcement has made people nervous. It seems that the near-SCCS file format used by BitKeeper is increasingly difficult to work with; now that BitKeeper repositories can be accessed in CVS format, the BitKeeper developers would like to move to a new, proprietary format. And that idea does not fly with all developers; this complaint from Ben Collins has been echoed by a few hackers:
You've made quite a marketing move. It's obvious to me, maybe not
to others. By providing this CVS gateway, you make it almost
pointless to work on an alternative client. Also by providing it,
you make it easier to get away with locking the revision history
into a proprietary format.
It is clear that, as long as BitKeeper is in use by the kernel development community, some people are going to be unhappy. Nothing short of the complete freeing of the BitKeeper source will satisfy some users, and that does not appear to be in the cards. Fortunately this disagreement, while noisy, hasn't really gotten in the way of continued kernel development. In fact, it hasn't even gotten in the way of BitKeeper as it improves the kernel development process. Regardless of what one thinks of BitKeeper or its license, the fact remains that kernel development has been working well over the last year; an incredible stream of patches has been merged, and the people involved have stayed sane. As sane as they were before, anyway. (As an aside, Larry has suggested that the license clause that forbids (free) BitKeeper use by people working on other source management systems could be removed in the future "if we feel we have pulled far enough ahead that everyone else is just playing catchup").
Driver porting Driver Porting: block layer overview
Fully covering the changes that have been made will require a whole series of articles. So we'll start with an overview which highlights the major changes that have been made without getting into any sort of detail. Subsequent articles will fill in the rest. Note that parts of the block layer remain volatile - this development is not yet complete. We'll keep up with further changes as they happen. So, what has changed with the block layer?
Subsequent articles will explore the above changes in depth; stay tuned.
Patches and updates Kernel trees
Core kernel code
Development tools
Device drivers
Documentation
Filesystems and block I/O
Janitorial
Memory management
Networking
Architecture-specific
Benchmarks and bugs
Miscellaneous
Page editor: Jonathan Corbet Distributions Distribution News Debian GNU/LinuxThe Debian Weekly News for March 11, 2003 looks at some recent Linux kernel developments, Debian fun stuff from Openstuff.net, and much more.Here is the call for votes for the Debian Project Leader Election 2003. The Debian release manager is looking for assistants to help with the many tasks that need to be accomplished before sarge can be released. Join in the third bug squashing party for sarge, March 14 - 16, 2003, and help to correct as many release critical bugs as possible in all those Debian packages.
Gentoo Weekly Newsletter -- Volume 2, Issue 10Here's the Gentoo Weekly Newsletter for the week of March 10, 2003. This week GWN looks at distcc in a nutshell; and notes that they got a remarkable response to their call for developers.
Mandrake Linux Community NewsletterThe Mandrake Linux Community Newsletter for March 7 is out; it looks at the second Mandrake Linux 9.1 release candidate, the business case of the week, and more.
Red Hat's new offeringsHere is the press release from Red Hat regarding its new commercial distribution offerings. "Red Hat Enterprise Linux ES" is a cheaper version of the Advanced Server product (now "Red Hat Enterprise Linux AS"); "It is ideally suited for application-, network-, file-, print-, mail-, and Web-serving, as well as for running custom or packaged business applications." Also available is "Red Hat Enterprise Linux WS," which is aimed at engineering workstations - software development, electronic design, etc.
Slackware 9.0-rc2 has been released for testing.Slackware has released a second candidate for Slackware 9.0. As usual the gory details can be found in the slackware-current change log.
SuSE announces 8.2, new partner programSuSE has announced SuSE Linux 8.2, a strongly desktop-oriented version of the company's distribution. Availability is mid-April.The company has also launched a new partner program, which is aimed at helping others sell SuSE products.
Young project leader hopes to make Linux software installation easier (NewsForge)Robin Miller interviews Mike Hearn, leader of the Autopackage project in this NewsForge article. "Autopackage is a concept that is in the process of becoming a reality, a little bit at a time, in the traditional Open Source manner. The idea is to come up with a single software packaging/installation system that will work across all major Linux distributions, and resolve dependencies, too, so that neither developers nor users need to worry about distribution compatibility issues." Thanks to Ashwin N
New Distributions Orange LinuxOrange Linux is a floppy-based Linux distribution that includes a set of tools for making your own distribution, a VGA graphics library, and a small Pong game. Initial version 1.0 was released March 11, 2003.
rpm-livelinuxcdrpm-livelinuxcd is a 120MB RedHat-based distribution that runs completely from CD, fits into around 80MB of RAM and is nearly indistinguishable from a system installed on a hard disk. Features include hardware recognition at boot, samba, dhcpd, name, xinetd, and SSH servers, virtual terminals, PAM, etc. Useful for dedicated servers, routers, emergency systems, cluster nodes and such, it does not contain an X11 Server. Initial version 0.9 was released March 5, 2003.
Minor distribution updates ALT LinuxALT Linux has released v2.2 with major feature enhancements. "Changes: This release contains a lot of new packages in addition to largely improved existing base; almost all of them are built with gcc3. The already good server and desktop is now a lot better with a larger degree of audited and secured services and smoother office and multimedia applications out-of-the-box."
Astaro Security LinuxAstaro Security Linux has released v4.001 with major bugfixes. "Changes: This Up2Date fixes bugs in the AntiSpam Feature in the SMTP Relay, the Pfsgroup variable setting in IPSec VPN, an issue in the POP3 Proxy, and a problem with empty IPSec logs, and sets the correct crypto algorithm for the Blowfish IPsec policy. Outgoing emails are no longer checked for spam."
Fd LinuxFd Linux has released v3.0-0 with major feature enhancements. "Changes: In this version, the kernel was upgraded to 2.4.20 and migrated to iptables. PCMCIA support was added to incorporate PCMCIA network cards and 802.11b wireless adapters, such as Lucent/Orinoco, Cisco, and D-Link cards. There was a complete rewrite of the rc.network automatic network configuration script, and this version moves over to the uClibc library set to save on space, upgrades to the udhcp DHCP client/server binaries, compiles in more commands and functions into BusyBox, provides working add-on packages for usage expansion, has the ability to mount extra portions of RAM to expand file system, and features much more."
LinuxInstall.orgThe LinuxInstall.org Project has released v3.0rc1. "Changes: This release includes kernel 2.4.18-26.8.0, security updates, Mozilla 1.2.1, Evolution 1.2.2, a complete set of Red Hat 8.0 manual documents in HTML, Acrobat Reader 5.06 with Mozilla Plugin, Real Player 8.0 with Mozilla Plugin, Flash Player 6.0 r69 with Mozilla Plugin, Microsoft TrueType Core Fonts for Web, XMMS 1.2.7, xine 0.9.18 with libdvdcss, and a dual-boot configuration with NTFS/FAT32 support."
MorphixMorphix has released v0.3-3 with minor feature enhancements. "Changes: XFree v4.3 added, a number of installer bugs have been fixed, and a translucency lkm mini-module is available for testing."
Trinity Rescue Kit v 1.0 releasedThe Trinity Rescue Kit has released v1.0. It now has networking capabilities like ssh and samba and supports about every network card, disk controller and USB controller.
uClinuxuClinux has released v20030305 with major feature enhancements. "Changes: Lots of new things and lots of fixes. This release has both uClinux 2.4.20 and 2.0.39 kernels, uClibc-0.9.19, glibc-2.2.5. and uC-libc, over 50 board types with default configurations, and about 150 application packages."
Distribution reviews Red Hat 8 - Invigorate your desktop (iodynamics)This iodynamics article looks at Red Hat Linux 8.0, with some helpful hints to help you make the most of your Red Hat desktop. "Red Hat's latest Linux distribution is one example of this progress. The distribution comes with hundreds of great open-source applications, but it takes some 'tweaking' to configure Red Hat as a complete desktop OS. While many applications are included, some, for one reason or another, are not. And of those that are included, some need additional configuration to work properly."
Page editor: Rebecca Sobol Development Choosing a ternary operator for PythonC and C++ programmers encounter the ternary operator early in their education. This operator, which in C syntax, looks like:
<condition> ? <expression1> : <expression2>
evaluates to expression1 if (and only if) the given condition evaluates true; otherwise expression2 is chosen. The ternary operator is a compact representation of a common operation (choosing between two values), and it is a heavily-used feature in languages which provide it. Python does not provide a ternary operator, much to the chagrin a subset of hackers who are otherwise very happy with the language. As a way of responding to years of requests, Python Benevolent Dictator For Life Guido van Rossum posted a proposal for a Pythonic ternary operator, and asked the community to get back to him with its opinion. To say that the discussion was active would be a substantial understatement; thousands of messages were posted discussing the merits of ternary operators, whether Python should have one, and what form it should take. The result was a revised version of PEP 308. That proposal included a few possible forms for a Python ternary operator. The primary proposal was for this form:
(if <cond>: <expr1> else: <expr2>)
This form is easily extended to four or more operands:
(if <cond>: <expr1> elif <cond2>: <expr2> else: <expr3>)
Unusually for Python, the parentheses would be mandatory. For that reason, and the fact that the syntax looks a lot like the regular if/else control structure, not everybody was happy with this proposal. So a number of alternatives were floated as well. They range from the standard C syntax to variants like:
<cond> and <expr1> else <expr2>
<cond> then <expr1> else <expr2>
<expr1> if <cond> else <expr2>
cond(<cond>, <expr1>, <expr2>)
<cond> ?? <expr1> || <expr2>
<cond> -> <expr1> else <expr2>
If this were Perl, the language hackers would have probably just implemented all the possibilities and been done with it. But Python programmers like to have one accepted way of doing things, so a decision had to be made. A vote was held, and the results are now available. No alternative won a clear majority of the 518 votes counted. The parenthesized syntax from the proposal got the most votes, but the C syntax was not far behind. The "no change" contingent was rather smaller, but very passionate in its arguments. The end result is that vote coordinator Raymond Hettinger has not chosen to certify a winning proposal as such. Instead. he is passing the results back to the Benevolent Dictator who, after all, has a rather larger vote than anybody else. As of this writing, Guido has not made his decision known.
System Applications Audio Projects ALSA 0.9.1 releasedVersion 0.9.1 of the ALSA collection of sound driver, library, utilities, and tools has been released. This is the first stable release in the 0.9 series.
JACK 0.61.0 releasedVersion 0.61.0 of the JACK Audio Connection Kit is available. New features include in-process client support, bug fixes, and improved documentation.
liblrdf 0.2.4 announcedVersion 0.2.4 of librdf is available. "liblrdf is a library for handling RDF files describing LADSPA plugins, plus it can also do lightweight general RDF tasks." This version adds a pkgconfig file and bug fixes.
Planet CCRMA at homeThe Planet CCRMA project provides a collection of RPM packages for turning a Red-Hat based computer into an audio workstation. The latest change are as follows: "Added a preliminary version of a Planet CCRMA roadmap, it should help you identify potentially useful programs. This is just a first version, most probably incomplete, hopefully not very innacurate :-)"
Database Software SAP DB Version 7.4.03.14Version 7.4.03.14 of SAP DB is available. See the Release Information for change information.
Using Topic Maps to Extend Relational Databases (O'Reilly)Marc de Graauw shows how to use XML topic maps with databases on O'Reilly. "Relational databases are great for storing structured data which conforms to a well-defined relational database schema. They are not so good at storing information that does not conform to such a schema. Since user requirements inevitably change, this means costly database upgrades."
Education Linux in Education ReportIssue #91 of the Linux in Education Report is out. Topics include a report from the Lane Community College's Open Source Educational Group, putting a Linux lab into Logan High School, the Demo@Schools project, SkoleLinux, a table of equivalents / replacements / analogs of Windows software in Linux, a discussion on the limits of Open-source Software, setting up a computer lab for OS testing, the Linux in Education Spring Conference, and more.
Electronics gEDA NewsThe latest new software from the gEDA project includes Icarus Verilog development snapshot 20030308, and GTKWave 2.0.0pre3-20030304.
Printing GSview 4.32 beta releaseVersion 4.32 beta of GSview, a PostScript viewing program, has been announced. Changes include security fixes for compatibility with AFPL Ghostscript 8.00, Catalan, Russian and Slovak language support, and minor bug fixes.
LinuxPrinting.org newsThe latest news from LinuxPrinting.org includes the addition of a number of HP, Epson, and Minolta printers to the Foomatic printer support database.
Web Site Development Midgard Components Framework 1.0 releasedVersion 1.0 of Midgard Components Framework is now available under the GNU LGPL license. "MidCOM provides a framework for creating reusable and configurable components for web applications using the Midgard Content Management Framework."
Quixote 0.6beta3Version 0.6beta3 of Quixote, a Python-based web development framework, is available. Change information is in the source code.
Zope Members NewsThe most recent headlines on the Zope Members News include: Zope at the CeBIT 2003 in Hannover!, MailBoxer 2.2.2 released, Initial Release of CSVFile Product, CJKSplitter v0.2, TextIndexNG 1.09 released, CMF 1.3.1 Released, CMFCollectorNG 0.20 final released, Update to the ieeditor addon, Silva Windows installer, and Initial release of RSessionDA.
Improving mod_perl Sites' Performance: Part 8 (O'Reilly)Stas Bekman continues his O'Reilly series on mod_perl tweaking with part 8. "In this article we continue talking about how to optimize your site for performance without touching code, buying new hardware or telling casts. A few simple httpd.conf configuration changes can improve the performance tremendously."
Miscellaneous The Mojolin ProjectThe first pre-release of the code for the Mojolin Project is available. Mojolin is a web-based system that connects job seekers with potential employers.
The 802.11g standard -- IEEE (IBM developerWorks)L. Victor Marks introduces 802.11g wireless networking on IBM's developerWorks. "The bid continues to improve the 802.11 standard to something that fulfills our wireless transmitting fantasies. Victor Marks shows us how 802.11g has shaped up, and how it's fareing in the race."
Desktop Applications Audio Applications ladcca 0.3.1 releasedVersion 0.3.1 of LADCCA, the Linux Audio Developer's Configuration and Connection API, is available and features a few bug fixes. "LADCCA is a session management system for JACK and ALSA audio applications on GNU/Linux."
swh-plugins 0.3.7 availableVersion 0.3.7 of swh-plugins, an audio systhesis package, is available. This edition features changes to the gate code and the addition of a bandlimiting filter.
Spiralsynth Modular 0.2.1Version 0.2.1 of SpiralSynth Modular, "an object orientated music studio with an emphasis on live use", is out. Changes include a new GUI, midi note filtering, new plugin groups, more theming, a matrix pattern sequencer, bug fixes, and more.
ecamegapedal 0.4.1 releasedVersion 0.4.1 of ecamegapedal, a real-time audio effects processor, has been released. Bugs have been fixed in the build process. See the release notes for more information.
RTMix 0.7 releasedVersion 0.7 of RTMix is available. "RTMix is an open-source (GPL-licensed) software application designed to provide stable, user-friendly, standardized, and efficient performance interface that enables performer(s) to interact with both the computer and each other in the least obtrusive fashion." Many new features and fixes are included in this release.
Desktop Environments KDE-CVS-Digest for March 7, 2003The March 7, 2003 edition of the KDE-CVS-Digest is out. Topics are summarized as: "KDevelop gets more templates, Quanta gets better action toolbars and Umbrello gets new code generators. A dummy KDE 3.2 release schedule. More merges from Safari to KHTML."
Workrave 1.2.0 ''Stats'R'Us''A new version of Workrave, a Gnome-based tool that helps people with Repetitive Strain Injuries (RSI), has been announced. "Workrave now keeps track of all your activity and allows you to browse through any date in history to see for how long you used the computer, how many keys you pressed, the distance your mouse moved, and many other statistical data."
Eel and Nautilus 2.2.2 ReleasedFootNotes has an announcement for Eel and Nautilus 2.2.2. "Normally we don't anounce nautilus releases to mailing lists. "We won't bother," we say to ourselves, "people will find it eventually." But "eventually" won't cut it with this release.It is too darned good."
GNOME 2.2 Gains Muscle and Polish (eWeek)eWeek reviews GNOME 2.2. "The latest upgrade of the GNOME Foundation's desktop environment offers users a spare and approachable graphical interface to Linux and similar operating systems that's matured noticeably since its last release."
GNOME System Tools 0.24.0 is out!FootNotes announces the latest GNOME Systems Tools release. "A new version of the GNOME System Tools has seen the light!, this is mainly a bugfix release, so no new features have been added."
Interoperability Samba 3.0alpha22 availableVersion 3.0alpha22 of Samba is available. "The latest alpha snapshot of the SAMBA_3_0 cvs tree is available for download. It is being provided for testing purposes." The release notes are available here.
Office Applications The OpenOffice.org Community CouncilThe OpenOffice.org project has decided that the time has come to form a "community council" to guide its further development. The council is expected to be made up of nine members representing various parts of the project (and a seat for Sun Microsystems). It will make decisions on strategic planning (where OOo should be going) and resource allocation, represent the project to Sun and the public, and arbitrate disputes within the development community. There will be an online vote, starting March 14, on the council charter; read the announcement if you are interested in participating.
AbiWord Weekly NewsIssues number 133 and 134 of the AbiWord Weekly News are available. The latest issue is summarized as: "Fixes to the Linux/PPC build comes in from one unknown hacker, while another name, Larin Hennessy, makes quite the noticeable splash. Snapping back to the release outline for AbiWord II: The Wrath of Dom results in a hard feature freeze. Finally, Hub knocks off two more posers on the Release HackDown for 1.0.5"
Kernel Cousin GNUeIssue #71 of Kernel Cousin GNUe is out with the latest GNU Enterprise development news. Topics include: Release plans and Case-Insensitive Queries, Multi-part delimited Stock-Keeping Units in gnue-sb, GNUe Tools users, Running GNUe Small Business, and GNUe Small Business vs. sql-ledger.
LyX Development NewsThe March 6, 2003 edition of the LyX Development News is out, with news of LyX release 1.3.0 and other development work.
Web Browsers Galeon 1.3.3 releasedDevelopment version 1.3.3 of the lightweight Galeon browser has been announced. "This is the release many of you have been waiting for, it reintroduces the much wanted javascript etc. quick toggles. You're slowly running out of excuses if that has been your reason to stay with the stable 1.2.x releases ;)"
mozillaZineThe latest mozillaZine topics include: Another Round of 1.3 Candidate Builds, Honesty Issues Dog Anonymous Donations Poll, 1.3 Candidate Builds Available for Testing, BBC News Examines Alternative Browsers, Xabyl 1.0 Alpha Released, Preferences Toolbar 2.2 Released, Mitchell Baker on Browser Innovation, Gecko and the Mozilla Project, and Camino 0.7 Released!.
Miscellaneous GnomeICU 0.99 releaseFootNotes has an announcement for version 0.99 of Gnome ICU, an internet chat utility. "After months of hard work we have a new release. The main focus of this release was to get all of the features in place for 1.0. Only one BIG thing is missing: working, stable file transfer. All other ICQ features should be here."
Languages and Tools Caml Caml Weekly NewsThe March 11, 2003 Caml Weekly News looks at Libraries in functional languages, ipv6, and Xcaml 0.0.1.
The Caml Light / OCaml HumpThis week, the new software on The Caml Light / OCaml Hump includes: SKS; an OpenPGP keyserver, bibgrep; a bibtex file index and search utility, and CamlG4; a library for Objective Caml for performing SIMD parallel processing on PowerPC G4 processors.
Java Advanced Text Indexing with Lucene (O'Reilly)Otis Gospodnetic introduces Lucene on O'Reilly. "Lucene is a free text-indexing and -searching API written in Java. To appreciate indexing techniques described later in this article, you need a basic understanding of Lucene's index structure. As I mentioned in the previous article in this series, a typical Lucene index is stored in a single directory in the filesystem on a hard disk."
Using Hierarchical Data Sets with Aspire and Tomcat (O'Reilly)Satya Komatineni discusses Hierarchical data sets on O'Reilly. "This article examines the structure of, and a Java API for, Hierarchical Data Sets. Unlike the XML Journal reference two years ago, you will now actually have a piece of executable code to use to start taking advantage of Hierarchical Data Sets."
Lisp Call for Macsyma codeA call for code has been issued for the Macsyma project. "Maxima is a computer algebra system written in Common Lisp. It is a descendant of DOE Macsyma, whose origins date back to the late 1960s at MIT." Thanks to Paolo Amoroso.
Perl Apocalypse 6Larry Wall has posted Apocalypse 6, a look at how Perl 6 will handle subroutines. "Unlike regexes, Perl subroutines don't have a lot of historical cruft to get rid of. In fact, the basic problem with Perl 5's subroutines is that they're not crufty enough, so the cruft leaks out into user-defined code instead, by the Conservation of Cruft Principle. Perl 6 will let you migrate the cruft out of the user-defined code and back into the declarations where it belongs."
This week on Perl 6The March 3, 2002 edition of This week on Perl 6 is available. Topics include: IMCC calling conventions, A couple of easy questions..., More on optimizing the JIT with IMCC, Parrot 0.0.10 freeze, Dan's plans, PSteve Peters' Patches Prevent Parrot Peeves, and Meanwhile, in perl6-language.
March Perl JournalThe March 4, 2003 edition of the Perl Journal has been published. Topics include: "Fractal Images and Music With Perl, Writing Multilingual Sites With mod_perl and Template Toolkit, Perl in High Performance Computing Environments, Something for Nothing by Simon Cozens, Creating Perl Application Distributions by brian d foy, And more, including a review of Graphics Programming in Perl."
PAR 0.65 released; need binary package contributions (use Perl)Version 0.65 of PAR has been announced. "PAR is a cross between JAR and Perl2exe/PerlApp; this version marks significant improvements like automatic binary installation, POD stripping and 5.6.1 support."
PHP PHP Weekly SummaryTopics on this week's PHP Weekly Summary include: 64-bit compatibility, namespaces in ZE2, Apache2 and PHP, Extensions with Debian Woody, sqlite extension, and ZE fixes.
Python Dr. Dobb's Python-URL! for March 10, 2003The Dr. Dobb's Python-URL is available with weekly news and links for the Python community.
The Daily Python-URLThis week's Daily Python-URL article topics include: Slashback: Rocketry, Pythonation, Scoffing, Python in a Nutshell, Create declarative mini-languages, Metaclass programming in Python, Inside the RSS validator, and more.
Wrap GObjects in Python (IBM developerWorks)Ross Burton shows how to access C code from Python. "Learning how to wrap GTK+ C modules for use in Python will enable you to use a C-coded GObject in Python whenever you like, whether or not you're especially proficient in C."
Ruby The Ruby GardenNew topics on the Ruby Garden include: nil.method_missing (Objective-C behaviour) and propagating comparisons like Python.
The Ruby Weekly NewsTopics on this week's Ruby Weekly News include: Russian Ruby resource and Ruby Course, Test::Unit::Mock: Mock objects for testing with Test::Unit, PSE as Ruby module and an RAA question, OSCON, and "I'm to give short talk on ruby at work, anybody have material/outlines they can donate".
Scheme Scheme Weekly NewsThe March 10, 2003 edition of the Scheme Weekly News is available.
Smalltalk Squeak 3.4 releasedVersion 3.4 of Squeak has been released. "Squeak is a personal multimedia environment aimed at end-users of all ages, developers, authors, and teachers. Beneath its graphical user interface, it is powered by a descendant of the Smalltalk-80 language."
XML Prototyping One-to-many Links with XSLT (O'Reilly)Bob DuCharme covers linking and XSLT on O'Reilly. "In the ongoing debate about the future of linking, a key topic is the representation of one-to-many links. There are several ways to implement them, mostly by using JavaScript code to create pop-up menus, but the only standard way to represent them is W3C XLink extended links, and these have not caught on."
Miscellaneous Mono 0.23 ReleasedVersion 0.23 of Mono, an open source implementation of the .NET Development Framework, has been released. "This is only a bug fix release, because we introduced an unfortunate bug in reflection in version 0.22. This should fix compilation for many of you that had problems."
Jext PluginsThere is a new plugins page on the Jext programmer's editor site. A number of plugin extensions to the editor are listed.
Page editor: Forrest Cook Linux in the news Recommended Reading SCO sues Big Blue over Unix, Linux (ZDNet)Now we get to see where the "SCOSource" program is going: according to this ZDNet article, SCO has filed suit against IBM, claiming that IBM has moved SCO's intellectual property into Linux. "Linux's rapid maturity--for example, growing up to work on large multiprocessor servers--is evidence of the presence of Unix intellectual property, the SCO suit said. 'It is not possible for Linux to rapidly reach Unix performance standards for complete enterprise functionality without the misappropriation of Unix code, methods or concepts to achieve such performance, and coordination by a larger developer, such as IBM,' the suit said."
Developers Back IBM in Unix Suit (Wired)Here's Wired's take on the SCO vs. IBM suit. "Open-source programmers are rallying behind IBM, and say SCO's lawsuit is "suicidal" and "an insult to open-source programmers.""
SCO vs. IBMSCO's lawsuit against IBM continues to generate considerable press coverage. Interested LWN readers will have already read our analysis of the suit. For those who want to read more, here are just a few of the articles we've seen in the past couple of days.Open for Business says SCO Needs to Go. "... the company seems to have decided the best course of action is to do the business equivalent of [a] suicidal person murdering those around him prior to taking his own life and attempt to take the GNU/Linux community with it as it goes down the tubes." Joe Barr at LinuxWorld finds it funny, but not 'ha-ha' funny. "Having established early on in the complaint that they apparently know very little about the history of Unix and free software, SCO continues by trudging into new areas in which to display just how tenuous a grasp they have on computing in general." News.com reports: IBM unfazed by SCO Unix threat. ""We've reviewed our contracts, and our Unix license is irrevocable and perpetual," Mike Fay, vice president of communications for IBM's systems group, said in an interview Monday. "We're completely committed to AIX and will continue to ship it.""
PCLinuxOnline initiates community boycott of SCOPCLinuxOnline has responded to the SCO lawsuit against IBM by initiating a community boycott of the company and its products. They have set up several forums to collect evidence to use in the courtroom, and also to discuss possible community responses.
KDE & Gnome Usability Engineers Agree on 'Unity' (OSNews)OSNews brings together KDE and Gnome usability engineers to talk about unifying the Linux desktop. "Some users want infinite number of options and preferences, while others prefer a non-bloated interface where the best options for them is already decided by the system. Now, we all know that there is no such thing as the "Perfect UI", but would it be acceptable to sacrifice certain configurability and... bloat --with the possible outcome of losing some users-- in order to provide a cleaner interface? Do you think such a move would simplify things for the user or do little but rob power from those who know enough to use it?"
Companies Red Hat: An Appraisal and Outlook (ZDNet)Here's a Gartner pronouncement on Red Hat's future. "Red Hat holds an enviable position as the leading Linux distributor, with a wide lead over its next competitor. However, market dominance in the Linux and open-source community has a different meaning, because the open-source paradigm operates by different principles than commercial software."
Red Hat revamps premium Linux plan (News.com)News.com looks at Red Hat's plans for a lower-cost version of the Advanced Server product. "Red Hat is becoming increasingly aggressive with its high-end Advanced Server software plans, but the company wasn't successful in persuading companies to pay $1,500 to $2,500 per year for a subscription to use the Linux version on low-end servers. The new Enterprise Linux ES product costs $349 or $800 per year, depending on support levels..."
Business How Is the Linux Server Market Shaping Up? (Midrange Server)MidrangeServer.com looks at the Linux server market. "According to statistics compiled by Gartner's Dataquest research unit, IBM captured 41.6 percent of the $385 million in Linux server sales in the U.S. market alone last year. IBM hasn't seen market share statistics like that in the server market--especially in a new market with lots of aggressive players and on an operating system platform that it does not control--since the 1970s." (Thanks to Martin Rowe)
Linux Adoption Linux continues to surge in Asia (ZDNet)Here's a ZDNet article looking at Linux growth in Asia. "In a survey of IT managers in 12 countries in Asia-Pacific (except Japan), Linux is installed on a tiny six percent of servers, computers that organizations that use to run databases or hold data. But in 2003, this figure set to grow 24 per cent, more than double the rate of its closest competitor, Unix, which is expected to grow nine percent."
German Government Agency Rolls Out KGXKDE.News reports on the roll-out of 50 Linux-based desktop systems by the German government. "The test 50-seat rollout was spear-headed by the Federal Office for Information Security (BSI) in conjunction with several small German IT companies. The thin-client setup reportedly includes KOffice as the office suite."
Legal Oregon considers Open Source software legislation (Register)The Register covers a bill introduced in the Oregon State Legislature on March 5 by Rep. Phil Barnhart that will require the state government to consider using open source software when acquiring new software. "Rep. Barnhart says, "I am a long-time lurker on Slashdot, so I have been aware of the [open source] issue for some time. I've been convinced for a long time that Windows is a difficult program -- wasteful and expensive." And, he adds, "The little experience I've had with open source has been very positive.""
Tech plays both sides on DMCA (ZDNet)This ZDNet article looks at the DMCA and how HP and Intel seem to both revile and support the act. "Last week, Intel and HP's names appeared on a press release circulated by the Business Software Alliance (BSA) opposing crucial changes to section 1201 of the DMCA. Specifically, the BSA lashed out at a bill that would make it legal to bypass copy-protection mechanisms--as long as you're not planning to circulate the resulting file to tens of thousands of your closest friends."
Interviews Red Hat heading off UnitedLinux (ZDNet)ZDNet Germany talks with Red Hat chief executive Matthew Szulik about Sun, UnitedLinux and the battle for the desktop. "Our biggest task is educating the marketplace that open-source software is more reliable, more secure and more affordable. The large proprietary OS software companies will struggle with the economics and value of the open-source/Red Hat model. We continue to make significant progress in corporate environments and businesses that want the reliability and value associated with Red Hat products and services in comparison to the expensive proprietary alternatives."
Resources Buffer Overflow Attacks and Their Countermeasures (Linux Journal)Here's a security conscious Linux Journal article examining buffer overflows. "Buffer overflow problems always have been associated with security vulnerabilities. In the past, lots of security breaches have occurred due to buffer overflow. This article attempts to explain what buffer overflow is, how it can be exploited and what countermeasures can be taken to avoid it."
Testing SMP Kernel Modules with UML (O'Reillynet)Here's an article on the O'Reilly Network on how to test kernel modules in a multiprocessing environment - even if you do not have an SMP system. "Fortunately there is now a method of simulating a SMP system with a single CPU Linux system. Fantastically, it requires no financial investment. The tool is Jeff Dike's User Mode Linux (UML)."
The Contenders (LinuxMedNews)LinuxMedNews has published a list of popular open-source software projects for medicine. "Newcomers to the Free and Open Source Software (FOSS) in medicine scene have commented that it is difficult to discern which FOSS projects are the most advanced. At the risk of upsetting many worthy projects and hard-working people I bring the following short list of what I consider to be The Contenders: a United States centric view of those projects and resources that have achieved or are most likely to achieve a critical mass of users, developers and clinical ability. The criteria includes a Free license, a shipping product that is in actual use in real-world situations."
Reviews Six/Four: The Internet Under Cover (eWeek)eWeek runs a beta version of the Six/Four System, new peer-to-peer technology from Hactivismo. "An offshoot of the Cult of the Dead Cow hacker group, Hacktivismo is dedicated to preventing state-sponsored censorship of the Internet. It created the Six/Four System, which is named for the June 4, 1989, date of the Tiananmen Square massacre, to make it possible to access information anywhere on the Internet and put a big hole in things like China's Internet firewall."
What Can Ruby Do for the Enterprise? (NewsFactor)The E-Commerce Times covers Ruby. "Although Ruby documentation is still in progress, the language offers many benefits that might be reason enough for IT managers to consider using it. Chromatic said that as the new kid on the block, relatively speaking, Ruby has been able to learn from other languages. "It's had the chance to borrow the good features and polish some of the yuckier features. In particular, it's a lot nicer to embed Ruby than it is Perl.""
Miscellaneous Open source apps attacked (vnunet)Vnunet looks at recent security vulnerabilities in Sendmail and Snort. "Last week showed how quickly news of vulnerabilities can be exploited to produce software that wreaks havoc on the Net. Within 24 hours of the problems being made public, an easy-to-use exploit program for the Sendmail vulnerability was posted on the Bugtraq mailing list. According to Bugtraq, default installations of Sendmail and Red Hat Linux are not vulnerable to this particular exploit, but firms that have compiled Sendmail for use with Red Hat 7.1, 72 or 7.3 are vulnerable."
Page editor: Forrest Cook Announcements Non-Commercial announcements UK Campaign for Digital Rights debunks the digital piracy mythHere's a press release from the UK Campaign for Digital Rights which examines certain myths that fuel copyright measures such as the European Copyright Directive 2001/29/EC.
Python Software Foundation obtains favorable advance ruling from IRSThe Python Software Foundation has been recognized by the IRS (the US office of taxation) as a tax-exempt non-profit foundation (aka 501(c)(3)), and that the IRS has given the PSF a "favorable advance ruling" on the PSF's application for recognition as a public charity.
Commercial announcements IBM releases Web Services Development ToolsIBM's web services development lab has released its Web Services Software Evaluation Kit. "Get a fresh collection of Web services articles and tutorials on the SEK CDs, and learn about everything from the basics of SOAP, WSDL, and UDDI, to the latest techologies in the Web Services stack such as workflow, security, and attachments."
"Google Hacks" Released by O'ReillyO'Reilly has released "Google Hacks", "a unique collection of one hundred tips and tools gathered from expert users of Google, as well as developers who are excited about Google's new API."
Mortgage Builder Installs Linux-Based LOS SystemHere's a press release about a company called Mac-Clair Mortgage Corporation. It seems Mac-Clair and Mortgage Builder Software, Inc. have installed Mortgage Builder(R) Loan Origination Software (LOS) on Mac-Clair's Linux system.
MySQL launches certification programMySQL AB has announced the launch of its new program for the certification of MySQL managers and developers. The currently available certification levels relate mostly to SQL and database management skills; more advanced levels will be offered in the future.
"Python in a Nutshell" Released by O'ReillyO'Reilly has released "Python in a Nutshell" by Alex Martelli. "In the tradition of O'Reilly's "In a Nutshell" series, this book offers Python programmers one place to look when they need help remembering or deciphering the syntax of this open source language and its many modules. This comprehensive reference guide makes it easy to look up all the most frequently needed information--not just about the Python language itself, but also the most frequently used parts of the standard library and the most important third-party extensions."
Resources ifrOSS License CenterInstitut für Rechtsfragen der Freien und Open Source Software (ifrOSS) has published its new license center in English. This is an extesive license list of Free software/Open Source and Open Content licenses.
Upcoming Events GCC Developer's SummitThe Gnu Compiler Collection (GCC) Developer's Summit will be held on May 25-27, 2003 in Ottawa, Canada. A call for papers has been sent out.
KDE Presence at CeBIT 2003Here's a reminder that CeBIT 2003 starts tomorrow (March 12, 2003), and the KDE team will be there, showcasing current developments scheduled for KDE 3.2 and more.
O-STEP: Transitioning an Industry to Open Source SoftwareTony Stanco will present O-STEP, the Open Source Threshold Escrow Program, at the Open Standards/Open Source in National and Local eGovernment Programs conference in Washington, D.C. on March 17, 2003.
Does your grandma know about OOoCon 2003?The folks at the OpenOffice.org conference remind you to register for the conference, it will be held in Hamburg, Germany on March 20 and 21, 2003.
CfP: AUUG System Administration SymposiumA call for papers has been sent out for the first AUUG System Administration symposium, which will be held on April 9th in Melbourne, Australia.
OPIE open mobile Linux goes CeBitThe Open Palmtop Integrated Environment (OPIE) team will be present at the CeBit fair in Hanover, Germany. The event will be held on March 12-19, 2003.
Mark-Jason Dominus coming to Belfast (use Perl)Use Perl mentions that Mark-Jason Dominus will be providing some Perl training and discussion in Belfast, Ireland on March 24 and 28, 2003.
AMIA Call for Participation: Open Source ExpoLinuxMedNews has an announcement for the American Medical Informatics Association's open-source Expo. "AMIA is announcing its first ever Open Source Expo for the Fall 2003 conference in Washington, D.C. The expo will occur during the poster session. The call for participation states: '...Suggested items to include in the abstract are brief description of the functionality and scope of the product, the motivation for making the product open source, the development and usage history, how the development was funded, product features, design and implementation details, future directions, and a URL for more information and from where the product may be downloaded...'"
Events: March 13 - May 8, 2003
Software announcements This week's software announcementsHere are the software announcements, courtesy of Freshmeat.net. They are available in two formats:
Miscellaneous The php|architect Grant ProgramThe magazine php|architect will be awarding grants for PHP development. "php|architect, the monthly magazine for PHP professionals, it proud to announce the launch of the php|architect Grant Program. Its purpose is to provide financial support for the PHP-related open-source projects that have the potential of bringing the greatest benefit to the PHP community in general." Two $1000.00 grants will be awarded on June 30, 2003.
Page editor: Forrest Cook Letters to the editor Irresponsible SCO
I haven't seen much discussion of this in the Linux community, perhaps because the charges are so vague, but I thought something meaningful could be said. Andy ------- http://www.oreillynet.com/pub/wlg/2889 Reference: http://news.com.com/2100-1016-991622.html A lot of brickbats are coming the way of SCO since it launched a lawsuit against IBM on the grounds of trade secrets. What's scandalous is not the choice to resort to a lawsuit--because companies have to defend these sorts of things in court in order to preserve their meaning--but the disregard for the needs of Linux users, developers, vendors, and watchers everywhere. SCO chose a low road indeed, trying to maximize its legal flexibility instead of acting like a member of a community. Linux supporters are worried about this for good reason. The lawsuit inevitably recalls the suit AT&T brought against the Berkeley developers of BSD in the 1980s. Then as now, the issue was that developers had access to UNIX during the time they developed their own code. The AT&T complaint involved copyright rather than trade secrets, but the parallels are unmistakable. Although my memory may deceive me, I believe AT&T never demonstrated that a single line of BSD code originated in UNIX (which officially should be written in all-caps). The lawsuit was resolved after many years, but a lot of people blame the confusing around the suit for the stagnation of BSD and its inability to take off at the crucial moment when people were looking for a free software operating system. (I doubt that suit was the problem, but it did waste time and make a mess of things. AT&T sold its rights to UNIX long ago, apparently recognizing that it was managing every aspect of that valuable technology with the same incompetence that it had conducted the BSD lawsuit. As intellectual property, UNIX bounced around for a while and ended up at SCO. It's probably no coincidence that SCO decides to act the heavy around this period when many observers believe UNIX is dying and that Linux will take over where it stood. But they know very well what problems and bad feelings the BSD lawsuit reached. They know how many people (roughly) depend on Linux day by day. What would a responsible company do to uphold its rights while allowing the world to continue? SCO could have examined Linux code and determined where their purported trade secrets lay. They would then have widely publicized the disputed code. They'd say, "Don't use JFS" (or whatever it happened to be); "we're litigating it." Whatever components were in dispute could quickly be pulled out of the kernel; users could depend on other components for whatever functionality they needed. Of course, SCO's lawyers wouldn't tell them to do this. I'm sure the lawyers want as wide a field to play on as they can get. And it is not they who will be appalled when play is done and they discover the whole field has been turned into a desert. SCO can still overrule its narrow-minded lawyers and take a high road. If they've got a claim, make it clearly. That is what the public deserves. Judging from the scattered news reports I've read, they refused to be specific even in the legal complaint they sent the court. And this hand-waving is a tell-tale sign of weakness. We are all justified in assuming, till we have evidence to the contrary, that SCO's lawsuit will go the way of the evidence the Bush administration waved about excitedly for months concerning aluminum tubes purchased by Iraq, now revealed by weapons inspectors on the ground to bear no relation to weapons of mass destruction. But millions of users around the world are in limbo until we know for sure, and there is no reason for that except malice or hamfistedness on the part of SCO. Andy Oram
In defence of RPM!
Hi, I was reading the distrowatch artcile (Is RPM Doomed? http://www.distrowatch.com/dwres.php?resource=article-rpm) which contained was a long rant against the incompatabilities of binary RPM's across distributions. Although the article did point out a few ways things can be improved I feel as though I must jump in with a little pro-RPM evengelism :-) Firstly a quick question. Why is binary compatibility required? The majority of applications your likely to look at are source based. If the binary RPM exists then there should .src.rpm nearby. In my experience 99% of dependancy problems are solved by simply building the binary RPM yourself. I can't believe your suggesting moving over to a source based distribution because: emerge application saves a few lines over: rpm --rebuild application.src.rpm rpm -ivh ~/rpm/RPMS/applictaion.rpm I'll grant that Gentoo's source based system offers a lot when it comes to large multi-component builds. However if your really that up for the bleeding edge you'll find living on Manrake Cooker (or Debian unstable) costs you less time in the long run than constantly rebuilding common components. In fact I run Mandrake Cooker on my main desktop and I've had very few problems with running a: urpmi.update -a urpmi --auto-select every few days. I can leave the heavy lifting to the Cooker people and concentrate on the apps I'm actually interested in. But arguments about ease of building asside the biggest difference rpm makes to my life is knowing where all the files on my PC come from. Having in the past lived/survived a windows environment where your never quite sure if a DLL is left over detruitus or an essential system component I find the ability to do a: rpm -qf /usr/bin/randomfile a godsend. As a bonus I know if I un-install a package from my system all its files go with it leaving nothing lying around. As I have consistently found with open source tools its easy to get frustrated at percieved inadaquacies at first but if you invest a little time reading the documentation/playing with the app your experience is drastically improved and you'll wonder how you got along without it. Briefly returning to the problems of people who distribute binary only rpm's (of which is concern mainly to the commercial software people) there is a solution. Build your binary RPM's for the big 3 (RedHat, Mandrake, UnitedLinux) and build a forth statically linked RPM for the rest. Regards, -- Alex, homepage: http://www.bennee.com/~alex/ Everyone is a genius. It's just that some people are too stupid to realize it.
Page editor: Jonathan Corbet
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||