| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
LWN.net Weekly Edition for April 17, 2003Will the real Firebird please stand up? One of the many changes called for in the new Mozilla roadmap was a new emphasis on the Phoenix browser - and a new name. The Phoenix name, it seems, has a number of trademark problems. So the Mozilla project, after some thought, came up with a new name for its to-be flagship browser: Firebird.There's only one problem: the Firebird relational database project has been using that name since 2000. This project is working on a fork of the InterBase code; it just announced the availability of the first Firebird 1.5 release candidate. The Firebird developers are, needless to say, less than impressed with Phoenix's new name. The response from the Mozilla project, to the extent that there has been one, seems to be that the two projects exist in different spaces, so there is no naming conflict. The fact that "Firebird" is the name of an automobile made by Pontiac is not a concern; a relational database with that name is no more of a problem. Mozilla and its corporate sponsor may have a defensible argument with regard to trademark law, but this is clearly not a good way to treat other members of the free software community. The Firebird name is not yet established - in the browser domain, anyway. The Mozilla project should pick a new one now, when it is still easy.
A new SCO distribution SCO has sent out a press release on a new version of SCO Linux Server 4.0. It is a fairly mundane offering; SCO, too, wants to sell high-priced "enterprise" version of its distribution; the version just released starts at $999 and runs on the Itanium architecture. It is only "licensed" for up to four processors, however; bigger machines will cost more.If you go to the product page on SCO's site, though, you see some interesting things. They advertise all sorts of "next-generation enterprise features" including logical volume management, asynchronous I/O, the O(1) scheduler, journaling filesystems (including JFS), PCI hotplugging, high availability features, etc. All the sort of stuff that an aspiring business distribution with a (probably) Red Hat-derived kernel should have. The only problem, of course, is that these are all features that, according to SCO's suit against IBM, could not exist in Linux unless SCO's proprietary technology had been stolen and put there illegally. SCO is even advertising features (JFS, EVMS) that were directly developed and contributed by IBM; JFS was even listed explicitly in the company's complaint. This is all stuff that, according to SCO, is destroying SCO's Unix business and depriving the company of a billion dollars (minimum) worth of intellectual property. The proprietary technology that, according to SCO, was misappropriated is certainly contained in this new distribution. And SCO is shipping it with source, licensed under the GPL. Before filing suit, SCO might have been able to claim that they didn't know that "their" property was contained within their Linux distribution. But they have no "plausable deniability" now. SCO is, itself, shipping the code that, it claims, is destroying its business. The company is trying to have it both ways, selling Linux while claiming that the product is tainted. It would be interesting to hear how SCO justifies this position. Unfortunately, SCO did not respond to questions sent by LWN, so we can't tell you.
What's happening with SPI? [This article was contributed by Joe 'Zonker' Brockmeier]
What is Software in the Public
Interest (SPI) up to these days, and does anybody care? If you're
newish to the Linux Community, it wouldn't be surprising if you hadn't
SPI is a non-profit organization that acts as a kind of umbrella organization for Free Software projects like Debian, the Linux Standard Base and GNOME. SPI is a non-profit organization, and it accepts donations for the projects and holds the trademarks for supported projects that have them. SPI has two classes of membership, non-contributing and contributing. The only requirement for a non-contributing membership is a valid e-mail address, but it does not confer voting rights. Contributing membership is reserved for "people who are actively contributing to the free software community." Recently SPI added three new members to its board of directors, Bruce Perens, John Goerzen, and Benjamin Mako Hill. Perens, who originally helped found SPI, left the organization in 1998 to work with the OSI and was part of the big dust up over the Open Source trademark. SPI board members are elected by contributing members of SPI. Prior to the recent election, Perens said that the group was having problems making a quorum at board meetings. In fact, V.P. Martin Schulze resigned his position as V.P. because several other members were not donating enough time to their positions. Ean Schuessler is now V.P., and the position of president is still vacant after Nils Lohner stepped down last December. Recently, there had also been some concerns about allocation of funds by SPI, but the new board passed a resolution to clarify how donations would be earmarked. SPI will also no longer be taking a five percent cut of donations for overhead, because it was not clear that part of a donation for a specific project, like Debian, would be going towards SPI. For the most part, SPI's functions are pretty low-key. Perens says that SPI's function is basically to "handle funds well" for its organizations. According to Schulze, one of the things that SPI is currently working on is counting votes for the Open and Free Technology Community election, and working against "reasonable and non-discriminatory" patent policies in several standards organizations. Perens says that board is now making quorum at meetings and that things should go more smoothly in the future. "Can't say there's a ton of news. There used to be problems, but they're not problems anymore."
An installation nightmare story The installation nightmare story was a fairly common feature of the late-90's press. Some reporter who had never tried to install any sort of operating system before would write about his or her horrifying week trying to get Linux running on some system or other. The conclusion, invariably, was that Linux wasn't ready for the masses.You don't often see that sort of story anymore; the mainstream distributions have become ridiculously easy to install. And, if you don't want to worry about installation, plenty of companies will happily sell you a system with Linux already on it. But that doesn't mean that all the problems have now been solved... Your editor recently needed to replace a failing inkjet printer. Some time spent wandering the detailed information at LinuxPrinting.org turned up a reasonably inexpensive model which, according to the information there, "works perfectly." That is music to a Linux user's ears, of course. So, a quick trip and some minor credit card damage later, the printer sat on the table, ready to start burning through expensive ink cartridges. I'll not inflict upon you the details of what it took to make this printer work on an almost-current Red Hat Linux system. In general terms, it required building new versions of CUPS and gimp-print from source, editing the PPD file by hand, and several other hacks. It took a couple days of effort. Now, your editor has been making printers work on Unix (and other) systems for a good twenty years. Printers have always been a pain. But this was worse than many. It should be pointed out that, in a lot of ways, things are better than they have ever been. It is possible to put an inexpensive printer onto a Linux box, get top-quality output in all of the modes that the printer supports, and make it available over the network. Only a few years ago, doing this required hacking on filter scripts and learning more about strange ghostscript options than one would ever want to know. Now, most of the hard work has been done; it's mostly a matter of getting the right software running in the right place. The people working on Linux printing have done an impressive amount of great work. But it's not yet enough. Users should not have to rip out their print system by the roots and rebuild it from source just to plug in an off-the-shelf printer. They should not have to navigate a complex array of software with names like foomatic, gimp-print, ghostscript, etc. and figure out how it all goes together. They should not even have to upgrade to a bleeding-edge distribution to make their printer work. Windows users don't have to go through that sort of process. Of course, they have the advantage that their new printer comes with a CD containing the software needed to make that printer work. Linux users do not (yet!) receive any such courtesy. So we have to come up with a different way. Some of the work has been done. The PPD files used by modern free printing systems contain much of the information needed to present an interface to the user. What's missing is a description of how to drive the printer. We need a means of describing printers in data, so that support for any printer is just a text file away. This was done for terminals a good twenty years ago; getting vi to work on a terminal was just a matter of setting an environment variable. Printers are harder to describe than ASCII terminals, but we've solved a lot of hard problems over the years. Imagine a world where any Linux user can go to the store and buy a nice looking printer, along with plenty of spare flesh-tone, DMCA-protected ink cartridges. The system, once it notices that a new printer has been plugged in, goes out on the net and grabs the right description files. And the printer just works. That would be a system that is ready for desktop and home users. And it's something that we should be able to achieve.
Page editor: Jonathan Corbet Security Security news How the spammers find you The Center for Democracy and Technology has released the results from a six-month survey on how spammers obtain email addresses. The researchers created a few hundred special-purpose email addresses, then carefully exposed each one in exactly one place. After that, it was mostly a matter of sitting back and waiting for the spam to roll in. The destination of each spam indicated where the address had been found.The report is well worth a read. For those of you in a hurry, here are the highlights of the group's conclusions:
Regardless of source, spam is an increasing problem; the volume of spam sent to lwn@lwn.net (hmm...make that lwn at lwn.net) is now running about 500 messages per day. If it weren't for SpamAssassin, we would have a hard time dealing with our email at all.
April CRYPTO-GRAM newsletter Bruce Schneier's CRYPTO-GRAM newsletter for April is out. Topics this month include "catalog attacks" (signing up a victim for large amounts of junk mail), the National Crime Information Center database, and several other topics. "Security decisions are always about more than security. When trying to evaluate a particular decision, always pay attention to the non-security agendas of the people involved."
New vulnerabilities epic: buffer overflows
gs-common: insecure temporary file
gtkhtml: malformed messages cause crash
kde: arbitrary code execution
LPRng: insecure temporary file
xfsdump: insecure file creation
Updated vulnerabilities apache 2.x: denial of service
Heap corruption vulnerability in at
bind buffer overflow vulnerability in DNS resolver libraries
BitchX - denial of service
Canna server: exploitable buffer overrun
dvips: command execution vulnerability
EOG: vulnerability in Eye of GNOME
ethereal - format string vulnerability
evolution: multiple vulnerabilities
Filename disclosure vulnerability in fam
fetchmail: buffer overflow
file - memory allocation problem, stack overflow
GNU fileutils race condition
Potential remote root exploit in glibc
glibc: DNS stub resolvers contain buffer overflow vulnerability
glibc: integer overflow in the xdrmem_getbytes() function
IMP - SQL injection vulnerability
ircii: buffer overflow vulnerability
kerberos - cryptographic weakness
kernel - ptrace-related vulnerability
kernel-utils: setuid vulnerability
libpng, libpng3: buffer overflow
lprold - buffer overflow in lprm
lynx: CRLF injection vulnerability
perl-MailTools: remote command execution
man - code execution vulnerability
mgetty spool permission
micq: Denial of service
mutt: buffer overflow in IMAP client code
MySQL: multiple vulnerabilities
mysql - configuration file vulnerability
nethack: buffer overflow
NetPBM: math overflow errors
netscape-flash: buffer overflow
net-snmp: denial of service vulnerability
openssl: local and remote extraction of RSA private key
pam_xauth: root exploit
PHP: vulnerability in mail function
PostgreSQL - more buffer overflows
Local arbitrary code execution vulnerability in Python
Multiple-use vulnerability in Safe.pm
samba: remotely-exploitable buffer overrun
sendmail - buffer overrun
slocate - buffer overflow
File overwrite vulnerability in tar and unzip
tcpdump - infinite loop
Multiple vendor telnetd vulnerability
typespeed: buffer overflow
vim - modeline vulnerability
vnc - replay and cookie vulnerabilities
wget:directory traversal bug
Problems with libgtop_daemon
Wwwoffle remote privilege escalation vulnerability
zlib 1.1.4 has buffer overrun
Page editor: Jonathan Corbet
Kernel development Release status Kernel release status The current development kernel remains 2.5.67; Linus has not released a development kernel since April 7. He has been merging numerous patches into his BitKeeper tree, however; along with the usual fixes there is some NFS performance tuning, some changes to the workqueue interface, the merging of s390 and s390x into a single architecture (along with a bunch of other s390 work), the generation of hotplug events from kobject registration, a new __user attribute to mark user-space pointers (to help find bugs with static analyzers), a small change to the semantics of msync(MS_ASYNC) (it no longer actually starts any I/O), some reverse-mapping VM speedups, a new requirement that gcc version 2.95 (or later) be used to compile the kernel, a big pile of small fixes from Alan Cox, an NFSv4 update, and a big IA-64 update.Dave Jones has posted a new version of his "what to expect in 2.5" document. It's a good read for people interested in testing the new kernel, or for those who are simply interested in what has changed. The current stable kernel is 2.4.20. The last 2.4.21 prepatch was 2.4.21-pre7, released on April 4.
Kernel development news Managing dynamic device naming The coming increase in the size of dev_t adds to the urgency of the device naming problem. Even if device numbers remain entirely static, there will be management issues to deal with. Consider the case of SCSI disks, for example. The wider dev_t will make it possible to have thousands of disks on a single system, and the maximum number of partitions will be increased to 64. /dev is already a big directory on modern distributions - over 12,000 entries on a Red Hat Linux 7.3 system, 2000 in the cciss subdirectory alone. It is unwieldy to work with now, but consider what happens with the device names for all those new drives and partitions are added; now /dev has several hundred thousand entries. And we haven't even begun to look at all those new serial ports, tape drives, printers, and CueCat barcode readers we'll be able to add.Richard Gooch beat the rush and started worrying about this problem some years ago; the result was devfs. The devfs code has been in the mainline kernel since the 2.3 days, but it is not heavily used. It puts naming policy firmly in the kernel itself (you get /dev/disc whether you like it or not), and it solves persistent permissions issues by way of a deamon process and a "make a tarball at shutdown" technique that strikes some as inelegant. Some kernel developers have also made a longstanding hobby of complaining about the quality of the devfs code. The end result is that there would seem to be an opening for a different approach. One alternative began to come into focus this week with the release of udev 0.1. udev is an effort by Greg Kroah-Hartman (and others) to push the device naming issue completely into user space, with the result that the kernel hackers would be free to go off and argue about something else. The current udev implementation is a minimal demonstration of the concept, but the longer-term vision calls for three distinct components:
In the current release, everything is bundled together into a single "udev" binary. It requires a series of patches on top of 2.5.67 to create hotplug events when kobjects are registered (these patches have been merged into Linus's BitKeeper repository, and thus will be unnecessary for 2.5.68 and later kernels), and, even then, can only work with devices which export their device number via sysfs. Still, your editor had no trouble making it work on his sacrificial system. Loading the simple block driver from the driver porting series caused a set of block device nodes to be created in /udev - with no changes to the driver required. The basic idea works. A lot of work remains to be done before udev is ready for prime time, however. Some of the issues needing resolution are:
All of these issues should be solvable, of course, and the fact that they are being discussed indicates that people are getting serious about solving the problems. The 2.6 kernel will probably go out with the larger dev_t and, perhaps, some hooks for udev-like programs. Things could get more interesting once the 2.7 development series opens up, however.
Time to internationalize the kernel? One of the latest bright ideas to go around on the linux-kernel mailing list is that the messages printed by the kernel should be presented in the local language. After all, the rest of the system can be localized, but the kernel remains firmly English-only. Wouldn't it be better to complete the job?There are a number of approaches one could take to this sort of problem. One would be to have the various printk() strings available to the kernel in all supported languages, with the correct one selected at run time. One need only look at what that approach would do to the size of the kernel to reject it outright. Trying to support a compile-time language option seems impractical at best. And besides, Linus has been quite clear on what he thinks of in-kernel localization support:
The answer is: go ahead and do it, but don't do it in the
kernel. Do it in klogd or similar.
So would-be translators are forced to look at user-space solutions. Riley Williams posted one possible approach: add a unique message number to each message printed to the kernel. Format strings passed to printk() are already expected to begin with a string like "<2>", which provides the log level of the message. Why not put in, instead, something like "<2.12345>"? User-space translation code could then use the message number to index into a file of localized messages. The devil, of course, is in the details. In the 2.5.67 kernel, there are almost 52,000 details (in the form of printk() statements). It is hard to imagine anybody having the patience to go through and assign unique message numbers to each of those statement. It's even harder to conceive of anybody being willing to translate that many messages into even a single other language. They do not make the most exciting reading material, especially since all the really good profanity is restricted to code comments. There are very few prospective translators with an itch that requires scratching that strongly. Now try to imagine that whole structure of message numbers and translations surviving past more than about two minor kernel releases. Each new message would require a new number; just administering the number space would take quite a bit of somebody's time. Translations would have to keep up with changes to messages. Bear in mind that the 2.5.67 patch, alone, affected 824 printk() statements. 2.4.20, amazingly, affected more than 6,000. This system would be entirely unmaintainable. So in-kernel support for internationalization is unlikely in any form. Whether it can be done entirely externally is another question; Linus suggests trying to translate the messages directly from text. That, probably, is a way of saying that it will not happen at all. But one never knows...
Driver porting This week in the driver porting series The driver porting series this week contains two articles having to do with memory management; one looks at supporting the mmap() system call (mapping kernel memory into user space), and the other at get_user_pages() (mapping user space pages into the kernel). In addition, a couple of older articles (on workqueues and the BIO structure) have been updated to keep them current with recent kernels. As always, the full set of articles can be found on this page.
Driver porting: supporting mmap()
Using remap_page_range()There are two techniques in use for implementing mmap(); often the simpler of the two is using remap_page_range(). This function creates a set of page table entries covering a given physical address range. The prototype of remap_page_range() changed slightly in 2.5.3; the relevant virtual memory area (VMA) pointer must be passed as the first parameter:
int remap_page_range(struct vm_area_struct *vma, unsigned long from,
unsigned long to, unsigned long size,
pgprot_t prot);
remap_page_range() is now explicitly documented as requiring that the memory management semaphore (usually current->mm->mmap_sem) be held when the function is called. Drivers will almost invariably call remap_page_range() from their mmap() method, where that semaphore is already held. So, in other words, driver writers do not normally need to worry about acquiring mmap_sem themselves. If you use remap_page_range() from somewhere other than your mmap() method, however, do be sure you have acquired the semaphore first. Note that, if you are remapping into I/O space, you may want to use:
int io_remap_page_range(struct vm_area_struct *vma, unsigned long from,
unsigned long to, unsigned long size,
pgprot_t prot);
On all architectures other than SPARC, io_remap_page_range() is just another name for remap_page_range(). On SPARC systems, however, io_remap_page_range() uses the systems I/O mapping hardware to provide access to I/O memory. remap_page_range() retains its longstanding limitation: it cannot be used to remap most system RAM. Thus, it works well for I/O memory areas, but not for internal buffers. For that case, it is necessary to define a nopage() method. (Yes, if you are curious, the "mark pages reserved" hack still works as a way of getting around this limitation, but its use is strongly discouraged).
Using vm_operationsThe other way of implementing mmap is to override the default VMA operations to set up a driver-specific nopage() method. That method will be called to deal with page faults in the mapped area; it is expected to return a struct page pointer to satisfy the fault. The nopage() approach is flexible, but it cannot be used to remap I/O regions; only memory represented in the system memory map can be mapped in this way.The nopage() method made it through the entire 2.5 development series without changes, only to be modified in the 2.6.1 release. The prototype for that function used to be:
struct page *(*nopage)(struct vm_area_struct *area,
unsigned long address,
int unused);
As of 2.6.1, the unused argument is no longer unused, and the prototype has changed to:
struct page *(*nopage)(struct vm_area_struct *area,
unsigned long address,
int *type);
The type argument is now used to return the type of the page fault; VM_FAULT_MINOR would indicate a minor fault - one where the page was in memory, and all that was needed was a page table fixup. A return of VM_FAULT_MAJOR would, instead, indicate that the page had to be fetched from disk. Driver code using nopage() to implement a device mapping would probably return VM_FAULT_MINOR. In-tree code checks whether type is NULL before assigning the fault type; other users would be well advised to do the same. There are a couple of other things worth mentioning. One is that the vm_operations_struct is rather smaller than it was in 2.4.0; the protect(), swapout(), sync(), unmap(), and wppage() methods have all gone away (they were actually deleted in 2.4.2). Device drivers made little use of these methods, and should not be affected by their removal. There is also one new vm_operations_struct method:
int (*populate)(struct vm_area_struct *area, unsigned long address,
unsigned long len, pgprot_t prot, unsigned long pgoff,
int nonblock);
The populate() method was added in 2.5.46; its purpose is to "prefault" pages within a VMA. A device driver could certainly implement this method by simply invoking its nopage() method for each page within the given range, then using:
int install_page(struct mm_struct *mm, struct vm_area_struct *vma,
unsigned long addr, struct page *page,
pgprot_t prot);
to create the page table entries. In practice, however, there is no real advantage to doing things in this way. No driver in the mainline (2.5.67) kernel tree implements the populate() method. Finally, one use of nopage() is to allow a user process to map a kernel buffer which was created with vmalloc(). In the past, a driver had to walk through the page tables to find a struct page corresponding to a vmalloc() address. As of 2.5.5 (and 2.4.19), however, all that is needed is a call to:
struct page *vmalloc_to_page(void *address);
This call is not a variant of vmalloc() - it allocates no memory. It simply returns a pointer to the struct page associated with an address obtained from vmalloc().
Driver porting: Zero-copy user-space access
This article looks at how to port drivers which used the kiobuf interface in 2.4. We'll proceed on the assumption that the real feature of interest was direct access to user space; there wasn't much motivation to use a kiobuf otherwise.
Zero-copy block I/OThe 2.6 kernel has a well-developed direct I/O capability for block devices. So, in general, it will not be necessary for block driver writers to do anything to implement direct I/O themselves. It all "just works."Should you have a need to perform zero-copy block operations, it's worth noting the presence of a useful helper function:
struct bio *bio_map_user(struct block_device *bdev,
unsigned long uaddr,
unsigned int len,
int write_to_vm);
This function will return a BIO describing a direct operation to the given block device bdev. The parameters uaddr and len describe the user-space buffer to be transferred; callers must check the returned BIO, however, since the area actually mapped might be smaller than what was requested. The write_to_vm flag is set if the operation will change memory - if it is a read-from-disk operation. The returned BIO (which can be NULL - check it) is ready for submission to the appropriate device driver. When the operation is complete, undo the mapping with:
void bio_unmap_user(struct bio *bio, int write_to_vm);
Mapping user-space pagesIf you have a char driver which needs direct user-space access (a high-performance streaming tape driver, say), then you'll want to map user-space pages yourself. The modern equivalent of map_user_kiobuf() is a function called get_user_pages():
int get_user_pages(struct task_struct *task,
struct mm_struct *mm,
unsigned long start,
int len,
int write,
int force,
struct page **pages,
struct vm_area_struct **vmas);
task is the process performing the mapping; the primary purpose of this argument is to say who gets charged for page faults incurred while mapping the pages. This parameter is almost always passed as current. The memory management structure for the user's address space is passed in the mm parameter; it is usually current->mm. Note that get_user_pages() expects that the caller will have a read lock on mm->mmap_sem. The start and len parameters describe the user-buffer to be mapped; len is in pages. If the memory will be written to, write should be non-zero. The force flag forces read or write access, even if the current page protection would otherwise not allow that access. The pages array (which should be big enough to hold len entries) will be filled with pointers to the page structures for the user pages. If vmas is non-NULL, it will be filled with a pointer to the vm_area_struct structure containing each page. The return value is the number of pages actually mapped, or a negative error code if something goes wrong. Assuming things worked, the user pages will be present (and locked) in memory, and can be accessed by way of the struct page pointers. Be aware, of course, that some or all of the pages could be in high memory. There is no equivalent put_user_pages() function, so callers of get_user_pages() must perform the cleanup themselves. There are two things that need to be done: marking of modified pages, and releasing them from the page cache. If your device modified the user pages, the virtual memory subsystem may not know about it, and may fail to write the pages to permanent storage (or swap). That, of course, could lead to data corruption and grumpy users. The way to avoid this problem is to call:
SetPageDirty(struct page *page);
for each page in the mapping. Current (2.6.3) kernel code checks to ensure that pages are not reserved first with code like:
if (!PageReserved(page))
SetPageDirty(page);
But pages mapped from user space should not, normally, be marked reserved in the first place. Finally, every mapped page must be released from the page cache, or it will stay there forever; simply pass each page structure to:
void page_cache_release(struct page *page);
After you have released the page, of course, you should not access it again. For a good example of how to use get_user_pages() in a char driver, see the definition of sgl_map_user_pages() in drivers/scsi/st.c.
Patches and updates Kernel trees
Core kernel code
Development tools
Device drivers
Documentation
Filesystems and block I/O
Memory management
Networking
Architecture-specific
Benchmarks and bugs
Miscellaneous
Page editor: Jonathan Corbet
Distributions News and Editorials Which Distribution for Grandma? [This article was contributed by Ladislav Bodnar] Linux distributions have traditionally catered to technically savvy computer users and IT professionals. But the growing disillusionment with some of the Microsoft practices as well as the realization that Linux is, in fact, a superior operating system (both technically and philosophically), have made many others consider Linux as an alternative to Windows. Look around some of the Windows community web sites and you will see that many people are seriously trying (even if some of them fail in the end) to convert to Linux. This has created a new market for Linux software integrators - making Linux distributions for Grandma (and Aunt Tillie), the unfairly designated lowest common denominator when it comes to knowledge of computer technology.The concept of creating a simple and easy-to-use Linux distribution is not new. Corel Linux made an early attempt in 1999, but the company's efforts have faded together with the end of the dotcom era. A new wave of these attempts have started within the last year or two, with Elx, Lindows, Lycoris and Xandros (Corel's successor) all vying for the non-technical users. As many of us are regularly approached by friends and family members asking for advice on computing matters, perhaps it is useful to take a brief tour of these distributions and also mention one upcoming surprise that is likely to succeed where others have (so far) failed. What are the major characteristics of these so-called "user friendly" distributions?
Lycoris Desktop/LX (free for non-commercial use, otherwise $30 per seat) has been in development for a long time, nearly 3 years. However, the small development team insists on working on the old Caldera OpenLinux code base and outdated applications, failing to take advantage of the great new developments that have taken place recently. The advancements in XFree86, KDE 3, GNOME 2 and much improved font rendering have seemingly gone past them unnoticed. ELX Linux (US$50, free download of an older release) is another distribution which promised plenty at first. But as the developers stopped reading the mailing lists and responding to queries on their forums, many users simply walked away. There aren't many web sites where the only indication of a product release is a big "buy now" button, which wouldn't be much of an incentive even if the economic times were better. But all is not lost. There is a new horse in the race and it is looking more promising than anything else created to date. The name to remember is Ark Linux. Why such a bold claim? Two reasons. Firstly, the project was started by Bernhard "Bero" Rosenkraenzer, a well-known KDE developer and former long-term Red Hat employee. This in itself creates an atmosphere of trust and high probability of success. Secondly, Ark Linux is a completely non-commercial project à la Debian, with open software repositories and freely available source code. As such, it will remain free, it will attract new developers and it will certainly gain market share a lot faster than any of the commercial distributions. While Ark Linux is still in early development (only alpha status ISO images are currently available), the project has a clearly defined to-do list and several unique features. When the final product is released, we will more than likely examine it in much greater detail, but those who want to know more, follow these links to early reviews by addaboy.com, madpenguin.org and osnews.com as well as this interview with Bero by OSNews. Watch out for Ark Linux. It is probably the first Linux distribution that has a serious potential (in its pure form or, more likely, as a commercial fork) to take a significant market share away from Windows on the desktops of home users.
Distribution News Debian GNU/Linux The Debian Weekly News for April 15, 2003 is out. This week's issue contains a warning to look out for loitering dragonfly brooches; also libcupsys2 is splitting; more on the Debian Popularity Contest; Information Law Training for Debian Developers; and much more.Debian Planet reports presentations from the Debian Mini-Conf held just before the Linux Conference of Australia 2003 are now online. Martin Michlmayr reports that many long orphaned packages will be removed, unless of course they are adopted soon. Wichert Akkerman provides an update on Alioth; the new SourceForge system has migrated to GForge. Find out what works and what doesn't, so far. Andrew Suffield is looking for maintainers with excessive numbers of old RC bugs. It's time to get these bugs closed.
Gentoo Weekly Newsletter -- Volume 2, Issue 15 The Gentoo Weekly Newsletter for April 14, 2003 is out. This week's topics include the release of Gentoo Linux 1.4_rc4 and the new Unreal Tournament 2003 Game CD.
Mandrake Linux MandrakeSoft has announced the release of Mandrake Linux 9.1 "Bamboo" for PPC processors.Several bug fixes are available for Mandrake Linux 9.1. While the problems are not exploitable, these fixes will take care several annoying problems.
Red Hat Linux Red Hat has an updated RHN Notification Tool available which fix several UI and behavior bugs, as well as a memory leak.
SCO Ships SCO Linux Server 4.0 for the Itanium(R) Processor Family The SCO Group has announced the release of SCO Linux Server 4.0 for the Itanium(R) Processor Family, a high-performance Linux operating system designed for use with Intel(R) Itanium(R) 2-based systems.
Itanium2 Gets Boost In Supercomputing Market (TechWeb) TechWeb looks at supercomputing with Intel's Itanium2 and the NPACI Rocks Cluster Distribution. "Version 2.3.2 of the NPACI Rocks software makes it easier to add Itanium systems into clusters using other chips. The software is being used at Northwestern University, Pacific Northwest National Laboratory, the Scripps Institution of Oceanography, Stanford University and other academic and government facilities."
Staying Current with NetBSD (O'ReillyNet) This O'ReillyNet article steps through the process of upgrading a NetBSD system. "The NetBSD Project provides comprehensive documentation on how to upgrade the operating system. As with many such comprehensive documents, it's frequently difficult to know which steps you should follow in your particular situation. This article isn't a comprehensive tutorial that covers every possible situation; rather, it covers the most common situation: updating your source with CVS, building that source code, and installing it on the build machine."
New Distributions blueflops blueflops is a Linux distribution that fits on two floppy disks, and includes a graphical Web browser (links 2.1pre9 using svgalib 1.4.3) and a popular IRC client (BitchX 1.0c19). The kernel is 2.4.20 with most of the Ethernet drivers compiled as modules. The C library is uClibc 0.9.16, busybox is a slightly modified version of 0.61.pre. The 'links' and 'BitchX' binaries are statically linked and compressed with UPX 1.90. The distinguishing feature of blueflops is its configuration procedure. The scripts are all accessible through a 'setup' script, and they all have a nice 'dialog' front-end. Version 1.0.0 was released April 15, 2003.
Minor distribution updates Bernhard's Bootable Linux CD Bernhard's Bootable Linux CD (or BBLCD Toolkit) has released v0.7.7 with major feature enhancements. "Changes: This version adds an example in misc/suse/8.1, supports automatic calculation of the necessary initrd-size, and includes minor bugfixes and enhancements as suggested by users."
KNOPPIX KNOPPIX has released v3.2-2003-04-09 with minor bugfixes. "Changes: mousedev is now used for all USB mice in an attempt to fix some reported problems. Most of the GNOME 1 stuff was deleted because of space limits. The following packages will be omitted until a GNOME2 version exists and fits: evolution, libguppi16, gcdmaster, gnome-games, and kino. Flash-Installer was added. Support for ALSA drivers was added, but it is untested. This feature can be used by adding the "alsa" option to the boot command. An argument can be passed to the "alsa" option to specify a particular sound card driver."
Slackware Live CD Slackware Live CD has released v2.9.0.12 with major bugfixes. "Changes: A lot of bugfixes with USB mouse detection."
TrinityOS TrinityOS has released v04/08/2003 with major security fixes. "Changes: Many updates were made, including the addition of critical files to the backup floppy and Samba 2.2.8a to resolve security issues. Compilation help for 2.2.8 Samba users was also added. The recommended version of Sendmail was changed to 8.11.7 or 8.12.9, and information on disguising the version of Sendmail running was included."
TrustedDebian TrustedDebian has released v0.9.3 with minor bugfixes. "Changes: This version adds RSBAC kernel configuration fixes, adds a RSBAC ACL module, enables RSBAC CAP module process hiding, adds rsbac-doc, rsbac-dev, and rsbac-klogd packages, and updates glibc and related packages."
Trustix Secure Linux Trustix has announced the release of Trustix Secure Linux 2.0 beta 1 (Tornado). "Being a beta we will not recommend it for production use nor will we maintain it. With some luck and skill, you might be able to swup upgrade it, but a plain reinstall is recommended."
uClinux uClinux has releaed v2.5.67-uc0 with major feature enhancements. "Changes: Uses the latest development kernel."
Page editor: Rebecca Sobol
Development Kodos: A Python Regular Expressions Tool Kodos, apparently named after one of the slobbering alien character on the cartoon "The Simpsons", is a handy GUI tool for working with regular expressions in Python.In the About Kodos page, author Phil Schwartz says: "I have always found the development cycle of python regular expressions to be tedious and time consuming and I searched for a tool to aid in this area. When I could not locate a desirable tool I began to create my own. As I added features, I thought it would be useful to other developers as well and created the Kodos Project page on Sourceforge."
There are a number of radio buttons for selecting regexp flags such as Ignore Case. A handy regexp reference window can be popped up to show the available regexp syntax characters. It is apparently possible to get Kodos to run under RedHat 7.3 and Debian Woody, but your author ran into several cases of dependency hell on both systems. Luckily, I had a spare machine, and wanted to play with a variant of RedHat 8.0 known as KRUD Linux. Kodos 1.0.2 installed without a hitch on that environment. Version 1.1 of Kodos was announced this week. Some of the new features include the addition of pausing and unpausing the processing of regexps, an editing timeout, an import file option, new preferences, code cleanup, and bug fixes. Kodos is definitly a utility that will be a welcome addition to a Python programmer's tool kit. It give an immediate productivity boost to those who use Python regular expressions. The software is availabe for download here. Additional information can be found in the online Kodos Documentation.
System Applications Audio Projects Ogg Traffic The April 15, 2003 edition of Ogg Traffic is out with the latest Ogg Vorbis audio compression software news. Topics include status reports, a discussion on bitrate peeling, developments to the Xiph.org wiki, a French radio station that offers Ogg Vorbis streams, and more Tremor improvements.
Planet CCRMA news Planet CCRMA hosts a collection of audio software for various versions of RedHat Linux. The latest changes on the site include support for a number of audio packages under RedHat Linux 9.0, as well as support for a few new packages.
Database Software PostgreSQL Weekly News The April 9th, 2003 PostgreSQL Weekly News features a discussion of an upcoming test package for PostgreSQL, as well as other development news.
phpMyAdmin 2.5.0-rc1 released (SourceForge) Version 2.5.0-rc1 of phpMyAdmin has been released. "phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the http://www. Currently it can create and drop databases, create/drop/alter tables, delete/edit/add fields, execute any SQL statement, manage keys on fields. Here is the first release candidate for version 2.5.0. There are lots of new features, see http://phpmyadmin.net or the ChangeLog for details."
Networking Tools Release of iptables-1.2.8 Version 1.2.8 of iptables has been released. "Version 1.2.8 is a maintainance release, containing dozens of small bugfixes that have accumulated over the last months since 1.2.7a was released in August 2002."
Printing Common UNIX Printing System 1.1.19rc1 Version 1.1.19rc1 of CUPS, the Common UNIX Printing System has been announced. "CUPS 1.1.19 adds support for fast reconfiguration, option retension and defaulting when adding and modifying printers, binary PostScript printing, fax device features, custom web applications via CGI, PHP, Java, and Python, and simple scripting support for Java, Perl, and PHP. The new release also contains bug fixes including the LPD printing and Solaris signal handling bugs."
Foomatic 3.0.0rc1 released Version 3.0.0rc1 of the Foomatic printer database has been released. "This will be the release candidate for the final release of Foomatic 3.0.0 which will appear not later than first of May. This release allows to apply options to selected pages of the document. It also replaces the ugly numerical printer IDs which still remained from the old PostGreSQL times of Foomatic 0.x by easy-to-remember clear text IDs. And it adds new types for printer driver options."
Web Site Development Analog version 5.90beta2 released A new beta version Analog, a web server log file analysis tool, is available. See the Whatsnew file for more information.
mnoGoSearch-php-extension-1.72 released Version 1.72 of the mnoGoSearch-php-extension, a PHP front-end to the mnoGoSearch web site search engine, is available. Change information is in the source code.
Python and Apache (O'ReillyNet) Peter Laurie covers Python and Apache integration on O'Reilly. "Peter Laurie, coauthor of Apache: The Definitive Guide, 3rd Edition, covers the interface between Apache, Python, and MySQL, with a step-by-step walkthrough of an example Python script."
Quixote 0.6beta6 is available A beta version of Quixote 0.6, a Python-based web development framework, is available. See the release announcement for details.
Why MidCOM rocks Henri Bergius has written an article about MidCOM, the new Midgard Components Framework. "I have been very enthusiastic about the recently announced MidCOM - Midgard Components Framework project. MidCOM provides Midgard developers with a framework for building reusable and configurable site components."
Web Services Architect Struts applications for Web services (IBM developerWorks) Jerome Josephraj discusses the use of Struts and Web services on IBM's developerWorks. "When you're converting an enterprise app for use with Web services, the simplest way to do it is to associate a single operation with a single enterprise service. But that's not necessarily the best idea. In this article, Jerome Josephraj shows you how to build Web services applications based on the tried and true Model-View-Controller (MVC) design pattern. To that end, he's adapted Struts, a popular open-source MVC framework, for use in the Web services arena. By examining the sample application outlined here, you'll see how you can use Struts and Web services together."
Desktop Applications Audio Applications BEAST/BSE 0.5.1 released Version 0.5.1 of BEAST/BSE is avilable. "BEAST (the Bedevilled Audio SysTem) is a graphical front-end to BSE (the Bedevilled Sound Engine), a library for music composition, audio synthesis and sample manipulation. The project is hosted at: http://beast.gtk.org. This new development series of BEAST comes with a lot of the internals redone, many new GUI features and a sound generation back-end separated from any GUI activities."
GNUsound 0.6 released Version 0.60 of the GNUsound audio editor and manipulation package is available. Change information is in the source code.
Desktop Environments GNOME 2.3.0 changelogs (GnomeDesktop) GnomeDesktop has published a list of changes for the recently announced GNOME 2.3.0. "Here is a compilation of the release notes and NEWS files available for the various modules updated for the GNOME Development Series Snapshot 2.3.0...."
GNOME Fifth Toe 2.2.0 released (GnomeDesktop) A set of over 30 applications for GNOME has been released as GNOME Fifth Toe. "The Fifth Toe team, Will LaShell, Scott Sibley and myself, are delighted to announce the availability of Fifth Toe 2.2.0. This is a release of extra applications that aren't part of the core/desktop releases."
Evolution 1.4 Preview 2 Released (GnomeDesktop) A new preview release of Evolution has been released. "The second preview release of Evolution for GNOME 2, Evolution 1.3.2 has been released, sporting numerous bug fixes and enhancements." Bug testers are needed.
KDE-CVS-Digest The April 11, 2003 KDE-CVS-Digest is out. Here's the summary: "Rewrite of smtp kioslave, SMIME support added to kssl, and continuing improvement to the rss dcopservice. KMail gets an mbox import filter."
XFree86 followup teleconferences Two additional teleconferences were held to discuss XFree86 and the development community. The minutes have been published online.
X Window System Network Performance Here is a white paper by Keith Packard and James Gettys on X Window System Network Performance. "Performance was an important issue in the development of X from the initial protocol design and continues to be important in modern application and extension development. That X is network transparent allows us to analyze the behavior of X from a perspective seldom possible in most systems. We passively monitor network packet flow to measure X application and server performance. The network simulation environment, the data capture tool and data analysis tools will be presented. Data from this analysis are used to show the performance impact of the Render extension, the limitations of the LBX extension and help identify specific application and toolkit performance problems. We believe this analysis technique can be usefully applied to other network protocols." (Found at Hack the Planet)
Games Pygame updates New Python-based game software on the Pygame site includes: Imgv 2.7, Tuxmathscrabble 2.1, Pygsear .42, and Pyddr 0.6.1.
Graphics Crystal Space 0.96r004 available Version 0.96r004 of Crystal Space, a multi-platform Open Source portable 3D engine, is available. This release features a number of bug fixes.
GIMP 1.3.14 released (GnomeDesktop) GnomeDesktop.org has an announcement for version 1.3.14 of the GIMP. "Quite a few rather long-standing bugs have been fixed (thanks to the help of Pedro Gimeno) and GIMP-1.3 is actually becoming quite useable these days."
GRASS 5.0.2 released Version 5.0.2 of GRASS GIS is available with stability and reliability fixes. "The Geographic Resources Analysis Support System, commonly referred to as GRASS GIS, is a Geographic Information System (GIS) used for data management, image processing, graphics production, spatial modeling, and visualization of many types of data."
Interoperability Wine release 20030408 Release 20030408 of Wine is available. Changes include:
Wine Traffic Issue #165 of Wine Traffic is out. Topics include: Wine-20030408, Distro Reviews, Debugging Threads, Change in nm Symbol Output, and XFree86 Keyboard Mapping Issues.
Office Applications AbiWord Weekly News Issue #139 of the AbiWord Weekly News is out, with the latest AbiWord word processor development news. "Thanks to some outside help, Abiword's Win32 port is coming along nicely. In fact, we've even got a couple of pretty screenshots included for you. Get this, how does "back from the dead" strike you as a theme? Hub applies a patch from Gery DELOGE for...BeOS! "Glass of water for Mr. Grainger!" "Glass of water for Mr. Bjork!" Also, for those of you still whining about not being able to get 1.0.5, you needn't worry any further, as it appears that 1.0.6 may be out on SourceForge (and Savannah for you GNUists) pretty soon. Yes, soon, you, too, will be able to --enable-gnome."
OpenOffice.org 1.0.3 available Version 1.0.3 of OpenOffice.org is available. "No new features are included in this release. Just lots of bugfixes, making the application more stable and more usable."
Web Browsers Epiphany 0.5.0 released (GnomeDesktop) GnomeDesktop has an announcement for version 0.5.0 of the Epiphany web browser. "Epiphany is a GNOME web browser based on the mozilla rendering engine. The name meaning: "An intuitive grasp of reality through something (as an event) usually simple and striking""
Independent Staus Reports (MozillaZine) This week's Mozilla Independent Status Reports are available. "The latest set of status reports includes updates from the Creating Applications with Mozilla book project, JSLib, XPTK, Preferential, MessageID-Finder and Linky."
Minutes of the mozilla.org Staff Meeting (MozillaZine) MozillaZine has posted the minutes from the April 9, 2003 Mozilla.org staff meeting. "Issues discussed include 1.4 Beta, 1.3.1, the new Roadmap, the future of the Mozilla suite and Mozilla documentation."
Miscellaneous KBarcode: Professional Label Printing for KDE KDE.News looks at KBarcode, a bar chart printing utility. "After more than 5 months of development, the KBarcode team has released version 1.2.0 of KBarcode. This latest stable release brings professional high-quality label printing to the KDE desktop. In fact, KBarcode is already used by a few companies under production conditions and has proven to be reliable and stable -- considering the high costs for similar commercial applications, KBarcode might save you some money!" Fire up those old Cue-Cat scanners.
Languages and Tools Caml Caml Weekly News The April 8-15, 2003 edition of the Caml Weekly News is out with the latest Caml language news.
Java A JSTL primer: Presentation is everything (IBM developerWorks) Mark A. Kolb explains JSTL on IBM's developerWorks. "Localizing content for visitors is a critical element for developers who want their Web applications to have global impact. Internationalization features have been part of the Java programming language since JDK 1.1, and the JSP Standard Tag Library (JSTL) fmt library provides convenient access to all of these features through a focused set of custom tags. Mark Kolb returns to the topic of JSTL in this third installment of his four-part series with a look at the fmt tags for formatting and internationalizing data."
JSP best practices: Improve your look and feel with the JSP include mechanism (IBM developerWorks) Brett McLaughlin covers the JSP include mechanism on IBM's developerWorks. "This first installment in the new JSP best practices series introduces the JavaServer Pages include mechanism. Follow along as Java programming expert Brett McLaughlin shows you how to use include to incorporate static header and footer files into your Web site or Web application pages"
A Custom JSP Tag Library for Dynamic Menus (O'Reilly) Prabu Arumugam writes about menu programming under JSP. "While the Java programming language has built-in support to create basic menu structures, JSP lacks support. Web applications must use either Java applets or JavaScript to implement menu structures. Many web application developers prefer JavaScript to applets for simplicity and ease of deployment. This article describes a custom tag library that simplifies the process of generating JavaScript dynamically. The design and implementation of the tag library are covered in detail."
Lisp CMUCL 18e released CMU Common Lisp (CMUCL) version 18e is available. "This major release contains several enhancements and changes including faster bignum multiplications, better support for linking foreign libraries, a cross-referencing facility for the compiler, bindings to POSIX user and group database access functions, support for Unix sockets, an implementation of large file support (> 2GiB), numerous ANSI compliance fixes and bug fixes, several improvements to the PCL implementation of CLOS, much and more."
Lisp and Allegro CL Code Repository An open-source code repository for Lisp has been made available by Franz, Inc. "The repository provides source code of examples and utilities for demonstrating Allegro CL features and non-trivial ways Common Lisp can be used."
Perl This Week on perl5-porters (use Perl) The April 7-13, 2003 edition of This Week on perl5-porters is out. "This week : MacOS X problems, big and small patch proposals, cross-compilation and unknown errors."
This week on Perl 6 (O'Reilly) The April 4, 2003 edition of This week on Perl 6 is available. "Welcome my friends to the show that never ends. Yes, it's another of Piers Cawley's risible attempts to summarize the week's happenings in the Perl 6 development community. We start, as usual, with events in the perl6-internals world (not the perk6-internals world, obviously, that would be the sort of foolish typo that would never make it into any mail sent to the Perl 6 lists) where things have been quiet... too quiet. I think they're planning something."
Synopsis 6 (O'Reilly) Damian Conway and Allison Randal have published Synopsis 6, a condensation of Larry Wall's Apocalypse 6 for Perl. "This document summarizes Apocalypse 6, which covers subroutines and the new type system."
PHP PHP and Heredocs (O'ReillyNet) O'Reilly has published an article on PHP heredocs. "Tired of having PHP, HTML, and even SQL jumbled together in the same file? Are your designers, coders, and DBAs going crazy trying to keep everything in check? A clean layer of separation can help. Daniel Smith explains how PHP's heredocs can make your life much easier by separating presentation, content, and logic."
PHP Weekly Summary Topics on this week's PHP Weekly Summary include: "International PHP conference, DOMXML extension, Simple but effective, YAML extension, Too much data on mirrors, MySQL thread safety, Files or streams, Zend Engine 2 constants."
Python This week's Python-URL Dr. Dobb's Python-URL for April 14 is out. It looks at the merits of __slots__, a proposed list method change, and several other topics.
Gems From the Archives (O'Reilly) Uche Ogbuji points out a few of his favorite Python-based XML utilities. "In this and in subsequent articles I will mine the richness of the XML-SIG mailing list for some of its choicest bits of code. I start in this article with a couple of very handy snippets from 1998 and 1999. Where necessary, I have updated code to use current APIs, style, and conventions in order to make it immediately useful to readers."
Ruby The Ruby Weekly News Topics on this week's Ruby Weekly News include: a call for a standardized package installation procedure, array subtraction, and the usual round-up of new Ruby software.
Scheme Scheme Weekly News The April 14, 2003 edition of the Scheme Weekly News has been published, check it out for the latest Scheme language development news.
Tcl/Tk Dr. Dobb's Tcl-URL! The April 14, 2003 Dr. Dobb's Tcl-URL! is out with the latest roundup of Tcl/Tk developments.
XML Processing RSS (O'Reilly) Ivelin Ivanov discusses processing RSS feeds with XQuery. "The goal of this article is to demonstrate the use of XQuery to accomplish a routine, yet interesting task; in particular, to render an HTML page that merges RSS news feeds from two different weblogs. RSS has earned its popularity by allowing people to easily share news among and between web sites. And for almost any programming language used on the Web, there is a good selection of libraries for consuming RSS."
Debuggers Alleyoop - a GNOME2 front-end for Valgrind (GnomeDesktop) Jeffrey Stedfast has announced a project called Alleyoop that is a front-end for the Valgrind x86 architecture memory debugger. The code is still in a fairly early state of development.
Miscellaneous Multitail 1.6 available Folkert van Heusden has released version 1.6 of multitail, a utility that works like the Unix tail command, but supports multiple windows.
Improve Linux performance (IBM developerWorks) Cameron Laird gives some tips on squeezing performance out of a Linux system. "While performance is certainly important, the best way to handle this requirement is not always obvious. Time and again, I've experienced a software challenge that followed roughly this pattern: a program is in use. Its functionality is correct. A user stops in, though, to report that it's "too slow" and needs acceleration. Someone on the team quickly hacks in a "monitor" that slows performance a bit but keeps the user informed about how much time remains for a long-running computation. Satisfaction settles in."
Page editor: Forrest Cook
Linux in the news Recommended Reading Linux not ready for the desktop? Give me a break! (NewsForge) This NewsForge article says Linux is ready for the desktop. "Of course, just because Linux is ready for the desktop doesn't mean users are ready for Linux. Users get very comfortable with their computers, and quite naturally fear change. But new systems come into production all the time as the needs of a business change, and when new client operating system better fit business needs, employees have to change with the times."
MS allows port of its software to Linux (The Inquirer) According to this Inquirer article Microsoft has licensed InterVideo to port Windows Media to Linux. " Make no mistake, the only reason Linux is getting a look in here is because Microsoft wants to start charging Hollywood and Motown a small fee for every film or piece of music that is passed through its DRM. But it's still an important psychological win for Linux." (Thanks to Dennis Potts)
Friend or foe? (Economist) Here's an article in The Economist about Linux and the computing industry. "Only in Mr Mundie's nightmare scenario would Linux and other open-source software wipe Microsoft from the face of the earth. Mr Ellison's prediction might then come true, but with a drawback: his own firm, Oracle, would be wiped out too."
Open-source team fights buffer overflows (ZDNet) ZDNet looks at OpenBSD, as project leader Theo de Raadt works to eliminate buffer overflows. "The OpenBSD project hopes new changes to its latest release will eliminate "buffer overflows," a software issue that has been plaguing security experts for more than three decades."
Trade Shows and Conferences LinuxWorld Ireland 2003 (Linux Journal) Linux Journal reports on last week's LinuxWorld in Ireland. "LinuxWorld came to Ireland on April 3rd, 2003. Sponsored by IBM in association with ILUG (the Irish Linux Users Group), the conference never was going to be very big. It was scheduled to take place on the last day of ICT Expo, Ireland's Information and Communications Technology Event. The small number of Linux-specific stands at the show were stuck in the middle of a mix of everything from data projector companies to accounting software suppliers."
PC Forum: Embedded in Scottsdale (Linux Journal) Doc Searls goes to PC Forum and writes about it in this Linux Journal article, with a focus on issues about Linux drivers for Intel's Centrino. "The next day, March 25, word went out from Intel that it was, in fact, working on Linux drivers for Centrino. A spokesman, Scott McLaughlin, said Intel was, in any case, already running Linux drivers in its labs. When the demand arrives, the drivers will be there."
PyCon DC 2003 (Linux Journal) Linux Journal covers PyCon DC 2003. "The theme of this year's conference was Popularizing Python. Steve Holden, the conference chairman, noted that attendees weren't only geeks but a good mix of scientists, educators, programmers, writers and entertainers, all of whom worked together and became colleagues."
Honeypots get stickier for hackers (News.com) News.com reports from the CanSecWest security show focusing on a talk from the Honeynet Project. "Because attackers generally encrypt their communications with a compromised server after successfully breaking in, the group has modified the operating system used with its system--currently Linux--to enable it to parrot the commands back to the administrator. Essentially a wiretap, the function lets administrators see any commands that are being seen by the operating system."
Companies Oracle And Unbreakable Linux (IT-Director) IT-Director examines Oracle's Unbreakable Linux campaign. "Oracle is now clearly a Linux convert and evangelist. It is running an expensive world-wide marketing campaign under the slogan "Unbreakable Linux". As part of this it is spending $150 million to encourage ISVs to develop Oracle based applications for the Linux platform, offering help with porting and development (all in a free Linux bundle). All its products are available on Linux and it claims to "recommend Linux to many of its new customers". Oracle is also eating its own food, as it runs its own business on Linux."
Solaris on course to merge with Linux (ZDNet) This ZDNet article hints that Solaris will start to look more and more like Linux. "Gingell's five-year plan for an intermarriage of the two operating systems seems to be on an accelerated track. Solaris continues to take on more API-level compatibility with Linux. In turn, Linux, through Sun's participation in the Free Standards Group, will undoubtedly take on more of the industrial strength attributes for which Solaris has long been known."
Linux Adoption Article about the Open Source Movement (LinuxMedNews) Here's an article written by a practicing ophthalmologist and medical informatics student, wondering about the uses of open source software in medical applications. "My next question, what is it good for, finds lots of answers in internet sources and e-mail conversations at AMIA, but very little in peer-reviewed medical journals. One of the most frequently mentioned advantages in AMIA e-mails is the avoidance of dependence on unstable vendors of proprietary software (The Open Source Case for Customers, 2003). Health care institutions invest enormous sums in information systems, only to find that the vendor goes out of business. This leaves the institution with a system that they cannot upgrade or maintain because there is no access to the source code. Even if the vendor stays in business the software owner is dependent upon the vendor for needed upgrades and maintenance." (Found in LinuxMedNews)
University web gets radical overhaul (ZopeMembers) Zope Members News covers the deployment of Zope on Linux at the University of Bristol's web site. "The University of Bristol has launched its redesigned and Zope-hosted corporate web. The new web environment marks a dramatic improvement in the appearance, navigability, accessibility and usability of the University’s web."
Legal ACLU loses digital copyright battle (News.com) News.com reports that the ACLU DMCA challenge has gone badly. "'There is no plausibly protected constitutional interest that...outweighs N2H2's right to protect its copyrighted property from an invasive and destructive trespass,' U.S. District Judge Richard Sterns wrote."
Affirmative action for open source (NewsForge) NewsForge takes a look at legislation which mandates that open source software be considered by governments. "There's nothing wrong with asking states to consider open source software as well as proprietary. Every organization ought to consider all the products that might meet their needs. I'm a little wary of provisions that force written justification when purchasing one particular category of software over another. That seems like unnecessary bureaucratic red tape if we presume that our public employees are trying to do the best possible job."
DMCA threats gag security researchers (Register) The Register looks into how the DMCA was used to cancel a talk at the Interz0ne.com conference. "Blackboard Inc. found out security researchers Billy Hoffman (AKA Acidus) and Virgil Griffith (Virgil) were about to present a paper on security flaws involving its popular university ID card system, and called in its lawyers."
'Super-DMCA' fears suppress security research (Security Focus) A news report on Security Focus tells us that a University of Michigan grad student, working on steganography and honeypots, has moved his dissertation offshore, and installed a mechanism to keep it out of the hands of Americans (or at least those who compulsively tell the truth). This is in response to a "Super-DMCA" law recently passed by the Michigan state legislature. "Among other things, residents of the Great Lakes State can no longer knowingly "assemble, develop, manufacture, possess, deliver, offer to deliver, or advertise" any device or software that conceals "the existence or place of origin or destination of any telecommunications service." It's also a crime to provide written instructions on creating such a device or program. Violators face up to four years in prison." (Thanks to Max Hyre, who followed links from the Digital Copyright mailing list to this overview of recent news reports.)
Super-DMCA not so bad (Register) The Register carries an alternate opinion, that Super-DMCA laws are not as bad as the original. "In essence, the defendant would have to intend to "steal" or assist in the "stealing" of pay-content or access. This is more limited than even the laws that prohibit the sale of cable descramblers, and is much more narrowly crafted than the current DMCA. Because the proposed law requires proof of intent to defraud, those who merely wish to engage in fair use of content would likely be protected, as would those who make products that could be used to steal content, but intend to use them for other purposes (e.g., reverse engineering, improving signal quality, etc.)"
Will patents pillage open source? (News.com) Here's a News.com column saying that the patent threat to free software has been overstated. "Intellectual-property litigation is very expensive. As a practical matter, therefore, the ability to enforce intellectual-property requires a relatively small number of infringers that dominate the market, and which have resources justifying the legal effort. But open-source users are a huge and widely diverse lot who can always resort to home-grown alternatives."
Interviews Testing Microsoft and the DMCA (News.com) News.com talks with Andrew "Bunnie" Huang, author of Hacking the Xbox. "Huang's recently completed book, "Hacking the Xbox" was recently dropped by Wiley subsidiary Hungry Minds, citing possible legal issues under the controversial Digital Millennium Copyright Act (DMCA). The Department of Justice recently used the DMCA to shut down ISOnews.com, a Web site partly used to distribute Xbox-hacking tools, and to imprison the site's owner."
One-on-one with Richard Stallman (SearchEnterpriseLinux) SearchEnterpriseLinux.com interviews Richard Stallman, on the SCO-IBM dispute, the latest FSF news, and other topics. RMS: "Keep in mind that we didn't develop GNU for the sake of having it be used by businesses. We welcome businesses to use it, and everybody, every user of computers should be free to study and change and redistribute software, all the software they use, and that includes businesses, if they're using computers. But we don't give any particular priority to businesses." (Thanks to Ciaran O'Riordan)
Novell will make 'immature' Linux robust and reliable (ComputerWorld) ComputerWorld interviews Novell CEO Jack Messman; the result gives a view into how Novell views Linux now. "Linux is an immature operating system right now. It hasn't had somebody like Novell worrying about making it robust, reliable and scalable for very much time. We think we can bring that to the Linux kernel." (Thanks to Peter Link and Jay Ashworth).
The XML.com Interview: Liam Quin (O'Reilly) O'Reilly has published an interview with Liam Quin. "Many people have contributed to the development of XML. One contributor and XML expert who stands out is Liam Quin -- author and co-author of three popular books on XML, and employee of the World Wide Web Consortium (w3c.org) as XML Activity Lead."
Resources Tips for Testing the 2.5 Kernel (Linux Journal) Linux Journal has some tips for testing the 2.5 kernel. "Now that your 2.5 kernel is up and running, what should you do to test it? It's simple; do the normal tasks you always do on your 2.4 or 2.2 kernels: run X, browse the Web, read e-mail, play games, write documentation, write code and so forth. Every user stresses the operating system in different ways; therefore, there is no one, correct way to test."
Reviews Video Playback and Encoding with MPlayer and MEncode (O'ReillyNet) Kivilcim Hindistan reviews MPlayer on O'Reilly. "You have Linux on desktop, you have broadband. You have cutting edge p2p file sharing programs, but cannot get all the fun. Why? Because you lack a very important component, a decent movie player. Search no more. MPlayer is here for all your needs."
Necessary Censorship: Web Filtering with Open Source (Linux Journal) The Linux Journal looks at open source censorware systems. "Maybe we need open-source censorware, strange as that may sound, with a publicly available list. It would offer the ability to tinker with both the code and the list to suit the needs of folks who have to do this type of work. I was stunned by the answer I found: two such animals already are available." It's an interesting article with a worthwhile topic: what do you do when you have to impose some sort of filtering?
Miscellaneous Are we free to copy DVDs? (Knight-Ridder) Newsalert is carrying a Knight-Ridder article on the 321 Studios DMCA case. "321 Studios and technology activists say the lawsuit - which the software maker defensively initiated last April _ could establish the right of consumers to make personal copies of DVD movies they legitimately own, just as they do now with music CDs or computer software."
Page editor: Forrest Cook
Announcements Non-Commercial announcements LSB Certification news - Quarterly Bulletin 1Q 2003 The Open Group provides a list of products that have been certified as Linux Standards Base compliant during the first quarter of 2003.
Open Source study by the Swedish Agency for Public Management The Swedish Agency for Public Managment (Statskontoret) commissioned a feasibility study on open source software. The study shows that open software is a good alternative for public administrations. Statskontoret's report is available in English (PDF format) as are the appendices (also PDF). (Thanks to Magnus Lyckå)
Commercial announcements MySQL Industry Support Demonstrated at MySQL Users Conference Commercial support is now available for the MySQL database. "MySQL AB, developer of the world's most popular open source database, announced today at the first annual MySQL Users Conference that several leading organizations are announcing support for the MySQL™ database."Also, see this press release on News.com. "The Swedish company, which develops open-source database software, is making its way into markets once dominated by proprietary database vendors such as Oracle, IBM, Microsoft and Sybase. During a keynote address Thursday morning, co-founder David Axmark said more than 29,000 people are downloading MySQL each day, and it has more than 4 million users worldwide."
Novell Launches Open Source Web Site, Releases UDDI Server Novell, Inc. has announced the launch of the Novell Forge Web site, an open source developer resource. "As part of the announcement of Novell Forge, the company is releasing the source code of the Novell Nsure(TM) UDDI Server, which makes Web services registries more secure and easier to manage by adding identity management capabilities to the Universal Description, Discovery and Integration (UDDI) standard." Other related announcements from Novell can be found here.
Resources PyConPapers online The papers presented at this year's PyCon 2003 are available online. "Here is a quick index of the talks from PyCon 2003, and links to the papers and/or any other information I could find. Though this started as an index of the scheduled talks, I an expanding it to include resources for lightning talks, open space sessions,etc."
Linux Soundapps Site Updated Dave Philips has updated his Linux soundapps site, check it out for a comprehensive listing of many Linux audio applications.
Upcoming Events GU4DEC - Registration, Schedules and Tutorials (GnomeDesktop) Gnomedesktop.org has an announcement for the Fourth GUADEC GNOME User's Conference, to be held in Dublin, Ireland on June 16-18, 2003.
LinuxWorld Keynoters announced IDG World Expo has announced the keynote speakers for LinuxWorld Conference & Expo in San Francisco, next August.
Midgard tutorial at OSCOM 3 Henri Bergius will hold a tutorial session on the Midgard content management framework at the OSCOM 3 conference in Cambridge, MA on May 28, 2003.
Call for Participation for Scandinavian Perl Works (use Perl) A Call for Participation has gone out for the Scandinavian Perl Workshop, to be held in Copenhagen, Denmark on April 25-26, 2003.
YAPC::Europe pre-registration is open (use Perl) According to Use Perl, pre-registration for the YAPC::Europe Perl conference in Paris is now open.
Events: April 17 - June 12, 2003
Software announcements This week's software announcements Here are the software announcements, courtesy of Freshmeat.net. They are available in two formats:
Miscellaneous Argentina's BioLinux Group (LinuxMedNews) LinuxMedNews takes a look at the BioLinux Group, which was founded in Argentina in the year 2001 and now encompasses all of Latin America.
Page editor: Forrest Cook
Letters to the editor Distribution Tracking
Fellow Linux Geeks/Nuts/Addicts/Users, I think The Linux Weekly News is the best, un(distro)biased, and most informative news site on the 'net today. Therefore, I think that this is the most appropriate place to post such an issue. If it were to be posted to Slashdot there would be too much crap to wade through to find the answers (not to mention the flames, flame-baits, and trolls -- its like going fishing at a fish hatchery: you catch everything). The basic question is "What distro do you use?" But I am curious about more than just that; I'm curious about the path that people have taken to arrive at that distribution. Let's start with our esteemed editor: Mr. Corbet. Since he started writing the device driver articles I know my estimation of his abilities has increased considerably. They are really the only articles on LWN that require all of my synapses to fire properly in order for me to understand them. I consider myself a fairly good programmer, I've been building my own kernels since the beginning, I'm not afraid to patch the kernel, and I've spent many hours browsing through the source code. I think its a safe guess that he doesn't use an out of the box configuration from any distro. I'm curious what distribution he uses. I know that a custom kernel can be used with just about any distro out there but a lot is lost by not using the kernel that the distro has provided you with. The kernel is just the most obvious example at hand. It was Mozilla that got me started on this project. I'd like to have a version that I built from source code but that goal has proven elusive. I use Mandrake 8.2 at the moment and spent an evening in dependency hell before I decided to just use the nightly builds. I'm building up an old machine with Debian that I intend to take from Woody to Sid to testing soon. The reason is to be able to build Mozilla and a number of other programs so I can play with the source code. I think it would be very informative to have a questionnaire to try and chart the distros people started using, their intermediate distros and why they switched, and finally the distro that they are currently using and how happy they are with it. I would be willing to work on this project, in conjunction with LWN, if there is actually a desire to see it done. It would be nice if enough time went into the questionnaire to make it truly useful for people -- newbie through kernel hacker -- and could be allowed to run indefinitely on LWN so that data can continuously be collected and it would have relevant data from now on. For instance, if someone asked me what distribution they should use to 'try' GNU/Linux on I would recommend a CD based Live version or if I could remember the name of the Linux version that lives as a file in a Windoze partition and can be executed from Windoze. On the other hand if a small business asked me how to use Linux to run the Internet stuff I would probably suggest RedHat with a support contract. A desktop user I would probably point to Mandrake; and a programmer with at least some Linux experience I would probably point to Debian. There are reviews galore for every kind of distro that you can imagine. What we need is an aggregate of information that can be used by everyone who doesn't spend their time reviewing distributions. The pros and cons of each distro should be voted on and ranked. The recent article about source based distros is an excellent article, especially the part about the dis/advantages of going to source. That data should be integrated into the questionnaire by those that are actually using it. I've included the distros that I've used and the reasons that I no longer use them below as a starter: Year Distribution Reason for changing ---------------------------------------------- 1993 Slackware First Distro 1996 Redhat Slackware fell behind 2000 Mandrake Newer Packages 2003 Debian Hoping apt-get removes the dependency hell ???? Gentoo This will remove the dependency hell I would also want to put a number of questions that say between 1-10 how would you rate: Upgrade-ability of packages Upgrade-ability between minor upgrades Upgrade-ability between major upgrades Desktop hardware compatibility Laptop hardware compatibility Server hardware compatibility Rating as a desktop distribution Rating as a server distribution Rating as a newbie distribution Rating as a programmer distribution And some multiple choice questions: Why did you switch to/from a particular distribution Upgrade-ability Packages newness of packages stability What kind of users would you recommend this distro for Newbies Programmers Administrators What kind of uses would you recommend this distro for: workstation laptop server firewall backup I would list the results in terms of most popular distribution. They could be resorted based upon your level of expertise, the function that they will perform, and the hardware that they will be installed upon. Each distribution could then be expanded to show how they are rated on individual details as listed above. If LWN agreed to host this and help me out we could even put it into a database so that you could use it to compare and contrast the different distributions. It might even be possible to place a front end on it that would allow a user to say: "I'm an intermediate UNIX administrator/programmer, a beginning GNU/Linux user, an expert LAN administer and I need to deploy DNS, HTTPd, SMTP on a single server in a DMZ." The next user could say: "I'm a Linux expert that wants to deploy a firewall on an old P100 with a DMZ for servers and a NAT setup for the internal corporate users so they can share the DSL connection too (without spending a week building and configuring my own)." The first thing that I need to know, as I'm sure Jon and the other staff at LWN need to know, is what kind of interest is there in the community for such a database? Can I get some more feedback on the types of questions that should be listed and how I should format the results? This is just an idea and it won't be very useful without a lot of data in it so if there is just a passing interest I guess I'm stuck reading distro reviews and installing the most promising ones when I have the time. Best Regards to the Community, Tres -- Tres Melton <class5@pacbell.net>
Searching for software or having an itch...
Hello, Once again, LWN gets it right in pointing at something I was experiencing just as I was going to write about it anyway... (I have to read a week late due to unemployment = don't spend money that isn't essential) Your pointer to the article "Open Source needs centralized PR, not development (NewsForge)" seemed right on the money, as did the article itself. I just had a need to make a few campaign signs for my effort to get elected to Town Meeting locally. I'm a really lousy artist, so I had the idea of printing out the content of my signs on letter paper using very large type, and either gluing the paper printout onto my poster-board signs, or cutting them out in order to make stencils. I've done similar things at my old job (where the boss made me use M$ products) with no problem, as M$ Word goes up to around 190pt. type (about 6" tall letters) I also have a vague memory of a DOS program that did "ASCII art" banners with different size letters. My girlfriend and I spent a couple of hours searching then, and I've spent several hours since, trying to find a Linux program that would let me do the equivalent, with NO success. None of the Linux word processor or presentation programs seem to come with fonts over 96 points (about 3", or half what I wanted) We couldn't find anything on Google, searching on things like 'Linux Large Fonts' gave lots of advice on changing font size on the video display, but no programs. The Linux equivalency chart referenced in the comments didn't have anything that seemed to fit the description. The Gimp didn't have big fonts available in it's text tool (that I could find). I suspect that it would be possible to get large fonts out of TeX, but we didn't have time for the learning curve that TeX is reputed to require. So I ended up feeling very frustrated, and going back to making the signs from scratch. (They were ugly, but I won the election, which is what counts I guess) I'm not a programmer, I do hardware, not software; so I can't write a program to do this myself. My girlfriend probably could, but she has a 'yellow-dog' employment agreement that says her boss owns her brain 24/7 so she can't work on open source stuff. Besides, I'm SURE there must be a program out there that does this kind of thing IF ONLY WE COULD FIND IT! We have had several other times when we were looking for other applications, and it has consistently been a challenge to find out what options we had to choose from. I never really tried to find stuff for Windows, but back in my DOS BBS days, I never had as much trouble finding (legal) down-loadable software as I do today finding things for Linux on the Internet. I'm not sure what the answer is, but it seems to me like the Open Source world needs a better CENTRAL catalog of available software, or perhaps a "HOWTO" on finding software that lists all the major sites and gives suggestions as to what kind of search strings will be most likely to give good results. ART
Is Linux ready for the desktop?
That's the question asked (and supposedly answered) in an article linked from this week's LWN. But as far as I can see, that's not the real issue. Check out this piece from the Inquirer, which points out that "Windows 2004" (aka Longhorn) will be *completely backwards incompatible* with everything, ever. If this turns out to be, in fact, accurate, then that's going to serve as a tipping point for Linux. If you have to throw out everything you own *anyway*, then what do you want to replace it all with? Programs that already exist and run on a rugged, reliable, secur(able) operating system with 30 years background? Or the Next Big Thing from the people who brought you Windows 2.03? And the time to be evangelising ISV's, folks, is *right now*. If you want to see Quicken2004 for Linux, and Turbo Tax, and all that kind of stuff, open your mouth! Write letters! Tell Intuit that you're not *going* to Win2004, and you'll have to switch to some other product if they don't support Linux. Tell 'em LSB makes it more practical than ever before. Remind them that multiple distros aren't *that* scary -- they already have to support Win3 (in some cases) and 4 95's and 2 98's and ME and 4 NT's and 2 XP's and... Make some noise. It's another opportunity to change the world. But hell... what do I know? Maybe it's just me. So many things are just me... Cheers, -- jra
--
Jay R. Ashworth jra@baylink.com
Member of the Technical Staff Baylink RFC 2100
The Suncoast Freenet The Things I Think
Tampa Bay, Florida http://baylink.pitas.com +1 727 647 1274
"If you don't have a dream; how're you gonna have a dream come true?"
-- Captain Sensible, The Damned (from South Pacific's "Happy Talk")
Page editor: Jonathan Corbet
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
![[SPI]](/images/ns/spi.jpg)
![[Kodos]](/images/ns/kodos.jpg)
The