The 2002 Kernel Developers' Summit
![[Kernel hackers]](http://old.lwn.net/images/ks/group2-sm.jpg)
The 2002 Linux Kernel Developers' Summit was held June 24 and 25
in Ottawa, Ontario. At this event, a number of issues relevant to the
latter part of the 2.5 development series were worked out. LWN's Jonathan
Corbet was there, and has written up the experience.
- Day One covered the Hammer port, kernel
parameters, rationalizing the loadable module mechanism, virtual
memory, and the block I/O subsystem.
- Day Two was dedicated to what database
systems need from Linux, HP's kernel wishlist, the Loadable Security
Module, asynchronous I/O, SCSI, and the kernel release process. Among
other things, a firm date has been set for the 2.6 feature freeze.
Look inside the individual days' coverage for the details.
Comments (1 posted)
Trusting free software projects with security information
Internet Security Systems, which has been feeling quite a bit of heat for
its premature revelation of the Apache "chunk handling" vulnerability,
posted an "
advisory response" to defend
itself on June 21. It is an interesting bit of excuse-making, with
references to available patches and "Presidential Decision Directive 63."
Buried deep within, however, is an interesting claim:
Due to the general nature of open-source and its openness, the
virtual organizations behind the projects do not have an ability to
enforce strict confidentiality. By notifying the open source
project, its nature is that the information is quickly spread in
the wild disregarding any type of quiet period. ISS X-Force
minimizes the quiet period and delay of protecting customers by
providing a security patch.
This is quite a claim: ISS is telling us that free software projects can
not be trusted with information on vulnerabilities in their own code.
It would be most interesting to see the evidence from ISS to back up this
claim. Most free software developers (though there are always exceptions)
are greatly concerned about potential vulnerabilities in their code. They
care about their users, and will do their best to get a real, tested fix
out before spreading the word of the vulnerability. It is not in the
nature or interests of free software developers to put their users at
risk.
That said, there are things that free software projects could do to help
people who discover vulnerabilities. The most important thing would be to
make it clear who should be contacted when a vulnerability is found. After
all, sending the notification to a general project mailing list is not
usually what one wants to do. But many or most project web pages offer
little help to somebody wondering how to report a security hole.
Any development project which would prefer not to learn about its own
security problems on Bugtraq must make an effort to do better. The
project documentation and web site should offer clear contact instructions
for the reporting of security problems. The security contacts should know
how to respond quickly to reports, and have the ability to get a patch out
to users. The procedures for responding to a security problem need to be
worked out before the next vulnerability turns up.
There is no reason why free software project development teams can not be at least as
trustworthy as proprietary vendors when it comes to vulnerability
information. Claims that free software developers have overly loose
lips are not justifyable. But developers who want to be given a chance to
fix their holes before they become public need to take steps to show that
they are serious about security, and they should make it easy for people to report the problems that are found.
Comments (1 posted)
Letters to the editor
When LWN switched over to the new site a few weeks ago, some of our readers worried that
the comment posting facility would bring about the end of the Letters to
the Editor page. After all, why bother writing a letter when it is easy to
attach comments directly to articles? That was not a consequence that we
had feared, but now we are beginning to wonder - no letters to the editor
have been received this week. Thus, there is no letters page in this
Weekly Edition.
For the most part, we have been pleased with how the comments feature has
worked out so far. There have not been huge numbers of comments, but most
of those we have seen have been of high quality. Our trust in our readers
has proved itself justified - most of the time.
We did not want to drop the Letters to the Editor page, however. The
Letters page has, over the years, been a valuable source of feedback and a
place for LWN readers to express their opinions. So we hope that this
week's lull proves to be a temporary thing; perhaps all of our letter
writers are at OLS this week. If you have an opinion on something that you
would like to see published, please do not hesitate to send it our way;
letters should be sent to letters@lwn.net
Comments (12 posted)
Page editor: Rebecca Sobol
Security
Security news
OpenSSH 3.4
OpenSSH 3.4 was
released just five days
after the
release of version 3.3.
The release closes
"at least one major security vulnerability"; upgrading to 3.4 is recommended.
Please see
the vulnerability report for a list of security alerts from distributors as they become available.
OpenSSH provides a critical entry point to many systems on the net;
this could be nasty. If you plan to wait for an update from your distributor, please consider
setting UsePrivilegeSeparation yes or ChallengeResponseAuthentication no
in sshd_config to avoid the vulenrability. UsePrivilegeSeparation is
only available in OpenSSH versions 3.2 or 3.3. Setting ChallengeResponseAuthentication may impeed customary access for some
or all of your users.
Version 3.3 firmed up "privilege separation" support, and made it the default. Essentially, privilege separation works by splitting the ssh server into two cooperating processes. One process is charged with talking to the network; it runs without privilege. The other process sits back, makes decisions, and hands out privileges when it's convinced that is the right thing to do.
The end result is that there is little to be achieved by compromising the "front line" process. Even if somebody does discover a vulnerability in that code, it can not be used to gain access to the system. The privileged process, by virtue of its simplicity and its separation from the network, is far easier to verify as being truly secure.
The 3.4 release closes the serious vulnerability described in advisories from
OpenSSH and ISS.
The vulnerability prompted a week long code audit by the OpenSSH team
which resulted in "many other fixes.
We believe that some of those fixes are likely to be important security fixes."
Comments (2 posted)
Updated Apache advisory and response from ISS
The Apache Software Foundation has issued
an
updated advisory on the "chunk handling" vulnerability. Now that a
32-bit remote exploit is circulating, an Apache upgrade is suggested even
more urgently than before.
Meanwhile, ISS has sent out a response to the
extensive criticism it has taken for having announced the vulnerability
without allowing the ASF (or anybody else) any time to prepare patches.
"Due to the general nature of open-source and its openness, the
virtual organizations behind the projects do not have an ability to enforce
strict confidentiality. By notifying the open source project, its nature
is that the information is quickly spread in the wild disregarding any type
of quiet period. ISS X-Force minimizes the quiet period and delay of
protecting customers by providing a security patch."
If you haven't already, see this week's Leading Items for our opinion.
See the vulnerability report for
current information on this problem and distributor alerts.
Comments (none posted)
Papers from "Open Source Software: Economics, Law and Policy"
Two interesting papers considering the relationship between security and open source
were presented at the recent conference on
Open Source Software: Economics, Law and Policy
in
Toulouse (France).
-
Ross Anderson: "Security in Open versus Closed Systems - The Dance of Boltzmann, Coase and Moore" (PDF format)
However, there are more pressing security problems for the open source
community. The interaction between security and openness is entangled
with attempts to use security mechanisms for commercial advantage -
to entrench monopolies, to control copyright, and above all to control
interoperability. As an example, I will discuss TCPA, a recent initiative
by Intel and others to build DRM technology into the PC platform.
This paper was also the subject of articles in the
New York Times and
News.com.
For more information and links to related articles, see
Ross Anderson's home page.
-
Roger Needham: "Security and Open Source" (PDF format)
Security problems in software are of course an extremely bad thing, regardless
of the business model under which the software was written. I want to consider
why anybody thinks that the business model matters, and whether there is
evidence that it does. I shall also look somewhat to the future.
Comments (none posted)
Security reports
Acrobat reader 4.05 temporary files
Jarno Huuskonen reports a low risk
possible local file overwrite (symlink attack) in Acrobat Reader 4.05.
Acrobat Reader 5.05 for Linux is available from Adobe (
registration required). Some Linux
distributions include version 4.05.
Full Story (comments: 1)
Duma Photo Gallery System (DPGS) file overwrite vulnerability
The
Duma Photo Gallery System
has been officially unmaintained since July 30, 2000. This week,
a vulnerability was reported that may allow an attacker to use DPGS to
overwrite files on the web server.
Full Story (comments: none)
(Proprietary product) YaBB Cross-Site Scripting vulnerability
A cross-site scripting vulnerability in
YaBB 1 Gold SP1 and earlier versions
is fixed in
YaBB 1 Gold - SP 1.1.
Full Story (comments: none)
New vulnerabilities
Privilege escalation vulnerability in OpenSSH 2.9.9 through 3.3
| Package(s): | openssh |
CVE #(s): | |
| Created: | June 26, 2002 |
Updated: | July 3, 2002 |
| Description: |
OpenSSH versions 2.9.9 through 3.3 have a
bug in input validation which can lead to
an integer overflow and privilege escalation.
According to the OpenSSH developers:
Systems running with UsePrivilegeSeparation yes or ChallengeResponseAuthentication no are not affected.
The 3.4 release contain many other fixes done over a week long audit started when this issue came to light. We believe that some of those fixes are likely to be important security fixes. Therefore, we urge an upgrade to 3.4.
Upgrading to
OpenSSH 3.4 is recommended.
See the CERT Advisory and OpenSSH
Security Advisory
for more information including patches for the "pre-authentication problem."
OpenSSH 3.3 users are encouranced to
also read
the previous vulnerability report.
OpenSSH 3.2 and later have the bug in input validation
but prevent the privilege escalation if privilege separation is enabled by setting
UsePrivilegeSeparation in sshd_config.
Version 3.3 was the first release to turn on "privilege separation" by default Essentially, privilege separation works by splitting the ssh server into two cooperating processes. One process is charged with talking to the network; it runs without privilege. The other process sits back, makes decisions, and hands out privileges when it's convinced that is the right thing to do.
CERT Advisory: CA-2002-18 OpenSSH Vulnerabilities in Challenge Response Handling
|
| Alerts: |
|
Comments (none posted)
Privilege Separated OpenSSH 3.3
| Package(s): | openssh |
CVE #(s): | |
| Created: | June 24, 2002 |
Updated: | June 26, 2002 |
| Description: |
The release of OpenSSH
3.3 includes greatly improved support for privilege separation,
which is now enabled by default.
The process charged with talking to the network; now runs without privilege.
Upgrading is strongly recommended (see below).
Previously any corruption in the sshd could lead to an immediate remote root compromise if it happened before authentication, and to local root compromise if it happend after authentication. Privilege Separation will make such compromise very difficult if not impossible.
Or to put it into the words of Theo de Raadt: "Privilege Separation will one day save our asses." So, turn it on now.
When upgrading with a 2.2.x kernel, disabling compression is recommended
to avoid this bug which causes sshd to log a fatal mmap argument error then crash.
Update:
According to this OpenSSH Security Advisory
OpenSSH 3.3 has a serious privilege escalation vulnerable.
Please see the
new vulnerability report
for more information and a list of available alerts.
|
| Alerts: |
|
Comments (1 posted)
Updated vulnerabilities
Apache 'chunk handling' vulnerability
| Package(s): | apache |
CVE #(s): | CAN-2002-0392
|
| Created: | June 19, 2002 |
Updated: | July 3, 2002 |
| Description: |
It is past time to upgrade your Apache servers. A worm which takes advantage of the this vulnerability has been sighted, and its source has been publicly posted.
An apache httpd bug related to chunked encoding presents a denial
of service vulnerability. For some platforms,
including both 32-bit and 64-bit Linux, it is also a potential remote exploit vulnerability.
A "carefully crafted invalid request" may be
used to trigger the bug. The problem is fixed in Apache
2.0.39 and 1.3.26, which may be downloaded
from here.
For more information, see the advisories from CERT and the Apache Group.
This vulnerability has been widely publicized. Applying a patch from your vendor or upgrading to the latest version from the Apache Software Foundation is strongly encouraged. Avoid patches from other sources; at least one patch that
does not address the full scope of the problem has been circulated.
|
| Alerts: |
|
Comments (none posted)
Heap corruption vulnerability in at
| Package(s): | at at, sudo, xchat |
CVE #(s): | CAN-2002-0004
|
| Created: | May 20, 2002 |
Updated: | May 15, 2003 |
| Description: |
The at command has a
potentially exploitable heap corruption bug.
(First LWN report: January 17th).
|
| Alerts: |
|
Comments (none posted)
Denial of service vulnerability in version 9 of BIND
| Package(s): | bind |
CVE #(s): | CAN-2002-0400
|
| Created: | June 5, 2002 |
Updated: | August 19, 2002 |
| Description: |
Here is an advisory from the Computer Emergency Response Team (CERT)
regarding the denial of service vulnerability in version 9 of the BIND
nameserver, up to 9.2.1. An attacker can send a properly crafted packet
which triggers a check within BIND and causes it to shut down. The
vulnerability can not be exploited for any purpose beyond denial of
service, but that is bad enough; if you are running BIND 9, an upgrade
is probably a good idea.
Note that many or most systems out there will still be running
BIND 8, and thus will not be vulnerable.
News articles on the vulnerability appear in the
Register
and
Network World Fusion News. |
| Alerts: |
|
Comments (none posted)
DHCP remotely exploitable format string vulnerability
| Package(s): | dhcp/dhcp-server dhcp |
CVE #(s): | |
| Created: | May 20, 2002 |
Updated: | June 20, 2002 |
| Description: |
The
May 8, 2000 release of ISC DHCP 3.0p1
fixes this serious
vulnerability in ISC DHCPD 3.0 to 3.0.1rc8 inclusive.
We encourage dhcp users to upgrade, disable dhcp or, at a minimum,
consider
using ingress filtering as described in the CERT advisory.
(First LWN
report: May 16).
Note: Distributions which use version 2 of ISC DHCP, such as Red Hat
Linux,
are not vulnerable.
|
| Alerts: |
|
Comments (none posted)
Ethereal buffer overflow, infinite loop and memory management vulnerabilities
| Package(s): | ethereal |
CVE #(s): | CAN-2002-0012
CAN-2002-0013
CAN-2002-0353
CAN-2002-0401
CAN-2002-0402
CAN-2002-0403
CAN-2002-0404
|
| Created: | June 12, 2002 |
Updated: | October 27, 2002 |
| Description: |
Ethereal 0.9.4
was released
on May 19, 2002 fixing four potential security issues in Ethereal 0.9.3:
- The SMB dissector could potentially dereference a NULL pointer in two cases.
- The X11 dissector could potentially overflow a buffer while parsing keysyms.
- The DNS dissector could go into an infinite loop while reading a malformed packet.
- The GIOP dissector could potentially allocate large amounts of memory.
No known exploits exist "in the wild" at the present time for any of these issues.
Ethereal 0.9.2 has several packet handling vulnerabilities
that are best avoided by upgrading to 0.9.4.
The PROTOS test
suite found some flaws in SNMP and LDAP protocols support.
Malformed packets could also crash ethereal 0.9.2 due to a
ASN.1 zero-length g_malloc problem.
The zlib "double free" vulnerability
was addressed by the updates for that bug from many distributors. |
| Alerts: |
|
Comments (none posted)
GNU fileutils race condition
| Package(s): | fileutils ucdsnmp |
CVE #(s): | CAN-2002-0435
|
| Created: | May 20, 2002 |
Updated: | May 16, 2003 |
| Description: |
A race
condition in rm may cause the root user to delete the whole filesystem.
The problem exists in the version of rm in
fileutils
4.1 stable and 4.1.6 development version. A patch
is available.
(First LWN
report: May 2).
|
| Alerts: |
|
Comments (none posted)
Buffer overflow problem in glibc
| Package(s): | glibc glibc/shlibs, glibc, nscd |
CVE #(s): | CAN-2001-0886
|
| Created: | May 20, 2002 |
Updated: | July 14, 2002 |
| Description: |
The glibc filename globbing code has a buffer overflow problem.
For those who are interested, Global InterSec LLC has provided
a detailed description
of this vulnerability.
This problem was first reported by LWN on December 20th.
|
| Alerts: |
|
Comments (2 posted)
Buffer overflow in groff
| Package(s): | groff |
CVE #(s): | CAN-2002-0003
|
| Created: | May 20, 2002 |
Updated: | December 9, 2002 |
| Description: |
The groff package has a buffer overflow
vulnerability; if it is used with the print system, it is conceivably
exploitable remotely.
|
| Alerts: |
|
Comments (none posted)
UW imapd remotely exploitable buffer overflow
| Package(s): | imap |
CVE #(s): | CAN-2002-0379
|
| Created: | June 5, 2002 |
Updated: | December 20, 2002 |
| Description: |
UW imapd versions 2000c and prior allow remote authenticated users to execute code via a buffer overflow. A malicious user can craft
a request to run commands on the server under their UID and GID.
(First LWN report: May 23). |
| Alerts: |
|
Comments (2 posted)
Cross-site scripting vulnerability in Horde/IMP 2.2.7 and 3.0
| Package(s): | imp horde/imp |
CVE #(s): | |
| Created: | May 20, 2002 |
Updated: | June 19, 2002 |
| Description: |
Version 2.2.8 of IMP has been released, it
fixes some vulnerabilities. "The Horde team announces the
availability of IMP 2.2.8, which prevents some potential cross-site
scripting (CSS) attacks." Upgrading
to IMP 3.1 or, at least, 2.2.8 is recommended
(First LWN
report: April 11, 2002).
Update: IMP 3.0, which was initially believed to be
immune, is also vulnerable. The problem
is fixed in IMP 3.1. |
| Alerts: |
|
Comments (1 posted)
LPRng accepts jobs from any host.
| Package(s): | LPRng |
CVE #(s): | CAN-2002-0378
|
| Created: | June 12, 2002 |
Updated: | October 31, 2002 |
| Description: |
Matthew Caron pointed out that LPRng's default configuration accepts job submissions from any host.
This could be an especially annoying vulnerability for adminstrators
with systems exposed to the general public.
|
| Alerts: |
|
Comments (none posted)
Mailman 2.0.11 fixes two cross-site scripting vulnerabilities
| Package(s): | mailman |
CVE #(s): | CAN-2002-0388
|
| Created: | June 5, 2002 |
Updated: | August 28, 2002 |
| Description: |
Barry A. Warsaw announced
the release of Mailman 2.0.11
"which fixes two
cross-site scripting exploits, one reported by "office" in the admin
login page, and another reported by Tristan Roddis in the Pipermail
index summaries.
It is recommended that all sites upgrade their 2.0.x systems to this
version."
|
| Alerts: |
|
Comments (none posted)
Mozilla XMLHttpRequest file disclosure vulnerability
| Package(s): | mozilla |
CVE #(s): | CAN-2002-0354
|
| Created: | May 20, 2002 |
Updated: | October 18, 2002 |
| Description: |
This XMLHttpRequest security
bug impacts all Mozilla-based browsers. "The bug is found in versions of
Mozilla from 0.9.7 to 0.9.9 on various operating
system platforms, and in Netscape versions 6.1 and
higher."
(First LWN
report: May 2).
|
| Alerts: |
|
Comments (none posted)
String format bug in pam_ldap logging
| Package(s): | nss_ldap |
CVE #(s): | CAN-2002-0374
|
| Created: | June 5, 2002 |
Updated: | October 29, 2002 |
| Description: |
The nss_ldap package includes the pam_ldap module for
authenticating a user with an LDAP database.
Pam_ldap versions prior to 144 have a string format
bug in the logging mechanism. |
| Alerts: |
|
Comments (none posted)
Remotely exploitable vulnerability in pine
| Package(s): | pine |
CVE #(s): | CAN-2002-0014
|
| Created: | May 20, 2002 |
Updated: | November 27, 2002 |
| Description: |
Pine has an
unpleasant
vulnerability in URL handling vulnerability which can lead to
command execution by remote attackers.
(First LWN report: January 17th).
This vulnerability is remotely exploitable; updating is a good idea.
Note: If an update isn't yet available for your distribution,
setting enable-msg-view-urls to "off" in pine's setup will
avoid the vulnerability. (Thanks to Greg Herlein).
|
| Alerts: |
|
Comments (none posted)
Sharutils potential privilege escalation using uudecode
| Package(s): | sharutils |
CVE #(s): | CAN-2002-0178
|
| Created: | May 20, 2002 |
Updated: | October 30, 2002 |
| Description: |
According to the CVE entry,
"uudecode, as available in the sharutils package before 4.2.1, does not
check whether the filename of the uudecoded file is a pipe or symbolic
link, which could allow attackers to overwrite files or execute commands."
(First LWN
report: May 16).
|
| Alerts: |
|
Comments (none posted)
Malformed NFS packet buffer overflow vulnerability in tcpdump
| Package(s): | tcpdump |
CVE #(s): | CAN-2002-0380
|
| Created: | June 5, 2002 |
Updated: | October 9, 2002 |
| Description: |
A buffer overflow in tcpdump can be triggered by a bad NFS packet when
tracing the network. Unmodified tcpdump versions 3.6.2 and earlier are vulnerable.
|
| Alerts: |
|
Comments (none posted)
Multiple vendor telnetd vulnerability
| Package(s): | telnet Telnet netkit-telnet-ssl kerberos telnetd netkit-telnet nkitb/nkitserv/telnetd krb5 |
CVE #(s): | |
| Created: | May 20, 2002 |
Updated: | October 5, 2004 |
| Description: |
This vulnerability,
originally thought to be confined to BSD-derived systems, was first covered
in the July 26th Security
Summary. It is now known that Linux telnet daemons are vulnerable as
well.
|
| Alerts: |
|
Comments (none posted)
Multiple vulnerabilities in SNMP implementations
| Package(s): | ucdsnmp ucd-snmp |
CVE #(s): | CAN-2002-0012
CAN-2002-0013
|
| Created: | May 20, 2002 |
Updated: | September 17, 2002 |
| Description: |
Most SNMP
implementations out there have a variety of buffer overflow vulnerabilities
and should be upgraded at first opportunity. See this CERT advisory for more. (First
LWN report: February 14).
|
| Alerts: |
|
Comments (none posted)
webalizer: reverse DNS buffer overflow vulnerability
| Package(s): | webalizer |
CVE #(s): | |
| Created: | May 20, 2002 |
Updated: | January 27, 2003 |
| Description: |
The cause is a buffer overflow bug.
This one sounds nasty.
If reverse DNS lookups are enabled in webalizer,
"an attacker with control over the victims DNS may spoof responses thus
triggering a buffer overflow, potentially leading to a root compromise."
Webalizer 2.01-10 "fixes this and a few
other buglets that have been discovered in the last month or so".
(First LWN report: April 18th, 2002).
|
| Alerts: |
|
Comments (none posted)
Webmin/Usermin vulnerabilities
| Package(s): | webmin |
CVE #(s): | |
| Created: | May 20, 2002 |
Updated: | January 10, 2003 |
| Description: |
Webmin is a web-based interface for
system administration for Unix.
Webmin has cross-site scripting and
session ID spoofing vulnerabilities
which are fixed in the May 6, 2002 release of version 0.970.
(First LWN
report: May 9).
This one is scary. The session ID
spoofing vulnerability allows the "possibility that arbitrary
commands may be executed with root privileges."
Upgrading is strongly recommended. At a minimum avoid the
"preconditions for a successful exploit" by disabling
password timeouts under Webmin->Configuration->Authentication.
|
| Alerts: |
|
Comments (1 posted)
Problems with libgtop_daemon
| Package(s): | wuftpd libgtop |
CVE #(s): | |
| Created: | May 20, 2002 |
Updated: | May 7, 2003 |
| Description: |
The libgtop_daemon package is a GNOME
program which makes system information available remotely.
LWN reported the remotely exploitable format
string and buffer overflow vulnerabilities in that package
on December 6th.
On November 28th
disabling the libgtop_daemon on systems where it is running until
an update is available.
Many Linux systems do not run
libgtop by default, but applying the update is a good idea anyway.
|
| Alerts: |
|
Comments (1 posted)
xchat IC server based dns query vulnerability
| Package(s): | xchat |
CVE #(s): | CAN-2002-0382
|
| Created: | June 5, 2002 |
Updated: | September 24, 2002 |
| Description: |
A malicious IRC server may
return a response to a /dns query that executes arbitrary commands
with the privileges of the user running XChat.
Versions of XChat prior to 1.8.9 are vulnerable. |
| Alerts: |
|
Comments (none posted)
Resources
Paper on SSH insecurity
A group has put together a paper showing how to "
provably fix the SSH protocol."
Thanks to "deneb" for forwarding this along to us.
Full Story (comments: 1)
MOPS, a code auditing tool
jose nazario has pointed us to the
announcement of MOPS, a code auditing tool. "
I wanted to announce a first prototype release of MOPS, a tool designed
to help find security bugs in C programs and verify their absence.
MOPS lets you statically (at compile time) verify facts about the ordering
of security-critical operations in the program."
Comments (none posted)
Linux Security Week and Advisory Watch
The
June 24th Linux Security Week
and
June 21st Linux Advisory Watch newsletters
from LinuxSecurity.com are available.
Comments (none posted)
Events
Upcoming Security Events
| Date | Event | Location |
| June 27 - 28, 2002 | 14th Annual Computer Security Incident Handling Conference | (Hilton Waikoloa Village)Hawaii |
| June 28 - 29, 2002 | Edinburgh Financial Cryptography Engineering 2002 | Edinburgh, Scotland |
| July 31 - August 1, 2002 | Black Hat Briefings 2002 | (Caesars Palace Hotel and Resort)Las Vegas, NV, USA |
| August 2 - 4, 2002 | Defcon | (Alexis Park Hotel and Resort)Las Vegas, Nevada |
| August 5 - 9, 2002 | 11th USENIX Security Symposium | San Francisco, CA, USA |
| August 6 - 9, 2002 | CERT Conference 2002 | Omaha, Nebraska, USA |
| August 19 - 21, 2002 | Canadian Security & Intelligence Conference(CSICON) | (Hyatt Regency)Calgary, Alberta Canada |
For additional security-related events, included training courses (which we
don't list above) and events further in the future, check out
Security Focus' calendar,
one of the primary resources we use for building the above list. To
submit an event directly to us, please send a plain-text message to
lwn@lwn.net.
Comments (none posted)
Page editor: Dennis Tenney
Kernel development
Release status
Current release status
Linus has
announced the 2.5.24 development
kernel. Changes this time include a lot of janitorial fixes, an NTFS
update, a bunch of JFS fixes, an ALSA update, more kbuild changes, Martin
Dalecki's IDE 93 patch which "
should undo the damage of
IDE 92," and various other fixes and updates. This will be the
last kernel release from Linus before he heads off to the Kernel Summit and
OLS. The
long-format changelog is also available.
From the Kernel Summit meeting room Dave Jones has released
2.5.24-dj1.
The list of new changes is short; it includes fixes from the 2.4.19 release
candidate, more cpufreq work, and a few other tweaks.
Comments (2 posted)
Development kernel prepatch 2.5.24-dj2 released
From the Kernel Summit meeting room Dave Jones has released 2.5.24-dj2. The
list of new changes is short; it includes fixes from the 2.4.19 release
candidate, more cpufreq work, and a few other tweaks.
Full Story (comments: none)
The first 2.4.19 release candidate
While most of the kernel hackers at the Ottawa Kernel Summit have been busy
talking about 2.5 changes, Marcelo has put out the first release candidate
for the long-awaited 2.4.19 kernel. Click below for the details; it
contains a fairly long list of (mostly small) fixes.
Full Story (comments: 5)
2.5 Kernel Status Summary
Guillaume Boissiere has posted his 2.5 kernel status summary for June 26. "
With the kernel summit and OLS this week, expect some changes to the
feature list in the near future."
Full Story (comments: none)
Kernel development news
Kernel Traffic #172
Kernel Traffic #172
is available. Topics include a new Fast Mutex implementation For 2.5,
Per-Socket Statistics Proposed And Rejected Coding Style,
Binary Files Found In The Kernel Sources,
Status Of FAT CVF, and Developer Disconnects.
Comments (none posted)
Patches and updates
Kernel trees
- Lightweight patch manager: Linux 2.5.23-ct1. "<span>It's basically some stuff + kbuild-2.5</span>"
(June 21, 2002)
Core kernel code
Device drivers
Documentation
Filesystems and block I/O
Kernel building
Memory management
Networking
Architecture-specific
Miscellaneous
- Kurt Garloff: /proc/scsi/map. Add <tt>/proc/scsi/map</tt> to 2.5.23.
(June 19, 2002)
Page editor: Forrest Cook
Distributions
Distribution News
Debian Weekly News - June 25th, 2002
The latest news for the Debian community is now available.
Click below for the full story.
Full Story (comments: none)
Updated Debian developers-reference available
A new version of the developers-reference has been installed and is now
available. The number of changes is so impressive that you may well want to read it completely.
Full Story (comments: none)
debconf2 keysigning
On July 5th, at debconf2, there will be a formal keysigning. The deadline
to participate is July 2, 2002.
Full Story (comments: none)
GNU FDL 1.2 draft comment summary posted, and RFD
G. Branden Robinson comments on the GNU FDL 1.2 draft from Debian's perspective.
Full Story (comments: none)
Mandrake Linux Community Newsletter - Issue #47
The latest newsletter from Mandrake is out. Table of contents:
- 8.2 DVD-only Edition Available
- Mandrake Linux Servers Invade the Internet
- Financial Corner
- Business Case of the Week
- MandrakeClub
- Spotlight on the Linux Weekly News
- What's New at MandrakeUser.org?
- This Week's Survey
- Headlines from MandrakeForum
Full Story (comments: none)
Mandrake Linux Community Newsletter - Issue #48
The latest edition, issue #48, of the Mandrake Linux Community Newsletter is available at the link below.
"
This Week's Summary: MandrakeSoft Wins Contract with French Gov't;
Mandrake in the News; Financial Corner; Important Updates for Apache
and OpenSSH; Business Case of the Week; Website News; Headlines from
MandrakeForum."
Full Story (comments: none)
Red Hat Linux Alpha 7.2 Now Available
Red Hat Linux version 7.2 is
now available for the Alpha processor.
"
Red Hat Linux Alpha 7.2 delivers reliability, stability, and performance and now it's available from HP!"
(Thanks to David 'Addy' Addison.)
Comments (none posted)
Red Hat fixes kernel bugs
Red Hat has an updated kernel with bugfixes available for Red Hat Linux 7.3
- athlon, i386, i586, i686.
Full Story (comments: none)
Red Hat releases new rpm-update
Red Hat has released a new version
of
rpm-update.
Comments (2 posted)
Yellow Dog Linux version 2.3 released
Scott Dowdle has pointed out to us that Yellow Dog Linux version 2.3
has been quietly
released.
"
YDL 2.3 surpasses YDL 2.2 with an array of timely updates,
improvements: kernel 2.4.19, the 'Liquid' theme, CUPS print system, apt-get,
OpenOffice 1.0, Mozilla 0.9.9, Galeon 1.2, Evolution 1.0.5, AbiWord 1.0.2,
netatalk 1.5.3.1, and support for the Radeon 7500 (excluding 'Mobility') video
card."
Comments (none posted)
New Distributions
IDMS Linux
IDMS Linux is NOT a home user
distribution. It is intended solely as the base for high end server
software. It contains no GUIs, X, or fancy stuff. The initial Freshmeat
announcement for
version
2.0.25 is dated June 22, 2002.
Comments (none posted)
Webfish Linux
Webfish Linux is a
small, stripped down Linux distribution based on GNU source
packages. Webfish is built with the more expereinced user in mind and is
aimed at small, fast, secure server and workstation systems with a
minimum of installed packages. The initial release of Webfish Linux,
version 0.9b, occured on June 20, 2002.
Version 0.9fb was
released soon after, with minor bug fixes.
Comments (none posted)
Minor distribution updates
Astaro Security Linux
Astaro Security Linux
has released
stable
version 3.201 with major security fixes.
Comments (none posted)
GENDIST
GENDIST released version 1.4.3 with major bugfixes. That release was closely followed by
version 1.4.4 with minor feature enhancements.
Comments (none posted)
Immunix 7+ beta available
WireX has announced the availability of the beta version of
Immunix 7+, a "gentle upgrade" from the 7.0 release. "
This
release also constitutes an omnibus security update package, so current
Immunix 7.0 users should consider applying these updates. We are not
proud of this omnibus approach, and hope not to have to repeat it."
Among other things, it includes a fix for the Apache vulnerability.
Full Story (comments: none)
OEone Releases HomeBase 1.5
Open For Business
reports
that OEone, the developer of the internet appliance-like HomeBase Linux
distribution, has announced that HomeBase 1.5 has been released.
Comments (none posted)
Page editor: Rebecca Sobol
Development
GNOME 2.0 Desktop and Developer Platform Released
From the Ottawa Linux Symposium, the GNOME Foundation has put out a
press release
announcing the release of the 2.0 GNOME Desktop and Developer
Platform.
"With the inclusion of GNOME 2.0 by leading Linux and Unix vendors later this year, users of GNOME can look forward to an improved user environment for existing GNOME applications, including a faster and more powerful Nautilus file manager, features that are better organized and usability-tested, dozens of useful utilities, applications and even games. Users and administrators will also see a new, simplified configuration system. Developers can look forward to more efficient application development with stronger integration of GNOME APIs and the advantages of GNOME's component-based architecture.
GNOME Foundation board chair Havoc Pennington promoted the GTK+ 2.0 toolkit:
"The industrial-strength GTK+ 2.0 toolkit, combined with add-on tools such as Glade, Python and our CORBA implementation make GNOME the natural choice for developers on a variety of platforms. GNOME's component-based architecture makes it possible for developers to use already existing tools, libraries and features, cutting development time significantly."
GNOME2 will be included with major Linux distributions, HP-UX from
Hewlett Packard, and Solaris from Sun.
Comments (none posted)
System Applications
Audio Projects
Alsa development release 0.9.0rc2 available
For those of you who like to stay on the forefront of development,
version 0.9.0rc2 of the developmnet tree for the Alsa sound driver
is available.
Try it out and report any bugs to the developers.
Comments (none posted)
Education
Linux in education report #73
Issue #73 of the SEUL/Edu
Linux in Education Report
is out. Topics include Karel the Robot, refurbishing computers, Linux in India, K12LTSP CDROMs, the Mandrake Mosix Terminal Server Project, and more.
Comments (none posted)
Electronics
Icarus Verilog Snapshot 20020623
A new snapshot of the Icarus Verilog electronic simulation language
compiler
is available. See the
changes file for information on this release.
Comments (none posted)
Xcircuit 2.3.1 (beta) available
A new beta version of the xcircuit schematic drawing program
is available.
"
The netlist code has been extensively tested on a major chip design project and successfully netlisted an entire chip of 40,000 devices (transistors, resistors, and capacitors) for LVS with the extracted VLSI layout. The time to generate the netlist has been substantially reduced, and netlisting errors have been expunged."
Comments (none posted)
Printing
GNU Ghostscript 7.05 released
Version 7.05 of GNU Ghostscript
has been announced.
"
New in this release is a port of the gs-cjk team's asian language improvements from the 6.5x branch, a major improvement over 7.04. PDF handling in general is much better than in the previous GNU release (6.53) and the portability of the autoconf build system is much improved. Of course there are the usual minor bugfixes as well."
Comments (1 posted)
LPRng-3.8.12 is available
Version 3.8.12 of the LPRng printing system has been
released. This version adds bug fixes, support for TCP wrappers,
a LSB style startup script, and more.
Comments (none posted)
Science
Mumps version 5
Version 5 of the Mumps compiler, also known as M,
has been announced.
The
Mumps source code location
describes the language as follows:
"
Mumps is a general purpose programming language that supports a native hierarchical data base facility. It is supported by a large user community (mainly biomedical), and a diversified installed application software base."
Comments (none posted)
Web Site Development
Analog version 5.24 released
Version 5.24 of the Analog web log analyzer program
is available.
The
changes
include Netscape 7 recognition, a new version of the IIS How-To,
multibyte character set support for SEARCHCHARCONVERT,
and several new internationalization improvements.
Comments (none posted)
mnoGoSearch version 3.2.6 released
Version 3.2.6 of the mnoGoSearch web site search engine
is available.
This release features a number of bug fixes, see the
Change Log
for more details.
Comments (none posted)
Zope Members News
This week's
Zope Members News
looks at External Editor 0.4, DocumentLibrary 1.0rc1,
ZSyncer 0.4.5, ZXMail 0.1, and CMFMailIn.
Comments (none posted)
Skimpy Forum: An Application of Perl and XML (O'Reilly)
Erik T. Ray
writes about the development of Skimpy Forum, a simple Perl based
web forum system, on O'Reilly's OnLamp site.
Comments (none posted)
Improving mod_perl Sites' Performance: Part 2 (O'Reilly)
Stas Bekman
continues his series
on mod_perl performance optimization and benchmarking on O'Reilly's perl.com site.
"
In the next series of articles, we are going to talk about mod_perl performance issues. We will try to look at as many aspects of the mod_perl driven service as possible: hardware, software, Perl coding and finally the mod_perl specific aspects."
You may want to start with
Part One
in the series.
Comments (none posted)
MidCOM 0.2.0 public Beta Version
Version 0.2.0 of the MidCOM Midgard application development framework RFC
has been released. "
This document represents a draft about a component architecture for the Midgard Content Management System. Its intent is to provide an easily extensible Application Framework based on Midgard. It should -- in its ultimate extent -- enable end users to 'click their sites together' using common Components for news tickers, discussion boards or similar things."
Comments (none posted)
Web Services
Enhancing Web Services Infrastructures with JMS (O'Reilly)
Gunnison Carbone
writes about JMS (Java Message Service) on O'Reilly's OnJava site.
"
Web services are revolutionizing the Internet by enabling applications to speak a common language: XML. Under the Web services paradigm, a single application can tap into the services of millions of applications scattered throughout the Internet. The potential of this is enormous. Web services allow cooperation, communication, and integration on a global scale."
Comments (none posted)
Miscellaneous
New hcfpcimodem-0.96mbsibeta02062500 release
A new, experimental version of the Conexant HCF
software modem driver has been released.
Full Story (comments: none)
GNU Bayonne 1.0 (Linux Journal)
Linux Journal
reports on the preliminary release and call for help for the
GNU Bayonne open-source telephony server project.
"
After two years of development, a 1.0 preliminary release
candidate for
GNU Bayonne has emerged from the GNU Project, under sponsorship of the Free
Software Foundation and OST. GNU Bayonne is a freely licensed telephony
server allowing small businesses, large enterprises and commercial
telephone carriers to create, deploy and manage embedded, standalone
and web-integrated telephony voice-response solutions."
Comments (none posted)
Desktop Applications
Audio Applications
AlsaPlayer 0.99.71 released
Version 0.99.71 of the
AlsaPlayer sound playing utility
is available. This version adds bug fixes, support for ftp and http
streams, keyboard shortcuts, API additions, and more. See the
Change Log
for the full story.
Comments (none posted)
WaveSurfer 1.4.2 released
Version 1.4.2 of the
WaveSurfer
sound visualization and manipulation tool has been released.
"
The new version of WaveSurfer uses Snack v2.2, which incorporates code from the ESPS speech analysis library. ESPS was recently licensed to the Centre for Speech Technology by Microsoft and AT&T, with the aim to make it available to speech researchers again." See the
Change History File for more information.
Comments (none posted)
Desktop Environments
GNOME Summary for 2002-06-02 - 2002-06-22
The GNOME summary for June 2nd through June 22nd is available at the link below.
Table of Contents:
- GNOME 2 Release Candidate 2 out
- GNOME 2 Screenshots from the master
- Gnomedesktop.org list of ported applications
- Official Sun Solaris beta of GNOME 2
- Agnubis to the people
- IBM GNOMEnclature series continues
- GNOME South American Tour
- SashXB 1.0 is out!
- Translated GNOME Summaries
- Hacker Activity
- Gnome Bug Hunting Activity
- New and Updated Software
Full Story (comments: none)
GNOME Clarified (pclinuxonline)
"Yama" has written
an article on pclinuxonline.com
that aims to "
clear up many misconceptions that many
people seem to hold about GNOME. Hopefully it will lead to a greater
understanding of The GNOME Project and what it's about."
Comments (none posted)
GNOME 2.0 Desktop Release Candidate 2: 'Glad Midsommar'
The GNOME 2.0 Desktop Release Candidate 2, "Glad Midsommar", is
now available.
"
A number of release critical issues were resolved after Release Candidate 1, so
to ensure adequate testing and review before GNOME 2.0 Desktop Final, we've
made a second release candidate for wider testing. RC2 should reflect the
contents of the final release."
Comments (none posted)
KDE Dot News: Community FAQ
KDE.News has posted
an announcement
for a new KDE Community FAQ for the site.
"
By popular demand, we are answering some of the most frequently asked
questions at the dot. Read the following FAQ if you are interested in
understanding how the dot operates, how best to contribute articles, and how
to help improve the dot in general. Nothing is really set in stone here. The
FAQ will be updated as required and as per your comments, and may eventually
be moved to a different final location. With your help, KDE Dot News can
hopefully improve and serve your needs better in the future."
Comments (none posted)
Kernel Cousin KDE #39
Issue #39 of
Kernel Cousin KDE is out.
Topics include Kicker Xinerama Support, KDE/GNOME Interoperability,
KDE 3.1 Release Schedule 4. 1, and KDE on HP/UX.
Comments (none posted)
Interoperability
Samba 2.2.5 has been released
This is the latest stable release of Samba. The full details are found within this story.
Full Story (comments: none)
Kernel Cousin Wine #127
Issue #127 of
Kernel Cousin Wine is out.
Topics include wIndependence Day, Lindows at Wal-Mart, Kohan from TransGaming,
Documentation Links, Creating Stubs, MS Write Support,
Adding FriBiDi Support, and Multiple Wine Configurations.
Comments (none posted)
Office Applications
AbiWord Weekly News #97 (2002, week 25) released
AbiWord Weekly News for June 24th
is available.
Topics include tables spanning
multiple pages, the BugZilla update, and the usual sections: CVS states, bug
updates, latest releases, and "on the mailing list".
Comments (none posted)
KOrganizer: Embedded Release 1.0 + Groupware Workshop
KDE.News
mentions
several new KOrganizer resources including
a new workshop series and a stable release of KOrganizer/Embedded
for Qtopia.
Comments (none posted)
Kernel Cousin GNUe #33
Issue #33 of the
Kernel
Cousin GNUe is out with coverage of the latest developments
in the GNU enterprise project.
Comments (none posted)
Miscellaneous
PDF Presentations Using AxPoint (O'Reilly)
Kip Hampton
examines
the use of AxPoint for making PDF-based presentations.
"
All kidding aside, if you've ever attended The Perl Conference or one of the YAPC gatherings, you've probably experienced the vague sense of disappointment that comes from watching someone who's otherwise staunchly committed to Open Source software boot up proprietary OS to use a presentation application to deliver the slides for their talk. It doesn't have to be that way; there are alternatives."
Comments (1 posted)
gphoto2 2.1.0 released!
Version 2.1.0 of the gphoto2 digital camera utility
has been released.
This version includes a new manual, support for additional cameras,
and bug fixes.
Comments (none posted)
Kernel Cousin GNUe #34
Issue #34 of
Kernel Cousin GNUe is out. Topics include:
Normalisation for Contact Management in GNUe/DCL,
Quoting table names in SQL queries, Foreign Key support in Forms,
Scrollboxes and other queries, Container widgets in Forms, and more.
Comments (none posted)
Languages and Tools
C
Scheduling threads (IBM developerWorks)
Dr. Edward G. Bradford
compares thread performance between Red Hat 7.2
and various Windows varients on IBM's developerWorks.
"
This month's column will go into more depth with threads. I've written a program that performs measurable work in each thread and then demonstrate the overhead of performing the same computation in multiple threads."
Comments (none posted)
Caml
Caml Weekly News
The June 25, 2002 edition of the Caml Weekly News
features the following topics:
French interactive fiction, Ocaml tracing (with Camlp4),
Cameleon 0.4, and DBForge 0.4.
Full Story (comments: none)
Java
An Introduction to the Java Logging API (O'Reilly)
Brian R. Gilstrap
writes about the Java logging API on O'Reilly's OnJava site.
"
Unless you've been living under a rock, you already know that the official release of JDK 1.4 came out in the first quarter of this year, and included with it is a new logging API. This API was first described in JSR 47. Essentially the same description is also available in the documentation of logging for JDK 1.4."
Comments (none posted)
Lisp
SBCL 0.7.5 released
Steel Bank Common Lisp
(SBCL), version 0.7.5
has been announced.
"
This version has been ported to a
new platform (Tru64--a.k.a. OSF/1--on Alpha), can be cross compiled with
OpenMCL, changes a command line option and the behavior of the LOAD form,
and fixes a few bugs."
Comments (none posted)
Perl
Perl 5.8.0 RC 2 Released (use Perl)
Perl 5.8.0 Release Candidate 2 is
now available. This is a release
candidate, and is not recommended for use in a production environment, but
downloading and testing is strongly encouraged.
Comments (none posted)
Ghostscript.pm - A perl module for the Ghostscript API
Forrest Cahoon
has announced
Ghostscript.pm, a perl module that connects to the Ghostscript API.
Comments (none posted)
PHP
PHP Weekly Summary #91
The June 24, 2002 edition of the
PHP Weekly Summary
topics include:
GD not detecting built-in features, Overload extension on Win2K, PHP 4.2.2, Manual in Turkish, PHP on Windows CE, exit(), and Java and PHP.
Comments (none posted)
Multiple File PHP Scripts (O'Reilly)
John Coggeshall
discusses breaking PHP code into multiple files on O'Reilly's OnLamp
site. "
Although it's not ever truly necessary, many times it becomes very important to have the ability to separate PHP code into multiple files to ease organization and promote the idea of reusing common functions within your PHP scripts."
Comments (none posted)
Python
Dr. Dobb's Python-URL!
The June 24, 2002 edition of the Dr. Dobb's Python-URL! is
now available.
Full Story (comments: none)
Daily Python-URL
This week's entries on the
Daily Python-URL
include translating Perl to Python, an interview with Alex
Martelli, Python on the space shuttle, game scripting in Python,
and more.
Comments (none posted)
Ruby
The Ruby Weekly News
The June 24, 2002 edition of
the Ruby Weekly News has announcements for Ruby Password 0.1.0, FXRuby-1.0.11, a new Ruby.vim maintainer, and Rpkg-0.3.4pre4.
Discussion threads include an Rpkg repository,
REXML in C, and inside Ruby I/O.
Comments (none posted)
The Ruby Garden
This week,
The Ruby Garden
topcis include kernel conversion methods for using to_flt, to_int, to_ary, to_str, local variables and blocks, and more.
Comments (none posted)
Scheme
Scheme Weekly News for June 17, 2002
The June 17, 2002 edition of the Scheme Weekly News topics include:
the Web-It! XML framework, mod_scheme for Apache 2, GNU Kawa 1.6.99,
Systas 1.0pre3, SISC b1.5.2, and more.
Full Story (comments: none)
Tcl/Tk
Dr. Dobb's Tcl-URL! - weekly Tcl news and links (Jun 20)
The June 20, 2002 edition of the Dr. Dobb's TCL-URL! is available
with all of the latest Tcl news.
Full Story (comments: none)
Dr. Dobb's Tcl-URL! - weekly Tcl news and links (Jun 24)
The June 24, 2002 edition of Dr. Dobb's TCL-URL! covers
Korean text, tips and tricks for widgets, helpful information
for building applications, and more.
Full Story (comments: none)
Page editor: Forrest Cook
Linux in Business
Business News
IBM Delivers Total Linux Solutions to Wall Street
Here's a press release from IBM about its new Manhattan based Linux center.
Full Story (comments: none)
AMD Athlon MP Processors Drive Most Powerful x86 Cluster Supercomputers in Europe and Asia
Here is a
press
release from AMD, describing the Linux cluster at the University of
Heidelberg, Germany. It recently made its way onto the TOP500 supercomputer
list. "
The University's Heidelberg Linux Cluster System (HELICS)
supercomputer performs scientific research at its Interdisciplinary
Center for Scientific Computing (ICSC)."
Comments (2 posted)
SnapGear Announces new uClinux Distribution
SnapGear has sent in a press release about a "
new update of the uClinux
kernel which completes enhancements for the Motorola MCF5249 architecture and
consolidates updates and applications for one free and easy download for
embedded Linux developers worldwide."
Full Story (comments: none)
MontaVista Software Powers New Advanced Thin-Client Terminal
This
press release
states that two Japanese firms, Nexterm Inc. and ELT Inc., have
jointly developed a thin-client terminal based on MontaVista Linux.
"
The Nexterm SE is a highly efficient and lightweight micro-client
that executes all terminal applications in a server-based computing
environment."
Comments (1 posted)
MandrakeSoft to provide Linux server software to all levels of French government
As the result of an Open Bid process
initiated by the French "Union des Groupements d'Achats Publics" (UGAP),
MandrakeSoft has been awarded a contract to equip Linux server software to
French government agencies and ministries. Hit the link for the press release.
Full Story (comments: none)
Kodak Turns to IBM and Linux for Digital Cinema
Eastman Kodak Company announced that it has selected
IBM as the key supplier of computer servers, storage units and other
peripherals for the new Kodak Digital Cinema Operating System (COS). Click below for the full press release.
Full Story (comments: 2)
Zumiez Completes Companywide Deployment of Ximian Desktop
Here is a
press release
from Ximian. A retail chain, Zumiez, is now using the Ximian Desktop at its retail locations.
"
The 1,200 employee, Seattle-based company completed the nationwide rollout in
just six months and installed Ximian Desktop at each of its 91 retail locations
to enable every point-of-sale computer to easily and efficiently perform
spreadsheet calculations, manage email and browse the corporate intranet.
Zumiez demonstrates how companies can cost-effectively capitalize on the
desktop and productivity solutions from Ximian."
Comments (none posted)
Antelope Technologies and Transmeta Announce Collaboration on Innovative Mobile Computer
Here is a
press release,
jointly issued by Transmeta and Antelope Technologies, announcing
"
that Antelope's Mobile Computer Core (MCC) will incorporate Transmeta's
Crusoe TM5800 processor."
Comments (none posted)
Open source flow solver
Gerris 0.1.0, the first "official" release, is an "
open-source, free-software library
and code for the resolution of the three-dimensional partial
differential equations describing incompressible fluid flow. Gerris
can deal with arbitrarily complex solid boundaries in an automatic
manner and uses dynamic adaptive mesh refinement to optimise the
discretisation according to the flow solution."
Full Story (comments: none)
A pile of Java books from O'Reilly
O'Reilly has sent us announcements for a number of new Java books,
including:
Comments (none posted)
Press Releases
Open Source Announcements
Distributions and Bundled Products