LWN Weekly Edition
Leading itemsSecurity
Kernel development
Distributions
Development
Linux in Business
Linux in the news
Announcements
->Multipage format
This page
Previous weekFollowing week
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
LWN.net Weekly Edition for June 27, 2002The 2002 Kernel Developers' Summit![[Kernel hackers]](http://old.lwn.net/images/ks/group2-sm.jpg)
The 2002 Linux Kernel Developers' Summit was held June 24 and 25
in Ottawa, Ontario. At this event, a number of issues relevant to the
latter part of the 2.5 development series were worked out. LWN's Jonathan
Corbet was there, and has written up the experience.
Look inside the individual days' coverage for the details.
Trusting free software projects with security informationInternet Security Systems, which has been feeling quite a bit of heat for its premature revelation of the Apache "chunk handling" vulnerability, posted an "advisory response" to defend itself on June 21. It is an interesting bit of excuse-making, with references to available patches and "Presidential Decision Directive 63." Buried deep within, however, is an interesting claim:
Due to the general nature of open-source and its openness, the
virtual organizations behind the projects do not have an ability to
enforce strict confidentiality. By notifying the open source
project, its nature is that the information is quickly spread in
the wild disregarding any type of quiet period. ISS X-Force
minimizes the quiet period and delay of protecting customers by
providing a security patch.
This is quite a claim: ISS is telling us that free software projects can not be trusted with information on vulnerabilities in their own code. It would be most interesting to see the evidence from ISS to back up this claim. Most free software developers (though there are always exceptions) are greatly concerned about potential vulnerabilities in their code. They care about their users, and will do their best to get a real, tested fix out before spreading the word of the vulnerability. It is not in the nature or interests of free software developers to put their users at risk. That said, there are things that free software projects could do to help people who discover vulnerabilities. The most important thing would be to make it clear who should be contacted when a vulnerability is found. After all, sending the notification to a general project mailing list is not usually what one wants to do. But many or most project web pages offer little help to somebody wondering how to report a security hole. Any development project which would prefer not to learn about its own security problems on Bugtraq must make an effort to do better. The project documentation and web site should offer clear contact instructions for the reporting of security problems. The security contacts should know how to respond quickly to reports, and have the ability to get a patch out to users. The procedures for responding to a security problem need to be worked out before the next vulnerability turns up. There is no reason why free software project development teams can not be at least as trustworthy as proprietary vendors when it comes to vulnerability information. Claims that free software developers have overly loose lips are not justifyable. But developers who want to be given a chance to fix their holes before they become public need to take steps to show that they are serious about security, and they should make it easy for people to report the problems that are found.
Letters to the editorWhen LWN switched over to the new site a few weeks ago, some of our readers worried that the comment posting facility would bring about the end of the Letters to the Editor page. After all, why bother writing a letter when it is easy to attach comments directly to articles? That was not a consequence that we had feared, but now we are beginning to wonder - no letters to the editor have been received this week. Thus, there is no letters page in this Weekly Edition.For the most part, we have been pleased with how the comments feature has worked out so far. There have not been huge numbers of comments, but most of those we have seen have been of high quality. Our trust in our readers has proved itself justified - most of the time. We did not want to drop the Letters to the Editor page, however. The Letters page has, over the years, been a valuable source of feedback and a place for LWN readers to express their opinions. So we hope that this week's lull proves to be a temporary thing; perhaps all of our letter writers are at OLS this week. If you have an opinion on something that you would like to see published, please do not hesitate to send it our way; letters should be sent to letters@lwn.net
Security Brief items OpenSSH 3.4OpenSSH 3.4 was released just five days after the release of version 3.3. The release closes "at least one major security vulnerability"; upgrading to 3.4 is recommended. Please see the vulnerability report for a list of security alerts from distributors as they become available.OpenSSH provides a critical entry point to many systems on the net; this could be nasty. If you plan to wait for an update from your distributor, please consider setting UsePrivilegeSeparation yes or ChallengeResponseAuthentication no in sshd_config to avoid the vulenrability. UsePrivilegeSeparation is only available in OpenSSH versions 3.2 or 3.3. Setting ChallengeResponseAuthentication may impeed customary access for some or all of your users. Version 3.3 firmed up "privilege separation" support, and made it the default. Essentially, privilege separation works by splitting the ssh server into two cooperating processes. One process is charged with talking to the network; it runs without privilege. The other process sits back, makes decisions, and hands out privileges when it's convinced that is the right thing to do. The end result is that there is little to be achieved by compromising the "front line" process. Even if somebody does discover a vulnerability in that code, it can not be used to gain access to the system. The privileged process, by virtue of its simplicity and its separation from the network, is far easier to verify as being truly secure. The 3.4 release closes the serious vulnerability described in advisories from OpenSSH and ISS. The vulnerability prompted a week long code audit by the OpenSSH team which resulted in "many other fixes. We believe that some of those fixes are likely to be important security fixes."
Updated Apache advisory and response from ISSThe Apache Software Foundation has issued an updated advisory on the "chunk handling" vulnerability. Now that a 32-bit remote exploit is circulating, an Apache upgrade is suggested even more urgently than before.Meanwhile, ISS has sent out a response to the extensive criticism it has taken for having announced the vulnerability without allowing the ASF (or anybody else) any time to prepare patches. "Due to the general nature of open-source and its openness, the virtual organizations behind the projects do not have an ability to enforce strict confidentiality. By notifying the open source project, its nature is that the information is quickly spread in the wild disregarding any type of quiet period. ISS X-Force minimizes the quiet period and delay of protecting customers by providing a security patch." If you haven't already, see this week's Leading Items for our opinion. See the vulnerability report for current information on this problem and distributor alerts.
Papers from "Open Source Software: Economics, Law and Policy"Two interesting papers considering the relationship between security and open source were presented at the recent conference on Open Source Software: Economics, Law and Policy in Toulouse (France).
Security reports Acrobat reader 4.05 temporary filesJarno Huuskonen reports a low risk possible local file overwrite (symlink attack) in Acrobat Reader 4.05. Acrobat Reader 5.05 for Linux is available from Adobe (registration required). Some Linux distributions include version 4.05.
Duma Photo Gallery System (DPGS) file overwrite vulnerabilityThe Duma Photo Gallery System has been officially unmaintained since July 30, 2000. This week, a vulnerability was reported that may allow an attacker to use DPGS to overwrite files on the web server.
(Proprietary product) YaBB Cross-Site Scripting vulnerabilityA cross-site scripting vulnerability in YaBB 1 Gold SP1 and earlier versions is fixed in YaBB 1 Gold - SP 1.1.
New vulnerabilities Privilege escalation vulnerability in OpenSSH 2.9.9 through 3.3
Privilege Separated OpenSSH 3.3
Updated vulnerabilities Apache 'chunk handling' vulnerability
Heap corruption vulnerability in at
Denial of service vulnerability in version 9 of BIND
DHCP remotely exploitable format string vulnerability
Ethereal buffer overflow, infinite loop and memory management vulnerabilities
GNU fileutils race condition
Buffer overflow problem in glibc
Buffer overflow in groff
UW imapd remotely exploitable buffer overflow
Cross-site scripting vulnerability in Horde/IMP 2.2.7 and 3.0
LPRng accepts jobs from any host.
Mailman 2.0.11 fixes two cross-site scripting vulnerabilities
Mozilla XMLHttpRequest file disclosure vulnerability
String format bug in pam_ldap logging
Remotely exploitable vulnerability in pine
Sharutils potential privilege escalation using uudecode
Malformed NFS packet buffer overflow vulnerability in tcpdump
Multiple vendor telnetd vulnerability
Multiple vulnerabilities in SNMP implementations
webalizer: reverse DNS buffer overflow vulnerability
Webmin/Usermin vulnerabilities
Problems with libgtop_daemon
xchat IC server based dns query vulnerability
Resources Paper on SSH insecurityA group has put together a paper showing how to "provably fix the SSH protocol." Thanks to "deneb" for forwarding this along to us.
MOPS, a code auditing tooljose nazario has pointed us to the announcement of MOPS, a code auditing tool. "I wanted to announce a first prototype release of MOPS, a tool designed to help find security bugs in C programs and verify their absence. MOPS lets you statically (at compile time) verify facts about the ordering of security-critical operations in the program."
Linux Security Week and Advisory WatchThe June 24th Linux Security Week and June 21st Linux Advisory Watch newsletters from LinuxSecurity.com are available.
Events Upcoming Security Events
For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net.
Page editor: Dennis Tenney Kernel development Brief items Current release statusLinus has announced the 2.5.24 development kernel. Changes this time include a lot of janitorial fixes, an NTFS update, a bunch of JFS fixes, an ALSA update, more kbuild changes, Martin Dalecki's IDE 93 patch which "should undo the damage of IDE 92," and various other fixes and updates. This will be the last kernel release from Linus before he heads off to the Kernel Summit and OLS. The long-format changelog is also available.From the Kernel Summit meeting room Dave Jones has released 2.5.24-dj1. The list of new changes is short; it includes fixes from the 2.4.19 release candidate, more cpufreq work, and a few other tweaks.
Development kernel prepatch 2.5.24-dj2 releasedFrom the Kernel Summit meeting room Dave Jones has released 2.5.24-dj2. The list of new changes is short; it includes fixes from the 2.4.19 release candidate, more cpufreq work, and a few other tweaks.
The first 2.4.19 release candidateWhile most of the kernel hackers at the Ottawa Kernel Summit have been busy talking about 2.5 changes, Marcelo has put out the first release candidate for the long-awaited 2.4.19 kernel. Click below for the details; it contains a fairly long list of (mostly small) fixes.
2.5 Kernel Status SummaryGuillaume Boissiere has posted his 2.5 kernel status summary for June 26. "With the kernel summit and OLS this week, expect some changes to the feature list in the near future."
Kernel development news Kernel Traffic #172Kernel Traffic #172 is available. Topics include a new Fast Mutex implementation For 2.5, Per-Socket Statistics Proposed And Rejected Coding Style, Binary Files Found In The Kernel Sources, Status Of FAT CVF, and Developer Disconnects.
Patches and updates Kernel trees
Build system
Core kernel code
Device drivers
Documentation
Filesystems and block I/O
Memory management
Networking
Architecture-specific
Miscellaneous
Page editor: Forrest Cook Distributions Distribution News Debian Weekly News - June 25th, 2002The latest news for the Debian community is now available. Click below for the full story.
Updated Debian developers-reference availableA new version of the developers-reference has been installed and is now available. The number of changes is so impressive that you may well want to read it completely.
debconf2 keysigningOn July 5th, at debconf2, there will be a formal keysigning. The deadline to participate is July 2, 2002.
GNU FDL 1.2 draft comment summary posted, and RFDG. Branden Robinson comments on the GNU FDL 1.2 draft from Debian's perspective.
Mandrake Linux Community Newsletter - Issue #47The latest newsletter from Mandrake is out. Table of contents:
Mandrake Linux Community Newsletter - Issue #48The latest edition, issue #48, of the Mandrake Linux Community Newsletter is available at the link below. "This Week's Summary: MandrakeSoft Wins Contract with French Gov't; Mandrake in the News; Financial Corner; Important Updates for Apache and OpenSSH; Business Case of the Week; Website News; Headlines from MandrakeForum."
Red Hat Linux Alpha 7.2 Now AvailableRed Hat Linux version 7.2 is now available for the Alpha processor. "Red Hat Linux Alpha 7.2 delivers reliability, stability, and performance and now it's available from HP!" (Thanks to David 'Addy' Addison.)
Red Hat fixes kernel bugsRed Hat has an updated kernel with bugfixes available for Red Hat Linux 7.3 - athlon, i386, i586, i686.
Red Hat releases new rpm-updateRed Hat has released a new version of rpm-update.
Yellow Dog Linux version 2.3 releasedScott Dowdle has pointed out to us that Yellow Dog Linux version 2.3 has been quietly released. "YDL 2.3 surpasses YDL 2.2 with an array of timely updates, improvements: kernel 2.4.19, the 'Liquid' theme, CUPS print system, apt-get, OpenOffice 1.0, Mozilla 0.9.9, Galeon 1.2, Evolution 1.0.5, AbiWord 1.0.2, netatalk 1.5.3.1, and support for the Radeon 7500 (excluding 'Mobility') video card."
New Distributions IDMS LinuxIDMS Linux is NOT a home user distribution. It is intended solely as the base for high end server software. It contains no GUIs, X, or fancy stuff. The initial Freshmeat announcement for version 2.0.25 is dated June 22, 2002.
Webfish LinuxWebfish Linux is a small, stripped down Linux distribution based on GNU source packages. Webfish is built with the more expereinced user in mind and is aimed at small, fast, secure server and workstation systems with a minimum of installed packages. The initial release of Webfish Linux, version 0.9b, occured on June 20, 2002. Version 0.9fb was released soon after, with minor bug fixes.
Minor distribution updates Astaro Security LinuxAstaro Security Linux has released stable version 3.201 with major security fixes.
GENDISTGENDIST released version 1.4.3 with major bugfixes. That release was closely followed by version 1.4.4 with minor feature enhancements.
Immunix 7+ beta availableWireX has announced the availability of the beta version of Immunix 7+, a "gentle upgrade" from the 7.0 release. "This release also constitutes an omnibus security update package, so current Immunix 7.0 users should consider applying these updates. We are not proud of this omnibus approach, and hope not to have to repeat it." Among other things, it includes a fix for the Apache vulnerability.
OEone Releases HomeBase 1.5Open For Business reports that OEone, the developer of the internet appliance-like HomeBase Linux distribution, has announced that HomeBase 1.5 has been released.
Page editor: Rebecca Sobol Development GNOME 2.0 Desktop and Developer Platform ReleasedFrom the Ottawa Linux Symposium, the GNOME Foundation has put out a press release announcing the release of the 2.0 GNOME Desktop and Developer Platform."With the inclusion of GNOME 2.0 by leading Linux and Unix vendors later this year, users of GNOME can look forward to an improved user environment for existing GNOME applications, including a faster and more powerful Nautilus file manager, features that are better organized and usability-tested, dozens of useful utilities, applications and even games. Users and administrators will also see a new, simplified configuration system. Developers can look forward to more efficient application development with stronger integration of GNOME APIs and the advantages of GNOME's component-based architecture. GNOME Foundation board chair Havoc Pennington promoted the GTK+ 2.0 toolkit: "The industrial-strength GTK+ 2.0 toolkit, combined with add-on tools such as Glade, Python and our CORBA implementation make GNOME the natural choice for developers on a variety of platforms. GNOME's component-based architecture makes it possible for developers to use already existing tools, libraries and features, cutting development time significantly." GNOME2 will be included with major Linux distributions, HP-UX from Hewlett Packard, and Solaris from Sun.
System Applications Audio Projects Alsa development release 0.9.0rc2 availableFor those of you who like to stay on the forefront of development, version 0.9.0rc2 of the developmnet tree for the Alsa sound driver is available. Try it out and report any bugs to the developers.
Education Linux in education report #73Issue #73 of the SEUL/Edu Linux in Education Report is out. Topics include Karel the Robot, refurbishing computers, Linux in India, K12LTSP CDROMs, the Mandrake Mosix Terminal Server Project, and more.
Electronics Icarus Verilog Snapshot 20020623A new snapshot of the Icarus Verilog electronic simulation language compiler is available. See the changes file for information on this release.
Xcircuit 2.3.1 (beta) availableA new beta version of the xcircuit schematic drawing program is available. "The netlist code has been extensively tested on a major chip design project and successfully netlisted an entire chip of 40,000 devices (transistors, resistors, and capacitors) for LVS with the extracted VLSI layout. The time to generate the netlist has been substantially reduced, and netlisting errors have been expunged."
Printing GNU Ghostscript 7.05 releasedVersion 7.05 of GNU Ghostscript has been announced. "New in this release is a port of the gs-cjk team's asian language improvements from the 6.5x branch, a major improvement over 7.04. PDF handling in general is much better than in the previous GNU release (6.53) and the portability of the autoconf build system is much improved. Of course there are the usual minor bugfixes as well."
LPRng-3.8.12 is availableVersion 3.8.12 of the LPRng printing system has been released. This version adds bug fixes, support for TCP wrappers, a LSB style startup script, and more.
Science Mumps version 5Version 5 of the Mumps compiler, also known as M, has been announced. The Mumps source code location describes the language as follows: "Mumps is a general purpose programming language that supports a native hierarchical data base facility. It is supported by a large user community (mainly biomedical), and a diversified installed application software base."
Web Site Development Analog version 5.24 releasedVersion 5.24 of the Analog web log analyzer program is available. The changes include Netscape 7 recognition, a new version of the IIS How-To, multibyte character set support for SEARCHCHARCONVERT, and several new internationalization improvements.
mnoGoSearch version 3.2.6 releasedVersion 3.2.6 of the mnoGoSearch web site search engine is available. This release features a number of bug fixes, see the Change Log for more details.
Zope Members NewsThis week's Zope Members News looks at External Editor 0.4, DocumentLibrary 1.0rc1, ZSyncer 0.4.5, ZXMail 0.1, and CMFMailIn.
Skimpy Forum: An Application of Perl and XML (O'Reilly)Erik T. Ray writes about the development of Skimpy Forum, a simple Perl based web forum system, on O'Reilly's OnLamp site.
Improving mod_perl Sites' Performance: Part 2 (O'Reilly)Stas Bekman continues his series on mod_perl performance optimization and benchmarking on O'Reilly's perl.com site. "In the next series of articles, we are going to talk about mod_perl performance issues. We will try to look at as many aspects of the mod_perl driven service as possible: hardware, software, Perl coding and finally the mod_perl specific aspects." You may want to start with Part One in the series.
MidCOM 0.2.0 public Beta VersionVersion 0.2.0 of the MidCOM Midgard application development framework RFC has been released. "This document represents a draft about a component architecture for the Midgard Content Management System. Its intent is to provide an easily extensible Application Framework based on Midgard. It should -- in its ultimate extent -- enable end users to 'click their sites together' using common Components for news tickers, discussion boards or similar things."
Web Services Enhancing Web Services Infrastructures with JMS (O'Reilly)Gunnison Carbone writes about JMS (Java Message Service) on O'Reilly's OnJava site. "Web services are revolutionizing the Internet by enabling applications to speak a common language: XML. Under the Web services paradigm, a single application can tap into the services of millions of applications scattered throughout the Internet. The potential of this is enormous. Web services allow cooperation, communication, and integration on a global scale."
Miscellaneous New hcfpcimodem-0.96mbsibeta02062500 releaseA new, experimental version of the Conexant HCF software modem driver has been released.
GNU Bayonne 1.0 (Linux Journal)Linux Journal reports on the preliminary release and call for help for the GNU Bayonne open-source telephony server project. "After two years of development, a 1.0 preliminary release candidate for GNU Bayonne has emerged from the GNU Project, under sponsorship of the Free Software Foundation and OST. GNU Bayonne is a freely licensed telephony server allowing small businesses, large enterprises and commercial telephone carriers to create, deploy and manage embedded, standalone and web-integrated telephony voice-response solutions."
Desktop Applications Audio Applications AlsaPlayer 0.99.71 releasedVersion 0.99.71 of the AlsaPlayer sound playing utility is available. This version adds bug fixes, support for ftp and http streams, keyboard shortcuts, API additions, and more. See the Change Log for the full story.
WaveSurfer 1.4.2 releasedVersion 1.4.2 of the WaveSurfer sound visualization and manipulation tool has been released. "The new version of WaveSurfer uses Snack v2.2, which incorporates code from the ESPS speech analysis library. ESPS was recently licensed to the Centre for Speech Technology by Microsoft and AT&T, with the aim to make it available to speech researchers again." See the Change History File for more information.
Desktop Environments GNOME Summary for 2002-06-02 - 2002-06-22The GNOME summary for June 2nd through June 22nd is available at the link below. Table of Contents:
GNOME Clarified (pclinuxonline)"Yama" has written an article on pclinuxonline.com that aims to "clear up many misconceptions that many people seem to hold about GNOME. Hopefully it will lead to a greater understanding of The GNOME Project and what it's about."
GNOME 2.0 Desktop Release Candidate 2: 'Glad Midsommar'The GNOME 2.0 Desktop Release Candidate 2, "Glad Midsommar", is now available. "A number of release critical issues were resolved after Release Candidate 1, so to ensure adequate testing and review before GNOME 2.0 Desktop Final, we've made a second release candidate for wider testing. RC2 should reflect the contents of the final release."
KDE Dot News: Community FAQKDE.News has posted an announcement for a new KDE Community FAQ for the site. "By popular demand, we are answering some of the most frequently asked questions at the dot. Read the following FAQ if you are interested in understanding how the dot operates, how best to contribute articles, and how to help improve the dot in general. Nothing is really set in stone here. The FAQ will be updated as required and as per your comments, and may eventually be moved to a different final location. With your help, KDE Dot News can hopefully improve and serve your needs better in the future."
Kernel Cousin KDE #39Issue #39 of Kernel Cousin KDE is out. Topics include Kicker Xinerama Support, KDE/GNOME Interoperability, KDE 3.1 Release Schedule 4. 1, and KDE on HP/UX.
Interoperability Samba 2.2.5 has been releasedThis is the latest stable release of Samba. The full details are found within this story.
Kernel Cousin Wine #127Issue #127 of Kernel Cousin Wine is out. Topics include wIndependence Day, Lindows at Wal-Mart, Kohan from TransGaming, Documentation Links, Creating Stubs, MS Write Support, Adding FriBiDi Support, and Multiple Wine Configurations.
Office Applications AbiWord Weekly News #97 (2002, week 25) releasedAbiWord Weekly News for June 24th is available. Topics include tables spanning multiple pages, the BugZilla update, and the usual sections: CVS states, bug updates, latest releases, and "on the mailing list".
KOrganizer: Embedded Release 1.0 + Groupware WorkshopKDE.News mentions several new KOrganizer resources including a new workshop series and a stable release of KOrganizer/Embedded for Qtopia.
Kernel Cousin GNUe #33Issue #33 of the Kernel Cousin GNUe is out with coverage of the latest developments in the GNU enterprise project.
Miscellaneous PDF Presentations Using AxPoint (O'Reilly)Kip Hampton examines the use of AxPoint for making PDF-based presentations. " All kidding aside, if you've ever attended The Perl Conference or one of the YAPC gatherings, you've probably experienced the vague sense of disappointment that comes from watching someone who's otherwise staunchly committed to Open Source software boot up proprietary OS to use a presentation application to deliver the slides for their talk. It doesn't have to be that way; there are alternatives."
gphoto2 2.1.0 released!Version 2.1.0 of the gphoto2 digital camera utility has been released. This version includes a new manual, support for additional cameras, and bug fixes.
Kernel Cousin GNUe #34Issue #34 of Kernel Cousin GNUe is out. Topics include: Normalisation for Contact Management in GNUe/DCL, Quoting table names in SQL queries, Foreign Key support in Forms, Scrollboxes and other queries, Container widgets in Forms, and more.
Languages and Tools C Scheduling threads (IBM developerWorks)Dr. Edward G. Bradford compares thread performance between Red Hat 7.2 and various Windows varients on IBM's developerWorks. "This month's column will go into more depth with threads. I've written a program that performs measurable work in each thread and then demonstrate the overhead of performing the same computation in multiple threads."
Caml Caml Weekly NewsThe June 25, 2002 edition of the Caml Weekly News features the following topics: French interactive fiction, Ocaml tracing (with Camlp4), Cameleon 0.4, and DBForge 0.4.
Java An Introduction to the Java Logging API (O'Reilly)Brian R. Gilstrap writes about the Java logging API on O'Reilly's OnJava site. "Unless you've been living under a rock, you already know that the official release of JDK 1.4 came out in the first quarter of this year, and included with it is a new logging API. This API was first described in JSR 47. Essentially the same description is also available in the documentation of logging for JDK 1.4."
Lisp SBCL 0.7.5 releasedSteel Bank Common Lisp (SBCL), version 0.7.5 has been announced. "This version has been ported to a new platform (Tru64--a.k.a. OSF/1--on Alpha), can be cross compiled with OpenMCL, changes a command line option and the behavior of the LOAD form, and fixes a few bugs."
Perl Perl 5.8.0 RC 2 Released (use Perl)Perl 5.8.0 Release Candidate 2 is now available. This is a release candidate, and is not recommended for use in a production environment, but downloading and testing is strongly encouraged.
Ghostscript.pm - A perl module for the Ghostscript APIForrest Cahoon has announced Ghostscript.pm, a perl module that connects to the Ghostscript API.
PHP PHP Weekly Summary #91The June 24, 2002 edition of the PHP Weekly Summary topics include: GD not detecting built-in features, Overload extension on Win2K, PHP 4.2.2, Manual in Turkish, PHP on Windows CE, exit(), and Java and PHP.
Multiple File PHP Scripts (O'Reilly)John Coggeshall discusses breaking PHP code into multiple files on O'Reilly's OnLamp site. " Although it's not ever truly necessary, many times it becomes very important to have the ability to separate PHP code into multiple files to ease organization and promote the idea of reusing common functions within your PHP scripts."
Python Dr. Dobb's Python-URL!The June 24, 2002 edition of the Dr. Dobb's Python-URL! is now available.
Daily Python-URLThis week's entries on the Daily Python-URL include translating Perl to Python, an interview with Alex Martelli, Python on the space shuttle, game scripting in Python, and more.
Ruby The Ruby Weekly NewsThe June 24, 2002 edition of the Ruby Weekly News has announcements for Ruby Password 0.1.0, FXRuby-1.0.11, a new Ruby.vim maintainer, and Rpkg-0.3.4pre4. Discussion threads include an Rpkg repository, REXML in C, and inside Ruby I/O.
The Ruby GardenThis week, The Ruby Garden topcis include kernel conversion methods for using to_flt, to_int, to_ary, to_str, local variables and blocks, and more.
Scheme Scheme Weekly News for June 17, 2002The June 17, 2002 edition of the Scheme Weekly News topics include: the Web-It! XML framework, mod_scheme for Apache 2, GNU Kawa 1.6.99, Systas 1.0pre3, SISC b1.5.2, and more.
Tcl/Tk Dr. Dobb's Tcl-URL! - weekly Tcl news and links (Jun 20)The June 20, 2002 edition of the Dr. Dobb's TCL-URL! is available with all of the latest Tcl news.
Dr. Dobb's Tcl-URL! - weekly Tcl news and links (Jun 24)The June 24, 2002 edition of Dr. Dobb's TCL-URL! covers Korean text, tips and tricks for widgets, helpful information for building applications, and more.
Page editor: Forrest Cook Linux in Business Business News IBM Delivers Total Linux Solutions to Wall StreetHere's a press release from IBM about its new Manhattan based Linux center.
AMD Athlon MP Processors Drive Most Powerful x86 Cluster Supercomputers in Europe and AsiaHere is a press release from AMD, describing the Linux cluster at the University of Heidelberg, Germany. It recently made its way onto the TOP500 supercomputer list. "The University's Heidelberg Linux Cluster System (HELICS) supercomputer performs scientific research at its Interdisciplinary Center for Scientific Computing (ICSC)."
SnapGear Announces new uClinux DistributionSnapGear has sent in a press release about a "new update of the uClinux kernel which completes enhancements for the Motorola MCF5249 architecture and consolidates updates and applications for one free and easy download for embedded Linux developers worldwide."
MontaVista Software Powers New Advanced Thin-Client TerminalThis press release states that two Japanese firms, Nexterm Inc. and ELT Inc., have jointly developed a thin-client terminal based on MontaVista Linux. "The Nexterm SE is a highly efficient and lightweight micro-client that executes all terminal applications in a server-based computing environment."
MandrakeSoft to provide Linux server software to all levels of French governmentAs the result of an Open Bid process initiated by the French "Union des Groupements d'Achats Publics" (UGAP), MandrakeSoft has been awarded a contract to equip Linux server software to French government agencies and ministries. Hit the link for the press release.
Kodak Turns to IBM and Linux for Digital CinemaEastman Kodak Company announced that it has selected IBM as the key supplier of computer servers, storage units and other peripherals for the new Kodak Digital Cinema Operating System (COS). Click below for the full press release.
Zumiez Completes Companywide Deployment of Ximian DesktopHere is a press release from Ximian. A retail chain, Zumiez, is now using the Ximian Desktop at its retail locations. "The 1,200 employee, Seattle-based company completed the nationwide rollout in just six months and installed Ximian Desktop at each of its 91 retail locations to enable every point-of-sale computer to easily and efficiently perform spreadsheet calculations, manage email and browse the corporate intranet. Zumiez demonstrates how companies can cost-effectively capitalize on the desktop and productivity solutions from Ximian."
Antelope Technologies and Transmeta Announce Collaboration on Innovative Mobile ComputerHere is a press release, jointly issued by Transmeta and Antelope Technologies, announcing "that Antelope's Mobile Computer Core (MCC) will incorporate Transmeta's Crusoe TM5800 processor."
Open source flow solverGerris 0.1.0, the first "official" release, is an "open-source, free-software library and code for the resolution of the three-dimensional partial differential equations describing incompressible fluid flow. Gerris can deal with arbitrarily complex solid boundaries in an automatic manner and uses dynamic adaptive mesh refinement to optimise the discretisation according to the flow solution."
A pile of Java books from O'ReillyO'Reilly has sent us announcements for a number of new Java books, including:
Press Releases Open Source Announcements
Distributions and Bundled Products
Software for Linux
Products and Services Using Linux
Hardware with Linux support
Cross Platform/Porting Product
Linux at Work
Java Products
Books and Documentation
Training and Certification
Partnerships
Investments and Acquisitions
Financial Results
Personnel and New Offices
Miscellaneous
Page editor: Rebecca Sobol Linux in the news Recommended Reading Study: Open, closed source equally secure (News.com)A Cambridge University researcher presented a paper Thursday to a conference in Toulouse, France, where he argued that proprietary software should be as secure as free software. "In his paper, computer scientist Ross Anderson used an analysis that equates finding software bugs to testing programs for the mean time before failure, a measure of quality frequently used by manufacturers. Under the analysis, Anderson found that his ideal open-source programs were as secure as the closed-source programs."
Supercomputers getting super-duper (News.com)According to CNET, it's getting hard to keep a place on the list of the world's fastest supercomputers. They summarize various super computer offerings, including everyone's favorite: Beowulf clusters. "A total of 49 of the Top500 systems are such clusters, with 31 of them built by IBM."
UnitedLinux: Standardizing Linux (ZDNet)Larry Seltzer at ZDNet Tech Update gives us his take on UnitedLinux. "One day, if Red Hat and other major distributions join UnitedLinux--or even if they were to simply pledge to support the LSB--things will be different. That would be a big deal. But Red Hat hasn't signed on, and from a pure self-interest perspective I can't see why it would jeopardize its enterprise dominance by giving numerous competitors an equal opportunity for application certification."
Peru bids to break Microsoft stranglehold (vnunet)Vnunet investigates the rise of open-source software in Peru. "A Peruvian congressman is planning to have Microsoft products banned from government departments and replaced with open-source software. Edgar Villanueva's measure would apply to all software, from server operating systems to databases, word processors and email. If passed, the legislation could be the first of its kind in the world and would be the first legal restriction aimed at Microsoft's dominant operating systems."
Companies HP/Red Hat deal offers Linux servers (vnunet)Vnunet covers the announcement of new HP/Redhat Itanium 2 based servers. "An existing partnership between HP and Linux expert Red Hat will see the pair become the first to market with Linux-compatible Itanium 2-based platforms. As part of the deal, all HP ProLiant servers, blade servers and Itanium 2-based servers and workstations will be available with the certified Red Hat Linux Advanced Server, the companies said."
HP jump-starts Red Hat's Itanium agenda (News.com)Red Hat's original plans were to move the Advanced Server to Itanium in late 2003, but the recent partnership with HP has accelerated those plans a year. CNET's Stephen Shankland has a fairly comprehensive article about the whole partnership and the history of the same.
IBM opens Linux technology center (ZDNet)Today IBM will announce the opening of a technology center in Mathattan, to lure financial services companies over to Linux. " IBM initially will fund the center in Manhattan with $1 million, helping financial services companies move their software to Linux computers, the company said."
IBM aims Linux at financial companies (News.com)News.com reports on IBM's Linux Technology Center. "IBM on Thursday will announce the opening of a technology center geared to lure financial services companies to servers using the Linux operating system. IBM initially will fund the New York center located in the Manhattan area with $1 million, helping financial services companies move their software to Linux computers, the company said."
Power 4 the People (Register)The Register examines IBM's Linux strategy. "IBM's attempt to re-capture the Unix server market continues apace. Having fallen well behind Sun and HP during the late 1990s, largely thanks to a complicated customer-confusing product line, parts of the business competing with other parts of the business and Sun's aggressive pursuit of the Internet server market, Big Blue modified its approach in October 2000. It rebranded, consolidated and streamlined its product line, and more closely allied itself to the Linux movement."
IBM's Intel Linux plans (Register)The Register covers IBM's plans for Linux. "Rich Michos, IBM's v.p. of Linux servers, says, 'The Intel platform is the fastest growing platform, and Linux is the fastest growing server OS. Each year Linux is becoming more and more important to IBM and it gains a bigger share.' To be exact, Scott Handy, IBM's director of Linux solutions marketing, says that 27% of new servers requests are for Linux servers. 'And, those requests are increasing.'"
IBM puts partitioning at the front of UNIX battle (IT-Director)The Register covers IBM's announcement for its new server line. "IBM this week has revealed plans for a new suite of low-end UNIX servers that, it hopes, will enable the firm to spread its influence across territory more used to HP and Sun Microsystems."
Lindows.com plans flat-fees for OEMs (Register)The Register has some details about what lies ahead from Lindows.com. "Instead of the usual per-unit fees, systems builders will pay a $500 monthly membership fee, which will entitle them to install the LindowsOS operating system on an unlimited number of computer systems. Lindows.com is also stating that there will be no volume commitments for system builders that sign up to the program, and no software activation codes requiring tracking and auditing."
LindowsOS licenses herald cheaper PCs (ZDNet)ZDNet writes about the Lindows.com licensing advantages for systems integrators. "On Monday Lindows.com, which claims its operating system will eventually be able to run popular Microsoft Windows applications, launched its Builder program, which offers system builders technical support, testing tools, LindowsOS Certification eligibility and a software library for $500 per month. The license allows the manufacturer to install the software on any number of systems, potentially allowing massive savings over traditional licensing plans."
Microsoft to reveal Palladium source code (News.com)While some Microsoft executives are testifying in court that source code availability damages security, others in the company are actually releasing source code to improve the security. "Microsoft, long a proponent of keeping source code secret, plans to publish the source code to a critical part of its Palladium project to enhance security, a representative of the software giant said Monday."
MS to eradicate GPL, hence Linux (Register)As a followup to the the recent CNET article about Microsoft revealing the source code to Palladium, The Register believes that it is a ploy to destroy the GPL and Linux. "It, or a companion chip, will interface with some manner of PKI, current or future, so that only 'authorized' applications may run with privileges."
Open-source seeks strength in numbers (News.com)Video-compression provider On2 Technologies will announce today that it will blend its video codec with Ogg Vorbis. "That's the beauty of open source. You now have a huge number of people who if they're interested can work on advancing the code base."See also the official press release.
Is Red Hat going to be the next Microsoft? (ZDNet)Dan Farber over at ZDNet spent some time thinking about their recent interview with Red Hat CEO Matthew Szulik. Of particular interest to Dan is Red Hat's position against Microsoft, which he neatly summarizes point by point. Worth a read. "In fact, given that the Linux world is built on a collaborative approach based on the GNU GPL (General Public License), it's hard to imagine how any single open source distributor could totally dominate. Everyone has access to the bounty of source code generated by the huge community of developers evolving the Linux platform."
More Red Ink For Red Hat (TechWeb)Information Week examinesRed Hat's continuing efforts to make money. "Linux is on the minds of many IT executives, but not enough to help Red Hat Inc. turn a profit."
Red Hat looks at a Linux desktop (ZDNet)Will Red Hat go after the desktop market? Stephen Shankland investigates the question in this article. "Red Hat is warming to the use of the Linux operating system on desktop computers, a difficult market where customers are picky and Microsoft is the leader."
Red Hat: one of our Operating Systems is missing (Register)The Register looks into Red Hat's dropping of its eCos embedded operating system.
What's up with Red Hat's embedded strategy? (LinuxDevices.com)LinuxDevices.com talks with Red Hat CTO Michael Tiemann about the company's embedded Linux strategy. "Tiemann also pointed out that Venture Development Corporation's recently completed embedded Linux market study determined that the most popular Linux distribution for embedded system development is Red Hat Linux, according to a survey of developers. ''Without even trying, we've won the 'roll-your-own' market,'' Tiemann asserted."
Sun To Give Away J2EE Server (TechWeb)Tech Web reports that Sun Microsystems will be giving away a free (as in beer) version of its J2EE Server product for Solaris, Windows, Linux, IBM-AIX, and HP-UX. "But when it comes to enterprise software, "free" is always a relative term. Sun's Schwartz stressed that just because a basic edition of the Sun ONE app server is now free, that does not mean that Sun will decrease its investment in the platform. The app server remains a key cog in Sun's overall enterprise computing framework. "
Sun, IBM add to Web services arsenal (ZDNet)ZDNet covers the announcements yesterday from IBM and Sun. "IBM said it will offer a new starter kit that will allow programmers to use the Java language to build and run Web services. [...] Meanwhile, Sun announced [...] a bundle of the company's Solaris operating system and application server software that can be used as a guideline for building Web services."
Microsoft move triggers Linux promotion (News.com)News.com looks at Ximian's efforts to woo customers away from the Microsoft platform. "Ximian, a small Boston company pushing use of the Linux operating system on ordinary desktop computers, is offering discounts to try to woo Microsoft customers dissatisfied with a more expensive licensing plan from the software titan. As of May, about two-thirds of Microsoft's customers haven't signed up for a program to offer a subscription-like product update service."
Business Linux v. MS v. Unix - who's got the Big Mo? (Register)The Register looks at exactly where Linux machines are, and are not showing up in businesses. "Wall Street's love affair with Linux companies may have ended a long time ago, but the open source operating system's march into the enterprise continues unabated, if slowly. Indeed, while Linux may have lost its lustre for investors, some banks, including CS First Boston and Merrill Lynch, have given it the thumbs-up and have begun replacing old trading systems and servers with Linux-based kit."
Interviews Face to face with Red Hat CEO Matthew Szulik (News.com)A group of CNET and ZDNet journalists have cornered Matthew Szulik for answers on a variety of interesting topics, including Red Hat's competition with Microsoft, Sun, and other Linux companies, strategic alliances, Mozilla, and future challenges. The content is available in Real or Windows Media.
Behind the Slashdot phenomenon (News.com)News.com interviews Rob Malda, A.K.A. Shashdot's CmdrTaco, on the Slashdot phenomenon. "To a lot of people, Slashdot is nothing but 12 links to new things every day. To half of our readers, in fact, that's all Slashdot is. But to some of our readers, it's a community that's here to discuss issues that are relevant to this community. There is a lot of value. The bulk of our content comes from other people. There are 6,000 or 7,000 comments on a busy day that other people write and just a dozen stories of just a paragraph or two that we actually generate, that are ours. It is a weird symbiosis of things that are given to us."
Resources Playing Files with VorbisThe third in a four part series of articles on Ogg Vorbis is out. Playing Files with Vorbis covers a number of different players that are available for dealing with Vorbis files.
Quick! I Need a Book! (Linux Journal)Linux Journal is running an article that covers the use of HTMLDOC for conversion of multiple HTML files into single HTML, Postscript or PDF files. "Linux offers many document conversion tools and a great many powerful document-generating tools and languages, from old standbys like TROFF and texinfo to tools like TeX and LaTeX, but these are well documented elsewhere. There's one lesser known tool, a bit narrower than TeX, that's perfect for your trifling problem: HTMLDOC."
Tinyminds.org for Everyone (Linux Journal)Linux Journal covers the launch of Tinyminds.org. "A new kind of innovative Linux help site is developing, and it's happening quicker than the Mozilla nightly builds. Tinyminds.org is changing the way traditional Linux help sites have done business."
Usenix Tutorials Answer Deep Questions (Linux Journal)Another Linux Journal article on Usenix has been published, this one summarizing Mr. Marti's experiences in 3 tutorials. Apparantly, he enjoyed himself and summarized it thus: "If you work in an environment where people consider you the Linux or UNIX expert, you can count on maximizing ROI on your training budget by attending the information-dense Usenix tutorials."
Reviews Try a secure virtual Linux (ZDNet)ZDNet is running a letter that compares the operation of VMware, Virtuozzo, and User Mode Linux.
Linux: Feelin' Secure (TechWeb)This TechWeb author is impressed with the security of Linux, and says so in this article. "IT pros navigating a minefield of insecure software and systems are finding safe ground in Linux. That's because the open-source operating systemin part due to its very opennesshas become a model of security."
ConsoleOne adds NetWare admin powers to Linux (ZDNet)ZDNet reviewsConsoleOne, a Novell utility for administering NewWare nets. "But Novell is constantly adding to NetWare, incorporating the coolest, newest technologies. One example is ConsoleOne 1.3.3 For Linux, which incorporates Java and Linux with Novell's newest administration utility, ConsoleOne. With it, you can administer your NetWare servers from a Linux workstation as easily as you can from a Windows workstation."
Sharp unveils Linux-based handheld (News.com)The successor to the Zaurus SL-5500 has been introduced, but only in Japan, and the bad news is that Sharp representatives say there are no plans to bring it to the United States. "The Zaurus SL-A300 measures 0.5 inches by 2.7 inches by 4.4 inches and weighs 4.2 ounces. It uses Intel's 200MHz XScale PXA210 processor, 64MB of memory and a 3.5-inch active matrix display with a resolution of 320 pixels by 240 pixels. It also has a Secure Digital slot for expansion."
Miscellaneous Why Linux-loaded laptops have sold poorly (NewsForge)NewsForge is running an analysis on the failure of companies to profitably serve the Linux-on-laptops market. "If Dell or IBM -- or someone else -- had been willing to sell me a low-cost laptop with Linux already on it, they would have had a sure sale. I had my credit card out, with plenty of available balance on it, ready to spring $1,500 but not $3,000. Too bad these biggies didn't want my money or my loyalty. Maybe someday they will, and maybe someone else will come along who doesn't sneer at my money-saving nature and wants to do business with me."
Apache quells scaling doubts (vnunet)vnunet covers a recent PC Magazine test that reveals "that Apache's Web server running under Linux on four-way servers can scale to compete in performance with Microsoft's IIS Web server running under Windows 2000."
Sun's open source policy closes doors for Solaris (ZDNet)ZDNet features an editorial by a Solaris developer that looks at how open-source packages may not easily port to non-Linux platforms. "Since Linux and Solaris are not identical, this means that a growing number of software packages will not work "out of the box" with Solaris. Solaris is becoming a third-class citizen in the free software world."
Mozilla nabs surfers from MicrosoftZDNet reports that the Mozilla browser has garnered a small (0.4 percent), market share from the Microsoft's dominant Internet Explorer. " Microsoft's iron grip on the Web browser market has slipped ever so slightly since the release of new products from rivals Mozilla and Netscape Communications, Web researcher OneStat.com reported Monday."
Page editor: Forrest Cook Announcements Resources European Digital Rights launchesEuropean Digital Rights is a new, international civil rights organization formed by ten European organizations. "European Digital Rights (EDRi) is an association in which existing European privacy and freedoms organisations work together in raising awareness of policy makers and the public about the upcoming threats to our privacy and freedoms." Click below to see the full announcement.
August issue of IBM developerWorks journal: Linux FocusDebra Cated has written in about the August issue of the printed publication, IBM developerWorks journal. "This issue of the IBM developerWorks journal covers everything from porting your MFC apps to Linux to mastering Linux debugging techniques. It offers new strategies for developing with technologies like wireless, XML, and Java technologies, as well as with products like WebSphere and DB2. It also includes popular, in-depth technical articles. Register today to have the August 2002 issue of the printed journal mailed to you for free."
Book Review: Web Database Applications with PHP and MySQLWeb application developers understand that in order to succeed in today's market, you need to keep up with the latest technologies. One of the more exciting technologies to come around in recent years is the powerful platform, LAMP (Linux, Apache, MySQL, and PHP). Hit the link for my review of this book from O'Reilly.
New Python/XML book from Prentice-HallPrentice-Hall has written in with the announcement of their latest book. The book is "basically about how to write applications that use XML, focusing on general concepts, but using Python and Java as example languages."
Upcoming Events The Fourth Australian Open Source SymposiumRegistrations are now open for the fourth Australian Open Source Symposium (AOSS 4), to be held at UNSW, Sydney on Saturday July 20, 2002.
SAGE-AU 2002 Conf, August 5 - 9, Melbourne AustraliaThe Systems Administrators Guild of Australia are having their 10th annual conference this year in Melbourne, Australia from August 5-9.
Linux.conf.au 2003 Media ReleaseHere is the latest press release from Linux.conf.au, which will take place in Perth, Australia, January 22 - 25, 2003. The press release covers a Call For Papers, Sponsors, Accomodations, and Invited Speakers.
Events: June 27 - August 22, 2002
Web sites Python GTK+/GNOME WikiA new Web Wiki has been created for the discussion of Python GTK+/GNOME modules.
Software announcements This week's software announcementsHere are the software announcements, courtesy of Freshmeat.net. They are available in two formats:
Miscellaneous YAPC Lightning Talks Nostalgia (use Perl)Use Perl points to the YAPC 2001 lightning talks. "In particular, Sean Burke's seminal "How OOP is like Japanese food", which you can stream or download in MP3 format through the magic of Apache::MP3.""
Page editor: Forrest Cook
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||