LWN Weekly Edition
Leading itemsSecurity
Kernel development
Distributions
Development
Linux in the news
Announcements
->Multipage format
This page
Previous weekFollowing week
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
LWN.net Weekly Edition for May 15, 2003SCO suspends, Gartner warnsThe SCO Group, it seems, has finally read the GPL; the company has announced that it has suspended shipments of its Linux distribution. It does not do, after all, to be claiming proprietary rights on code which has been mixed into a GPL-licensed product. SCO stands every chance of losing its right to distribute (at least) the kernel in any case; better to take the step ahead of time.Of course, other interpretations are possible. The company's Linux shipments have, most likely, dropped to something approximating zero in any case. SCO, having lost in the Linux marketplace (even before the lawsuit) appears to wish to bring that whole market down in flames. It's hard to come up with another motivation for statements like:
The SCO Group, the owner of the UNIX operating system, today warned
that Linux is an unauthorized derivative of UNIX and that legal
liability for the use of Linux may extend to commercial users. SCO
issued this alert based on its findings of illegal inclusions of
SCO UNIX intellectual property in Linux.
SCO has also sent an unsettling letter to some 1500 companies worldwide. As FUD (fear, uncertainty, and doubt) attacks go, it is hard to be less subtle than this. If you use Linux, SCO has just threatened to sue you. So much for them not having anything against the Linux community. (The company's posting of a page of quotations from "Linux leaders" - such as noted kernel hacker Richard Stallman - also gives a hint as to what their current attitude toward the community is). SCO has also trotted out the Gartner Group to drive the point home.
System administrators must be admonished to submit open-source code
to inspection for potential violation of patents. An open-source
quality assurance process should determine and approve allowable
code for production systems. Such efforts may slow adoption of
Linux in high-end production systems of critical applications.
Of course, the SCO suit has nothing to do with patents, but it is time to adopt procedures which "may slow adoption" of Linux just a little bit. Of course, Gartner has no suggestions on how anyone might verify that a given chunk of code does not violate anybody's patents. To top it off, Gartner states "However, one thing is certain: The community process is fraught with risk to users." (The report does also note, for what it's worth, "In Gartner's opinion, SCO's claim that IBM misappropriated trade secrets from AIX will be difficult to prove...") SCO's action, which was once presented as a simple contractual dispute between two corporations, has now been clearly exposed as an attack on Linux itself. At some point, however, SCO is going to have to stop talking and demonstrate some stolen source. If the company actually has something to show, it's past time to put some cards on the table. As it is, SCO gives the impression of trying to destroy the Linux community away with words that have little backing in the real world.
Where are the Linux laptops?[This article was contributed by Joe 'Zonker' Brockmeier] Finding a laptop that is Linux-compatible can be a daunting task. Buying a laptop with Linux pre-loaded is pretty much impossible if you want to buy from major vendors like Dell, HP, IBM or Toshiba. HP recently announced a low-end Linux laptop for sale in Thailand. This sounded like exciting news at first, but it turns out that the HP laptop is being underwritten by the Thai government and won't be offered in the United States. Dell and IBM have offered Linux on some of their laptops in the past, but both companies have stopped doing so. Lindows.com -- not a major company, but important in the sense that they have managed to put machines with Linux pre-installed into some traditional retail channels -- announced a budget Linux-based portable computer this year, but it's not widely available (it's only available through one of Lindows.com's resellers) and it's seriously underpowered. So what is a Linux user to do? The only real options for Linux users are to buy a notebook or laptop computer that comes with Windows pre-installed, or to go to a smaller vendor that offers Linux on a portable. A few of the vendors that sell Linux pre-installed on laptops or notebooks are Emperor Linux, Qli Linux Computers and ASL. There are a number of reasons why you probably won't see Linux being offered by any of the big retailers anytime soon. For one thing, a vendor like Dell or IBM has a hard time offering what Linux users really want -- the most recent distribution on cutting-edge hardware. Lincoln Durey, president and founder of Emperor Linux, said that when major manufacturers have tried to offer Linux laptops they've tended to be at least one revision behind a distribution -- and usually only offer a choice of one or two distributions. And, when they have offered Linux they didn't offer a dual-boot system with Windows as well, something Durey says many of his customers are looking for. Durey also noted that all or almost all major components of a laptop will change every four to six months, which causes major difficulty for anyone trying to test compatibility with Linux as well as Windows on those machines. Ray Sanders, founder of Qli Linux, says that they're "almost guaranteed" that sound, video, USB and integrated Ethernet will work but "we never expect modems to work under Linux." Durey added that "PCMCIA is a perennial nightmare." Of course, that's a chicken and the egg problem. If the Dell, Toshiba and other big vendors started demanding Linux-compatible parts, it wouldn't take long before their upstream vendors responded. It's not as if there isn't demand for Linux on laptops, though it's not in the same kind of mass quantities that vendors like Dell are used to. Durey says that most of the demand they see is from university and government researchers or others who are buying a Linux laptop because that's also what they use at work. In other words, demand is increasing, but there still isn't a great demand from home users clamoring for a Linux notebook, at least not relatively speaking. Sanders says that Qli's sales of Linux laptops is "brisk," at least by their standards. "In my mind, moving a couple hundred notebooks a month is fantastic, whereas IBM and Dell need to move thousands of units to make it worthwhile." Durey said that Emperor's sales have been growing by 12 to 15 percent a year, after the initial boom in 1999 when the company hit the market. If Linux is going to gain mainstream acceptance, it's going to have to be available on laptops through normal retail channels. More and more people are choosing to buy a laptop for home use instead of a desktop PC, so it's vitally important that Linux be there if it's to catch on in the desktop market. Wrestling Linux onto a laptop designed only to run Windows can be a daunting task, and it certainly isn't something that Linux newbies want to attempt. Until the demand reaches a higher level, however, alternatives to installing it yourself will remain scarce.
Who speaks for the community?Recently, the "Open Forum Europe" released a statement in favor of software patents in Europe. Those signing on to the statement included Graham Taylor "...as a representative of the Linux/Opensource world." Of course, many people in the Linux community are not particularly sympathetic to an expansion of software patents, so they were something other than pleased with this "representation." Mr. Taylor has since backed off from any claims that he was representing the open source community. But the question remains: who does represent this community?The Linux / free software / open source / whatever community does tend to share a common set of beliefs. We wish to retain control over our computers (and our lives). We have little tolerance for limits - technical or legal - on what we can program. We have, through voluntary contributions, created a vast commons of increasingly capable software, and we intend to continue doing so. We respect technical excellence and working code; we have less faith in words. And, as a community, we have little patience with those who would position themselves as our leaders or representatives. We are a very independent-minded community that has managed to bring together a very broad spectrum of people and get them all to work together in a productive manner. But we are, as a community, not even remotely coherent enough to be represented or led by anybody. There is a certain Wild West charm to a leaderless, institution-free community. We see an itch in need of scratching, submit our patches, and ride off into the sunset. Our code speaks for us, and we need not tolerate some bozo making statements we may not agree with in our name. It feels free. On the other hand, we are a large community of highly talented people who have changed the software industry, and, increasingly, we are creating the software that runs the world. And, yet, our voice in political and industry circles is tiny. Governments happily adopt free software, while passing laws that make the software harder to develop and turn some of our hackers into criminals. With few exceptions, the computing industry pays little attention to free software in the development of its products. Once you look beyond the actual code we have published, we are a marginal force, dependent upon a handful of companies to pressure representatives, obtain hardware information, and extract protocols for us. The partnership with those companies has done the community much good, but we should not confuse their agenda with ours. At some point, one can only hope that the community will develop institutions that can express our common beliefs with a louder voice. Creating those institutions is unlikely to be an easy task for anybody who tries, however.
Security Brief items What is "unauthorized access"?Much of a security-oriented administrator's work has to do with the prevention of unauthorized access to a set of computing resources. So it is interesting to note that, as laid out in this paper by Orin S. Kerr, few people have really tried to nail down what "unauthorized access" really means. The paper discusses the issue in great detail; it is 80 pages long, and the author uses more footnotes than Lawrence Lessig or Terry Pratchett. After looking over a few decades of (U.S.) case law and legislation, he puts forward a couple of recommendations which, it is hoped, will help the courts achieve some sort of rational interpretation of the wide variety of computer crime laws in the U.S.The question of "access" is not as straightforward as one might think. Robert Morris (of the famous Morris Worm) tried to argue that he did not "access" all of the systems that his worm infected. Instead, he only accessed the systems where he launched the worm - and he had legitimate accounts there. The court didn't buy it, but the question remains. Back when the only way to get onto a system remotely was via modem, the act of "accessing" a computer was relatively straightforward. In the current world, however, does somebody "access" a computer by opening an ssh connection, pulling down a web page, sending an email, or sending a ping packet? Did you, gentle reader, "access" the numerous routers these words passed through on the way to your browser? Once you have a handle on what it means to access a computer, it's time to figure out what "unauthorized" means. Courts have found, for example, that a disgruntled programmer who deleted code from his employer's system engaged in unauthorized access, while a police officer who printed out drivers license photographs of female college students did not. A system administrator who password-protected a set of files was also found to have not engaged in unauthorized access. Violation of an ISP's or web site's terms of service has often been found to be unauthorized access. Verio was found to have made unauthorized accesses to Register.com's whois database for the simple reason that Register.com didn't like it. Mr. Kerr fears that overly broad interpretations of "unauthorized access" could eventually criminalize the everyday behavior of millions of net users. His recommendations are:
In other words, the author is proposing an anti-circumvention law for computing systems. In this case, anti-circumvention makes some sense; access controls serve as the "lock on the door" of a computer that belongs to somebody else. A person who breaks that lock cannot claim to have authorization. But a person who has simply gone against somebody's wish for how a computer should be used (violating terms of service, sending spam, "deep linking," etc.) should be dealt with using contract law. Nobody should face possible jail time for deep linking. The proposed interpretation has its own interesting issues, of course. For example, a denial of service attack is not necessarily an unauthorized access (though it can certainly violate other laws). Would sending spam which has been specially crafted to evade filters be circumvention of code-based access control? These questions remain tricky to answer. By looking at them closely, however, we at least stand a chance of having a better idea of what we are talking about.
New vulnerabilities kernel 2.4 - two new vulnerabilities
kopete: vulnerabiliy in GnuPG plugin
xinetd: Memory leak in xinetd 2.3.10
Updated vulnerabilities Heap corruption vulnerability in at
balsa: imap code buffer overflow
bind buffer overflow vulnerability in DNS resolver libraries
BitchX - denial of service
Bugzilla: several vulnerabilities.
Canna server: exploitable buffer overrun
dvips: command execution vulnerability
epic4: buffer overflows and arbitrary code execution
ethereal - format string vulnerability
evolution: multiple vulnerabilities
Filename disclosure vulnerability in fam
fetchmail: buffer overflow
file - memory allocation problem, stack overflow
GNU fileutils race condition
fuzz: symlink vulnerability
Potential remote root exploit in glibc
glibc: DNS stub resolvers contain buffer overflow vulnerability
glibc: integer overflow in the xdrmem_getbytes() function
gtkhtml: malformed messages cause crash
IMP - SQL injection vulnerability
kde: arbitrary code execution
kerberos - cryptographic weakness
kernel - ptrace-related vulnerability
kernel-utils: setuid vulnerability
leksbot: improper setuid-root execution
libpng, libpng3: buffer overflow
LPRng: insecure temporary file
lprold - buffer overflow in lprm
lynx: CRLF injection vulnerability
perl-MailTools: remote command execution
man - code execution vulnerability
mgetty spool permission
mod_auth_any: remote exploit
mysql - configuration file vulnerability
nethack: buffer overflow
NetPBM: math overflow errors
netscape-flash: buffer overflow
net-snmp: denial of service vulnerability
openssh: timing attack leads to information disclosure
openssl: local and remote extraction of RSA private key
pam_xauth: root exploit
PHP: vulnerability in mail function
PostgreSQL - more buffer overflows
PoPTop: remotely exploitable buffer overflow
Local arbitrary code execution vulnerability in Python
Multiple-use vulnerability in Safe.pm
slocate - buffer overflow
snort - multiple vulnerabilities
squirrelmail: more cross-site scripting vulnerabilities
File overwrite vulnerability in tar and unzip
TCP/IP: inconsistent flag handling
Multiple vendor telnetd vulnerability
typespeed: buffer overflow
vim - modeline vulnerability
vixie-cron: Local vulnerability
wget:directory traversal bug
Problems with libgtop_daemon
Wwwoffle remote privilege escalation vulnerability
Resources Linux Advisory WatchThe May 9 Linux Advisory Watch newsletter from LinuxSecurity.com is available.
Page editor: Jonathan Corbet Kernel development Brief items Kernel release statusThe current development kernel is 2.5.69; there has not been a development kernel release since May 4.Linus's BitKeeper tree contains some framebuffer fixes, more annotations of user-space pointers and makefile support for Linus's (still unreleased) kernel source analyzer, 48-bit IDE addressing support, a (hopefully) working IDE tagged command queueing implementation, the BIO "walking" API, more devfs cleanups (devfs_register() is gone), the USB "gadget" subsystem, a wireless networking update (and quite a bit of networking work in general), dynamic block I/O request allocation, a fair amount of SCSI cleanup work, a generic x86 subarchitecture, a number of TTY layer cleanups, a USB update, an IA-64 update, and a vast number of other fixes. The current stable kernel is 2.4.20; Marcelo released the second 2.4.21 release candidate on May 8. This patch fixes the aic7xxx problems (though not entirely to the satisfaction of the aic7xxx maintainer) and adds a fair number of other small fixes.
Kernel development news The 2.6 "must fix" listVersion 3 of the 2.6 "must-fix" list has been posted. The list has seen additions and removals, but is not getting a whole lot shorter.On May 14, a number of developers met via IRC to discuss this list; the IRC log is available for those who would like to see how the discussion went. A detailed writeup will be made available; briefly, the main points discussed were:
The discussion did not get through the entire list before time ran out (the Europeans were getting seriously tired, since it was after midnight there, and even kernel hackers begin to slow down about then). Another discussion next week is likely.
The Carrier-Grade Linux shopping listThe OSDL Carrier-Grade Linux project is slowly working toward making Linux suitable for high-stakes telecommunications deployments. To that end, the group has been working on a set of requirements that Linux must meet before it is suitable for such use. The version 2 specification is, with this week's release of the CGL clustering requirements, now complete. The full documents are available on the project's web site. For the busier people among us, here is a quick summary of some of the kernel-oriented requirements.
All together, it is a lengthy list which will not be fully supported by Linux for quite some time yet. Knowing where you want to go is always an important first step, however.
Security modules begin to appearOne of the (many) complaints leveled against the Linux Security Module (LSM) architecture is that it adds a whole new API, that has no users, to the kernel. That situation is changing, now; a couple of new security modules have been posted over the last week or so.The larger and less surprising of the two is the SELinux module. SELinux is the hardened version of the kernel implemented by the U.S. National Security Agency; it features a number of mandatory access control features designed to contain the damage that occurs if and when an application is compromised. SELinux has, in the past, been subjected to some patent claims, but the patent owners have been silent for some time and, one hopes, that issue has quietly gone away. Though a look at Secure Computing Corporation's last communication on the subject before using SELinux might still be prudent. SELinux is not yet proposed for inclusion within the mainline kernel; it is still being reviewed, and it depends on a series of other patches which have not yet been merged. Patent issues aside, the inclusion of modules like this should not be controversial, even at this stage of kernel development; they sit off to the side and do not have any effect on anybody who does not actually use them. More recently, Niki Rahimi (of IBM) posted a Trusted Path Execution module. This module divides all users into those who are "trusted" (root and anybody root has added to the list) and everybody else. Programs, too, are either trusted or not; trusted programs are those living in a directory which owned by root and not writeable by anybody else. Trusted users can run any executable in the system (subject to the usual access checks, of course), and anybody can run trusted programs. But untrusted users are not allowed to run untrusted programs. This module, thus, provides a simple mechanism for controlling which programs may be run on a system. The promise of the LSM scheme is that it will make it easy for developers and users to experiment with different security schemes. If all goes according to plan, LSM should enable the creation of a large library of security modules to the needs of many different sites.
Driver porting News from the driver porting seriesThis week's driver porting article (below) discusses the class mechanism, which is part of the device model. At this point, this series is nearing completion. There will be an occasional new article, and the existing base of articles (30 of them, now) will be updated as the kernel hackers do their best to make them obsolete. But these articles will no longer appear every week. Creating this series has been a lot of work, but also a lot of fun; many thanks to all of you for your support and helpful comments.
Driver porting: Device classes
To help with this sort of resource discovery issue, the driver model exports a "class" interface. Devices, once registered, can be associated with one or more classes which describe the function(s) performed by the device. Class memberships show up under the /sys/class sysfs directory, and, of course, can be decorated with all kinds of attributes. There are also mechanisms which provide notification - both within and outside of the kernel - when a device joins or leaves a class. The class interface can also be the easiest way for a driver to make arbitrary attributes available via sysfs. For many (if not most) drivers, class membership will be handled automatically in the higher layers. Block devices, for example, are associated with the "block" class when their associated gendisk structures are registered. (This class currently appears in /sys/block, incidentally; it will likely move to /sys/class/block at some point). Occasionally, however, it can be necessary to explicitly associate a device with a specific class. This article describes how to do that, and - though remaining superficial - it provides more information than is really needed in order to, with luck, provide an understanding of how the class system works. For those wishing for a hands-on example, the full source for a version of the "simple block driver" module that understands classes is available.
Creating a classIt is a rare device which exists in a unique class of its own; as a result, drivers will almost never create their own classes. Should the need arise, however, the process is simple. The first step is the creation of a struct class (defined in <linux/device.h>). There are two necessary fields, being the name and a pointer to a "release" function; the SBD driver sets up its class as:
static struct class sbd_class = {
.name = "sbd",
.release = sbd_class_release
};
The name is, of course, how this class will show up under /sys/class. We will get to the release function shortly, after we have looked at class devices. Beyond that, there is only one other thing that a class definition can provide: a "hotplug" function:
int (*hotplug)(struct class_device *dev, char **envp,
int num_envp, char *buffer, int buffer_size);
The addition of a device to a class creates a hotplug event. Before /sbin/hotplug is called to respond to that event, the class's hotplug() method (if any) will be called. That method can add variables to the environment that is passed to /sbin/hotplug; they should be put into buffer (respecting the given buffer_size) with pointers set into envp (but no more than num_envp of them, and with a NULL pointer to terminate the list). The return value should be zero, or the usual negative error code. Classes need to be registered, of course:
int class_register(struct class *cls);
The return value will be zero of all goes well. The void function class_unregister() will do exactly what one would expect.
Class devicesIf your device type lacks a specific registration function of its own (such as add_disk() or register_netdev()), or if you have created your own custom class, you may find yourself adding your device(s) to a class explicitly. Membership in a class is represented by an instance of struct class_device. There are three fields that should normally be filled in:
struct class *class; struct device *dev; char class_id[BUS_ID_SIZE]; The class pointer, of course, should be aimed at the proper class structure. The dev pointer is optional; it is used to create the device and driver symbolic links in the device's class entry in sysfs. Since user-space processes looking to discover devices of a particular class probably want to have that pointer, you should make it easy for them. The class_id is a string which is unique within the class - it becomes, of course, the name of the device's sysfs entry. Once the class_device structure has been set up, it can be added to the class with:
int class_device_register(struct class_device *class_dev);
class_device_unregister() can be used at module unload time. Once you register a class device, it becomes available to the world as a whole. If your class device is allocated dynamically, you must be very careful about when you free it. Remember that user-space processes can retain references to your device via your sysfs attributes; you must not free the class device until all of those references are gone. That, of course, is the purpose of the release function stored in struct class. This function has a simple prototype:
void release_fn(struct class_device *cd);
This function is called when the last reference to the given device goes away; it should respond by freeing the device. That call will typically happen when you call class_device_unregister() on the device, but it could happen later if other references persist. Please note that, if your class device structure is dynamically allocated, or it embedded within another, dynamic structure, you must use a release function to free that structure or your code is buggy.
Class device attributesAttributes are easily added to a class device entry. If the attribute is to be readable, it will need a "show" function to respond to reads; the function used to export the driver version in SBD looks like:
static ssize_t show_version(struct class_device *cd, char *buf)
{
sprintf(buf, "%s\n", Version);
return strlen(buf) + 1;
}
If the attribute is to be writable, you will need a store function too:
ssize_t (*store)(struct class_device *, const char *buf, size_t count);
These functions are then bundled into an attribute structure with:
CLASS_DEVICE_ATTR(name, mode, show, store);
The name should not be a quoted string; it is joined in the macro to create a structure called class_device_attr_name. The final step is to create the actual device attribute, using:
int class_device_create_file(struct class_device *,
struct class_device_attribute *);
You can call class_device_remove_file() to get rid of an attribute, but that is also done automatically for you when a device is removed from a class.
InterfacesThe term "interface," as used within the device model, is a bit confusing. A better way to think of interfaces is as a sort of constructor and destructor mechanism for class device entries. An interface provides add() and remove() methods which are called as devices are added to (and removed from) a class; their usual purpose is to add class-specific attributes to the class device entry. They can, however, perform any other kernel function that might be useful in response to class device events.Briefly, the creation of an interface requires the creation of a class_interface structure, which needs to have the following fields filled in:
struct class *class;
int (*add) (struct class_device *);
void (*remove) (struct class_device *);
Once the interface is set up with:
int class_interface_register(struct class_interface *);
The add() and remove() functions will be called when devices are added to (or removed from) the given class. A call to class_interface_unregister() undoes the registration.
Patches and updates Kernel trees
Build system
Core kernel code
Development tools
Device drivers
Documentation
Filesystems and block I/O
Janitorial
Memory management
Networking
Architecture-specific
Security-related
Benchmarks and bugs
Miscellaneous
Page editor: Jonathan Corbet Distributions News and Editorials Vector Linux for Low-End Hardware[This article was contributed by Ladislav Bodnar] With the plethora of Linux distributions available all over the Internet, it is too easy to miss some true gems. One of them is Vector Linux.Vector Linux is a distribution with a difference - its main goal is to be suitable for deployment on old hardware. This can be useful for low-budget institutions, such as schools, or organizations where IT spending has been given low priority. It is also perfect for those Linux developers who create for love, rather than money. How light-weight is Vector Linux? Its features page claims that the distribution will run fine on systems with 16 MB of RAM, while the full installation only requires 435 MB of hard disk space. And yes, this refers to an installation with a full graphical desktop! If this doesn't sound like quite an achievement, then remember that the most recent versions of Red Hat Linux will refuse to install on systems with less than 64 MB or RAM in text mode and less than 128 MB of RAM in graphical mode. While running a Linux distribution on older hardware might not always be the most satisfying experience, Vector developers have managed to ease the pain by carefully selecting the lightest applications possible. Thus, Opera is the only available web browser, Sylpheed the sole mail client and AbiWord is the lone office application. The only choice available to user is the presence of two window managers - IceWM and XFce. As a result, the size of the entire ISO image is kept down to 225 MB, download of which could even be considered by patient dial-up users. What is the philosophy behind Vector Linux? Robert S. Lange, Vector's Chief Architect outlines some ideas in this interview with Tinyminds.org: "Vector's popularity stems from the large base of old hardware users. All of the major distros have pretty much abandoned the old hardware users so I think I have a real responsibility to keep the Vector option open to those people." He continues: "I really see Vector as a midstream distro, somewhere in between the total geek Gentoo and the total newbie distros like Mandrake, Lycoris or (heaven forbid) Lindows. The beautiful thing is, just as in bottled water, there is room for all of us, because as individuals, we all have a choice." Vector Linux is based on the good old Slackware distribution, while maintaining full compatibility with its more famous cousin. This has an advantage that Slackware packages, both official and community contributed (e.g. by LinuxPackages.net), can be installed on Vector to expand its functionality. Vector Linux also provides a text-mode configuration tool called "vasm" for basic post-install hardware configuration. Besides the Standard Edition, Vector Linux also offers two other editions of the product. Vector's SOHO Edition is a complete distribution inclusive of KDE, OpenOffice and other tools for small businesses. Vector Live CD Edition is a distribution running directly from CD, provided for evaluation purposes or for use as a rescue disk. The latest versions of Vector's SOHO and Live CD offer hardware auto-detection and configuration. While all these products are available as free downloads, Vector's developers rely on sales of the packaged Deluxe Edition for income and continued development of the product. The newly introduced Club Vec is another way to contribute to the project. Vector's increasing popularity is reflected in positive reviews in the Linux media. A recently published and very thorough comparison review of several distributions by OSNews concludes that "Vector is an amazing distribution. It integrates some of the best software available into its base install, and it runs flawlessly." Another positive Vector 3.2 Deluxe review has been published by MadPenguin.org. If you need an OS for that old notebook lying idly under the table, then give Vector Linux a try. And if you happen to enjoy its speed and functionality, Vector's SOHO edition might just be that perfect OS even for your more powerful workstation.
The LWN Distributions ListThe LWN Distribution List has now grown to over three hundred entries. That can only mean one thing, it's time to start cleaning out the dead and dying distributions. We started the process of link checking with our Historical section and have found some dead links and sites which no longer contain a distribution. Three hundred thirty distributions are still listed. The following distributions have been removed:
Distribution News Debian GNU/LinuxThe May 14 Debian Weekly News is available; it looks at Debconf 3, the Open Publication License, Sarge release issues, and several other topics.DPL Martin Michlmayr is working on delegations, finding the right people to fill important Debian jobs. James Troup reports on the progress of his Debian developer's MIA check. Developers who are no longer active will be dropped from the key ring. Debian Planet reports on a new script for parsing update_excuses by Bjorn Stenberg, designed to answer questions like "Why is package X not in testing yet?". Debian Planet also looks at the progress of the Debian Mentors project. To see what's new look at the Debian Mentors Project ChangeLog.
Gentoo Weekly Newsletter -- Volume 2, Issue 19The Gentoo Weekly Newsletter for the week of May 12, 2003 is out, with a look at some upcoming major announcements.
Jasmine: The Lycoris Community MagazineThe Lycoris Community Newsletter has returned after a leave of absence, with a new name, and lots of Lycoris news to report.
Mandrake LinuxThe Mandrake Linux Community Newsletter for May 8, 2003 is out, with a look at the shipping of 9.1 packs, the release of Corporate Server 2.1 for AMD Opteron, and much more.A number of issues were present in the drakbackup tool, which have now been fixed in this updated drakxtools package.
Red Hat Linux bug fixRed Hat has an updated redhat-config-network package which fixes many bugs, now available for Red Hat Linux 7.3.
End of life for SuSE 7.1SuSE has announced that, as of May 16, no more security updates will be created for SuSE Linux 7.1. Versions 7.2 and beyond (along with the Enterprise Server products) remain supported.
Minor distribution updates Astaro Security LinuxAstaro Security Linux has released v4.005 with minor bugfixes. "Changes: This Up2Date improves LDAP Authentication with more user configurable options, adds an "Enforce IPSec policy" flag to IPsec policies, and a "Caching" option to HTTP Proxy. It also adds three new categories to Surf Protection and fixes some bugs from the known issue list."
College LinuxCollege Linux has released v2.3 with major feature enhancements. "Changes: The installer has been duly corrected. USB/PCMCIA hotplug functionality has been added. Preconfigured file sharing network support has been added."
Desktop ROCK LinuxDesktop ROCK Linux has released v2.0.0-beta2 with minor bugfixes. "Changes: This release fixes some minor bugs, updates some packages, and fixes some package build problems."
DyneBolicDyneBolic has released v1.0 alpha 5 with major feature enhancements.
Eagle LinuxEagle Linux has announced the release of Eagle Linux version 2.2. "Eagle Linux provides documentation which covers, in full detail, all steps neccessary to create a Linux distribution in less than 4MB which is fully network capable."
LEAF (Linux Embedded Appliance Firewall)LEAF Bering has released v1.2 with minor feature enhancements. "Changes: This release provides the latest grsecurity patch (1.9.9h), shorewall 1.4.2, ebtables support, pcmcia-cs 3.2.4, and better support for wireless devices."
MoviX and MoviX2MoviX has released v0.8.0pre6 with major bugfixes. "Changes: This release adds many big and small bugfixes, support for a few new hardware devices (e.g., Aureal audio cards and IEEE1394 devices), new subs fonts, and improved DVD support."MoviX2 has released v0.3.0pre4 with major bugfixes. "Changes: In this release, NVidia support was fixed, USB mice were fixed, the TV-out code was improved, support for IEEE1394 devices was added, Aureal audio card modules were added, support for extra MPlayer skins was added, and there were several script bugfixes."
Trustix Secure LinuxTrustix Secure Linux has announced the release of TSL 2.0 beta 2 (Hurricane). This is your chance to test and comment on it before it evolves into TSL 2.0.
Distribution reviews Guarding Your Systems With Guardian Digital (LinuxPlanet)Linux Planet looks at EnGarde Secure Linux. "EnGarde Secure Linux, designed to be a massively secure Linux platform, definitely falls towards the more specialized end of the distribution spectrum. Its Guardian Digital makers have consistently maintained their focus on this purpose for the product, and so far, the results are coming along nicely."
SuSE 8.2 -- better than Mandrake for new users? (NewsForge)Here's a NewsForge review of SuSE Linux 8.2. "I'm trying to think of any other tricks that might make SuSE 8.2 easier for you to use, but I doubt that you'll need any unless you're going beyond standard desktop applications, and if you spend a bit of time rooting around either in the SuSE manuals or in their extensive (and easily searched) online knowledge base you'll almost certainly find an answer to any question you may have." (Thanks to Lenz Grimmer)
Lindows in the living room - can you live with it? (Register)The Register takes a Lindows Media Computer for a test drive. "The LMC is essentially a standard iDOT low-footprint miniITX system with LindowsOS preinstalled. LindowsOS is essentially an implementation of Debian designed to offer the consumer a non-threatening and cheap alternative to Windows, and the business model is heavily dependent on 'Click-N-Run', which is a sort of combination of support mechanism, online store, discussion group and walled garden. And the living room PC? That will probably come out as we progress."
Red Hat Linux 9.0 Professional (ZDNet)ZDNet reviews Red Hat Linux 9 Professional. "In terms of technology, version 9.0 combines a few new elements with an upgrade to existing ones. It runs on Linux kernel 2.4.20, with desktop environments KDE 3.1 and GNOME 2.2. Both the Web server, Apache 2.0, and the C library, GNU libc 3.23, are the most recent versions, as well. Experienced Linux users should note that Red Hat 9.0 implements the new Native POSIX Thread Library (NPTL), which replaces linuxthreads as the library for multithreaded programming. NPTL promises to make Linux more stable and consistent--although technically, Linux kernel 2.6 is supposed to be the first kernel capable of fully supporting NPTL, so Red Hat may be jumping the gun in implementing it now. We didn't experience any stability problems as a result, however."
Page editor: Rebecca Sobol Development Imview: a portable image viewing and analysis applicationImview is a multi-platform image viewing and analysis application written by Hughes Talbot. The software has been developed for multi-platform operation, it runs under Linux, UNIX, Windows, and Mac OS/X.The list of Imview features and capabilities includes:
Some Imview online documentation is available, but it is fairly out of date. The FAQ page is available for common questions, and the screenshots page shows Imview in action. Imview has been written in C++ and uses FLTK, the Fast Light ToolKit for GUI features. LibTIFF, LibPNG, and ImageMagick are required for building the software. Version 1.0.1 of Imview was recently released, a version 1.1.1 is currently under development. Imview is available under the GNU GPL, the code is available for download here. Source code and precompiled binaries are available.
System Applications Audio Projects JACK 0.71.1 releasedVersion 0.71.1 of the JACK Audio Connection Kit is available.
Database Software PostgreSQL Weekly NewsThe May 7, 2003 edition of the PostgreSQL Weekly News is out with this week's PostgreSQL database development news.
Medical Software FreeMed Billing 1st Alpha (LinuxMedNews)LinuxMedNews covers the first alpha release of an open-source XML-based medical billing package called FreeMED.
Networking Tools POE 0.26 Released (use Perl)Use Perl has an announcement for version 0.26 of POE. "dngor writes: "POE is an award-winning networking and multitasking framework for Perl. Version 0.26 includes several bug fixes and a few new features. Thanks go out to everyone who helped make this release happen. This version fixes a few fatal problems within POE's core. It's therefore recommended that everyone upgrade, even if they haven't seen problems with previous versions.""
Twisted 1.0.5 announcedVersion 1.0.5 of the Twisted event-driven networking framework is available. Among other things, this version requires Python 2.2, and the component architecture has been made closer to Zope3.
Printing PyKota 1.07 ReleasedVersion 1.07 of the PyKota print quota system has been released. "The external accounting methods driver was left out of the CVS tree. Nobody could use it since it wasn't included !"
Security Secure Programming Techniques, Part 4 (O'Reilly)O'Reilly has published part four of a series of book excerpts on secure programming techniques. "In this week's final excerpt of the series, we have tips on using passwords more securely, and on generating random numbers, both of which play important roles in maintaining computer security."
Web Site Development CGI::Kwiki (O'Reilly)Brian Ingerson introduces CGI::Kwiki on O'Reilly. "This article is about a new Perl module called CGI::Kwiki. With this module you can create a Wiki Web site in less than a minute. Now that's quick. Or more appropriately, ``That's Kwik!''"
Tiki 1.6 released (SourceForge)Version 1.6 of TikiWiki, a Web Wiki platform, has been released. The release summary says: "Plenty of good news; install script added, notable performance improvement, less memory consumption, and alot of new features: user calendar, user tasks, user notepad, newsreader, ephemerides, link directory, wiki structures, new plugins and more! Tiki is full featured content management system suited to many types of online communities. Features include news, topics, wiki, polls, trackers, image galleries, froums, blogs, webmail, and much more. Using PHP, MySQL and Smarty."
VimZopeEditor 1.0 released (ZopeMembers)Version 1.0 of VimZopeEditor, a plugin VIM editor for Zope, has been released. "This program is a plugin in VIM editor for ZOPE, you can edit ZPT or DTML files with VIM more conveniently. I want to add more features in ZOPE, such as Python, SQL method etc. It will be a full editor for Zope. It's a powerful tools especially when you edit files with VIM and ExternalEditor by Casey Duncan."
Zope 2.6.2 Beta 1 Released (ZopeMembers)ZOPE version 2.6.2 Beta 1 has been released. "Users of the Zope source release should note that Python 2.1.3 is now the required platform. Python 2.1.3 includes a fix to an issue that could cause crashes in Zope." A number of additional fixes are included.
Desktop Applications Audio Applications netRhythmbox 0.4.8 released (GnomeDesktop)Version 0.4.8 of netRhythmbox, a music player and organizer for GNOME, has been released. "This should hopefully be the last bugfix release before the next major version, 0.5.0, which will be released from CVS head. Incidentally, if you have had crashing problems with netRhythmbox, I'd be interested to know whether this release fixes them or not for you."
Planet CCRMA updatesThe Planet CCRMA site hosts a collection of RPM packages for transforming a RedHat based computer into an audio workstation. A number of packes have been updated recently, see the changelog document for details.
WaveSurfer 1.5.1 availableVersion 1.5.1 of WaveSurfer, an audio file editor, is available. The changes include a new seconds time format, the use of Snack 2.2.2, enhancements, bug fixes, and more.
Desktop Environments GNOME 2.3.1 changes (GnomeDesktop)Gnomedesktop.org has published a list of new features that are included in GNOME 2.3.1. "Here is a compilation of the release notes and NEWS files available for the various modules and proposed modules updated for the GNOME Development Series Snapshot 2.3.1...." Also, see the GNOME 2.3.1 announcement.
GNOME Summary for May 10, 2003This GNOME Summary covers April 20 to May 10, 2003 and includes the GNOME Development Series Snapshot 2.3.1, the first release of CCMTools, Mozilla and Bonobo together at last, and many other topics.
KDE Traffic #50Issue #50 of KDE Traffic has been published. Topics include: Visual feedback during execution of commands, Streamlining bugs.kde.org, A very big thanks, Patches for KWord, OpenOffice Plugin Just In, Alas - KOffice Icons Reloaded, and KPDFIMPORT - Not in KOffice's Beta, but later.
KDE-CVS-DigestThe May 9, 2003 edition of the KDE CVS Digest is out, here's what's happening this week: "KOffice developers add a number of templates to Kspread, and work towards Excel compatibility. KStars now has interface to telescope hardware. Kwin and Kdesktop fine tuning continues. Work continues on freedesktop.org standards implementation."
Games ScummVM 0.4.0 released (SourceForge)A new version of ScummVM has been released. "ScummVM is a cross-platform interpreter for SCUMM-based games, used by LucasArts in games like: Maniac Mansion, Monkey Island, Day Of The Tentacle, The Dig, etc. It also includes an non-SCUMM interpreter for Simon The Sorcerer 1/2." For change information, see the release notes.
GUI Packages New Glade 2 Tutorial PublishedA tutorial for Glade2, known as Graphical Interface Development with Glade2, has been published. Glade assists with the construction of GUI software for GTK+.
Interoperability Wine Traffic #169Issue #169 0f Wine Traffic is available. Topics include: Wine-20030508, Lycoris GamePak, Compiling Mozilla With Wine Tools, Solaris x86 Status, Broken flex, Building a Windows API Database, and WinZip Registry Patch.
Wine 20030508 releasedVersion 20030508 of Wine has been announced. Changes include a source tree reorganization, new steps toward kernel/ntdll separation, Direct3D improvements, more compatible COM interface definitions, and many bug fixes.
Office Applications AbiWord Weekly NewsIssue #143 of the AbiWord Weekly News is out with the latest AbiWord word processor news. "Dom, Martin and Tomas go all out to make 1.9.1 worth your while. Really, this time, it's coming out! Also, the Open Text Summariser gets it official plugin announcement. And, we have some updated screenshots for the mail merge utility! Donuts within."
AbiWord 1.9.1 released (GnomeDesktop)Gnomedesktop.org has an announcement for AbiWord version 1.9.1. "I'm very happy to announce the release of AbiWord 1.9.1 and AWN 142. 1.9.1 is easily our most featureful release ever and I believe one of our most stable releases ever. It is easily the most stable version in our current development series, and worth trying out and reporting bugs against."
GnuCash 1.8.3 Released (GnomeDesktop)Stable version 1.8.3 of the GnuCash money handling application has been released, and includes many changes.
Web Browsers Mozilla 1.4 Beta is outVersion 1.4 Beta of the Mozilla browser is available with lots of bug fixes and speed improvements. See the release notes for more information.
Christopher Blizzard of mozilla.org Speaks on the Firebird Naming Conflict (MozillaZine)MozillaZine is running an interview with Christopher Blizzard about the whole Firebird name dispute. "We're simply using a name that's been used over and over again in the past. We've been called all sorts of nasty names over the past few months, being accused of all kinds of malice and ill intent. I can assure you this is not the case. The reality is that if we're guilty of anything it's being a bit apathetic."
Miscellaneous KFLog: Flight Planning and Analysis for KDEVersion 2.1.0 of KFLog, a glider pilot's flight log analyzer program, has been announced. "The KFLog Team is proud to announce the latest major release of KFLog. KFLog (screenshots) is a flight analyser program aimed at glider pilots and is the only of its kind for Linux to be recognized by the FAI IGC. Of course, KFLog runs on any KDE platform, not just Linux, and with KFLog/Embedded and Cumulus on Qtopia/Opie, even PDAs are supported. With the introduction of version 2.1.0, KFLog gives glider pilots a powerful tool to plan their flight tasks, analyse their own flights or gawk at the recorded flights filed in the Aerokurier Online Contest."
Languages and Tools C++ C++ Memory Management: From Fear to Triumph (O'Reilly)George Belotsky covers C++ memory management issues on O'Reilly with part one of a three part series. "This article, part one in a series, discusses C++ in the context of several other popular languages. It also describes the kinds of memory errors that can occur in C++ programs. The most common specific errors are then presented in a set of tables, for easy reference when developing your own code."
Caml Caml Weekly NewsThe May 6-13, 2003 edition of the Caml Weekly News is out. Topics include: ODLL Release, XmlLight 2 Release, Paper on zippers, Structural vs physical equality, and Ocaml-MySQL 1.0.0.
O'Caml SchtuffShawn Wagner's O'Caml Schtuff site lists the release of Ocaml-MySQL 1.0.0, a library for binding MySQL to O'Caml.
Haskell Haskell Communities and Activities ReportThe 4th edition of the Haskell Communities and Activities Report has just come out, with news of all the latest developments in the Haskell community. Thanks to Jens Petersen.
Java Create native, cross-platform GUI applications, revisited (IBM developerWorks)IBM's developerWorks has an updated article on cross-platform GUI development under Java. "Just over a year ago, Java developer Kirk Vogen explored combining the GNU Compiler for Java, Linux, and the Standard Widget Toolkit (SWT) to create native, cross-platform Java applications. In this article, Kirk revisits the topic and covers support for Windows, GNOME, and SWT 2.0. This time he uses Ant to illustrate automated builds of your native applications, then shows you how to bring it all into the Eclipse IDE."
Black Box Web Testing with HttpUnit (O'Reilly)Giora Katz-Lichtenstein discusses black-box testing on O'Reilly. "Automated software tests are crucial for IT projects. They enable continuous modifications to an existing code base without the fear of damaging existing functionality. They are executed at will and don't carry the costs and inconsistencies associated with manual tests."
Perl This Week on perl5-porters (use Perl)The May 5-11, 2003 edition of This Week on perl5-porters has been published. The summary says: "scoops about RedHat 9 - the possible future of CPAN packaging - some overloading - old and new error messages - Windows killing - and other interesting stuff."
This week on Perl 6 (O'Reilly)The May 7, 2003 edition of This week on Perl 6 is out. "A quiet week this week. Even the hotbed of discussion that is perl6-language saw fewer than 100 messages. However, in accordance with tradition, I'll start with perl6-internals, which saw all of 47 messages this week, none of them from Leon Brocard."
PHP PHP Weekly SummaryThe May 12, 2003 PHP Weekly Summary is out. Topics include: "conversion to libxml2, SimpleXML for PHP, stdio removal, apache2handler, replacing errors with exceptions, Kerberos extension, Apache vhosts, COM extension."
Python April Python-dev SummaryThe Python-dev Summary for April is out; it looks at garbage collection, a potential move away from SourceForge, the 2.3b1 release, the status of various PEPs, and a vast number of "quickies."
Dr. Dobb's Python-URL! for May 12, 2003The Dr. Dobb's Python-URL for May 12, 2003 is available. This week read about an elegant puzzle-solving framework by Raymond Hettinger; the application of a design principle by Tim Peters; David Mertz describes a possible book on Python metaprogramming; and much more.
Python Imaging Library Version 1.1.4 releasedVersion 1.1.4 of PIL, the Python Imaging Library, is available. This release features bug fixes, see the changes document for the full story.
Ruby Ruby Weekly NewsThe May 12, 2003 edition of the Ruby Weekly News is out. Threads include: Symbiosis offer: trade Ruby for German :-), ruby-dev summary #20112 - 20158, petition for raa-install to be included in 1.8, and SOAP in 1.8 standard library?.
Tcl/Tk Dr. Dobb's Tcl-URL!The May 8, 2003 edition of the Dr. Dobb's Tcl-URL has been published, check it out for the latest Tcl/Tk news.
Dr. Dobb's Tcl-URL!The May 12, 2003 edition of Dr. Dobb's Tcl-URL! has been published. Take a look for this week's Tcl/Tk news.
Tcllib 1.4.0 released (SourceForge)Version 1.4.0 of tcllib, "a Tcl-only library of standard routines for Tcl", has been released. "This release is a minor version change which fixes numerous bugs and provides a lot of enhancements as well."
XML XML development with Eclipse (IBM developerWorks)Pawel Leszek writes about XML development on the Eclipse platform. "This article gives you an overview of how the Eclipse Platform supports XML (Extensible Markup Language) development. Eclipse does not support XML code editing right out of the box. However, because Eclipse is a platform-independent framework for building developer tools, you can add support for new languages relatively easily."
Berkeley DB XML: An Embedded XML Database (O'Reilly)Paul Ford introduces Berkeley DB XML on O'Reilly. "Berkeley DB XML is an open source, embedded XML database created by Sleepycat Software. It's built on top of Berkeley DB, a "key-value" database which provides record storage and transaction management. Unlike relational databases, which store data in relational tables, Berkeley DB XML is designed to store arbitrary trees of XML data. These can then be matched and retrieved, either as complete documents or as fragments, via the XML query language XPath."
XSLT 2 and Delimited Lists (O'Reilly)Bob DuCharme writes about delimited lists under XSLT 2.0 in his Transforming XML column. "The XSLT 2.0 specification is still a Working Draft, so you don't want to build production code around it, but it's still fun to try out some of the new features offered by the next generation of XSLT and XPath. In the next few columns, I'll look at some of these features. Most functions have been separated into their own specification, separate from the XPath 2.0 spec, because they're shared with XQuery: XQuery 1.0 and XPath 2.0 Functions and Operators."
Internationalizing the URI (O'Reilly)Kendall Grant Clark covers the current state of XML URI specifications on O'Reilly. "As Paul Grosso said at the end of April, the progress of the XML 1.1 and Namespaces 1.1 recommendations may be slowed, if not stopped altogether, because of issues raised by the future of URIs. That is to say, because the future, in the form of IRIs, isn't here yet. The W3C's Technical Architecture Group has been unable to reach consensus on its Issue 27, which asks whether, when, and how to integrate IRIs into the core recommendations of the Web. One of the problems is that IRIs aren't finished yet, and it's notoriously tricky to rely on a formal concept or standard which, in some strict sense, doesn't yet exist. It's perfectly reasonable for the TAG and for other W3C Working Groups to point at the eventual IRI RFC and say, "do it like that". But until that RFC is finished, pointing blindly may cause more trouble than simply waiting till it is."
Miscellaneous Anjuta 1.1.1 Beta GNOME2 port released! (SourceForge)Version 1.1.1 Beta of the GNOME 2 port of the Anjuta IDE has been announced. "We are please to annonce the release of Anjuta GNOME2 port version 1.1.1 Beta. Anjuta is a versatile IDE for C and C++, written for GTK/GNOME. Features include project management, application wizards, an onboard interactive debugger, and a powerful source editor with browsing and syntax highlighting."
LTP release announcement 2003.05.08 (SourceForge)A new release of the Linux Test Project, a Linux test suite, has been announced. "The latest version of the testsuite contains 1800+ tests for the Linux OS. Our web site also contains other information such as: test results, a Linux test tools matrix, an area for keeping up with fixes for known blocking problems in the 2.5 kernel releases, technical papers and HowTos on Linux testing, and a code coverage analysis tool."
Language FermentationTim Bray writes about language fermentation, and compares strongly and weakly typed languages. "C, C++, Java, C#, R.I.P.? Thus the big question: if the strong-typing advantages of conventional compiled programming languages are moot, do we really need them? In 2020, will everyone be a Python programmer?"
Page editor: Forrest Cook Linux in the news Companies IBM details Blue Gene supercomputer (News.com)News.com looks at IBM's Blue Gene supercomputer. "IBM has begun building the chips that will be used in the first Blue Gene, a machine dubbed Blue Gene/L that will run Linux and have more than 65,000 computing nodes, said Bill Pulleyblank, director of IBM's Deep Computing Institute and the executive overseeing the project. Each node has a small chip with an unusually large number of functions crammed onto the single slice of silicon: two processors, four accompanying mathematical engines, 4MB of memory and communication systems for five separate networks."
Composer to get another hearing (News.com)News.com covers the resurrection of Mozilla's Composer. "Minutes from an April 28 Mozilla staff meeting where Glazman volunteered to take ownership--an open-source development term indicating authority over a project--indicated that Composer would live on as an extension to the new Mozilla browser rather than a standalone application."
Oracle raises Red Flag Linux over China (ZDNet)Oracle pushes "Unbreakable Linux" into China, according to this CNetAsia article. "The Oracle China Development Centre and Red Flag have completed certification of Oracle9i Database on the Red Flag Linux operating system, and are now working together on certification of the remainder of Oracle's complete product line on the new Red Flag Data Centre Linux operating system."
Red Hat, Fujitsu sign partnership (News.com)News.com covers a partnership agreement that will put Red Hat Linux on Fujitsu's Intel-based computers. "The companies will work to ensure Fujitsu's software and hardware works with the Red Hat Enterprise Linux product family. The agreement involves Fujitsu servers built on Intel Xeon or Itanium processors."
Linux Adoption Governments are latching on to Linux (ZDNet)ZDNet covers Linux adoption in Asia. "In March, Japan, South Korea and China signaled their strong endorsement for open-source with the formation of an alliance to develop a Linux-based OS and related applications. The partnership is made up of IT Associations in the three countries and has received financial backing from Korean and Chinese authorities. One official from the China's Ministry of Information Industry also sits on the board of the new body, lending further weight the pro-Linux stance of the mainland."
How One Microsoft User Made The Switch To Open Source (TechWeb)This TechWeb article follows a once-loyal Microsoft user as he switches to open source. "Meanwhile, the open-source community was making products that were growing more stable by the day and at a fraction of the costs offered by Microsoft. Most of the products were running on Linux, using Apache as their Web server. By 2001-2002, they had grown mature enough to be considered enterprise-grade. I decided enough was enough, and it was time to move on over to the open-source world."
Both sides come out swinging in the open source battle (ZDNet)Here's an opinionated column on ZDNet about proprietary software companies and how they deal with free software. "Each of the 'open source' parasites is happy to ride on the backs of the millions of developers around the world who worked to create products like Linux, MySQL, and Apache but not nearly as willing to open up their own products to either help these same developers learn about their inner workings or help to enhance them. With all this lip service about openness, it seems that each of the companies playing in open source is basically in it to get a free operating system (Linux) or access to free application software (Apache or MySQL) that helps them sell their proprietary products without having to invest significant money for their own R&D."
Legal OpenForum Europe rejects Perens charges (Register)The Register has an open letter from Graham Taylor, Director OpenForum Europe, clarifying OpenForum Europe's position on software patents. "OpenForum Europe's position is that a lack of clarity about the intent and purpose of software patents would be potentially even more damaging to the interests of European software developers. Our focus is to ensure that as much as possible is done to ensure that any patents are carefully granted and not used in anti-competitive ways; in particular they should not be used to prevent the development of Open Source alternatives to proprietary products. It is this respect that we are supporting the positive revisions proposed in Arlene McCarthy's opinion now being considered by the European Parliament for the granting of patents."
Interviews Interview with Eric PouechThe Wine HQ has an interview with Eric Pouech. "This week's interview is with Eric Pouech. Eric hails from France and has been involved with Wine for a number of years. His involvement has centered around multimedia work, the wine console, and the debugger. Most of the questions below center on one of those areas."
Interview: SCO's Chris Sontag (vnunet)vnunet interviews Chris Sontag, the SCO vice president in charge of the whole "SCOSource" initiative. "Finally. Somebody raised a possible problem that you yourselves distribute the infringing code under the GPL licence. Do you see that as a problem from your point of view? No we do not, because you do not have an infringement issue when you are providing customers with products that have your intellectual property in them." But you may have a GPL issue. (Thanks to Joe 'Zonker' Brockmeier).
Resources Linux Productivity Magazine - Volume 2 Issue 4 & Issue 5Two issues of Linux Productivity Magazine are available, with a detailed look at securing your system. The April issue focuses on Tripwire. "Tripwire is an Open Source program created to monitor changes in a key subset of files identified by you, and report on any changes in any of those files. When changes are detected, you, as the sysadmin, can determine whether those changes occurred due to normal, permitted activity, or whether they where caused by a breakin. If the former, you can update the system baseline to the new files. If the latter, you can shut down and begin repair and forensic activities."The May issue is devoted to IPTables. "IPTables is a firewall program. It can restrict access by port, by IP address, or by the properties of packets. Firewalls aren't everything you need for security, but they're an excellent first step."
Reviews Visit to a Strange Program (Linux Journal)Linux Journal takes a walk on the silly side, with several fun programs that run on Linux. "The obvious approach is to showcase some of the marvelous tools used by talented open-source programmers to improve and enrich the Linux landscape. It is on that note that I would like to point out the following: sometimes, those talented programmers are simply playing, having a bit of fun. Sometimes, the programs they turn out are silly, bizarre and, occasionally, plain weird. Those are the people I wish to honor with today's menu."
Database dichotomy (News.com)News.com looks at competition in the database arena. "The wild card in the database market is the open-source alternative, MySQL, from a Swedish company of the same name. While MySQL handles relatively simple database applications, other open-source projects, such as the ObjectWeb consortium, are pushing advanced database features into the realm of free software. The combination of MySQL and ObjectWeb's clustering software might be good enough for buyers who otherwise would have bought from the big three database makers."
Miscellaneous Csound is now Open Source!Csound, a C language software musical synthesis package that has been around since 1985, is now available under the GNU-LGPL license.
Embedded Linux: Semantics and Reality (O'ReillyNet)Karim Yaghmour writes about embedded Linux in this O'ReillyNet article. "Let's put it bluntly: embedded Linux doesn't exist. Embedded Linux is the stuff of glitzy announcements, hype, and other marketing mumbo jumbo. That is, at least, the conclusion I am forced to reach after having spent two years writing a book about the use of Linux in embedded systems, which is an entirely different subject. For had I written a book about "Embedded Linux," it would most certainly have been prime material for Marketing 101."
Page editor: Forrest Cook Announcements Commercial announcements ActiveState Active Awards: Vote for your favorite programmerActiveState has announced the third annual Programmers' Choice and Activators' Choice Awards. The awards honor those individuals who *actively* contribute to open languages and display excellence in their programming efforts. Awards will be presented in each of ActiveState's key technologies: Perl, PHP, Python, Tcl, and XSLT.
Announcing the second Ghostscript bug bountyArtifex will be holding the second GhostScript Bug Bounty contest. "In preparation for the AFPL Ghostscript 8.20 release, Artifex Software, Inc., and artofcode LLC are pleased to announce the second instantiation of our "bug bounty" program. Basically, for each bug you fix, you get $500. We hope that this program will improve the quality of the 8.20 release, increase community participation, and give a little something back to the corps of volunteers who help with the Ghostscript testing and bug fixing process. We currently have over 100 bugs in the tracker, and would like to get that as close to zero as possible."
Astaro Raises $6.2 Million in First Round Venture FundingAstaro Corp. has announced that it has raised a Series A round of $6.2 million from co-investors Insight Venture Partners of New York and Wellington Partners of Munich, Germany. Funding will be used to broaden its Linux-based product portfolio, expand its channel partner program and deepen its strategic alliances with hardware OEMs.
Fujitsu Siemens packages SuSE Linux with PRIMERGY ServersFujitsu Siemens Computers and SuSE Linux announced a joint offering combining PRIMERGY servers with SuSE Linux Enterprise Server 8.
Jupitermedia Announces Sponsors for Enterprise Linux Forum Conference & ExpoJupitermedia Corporation has announced that its upcoming Enterprise Linux Forum Conference & Expo Spring 2003 will take place June 4 - 6, 2003 at the Santa Clara Convention Center in Santa Clara, California. IBM is joined by Oracle and Red Hat as sponsors of the event. Keynote speakers are also announced in this press release.
Linux Networx adds VPsLinux Networx, continuing its push to take over the Linux cluster supercomputer market, has announced the hiring of a new set of vice presidents. The six new suits come from companies like HP, Penguin Computing, VA Linux Systems, Novell, and Cray.
"The Book of Webmin" from by No Starch PressNo Starch Press has released The Book of Webmin, by Joe Cooper, a detailed look at the web-based systems administration toolkit. The book is a revised version of the Webmin online documentation, also written by Joe Cooper.
OpenAccess 2.1 Released to Coalition MembersOpenAccess has announced the release of the OpenAccess 2.1 API to Coalition members. The API will be released to the public in July, 2003. "The OpenAccess Coalition, a group of 16 top electronics and electronic design automation (EDA) companies focused on creating a standard for true interoperability, today announced the immediate availability of the OpenAccess 2.1 API and reference database to its members with release to the entire industry targeted for July 2003. The new release provides significant enhancements, including database support to maintain a full relationship between logical and physical hierarchies, thread-safe multi-processing support, and improved performance to further address the needs of customers seeking a common, open database for integrated circuit (IC) design."
PSSC Labs Builds Supercomputer for NASA Ames Research CenterPSSC Labs announced the sale of its new Hyperwall super computer/giant display to the NASA's Ames Research Center. The system runs Red Hat Linux version 7.3. "Fifty high-end servers, integrated by PSSC Labs, power the Hyperwall, Each server contains two AMD Athlon MP processors 2000+ mounted on Tyan Tiger S2466N motherboards. The display element of the Hyperwall is composed of a 7'x7' matrix of 18.1" liquid crystal displays. Aggregate pixel count for the entire Hyperwall exceeds 64 million. Graphic displays are controlled by 128MB Nvidia Geforce 4 Ti 4600 AGP video cards."
Sendmail Inc. Introduces Workforce Mail with HP and Intel: Email for Deskless WorkersSendmail Inc. has announced it is working with HP and Intel to launch Workforce Mail, a complete Linux-based mail solution. "Workforce Mail allows mobile employees such as hospital nurses, field service staff, warehouse/store managers or delivery personnel to use email via kiosks or other wireless access devices. The solution enables them to communicate with company headquarters, human resources and other departments, providing a means to share job-critical information with customers, colleagues and supervisors effortlessly via email."
Trustix Small Office ServerTrustix has announced the availability of Trustix Small Office Server, a version of the Trustix Secure Linux distribution which comes preinstalled on an IBM server (a software-only version is available as well).
Resources The Linux Migration Quick ReferenceThe Linux Migration Quick Reference is a site that gives you a nuts and bolts view of how to get things going in Linux in the shortest amount of time.
LDP Weekly NewsThe May 13, 2003 edition of the LDP Weekly News is out with the latest Linux Documentation Project news. Take a look for the latest new documentation.
GNOME Talks! (GnomeDesktop)Gnomedesktop.org mentions the availability of a talk on GNOME accessibility issues. "In the first of a four-part series from the American Council of the Blind, Sun accessibility engineer Marc Mulcachy discusses the current usability of GNOME for blind users [MP3 Audio/30min.]"
Alternative Csound Reference ManualVersion 4.23-1 of the Alternative Csound Reference Manual has been published. "The Alternative Csound Reference Manual is a reference manual for the Csound program. It has been updated for the latest canonical version of Csound, 4.23, and includes many working examples. The Csound program is a digital audio synthesis program distributed by John ffitch at the University of Bath".
Upcoming Events HP, IBM, Oracle on Board to Exhibit at LinuxWorld in San FranciscoIDG World Expo is gearing up for LinuxWorld Conference & Expo, August 4 - 7, 2003 in San Francisco. Computer Associates, HP, IBM, Intel Corporation, Oracle, Red Hat and Sun Microsystems as well as growing companies like Pogo Linux Inc. and APPRO are just a few of the companies that have signed up to exhibit during the expo.
International Lisp Conference 2003 CFPThe second call for participation has gone out for the International Lisp Conference 2003, which will be held in New York City on October 12-15, 2003.
EuroPython 2003The Second Annual European Python and Zope Conference will be held in Belgium on June 25-27, 2003.
Perl Mongers Italia (use Perl)Use Perl reports on the state of the Italian Perl Mongers groups. "larsen writes "The currently active Italian Perl Mongers Groups (Nordest.pm, Roma.pm, Bologna.pm and Pisa.pm) recently began to structure their activities at a higher level. We started with wishful talk on IRC and end up organizing the first Italian national meeting of Perl Mongers Italia for Perl Users and Perl Mongers Groups."
Events: May 15 - July 10, 2003
Software announcements This week's software announcementsHere are the software announcements, courtesy of Freshmeat.net. They are available in two formats:
Miscellaneous Major release of the Jargon FileEric Raymond has announced the release of version 4.4.0 of The Jargon File, an assortment of amusing UNIX anecdotes. "The Jargon File is a central part of the heritage of the Linux and open-source movements. As we approach the File's 30th anniversary, it is my pleasure and honor to bring the hacker community a major new release, 4.4.0."
Page editor: Forrest Cook
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||