LWN Weekly Edition
Leading itemsSecurity
Kernel development
Distributions
Development
Linux in the news
Announcements
->Multipage format
This page
Previous weekFollowing week
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
LWN.net Weekly Edition for May 29, 2003MySQL and SAPCorporate code releases are always an uncertain prospect. The contribution of a large body of code is always welcomed, but only time will tell what sort of development and user community will eventually develop around that code. SAP released its relational database management system (SAP-DB) to great fanfare in October, 2000. Compared to some of that month's other events (Atipa acquires OpenNMS, VA Linux hires the Debian project leader, the PostgreSQL hackers to go work for Great Bridge, EBIZ and the Linux Mall merge, Turbolinux gets $30 million in venture funding, LynuxWorks files for its IPO, Progeny Linux ships its first beta distribution, Linus claims "no show-stopper bugs" in 2.4.0-test10), SAP-DB has been a raging success. Still, relative to the other free database systems (PostgreSQL, MySQL, and perhaps even Interbase/Firebird), SAP-DB has not pulled in a particularly large community.Nobody can say the same thing about MySQL. This free relational database manager, despite a lingering reputation for lacking the features that "real" database systems have, claims some four million installed systems. MySQL's user community is large and strong, and MySQL AB, the copyright holder for MySQL, is apparently thriving. But MySQL's "fast, reliable, but still a toy" reputation (at least in some circles) is probably not helping MySQL AB win those really big contracts. So the announcement of a partnership between MySQL AB and SAP makes a fair amount of sense for both sides. Under this deal, MySQL AB gets the right to sell commercial versions of SAP-DB, which will be relicensed entirely under the GPL and renamed. SAP-DB will thus become a product much like the current MySQL offerings, but one aimed at "enterprise" deployments. MySQL AB gets a new product to sell which has a lengthy large-deployment track record and which should prove easier to market to large companies. SAP's sales force and existing large company customer base should also prove most helpful in that regard. And, of course, MySQL gets to mix together the best of both systems to create "the next-generation MySQL open source enterprise database." SAP, meanwhile, gets access to a brand with great respect in the free software community. MySQL AB has a proven ability to create an active developer and user community around a free database system; this skill will come to great use in reviving interest in the database formerly known as SAP-DB. More significantly, however, is the fact that MySQL AB has figured out how to sell proprietary licenses to a free software product, pleasing its customers while simultaneously avoiding alienating the developer community. The company's ability to walk that fine line bodes well for SAP-DB's future. If there is a down side to this deal, it is that the SAP-DB client libraries, which were formerly licensed under the LGPL, will, in the future, only be available under the GPL. That change is crucial to the entire strategy, of course; it is the lever that will force proprietary software vendors to buy a commercial license. But it is a change which will upset users who were making use of the previous LGPL licensing; a look at the sapdb-general mailing list shows a handful of messages from users who are unhappy with the new state of affairs. Of course, those users have not really lost anything; the current SAP-DB release cannot and will not be taken away from them. They simply will not have the same access to future releases. SAP-DB users have the right to fork the code base and maintain the code independently, and they might just do so. But it is hard to see a forked SAP-DB attracting a larger community than SAP-DB has now, especially when the folks over at MySQL appear to be having all the fun.
The SCO case gets weirderWe were planning to keep SCO off the front page this week. Really. But no such luck.This week's fun centers around a press release issued by Novell. But first some background: SCO, recall, has been trumpeting its ownership rights in the Unix source and patents for some time. The main "SCOsource" page states:
SCO is the owner of the UNIX Operating System Intellectual Property
that dates all the way back 1969, when the UNIX System was created
at Bell Laboratories. Through a series of mergers and acquisitions,
SCO has acquired ownership of the patents, copyrights and core
technology associated with the UNIX System.
The patent claim was effectively debunked by Don Marti back in March, but the ownership claim has gotten an easier ride. Until now. Novell, the company which obtained Unix from ATT, has issued a press release taking issue with SCO's claims. In particular, Novell is asserting that it still owns the copyrights on the Unix code base:
Importantly, and contrary to SCO's assertions, SCO is not the owner
of the UNIX copyrights. Not only would a quick check of
U.S. Copyright Office records reveal this fact, but a review of the
asset transfer agreement between Novell and SCO confirms it. To
Novell's knowledge, the 1995 agreement governing SCO's purchase of
UNIX from Novell does not convey to SCO the associated copyrights.
We believe it unlikely that SCO can demonstrate that it has any
ownership interest whatsoever in those copyrights. Apparently, you [SCO]
share this view, since over the last few months you have repeatedly
asked Novell to transfer the copyrights to SCO, requests that
Novell has rejected.
Novell's claim notwithstanding, SCO has been quoted reiterating its claim to the Unix copyright (and threatening to sue Linus Torvalds for patent infringement as well). But SCO's annual report, as filed with the U.S. Securities and Exchange Commission, includes an interesting disclosure:
The Company has an arrangement with Novell, Inc. ("Novell") in
which it acts as an administrative agent in the collection of
royalties for customers who deploy SVRx technology. Under the
agency agreement, the Company collects all customer payments and
remits 95 percent of the collected funds to Novell and retains 5
percent as an administrative fee.
SCO, it would seem, is not the copyright owner; it is simply the paperwork shuffler, working for a 5% cut. That is not quite the picture that the company has been trying to present. Whether this turn of events weakens SCO's case against IBM remains to be seen. SCO rushed out a response stating that it doesn't matter:
SCO's lawsuit against IBM does not involve patents or copyrights.
SCO's complaint specifically alleges breach of contract, and SCO
intends to protect and enforce all of the contracts that the
company has with more than 6,000 licensees.
In fact, the original complaint does talk mostly about trade secrets and breach of contract. It does also, however, assert (once again) ownership of Unix and claim that IBM's actions have caused a reduction in the value of its Unix assets. Novell's claim challenges SCO's standing in the case; it may also be used by IBM's lawyers to question SCO's truthfulness and good faith in general. Regardless of how the IBM suit goes, however, it now seems clearer than ever that the 1500 or so recipients of SCO's "Letter to Linux customers" can simply file that letter next to their AOL disks. SCO's case is not about patents or copyrights; the company has no standing to go after random Linux users. This letter was pure FUD and possibly libelous. Novell does not stop with its copyright assertion. The company's press release challenges SCO to produce its evidence, and hints at legal moves to come:
SCO's actions are disrupting business relations that might
otherwise form at a critical time among partners around Linux
technologies, and are depriving these partners of important
economic opportunities. We hope you understand the potential
significant legal liability SCO faces for the possible harm it is
causing to countless customers, developers, and other Linux
community members.
It is also interesting to note that LinuxTag's lawyers have given notice to SCO Group GmbH that SCO must cease its "unfair competitive practices" as embodied in its attacks against Linux. If SCO can't produce some convincing evidence for its claims soon, it may well find itself dealing with lawsuits from the other side of the courtroom.
Open source content management systems roundup[This article was contributed by Joe 'Zonker' Brockmeier] The third Open Source Content Management (OSCOM) Conference this week has all eyes on Open Source Content Management Systems (CMS). Well, maybe not all eyes, but Open Source CMS are certainly getting quite a bit of attention this week. There are far, far too many Open Source CMS projects under development to touch on all of them here, so consider this an overview of some of the more popular, interesting and/or capable CMS projects being used today. Note that this includes actual CMS systems, not Content Management Framework (CMF) projects like Midgard, Mason or Zope, which typically require significant assembly work before they can be deployed for any particular application. Almost all Open Source CMS projects support features like RSS feeds, threaded comments, user authentication, templates, integrated search engines or support for external engines, version control, in-browser editing, scheduled publishing, support for multiple languages and so on. Perhaps the most important feature for most developers is which language the project is written in, and how easily extensible it is. Slashcode, more frequently referred to as just Slash, is arguably the best-known CMS out there. Slash is pretty much aimed at news/Weblog-type sites, so it may not be best for general purpose sites. Slashcode is written in Perl, uses a MySQL backend and is available under the GNU General Public License (GPL). Slashcode is owned by OSDN. In a similar vein, there's Scoop, the code that powers kuro5hin and a slew of other news sites and weblogs. Like Slashcode, Scoop is written in Perl with a MySQL backend and is available under the GPL. If you're looking to run a news site or Weblog, but prefer PHP to Perl, there's PHP-Nuke, PostNuke and PHPSlash. For more of a "professional" approach to running a news site, there's Cofax. Cofax ("Content Object Factory") was mostly developed by staff at KnightRidder.com and Philly.com with participation from other Knight Ridder newspapers. Cofax is designed to help simplify the presentation of newspaper content on a Website, and to speed up real-time Web publication. One example of Cofax in action is the Silicon Valley site; it is also used to power more than 30 Knight Ridder newspaper sites. The Cofax CMS is written in Java, uses MySQL or Microsoft SQL Server for data storage, and is licensed under the GNU Lesser General Public License. The instructions on the Cofax site are Windows-specific, but it has also been tested under Sun OS 5.8, and could probably be coaxed to work on a Linux server as well. There are a number of CMS projects for more general sites. Though Red Hat is best known for its Linux distribution, it also offers an Enterprise Content Management System. Red Hat's CMS is written in Java, requires PostgreSQL or Oracle and a J2EE servlet container and is supported on Red Hat, Solaris, Windows, AIX or HP-UX. Unlike most of Red Hat's offerings, the Red Hat CMS is available under the IBM Public License rather than the GPL. Another all-purpose CMS is OpenACS. OpenACS is a little different, in that it is written in Tcl rather than Perl, Java or PHP. OpenACS has a number of applications such as bug trackers, chat, e-commerce features and much more. The OpenACS code is distributed under the terms of the GPL, and requires AOLserver and an Oracle or PostgreSQL backend. The Creative Commons site is just one example of a site powered by OpenACS. Where would we be without Wiki-type sites? There are a number of Wiki-inspired packages out there, but tikiwiki may be the most full-featured. Tiki is PHP-based and offers LDAP authentication, webmail, tasks and notepad features, image galleries, games and a slew of other features not normally found in Wiki implementations. If you'd like to get a feel for Tiki, check out the demo site. Bricolage is another general purpose content management and publishing system. Bricolage is written in Perl and uses PostgreSQL to store content. Macworld recently announced that it is using Bricolage to power its site. If you'd like to run Bricolage you'll need Apache with mod_perl and Mason. Bricolage is published under a BSD-style license. The WebGUI folks call their solution a "application framework" rather than a CMS, but it does the job just as well. WebGUI is written in Perl and can use MySQL or PostgreSQL as a data store. It will run on Linux, Solaris, FreeBSD, and Windows with Apache or IIS. The Law Society of Western Australia is using WebGUI for their site. WebGUI is available under the GPL and is developed by Plain Black Software. OpenCms, is pretty flexible in that it will run on LAMP platforms with Tomcat or on Windows platforms with Oracle and BEA Weblogic. OpenCms is used on a number of sites, including the Tribeca Film Festival site. OpenCms offers a WYSIWYG editor through a Web browser, but only for folks using Internet Explorer. Development for OpenCms is coordinated by Alkacon Software. This is, of course, just the tip of the iceberg. There are quite a few other Open Source CMS projects out there, curious readers can start with the OSCOM Matrix of CMS projects. Finally, OpensourceCMS is another site worth visiting if you're shopping for an Open Source CMS. Especially if you're looking to test-drive Open Souce CMS packages before actually messing with installation. The nice thing about Open Source is that you can always "try before you buy" but the installation process for many CMS packages can be a bit painful, or at least very time-consuming. OpensourceCMS does not have every CMS project available, but they have a pretty good list of demos you can try out.
Security Brief items Where are the kernel updates?On April 5, Florian Weimer sent a note to the linux-kernel mailing list describing a hashing vulnerability in the 2.4 kernel. His assessment:
It is possible to freeze machines with 1 GB of RAM and more with a
stream of 400 packets per second with carefully chosen source
addresses. Not good.
This problem was also described on this page last week. We are, in other words, going on two months since this vulnerability was publicly disclosed. A quick look at the LWN Vulnerability Database entry for this problem, however, shows that only two distributors (EnGarde and Red Hat) have updated their kernels to close this hole. So all of the other distributors, many of which have a very good history of quick response to security problems, are leaving their users exposed on this one. This vulnerability may seem less urgent because it cannot be used to gain root access to a target machine. It can, however, be used to take a system off the net. It allows a remote attacker to obtain the results of a distributed denial of service attack without that attacker having to arrange the "distributed" part. It is a serious problem which will certainly be exploited, with unpleasant results. The distributors owe their users a fix.
New vulnerabilities Apache 2 - denial of service
CUPS: vulnerability in the CUPS IPP implementation
Nessus NASL scripting engine security issues
Updated vulnerabilities bind buffer overflow vulnerability in DNS resolver libraries
BitchX - denial of service
Bugzilla: several vulnerabilities.
Canna server: exploitable buffer overrun
cdrecord: format string vulnerability
dvips: command execution vulnerability
epic4: buffer overflows and arbitrary code execution
ethereal - format string vulnerability
Filename disclosure vulnerability in fam
fetchmail: buffer overflow
file - memory allocation problem, stack overflow
Potential remote root exploit in glibc
glibc: DNS stub resolvers contain buffer overflow vulnerability
glibc: integer overflow in the xdrmem_getbytes() function
gnupg: key validation
gtkhtml: malformed messages cause crash
IMP - SQL injection vulnerability
kde: arbitrary code execution
kerberos - cryptographic weakness
kernel - ptrace-related vulnerability
kernel 2.4 - two new vulnerabilities
kernel-utils: setuid vulnerability
kopete: vulnerabiliy in GnuPG plugin
libpng, libpng3: buffer overflow
LPRng: insecure temporary file
lprold - buffer overflow in lprm
lv: privilege escalation
lynx: CRLF injection vulnerability
perl-MailTools: remote command execution
nethack: buffer overflow
NetPBM: math overflow errors
netscape-flash: buffer overflow
net-snmp: denial of service vulnerability
openssh: timing attack leads to information disclosure
openssl: local and remote extraction of RSA private key
pam_xauth: root exploit
PHP: vulnerability in mail function
PostgreSQL - more buffer overflows
PoPTop: remotely exploitable buffer overflow
Local arbitrary code execution vulnerability in Python
Multiple-use vulnerability in Safe.pm
sendmail: insecure temporary files
squirrelmail: more cross-site scripting vulnerabilities
File overwrite vulnerability in tar and unzip
TCP/IP: inconsistent flag handling
Multiple vendor telnetd vulnerability
typespeed: buffer overflow
vim - modeline vulnerability
vixie-cron: Local vulnerability
wget:directory traversal bug
Wwwoffle remote privilege escalation vulnerability
xinetd: Memory leak in xinetd 2.3.10
Resources Linux Advisory WatchThe May 23 Linux Advisory Watch newsletter from LinuxSecurity.com is available.
Page editor: Jonathan Corbet Kernel development Brief items Kernel release statusThe current development kernel is 2.5.70, which was released, at long last, on May 26. This massive patch includes the beginning of Alexander Viro's character device rework for a larger dev_t type (see below), some NFS fixes, sysfs support for network devices, an XFS update, some scheduler fixes, a change to the request_module() prototype, some framebuffer fixes, more annotations of user-space pointers and makefile support for Linus's kernel source analyzer, 48-bit IDE addressing support, a (hopefully) working IDE tagged command queueing implementation, the BIO "walking" and splitting APIs, more devfs cleanups (devfs_register() is gone), the USB "gadget" subsystem, a wireless networking update (and quite a bit of networking work in general), dynamic block I/O request allocation, a fair amount of SCSI cleanup work, a generic x86 subarchitecture, a number of TTY layer cleanups, a USB update, several architecture updates, and a vast number of other fixes. See the announcement from Linus for the details, or long-format changlog for lots of really gory details.As of this writing, Linus's BitKeeper repository contains a FAT filesystem rework (if you have been waiting to be able to create FAT partitions greater than 128GB, this patch is for you), a v850 subarchitecture merge, a RAID update, the removal of the long-deprecated callout TTY device (/dev/cua) support, and several other fixes and updates. Andrew Morton's -mm tree is currently even more interesting than usual in that it contains a major rework of the ext3 filesystem and generic journaling code. ext3 now uses fine-grained locking - the big kernel lock is no longer used there. "These are major changes to a major filesystem. I would ask that interested parties now subject these patches to stresstesting and to performance testing. The performance gains on SMP will be significant." For those who are curious about the source checking program that Linus has been working on, a preliminary version is now available via BitKeeper. "It's unfinished enough that I'm a bit embarrassed about some of it, but I've gotten the permission from Transmeta to make it open source." The current stable kernel is 2.4.20, though 2.4.21 may be out by the time you read this. As of this writing, the fifth 2.4.21 release candidate is available with a small set of fixes. This release has an issue with pauses related to the block subsystem; a small patch exists (and is merged into 2.4.21-rc5-ac1) which fixes this problem.
Kernel development news Release management issuesIs the 2.5 kernel ready to move to the next stage? Linus, in the 2.5.70 announcement, talked about his plans to start the pre-2.6 series of releases. That remark drew a complaint: with all that remains broken in 2.5, how could any plan to create a pre-2.6 release be taken seriously? Linus is unsympathetic, however:
Would I prefer to have everything fixed by 2.6.0 (or even the
pre-2.6 kernels)? Sure, everybody would. But it's just a fact of
life that we won't see people who care about the issues before that
happens. In fact, judging by past performance, a lot of things
won't get fixed before the actual vendors have made _releases_ that
use 2.6.x ...
This issue comes up over and over again in free software development, of course. Truly getting the bugs fixed requires a very broad base of testers. But most of those testers will not show up until you present them with something billed as "stable" or close to it. Of course, there are dangers in presenting an "almost stable" release too soon; a kernel with too many problems could simply drive those testers away for a long time. The decision on when to jump into the pre-2.6 series will be a hard one. Quite a few kernel developers seem to think that the time has not yet come. Linus may be ready to make his move sooner rather than later, however. (It is worth noting, incidentally, that the various bureaucratic obstacles to having Andrew Morton work with Linus on the 2.6 release, and eventually take it over, appear to have been overcome. That bodes well for the whole process.) On the 2.4 front, the official 2.4.21 kernel may be out by the time you read this. No doubt many will be happy to see this long-delayed kernel; 2.4.20 was released on November 28 - a full six months ago. Even so, there are a few complaints, particularly about the omission of a new set of driver fixes. David Miller was one of a few who spoke out:
I really think 2.4.x development is becoming almost non-existent
lately... If Conectiva needs to task Marcelo to so much work that
he can only really put 1 or 2 days a week into 2.4.x, this needs be
rethought at either one end (Conectiva finding a way to give him
more 2.4.x time) or another (Marcelo splits up the work with
someone else or we simply find another 2.4.x maintainer).
A few developers seconded this complaint, with one or two, perhaps somewhat prematurely, throwing their hats into the ring to be Marcelo's replacement. Marcelo has responded by saying that things will change - 2.4.22 will come out much more quickly. He has also offered to pass on the 2.4.x responsibility should the community think he is not up to the job. There have not been a whole lot of complaints about the kernels that Marcelo has released, however; the only problem is the frequency with which they are produced. Nobody really wants to see him hand the job off to somebody else. But there will be a lot of eyes on the 2.4.22 release process.
How should interrupts be balanced?The programmable interrupt controller on modern (SMP) hardware can be set up to route different interrupts to different processors. When properly programmed, the APIC can help system performance by having each interrupt be handled by the processor which is best suited to the job. At the moment, however, there is not much agreement on how the kernel should be programming the APIC.The 2.5 kernel contains (for the x86 architecture, at least) an in-kernel interrupt balancing routine. It runs as a separate kernel thread ("kirqd") which wakes up every so often and tries to arrange things so that each processor handles approximately the same interrupt rate. If that can't be done (if, for example, most interrupts come from a single source), interrupts are slowly rotated between the processors. This approach works reasonably well much of the time, but it can fail badly for certain loads. In particular, the interrupt balancer has trouble with networking loads. The networking code goes out of its way to avoid hardware interrupts - when thousands of packets per second are passing through the system, you don't want the network interface bugging you for every one of them. So a great deal of kernel work may result from a single network interface interrupt. To a simple interrupt balancer, which tries to equalize interrupt counts across a system, a processor handling a heavy networking load may look relatively idle. That processor may find that it gets to deal with a SCSI interface as well, even though it is already overloaded. Even worse, a router could end up with multiple interfaces being handled by a single processor, which still looks lightly loaded. One can certainly imagine ways to tweak the in-kernel interrupt balancer to make it deal properly with the networking case. But many developers believe that IRQ balancing belongs in user space. A user-space solution can contain whatever complexity is needed to make the right sort of decisions; it also, of course, allows site administrators to set their own policies. A user-space interrupt balancing daemon exists now; it can be downloaded from Arjan van de Ven's web site. The current implementation is relatively simple, depending mostly on interrupt counts like the in-kernel balancer. It does, however, take pains to distribute interrupts from each type of device across processors. That technique will help network routers, since it will at least keep different interfaces on different processors. But the real point is that this policy can be enhanced and customized as needed. There is some disagreement about moving interrupt balancing to user space. According to some, only the kernel has the knowledge and the ability to react quickly enough to create optimal interrupt routings. But, chances are that user space will be the eventual home for this task. The real question may be whether the in-kernel interrupt balancer is removed before 2.6.0 comes out.
Another new character device infrastructureAlexander Viro is definitely back, and he has made good on his promises to rework the character device infrastructure to pave the way for the dev_t transition. A set of patches merged into 2.5.70 shows where things are headed.Character devices are now represented by their own structure:
struct cdev {
struct kobject kobj;
struct module *owner;
struct file_operations *ops;
struct list_head list;
};
It is expected that a cdev structure will be embedded within larger, subsystem-specific structures. An infrastructure has been set up which lets drivers register character devices with a CIDR-like scheme - any range of device numbers, starting with an arbitrary major and minor number, can be allocated, with more specific allocations overriding wider ranges. It is, in other words, the same scheme that was implemented some time ago for block devices (and which is described in this Driver Porting Series article). In this scheme, the classic register_chrdev() function is unchanged; it allocates a cdev structure and registers it with minor numbers 0-255. So unmodified char drivers will continue to work - and will not be presented with larger device numbers than before. It expected that, over time, drivers will move away from the register_chrdev() interface and toward working with cdev structures directly. We'll put out a detailed description of the new interface (as part of the Driver Porting series) once it has had a chance to stabilize a bit.
strlcpy()Years of buffer overflow problems have made it clear that the classic C string functions - strcpy() and friends - are unsafe. Functions like strncpy(), which take a length argument, have been presented as the safe alternatives. But strncpy() has always been poorly suited to the task; it wastes time by zero-filling the destination string, and, if the string to be copied must be truncated, the result is no longer NULL-terminated. A non-terminated string can lead to overflows and bugs in its own right. So Linus finally got fed up and put together a new copy_string() function which does what most strncpy() users really wanted in the first place.As is often the case with this sort of security-related improvement, OpenBSD got there first. In fact, back in 1996, the OpenBSD team came up with a new string API which avoids the problems of both strcpy() and strncpy(). The resulting functions, with names like strlcpy(), have been spreading beyond OpenBSD. The basic function is simple:
size_t strlcpy(char *dest, const char *src, size_t size);
The source string is copied to the destination and properly terminated; the return value is the length of the source. If that length is greater than the destination string, the caller knows that the string has been truncated. Linus agreed that following OpenBSD's lead was the right way forward, and strlcpy() is in his BitKeeper repository, waiting for 2.5.71. There has also been a flurry of activity to convert kernel code over to the new function. By the time 2.6.0 comes out, strncpy() may no longer have a place in the Linux kernel.
Patches and updates Kernel trees
Core kernel code
Development tools
Device drivers
Filesystems and block I/O
Memory management
Networking
Architecture-specific
Miscellaneous
Page editor: Jonathan Corbet Distributions News and Editorials SuSE Conquers Munich[This article was contributed by Ladislav Bodnar] According to this story in Heise Online (in German), the city of Munich is likely to vote this week in favor of migrating its 14,000 PC systems and notebooks and over 16,000 personnel from Windows NT to Linux. Assuming that the transition goes ahead and completes successfully, we will be seeing one of the most significant moments in the history of the Linux operating system. [Ed. update: the vote is in and Linux is in. See this note from SuSE for additional details.]It is not hard to elaborate on reasons for Munich's intention to move to Linux. The cost of Microsoft licenses, compared to Linux is often cited as a decisive factor, especially from the long term point of view, but the Munich city officials are adamant that cost is only one of the many factors. Flexibility of the open source software as well as the availability of local expertise are equally important. The article does not specifically mention any Linux distribution by name, but informed sources and common sense all point to the local Linux experts known as SuSE Linux, AG. SuSE's headquarters are in Nürnberg, only about one hour's drive north of Munich. The company offers a range of products from workstations to advanced servers, as well as specialist applications, such as mail servers. They also have a major sponsor and partner in IBM, which will no doubt throw its weight behind the deal. SuSE's Linux products have frequently received favorable coverage in the computing media, but the recently released version 8.2 has probably seen the largest number of compliments ever given to a Linux product. In its review entitled SuSE 8.2 approaches computing Nirvana, The Register writes: "It appears the company is serious about tempting a mixed-species shop of Linux servers and Windows desktops to harmonize in favor of Linux and thus save considerably on administration costs. Microsoft should worry about the strides SuSE is making in this area." This NewsForge review agrees: "I have been using SuSE Linux 8.2 Professional for two weeks now, and it is as close to Linux desktop perfection as I have found so far." Many users on various public forums have echoed the sentiment. One other product, which might come handy during the transition is SuSE Linux Office Desktop. Released in January this year and based on SuSE Linux 8.1, the Office Desktop was specifically designed to ease migration of Windows-based offices to Linux with a selection of useful applications. These include Acronis OS Selector for NTFS partition resizing, StarOffice 6.0, and most importantly, CrossOver Office and its ability to run Microsoft Office 97/2000 applications. This will be especially important to those environments that make extensive use of VBA macros in their office documents. SuSE's Office Desktop has been reviewed by Extreme Tech and MadPenguin. On the server side of things, the Oracle9i compatible SuSE Linux Enterprise Server 8 (available for i386, AMD64 and Itanium2 processors) and SuSE Linux Openexchange Server 4 are two main enterprise class products from the company. They complement the usual array of support, consultation and certification services, as well as routine security advisory and product update services. Will the transition be successful? The road will be full of bumps and pot holes, and some users will no doubt resist the change. But SuSE and IBM will make sure that the process is as painless as possible. This will be a valuable experience that will pave a much smoother way for further transitions in other German government and academic institutions. Before we know it, a tidal wave of defections to Linux will be on the way in many parts of the world. Our warm congratulations to Germany's third largest city for being brave enough to resist Microsoft's earlier cajoling and go where no one has ventured before. Munich is once again making history...
Distribution News Debian GNU/LinuxThe Debian Weekly News for May 27, 2003 is available, with a look at GNOME 2.3.2 which is now available for testing; a donations wishlist; a proposal to remove Mosix; more MIME improvements to the BTS; and much more.Anand Kumria reports on some new mailing lists and new documentaion. Bill Allombert reports on changes to the Debian menu system. Many bugs have been fixed, i18n support is underway, new features have been added, and much more.
Gentoo Weekly Newsletter -- Volume 2, Issue 21The Gentoo Weekly Newsletter for the week of May 26th, 2003 is out. This week the newsletter looks at hardware failures on the Oregon State mirror, Gentoo Linux is seeking developers for the GNOME team, and Gentoo Linux in the news.
Mandrake LinuxMandrake Linux 9.1 shipped with Mozilla 1.3. Now Mozilla 1.3.1 is available, fixing a number of bugs and added some missing locals.The lsb packages provided with Mandrake Linux 9.1 were missing the /lib/lsb/init-functions script required by LSB-aware applications. This update provides the missing file.
Slackware LinuxSlackware Linux has several security fixes noted in the stable changelog, and even more changes in the current changelog. Slackware current has a new GCC 3.2.3, KDE 3.1.2, GNU Emacs 21.3, and other fixes and upgrades.
Setting up SuSE for wireless networking (NewsForge)Here's a NewsForge article on setting up SuSE Linux 8.2 for wireless networking. "I was excited to set up my brand-spanking-new copy of SuSE Linux Professional 8.2 on a machine I'm planning to use for testing and review. Everything went smoothly except for installation of the Orinoco Silver PC Card network adapter. Several hours and unsuccessful tacks later, I can claim victory, and maybe save you time if you tackle the same task."
New Distributions Compledge SentinelCompledge Sentinel is a Linux distribution designed for monitoring, auditing and intrusion detection. - a complete solution to solve as many monitoring needs and aspects as possible. A wide variety of open source software is included, such as: Nagios, Nagat, Nessus, Snort, ACID, openMosix, Apache /w OpenSSL, PHP and MySQL. The whole package is distributed on one CD, ready to install on any x86-based computer. Version RC2.1 was released May 22, 2003.
Pingwinek GNU/LinuxPingwinek GNU/Linux is a Linux distribution made in Poland. The main desktop is GNOME 2.2. It supports only Polish and English languages. Version 0.23 was released May 22, 2003.
Minor distribution updates AbulEduAbulEdu has released stable v1.0.7-II with major feature enhancements. "Changes: This release includes OpenOffice 1.0.3 fr, Mozilla 1.2 fr, Ted 2.13, and Gimp 1.2.3. Booting for X-terminals is now very fast. Lots of abuledu-soft updates were made. Applications from LeTerrier were added. Samba 2.2.8a is used in order to support WinXP-Pro. Lots of new applications were added."
Caixa MágicaCaixa Mágica has released v8.01 with several bug fixes and improvements.
DietLinuxDietLinux has released v0.1.1 with minor feature enhancements. "Changes: This release features an integrated process for burning a bootable Dietlinux CDROM."
Mindi LinuxMindi Linux has released v0.85 with code cleanup. "Changes: The failsafe kernel and its modules have been moved to mindi-kernel, an auxiliary package. Mandrake 9.1 is now supported. Support for Debian has been improved."
Phayoune Secure LinuxPhayoune Secure Linux has released v0.3.6 with minor feature enhancements. "Changes: This version updates iptables-1.2.8 and squid-2.5-stable2. The user can choose to use proxy transaparent features with the hard disk (storing cache to save bandwidth) or without the hard disk (filtering URLs for virii without storing cache). It now includes easy installation scripts which allow the user to run the firewall after answering a few questions. It also stores its configuration on a floppy disk."
RedHawk Linux Real-Time Operating SystemConcurrent Computer Corporation has announced the release RedHawk Linux real-time operating system, version 1.3.
Rock LinuxRock Linux has announced v2.0.0-beta3 of dRock (desktop Rock Linux), with minor feature enhancements. "Changes: This release fixes the next bunch of broken packages, fixes a kernel .config generation bug, includes many package updates (including KDE-3.1.2), and adds some new packages. Each included window manager now registers itself for proper gdm/kdm support. Some of the init scripts were improved, and some initial support for gcc-3.3 was implemented." The main Rock Linux branch has also released v2.0.0-beta3.
ThinStationThinStation has released v0.92.cr1 with major feature enhancements. "Changes: This release adds samba-server and samba-client packages, a patch to allow the X server to be started with an XDMCP indirect query, the ability to get thinstation-HOSTNAME.conf as a config file, used in conjunction with thinstation.hosts to simplify custom hosts configuration, the ability to select which nsp-package to build directly inside build.conf, and an lpr package which can be used with samba for printing locally. UPX is now used to compact all executables, to reduce the overall footprint."
uClinuxuClinux has released 20030522 with minor feature enhancements. "Changes: This release adds quite a few new board targets, the Motorola M5282EVB, Hitachi/EDOSK2674, Triscend A7DB and DevA7, and more."
Page editor: Rebecca Sobol Development ZWarehouse Shopping CartZWarehouse shopping cart is an online e-commerce system that has been built on the Zope web development platform, the MySQL database, and the Python language. It has been developed by an organization called the Halogen Group.
Some of the ZWarehouse features include:
Version 0.6 Alpha 1 of ZWarehouse shopping cart was recently announced on the Zope Members News. "Among other e-commerce solutions, ZWarehouse has a optimal set of features - allowing Your business to grow without a worry. Zope scalability and perfomance, open-source platform, well-documented interfaces for extensions and several years experience of development team gives You a chance to concentrate on sales and marketing policy." A more detailed list of changes is also available for this version. ZWarehouse shopping cart includes a RedHat Toaster page which offers the installer step-by-step installation procedures for RedHat versions 8 and 9.
System Applications Audio Projects OggCarton Home Jukebox goes beta (SourceForge)There's an announcement on SourceForge for the OggCarton project. "OggCarton is a cross-platform CD ripper, database, and web server for Ogg and MP3 files. OggCarton needs no external database or web server. With this release, the OggCarton Home Jukebox software moves from the alpha to the beta stage. Accordingly, binaries and installers for Linux, Mac OS X, and Windows are now available for those who prefer to not roll their own. Full source is still available for those who do. Enjoy!"
Database Software PostgreSQL Weekly News - May 21st 2003Here's the latest PostgreSQL Weekly News. This week's big news is the release of 7.3.3.
PostgreSQL v7.3.3 availableVersion 7.3.3 of the PostgreSQL database is available. "It has been almost three(3) months now since the last release on the v7.3 branch, and there have been several fixes back patched, suitable for production release."
Practical database design, Part 1 (IBM developerWorks)Philipp K. Janert explains database design on IBM's developerWorks. "What are the best choices when designing the schema for a relational database? What is the rationale in deciding in favor of one and against some other alternative? Given the amount of vendor-specific recommendations, it is all too easy to overlook basic relational database fundamentals. In this first of two parts, author Philipp K. Janert talks about simple and complex datatypes, and about primary and foreign keys -- the plumbing that holds the entire database together."
Electronics New gEDA softwareThe latest new software releases from the gEDA (GPL Electronic Design Automation) site include new versions of the Icarus Verilog compiler and gaf (Gschem and Friends).
Xcircuit version 3.1.15 availableDevelopment continues on xcircuit, an electronic schematic drawing program. Version 3.1.15 is available. Change information is in the source code.
Mail Software Command-Line Email (O'Reilly)Robert Bernier discusses some email foundations on O'Reilly. "The mid-1990's was a time of evolution. The ordinary person discovered the Internet and the Internet discovered a new purpose. The first RFCs (Requests For Comments) were coming out, describing a standard for email transmissions of images, sounds, and binaries that would overcome the 7-bit ASCII limitations that had been adopted all those years before. MIME or Multipurpose Internet Mail Extensions, was a new standard meant to succeed the patchwork of binary-to-ASCII solutions."
Printing Common UNIX Printing System 1.1.19Version 1.1.19 of CUPS, the Common UNIX Printing System 1.1.19, has been announced. "CUPS 1.1.19 fixes a denial-of-service attack vulnerability and adds support for fast reconfiguration, option retension and defaulting when adding and modifying printers, binary PostScript printing, fax device features, custom web applications via CGI, PHP, Java, and Python, and simple scripting support for Java, Perl, and PHP. The new release also contains bug fixes including the LPD printing and Solaris signal handling bugs."
LinuxPrinting.org newsThis week's changes on LinuxPrinting.org include new printer database entries for the the HP DeskJet 450, HP 2500C, 2500CM, and DesignJet ColorPro CAD printers.
Web Site Development Testing mod_perl 2.0 (O'Reilly)Geoffrey Young talks about testing mod_perl 2.0 on O'Reilly. "Writing a series of tests that executes against a live Apache server has become much simpler since the advent of Apache-Test. Although Apache-Test, as part of the Apache HTTP Test Project, is generic enough to be used with virtually any version of Apache (with or without mod_perl enabled), it comes bundled with mod_perl 2.0, making it the tool of choice for writing tests for your mod_perl 2.0 modules. "
WebGUI 5.3 (SourceForge)Version 5.3 of WebGUI, a perl-based content management system, has been released. "WebGUI 5.3 is here and packed with new goodies. It includes a new theme management system that will easily enable you to transport your designs and templates from one site to another with the click of a mouse. 5.3 also includes a new Data Form wobject that allows content managers to build simple data entry applications on the fly. The default rich editor has been upgraded to include direct integration with the collateral manager, spell checking, and emoticons. There is also a brand new trash and clipboard management system which makes it even easier to move your content around. Among dozens of other features there are also over 10 new macros to make your content mangement experience faster and easier."
ZOPE RPMs Announced (ZopeMembers)Zope has been packaged in RPM and deb format packages. The Redhat 7.3, 8.0, 9, SuSE 8.0, 8.1, 8.2, and Debian/woody platforms are supported.
ZopeTestCase 0.7.0 Released (ZopeMembers)Zope Members News has an announcement for version 0.7.0 of ZopeTestCase. "ZopeTestCase is a unit testing framework and TestCase for Zope testing. It is built on PyUnit and the Testing package coming with Zope. Version 0.7.0 includes two bugfixes, a refactored fixture implementation, and better interfaces."
Desktop Applications Audio Applications Hydrogen 0.8.0 releasedVersion 0.80 of Hydrogen, a Gnu/Linux drum machine, has been released with numerous improvements and bug fixes.
Tkeca 1.4.0 Released!Version 1.4.0 of Tkeca, a GUI front-end for the Ecasound audio utility, is available and features a number of new capabilities.
Desktop Environments GNOME Development Series Desktop 2.3.2 (GnomeDesktop)Gnomedesktop.org has an announcement for version 2.3.2 of the GNOME Development Series Desktop. "This release is an UNSTABLE development series snapshot. It is intended for testing and hacking purposes ONLY. Like the Linux kernel, GNOME uses odd minor version numbers to indicate development status, so this 2.3.x series will eventually become the official 2.4 release." See the GNOME 2.3.2 Changelog for more details.
KDE-CVS-DigestThe May 23, 2003 edition of the KDE-CVS-Digest is out: "Menu usability gets improved. KDE Print gets printer capability access and quite a few bug fixes. Kate now has command line access to variables, similar to Vim commands or Emacs local variables. Plus numerous fixes to keyboard handling, KSpread and Konqueror. All this and more in the latest KDE-CVS-Digest."
KDE Traffic #52Issue #52 of KDE Traffic is out. Topics include: KDE 3.1.2, KSSL based S/MIME plugin available, Change file permissions using octal numbers, and KDE CVS Commit Policy.
Financial Applications Release of GnuCash stable version 1.8.4Version 1.84 of the GnuCash stable series has been released with a long list of additions and fixes.
GUI Packages FLTK 1.1.4rc1 Now Available for TestingVersion 1.1.4rc1 of FLTK, the Fast, Light ToolKit is available. "The FLTK 1.1.4 release is primarily a bug-fix release including fixes to FLUID and the Fl_File_Chooser, Fl_Help_View, Fl_Text_Display, and Fl_Text_Editor widgets. The new release also adds a find method to Fl_Help_View."
Interoperability Wine TrafficIssue #171 of Wine Traffic is online. Topics include: TransGaming Product Update, CrossOver Office Review Wine Tech Meeting, Bugzilla Upgraded, Making Mono's Winforms Work, and More BiDi Work?
Office Applications AbiWord Weekly NewsIssue #145 of the AbiWord Weekly News is out. Here's the summary: "Quite a bit of bug squishing, some noteworthy work on Windows and Footnotes and Endnotes exporting to the HTML format await you. Some HIGrrrification? work was done, but no one sent me pretty screen shots :*( Well, maybe next week!"
Evolution 1.4 Release Candidate 1 has been liberated. (GnomeDesktop)GnomeDesktop.org reports on the release of the Evolution 1.3.92 personal and workgroup information management application. See the release notes for change information.
GNUe TrafficIssue #82 of GNUe Traffic has been published. Take a look for the latest GNU Enterprise news.
OpenOffice.org 1.1 Beta 2 releasedVersion 1.1 Beta2 of the OpenOffice.org office suite has been released. "Openoffice.org 1.1 Beta2 represents a significant advance in the application and incorporates the features and changes introduced in the developer builds over the past year. The release includes a massive amount of new and exciting functionality, features and bugfixes compared to the OpenOffice.org 1.0.x releases".
Web Browsers Jazilla Milestone 1 Released (MozillaZine)According to MozillaZine, the Jazilla project has announced the release of its first milestone. "The Jazilla project aims to rewrite Mozilla in Java. It started shortly after the release of the Netscape Communicator 5.0 source code in 1998 but development petered out in 2000. It was revived by Mathew McBride last year has been completely rewritten to follow a more Mozilla-like architecture (Jazilla Classic was closer to the old Netscape Communicator)."
Tree Branches for Mozilla 1.4 (MozillaZine)MozillaZine has an announcement for a Mozilla 1.4 branch. "Checkins to this branch require approval from drivers@mozilla.org. Meanwhile, the trunk has been reopened for 1.5 Alpha development. See tinderbox for the latest tree status."
Mozilla Status UpdateThe May 23, 2003 Mozilla Status Update is out. Topics include: Mozilla Thunderbird, ChatZilla 0.8.31, Documentation, Bookmarks, Junk Mail Controls, View Source, and Tree Status.
Miscellaneous Krusader Project Needs DevelopersAccording to KDE.News, the Krusader project needs more developers. "Krusader is a twin-panel file manager for KDE, patterned after old-school managers like Midnight Commander and Norton Commander. It features basically all your file-management needs, plus extensive archive handling, mounted filesystems support, ftp and much much more. So far, the project has been developed by two developers, whose time is now not enough to continue the rapid pace of development. If you're a developer and you're interested in Krusader, we need your help!"
Languages and Tools C Input Validation in C and C++ (O'ReillyNet)O'Reilly has published an excerpt from the book Secure Programming Cookbook for C and C++. "Eavesdropping attacks are often easy to launch, but most people don't worry about them in their applications. Instead, they tend to worry about what malicious things can be done to the machine on which the application is running. Most people are far more worried about active attacks than they are about passive attacks."
Caml Caml Weekly NewsThe May 20-27, 2003 Caml Weekly News is out. Topics include: Theorem proving example code available, Data structures, and Generating a call-graph.
Java Java theory and practice: Hashing it out (IBM developerWorks)Brian Goetz writes about Java hashing techniques on IBM's developerWorks. "Every Java object has a hashCode() and an equals() method. Many classes override the default implementations of these methods to provide a higher degree of semantic comparability between object instances. In this installment of Java theory and practice, Java developer Brian Goetz shows you the rules and guidelines you should follow when creating Java classes in order to define hashCode() and equals() effectively and appropriately."
Lisp SBCL 0.8.0 releasedVersion 0.8.0 of SBCL is available. "This is a major release with many changes, including support for native threads (on x86 Linux with kernel 2.4 or later), the ability of building SBCL using CLISP as a cross-compilation host, implementations of the MD5 algorithm and the simple-streams interface, and a merge of PCL classes with Common Lisp classes. This version also features better ANSI compliance, an interface to the CLOS MetaObject Protocol, improvements to debugging tools, and more."
Perl This Week on perl5-porters (use Perl)The May 19-25, 2003 edition of This Week on perl5-porters is online. "Perhaps a bit late, but ready at least, here is your latest P5P summary, full of last week's selected threads. Read about I/O problems and other language issues."
This week on Perl 6 (O'Reilly)The May 18, 2003 edition of This week on Perl 6 is out with the latest Perl 6 news.
PHP PHP Weekly SummaryTopics on this week's PHP Weekly Summary include: 4.3.2 RC 4, fd/stdio patch, renaming stream functions, PHP 5 speedups, include_once, require_once, and Apache 2 PATH_TRANSLATED.
PHP 4.3.2RC4 ReleasedVersion 4.3.2RC4 of PHP has been released. "This is the fourth and final release candidate and should have no critical problems/bugs. Nevertheless, please download and test it as much as possible on real-life applications to uncover any remaining issues."
Python Python 2.2.3 rc 1 (SourceForge)SourceForge mentions the availability of the first release candidate for Python 2.2.3. "We expect Python 2.2.3 final to be released within a week of this announcement."
Dr. Dobb's Python-URL!The May 26, 2003 Dr. Dobb's Python-URL! is out with the week's Python news.
Python-dev SummaryThe Python-dev Summary for the first half of May is now available. It looks at programmer control over dictionary sparseness, default values in classes using slots, a Timbot sighting, and more.
Daily Python-URLTake a look at the Daily Python-URL for a long list of Python-related articles.
Writing good exceptions (IBM developerWorks)Cameron Laird writes about Python exception handling code on IBM's developerWorks. "A refined exception system is one of the most distinctive advantages modern programming languages offer. Many experienced programmers still don't know, though, how to use exceptions well. Or, perhaps more precisely, they don't use them the way I think best. One consequence, among others, is to damage the security of their systems. So, let's see what we can improve."
Ruby Ruby-GNOME2 0.5.0 Released! (GnomeDesktop)GnomeDesktop.org reports on a new release of Ruby-GNOME2, the Ruby language bindings to GNOME 2. "Not much has changed, mostly bugs being fixed and some new classes and methods have been added. The Ruby/GtkSourceView project has been started, allowing use of the GtkSourceView widget from your Ruby programs."
Tcl/Tk Tcl/Tk 8.4.3 release (SourceForge)Version 8.4.3 of Tcl/Tk has been announced. A long list of bugs have been fixed, testers are needed.
Dr. Dobb's Tcl-URL!The May 26, 2003 Dr. Dobb's Tcl-URL! has been published. Take a look for the latest Tcl/Tk news.
XML DocBook XSL Stylesheets V1.61.2 released (SourceForge)A new version of DocBook XSL Stylesheets is available with the following explanation: "Major bug fix for 1.61.1 and accumulated enhancements and fixes from previous releases."
XML Data Management: Information modeling with XML (IBM developerWorks)IBM's developerWorks has published an excerpt from the book XML Data Management. "As long as XML was used as a container for data managed by legacy systems, it was sufficient to consider only syntax when building documents. Now that XML is being used to do more than simply express data, it is important to consider grammar and style as well. Obviously, proper syntax is necessary for parsers to be able to accept XML documents at all. Good grammar insures that once XML information has been assimilated, it can be effectively interpreted without an inordinate need for specific (and redundant) domain knowledge on the part of application programs. Good style insures good application performance, especially when it comes to storing, retrieving, and managing information."
XHTML is the Most Important XML Vocabulary (O'Reilly)Kendall Grant Clark talks about the latest XHTML 2.0 draft. "Taking the long view of recent technology, XHTML may be the most important XML vocabulary ever created. What I mean is not that XHTML will be the most widely deployed XML vocabulary, though if we take the long view, it could be. What I mean is that XHTML puts XML's reputation -- and, by extension, the W3C's reputation -- on the line to a greater degree than any other XML vocabulary."
Profilers OProfile 0.5.3 has been releasedVersion 0.5.3 of the OProfile code profiler has been released. This version includes a number of bug fixes and some new features.
Miscellaneous SCons 0.14 released (SourceForge)Version 0.14 alpha of SCons has been announced. "SCons is a software construction tool (build tool, or substitute for Make) implemented in Python, based on the winning design in the Software Carpentry build tool competition (in turn based on the Cons build tool). This release most notably adds support for Java builds (javac, javah, rmic and jar), and adds integrated Autoconf-like functionality for finding #include files and libraries. This release also contains significant performance improvements from previous releases."
Page editor: Forrest Cook Linux in the news Recommended Reading Meet Linux's New Public Enemy No. 1 (ZDNet)ZDNet is carrying an interview with Darl McBride, CEO of SCO Group, in which McBride comments: "IBM took the same team that had been working on a Unix code project with us and moved them over to work on Linux code. If you look at the code we believe has been copied in, it's not just a line or two, it's an entire section -- and in some cases, an entire program."
Major Internet Standards Group Working On Fast Plan To Can Spam (TechWeb)TechWeb covers the efforts of the Anti-Spam Research Group, an affiliate of the Internet Engineering Task Force. "The ASRG expects quick results, with initial technologies that will take a big bite out of spam being deployed within months, and other key technologies being deployed in one to two years."
Commentary: IBM will nullify SCO's Linux threat (News.com)Forrester Research predicts that IBM will build a consortium to pay off SCO--or buy it outright, according to this News.com article. "Enterprises should not stop their Linux plans. Why not? Three reasons based on a risk/benefit analysis. First, the cost-benefit of migrating high-priced Unix on RISC servers to low-cost Linux on Intel servers is highly positive. Second, the risk that tiny SCO can muster the resources to effectively litigate against even one or two of the 1,500 companies it has threatened is low. And three, IBM will further dilute that risk by intervening to eliminate the threat of legal action."
Novell challenges SCO's Unix claims (CBS MarketWatch)CBS MarketWatch reports on Novell's challenge to SCO, and quotes SCO CEO Darl McBride as asserting that SCO owns the Unix copyrights. "McBride added that unless more companies start licensing SCO's property, he may also sue Linus Torvalds, who is credited with inventing the Linux operating system, for patent infringement."
Companies Dell may join HP in Linux laptop drive (News.com)CNet covers the overwhelming demand for Linux laptops in Thailand. "HP is producing the low-cost "people's notebook," which is loaded with Linux TLE, the Thai-language version of the Linux operating system, to support a Thai government drive to increase computer ownership, reported the Post earlier this month."
CIO Update: What You Should Know About IBM's Linux Strategy (ZDNet)ZDNet has the latest Gartner Group pronouncement on IBM's Linux strategy, complete with lots of pretty diagrams and the "Midrange Server Magic Quadrant." "Gartner estimates that IBM can trace to Linux about $1.2 billion in revenue in 2002 (hardware, software and services), and we project strong overall revenue and profit for IBM from Linux during the next five years."
EU institutions test alternative to Microsoft (EUobserver)The EUobserver reports that the EU signed a contract with Microsoft after testing Linux. "While IT-experts recommended the Linux system and said it was as good as Microsoft, the institutions decided to sign a new deal with Microsoft, sources inside the institutions told the EUobserver."
SCO quits German Linux group (ComputerWorld)ComputerWorld reports that SCO Group resigned its membership in a German Linux association. "SCO today said it resigned from LIVE Linux-Verband eV, a Dusseldorf-based association that promotes the interests of Linux users and software developers in Germany, after the group notified the company in a recent letter that it might revoke the membership of SCO's German subsidiary, SCO Group GmbH." (Thanks to dododge)
More articles about SCO (Telepolis and TechWeb)It seems about every online tech site is running multiple articles about SCO, even though there's really nothing new to report. Here are just a couple more:TechWeb picks up a CRN interview with Linus Torvalds "In an e-mail response to CRN, Torvalds, widely considered the father of Linux, said he is awaiting judgment until SCO identifies the Unix code IBM allegedly misappropriated and handed over to the open-source community." Telepolis has this article (in German). "The further development of Linux will most probably be rather untouched by this. Of course, some important developments of the last years have been founded by companies like IBM or SGI. But, if many companies go out of Linux business, this would just be the end of another hype, similiar to the dotcom bubble. Regardless of the law suit's results, it will in no way mean the end of Linux or even just a noteworthy obstacle." (Thanks to Dirk Hillbrecht for the link and the translation.)
Legal ESR: You can help stop the SCO-vs.-IBM lawsuitEric S. Raymond is looking for people who have had read access to proprietary Unix source code without a non-disclosure agreement as part of an effort to fight SCO's lawsuit against IBM.
Bunner DVD case goes to the Supreme CourtThe Electronic Frontier Foundation has sent out an update on the Bunner ("California") DVD case. The DVDCCA is appealing the previous Appellate Court decision that restricting Mr. Bunner from publishing the DeCSS source was a violation of his free speech rights; the hearing will happen on May 29. Lower court rulings on the publication of code as a free speech activity have been mixed, to say the least, so it will be interesting to see what the Supremes have to say.
Landmark DVD Piracy Case to Test Free Speech (San Jose Mercury News)Here's a San Jose Mercury News article on the Bunner DVD case, which goes before the California Supreme Court on Thursday. "Four years later, DVD makers, while still fighting numerous legal battles to prevent copying, have been forced to concede their secrets are out the Internet's barn door. However, their case against Bunner lives on and has been transformed into a precedent-setting conflict between the First Amendment and California's tough trade-secret protections."
Interviews The ponytail versus the penguin (Economist)The Economist talks with Sun's Jonathan Schwartz about the company's approach to Linux. "Some software users have started to realise that even Linux is not as free as it appears: for instance, it has to be maintained and upgraded. 'Linux is like a puppy - in the beginning it's great, but you also have to take care of it,' says Mr Schwartz. He hopes that firms will opt for Solaris, because it requires less care."
The XML.com Interview: Steven Pemberton (O'Reilly)O'Reilly has published an interview with Steven Pemberton. "At the top of the HTML hierarchy stands Steven Pemberton, chair of the HTML working group of the World Wide Web Consortium (W3C). A lover of language, a writer, and an editor, as well as an organizer and a leader in the web community, he has had both subtle and profound influences over the Web, not only in HTML standards, but in concepts that permeate the Web. He has been at the center of the forces that have been guiding the Web for over a decade."
Resources AirTraf security (IBM developerWorks)L. Victor Marks writes about conducting a wireless site survey with the open-source AirTraf utility. "One of the things to pay attention to with wireless security is the usefulness of a site survey. Here, Victor Marks talks about conducting such a survey without having to buy a horrendously expensive software package, and getting immediate feedback and the most effectiveness."
Open Source Content Management arrives (IT-Director)IT-Director looks at a recent CIO survey on open source content management systems. "[A]s these software applications mature and lose their uniqueness, they become candidates for the open source movement. In the case of content management, a number of open source contenders are emerging but Bricolage, in particular, stands out in terms of capability."
Polishing Your Linux Laptop Setup (Linux Journal)Linux Journal takes another look at Linux laptops. "In my past laptop oriented articles, I talked about procedures for installing a base Linux system and setting up GNOME 2.2. This time around, I discuss a few odds and ends that did not quite fit those other two articles but definitely deserve further attention."
Reviews From PlayStation to supercomputer (News.com)News.com looks at a new supercompter made from Sony PlayStation game consoles. "Perhaps the most striking aspect of the project, which uses the open-source Linux operating system, is that the only hardware engineering involved was placing 70 of the individual game machines in a rack and plugging them together with a high-speed Hewlett-Packard network switch. The center's scientists bought 100 machines but are holding 30 in reserve, possibly for high-resolution display application."
Linux Networx Cluster System Speeds Development of Disease Diagnostic Products (LinuxMedNews)LinuxMedNews takes a look at a Linux NetworX Evolocity II cluster that speeds gene analysis. "Diagnostics help detect the presence of certain diseases so proper medical treatment can begin in the early stages of the disease. The Linux Networx system analyzes DNA and protein sequences to locate specific disease targets. The targets are then used to develop diagnostic products for diseases that are typically difficult to detect at an early stage, such as ovarian cancer."
Bits and pieces: Short Linux and computing notes (NewsForge)Robin 'Roblimo' Miller goes shopping for a laptop in this NewForge article. At least, that's how it starts. Here are some comments about the command line. "Yes, it's nice to learn the inner workings of your software, just as it's good to know how your thyroid gland regulates many of your body's functions, and it's nice to understand the torque convertor in your car's automatic transmission. But most people get along without knowing much about their thyroids or torque convertors, and they can get along without knowing why this or that happens when they click a CD icon to use their CD drive under Linux."
MySQL (Database Journal)Database Journal reviews MySQL, with a look at 4.0 (current), 4.1 (alpha) and what to expect in 5.0. "MySQL has come along by leaps and bounds, and the new version 4.0 is barely recognizable when compared with its earlier siblings. I first started using MySQL 3.22, when it was very much a toy, used version 3.23 extensively for websites, but version 4.0 and beyond promises much more. This article is a roadmap showing you the new features already implemented, and those still to come. If you have ever rejected MySQL as a product lacking in required features, maybe it's time to take another look."
Miscellaneous Network security tailored to SMBs (IT-Director)IT-Director is running a Bloor Research pronouncement which looks at secure Linux systems for small businesses. "An alternative to Trustix is Guardian Digital's Linux Lockbox, another Open Source network server appliance designed to serve as a complete secure Internet solution. Like Trustix Secure Linux, Lockbox offers secure Web management and is delivered in a way that requires little in-house Linux expertise, though it is light on the VPN and mail security side."
Page editor: Forrest Cook Announcements Non-Commercial announcements The Open Group on UNIX trademarkThe Open Group wants to make sure that everyone knows that the UNIX trademark is theirs, not SCO's. "The Open Group is the owner of the UNIX trademark which it holds on behalf of the industry. This truth has not been entirely visible in the media, even though it is acknowledged on SCO Group products and on their web site."
AUUG calls for SCO to Cease Destructive ActionsThe Australian Unix User's Group (AUUG) has sent out this press release concerning SCO. "The Australian UNIX and Open Systems User Group (AUUG, Inc.) today called on SCO (formerly Caldera) to cease its destructive actions and work toward the constructive resolution of any intellectual property (IP) issues SCO has with the Linux and Open Source communities. AUUG further called on SCO to publicly identify any IP violations in Linux so the issues can be resolved as soon as possible." Thanks to Gordon Hubbard.
Open Source Software Institute becomes LPI affiliateThe Linux Professional Institute (LPI) has affiliated with Open Source Software Institute (OSSI) to increase exposure and participation of Linux by corporate, government and academic environments across the United States.
GOK awarded first place in Accessibility category Trophées du Libre (GnomeDesktop)GOK, the gnome onscreen keyboard has received first place in the Accessibility category at the first Trophées du Libre International Free Software Competition.
KDE Accessibility Project Receives TrophyKDE.News reports that the KDE Accessibility Project has received a trophy for their efforts. "The KDE Accessibility Project is proud to have accepted a trophy at the international Free Software competition Trophées Du Libre in France. The KDEAP received this trophy for a number of accessibility aids, including KMouth, KMag, KMouseTool and the upcoming KDE Text-To-Speech Service. Many thanks and congratulations to everyone who has contributed to these applications!"
Object Application AwardsThe finalists of the OMG Object Application Awards 2003 have been announced.
Commercial announcements HP Achieves Linux Clustered Oracle Applications Standard BenchmarkHP has announced that industry-standard HP ProLiant servers running SuSE Linux Enterprise Server 8 have achieved the industry's first clustered Oracle(R) Applications Standard Benchmark (OASB)(1) on Linux.
Just what the doctor orderedThe Royal College of General Practitioners (RCGP) has chosen Trustix and IBM to supply a Linux based e-mail server solution to support the delivery of bulk e-mail to over 6000 GPs across the United Kingdom.
MySQL AB and SAP AG Partner to Build New Open Source DatabasesMySQL AB has announced a technology and cross-licensing partnership with SAP AG to give large and medium-sized companies new enterprise-ready open source databases.
City of Munich goes to LinuxSuSE has issued a press release stating that the city of Munich has decided to move to Linux. "This initiative will see Germany's third largest city migrate 14,000 desktop and notebook computers to Linux." The city has not yet chosen a vendor.
Pogo Linux CEO Leads Storage Panel at ELFPogo Linux, Inc has sent out a press release announcing their presence at the Enterprise Linux Forum Conference & Expo on June 4-6 in Santa Clara, CA.
Cross Platform: new versions of Win4Lin and CrossOver OfficeNeTraverse announced immediate availability of the next version of the award winning Win4Lin Workstation product. Version 5.0 extends the ability of Win4Lin to help users painlessly bridge from legacy Windows environments to Linux and Open Source infrastructure models.CodeWeavers has announced CrossOver Office version 2.0.1. This is primarily a bug fix release.
Resources GNOME Talks! Part 3 (GnomeDesktop)The third part of a four part accessibility series on Gnopernicus is available. "In the third (MP3 Audio) of a four-part series about Gnopernicus from the American Council of the Blind, Sun accessibility engineer Marc Mulcachy demonstrates Nautlius and gedit. He also makes a note about the complaints of doing these demostrations using a speech synthesizer that is no longer available, so for this demonstration and the next he will be using of the DecTalk speech synthesizer. He also demonstrates the FreeTTS speech synthesizer."
LDP Weekly NewsThe May 28, 2003 Linux Documentation Project Weekly News is out with news of the latest documentation updates.
Upcoming Events Infosec 2003Infosec 2003, the 2nd Congress of Information Security on the Internet, is an online conference that will be held from June 16-20, 2003.
KDE Developers' Conference: Call for PapersA call for papers has gone out for the The KDE Developers' Conference, to be held in Zamek, Nove Hrady, Czech Republic on August 23-25, 2003. "The KDE Developers' Conference is a meeting of KDE contributors from all over the world. It will feature three days of technical talks and tutorials. Do you have a particular expertise related to KDE programming that could be useful for your fellow developers? Do you want to present a particular programming pattern, a tool, a development strategy, or anything else that helps KDE developers become more productive? Then consider talking about it or giving a tutorial at the KDE Developers' Conference."
Linux Fest in LuxembourgThe LiLux Linux User Group will be holding a Linux Fest in Luxembourg on June 21 and 22, 2003.
Reports from XML Europe 2003 (O'Reilly)Uche Ogbuji and Simon St. Laurent report on the activities at the XML Europe Conference. "XML Europe 2003 put the ongoing energy and innovation of the XML community on display, including actual products on the exhibit floor. There was the usual variety of companies displaying editors, scripting tools, XML databases, training and consulting. One important theme was GUI tools for the unsophisticated user. Companies were showing tools which offered a variety of mainstream idioms for processing SVG, XSL FO, Topic Maps, e-business XML formats, and more. There have always been such offerings on display at conferences, but the increasing proportion and sophistication at XML Europe 2003 was notable."
Events: May 29 - July 24, 2003
Web sites Open XUL Alliance Site Goes Live (MozillaZine)According to MozillaZine, the Open XUL Alliance has launched their new site. "The site aims promote XUL and encourage interoperability with a collection of XUL news articles, mailing lists and links."
Software announcements This week's software announcementsHere are the software announcements, courtesy of Freshmeat.net. They are available in two formats:
Page editor: Forrest Cook
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
![[ZWarehouse]](/images/ns/zwarehouse.jpg)