LWN Weekly Edition
Leading itemsSecurity
Kernel development
Distributions
Development
Linux in the news
Announcements
Letters to the editor
->Multipage format
This page
Previous weekFollowing week
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
LWN.net Weekly Edition for June 5, 2003The Eldred Act - toward a restoration of the public domainChanges to copyright law over the years have (in the U.S. and, increasingly, elsewhere) brought the growth of the public domain to a complete halt. In the U.S., no works have entered the public domain since 1930, with the tiny exception of those put there explicitly by their creators. The extension of copyright terms, with the approval of the Supreme Court, means that the public domain will remain frozen indefinitely.But the public domain is the ultimate source of almost everything found in new creative works. Whether the subject is fiction, film, or free software, our culture depends on a common pool of ideas. The starvation of the public domain can only serve to dry up that pool. But attempts to cut back on absolute copyright protection via the court system have not been successful. The word from the courts is that this is a matter which must be decided by Congress. Enter the Eldred Act (or "Public Domain Enhancement Act"). This act would not reduce the period of copyright protection available to anyone. What it would do is require that, after 50 years, copyrights be renewed through the payment of a (very) small fee. Renewal would be required every five years thereafter. The renewal burden would be negligible for anybody who is making any sort of commercial use of copyrighted material. Mickey Mouse would be preserved for generations of Disney stockholders yet unborn. But the fact is that very little copyrighted material is still being commercially exploited after 50 years. Under current law, all those works remain protected, and almost all of them simply vanish from sight. The Eldred Act would release it all into the public domain, where it can become a common resource. The proposed law makes a great deal of sense; why maintain copyright protection on works that the copyright holder cannot be bothered to renew? Yet the bill is apparently already being opposed by lobbyist activity in Washington. As part of an effort to show that the lobbyists do not speak for a lot of people, the bill's promoters (including Lawrence Lessig) have set up an online petition where people can show their support. Signing it is a small act, but one which might help restore a more rational direction to copyright law.
A Look at Ximian Desktop 2[This article was contributed by Joe 'Zonker' Brockmeier] With the release of Ximian Desktop 2 right around the corner, I decided to ring up my contact with Ximian to see if I could get a test-drive. By the end of the day Monday I had XD2 installed on my Toshiba laptop running SuSE 8.2.
Before I start talking about the features and such that come with XD2,
it's important to note Ximian's target audience. Ximian is not
targeting the home user, nor are they targeting long-time Linux users.
The Ximian desktop is primarily aimed at corporate desktops.
There are a limited number of
The Ximian folks gave me a Red Carpet Express account to test out XD2, so I used the Ximian Red Carpet download installer and went for the full install. The entire install, including the download time, took a little more than an hour over a broadband connection. The public servers might be a little slower, and I'm sure they'll be swamped next Monday for the official release. I wouldn't advise trying to do a download install over dial-up at any time unless you're a very patient person. As usual, the Ximian Desktop looks fantastic. I realize this is a subjective thing, but I find XD2 to be one of the best-looking desktops on the market -- and that includes the Aqua desktop from Apple. It's not an overly-slick kind of look, that would probably turn off the corporate buyers that Ximian is trying to reach. It's just a nice, clean look that is pleasant to use without being distracting. If aesthetics alone were the deciding factor for corporate desktops, Microsoft would be in deep trouble. Then again, they'd never have gotten where they were in the first place if aesthetics were a big factor. Speaking of Microsoft, Ximian takes a cue from the folks in Redmond with some desktop icons like "My Computer," "Trash" and a home folder that are all designed to be permanent fixtures. They can be removed, but it isn't as simple as right-clicking on the icon and hitting "Move to Trash." For the corporate desktop, this is a feature -- for the average Linux user, this is annoying. The "My Computer" folder contains the same kind of stuff you'd find on a Windows machine, a printer icon, settings icon, and so on. It's not an exact replica of the Windows setup, but it's probably close enough to be intuitive if you've been using Windows all your computing life. I found that it's easy to browse to a Samba share using Nautilus, which is a good thing for companies who want to move some users from Windows to Linux. I'm guessing it would have been able to "see" a regular Windows box with file-sharing turned on as well. XD2 also comes with a brand-new version of Evolution. Unfortunately, Evolution 1.4 is mostly a maintenance release -- there are no new features to speak of, just bug fixes, better integration with GNOME 2 and so on. While I don't want to minimize the importance of bug fixing and so forth, I was hoping for some new features for Evolution. Other than the splash screen, I didn't notice any difference between Evolution 1.4 and 1.2. The folks at Ximian have done a nice job of sprucing up OpenOffice.org. They've added a whole new set of icons to the toolbars and so on, which isn't a big deal in terms of functionality, but it will probably do more to create a good first impression for former (or soon-to-be former) Microsoft Office users. They've also tweaked OOo to save files in Microsoft Office formats by default, rather than the standard OOo formats. This includes getting rid of the dialog box that warns that you might lose data by saving in other formats. Again, this is a feature that will be a big plus for users moving from Windows to Ximian, but possibly annoying for the average Linux user. Ximian has also included "Windows metric compatible fonts" in XD2. Basically, this means that the fonts included are supposed to better mimic the default fonts you get with Windows -- making Web browsing and such more like the Windows experience. I don't really worry too much about Web pages looking different, but the XD2 fonts mean that MS Office documents look much more like they're supposed to when you open them in OpenOffice.org and that's a very good thing. Presumably, it will also mean that documents created in OpenOffice.org will look right when opened in Microsoft Office. Speaking of Web pages. Ximian defaults to Galeon as its Web browser, rather than Mozilla. Since I usually use Mozilla, I wasn't sure I'd like the switch, but I really didn't notice much difference. One nice thing is that Ximian pre-installs the regular suspects when it comes to plugins, so you'd have Java, Flash and the rest from the beginning rather than having to download them separately. This is in the Professional edition of XD2 -- so if you're doing the free download, you're still going to have to go hunting for some of the plugins, Adobe Acrobat Reader, and you won't get the Agfa fonts. Though I think XD2 is a great desktop, there are some areas for improvement. For example, one of the first things I do when I do a fresh install is to set the resident window manager or desktop environment to move windows transparently. I couldn't find a way to do this using any of the apps in XD2's Personal Settings panel. I'm also puzzled because Ximian installs a "Format a Floppy" icon by default under the "System Tools" menu -- despite the fact that the machine has no floppy drive. Overall, though, I think that Ximian has delivered a great desktop for their target audience. Whether corporations take it up or not is another story, but here's hoping.
The end of the NICThe "New Internet Computer" (NIC) was another one of Larry Ellison's Big Ideas: a low-price, hassle-free Linux-based computer which limited itself to Internet activity. It was essentially a browser with a bit of accompanying hardware. There was no hard disk; Linux would boot off a CDROM and what little data needed to be stored went into flash memory. At $200, it seemed like a cheap and easy way to get Linux onto desktops - and counter tops - where it had previously failed to go. LWN covered the NIC release back in July, 2000.So much for that idea; three years later, as reported by ZDNet, the New Internet Computer Company is shutting down. Sales have been scarce, and the company was unable to come up with another round of financing. When you have a company that is not making money, there are really only a couple of choices: find an excuse to sue IBM, or shut down gracefully. NIC chose the latter path. The Linux-based thin client (or "Internet appliance") product once looked like a good idea. Many people just want to play around on the net, and don't want to hassle with computers, software installations, drive failures, viruses, etc. Why not provide them with a simple box which handles this basic task and doesn't ask for any care and feeding? The answer would seem to be that, when people want a computer, they want a real, general purpose computer. For the price of a NIC, it is possible to find real systems which can be customized, enhanced with additional software, and generally made more useful. People naturally shy away from a system which appears to offer reduced functionality or to be, in some way, crippled. This is, perhaps, especially true when people are looking at Linux systems, which ordinarily offer a greater degree of control than proprietary alternatives. There may yet come a time when everything one might want is available as a web service, and users want little more than a display with a browser and a "buy" button. But, for now, it appears that the general purpose computer has not yet completed its run.
A few SCO notesThings have been relatively quiet on the SCO front this week. The world is waiting for SCO to put up some evidence, and SCO management has not come up with any new ways to upset the Linux community. Still, a few things are worth mentioning.SCO held a conference call on May 30 to explain its position. Executive summary: they claim to own the Unix copyrights, but it doesn't matter because the IBM suit is based on contracts. For more information see LWN's quick writeup or the complete transcript posted by Karsten Self. LWN has decided not to request access to SCO's evidence under their non-disclosure agreement (which has been posted by the Linux Journal). Our ability to write about important topics, along with our continued ability to contribute to projects like the kernel, is more important than early access to SCO's exhibits. Besides, SCO's oft-repeated statements about the useful value of contracts as a vehicle for lawsuits suggests that they might be a good company to not sign contracts with. LinuxTag's complaint against SCO in Germany, mentioned briefly here last week, has had some success: rather than put up its proof as demanded, SCO chose to shut down its German web site. The links to its "letter to Linux users" have also been removed from the SCOsource web page. It is a temporary situation, but, for now, SCO has chosen silence over backing up its claims. News.com has tracked down a copy of the 1995 contract between SCO and Novell - the one which transferred (or didn't) Unix to SCO. Reading the contract seemingly does not make the situation any clearer; the contract looks like a muddy mess. Resolving who really owns the Unix copyrights looks like a job for the courts. Finally, for some amusement, see Modern SCO Executive, an extreme exercise in fair use by Moen, Self, Gilbert, and Sullivan.
A quick LWN updateIt's been a while since we've run one of these update articles, which is generally a good thing. We'd rather be talking about what is going on in the Linux community than ourselves. But every now and then somebody asks for an update, so here goes...The subscription count remains, more or less, level. We went through the expiration of all the six-month subscriptions that people took out back at the beginning in reasonably good form, which is a good thing. But the rate of growth at this point is very low. We've begun to increase traffic with some careful, targetted advertising (mostly on Google for the moment) with some results. More needs to be done, however. The subscription level is still not at the level it needs to reach for LWN to be a long-term stable operation. Advertising on the LWN site has been a little higher through the last few months. We would like to encourage everybody to remember the LWN text ad system, however. It is an effective and inexpensive way to get your message out to the Linux community and support LWN at the same time. It is worth noting that it has now been one year since LWN switched over to the new site code and format. There were a lot of complaints at the time, but our readers appear to have gotten used to the new way of doing things. The new code has significantly reduced the effort it takes to put LWN together every week, has enabled the formation of a strong (and opinionated) community of commenters, and, of course, has let us set up the whole subscription system. We believe it was worth it, even if there are still a lot of rough edges in need of smoothing. Thanks, as always, for supporting LWN.
Security Brief items Algorithmic compexity attacksScott Crosby and Dan Wallach have announced a paper describing a new class of security problem that they call "algorithmic complexity attacks." The basic idea is simple: predictable behavior in certain application algorithms can be exploited by attackers to create denial of service problems; these attacks can be easy to mount and require very low amounts of bandwidth. The full paper describes this sort of attack in detail, with a strong emphasis on hash tables. The authors promote a particular class of hashing algorithm ("universal hash") as a way of fixing the problem.The networking hash vulnerability described here two weeks ago clearly falls into this category of problem. (This vulnerability, incidentally, is still unfixed by any distributors beyond Red Hat and EnGarde). Mr. Crosby has also found a similar problem in the Linux kernel directory entry cache code; an attacker who has control over file names can force behavior which slows the system to a crawl. The interesting thing is that, once one starts looking, this sort of vulnerability is widespread. For example:
Chances are many applications suffer from this sort of vulnerability. It may soon be that distributed denial of service attacks pass out of favor; if an algorithmic complexity attack is available, there is no real point in going to the effort of assembling the attack network. Sadly, it may well turn out that free software applications are uniquely vulnerable to algorithmic complexity attacks - at least, in the short term. Mounting such an attack requires a reasonably well advanced understanding of which algorithms an application is using, and how it is using them. Closed-source applications will certainly have (at least) as many algorithmic complexity vulnerabilities as free applications, but the lack of source will make those vulnerabilities hard to exploit. In the longer term, of course, the situation may reverse itself; the vulnerabilities in free programs will have been found and fixed, while those in proprietary code lurk on, waiting for an exploit to be developed.
New vulnerabilities ghostscript: command execution vulnerability
gPS: multiple vulnerabilities
kon2: buffer overflow allows local users to obtain root privileges
tomcat: insecure directory mode
uw-imapd: vulnerabilities in IMAP clients written with C and C++
Updated vulnerabilities Apache 2 - denial of service
bind buffer overflow vulnerability in DNS resolver libraries
Canna server: exploitable buffer overrun
CUPS: vulnerability in the CUPS IPP implementation
dvips: command execution vulnerability
ethereal - format string vulnerability
Filename disclosure vulnerability in fam
fetchmail: buffer overflow
file - memory allocation problem, stack overflow
Potential remote root exploit in glibc
glibc: DNS stub resolvers contain buffer overflow vulnerability
gnupg: key validation
gtkhtml: malformed messages cause crash
IMP - SQL injection vulnerability
kde: arbitrary code execution
kernel - ptrace-related vulnerability
kernel 2.4 - two new vulnerabilities
kernel-utils: setuid vulnerability
kopete: vulnerabiliy in GnuPG plugin
libpng, libpng3: buffer overflow
LPRng: insecure temporary file
lprold - buffer overflow in lprm
lv: privilege escalation
lynx: CRLF injection vulnerability
perl-MailTools: remote command execution
Nessus NASL scripting engine security issues
nethack: buffer overflow
netscape-flash: buffer overflow
net-snmp: denial of service vulnerability
openssh: timing attack leads to information disclosure
pam_xauth: root exploit
PHP: vulnerability in mail function
PostgreSQL - more buffer overflows
PoPTop: remotely exploitable buffer overflow
Local arbitrary code execution vulnerability in Python
Multiple-use vulnerability in Safe.pm
squirrelmail: more cross-site scripting vulnerabilities
File overwrite vulnerability in tar and unzip
Multiple vendor telnetd vulnerability
typespeed: buffer overflow
vim - modeline vulnerability
vixie-cron: Local vulnerability
wget:directory traversal bug
Wwwoffle remote privilege escalation vulnerability
xinetd: Memory leak in xinetd 2.3.10
Resources June CERT SummaryThe CERT Summary for June, 2003 is out; problems highlighted this time include the XDR integer overflow, the sendmail buffer overflow, and the snort vulnerabilities.
Linux Advisory WatchThe May 30 Linux Advisory Watch newsletter from LinuxSecurity.com is available.
A new vulnerability reporting processA group called the Organization for Internet Safety has surfaced with a draft proposal describing a process for reporting (and responding to) vulnerabilities. It is a lengthy and detailed document which attempts to program what should happen at every stage of the vulnerability resolution process. Public comments are being accepted on the draft through July 7.
Events PHRACK MAGAZINE Call for PapersThe call for papers for PHRACK #61 has gone out; submissions are due by July 18. "Dont bother us with lame articles -- only the elite papers will make it."
Page editor: Jonathan Corbet Kernel development Brief items Kernel release statusThe current development kernel is 2.5.70; Linus has not made a kernel release since May 26.Linus's BitKeeper tree includes some device model work, a long-sought fix for hanging TCP sessions, an improved slab allocator which performs better in busy, multi-processor situations, some kbuild tweaks, an ALSA update, a set of hash function changes to deal with algorithmic complexity attacks, a FAT filesystem rework (if you have been waiting to be able to create FAT partitions greater than 128GB, this patch is for you), a v850 subarchitecture merge, a RAID update, the removal of the long-deprecated callout TTY device (/dev/cua) support, and several other fixes and updates. The sixth version of the 2.6 kernel must-fix list is now available; it has been split into two separate lists: must-fix bugs and not-ready features and speedups. The list (pre-split) is also available in diff form. The current stable kernel is 2.4.20. The current 2.4.21 prepatch is 2.4.21-rc7, released by Marcelo on June 3. "Now I really hope its the last one, all this rc's are making me mad."
Kernel development news Safely suspending an IDE systemThe 2.6 kernel will feature much improved power management, thanks to the device model, improved ACPI support, and a fair amount of effort in general to get power management right. One nagging problem remains, however, in the IDE subsystem. An IDE suspend or resume operation must be carefully serialized with any other operations happening within the same "hwgroup," where a hwgroup is a set of IDE devices that can only be accessed one at a time. Simply shutting down a drive when the kernel asks runs the risk of corrupting in-progress operations and generally making a mess of things.Benjamin Herrenschmidt has now worked up a patch which deals with this problem, and, incidentally, shows off one of the design features of the 2.5 block I/O subsystem. The key to the solution is to realize that the IDE subsystem already has a mechanism which carefully serializes accesses to hwgroups: the block I/O request queue. If suspend and resume requests are put onto the request queue, the IDE subsystem will find (and act on) them at just the right time. When one thinks of the I/O request queue, what usually comes to mind is commands to move data blocks to and from a drive. But, as covered in the LWN Driver Porting series, the newly redesigned block subsystem includes the ability to put other kinds of commands into request queues. This mechanism is used, for example, to queue packet-mode commands or explicit taskfile operations. But it can also be exploited to serialize power management commands. So, all that was required is a new REQ_POWER_MANAGEMENT request type. The desired power management state is stored in the special field of the request structure, which is added to the target drive's request queue. When the hwgroup has finished up any other outstanding operations it may have going, it will see the power management request and deal with it at the right time. Problem solved.
Where did that code come from?SCO's lawsuit claims that code has been copied from its (or somebody's) proprietary code base into the Linux kernel. Beyond that, SCO claims that IBM, in particular, is responsible for that copying. These claims remain hypothetical as long as SCO refuses to provide any proof. As an intellectual exercise, let us imagine for a moment that SCO is actually able to produce examples of code that appear to have been copied from one system to the other. How then do they go about proving where it came from?The kernel development process is nearly unique in a couple of ways. In one sense, it is one of the mostly tightly controlled projects out there; one - and exactly one - person can commit code to the mainline kernel tree. If Linus does not merge a patch, it simply does not go in. On the other hand, Linus did not use any sort of source code management system until early 2002. He also did not maintain any sort of records of what he merged, as far as anybody can tell; changelogs for kernel releases had to be created by digging through the large release-to-release patches and seeing what changed. So, while Linus is the "choke point" through which all patches pass, the record of what happened at that point is limited to his official kernel releases. One can look at Linus's output to determine, with great precision, when a particular patch went in, and, importantly, the evolutionary steps it took to get to its present state. Figuring out where it came from will be another story. Since there is little information to be had from Linus on the provenance of patches before the BitKeeper era (which is the time period SCO is interested in), it will be necessary to try to trace any offending patches backward. And that means looking at how code reaches Linus. The basic nature of the submission process has not changed in a long time. Some code is written by Linus himself. Linus's contributions have become a very small part of the whole, but he does still have something to add at times. It is probably safe to assume that Linus is not copying his work from proprietary Unix. Some patches get to him by way of the linux-kernel mailing list. It is rare for Linus to pick up patches directly from linux-kernel, but it does happen. If a particular piece of allegedly infringing code was posted publicly, it should be possible to determine who sent it out. Chances are that the SCO investigators, if they really have infringing code to show, have been digging through the linux-kernel archives in the hopes of finding this sort of "smoking gun." The thought of SCO lawyers wading through old devfs flamewars is good for a smile or two. Many patches go directly to Linus, often with no public posting at all. For example, much of Alexander Viro's work - big changes to core parts of the kernel - are first seen when they show up in a kernel release. There will be no record of these contributions other than Linus's memory and, perhaps, any existing backups of his mail spool. Unless this code comes with a comment like:
/*
* Copyright © Caldera International
*
* Ripped off in 2000 by plagiarist@ibm.com; I'm too lazy to
* do this myself and they'll never notice.
*/
it will be very hard for SCO (or anybody else) to prove where the code came from. The rest of the patches arrive by way of one of the "lieutenants" - developers like Alan Cox, David Miller, Greg Kroah-Hartman, Andrew Morton, and others. Some of these developers have used source management systems at times, others have not. Again, much of this code goes into the kernel without ever being posted on a public list. It can have two layers of private communication obscuring its true origin. The end result of all the above is that the kernel development process is not quite as open as many people believe. A lot of code is posted publicly and its authors duly flamed for anything that does not look quite right. But a lot of code takes a quieter path and only sees the light of day when it shows up mixed into a development kernel. Much of the code that went into the 2.3 development series could be nearly impossible to trace back to its contributor. It is also worth bearing in mind that no sort of paperwork is required to contribute code to the kernel. No copyright assignments, no warranties of originality, no indemnification. So there is no paper trail behind contributions to the Linux kernel - at least, not on the Linus side of things. One can only assume that companies like IBM have rather more rigorous procedures internally. But before that matters, a particular chunk of code will have to be traced back to IBM, and that could prove difficult. The "low-ceremony" nature of kernel development is one of its attractions; the only thing you need in order to to play the game is some worthwhile code. It would be a shame if legal pressures eventually forced Linus to erect a wall of paperwork between himself and aspiring contributors. For SCO's purposes, however, it is too late. Unless an IBM employee went out of his or her way to attach their name to a code contribution via a public posting or internal comments, it may never be possible to prove the origin of that contribution. And that could be bad news for SCO, which has gone out of its way to state that IBM, in particular, is responsible for the copying that SCO claims has occurred.
Patches and updates Kernel trees
Core kernel code
Development tools
Device drivers
Documentation
Filesystems and block I/O
Memory management
Networking
Architecture-specific
Security-related
Benchmarks and bugs
Miscellaneous
Page editor: Jonathan Corbet Distributions News and Editorials Roundup of Educational Linux Distributions[This article was contributed by Ladislav Bodnar] A noteworthy trend that seems to have emerged in recent months are increasing Linux-related activities in educational and government institutions around the world. Many schools, colleges, universities and government departments are now building their own custom Linux distributions. While few of them can be classified as original projects, it is still interesting to see how Linux is slowly infiltrating all levels of our societies. Let's take a brief tour of these projects, listed here in alphabetical order.The ADIOS project has been created by the Queensland University of Technology in Brisbane, Australia. Perhaps not the most inspiring name for a Linux distribution, ADIOS is an acronym for "Automated Download and Installation of Operating Systems". While the project's main goal is to provide students with an operating system where they have administrative privileges in a laboratory environment, it has also released a Red Hat-based bootable live CD for general home use. CollegeLinux is a product of Robert Kennedy College in Delémont, Switzerland. The idea was to create an easy-to-use desktop Linux distribution for use by students. The college has identified Linux as a phenomenon playing an increasingly important role in IT, so what better way to teach it than to involve students in building their own Linux distribution? Based on Slackware, CollegeLinux has produced several releases and it has succeeded in creating a substantial user community. Interesting information about the distribution's philosophy can be read in this Interview with Professor David Costa of CollegeLinux by OSNews. EduLinux (web site in French) is a project of Sherbrooke University in Quebec, Canada. It is a Mandrake-based distribution designed for use in French-speaking educational and governmental organizations. The developers have focused on providing a system which would allow painless migration of tasks from Microsoft-based systems to Linux. Edunix (web site in Czech) is a Czech Linux-for-schools project. It is unclear from the web site who is behind the initiative, but the idea has been evolving for several months and a first beta edition, based on K12LTSP, has recently been released. The Freeduc CD is a live Linux CD built by the Organization for Free Software in Education and Teaching (Ofset). Ofset is a legal entity based in Paris, France, with the goal to promote the development of free software in education. Freeduc is a modified Knoppix, excluding some of the memory intensive applications and including useful educational software. The removed applications have been replaced by less resource-hungry alternatives as the CD is designed to power low-end computers, often found in schools. The CD boots straight into a graphical environment, which is managed by intuitive and light-weight XFce windowing system. Besides French and English, Freeduc also supports a number of European languages. LinEx is one of the most successful efforts in converting government offices and educational establishments to free software. Developed by the regional government of Extremadura in Spain, this Debian-based distribution is frequently given away with newspapers, magazines and in government offices around the region. Governments in other areas of Spain have started catching up and both Andalucía and Aragón have recently announced Linux initiatives (both links in Spanish). Lorma Linux is another new project initiated by a small group of Linux enthusiasts at Lorma Colleges in San Fernando City, La Union, Philippines. This distribution is a modified Red Hat Linux - it has been scaled down to fit on one CD, KDE has been set as the default desktop environment and all applications have been recompiled for the i686 architecture. K12LTSP (K12 Linux Terminal Server Project) is possibly the best-known and most successful Linux implementation for use in schools. The Red Hat-based distribution is designed to be installed as a web, file and application server and accessed by low-cost diskless workstations or terminals, also known as thin clients. These thin clients have no software or hard drives - perfect for schools as they are easy to install and require little maintenance. They are reliable and immune to malicious tampering and viruses. The project has excellent community resources and highly active mailing lists. LinuxPlanet has published a K12LTSP tutorial and report. kmLinux (web site in German) is a distribution sponsored by the Government of Schleswig-Holstein in Germany. It is a single CD, SuSE-based distribution supplying the usual range of educational software for use in schools. Quantian is a new project, a Knoppix-based variant tailored to numerical and quantitative analysis. Some applications from the original Knoppix were removed to make space for several quantitative, numerical and scientific programs, including R, Octave, Maxima, GSL, QuantLib, OpenDX, Mayavi, TeXmacs and many others. Skolelinux (web site mostly in Norwegian, parts in English) is a Norwegian project to replace Windows with Linux in schools around Norway. "Our school saves at least 128,000 Norwegian kroner a year, and we are able to use new software on old computers", says Bjarne Hugo Hansen, principal of Hole primary and secondary school. Thanks to the Debian-based Skolelinux, all local languages of Bokmål, Nynorsk and Sami are receiving full attention, something that wasn't always the case with proprietary systems. This project is in active development and changes are frequently implemented based on feedback from schools. SULIX (web site in Hungarian) is a distribution, developed by a small group of teachers at the University of Szeged, Hungary. Based on the Knoppix live CD, its main features are usability, Hungarian language support and inclusion of educational software packages. It is routinely handed out to students for individual practicing at home. While the distribution's main language is Hungarian, other languages are also supported. We probably missed a few projects, so if you happen to know about some that belong in this category, please tell us by posting a comment below. [Ed. note: see also the Education section of the LWN Distribution List, recently link-checked and edited (although some are looking a bit historical), where you'll find some of the distributions mentioned above, and a few that are not.]
Distribution News Debian GNU/LinuxThe Debian Weekly News for June 3, 2003 is out. This week Petter Reinholdtsen announced a new Skolelinux CD image a while ago that fixes many bugs and uses the debian-installer already. Mario Lang urgently needs help fixing bugs in the speakup kernel packages, otherwise the package will be abandoned. All that and more in this week's edition.Look for the Debian Project at conferences in Austria and Brazil. June 5th to 7th - 2nd LinuxWochen - Vienna, Austria and June 5th to 7th - International Free Software Convention - Porto Alegre, Brazil. The DDTP team and the Debian-BR project have announced the second public release of APT featuring support for translated package descriptions. Branden Robinson reports that Debian's XFree86 packages are becoming team-maintained. "In practice they have always been to some extent, thanks to contributions large and small from many people (grep the xfree86 package changelog for "thanks" sometime)." Jason Boxman has written a detailed HOWTO for configuring Exim and Courier IMAP under Debian GNU/Linux. Found on DebianPlanet. Also from DebianPlanet, we found orth's kde cvs debian packages. "If you think you noticed a difference between KDE 3.0 and 3.1, you'll find the same exponential improvement in these packages."
Gentoo Weekly Newsletter -- Volume 2, Issue 22The Gentoo Weekly Newsletter for the week of June 2, 2003 is available. This week's issue covers new mirror sites in North America, the CFLAGS/cpuinfo collection project, and an upcoming infrastructure change.
Slackware LinuxSlackware Linux has updates to slackware-current including a new version of procps. See the slackware-current changelog for details.
Yellow Dog LinuxYellow Dog has an enhancement announcement for a new compat-gcc package. "The compat-gcc package provides a compatibility compiler that is compatible with Yellow Dog Linux 2.3. The version of compat-gcc that comes with Yellow Dog Linux 3.0 is missing a compatibility version of the g77 fortran compiler."
LSB CertificationsSuSE Linux AG has registered SuSE Linux Desktop 1.0 as conforming to the LSB Runtime Environment for IA32 version 1.3 product standard.ThizLinux Laboratory has registered ThizLinux Desktop 7.0 as conforming to the LSB Runtime Environment for IA32 version 1.3 product standard.
"Absolute OpenBSD" from No Starch PressFor OpenBSD users and security conscious people everywhere, No Starch Press has announced the publication of "Absolute OpenBSD", by Michael W. Lucas.
New Distributions ClusterKnoppixDebianPlanet reports on ClusterKnoppix, a modified version of Knoppix with the openMosix kernel extensions. Bittorrent: clusterKNOPPIX_V3.2-2003-05-20-EN-cl1.iso was released May 28, 2003.
Quantian: A Knoppix remastering for Scientific ComputingA new distribution called "Quantian" has been launched. This one is a rework of Knoppix (and is thus Debian-based) which turns a PC into a scientific workstation. To that end, a long list of numeric and scientific packages have been added to the mix. All the nice features of Knoppix have been retained, of course.
Minor distribution updates 2-Disk Xwindow embedded Linux2-Disk Xwindow embedded Linux has released v1.0.8 (Source code) with major feature enhancements. "Changes: linux-lite kernel source was added, enabling a kernel image of ~47kb. Boot loader methods have been changed to reduce size. The build script has been cleaned up. Issues with ibiblio searches have been fixed (it may take some time for downloads to propagate out from incoming). There are changes to the info regs system."
Astaro Security LinuxAstaro Security Linux has released v4.007 with minor bugfixes. "Changes: This Up2Date fixes a small bug in the VPN IPSec section of the WebAdmin."
Slackware Live CDSlackware Live CD has released v2.9.0.15 with major feature enhancements. "Changes: The ISO image fits the 190MB CD-RW medium now. There are new mouse cursors for Xwindows. KDE 3.1.2 , Kopete 0.6.2 (a lot of bugs fixed), a flag for international keyboard support under KDE, the ability to run something automatically after booting (autoexec), and the Quanta HTML and PHP WYSIWYG editor have been added. The ramdisk takes 22 MB now to raise free ramdisk space. Mplayer has been recompiled for CPU autodetection. Some 75dpi international fonts have been removed, as has emacs."
Distribution reviews Tux goes to college (NewsForge)NewsForge reviews College Linux 2.3, a Slackware-based distribution from Robert Kennedy College in Delémont, Switzerland. "CollegeLinux comes with some software you might expect, like a 2.4.20 kernel, OpenOffice.org software suite, KOffice, nfs, Samba, and openssh. It also comes with a few things you might not expect. For example, while Wine is considered an option on many other Linux distributions, it is included here. I guess many students have a Windows partition on their machines. Having Wine installed means that many Windows programs (the ones that don't choke under Wine, that is) will be available under CollegeLinux. Good idea."
A Beginner's Guide to Choosing a Linux Distribution (DistroWatch)DistroWatch has updated the "Beginner's Guide to Choosing a Linux Distribution". Those new to Linux are often overwhelmed by the choices available to them. This handy resource helps reduce some of the confusion by looking at several distributions that could be good for beginners. "The bewildering choice and ever increasing number of Linux distributions can be confusing for those of you who are new to Linux. This is why this page was created. It lists 10 distributions, which are generally considered as most widely used by Linux users around the world. There are no figures to back it up and there are many other distributions that might suit your particular purpose better, but as a general rule, all of these are popular and have very active forums or mailing lists where you can ask questions if you get stuck."
Page editor: Rebecca Sobol Development Haystack: the universal information clientThe Haystack project has come to our attention: "Haystack is a tool designed to let every individual manage all of their information in the way that makes the most sense to them. By removing the arbitrary barriers created by applications only handling certain information "types", and recording only a fixed set of relationships defined by the developer, we aim to let users define whichever arrangements of, connections between, and views of information they find most effective. Such personalization of information management will dramatically improve each individual's ability to find what they need when they need it."![[Haystack]](/images/ns/haystack.jpg){kind=small}
Haystack is a cross-platform project, it is designed to run on Linux and several versions of Windows. The system is dependent on the Java 2 Development Kit (JDK) version 1.4 or later. It is recommended that users have a 2 Ghz Pentium 4 processor, at least 512 MB of RAM, and 1GB of disk space. A summary of Haystack's characteristics include:
The project overview has detailed documentation with examples of how someone would use all of these capabilities. A preliminary release of Haystack is available for download, it is still in development, so expect bugs. The download page says that Haystack runs slowly under Linux and the embedded web browser is not yet functional. The system has been released as open-source under a Copyright from the Massachusetts Institute of Technology.
System Applications Audio Projects Alsa 0.9.4 ReleasedVersion 0.9.4 of the Alsa Sound Driver has been released. Change information is in the source code.
Ogg TrafficThe June 3, 2003 edition of Ogg Traffic is out with the latest Ogg Vorbis audio compression software news. "This Ogg Traffic should really have appeared last week, but I was too busy with various real life issues. A lot has happened in the meantime, and consequently, today's Ogg Traffic features status updates from a whopping 14 Xiph.org team members."
Planet CCRMA changesA number of new audio applications have been added to the Planet CCRMA audio package site. See the change log for details.
CORBA MICO 2.3.10 releasedVersion 2.3.10 of MICO (MICO Is CORBA) has been released. Change information is in the source code.
Database Software Firebird 1.5 Release Candidate 3Version 1.5 Release Candidate 3 of the Firebird database is available "The development of Firebird 1.5 release is in final development stage ! The Release Candidate means that we're "almost there", and we turned our focus to remaining known issues and rough edges, final testing and bug squashing. We made a lot of progress with it thanks to your feedback."
PostgreSQL Weekly News - May 28th 2003Here's the PostgreSQL Weekly News, with a look at the 7.3.3 release, and what to expect in 7.4. Also, PostgreSQL In the News and Upcoming Events.
libgda, libgnomedb, Mergeant 0.12 released (GnomeDesktop)GnomeDesktop reports that there are new versions of libgda/libgnomedb and Mergeant, all are part of a database framework for GNOME. "This release is the next in a series that will result in 1.0, which is what GNOME-DB developers are working hard at. For this reason, we need users and developers to use it and report any problems/suggestions."
phpMyAdmin 2.5.1 released (SourceForge)SourceForge has the announcement for phpMyAdmin version 2.5.1. "The development team is pleased to present you version 2.5.1, which aims to stabilize the 2.5.x series. phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the http://www."
Electronics flP5 - the fast light Parallel Port Production PIC Programmer 1.0.0For those of you who are working with PIC microcontrollers, flp5, the fast light Parallel Port Production PIC Programmer version 1.0.0 has been released. Flp5 is based on FLTK, the Fast, Light ToolKit. For more information, see the flp5 home page.
Networking Tools Sussen GUI for Nessus security scannerSussen is a GUI client for the Nessus security scanner. Version 0.1 has been released, the code is available under the GPL.
Printing HP Inkjet Linux Driver 1.4.1 release (SourceForge)SourceForge has an announcement for a new version of the HP inkjet printer driver. "The Hewlett-Packard Co. Linux Inkjet Driver Project is a add-on to the GNU Ghostscript application. This driver is based on the Hewlett Packard Appliance APDK for deskjet printers. This release includes bug fixes."
AFPL Ghostscript 8.10 releaseVersion 8.10 of AFPL Ghostscript has been released. "It contains some fairly substantial reworking of important modules, most notably in the font rendering. Because of the extent of the changes, we're labelling this as a beta release. It should be quite usable, but it hasn't been as thoroughly wrung out as our production releases. The major new feature is improved font rendering by Igor Melichev."
Web Site Development Moodle 1.0.9 released (SourceForge)Version 1.0.9 of Moodle is available. "Moodle 1.0.9 was released recently, and contains a very long list of new features, performance improvements and fixes. Moodle is PHP software that aims to make quality online courses (eg distance education) easy to develop and conduct. Learning and development are guided using a social constructionist philosophy. Implemented on thousands of sites and in 30 languages."
phpWebSite 0.9.2 Stable released (SourceForge)Version 0.92 of phpWebSite has been released. "Includes many bug fixes, new control panel, categorized pages, and more. Developed by the Web Technology Group at Appalachian State University, phpWebSite provides a complete web site content management system. All client output is XHTML 1.0 and meets the W3C's Web Accessibility Initiative requirements."
Plone 1.0.2 released! (ZopeMembers)Plone version 1.0.2 has been released. "The Plone Team today released Plone 1.0.2, a maintenance release for Plone 1.0. Plone is an open source information management system available in 25 languages, and has a large and active community supporting it."
Zope 2.6.2 Beta 2 Released (ZopeMembers)ZOPE 2.6.2 Beta 2 has been announced. "Users of the Zope source release should note that Python 2.1.3 is now the required platform. Python 2.1.3 includes a fix to an issue that could cause crashes in Zope." Numerous bugs have been fixed in this release.
Zope Group Calendar 0.2 released (ZopeMembers)Version 0.2 of Zope Group Calendar has been released. "Recent changes include the views week and year, as well as some bugfixes and refactored code."
ZWiki 0.19.0 released (ZopeMembers)ZopeMembersNews mentions the release of Zwiki version 0.19.0, a wiki package for Zope. "Summary: Preliminary reStructured Text support, page types cleanup, skin bugfixes, customizable issue colours."
Web Services Web services globalization modelXiao Hui Zhu writes about globalization issues for web services on IBM's developerWorks. "This article starts from the base elements of a globalization architecture and then applies them to the Web services architecture. To strengthen the ideas, some examples are raised in the paper, together with some references for further information."
Desktop Applications Audio Applications Ecamegapedal 0.4.2 releasedVersion 0.4.2 of Ecamegapedal, a realtime audio processor that works with Ecasound, has been released. Change information is in the source code.
Horgand v0.90 availableThe first release of Horgund, a real-time organ synthesizer, is available.
Marlin 0.1 Released (GnomeDesktop)GnomeDesktop reports on the release of Marlin 0.1, an audio sample editor. "Its only 0.1 so it doesn't have a whole host of features, but its usable I think for small editing jobs, and really, after a year I think its time for people to see it."
swh-plugins 0.4.2 availableVersion 0.4.2 of swh-plugins, a real-time audio effect utility, has been released. This version adds new filter plugins, bug fixes, and more.
Tkeca 1.8.0 ReleasedVersion 1.8.0 of Tkeca, a GUI interface to the Ecasound audio utility, is available with a number of new features.
tuneroid 0.9.3 releasedVersion 0.9.3 of tuneroid, a musical instrument tuning application, has been released.
Desktop Environments Release Team's Almost-Final New Modules List for GNOME 2.4 (GnomeDesktop)The GNOME team has compiled a list of new modules for GNOME 2.4. "This list will become the official new modules list for GNOME 2.3.x on June 2, enshrined forever in GEP 11, unless we hear loud wailing and gnashing of teeth at any of our judgements before then. That means you have just under a week to bring up any doubts or queries you have about this list." If you can't get to GnomeDesktop try the mailing list archives instead.
KDE Traffic #53Issue #53 of KDE Traffic has been published. The KDE 3.2 release cycle is looked at.
Games Gnome Games 2.3.3 = New Games ! (GnomeDesktop)GnomeDesktop.org mentions the 2.3.3 release of Gnome Games. "Gnome 2.0 Anonymous George writes "When gnome-games was last heard of there were horrible rumours of death and dismemberment. Not all of them were true. XBill is still gone, but Gnibbles and Gnobots are back. There have even been some new additions." Perhaps someone should write a game called X-SCO to replace XBill.
Graphics Gimp-Print 4.3.15 (development) (SourceForge)Version 4.3.15 of Gimp-Print has been released. Many changes have been included.
GUI Packages New wxWindows ReleasesNew software for the wxWindows GUI framework includes wxOTL 0.3, a wxWindows database programming library, and wxCRP 1.2, a template wizard.
Interoperability Wine Traffic #172Issue #172 of Wine Traffic is available. Topics include: Frank's Corner Milestone, Updated To-do List, Building a CHM Viewer, Update CVS Utilities for Compression, and Using Ventrilo.
Office Applications AbiWord Weekly NewsIssue #146 of the AbiWord Weekly News is out. "I hope you like screenshots....I hope you like a *LOT* of screenshots. I hope your religion requires screenshots, because there's a lot of them, especially thanks to Christian Neumair, a.k.a. Manny. Additionally, a new Win32 binary sneaks its way in; you can get caught up on the development of MacOS X's port, and 1.0.6 is no longer a running gag. That's right...its out there...somewhere! Lucky Mac OS X users...."
GNUe Traffic #83Issue #83 of GNUe Traffic is out with the latest Gnu Enterprise news. Topics include: Native Microsoft Windows UI driver for Forms, Default RPC type for Application Server, Updates and inserts on multiple lists in AppServer, XSLT and GNUe Reports, and GNUe Schema Defintion files and W3 Standards.
Graphing in Gnumeric (GnomeDesktop)GnomeDesktop.org reports on graphing with Gnumeric. "Its been a grind to get charting back in Gnumeric but at long last there is a framework in place. Its still a touch rough around the edges, with some tuning necessary in the libart backend, and lots of unfinished bells and whistles. However, it is quite modular, easy to understand, and has a decent interface to Gnumeric."
Web Browsers Mozilla 1.4 Release Candidate 1 Now Available (MozillaZine)Mozilla 1.4 RC 1 has been released. "Mozilla 1.4 Release Candidate 1 began shipping today. mozilla.org is making release candidates of 1.4 available to ensure a high quality product that can replace the Mozilla 1.0 branch as the stable development path."
Independent Status Reports (MozillaZine)The latest Mozilla Independent Status Reports are available. "The latest set of status reports includes updates from LinkVisitor, Jazilla, Negotiateauth, Uzilla, ForceContentType, IEStreamConv, Documoz and SmoothWheel."
Minutes of the mozilla.org Staff Meeting (MozillaZine)The minutes from the May 19, 2003 Mozilla.org staff meeting are online. See the pointer on MozillaZine for feedback. "Issue[s] discussed include 1.4, Mozilla Firebird 0.6 feedback, cooperation with ports maintainers, security fixes for the 1.0 branch and disabling dead CVS accounts."
Lynx 2.8.5 dev 16 availableVersion 2.8.5 dev 16 of the Lynx text-mode web browser is available for download. Change information is in the source code.
Miscellaneous Gaim 0.64 releasedVersion 0.64 of Gaim, an internet messaging client, has been released. "As you can tell from the ChangeLog, Gaim 0.64 has bugfixes, buddy list sorting, and a bunch of internal changes only nerds like us care about."
Vim 6.2 ReleasedVersion 6.2 of the Vim editor has been released. "Since Vim 6.1 hundreds of reported problems have been fixed. Also included are new and updated syntax files, translated menus and messages."
Languages and Tools Caml Caml Weekly NewsThe June 2, 2003 Caml Weekly News is out with the latest Caml language news.
A Concise Introduction to Objective CamlDavid Matuszek has put together a document entitled A Concise Introduction to Objective Caml. " Caml is a dialect of ML, developed primarily in France. This paper describes Objective Caml version 3.01, or OCaml (pronounced "oh-camel") for short; it does not go into the object-oriented features of OCaml, however. Another dialect, Caml Lite 0.74, has almost identical syntax, but the modules and many of the functions in the modules differ to a greater or lesser extent."
Erlang The First Erlang NewsletterA new publication known as the Erlang Newsletter has hit the virtual street. Take a look for the latest developent news from the Open Source Erlang project.
FORTRAN G95 developmentsDevelopment continues on the G95 project, an open-source FORTRAN compiler. "G95 is in a pupal state. It can compile simple programs, though all language features are not yet available."
Haskell Glasgow Haskell Compiler version 6.0A major new release of the Glasgow Haskell Compiler is available. This version adds Template Haskell, a metaprogramming extension. Thanks to Jens Petersen.
Java Aspect-Oriented Programming and JBoss (O'Reilly)Bill Burke and Adrian Brock take a look at JBoss and aspect-oriented programming on O'Reilly. "Aspect-oriented programming (AOP) is an exciting new paradigm that should have the same effect on software development that object-oriented programming (OOP) had 15-20 years ago. AOP and OOP are not competing technologies, but actually complement each other quite nicely."
Parsing, indexing, and searching XML with Digester and Lucene (IBM developerWorks)Otis Gospodnetic writes about XML parsing under Java with Digester and Lucene. "Java developers can use the SAX interface to parse XML documents, but this process is rather complex. Digester and Lucene, two open source projects from the Apache Foundation, cut down your development time for projects in which you manipulate XML. Lucene developer Otis Gospodnetic shows you how it's done, with example code that you can compile and run."
Perl This Week on perl5-porters (use Perl)The May 26 - June 1, 2003 edition of This Week on perl5-porters is out. "As usual, the weekly summary will try to present a useful or entertaining cross-section of the perl 5 porters' activity. The various topics include C-level I/O, scoping, installation layouts, and some amount of bugs and patches."
This week on Perl 6 (O'Reilly)The May 25, 2003 edition of This week on Perl 6 is online with the latest Perl 6 language news.
Hidden Treasures of the Perl Core (O'Reilly)Casey West examines some Perl Core modules on O'Reilly. "The Perl Core comes with a lot of little modules to help you get thejob done. Many of these modules are not well-known. Even some of the well-known modules have some nice features that are often overlooked. In this article, we'll dive into many of these hidden treasures of the Perl Core."
PHP PHP 4.3.2 released with security fixesPHP 4.3.2 is out; it includes fixes for "several potentially hazardous integer and buffer overflows." The PHP team is strongly recommending that users upgrade; that might be a hint that is worth taking.
PHP Weekly SummaryThe June 2, 2003 PHP Weekly Summary is online. Contents include: "PHP 4.3.2 now officially shipping, DOMXML for 64 bit, fd patch, exec in cli and mod_php, property access in PHP 5, PHP, Netware, phpMyAdmin."
Python Python 2.2.3 (final) ReleasedVersion 2.2.3 (final) of Python is now available. "This is a bug fix release for the stable Python 2.2 code line. It contains more than 40 bug fixes and memory leak patches since Python 2.2.2, and all Python 2.2 users are encouraged to upgrade."
Dr. Dobb's Python-URL!The Dr. Dobb's Python-URL for June 2, 2003 is out. This week's discussions include how to make a switch-case work-alike by abusing exceptions and an introspective technique for "declaring" local variables. Also there's the Python 2.2.3 announcment and a reminder that voting for the 2003 Active Awards for open-source programmers starts June 3.
The Daily Python-URLThe Daily Python-URL has dozens of new links to Python language articles and projects.
Ruby The Ruby GardenThe Ruby Garden has a number of new articles on Ruby this week. For more Ruby news, see the June 3, 2003 edition of the Ruby Weekly News.
Scheme Scheme Weekly NewsThe June 2, 2003 Scheme Weekly News is out. Take a look for the latest on Scheme language development news.
Tcl/Tk Dr. Dobb's Tcl-URL!The June 3, 2003 edition of Dr. Dobb's Tcl-URL! is out with the week's roundup of Tcl/Tk development news.
XML XML Power Job Hunting (O'Reilly)John E. Simpson explores the XML Résumé Library on O'Reilly. "If you've spent much time job-hunting, you know one of the basic frustrations: how to avoid handcrafting a different résumé for each different job you're considering. Wouldn't it be better, or at least easier, if you could create a single résumé but instruct your résumé-generating tool to include this skill and exclude that one or to name this referee but not the other?"
Miscellaneous Advanced OOP: Multimethods (O'ReillyNet)David Mertz covers multimethods on O'Reilly. "Most popular object oriented languages take their method dispatch styles from Smalltalk's message passing style, dispatching based on the invocant. Another approach is multiple dispatch or multimethods, which considers multiple invocants for dispatch. Why is this important? David Mertz explains how multimethods improve polymorphism and often provide a better alternative to inheritance."
Page editor: Forrest Cook Linux in the news Recommended Reading Senator wants limits on copy protection (News.com)News.com looks at a new legislative proposal in the U.S. "The bill, authored by Sen. Sam Brownback, would regulate digital rights management systems, granting consumers the right to resell copy-protected products and requiring manufacturers to prominently disclose when anti-copying technology is being used." The law would also make it harder for copyright holders to obtain the names of peer-to-peer users and forbid regulatory agencies from requiring hardware manufacturers to include copy protection technology in their products.
Brass tacks: SCO and your business (NewsForge)NewsForge advises businesses on how to respond to the SCO suit. For the most part, that advice is "don't worry." One statement of interest, though, is: "Thus even if there has been direct copying, which remains without a shred of publicly available evidence, trying to prove that IBM put the 'illegal' code in is impossible. It's like trying to decide the fate of a single strawberry after dozens have been thrown into the blender and you've turned it on puree." Determining the source of any infringing code is an interesting subject requiring further thought.
Killing Linux (PC Magazine)Here's a Dvorak column on the SCO suit. "The Linux community seems to have put its collective head in the sand. Nobody seems to realize that Linux and the entire open-source movement are at grave risk. Apparently the open-source idealists don't understand the quirks of the legal system."
Companies IBM unveils Linux desktop in India (ZDNet)ZDNet covers the IBM Linux PC in India, an offering aimed at small to medium-sized businesses and home offices in India's secondary cities. "Despite the use of the open-source Linux operating system, which is cheaper to buy than a Microsoft Windows license, the IBM Linux PC will still be priced on the high side, at about 39,000 rupees ($850) including taxes, said a report in the news daily The Times of India. IBM was unable to furnish more details about what sort of technical support would be given, the Linux distribution used or why the price was so high."
Lindows.com claims SCO immunity via Caldera deal (Register)In a never-ending quest for more press coverage, Lindows.com announced their immunity from SCO prosecution, covered in this Register article. "Applying some educated guesswork to this study in imprecision we can postulate that the agreements Lindows.com claims it has with SCO stem from discussions it engaged in with Caldera during its construction phase. These may or may not have resulted in some form of deal which covers Lindows against being busted by SCO for claimed infringements in the Linux kernel. But unless SCO now says, 'By George, Mr Robertson, you're right, you're entirely clean,' the matter can't be settled without lawyers at dawn."
SCO Rings Up First Quarterly Profit (TechWeb)TechWeb takes a look at SCO's latest financial results. Apparently lawsuits can be good for business. "For its second fiscal quarter, ended April 30, the company earned a profit of $4.5 million, or 33 cents a diluted share, on revenue of $21.4 million. That's a big turnaround from a year ago, when the company lost $6.6 million, or 47 cents per share, on revenue of $15.5 million."
Analysts to SCO: No thanks to code review offer (ComputerWorld)Here's a ComputerWorld article (from a few days ago) on the lack of enthusiasm for SCO's "sign an NDA to see the code" plan. "But Giga Information Group Inc. analyst Stacey Quandt said she has discussed SCO's offer with her legal counsel, and if she signs an NDA, it may hinder her ability to write about it. She could get subpoenaed as well. Quandt called the offer a PR stunt." Scroll down for a good Linus quote on the whole thing.
SCO actions prompt Linux warning (News.com)Here's some FUD (Fear, Uncertainty, Doubt) from Gartner, on News.com. ""Although Gartner has reservations on the merits of (SCO's claims), don't take them lightly," Gartner analyst George Weiss advised in a May note. "Minimize Linux in complex, mission-critical systems until the merits of SCO's claims or any resulting judgments become clear.""
Business Linux Server Sales Soar As Overall Market Drops (TechWeb)TechWeb reports that Linux server sales are up, even though server sales in general are down. "Hewlett-Packard led in both Linux server volume and revenue, with 50,500 units sold and revenue of $185 million in the first quarter. Dell came in second, selling 38,000 servers worth $124 million. They were followed by IBM, which shipped 23,700 Linux servers worth $91 million."
Linux Adoption India leader advocates open source (News.com)News.com reports that the President of India is an open source advocate. "[President] Kalam said open-source software offers developing nations such as India the best opportunity to modernize."
Legal Court confirms DMCA 'good faith' web site shut down rights (Register)The Register reports on the latest DMCA fun in U.S. District Court. "InternetMovies.com had asked the District Court for the District of Hawaii to require that copyright holders investigate infringing Web sites before shutting them down. This rational request was rejected by the court, as its granted the MPAA (Motion Picture Association of America) and any other DMCA zealot the right to put the clamp on Web sites at will."
MobiliX v. Asterix in plea to top German court (Register)The Register follows the continuing legal battles of MobiliX. "The mobile open source project formerly known as MobiliX has stepped up its fight to have its long-running trademark dispute with the firm behind Asterix and Obelix heard by Germany's highest civil court."
Court Puts Muzzle on SCO (eWeek)A German court granted a preliminary injunction against SCO, according to this eWeek article. "Ryan Tibbitts, SCO's in-house general counsel, on Friday said that the German court had just issued a temporary restraining order against the company. The legal action was brought against SCO by a number of Linux associations, including LinuxTag. This was also an ex parte proceeding, which meant the court has not heard any arguments from SCO's side, he said."
Interviews Boies' Take (Forbes)Forbes talks with David Boies - SCO's lawyer. "Somehow, everyone thinks SCO is in it for the money and out to thwart Linux. In Boies' eyes, it's hard to see how anyone could jump to that conclusion. The $1 billion in damages and future royalties SCO is seeking won't put a mere dent in the Linux movement: 'That's a cost that gets lost in the rounding,' says Boies, adding, 'The cost efficiency of Linux won't rise or fall.'"
Python and the Programmer (artima.com)artima.com interviews Bruce Eckel, the author of Thinking in Java, about Python. "I feel Python was designed for the person who is actually doing the programming, to maximize their productivity. And that just makes me feel warm and fuzzy all over. I feel nobody is going to be telling me, 'Oh yeah, you have to jump through all these hoops for one reason or another.' When you have the experience of really being able to be as productive as possible, then you start to get pissed off at other languages."
Interview with Ximian's Nat Friedman (OSNews)OSNews interviews Nat Friedman, co-founder and vice-president of product development at Ximian. "Which version of GNOME is Ximian Desktop 2.0 based on exactly, and what changes have you applied when compared to the vanilla Gnome? Nat Friedman: XD2, as we like to call it, is based on GNOME 2.2, Mozilla 1.3 and OpenOffice.org 1.0.3."
Free Software Carnival: Latin America Takes to FLOSS in a Big Way (Linux Journal)Linux Journal talks with Cesar Brod about the spread of free software in Latin America. "Latin America, specifically Peru, also has challenged the role of proprietary software and Microsoft. In addition, Brazil has come up with interesting university-based software solutions. For instance, the Brazilian UNIVATES says it has saved about $130,000 USD by not acquiring copies of proprietary software for servers and desktops. It saves $70,000 USD each year on software upgrades and maintenance--enough to pay the salaries of the development group. Therefore, UNIVATES can produce effective technology for its own use, which others also can make use of, at virtually no cost."
Q&A: SCO's Chris Sontag on Linux, Unix and brewing legal fights (ComputerWorld)ComputerWorld's Patrick Thibodeau interviews Chris Sontag, a senior vice president and general manager of SCOsource Division. "How many lines of code in the Linux kernel are a direct copyright violation? It's very extensive. It is many different sections of code ranging from five to 10 to 15 lines of code in multiple places that are of issue, up to large blocks of code that have been inappropriately copied into Linux in violation of our source-code licensing contract. That's in the kernel itself, so it is significant. It is not a line or two here or there. It was quite a surprise for us." (Thanks to Sharon Machlis)
EuroPython interview with Moshe ZadkaThe EuroPython and Zope Conference is coming up later this month and to help people get ready, there will be a series of interviews with some of the speakers. First up is this interview with Moshe Zadka. "EuroPython: On which Python projects are you working at the moment? I'm most active on "Twisted", the asynchronous networking framework. I'm involved in design and documentation, but what interests me most from a research point of view is how to deploy Twisted-based applications in a flexible manner. That ties in with my biggest role in the Twisted project as the Debian maintainer. I make sure Twisted integrates with the Debian tools, so that I can give users of the Debian operating system a system which is powerful, easy and flexible."
Resources Top Five Open Source Packages for System Administrators (O'ReillyNet)O'ReillyNet picks the top five most useful and widely applicable open source administrative tools. "The top honor in my top five tools list goes to Cfengine, written by Mark Burgess. Cfengine is a wonderful tool for configuring and maintaining Unix computer systems. Cfengine is a stand-alone tool (set of tools), which administers and configures computers according to the instructions in its configuration files."
Saving Our Bacon: Snort Security Holes and Strategies for Safe Network Monitoring (O'ReillyNet)O'ReillyNet covers recent vulnerabilities in Snort along with strategies to minimize risks. "Since the main purpose of Snort is detection, a primary goal of attackers is evasion. If attacks can be structured so that they are overlooked by Snort, then system administrators will be left with a false sense of security -- arguably a worse situation than if Snort had not been used at all."
Netcat and Reverse Telnet (O'Reilly)Kivilcim Hindistan examines Netcat on O'Reilly. "As a basic point of view, Netcat is a telnet program. But that's like calling the Swiss Army Knife just a knife. Netcat was written in 1996 by a hacker called Hobbit to meet all kinds of telnet needs. Today you can easily find a version of Netcat for your flavor of Unix or even Windows. There are also some variants, such as cryptcat which adds vital encryption features, which we will also use later in this article."
Reviews Open source moves to deskless email market (vnunet)Vnunet looks at 2 new 'deskless' email products. "Hewlett Packard (HP) and Intel recently partnered with open source provider Sendmail to launch Workforce Mail running on Linux, while IBM Lotus has brought out Lotus Workplace Messaging."
A First Look at Ximian Desktop 2 (LinuxWorld)Joe Barr reviews Ximian Desktop 2 in this LinuxWorld article. "A month or two ago Ximian asked if I would like to participate in a beta for its new desktop offering. I said yes, but only if it supported Red Hat 9. Ximian marketing folk said it would and swore me to secrecy. The following is what I found in the last two weeks: Ximian 2 is drop-dead gorgeous. It is much more powerful than it was before, and many tweaks are now in the interface. A couple of the tweaks I didn't like, but most I did. I'll get into those specifics a little later in the story. Let's start at the beginning."
Building a TiVo, a Step at a Time (Wired)Wired looks at free digital video recording software. "The MythTV software offers all the basic DVR features -- it can pause and rewind live TV, and fast-forward through shows and ads. It supports multiple tuner cards (and multiple simultaneous recordings) and boasts picture-in-picture capability if there's more than one tuner card installed. It also offers basic video-editing capabilities and allows shows to be archived to video CD."
Page editor: Forrest Cook Announcements Non-Commercial announcements DoD Open Source Policy Statement ReleasedThe Center of Open Source & Government tells us that the DoD made its first official statement about Open Source and put it on a level playing field with proprietary software.
Commercial announcements ActiveState's Komodo IDE honored in SD Times 100ActiveState has announced that its Komodo IDE has earned a place in the SD Times 100 list. In the "Tools and Environments" category, Komodo is "the first professional-quality IDE for scripting language developers".
Open Source Software Faces Uphill Battle in Larger Companies in Europe, Middle East and AfricaEvans Data Corporation has completed the third survey in its regionally based series. Europe, Middle East and Africa Development Survey Vol. 1 2003 (EMEA) found that 58% of developers use open source software (OSS) but, in companies with more than 500 employees, 25% of developers indicated that company policies were the primary reason for not using OSS.
MySQL AB Named to First Annual SD TIMES 100 ListMySQL AB has put out a press release concerning the inclusion of MySQL in the SD TTMES 100 list. "MySQL AB, developer of the world's most popular open source database, today announced it has been selected for inclusion in the first annual SD TIMES 100, a list of companies and organizations that demonstrated the greatest innovation and leadership in the software development industry in 2002."
MySQL AB Secures $19.5 Million Investment RoundMySQL AB has announced the completion of a $19.5 million Series B round of financing led by Benchmark Capital, and that Kevin Harvey, general partner of Benchmark Capital, will join MySQL AB's board of directors.
OSCI Delivers First Language Reference Manual to PublicThe Open SystemC Initiative (OSCI) has announced the initial delivery of the SystemC v2.0.1 Language Reference Manual (LRM), a more than 400-page definitive on SystemC semantics that provides an unambiguous definition of the SystemC language.
French CEA using Nuxeo Web ApplicationNuxeo has sent out a press release announcing that the French Atomic Energy Commission (CEA) is now using Nuxeo's CPS and the Zope platform.
Ximian Announces Ximian Desktop 2 and Ximian Evolution 1.4Ximian, Inc. has announced Ximian Desktop 2, a new version of its Linux desktop software.Ximian has also announced new versions of both Ximian Evolution and Ximian Connector for Microsoft Exchange.
Resources LDP Weekly NewsThe June 3, 2003 edition of the Linux Documentation Project Weekly News is out. Take a look for a listing of the latest new and updated documentation.
Linux Gazette - June 2003The Linux Gazette issue #91, June 2003, is out. This month read a book review of Web Hacking: Attacks and Defense, by John B Cole; Installing Slackware and Making It Secure, by Cezary M Kruk; Silicon Valley Humor, Baby Boomer Style, by Janine M Lodato; Creating/Manipulating images with gd, by Shuveb Hussain; Exploring The sendfile System Call, by Jeff Tranter; and much more.
LPI-News May 2003The Linux Professional Institute's monthly newsletter is out for the month of May. Topics include the retake policy for LPI exams; the volunteer of the month - Jason Record of Novell; and much more.
Upcoming Events SCO/Linux debate at USENIX San Antonio conferenceThe USENIX Technical Conference, which runs from June 9-14 in San Antonio, Texas will hold the First Public SCO/Linux Debate on June 12.
Linuxwochen 2003An ongoing series of Linux events, known as Linuxwochen 2003 (in German), will be held in various European cities up to June 21, 2003. Thanks to Maximilian Attems.
First Annual GCC Developers' SummitThe proceedings and photos from the First Annual GCC Developers' Summit are now available.
JBoss Group's Second Annual ConferenceJBoss Group has announced JBossTwo, the company's second annual free conference for Java developers. JBossTwo will take place from 9:30 a.m. to 5:00 p.m., June 11, 2003, at the Sony Metreon in San Francisco.
Third DZUG-Conference in Paderborn (ZopeMembers)The German Zope User Group (DZUG) will hold a Zope conference in Paderborn, Germany on September 26 and 27, 2003.
Events: June 5 - July 31, 2003
Web sites Lisp NYC web siteLisp NYC has put up a new web site. The group is described as: "a group devoted to the advocacy and advancement of professional software developers in their adoption of Common Lisp and associated languages".
Sound & MIDI Software For Linux updatedDave Philips has updated his Sound & MIDI Software For Linux site. The musings column summarizes recent developments in a number of Linux audio projects.
Software announcements This week's software announcementsHere are the software announcements, courtesy of Freshmeat.net. They are available in two formats:
Miscellaneous SCO v. IBM resource siteKarsten Self has put together a wiki-based page on the SCO/IBM mess. Therein you'll find lots of useful information, including teleconference transcripts, lots of links, and a timeline for the whole affair.
International Eiffel Programming ContestAn Eiffel programming contest is being held, the submissions deadline is October 31, 2003. Prizes include cash and commercial software.
Page editor: Forrest Cook Letters to the editor Pleasant Supreme Court decision
In a pleasant indication that the U.S. Supreme Court has not
CNET succumbs to FUD or were allways part of it
Security site
I'm fixin' (damn, but it's nice to live in the South :-) to flang up a bunch of websites for friends and clients using WebGUI, and it occured to me that if there was an automated tester for website security, that'd be a good thing to play with. In my search therefore, I came across a pretty spiffy site that apparently *used* to be called Ideahamster (and indeed, that's the domain name still) which includes the "Open Source Security Testing Methodology" manual. http://www.ideahamster.org/ Hain't read it yet, but it's got a groovy name, no? If anyone has pointers to any *other* frameworks for this sort of thing; I'd appreciate hearing about them. Cheers, -- jra -- Jay R. Ashworth jra@baylink.com Member of the Technical Staff Baylink RFC 2100 The Suncoast Freenet The Things I Think Tampa Bay, Florida http://baylink.pitas.com +1 727 647 1274 "If you don't have a dream; how're you gonna have a dream come true?" -- Captain Sensible, The Damned (from South Pacific's "Happy Talk")
Page editor: Jonathan Corbet
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
![[Screenshot]](/images/ns/xd2-sm.jpg)