LWN.net Weekly Edition for June 26, 2003
The age of the Linux desktop
Not that long ago the Giga Group - not one of the more friendly analysts-for-hire out there - warned businesses to stay away from desktop Linux until 2005. More to the point, desktop Linux has long been regarded as a distant dream, even by many strong Linux supporters. It is commonly assumed that Linux is still far from where it needs to be to move out of the server and onto the desks of "ordinary people."The Giga Group may be right that it will take another year or two before Linux is a common and safe choice for desktop deployments. For everybody who does not seek permission from analysts, however, desktop Linux is becoming a viable option rather sooner.
Consider, for example, the deployment of 80,000 desktop Linux systems in Extremadura, Spain. Linux and the GNOME desktop were considered to be more than good enough for students across the region; Linux systems were also used to set up 33 centers for general use.
![[Corel Rescue]](https://static.lwn.net/images/ns/corelrescue.jpg)
Or consider CorelRescue, a
shareholder effort to block the acquisition of Corel by Vector CC
Holdings. This group, which claims to have over four million shares
committed to voting against the acquisition, believes that Corel would be
better off to continue as an independent company and reinvigorate its Linux
desktop efforts - especially WordPerfect. Tux was even drafted as the
group's logo.
For the clincher, consider this Business Week article about Apple, which happens to mention the following:
Apple's MacOS is generally considered to be the most advanced desktop operating system out there. That perception may not change, but the fact is that users are voting with their keyboards. Linux will displace MacOS as the second most popular desktop operating system within the year.
Once, not all that long ago, Linux was considered to be a toy system suitable only for hobbyists. Over time, Linux has proved its worth in many contexts, from personal video recorders to supercomputers - a Linux cluster is now the third fastest computer on the planet. Success on the desktop has taken longer, but it is now within reach. Nobody can say that a system which has surpassed Apple in the marketplace is not suitable for the desktop.
Legislative notes
As mentioned here last week, there has been a renewed push for the adoption of software patents in Europe. It now appears that the final scenes will be played out even more quickly than expected: according to the European Parliament Observatory, the full plenary vote on software patents could happen as soon as June 30. That does not leave a whole lot of time for concerned Europeans to contact their MEPs and get their feelings across. According to some sources (see, for example, this writeup by Xavi Drudis Ferran), it should not be assumed that the plenary session will simply rubber-stamp the software patent directive. Efforts to educate parliament members over the next few days could have a significant effect.On the other side of the pond, representatives Zoe Lofgren and John Dolittle have announced their intent to introduce the Public Domain Enhancement Act into Congress. The PDEA was covered here in the June 5 Weekly Edition; it would require that copyrights be renewed after fifty years. Any material for which the copyrights are not explicitly renewed would pass into the public domain. This law would not reduce the copyright protection available to anybody; it would just ensure that works which are no longer being commercially exploited become part of the intellectual commons. The idea should not be particularly controversial, but the media industry is likely to lobby against it just the same. So it could be a long path between the introduction of the PDEA into Congress and its becoming law. That introduction is a necessary step in the right direction, however.
Making money with free software
[This article was contributed by Joe 'Zonker' Brockmeier]
The Linux Router Project is dead. So says Dave Cinege, the creator of the project. Though the project has been stagnant for some time, it still came as a surprise to see it officially pronounced dead, particularly given the bitterness of Cinege's eulogy for the project:
As of January of this year I have finally accepted the fact I will likely never be able to develop LRP into the operating system it could have been. A full 6 months later I'm forcing myself to update this page to reflect this. It is not an easy thing to give up on your life's work.
Apparently the cause of death was Cinege's inability to translate his work with LRP into a source of income.
While it's unfortunate that Cinege didn't benefit financially from his work on LRP, it's also an illustration that developers shouldn't depend on their contributions to free and open source software to land them a job or otherwise put money in their pockets. While a number of developers have, indeed, landed jobs as a result of their work with open source, it's hardly a guarantee of gainful employment. And it's true that companies may not even choose to publicly acknowledge the projects they've used to build their products. Vortech Consulting, for example, based Coyote Linux on LRP, but there's nary a mention of the Linux Routing Project on the Coyote Linux site.
The relationship between free software developers and companies is often uneasy. A recent bit of company bashing on the linux-kernel list led to this outburst:
The world is not going to end up with all software working perfectly and being free. Software is hard work, software tends to rot if you don't take care of it, there has to be an business plan better than
- Give it away.
- ???
- Make lots of money.
While Cinege and many others see commercial companies as parasites using their work for profit without any kickback for the original contributors, others see open source as a parasite on proprietary software. There is a fair amount of mistrust and misunderstanding going in both directions. Many unknowns remain in the equation of how free software and money-making enterprises will work together; this situation is likely to persist for some time.
It's very clear right now, however, that if a developer hopes to earn a living off of their contributions to open source, he or she will need to come up with a workable plan beyond releasing software and hoping for job offers, contract work or grants to fund further development efforts. Even then, as with any entrepreneurial enterprise, it's no guarantee that they'll be able to pull it off. And, it's possible that someone else will come along and do a better job of capitalizing on your work. Part of releasing software under an open source license is giving up full control of the work.
Writing software is just one aspect of what makes a software company, open source or otherwise, successful. Brilliant software isn't enough to ensure a steady flow of clients. Developers who want to make a living off of their open source project will also need to wear the marketing hat, the sales hat, and so forth to turn a freely-available project into money. Some developers aren't interested or adept at doing those things, which is fine. In that case, they need to align themselves with partners or a company that will do that work for them if they hope to turn open source development into a money-maker. That, or resign themselves to the idea that someone else may do it without them.
Security
Brief items
Spam blocking with greylisting
A certain amount of attention has recently been given to a spam-blocking method called greylisting. A look at the description of the technique shows that it does not, actually, have much in the new way of ideas. Greylisting might, however, become a useful part of the antispam arsenal at some sites.The core idea of the greylisting technique has been around for a while. It relies on the fact most spammers do not bother to track and retry deliveries which are declined by the receiving system with a temporary failure status. Real mail systems will retry the message later on, until they run out of patience. Spammers just forget about it and move on. So an effective way of blocking a large percentage of incoming spam is to simply refuse mail from new sources with a temporary failure on the first delivery attempt. Real mail will eventually show up again, and be delivered with a small delay. Most spam will never return.
The greylisting technique uses a slightly finer-grained approach. It creates a three-entry tuple out of the originating address, the sender, and the recipient of the message. If the tuple is new, the mail is refused for a configurable period of time. The use of the three-way tuple helps prevent spam from slipping in by using false sender addresses.
The obvious workaround, from a spammer's point of view, is to add retrying for temporary failures to their code. Given the desire of the spam industry to pollute our mailboxes regardless of how hard we try to prevent that, the implementation of temporary failure retrying is only a matter of time. Of course, mail sent through open relays is generally retried anyway, so widespread use of greylisting could result in more use of open relays, and, perhaps, more attempts to compromise systems to turn them into unwilling relays.
As the author describes it, greylisting is meant to be used in conjunction with other spam-blocking techniques, especially blackhole lists. The hope is that, by the time the temporary failure interval has ended for a particular spam source, that source will have found its way into the blacklists and the message can be blocked permanently. This combination could, indeed, prove hard for the spammers to get around.
New vulnerabilities
eldav: insecure temporary file
| Package(s): | eldav | CVE #(s): | CAN-2003-0438 | ||||
| Created: | June 19, 2003 | Updated: | June 24, 2003 | ||||
| Description: | eldav, a WebDAV client for Emacs, creates temporary files without taking appropriate security precautions. This vulnerability could be exploited by a local user to create or overwrite files with the privileges of the user running emacs and eldav. | ||||||
| Alerts: |
| ||||||
ethereal: security problems in Ethereal 0.9.12
| Package(s): | ethereal | CVE #(s): | CAN-2003-0428 CAN-2003-0429 CAN-2003-0431 CAN-2003-0432 | ||||||||||||||||||||||||
| Created: | June 23, 2003 | Updated: | November 10, 2003 | ||||||||||||||||||||||||
| Description: | Several security problems have been found in Ethereal
0.9.12. "It may be possible to make Ethereal crash or run arbitrary code by injecting a purposefully malformed packet onto the wire, or by convincing someone to read a malformed packet trace file." | ||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||
orville-write: buffer overflows
| Package(s): | orville-write | CVE #(s): | CAN-2003-0441 | ||||
| Created: | June 19, 2003 | Updated: | June 24, 2003 | ||||
| Description: | Orville Write, a replacement for the standard write(1) command, contains a number of buffer overflows. These could be exploited to gain either gid tty or root privileges, depending on the configuration selected when the package is installed. | ||||||
| Alerts: |
| ||||||
osh: buffer overflows
| Package(s): | osh | CVE #(s): | |||||
| Created: | June 20, 2003 | Updated: | June 24, 2003 | ||||
| Description: | Steve Kemp discovered that osh, a shell intended to restrict the actions of the user, contains two buffer overflows, in processing environment variables and file redirections. These vulnerabilities could be used to execute arbitrary code, overriding any restrictions placed on the shell. | ||||||
| Alerts: |
| ||||||
webfs: buffer overflow
| Package(s): | webfs | CVE #(s): | CAN-2003-0445 | ||||
| Created: | June 20, 2003 | Updated: | June 24, 2003 | ||||
| Description: | webfs, a lightweight HTTP server for static content, contains a buffer overflow whereby a long Request-URI in an HTTP request could cause arbitrary code to be executed. | ||||||
| Alerts: |
| ||||||
xbl: buffer overflows
| Package(s): | xbl | CVE #(s): | CAN-2003-0451 CAN-2003-0535 | ||||||||
| Created: | June 20, 2003 | Updated: | July 9, 2003 | ||||||||
| Description: | Steve Kemp discovered several buffer overflows in xbl, a game, which
can be triggered by long command line arguments. This vulnerability
could be exploited by a local attacker to gain gid 'games'. This has been assigned CVE #
CAN-2003-0451.
Another buffer overflow was discovered in xbl which could also be exploited by a local attacker to gain gid 'games'. This has been assigned CVE # CAN-2003-0535. | ||||||||||
| Alerts: |
| ||||||||||
xterm: command execution and denial of service
| Package(s): | XFree86 xterm | CVE #(s): | CAN-2001-1409 CAN-2002-1472 CAN-2002-0164 CAN-2003-0063 CAN-2003-0071 | ||||||||||||||||
| Created: | June 25, 2003 | Updated: | July 2, 2003 | ||||||||||||||||
| Description: | A couple of new vulnerabilities have been found in the xterm application shipped with XFree86. There is yet another "execute arbitrary commands by setting the window title" vulnerability, along with a bug which can allow an attacker to lock up an exterm window. | ||||||||||||||||||
| Alerts: |
| ||||||||||||||||||
ypserv: denial of service
| Package(s): | ypserv | CVE #(s): | CAN-2003-0251 | ||||||||||||||||
| Created: | June 25, 2003 | Updated: | July 11, 2003 | ||||||||||||||||
| Description: | From the Red Hat advisory: "A vulnerability has been discovered in the ypserv NIS server prior to version 2.7. If a malicious client queries ypserv via TCP and subsequently ignores the server's response, ypserv will block attempting to send the reply. This results in ypserv failing to respond to other client requests." The fix is up upgrade to version 2.8.0. | ||||||||||||||||||
| Alerts: |
| ||||||||||||||||||
Resources
Report: International Research on Privacy for Electronic Government
Joichi Ito has, with many helpers, compiled a report on privacy and privacy-enhancing technologies which is intended to help with the planning of electronic government initiatives in Japan. It's a large thing, being several hundred pages available in PDF format. It is well worth a look, though, as a comprehensive summary of the privacy situation in several parts of the world.Linux Advisory Watch
The June 20 issue of the Linux Advisory Watch newsletter from LinuxSecurity.com is available.
Events
Security Symposium, Aug 4-8, Washington DC
The 12th Usenix Security Symposium is scheduled for August 4 through 8 in Washington, DC. Participants include Steve Bellovin, Bill Cheswick, Niels Provos, Kevin Fu, Peter Gutmann, Dan Boneh, David Farber and Mark Seiden. Registration is open now for interested participants.Industrial Experience in Security at ACM CCS
The Tenth ACM Conference on Computer and Communications Security is happening in Washington, DC, on October 28 and 29. This year there will be a special session on "industrial experience in security." "This special session in an otherwise academic conference is an opportunity for security practitioners in industry to tell academics how it's really done: what works, and what doesn't. Submissions are only 3 pages long, and so should impose minimal burden on those submitting a paper." Papers are due June 27 (soon!).
Page editor: Jonathan Corbet
Kernel development
Brief items
Kernel release status
The current development kernel is 2.5.73, which was released by Linus on June 22. Changes this time around include some big ext3 and journaling changes (see last week's LWN Kernel Page), an ACPI update, a big ia64 merge, some networking fixes, a new PCI device locking scheme, the new request_firmware() interface (see the May 21 LWN Kernel Page), an NFS server update, more driver model work, an ARM update, and various other fixes and tweaks. The long-format changelog has all the details.Linus's BitKeeper tree, as of this writing, contains an MTD driver cleanup, the beginning of work on the loop driver (see below), and some patches to make the network block device driver work again.
The current stable kernel is 2.4.21. Marcelo has started the 2.4.22 process (supposed to only last a couple months) with the release of 2.4.22-pre1; it is a large patch with a lot of USB work, the long-awaited ACPI update, some network fixes, and quite a few other repairs and updates.
Kernel development news
Supporting multiple module initialization functions
One longstanding goal in kernel development has been to eliminate the differences between loadable modules and monolithic (linked-in) code. The fewer differences there are, the easier it is to write code which works in either mode - and to maintain that code. In 2.5, this process is almost complete; there is very little code which is unique to either modules or monolithic code.One remaining difference, however, has to do with initialization and exit code. It is possible to use the module_init() macro to designate an initialization function, and that function will be called properly at module load time or at boot time if the module is built directly into the kernel. (Exit functions for monolithic code are, of course, simply discarded.) One important difference remains, however: monolithic code can have multiple initialization calls, while modules can only have one. Monolithic code initialization calls can even be given priorities (via macros like core_initcall() or late_initcall()) which control when each function is called.
One would think this wouldn't matter a whole lot for loadable modules, since every initialization function would be called at the same time (when the module is loaded) anyway. But this difference forces module and monolithic code to be different. It also prevents the creation of nice, initialization-time macros which ease the process of setting up /proc files or sysfs entries.
With a new patch (since revised) from Rusty Russell, things will change. Rusty notes the real reason why modules can only have a single set of initialization and exit functions: the kernel simply does not know what to do if one of a series of initialization functions fails. In that case, the module load process must fail, and some sort of cleanup must be performed. The problem is knowing what that cleanup is.
The solution is to associate pairs of initialization and exit functions. That is done with a new macro:
module_init_exit(priority, init_fn, exit_fn);
This call designates a new initialization and exit function pair, and associates a priority with that pair. Each exit function cleans up (only) the work done by its associated initialization function. At module load time, the initialization functions are called in increasing priority order. Should one fail, the exit functions corresponding to the initialization functions that succeeded will be called, in reverse priority order. Thus, a properly-written module should be able to clean up after itself correctly after a failure in any part of the initialization process.
An early version of this patch broke modules using the long-deprecated technique of calling their initialization and exit functions init_module() and cleanup_module(), respectively. That has since been patched up - this stage of the kernel development process is not the time to be making such changes. But the writing is on the wall, and that particular technique is not likely to survive past 2.7.
Fixing the cryptoloop driver
The Linux loop driver is a virtual disk driver which loops block I/O requests back to a file or partition on a local drive. It has a number of uses, such as mounting ISO images contained within a file on another filesystem. The loop driver is also well positioned to apply transformations to block data as it passes through, however. It is thus a logical place for the implementation of encrypted filesystems. By adding a cryptographic transformation to the loop driver, encryption can be added to any standard Linux filesystem without having to worry about the filesystem code itself. An actual encrypted loop driver has never been packaged with the Linux kernel, but implementation have long been available through sites like kerneli.org.In 2.5 the mainline kernel was opened up to cryptographic code. Numerous ciphers and other algorithms have been added as part of the new crypto API, but, so far, encryption has not been hooked into the loop driver. Connecting up the components is not that hard at this point, but there is one slightly thorny issue which still needs to be resolved.
Many ciphers can take an "initial vector" argument, along with the encryption key and the data to encrypt (or decrypt). The initial vector influences the encryption of the data; the same initial vector must be supplied when that data is decrypted. For filesystems, the initial vector is often derived from the position of the data block within the filesystem, with the result that how data is encrypted depends on its position on the (virtual) disk.
The Linux loop driver, while not performing encryption itself, has long had a number of hooks to make it easier for others to plug in encryption algorithms. One of the things the loop driver does is calculate and provide an initial vector value for data transformations. This seems like a useful service for the loop driver to provide, except that nobody likes how that initial vector is calculated.
The problem is that the initial vector is derived from the logical block number of the data in the filesystem holding the loopback image. This method works until the block size of that filesystem changes; at that point the initial vectors change and the filesystem becomes unreadable. The loopback driver does, by behaving this way, achieve the objective of protecting the data from prying eyes. But users can be hard to satisfy, and they complain anyway.
The fix, as posted by Fruhwirth Clemens (or, as part of a bigger loop patch by Andries Brouwer), is simple. Rather than using block numbers to generate the initial vector, the loop driver should simply use 512-byte sector offsets. With that change, initial vectors are independent of the blocksize of the underlying filesystem and all is well. Except, of course, for those users who created filesystems using the older initial vector calculation. A change in the initial vector will lock all of those users out of their data, an act which is seen as being in poor taste. As a result, some developers have argued that this change cannot be merged as it is.
The real question, however, is whether anybody actually has filesystems encrypted with block-based initial vectors. The kernel itself has not ever had support for a cryptographic loop driver, so there is no compatibility with older mainline kernels to break. The external projects which have provided this support - loop-AES and kerneli - also noticed the initial vector problem a long time ago and fixed it in their code. So it would seem that, in fact, there are no users dependent on the older algorithm. In that case, it makes a great deal of sense to fix it now, before somebody does start using it in 2.6. If, on the other hand, somebody, somewhere really has used the old initial vector calculation to encrypt data, they may want to speak up fairly soon.
Looking forward to 2.7
The bulk of the development effort on the kernel is currently aimed at stabilizing things for the 2.6 release. Chances are that things will stay that way for the better part of a year - remember that a fair amount of stabilization work has to happen after 2.6.0 is released. Even so, we're starting to see hints (and even code) showing where some things might go in 2.7.A number of people maintain their own special-purpose kernel trees. Most of them are aimed at adding features to the 2.4 or 2.5 kernels; many serve as staging areas for patches which, it is hoped, will be merged into the mainline soon. Those of you who find 2.5.x to be overly stable and boring, though, may want to have a look at William Lee Irwin's -wli patch series, which is full of stuff that no rational person would consider putting into 2.5 at this point. Some of the work to be found there includes:
- Single-page kernel stacks and interrupt stacks. This work, discussed here last December, increases
the number of processes a system can support by reducing the
per-process memory usage for stacks.
- Object-based reverse mapping (covered in
February). This technique cuts down on virtual memory management
overhead in most cases. In 2.5.73-wli-1, object-based reverse mapping
for anonymous objects (i.e. user-space memory) was added as well.
- High-memory page mid-level directories. The PMD is the middle tier on systems which use three-level page table schemes - such as x86 systems with massive amounts of memory. The "highpmd" patch moves these page directories into high memory, thus reducing the amount of low memory required by each process on the system. Low memory (the memory, usually below 1GB, which is directly addressable by the kernel) tends to be scarce on truly huge systems, so any change which shifts data structures to high memory can be helpful.
As a result of these (and numerous other) patches, William claims a five-fold increase in the number of processes which can be supported by a massive system. This work certainly improves scalability, and may well make it into the mainline - but not in 2.5. (The -wli patches do not currently include his page clustering work, which is even more bleeding-edge. Page clustering, too, may well become a 2.7 feature.)
More in the realm of vaporware currently is Daniel Phillips's 2.7 agenda. Daniel has been the source of numerous interesting ideas in the past (though somewhat fewer completed implementations). Among other things, the shared page table patch (which could also be a 2.7 candidate) was originally written by Daniel. Looking forward to 2.7, Daniel has a few topics of interest:
- Memory defragmentation. Once a Linux system has been running for a
bit, it can get hard for kernel code to allocate blocks of two or more
physically contiguous pages. In most cases, kernel hackers don't even
try. Daniel suggests the creation of a defragmentation daemon which
would move pages around in an attempt to create larger contiguous
blocks of free memory. Additions made to the kernel in 2.5 (such as
the reverse-mapping VM) will help in this regard, since pages cannot
be moved unless the kernel knows where all the pointers to the page
are.
- Variable-size pages. This idea includes page clustering to create
large pages along with "sub-pages" which are smaller than the physical
page size. Daniel claims to have a prototype implementation which
makes the kernel smaller and faster, and which simplifies a number of
things.
- A physical block cache. This would be a separate address space which tracks physical blocks on a given volume. There are various performance benefits which would come from such a structure.
It is far too soon to say with any kind of certainty where the 2.7 development series will go. Linus explicitly resists creating any sort of explicit plan, preferring to see what sorts of developments prove interesting enough to actually get implemented and used. Still, one can read from these early hints that the developers expect to remain interested in virtual memory topics for a while yet.
Patches and updates
Kernel trees
Architecture-specific
Core kernel code
Development tools
Device drivers
Documentation
Filesystems and block I/O
Janitorial
Networking
Security-related
Benchmarks and bugs
Miscellaneous
Page editor: Jonathan Corbet
Distributions
News and Editorials
Lindows.com - Friend or Foe?
[This article was contributed by Ladislav Bodnar]
Lindows.com has been regarded with suspicion by the Linux community ever since the company and its LindowsOS distribution were announced in October 2001. Perhaps it's time that we extended an olive branch to Lindows.com and took its product for what it is - a Linux-based operating system for the general public.Let's state one thing loud and clear: up until now, Lindows.com has made very little money out of its Linux venture. Depictions of the company's founder Michael Robertson being a ruthless vulture ready to pilfer other people's work for his own benefit are far too common on Linux forums. But if we take a look at some numbers, the picture is vastly different. Sales figures are hard to come by, nevertheless web sites where LindowsOS users congregate can give us some indication about its installed base. The unofficial Lindows forum at openlindows.com has fewer than 300 registered members. The official user forum does not provide numbers, but judging by the activity there, a few thousands of users might be a good estimate. Contrast this to the Gentoo forum, which has nearly 22,000 registered members! Judging by other similar examples, it is unlikely that LindowsOS has a market share of more than 1% of all desktop Linux installations. It is also unlikely at this point that Lindows.com is a profitable company.
Another important point to note is that there is nothing inherently wrong with LindowsOS. It is a Linux distribution like any other, it has a solid base in Debian GNU/Linux and all the power one would expect from a Debian-based system. Some readers will argue that running the operating system as root by default is a major security risk, but remember that the market segment the product is aimed at simply does not want to deal with any passwords. Yes, it would be more desirable to educate the population about the dangers of using the system as root. In an ideal world, this would work. Unfortunately, a picture of a Debian developer joyously conversing about file access permissions with Aunt Tillie is an unlikely sight. It goes without saying that LindowsOS does not prevent security conscious users from setting up user accounts and passwords.
What has Lindows.com achieved? If you take some time to visit the official forums of LindowsOS users and read through some of the posts, you will find examples of ecstatic users who are genuinely happy to have been able to switch to Linux. These simple stories of joy are perhaps the most liberating examples of success of Linux - not in noisy server rooms full of skilled system administrators with years of UNIX education and experience, but by ordinary folk. Many of these users don't know how to check the kernel version of their operating system and don't care about the name of the desktop environment they use daily. But the software enables them to get on the Internet, scan their precious photographs and write up important documents - and that's all that matters. Yes, the open source software programmers and Debian developers deserve most of the credit for this achievement. But if it wasn't for folks like those at Lindows.com (and numerous other distributors), we would probably never see a software installation program that can be operated with a mouse.
LindowsOS 4.0 was released earlier this week. The product appears to be a bug-fix and consolidation release, rather than a version full of exciting new features and cutting edge software. The versions of XFree86 and KDE, as well as most of the server software were left unchanged from LindowsOS 3.0. But a lot of work has gone into making the Click-N-Run software warehouse and installation infrastructure reliable, lack of which used to be a sore point with many reviewers in the past. The company is also shipping a Knoppix-like live evaluation CD called "LindowsCD", which should be available for free download within the next few weeks. The prices start at $49.95 for LindowsOS 4.0 digital delivery and this includes a 15-day free trial access to the Click-N-Run warehouse. A full one-year Click-N-Run membership retails at $49.95, but this excludes commercial applications, such as StarOffice or Bitstream Deluxe Fonts, which have to be purchased separately. First reviews of LindowsOS 4.0 have been written and both TuxReports and ExtremeTech were highly impressed by the product.
In short, we need each other. We need talented developers willing to spend most of their time in cryptic programming code, but at the same time, we also need people who are experts at doing usability studies, user interface design and market research. If we can work together without hostility and disrespect and if we can give credit where it is due, we can accelerate the success of Linux and get it accepted by a growing number of users, irrespective of how technically skilled they are. If Lindows.com becomes profitable and successful in the process, we will all benefit. Many Lindows.com critics find it hard to admit it, but the company has channeled some of their income back to open source software projects and will no doubt continue to do so.
Hungry and greedy vultures with little integrity have indeed been spotted in the free software world. Lindows.com is most certainly not one of them. No, the company is not perfect, and yes, it has made mistakes (who hasn't?). But it has a solid product and many happy users to prove that it deserves our respect.
Distribution News
Lindows 4.0 released
Lindows.com has announced the release of Lindows 4.0. New features this time around include a bayesian spam filter, popup ad blocking (their "AdSafe" technology - why didn't anybody else think of that?), and a trial subscription for their censorware offering.Debootstrap/LVM with LNX-BBC 2.1
Here's an article about using LNX-BBC 2.1 (the latest version of this bootable business card distribution), to install Debian. "It's not the easiest way to install Debian; and I'm not even sure if the regular installer supports LVM these days. However, all of the tools you need are right on the BBC (except for the debootstrap package, which we fetch with wget; and the rest of Debian/Woody which debootstrap and apt-get fetch is for."
Debian GNU/Linux
The June 24 issue of the Debian Weekly News is out; it looks at handling of security issues, KnoppiXMAME, the "condorcet/Clone proof SSD voting method general resolution" (passed 9:1), the upcoming European software patent vote, and several other topics.Martin Michlmayr has posted some Bits from the DPL. This edition is mostly about traveling and the various conferences where Martin will be found over the next month, giving speeches about Debian.
LinuxQuestions.org has added a sub-forum for Debian. This marks the fourth Distribution specific sub-forum at LinuxQuestions.org. (Debian joins Slackware, LFS and Conectiva). For more information you can read the announcement or go right to the Debian forum.
Gentoo Linux
The Gentoo Weekly Newsletter for the week of June 23, 2003 is out. Topics this week include: Where is Gentoo Linux 1.4?, The Meta Package project, Two additional new source mirrors for North America, GWN looking for additional translators, and more.
Several people have pointed out that Gentoo Linux should be moved to a more
prominent place in the LWN Distributions
List. In fact it was slated to move to the 'Also Well-Known' category,
but after seeing
this press release from UltraDNS, we decided to move Gentoo up to
'Leading Distributions'. (The press release ranks Gentoo as "the
fourth largest open source Linux distribution
", though the source
for that statement is not given.)
Mandrake Linux
MandrakeSoft has released updated initscripts packages fixing a boot loader detection bug, available for Mandrake Linux 9.1.Red Hat Linux
Red Hat has fixed a number of bugs in the foomatic package used in Red Hat Linux 9.Red Hat also has updated bash packages that fix several bugs, now available for RHL 8.0 and 9.
Slackware Linux
Slackware Linux has a few items to the slackware-current changelog this week. Patches were added to bash, the /lib/modules/2.4.21/build was fixed, /usr/sbin/shadowconfig now chowns /etc/shadow and /etc/gshadow to the shadow group as it should, zsh has been upgraded, the new "slacktrack" utility is available in extras, and more. As usual look at the changelog for complete details.Yellow Dog Linux
Terra Soft is now accepting pre-orders for Apple G5 Power Macs, which will soon be supported by Yellow Dog Linux.Terra Soft has fixed several bugs in foomatic and the httpd package has been updated to include new powered_by.gif and index.html files.
New Distributions
KnoppiXMAME
KnoppiXMAME is a bootable arcade machine emulator with hardware detection and autoconfiguration. It works automatically on all modern and not-so-modern hardware, including gameports and joysticks. It is powered by Knoppix Debian GNU/Linux, X-MAME, and gxmame. Stable version 1.0 was released June 18, 2003.
Minor distribution updates
Bonzai Linux
Debian Planet covers the release of Bonzai Linux 2.0. "The current boot-floppies have been rebuilt to use Kernel 2.4.21 instead. This kernel has been compiled with gcc-3.2 due to space restrictions." Apparently that kernel didn't work very well for them, so version 2.1 was released a couple of days later, reverting to 2.4.20.
Coyote Linux
Coyote Linux has released development version 2.00-pre5 with minor bugfixes. "Changes: Changes to the firewall scripts and a switch from dhcpcd to udhcpc have been made to fix DHCP client timing problems for connections that have slow responding DHCP servers."
floppyfw
floppyfw has released stable version 2.0.5 with minor security fixes. "Changes: Kernel version 2.4.21 was included, along with support for the pcnet32 NIC (which is used by VMware) and iptables 1.2.8."
Rock Linux
Rock Linux has released 2.0.0-beta6 with minor feature enhancements. "Changes: Several updates and bugfixes were made to packages and the build scripts. ISOs were created for the PowerPC (Desktop target) and x86 (Minimal and Desktop targets)."
Desktop Rock Linux 2.0.0-beta6 is also
available. "Changes: This release adds many package security fixes
and updates (many package and core script bugs have been fixed) and better
Linux 2.5 support and ROCK Plug integration. This is the last planned -beta
release.
"
SME Server
Mitel Networks has announced the release of the second public beta of the unsupported developer release of version 6.0 of the SME Server. (Thanks to Brock A. Frazier)Trustix Secure Linux
Trustix has announced the release of Trustix Secure Linux 2.0 release candidate 1 (Thunder). "We firmly believe this to be a suitable release candidate, but expect that some issues may discovered when more users commence testing, and testing grows in intensity. We have gotten very valuable response from the beta testing, and expect the response on this release to be equally esteemed."
Page editor: Rebecca Sobol
Development
Contracts for Python
Contracts for Python is a Python implementation of a concept that comes from the Eiffel language, Design by Contract. "Programming by Contract allows a programmer to document a function/class with statements describing behavior." Along with the regular code, contracts for functions and methods add pre and post condition checking, and code for testing correct operation of the code.
A draft Python language PEP (Python Enhancement Proposal) for Design by Contract has been submitted. The status of PEP 316 is currently Deferred.
The PEP states that compared to Assertions, Contracts produce better documentation, and make for easier testing.
The Eiffel Design by Contract document goes into greater detail on the subject:
Version 1.0 beta 3 of Design by Contract just came out. The CHANGELOG file details the recent changes, which include support for Python 2.2 and Jython among other things.
System Applications
Audio Projects
Ogg Traffic
The June 24, 2003 edition of Ogg Traffic is out. Topics include: development on Positron, Speex, Theora, libshout2, the Speex ACDM codec, integer speex, OggHelp.com, and a new ogg stream from Virgin Radio.Planet CCRMA Changes
The Planet CCRMA audio software packaging project has made new images available for Red Hat 9.0, see the ChangeLog file for details.
Database Software
PostgreSQL Weekly News
The June 18th 2003 PostgreSQL Weekly News is out. "After last week's mention of running PostgreSQL on an Opteron with Debian Linux in 64-bit node, I received a couple of emails about other people using PostgreSQL on 64-bit hardware. One in particular was a note that SuSE Linux Enterprise Server 8 for AMD64 has been shipping with support for PostgreSQL 7.2.4 since April, and is actively being maintained. With that said, we are now less than two weeks away from feature freeze (July 1st). Bruce Momjian has gone through a number of patches, if you plan to add something new for the next release it needs to be submitted as soon as possible."
SAP DB Version 7.4.03 released
Version 7.4.03 of SAP DB is available. Change information is available in the release info document.
Medical Software
FreeMED Stable Release! (LinuxMedNews)
LinuxMedNews has an announcenent for version 0.6 of the FreeMED Medical Practice Management System. "After two years of development, the FreeMED Software Foundation has released a stable version of FreeMED! The new .6 Version has lots of new features including a totally new modular architecture, HL7 support, medical billing functionality, scheduling system, and integrated security system. The new version is also compliant with both the HIPAA privacy and security rules."
Printing
LinuxPrinting.org news
The latest changes on the LinuxPrinting.org site include a patch for printing with just black ink on HP DeskJet 6xx, 8xx, and 9xx printers.
Web Site Development
CMFLinkChecker 0.1 released (ZopeMembers)
Version 0.1 of CMFLinkChecker has been announced. "CMFLinkChecker is an addon (Portal Tool) for CMF and Plone that gives you instantly an overview about the status of the links that exist within your content."
Epoz 0.4.0 released (ZopeMembers)
Version 0.4 of Epoz, a wysiwyg-editor for Zope and Plone, has been announced. The changes include: "Epoz-Buttons are now customizable via CSS. Epoz will now integrate much more seamlessly into your own applications, esp. Plone."
Exodus - a web application review tool
Rogan Dawes has put together a web application review tool called Exodus. "Exodus acts as a web proxy, and can observe and display HTTP and HTTPS conversations, as well as extracting links from observed HTML responses, and HTML comments, scripts and forms. Exodus also offers functionality to fetch unseen links, submit requests manually, sample cookies, and submit "bad input" to URL's, in the hope that something will break."
Formulator 1.4.2 released (ZopeMembers)
Version 1.4.2 of Formulator, an extensible framework that eases the creation and validation of web forms, has been released. "It contains a single bugfix compared to 1.4.1. Sticky forms should now work properly with unicode fields."
Gallery v1.3.4 and Gallery Remote v1.0.1 Released (SourceForge)
SourceForge has an announcement for new versions of Gallery and Gallery Remote. Gallery is a web-based photo gallery package. "New features for v1.3.4 include: the ability to download your gallery to burn to CD or browse offline, additional photo print services, auto-rotation of JPEGs when possible, and the ability to add new customized description fields to photos."
mnoGoSearch 3.2.11 Released
Version 3.2.11 of the mnoGoSearch web site search engine software is available. See the change history for a list of changes and bug fixes.My Media Manager 1.2 final released ! (ZopeMembers)
Version 1.2 final of My Media Manager, a set of online management and publishing tools for administering streaming media servers, has been announced. "There haven't been made many changes from the release candidate, but some minor bux fixes (mainly to the GUI) has been fixed."
Dynamically Creating PDFs in a Web Application
Sean C. Sullivan shows how to work with the iText Java Class Library to generate PDF documents on the fly.Plone 1.0.3 released! (ZopeMembers)
Version 1.0.3 of Plone, an information management system, has been released. "Release 1.0.3 fixes some bugs, and adds a reserved IDs feature. It is a recommended upgrade for users of the 1.0.x versions."
Web Services
IBM Releases WebSphere SDK 5.0.1 for Web Services
IBM has released version 5.0.1 of its WebSphere SDK for Web Services. "The free download includes: An embedded version of IBM WebSphere Application Server - Express, V5.0 with additional support for ORB and EJBs. WSDK supports SOAP 1.1, WSDL 1.1, UDDI 2.0, JAX-RPC 1.0, EJB 2.0, Enterprise Web Services 1.0 (JSR 109), WSDL4J, UDDI4J, and WS-Security."
Desktop Applications
Audio Applications
BEAST/BSE v0.5.2 released
Version 0.5.2 of BEAST/BSE, the Bedevilled Audio SysTem and the Bedevilled Sound Engine, has been released. The pair form a GUI package that can be used for music composition, audio synthesis, and sample manipulation. "This new development series of BEAST comes with a lot of the internals redone, many new GUI features and a sound generation back-end separated from any GUI activities." A new track editor has been added.
CheeseTracker 0.8.0 is out
Version 0.8.0 of CheeseTracker, an electronic music application with synthesis, sampling, and sequencing, is available.Three new releases of Horgand
Three new releases of Horgand, an electronic organ simulator, have been released this week. Version 1.0 adds Auto-accompaniement, chord recognition, drum loops, bass samples, and bug fixes. Version 1.0.1 includes some additional refinements and bug fixes. Version 1.0.2 includes a Bass file pattern editor, adds load-save for rhythm patterns, fixes one bug, and more.WaveSurfer 1.5.2 released
Version 1.5.2 of WaveSurfer, an audio visualization and editing program, has been released. Changes include support for a default configuration, storable preferences, a spectrogram analysis bandwidth slider, bug fixes, and more.
Desktop Environments
KDE Traffic #55
Issue #55 of KDE Traffic has been published. Topics include: dropping kmidi?, IR controller project, UI Abstraction Proposal, A happy user, KDE enterprise gets attention, Not enough time for KDE, and The promised treat.KDE-CVS-Digest for June 20, 2003
The June 21, 2003 edition of the KDE-CVS-Digest is out. KDE.News has this summary: "This week in KDE-CVS-Digest: CD burning application K3b begins to gain DVD writing functionality, continued fixes and improvements to KWin, more on the binary compatibility debate, bug fixes, and more."
Financial Applications
Games
BZFlag 1.7g2 'steely eyed banana' released (SourceForge)
SourceForge has an announcement for a new version of the game BZFlag. "Now with twice as mojo! New features include a nifty server administration system, autoconf, cheating protection, expanded platform support and much more. BZFlag is an OpenSource OpenGL Multiplayer Multiplatform battlezone capture the flag game."
Graphics
Sodipodi 0.32 Released (GnomeDesktop)
GnomeDesktop.org has an announcement for version 0.32 of Sodipodi, a vector-based drawing program. This is the second bugfix release after the switch to Gtk+ 2.0.
GUI Packages
SPTK 2.0a2 released
Version 2.0a2 of SPTK, the Simply Powerful ToolKit, has been released. "I've made a lot of changes since version 1.3b, so it doesn't look like it relates to 1.3 anymore. As a matter of fact, I'm starting a version 2.0. So, here we go."
Interoperability
Netatalk 1.6.3 released (SourceForge)
Version 1.6.3 of Netatalk, an open-source set of Apple compatible file sharing utilities, has been released. "Netatalk 1.6.3 is a maintenance release for the 1.6 series that fixes various small bugs and glitches in Netatalk."
wine20030618 released
Version 20030618 of Wine, the Windows Emulator, has been released. Changes include Direct3D and DirectSound improvements, merged fixes from Crossover Office 2.0, a new iphlpapi dll, and bug fixes.Wine Traffic #175
Issue #175 of Wine Traffic has been published. Topics include: Wine-20030618, TransGaming Update, WineHQ Interview, DMusic Interfaces, Displaying Icons for Executables, Wintab Status, Workaround for Xvidmode Graphic Corruption, and Missing Bugzilla Descriptions.
Office Applications
AbiWord-2.0 Beta 1 Released (GnomeDesktop)
GnomeDesktop.org reports on the release of AbiWord 1.99.1. "This release contains bugs some of which have already been found and fixed. We invite interested users to test AbiWord-1.99.1 and report bugs to http://bugzilla.abisource.com/." The code is available for download here.
AbiWord Weekly News
Issue #149 of the AbiWord Weekly News is out. "Abiword rakes in some more beau coups, while several developers attend GUADEC (which just reel them in!) Martin is the most powerful bait you can get in C++. Meantime, Frank's got an almost functional static plugin thing going on; another limited functionality Windows binary is created, but this one gets to SourceForge; another dialogue means another screenshot, and Windows users might see the next release having fixed their printing capabilities (though, note, not all are covered). Joaquin is cool that way. And, don't forget to get caught up on our GUADEC/Dublin fun!"
KOffice 1.3 Beta 1 Released
KDE.News has an announcement for KOffice 1.3 beta 2. "On June 18th 2003, the KDE Project released the second beta version of KOffice 1.3. It comes with a lot of bugfixes and a couple of new features such as a PDF import filter, new OpenOffice.org filters and more stencils for Kivio."
OpenOffice.org Scripting Framework
An early developer release (0.3) of the Scripting Framework for OpenOffice.org is available. New features include JavaScript support, support for filesystem scripts, improved edit and debug facilities, and more.
Web Browsers
Mozilla 1.4 Release Candidate 3 Ships (MozillaZine)
Mozilla 1.4 RC 3 has been announced. "The third, and probably final, release candidate of Mozilla 1.4 is now available. Get your copy from the mozilla1.4rc3 directory on ftp.mozilla.org and check out the Mozilla 1.4 RC3 Release Notes for more information."
Mozilla Thunderbird Gets Extension Support (MozillaZine)
According to MozillaZine, extension support has been added to the Thunderbird browser.Mozilla Status Report
The Mozilla Status Report for June 20, 2003 is out. Topics include: Mozilla 1.4 Release Candidate 2, Mozilla Thunderbird, Technology Evangelism, Mozilla Start Page, Mozilla Calendar Alarms, and more.NewsMonster 1.0RC1 Released (MozillaZine)
MozillaZine reports on the release of NewsMonster 1.0RC1, a weblog manager. "This is the first 1.0-quality aggregator available for Mozilla. The major change in this release is the addition of a reputation system which I think will make this the killer Mozilla app!"
Miscellaneous
FreeDOS kernel 2030 released (SourceForge)
Kernel 2030 of FreeDOS has been announced. "FreeDOS kernel build 2030 is out with quite a few important bugs fixed. FreeDOS aims to be a complete, free, 100% MS-DOS compatible operating system. FreeDOS is free because it is released under the GNU General Public License."
GnomeMeeting 0.98 is available! (GnomeDesktop)
Version 0.98 of GnomeMeeting, an H.323 compatible videoconferencing and VOIP/IP-Telephony application, has been released. "This is a major release with many changes and enhancements, and it should be the last release before the 1.0 cycle is reached."
Languages and Tools
C++
C++ Memory Management: Principles (O'ReillyNet)
O'Reilly has published an article on C++ memory management. "Half of wisdom is knowing what doesn't work. George Belotsky eloquently explained Common C++ Memory Management Errors in a previous article. This article explains design principles that will help you use C++ effectively and efficiently."
Caml
Caml Weekly News
The June 17-24, 2003 edition of the Caml Weekly News has been published. Take a look for current Caml developments.
Lisp
OpenMCL 0.13.6 released
Version 0.13.6 of OpenMCL is out. "This maintenance release features changes to Gray Streams and fixes a few bugs."
Perl
This Week on perl5-porters (use Perl)
The June 16-22, 2003 edition of This Week on perl5-porters is online. Topics include: Algorimic Complexity Attack, Clearing $1, siginfo, and Selected bugs.This week on Perl 6
The June 15, 2003 edition of This week on Perl 6 is out with the latest Perl 6 language news.Hidden Treasures of the Perl Core, part II (O'Reilly)
Casey West covers more internal modules in the Perl Core on O'Reilly. "In this article, we dig deeper to uncover some of the truly precious and unique gems in the Perl Core."
PHP
PHP 4.3.3RC1 Released
PHP version 4.3.3RC1 has been released. The changes include support for the latest GD library, better POSIX socket ID support, an improved IMAP extension, bug fixes, and lots more. See the NEWS file for details.PHP Weekly Summary for June 23, 2003
The PHP Weekly Summary for June 23, 2003 is out. Topics include: PHP 5 beta TODO list, PHP 4.3.3 RC 1, GD, GIF, Animated GIF, International PHP Conference 2003, Binary PECL packages, MySQL extension.Transforming XML with PHP (O'Reilly)
Bruno Pedro explains transforming XML from PHP on O'Reilly. "This article compares two methods of transforming XML in PHP: PEAR's XML_Transformer package and the W3C XML transformation language XSLT. I will first describe the PEAR project and its philosophy, with a focus on its XML transformation techniques. I will then give a brief introduction to XSLT and the way to use it from PHP."
Python
Dr. Dobb's Python-URL!
The Dr. Dobb's Python-URL for June 23, 2003 is out, with weekly news and links for the Python community. This week's issue contains discussions on the low-down on range() and xrange(), and what might happen to them in the future; security problem with naïve SQL quoting; and much more.Daily Python-URL Daily Python-URL
The Daily Python-URL has several new interviews and the usual assortment of Python-related articles.wxPython 2.4.1.2 released
Version 2.4.1.2 of wxPython, a Python interface to the wxWindows GUI library, is available. See the CHANGES file for details on what's new.
Scheme
Scheme Weekly News
The June 23, 2003 Scheme Weekly News is out with the week's Scheme language development news.
Shells
Zsh 4.0.7 and 4.1.1 released (SourceForge)
Two new versions of zsh, an alternative Unix shell program, has been released. "4.1.1 introduces many new features both in the main shell and as library add-ons. It has been in development for some time and is believed to be fairly stable. 4.0.7 is a bug-fix release for the stable branch of zsh."
Tcl/Tk
Dr. Dobb's Tcl-URL!
The June 23, 2003 edition of Dr. Dobb's Tcl-URL! is out with the week's assortment of Tcl/Tk development tips and news articles.
XML
Bring Scalable Vector Graphics to life with built-in animation elements (IBM developerWorks)
Brian John Venn writes about SVG on IBM's developerWorks. "Scalable Vector Graphics (SVG) is an XML-based language for drawing two-dimensional graphics. Sound dull? Far from it. SVG has many exciting features available to it such as transformations, alpha masks, filter effects, and animation. This tip provides working examples to show you how to apply the five flavours of SVG animations to your SVG documents."
CSS 3 Selectors (O'Reilly)
Russell Dyer writes about CSS 3 Selectors on O'Reilly. "Although the promise of Cascading Style Sheets (CSS) has been wondrous, the progress has been wanting. As with all W3C standards, there is the lengthy discussion process conducted by the related working group, then the problem of implementation by web browser vendors, and finally the unpredictable period of time for people to update to new versions of their browser. These steps can take a year or two each."
Debuggers
GDB 6.0 branch created
A new version 6.0 branch of GDB, the GNU Project Debugger, has been created. The code is available via CVS.
Page editor: Forrest Cook
Linux in the news
Recommended Reading
Linux Is Not Ready For the Enterprise (Opinion) (TechWeb)
Ready for your daily FUD? Try this piece by Rob Enderle in Internet Week. "Clearly any 'alternative' platform that has backers who can't control their language, or worse, use methods which now are classified by several governments as terrorist acts, should be on the list of things you would like your competitors to use but would avoid yourself like the plague." If you respond to this guy, please try to show him that Linux users can use polite and well-reasoned arguments - even if he does not. (Thanks to Joe 'Zonker' Brockmeier).
My Visit to SCO (Linux Journal)
The Linux Journal is running a lengthy article by a developer who signed SCO's NDA and looked at some of their evidence. "If this is SCO's only example of Unix code appearing in Linux, I very much doubt there is any real legal liability for Linux users. If the code is indeed derived from Unix, which is unproven, it is roughly equivalent to typing in some code from a basic computer programming text without permission. While I hesitate to predict the actions of the legal system, it is very difficult for me to believe that any judge actually would award damages on the basis of this code."
SCO smear campaign can't defeat GNU community (ZDNet)
Richard Stallman sounds off on the SCO lawsuit in this ZDNet column. "In a community of over half a million developers, we can hardly expect that there will never be plagiarism. But it is no disaster; we discard that material and move on. If there is material in Linux that was contributed without legal authorization, the Linux developers will learn what it is and replace it. SCO cannot use its copyrights, or its contracts with specific parties, to suppress the lawful contributions of thousands of others. Linux itself is no longer essential: the GNU system became popular in conjunction with Linux, but today it also runs with two BSD kernels and the GNU kernel. Our community cannot be defeated by this."
Open source's moment of truth (News.com)
Here's a lawyer's perspective on the open source movement in the wake of SCO vs. IBM. "Even if IBM prevails in this case, lingering doubts about future licensing problems could hinder further adoption of open-source software. Corporate IT spending is just beginning to stir after two years of deep sleep, but corporations will be wary of any risky IT investments, especially those that could also bring new legal risks. The open-source community must face these fears directly if it wishes to continue building their relationship with corporate America."
Trade Shows and Conferences
Hall: Protect open source from 'looters' (ZDNet)
ZDNet covers Jon "maddog" Hall's keynote speech at the Linux User and Developer Expo 2003. "Hall compared the ongoing legal battle between The SCO Group and the open-source community to the looting of Iraq's national treasures following the recent war in the Gulf."
Companies
Start-up launches low-cost Linux PCs (News.com)
News.com covers Linare, a small company that has launched a new line of inexpensive Linux PCs. "Analysts don't foresee an easy time for Linare in mature markets such as the United States but give the company better odds in India. "What they're doing is bottom fishing for consumers who haven't yet bought a PC only because of price point," said IDC analyst Roger Kay. "My sense is that most people who are culturally attuned to the PC market have bought PCs, one way or the other. Of those who have not bought, there are not that many who haven't bought them purely for price reasons.""
Linux Adoption
Linux Access in State and Local Government, Part II (Linux Journal)
Linux Journal examines Open Source Software use in the state of Texas. "Key Texans believe state and local governments should embrace Linux and open-source software (OSS) to reduce taxes. The local media decided differently and did not inform the general public about OSS initiatives in the legislature. This is especially odd, as the Houston Chronicle runs Linux on an IBM mainframe and the city administrators made the front page of USA Today for bucking Microsoft. In addition to the Chronicle, the parent of the Dallas Morning News, Belo Corporation, uses Linux to host web sites and invested heavily in :CueCat, a product driven by the Linux operating system. So, advocates of the OSS bill feel baffled."
The Penguin on the Desktop (IT-Director)
IT Director takes a look at the Penguin on the Desktop. "Interest in Linux is also exploding elsewhere in the third world from Brazil to the Philippines, so the possibility arises that the Linux desktop will proliferate from the ground up, storming the North American and European markets after establishing economies of scale in the third world."
FLOSS Gives India a Boost in Many Markets and Endeavors (Linux Journal)
Linux Journal finds free/libre and open source software (FLOSS) flourishing in India. "A recent conference in India offered examples of how FLOSS affects everything from education and health services to internal software markets. From banks and hospitals to software houses and prestigious technological institutions, the charm of free/libre and open-source software (FLOSS) is casting a spell in India that is pushing many here to venture into uncharted fields."
Linux and Microsoft (Yet Again) (IT-Director)
Time for our daily analyst pronouncement: Robin Bloor has a column on IT-Director which looks at several topics, including total cost of ownership, the SCO lawsuit, and the future of Linux. "The current battle being played out is for the desktop. Linux has all the momentum it needs in the server market and it appears to be gaining ground in the third world at a rate that has got major manufacturers creating Linux PC offerings. The next few years will be interesting to watch."
Airlines starting to fly with Linux (NewsForge)
NewsForge looks at Linux adoption in the airline industry. "Don't expect Linux to take over the aviation industry in the next few weeks or months. It's a conservative, highly-regulated business that does extensive evaluations before making even small changes. Interest and test installations today may not mean full-scale Linux use for at least another year or two by even the most receptive airlines and military aviation administrators. And, according to Berghammer, most of the early "Linux in aviation" adoptors are likely to be in Europe, the Middle East, and Asia, not the United States."
Getting the Desktop Ready for Linux: A Historical Analysis (Linux Journal)
The Linux Journal examines the progress of desktop Linux, along with the challenges that remain. "Wal-Mart can cut a deal to get a few hundred PCs with SuSE on them, store them in a warehouse somewhere and ship them onesie-twosie to the oddball cust, err, enlightened individuals who want them. They're not going to ship ten PCs to every Wal-Mart in the country, sacrifice the shelf space, endure the customer confusion when somebody picks one up and takes it home expecting the latest offering from Microsoft to be pre-loaded--you see where I'm going."
Interviews
Torvalds Speaks Out on SCO, Linux (eWeek)
eWeek interviews Linus Torvalds. "Linus Torvalds, the founder and lead developer of the Linux open-source operating system, has some strong views about the legal dispute between The SCO Group and IBM, which he shared with eWEEK Senior Editor Peter Galli in an e-mail exchange last week. Torvalds also last week announced he was taking a leave of absence from Transmeta Corp. and becoming the first full-time fellow at the Open Source Development Lab, where he will continue to drive the next version of the Linux kernel, 2.6, due later this summer." (Thanks to Ravi Parimi)
EuroPython Interviews
EuroPython2003 begins June 25, 2003, and the EuroPython organizers are wrapping the interviews-with-speakers series with this interview with Martijn Faassen and this interview with Tim Couper.More EuroPython interviews
Here are two more interviews with EuroPython speakers, but first, to EuroPython attendees: "We try to keep the conference as low-budget as possible. One of the results is that we don't print/handout the brochure. Therefore this small reminder." Find the brochure here and print out the parts you want. Now, meet Nicolas Chauvat and Paul Everitt.
If you haven't been following the comments, then you probably missed the interviews with Phil Thompson and Duncan Grisby.
The Zen of Python - Part II (artima.com)
Artima.com has published Part II of an interview with Bruce Eckel. "In this second installment, Bruce Eckel explains why he prefers Python's valuing programmer productivity over program performance, Python's you-want-it-you-can-have-it attitude, and Python's zen-like learning curve."
Resources
Secure Cooking with Linux, Part 1 (O'ReillyNet)
This O'ReillyNet article presents selected recipes from Linux Security Cookbook. "Public-key authentication lets you prove your identity to a remote host using a cryptographic key instead of a login password. SSH keys are more secure than passwords because keys are never transmitted over the network, whereas passwords are (albeit encrypted). Also, keys are stored encrypted, so if someone steals yours, it's useless without the passphrase for decrypting it. A stolen password, on the other hand, is immediately usable."
Reviews
Linux supercomputer now world's No. 3 (vnunet)
Vnunet covers the TOP500 supercomputing list, and finds a Linux cluster is the third fastest supercomputer in the world. "According to the 21st TOP500 supercomputing list, the Linux Networx Evolocity system, known as MCR, can process 7.6 trillion calculations per second (teraflops) running the Linpack benchmark, and is the fastest Linux cluster in the world."
Miscellaneous
WorldWatch Week in Review (Linux Journal)
Linux Journal looks at OSS news from around the world. "This week in WorldWatch, we've seen more government entities making the decision to embrace Linux and Free Software, mainly in Europe but also in South Africa."
Industry group urges government to think twice on open source (ZDNet)
More FUD for the day, this time from the UK. Intellect is introduced in the article as a group which represents about 1,000 UK IT companies. "Intellect said it has no objection to the use of open-source licences as such, but is strongly opposed to the use of the GPL. The group argued that the GPL's conditions would prevent the government from profiting from its software, and could estrange proprietary software companies. "When the Government decides to develop software using a restrictive licensing base, such as the GNU GPL, (it) should be aware that this would prevent it from deriving commercial gain from any subsequent derivative programs and prevent or severely limit the opportunities to work with commercial companies on such projects," Intellect said in the response paper." (Thanks to Alastair Stevens)
Page editor: Forrest Cook
Announcements
Commercial announcements
Convea adopts open-source paradigm
Convea has released its Enterprise Pro 5.1 software under the GPL. "Convea version 5.1 offers over 19 web based applications, tools and business utilities including: Email, Group Calendaring, Group Scheduling, Group Discussion, Instant Messaging, Instant Conferencing, Knowledge Management, File Management, And Much More."
Graphics Muse Tools CD Version 2.0 released
Version 2.0 of the Graphics Muse Tools CD is available. "Graphics Muse is pleased to announce the release of the latest version of The Graphics Muse Tools CD, a suite of plug-Ins, brushes, and patterns designed specifically for use with GIMP 1.2 on Linux systems."
"Hacking the Xbox" available
No Starch Press has announced that Hacking the Xbox by Andrew "bunnie" Huang is now available. Quoting the author: "No Starch Press distinguished itself as the only publisher with the courage to accept the book without any suggestion of censorship or caveats."
MandrakeSoft introduces "MandrakeClustering"
MandrakeSoft has introduced "MandrakeClustering". Designed to meet the high-demands of clustering solutions inside research laboratories and other compute-intensive industries, MandrakeClustering is an achievement of the CLIC research project. Supported architectures currently include AMD Opteron, Intel Pentium and compatible processors (IA-64 support to come later in September).Novell launches 'Nterprise Linux Services'
Novell has taken its next step into the Linux world with the announcement of its "Nterprise Linux Services" product which provides the Novell file and directory management, printing, and messaging services. It runs on the Red Hat and SuSE "enterprise" distributions (no word on whether it actually works on the cheaper Red Hat and SuSE versions). There are also deals with Dell, HP, and IBM to distribute Novell's new offerings.O'Reilly releases "Essential CVS"
O'Reilly has published the book "Essential CVS" by Jennifer Vesperman.SuSE Linux Enterprise Server Selected by Cray Inc.
SuSE Linux announced that it has been chosen by Cray Inc. to drive key aspects of the U.S. Department of Energy's new massively parallel processing (MPP) supercomputer called Red Storm at Sandia National Laboratories, California, which, when completed, will be the fastest supercomputer in the US.Trustix Offers Small Office Server and Suite Through US Channel
Trustix is making its Small Office Server available. "Trustix, the IBM independent software vendor of security and network management solutions for Linux, announced today that its Small Office Server is now available through US channel partners. Trustix also announced that Texum Technology, Inc. and Interpretis, Inc. have joined its growing list of US-based resellers."
UnitedLinux Launches partner program
Defying rumors of its death, UnitedLinux has announced a new partner program for independent systems vendors. The program allows vendors to get their products certified as "UnitedLinux Ready," use a special logo, and be listed on the UnitedLinux web site. It will be interesting to see what the level of uptake is.
Here's a quote from the PR:
"ISVs interested in self-certification will obtain a current
version of UnitedLinux -- a free, downloadable developer's version of
UnitedLinux for testing purposes is available from the UnitedLinux
Website's Developer's Zone.
" It would seem that SCO, whose name appears several times in the release, has not completely stopped distributing Linux.
Resources
The Linux vs. SCO Decision Matrix
Con Zymaris has put together the Linux vs. SCO decision matrix, a concise exploration of various ways in which the SCO lawsuit could play out. The conclusions ("Linux is unaffected" in all scenarios) may be a bit optimistic, but it is a worthwhile exercise regardless.Dasher paper and slides (GnomeDesktop)
Some slides and a paper on Dasher, a character entry system that uses visual tracking instead of a keyboard, have been published.JDO Persistence, Part 1 (O'ReillyNet)
O'Reilly has published an excerpt from the book Java Database Best Practices. "In this first of three excerpts from Chapter 7 of Java Database Best Practices, author George Reese describes all the available persistence options for Java architects and developers, and provides data to help you choose the persistence option that best fits the requirements and scale of your application."
Checking Hotmail with KMail/Gotmail
KDE.News covers a new tutorial on using Hotmail email in KMail. "At our Belgian SuSE LUG, we have written a handy bilingual HOWTO about how you can check your Hotmail email in KMail with the help of Gotmail."
Introduction to ZGDChart
Nidelven-IT has published a tutorial on ZGDCharg. "In this article we'll be looking at ZGDChart, a chart-rendering product for Zope. I'll show you how to get it, install it, use it and talk a bit about Zope's 'unification' abilities as well."
Upcoming Events
4th Libre Software Meeting
The fourth Libre Software Meeting willl be held in Metz, France from July 9-12, 2003.Linuxtag in Karlsruhe (GnomeDesktop)
GnomeDesktop has posted the announcement for the GNOME participation in the Linuxtag conference, to be held in Karlsruhe, Germany on July 10-13, 2003.A report from the first day at EuroPython
Stéfane Fermigier (of Nuxeo) is attending the EuroPython Conference in Charleroi, Belgium. He has written up a report of happenings from the first day at that conference. Click below for information on Guido van Rossum's talk on Zope 3, along with other talks on through-the-web development, extreme programming, Zope in public administration, the Silva environment, PyPy, Python metaclasses, and more.Embedded Systems Conference, Boston
The Embedded Systems Conference will be held in Boston, Mass. on September 15-18, 2003.ILC 2003 Programming Contest
A lisp programming contest will be held at the International Lisp Conference 2003 in New York City during October, 2003. "The contest will involve solving the Last Piece Puzzle, a "small but fiendish puzzle"."
LogOn Web Days Europe Call for Submissions
A call for submissions has gone out for LogOn Web Days Europe, a series of events that will be held across Europe in September and October, 2003.International PHP Conference 2003 CFP
A Call for Papers has gone out for the International PHP Conference 2003, to be held in Frankfurt, Germany on November 4 and 5, 2003. Abstracts are due in by July 14, 2003.First round of GU4DEC slides (GnomeDesktop)
GNOMEDesktop.org presents some slides from the GU4DEC talks.Second round of GU4DEC slides (GnomeDesktop)
GnomeDesktop.org has put together a second roundup of articles and slides from the GU4DEC conference.YAPC::NA::2004 Call for Venue (use Perl)
A Call for Venue has gone out for the YAPC::NA::2004 conference. "With YAPC::NA::2003 over, it's time to get ready for YAPC::NA::2004, and that means it's time to throw open the call for venues for next year's YAPC."
Events: June 26 - August 21, 2003
| Date | Event | Location |
|---|---|---|
| June 26 - 27, 2003 | European Python and Zope Conference 2003 | (CEME)Charleroi, Belgium |
| June 26, 2003 | ClusterWorld Conference & Expo | (San Jose Convention Center)San Jose, California |
| June 26, 2003 | LinuxUser & Developer Expo | (Birmingham National Exhibition Centre)Birmingham, UK |
| June 26, 2003 | Fourth Workshop On UML for Enterprise Applications | (Hyatt Regency San Francisco Airport Hotel)Burlingame, CA |
| July 7 - 11, 2003 | O'Reilly Open Source Convention 2003(OSCON) | (Portland Marriot)Portland, Oregon |
| July 9 - 12, 2003 | Libre Software Meeting | Metz, France |
| July 10 - 13, 2003 | LinuxTag | Karlsruhe, Germany |
| July 12 - 17, 2003 | Debcamp | Oslo, Norway |
| July 18 - 20, 2003 | Debconf 3 | (The University of Oslo)Oslo, Norway |
| July 23 - 26, 2003 | Ottawa Linux Symposium | Ottawa Canada |
| July 23 - 25, 2003 | YAPC::Europe 2003 | (CNAM Conservatory)Paris, France |
| July 25 - 27, 2003 | Fifth Annual Linux Festival in Kaluga Region | (bank of the river Protva)Kaluga region, Russia |
| July 29 - August 2, 2003 | The 10th Annual Tcl/Tk Conference | Ann Arbor, Michigan |
| July 31 - August 3, 2003 | UKUUG Linux Developers' Conference(LINUX 2003) | (George Watson's College)Edinburgh Scotland |
| August 4 - 7, 2003 | LinuxWorld Conference and Expo 2003 | (Moscone Convention Center)San Francisco, CA |
| August 7 - 10, 2003 | Chaos Communication Camp 2003 | Paulshof, Altlandsberg, Germany |
| August 18 - 21, 2003 | New Security Paradigms Workshop 2003(NSPW 2003) | (Centro Stefano Francini)Ascona, Switzerland |
Web sites
Ogg Vorbis Help
A new web site called OggHelp is online, take a look for answers to common Ogg Vorbis audio compression software questions and related resources.Provo Linux users protest at SCO
On Friday, June 20, the Provo Linux Users Group decided to head on over to SCO's offices and hold a protest; information on the event, including pictures and press coverage, can be found on the PLUG page. Among other things, the protesters claim that SCO employes came out and joined the event holding pre-prepared signs saying things like "I love software piracy" and "Try communism - use Linux." (Thanks to Phillip Warner).Update: in case you're not following the comments, photos of SCO's (insulting) anti-protest signs can be found on this page. Thanks to amaoui for posting the pointer.
Software announcements
This week's software announcements
Here are the software announcements, courtesy of Freshmeat.net. They are available in two formats:
- Sorted alphabetically,
- Sorted by license.
Miscellaneous
Zend PHP Usage Survey
Zend is conducting a PHP Usage Survey. Fifty randomly chosen participants will receive a PHP T-shirt.
Page editor: Forrest Cook
Letters to the editor
An open appeal to SCO
| From: | Eric.M.Kidd@Dartmouth.EDU (Eric M. Kidd) | |
| To: | lwn@lwn.net | |
| Subject: | An open appeal to SCO | |
| Date: | 20 Jun 2003 15:44:36 EDT |
I'm making it easy--15 minutes and 150MB of RAM for them to find code shared
between Linux and Unix. This program uses the rolling hash technique
proposed by Egan at the Inquirer.
I'm trying to make it as easy as possible for SCO (and other copyright
holders) to report wrongdoing to free software maintainers without revealing
any more than necessary about their own code.
http://www.randomhacks.net/stories/srcdupchk-release.html
Searching for Linux code in SCO kernel (or vice versa)
| From: | goga@florin.ru | |
| To: | lwn@lwn.net | |
| Subject: | Searching for Linux code in SCO kernel (or vice versa) | |
| Date: | Tue, 24 Jun 2003 15:39:37 +0400 (MSD) |
Hello,
SCO claims that some Linux code is taken from Unix kernel. SCO
also claims that no Linux code ever went into its Unix kernel.
Given SCO's kernel source, that would be easy to check; however,
SCO will not give us the source. So how could we search for similar
code _without_ the sources?
1. Take SCO Unix.
2. Take Linux kernel source.
3. Guess which compiler flags were used by SCO when compiling
its source.
4. Compile the suspicious portions from Linux kernel source with
SCO's compiler, making as few modifications as possible.
5. In the generated code, mark global addresses (subject to
relocation), magic constants, and probably some other constants
(struct member displacements?) as irrelevant.
6. Search the SCO Unix binary kernel for chunks matching relevant
portions of compiled Linux code.
Of course, we would be extremely lucky if it worked -- the code
must really be taken as is for such a test to work. But I think
this might be worth a try. (I don't have access to SCO Unix, so
I can't do this myself.)
IANAL, of course, so I don't know whether such procedures would
be legal, in US or elsewhere.
Goga
Page editor: Jonathan Corbet