LWN.net Weekly Edition for July 10, 2003
[This article was contributed by Joe 'Zonker' Brockmeier]
Back in February, Reasoning, Inc. released a study that surprised few in the Linux and open source community. Specifically, Reasoning found that the Linux kernel's TCP/IP stack had fewer defects than implementations from vendors with proprietary versions.
This time around, Reasoning has focused on Apache. Reasoning looked at Apache 2.1-dev, released at the end of January this year, and found that release to be about the same quality as commercial software. Reasoning's study was not sponsored by a vendor, nor does the company have any real motivation to find that open source is better or worse than proprietary software. Instead, the company is using studies of open source projects to help promote its testing services. Open source makes an ideal promotional device because Reasoning can actually release the full results to the study, including source code where errors are found.
The company uses a method of automated testing that tests for memory leaks, NULL pointer dereferences, bad deallocations, out of bounds array access and/or uninitialized variables. These are classified as defects. In 58,944 lines of code (LOC) spread out in 360 files, there were a total of 31 defects, or a defect density of 0.53 per thousand lines of code. According to Reasoning, the average defect density for commercial applications is 0.51 per thousand lines of code.
Of 31 defects, 29 of the defects were NULL pointer dereferences and 2 were uninitialized variables -- no memory leaks, bad deallocations or out of bounds defects were found in Apache 2.1-dev. The detailed version of Reasoning's report lists each of the 31 defects, giving the location of the defect, a description and the actual defect in a code fragment taken from the file with the defect.
One might wonder why Reasoning chose to look at a development version of Apache rather than a more mature version that had been out for a while. Certainly, very few people are likely to be deploying a development version of Apache on production sites -- making it less comparable to a release of a proprietary product. Apparently, they decided to review a less mature version of an open source project to point out how the open source development model benefits a project in the long run.
It would be interesting for Reasoning to track Apache's development and compare its quality against proprietary code after it has been released and in use for some time. One suspects that the Apache release would fare better than proprietary projects after it had been formally released and in use for some time.
Obviously, the study doesn't provide the full picture. It only measures certain types of defects, and doesn't take into account the software's features, performance or other qualities. But, at least in the area of software defects, Reasoning's study reflects well on the open source model by demonstrating what many users of open source already know -- that open source produces code of a quality that is at least comparable to proprietary software.
[This article was contributed by Joe 'Zonker' Brockmeier]
Hewlett-Packard has quietly released a desktop PC featuring Mandrake Linux for small and medium-sized businesses. Last Wednesday the company issued a press release for the Compaq Business Desktop d220, which is available with Windows XP or Linux Mandrake 9.1. MandrakeSoft has also issued a release, which indicates that Mandrake will be on a range of HP's Compaq-branded desktop PCs.
It's encouraging to see one of the major players in desktop PCs getting behind Linux on the desktop. However, it'd be nicer if they were a little more aggressive about the play. HP's release for the d220 desktops doesn't mention that the new line is available with Linux until the sixth paragraph, when one would think that the release of a business desktop machine featuring Linux would be more noteworthy. However, the fact that HP is offering Linux on a desktop machine to SMBs at all is a significant step forward.
A d220 system with an Intel Celeron processor can be had for a mere $327 through HP's site right now, and it's worth noting that a machine with the same specs, but with Windows XP Home Edition, will set SMBs back an additional $50 per machine -- presumably due to the additional cost of adding the Windows license.
It's not exactly world domination, HP is only taking a tentative step in offering Linux to SMB customers on a small slice of its Compaq line. HP's home users, or those looking for a HP or Compaq laptop with Linux pre-loaded, are still out in the cold. (Though there's nothing to stop home users from ordering from HP's small and medium business online store...) But, this small step is necessary to help Linux gain a foothold in the desktop market.
Naysayers and analysts who have continually dismissed Linux as a desktop operating system may have to rethink their position, as it seems unlikely that HP would offer a desktop machine with Linux unless there is sufficient demand for Linux by its business customers, and that HP has decided that Linux is suitable for prime-time on the desktop. If HP is successful with Linux as a desktop offering for SMBs, we can expect to see Dell and others to follow suit very shortly.
Security
Brief items
Apache HTTP Server 2.0.47 released
Today the Apache Software Foundation and the Apache HTTP Server Project have announced the release of the Apache HTTP Server 2.0.47. This release fixes four security vulnerabilities:- Certain sequences of per-directory renegotiations and the
SSLCipherSuite directive being used to upgrade from a weak ciphersuite to
a strong one could result in the weak ciphersuite being used in place of
the strong one. [CAN-2003-0192]
- Certain errors returned by accept() on rarely accessed ports could
cause temporal denial of service, due to a bug in the prefork MPM. [CAN-2003-0253]
- Denial of service was caused when target host is IPv6 but ftp proxy
server can't create IPv6 socket. [CAN-2003-0254]
- The server would crash when going into an infinite loop due to too many subsequent internal redirects and nested subrequests. [VU#379828]
New vulnerabilities
teapop: SQL injection
| Package(s): | teapop | CVE #(s): | CAN-2003-0515 | ||||||||
| Created: | July 9, 2003 | Updated: | October 1, 2003 | ||||||||
| Description: | teapop, a POP-3 server, includes modules for authenticating users against a PostgreSQL or MySQL database. These modules do not properly escape user-supplied strings before using them in SQL queries. This vulnerability could be exploited to execute arbitrary SQL under the privileges of the database user as which teapop has authenticated. | ||||||||||
| Alerts: |
| ||||||||||
semi: insecure temporary file
| Package(s): | semi, wemi | CVE #(s): | CAN-2003-0440 | ||||||||||||||||
| Created: | July 7, 2003 | Updated: | October 1, 2003 | ||||||||||||||||
| Description: | semi, a MIME library for GNU Emacs, does not take appropriate
security precautions when creating temporary files. This bug could
potentially be exploited to overwrite arbitrary files with the
privileges of the user running Emacs and semi, potentially with
contents supplied by the attacker.
wemi is a fork of semi, and contains the same bug. | ||||||||||||||||||
| Alerts: |
| ||||||||||||||||||
Resources
Linux Advisory Watch
The July 4 issue of the Linux Advisory Watch newsletter from LinuxSecurity.com is available.Linux Security Week
The July 7 issue of the Linux Security Week newsletter from LinuxSecurity.com is available.
Events
HiverCon 2003 Announcements
Earlybird registration has opened for this year's HiverCon show which will be held in Dublin on November 6th and 7th. Register for your ticket now and save 200 Euro !
Page editor: Rebecca Sobol
Kernel development
Brief items
Kernel release status
The current development kernel is 2.5.74, which was released by Linus on July 2. The summary says: "Updates all over, the patch itself is big largely because of a MIPS/MIPS64 merge (and SH, for that matter). Network driver updates, USB updates, PnP, SCTP, s390, you name it. See the changelog for more details."
The current stable kernel is 2.4.21,
Marcelo has released
Linux 2.4.22-pre4.
"Here goes -pre4. It contains a lot of updates and fixes.
We decided to include this new code quota code which allows usage of
quotas with 32bit UID/GIDs.
Most Toshibas should work now due to an important ACPI fix.
Please help and test.
"
Linux 2.4.22-pre3-ac1
Alan Cox has released 2.4.22-pre3-ac1. "Lots of small fixes and compiler clean up. S/390 qeth is finally GPL'd and included, and the Wolfson written AC97 touchscreen driver is present and would benefit from a once over by the input folks. We now have a working framework for plugging add on modules into audio codecs with funny features - be that modules for flipping connections around or stuff like the touchscreen interface."
Kernel development news
Changes to the USB driver API for the 2.5 series kernel
[This article was contributed by Greg Kroah-Hartman]
Over the 2.5 kernel development series, the USB driver api has changed a lot. As LWN has graciously allowed me to write a kernel article this week, and I know a bit about the USB kernel code, I thought I would discuss a short summary of the major changes that have happened with it for anyone wanting to port a 2.4 USB driver to 2.5.
The main struct usb_driver structure has shrunk. The fops and minor variables have been removed, as the majority of USB drivers do not need to use the USB major number. If a USB driver needs to use the USB major, then the usb_register_dev() function should be called when a USB device has been found, and a minor number needs to be assigned to it. This function needs to have a struct usb_interface that the minor number should be assigned to, and a pointer to a struct usb_class_driver structure. This usb_class_driver structure is defined as:
struct usb_class_driver {
char *name;
struct file_operations *fops;
mode_t mode;
int minor_base;
};
The name variable is the devfs name for this driver. The fops variable is a pointer to the struct file_operations that should be called when this device is accessed. The mode variable defines the file permissions that devfs will use when creating the device node. Finally, the minor_base variable is the start of the minor range that this driver has assigned to it.
When usb_register_dev() is called, the devfs node will be created if devfs is enabled, and a usb class device is created in sysfs at /sys/class/usb/. After the device is removed from the system, the usb_unregister_dev() function should be called. This function will return the minor number to the USB core (to be used again later for a new device), the devfs node will be deleted if devfs is enabled in the kernel, and the usb class device will be removed from sysfs.
Because of these two functions, USB drivers no longer need to worry about managing the devfs entries on their own, like is necessary in the 2.4 kernel.
Also, USB drivers can use the usb_set_intfdata() function to save a pointer to a USB driver specific structure. This can be used instead of having to keep a static array of device pointers for every driver. usb_set_intfdata() should be called at the end of the USB driver probe function. Then in the open() function, usb_get_intfdata() should be called to retrieve the stored pointer.
For a good example of how to make these changes, look at how the usb-skeleton.c driver has changed between the 2.4 and 2.5 kernels. This driver is a framework driver that can be used to base any new USB drivers on.
There are also a number of USB api functions that have had their parameters modified from 2.4 to 2.5. Two of the most visible examples of this is the usb_submit_urb() function, and the USB probe() callback function.
In the usb_submit_urb() function, the USB core and host controller drivers can need to allocate memory from the kernel to complete the USB transfer. In 2.4, the core and host controller drivers guess that it is safe to sleep when requesting memory, and would call kmalloc with the GFP_KERNEL flag. The USB developers quickly realized that this is not always the best thing. So the usb_submit_urb() function now requires that the memory flags be passed to it:
int usb_submit_urb(struct urb *urb, int mem_flags);
In the 2.5 kernel the probe callback is now:
int (*probe) (struct usb_interface *intf,
const struct usb_device_id *id);
This was done to emphasize that USB drivers bind to a USB interface, and
not to an entire USB device. If the struct usb_device structure is
needed to be found, the interface_to_usbdev() macro should be used.
The biggest change in the USB api between the 2.4 and 2.5 kernels is much improved documentation. To build the kernel USB documentation, run:
make psdocs
By doing this, the Documentation/DocBook/usb.ps file will have
been created. This contains a lot of details about how the USB
subsystem works, and what all of the options to the USB functions are.
The primary author of all of this documentation is David Brownell, who
also wrote the USB gadget and USB 2.0 EHCI host controller driver.
libsysfs v0.1.0 announced
Daniel Stekloff has announced libsysfs, a library built over sysfs.
Patches and updates
Architecture-specific
Build system
Core kernel code
Device drivers
Documentation
Filesystems and block I/O
Memory management
Networking
Benchmarks and bugs
Page editor: Forrest Cook
Distributions
News and Editorials
Trustix Secure Linux 2.0
[This article was contributed by Ladislav Bodnar]
Trustix Secure Linux 2.0 was released last week, nearly two years after the previous stable version 1.5. The distribution is a product of Trustix AS, a Trondheim, Norway-based company, which has been developing secure server solutions since 1999. The latest version is a major upgrade and this warrants a closer look at some of the new features.Trustix AS started as a consulting company providing Linux-based solutions and support for Linux server deployments. The first stable version of Trustix Secure Linux was version 1.0, released in March 2000 and based on Red Hat Linux 6.x, but stripped of the X Window System and all graphical applications. The distribution maintained compatibility with Red Hat and kept providing security and bug fixes throughout the product's lifespan. In later years, Trustix AS expanded their product range to include complete hardware and software solutions for various server scenarios. Besides their headquarters in Norway, the company has offices in USA, UK and Asia.
Version 2.0 has come a long way since the initial release. While the distribution is now developed independently of its original base, system administrators familiar with the Red Hat distribution will still feel instantly at home with Trustix. The installation program, which can be initiated from a CD-ROM or over the network, is a modified version of Red Hat's Anaconda in text mode, with several important changes. Among the more noticeable ones are the availability of most major journaled file systems, including ext3, JFS and ReiserFS, together with an option to set up RAID arrays. A choice between grub and lilo, as well as an option to set a boot loader password are given during the installation, and so are options to enable NIS or LDAP authentication. The simplified package installation screen presents 19 common scenarios for server setup, such as mail, web, FTP or DNS servers, firewall and database servers among many others. This can be fine-tuned by selecting a custom package installation option.
The star feature of Trustix Secure Linux is SwUp, or SoftWare UPdater. Written in Python and released under GPL, SwUp is an excellent utility designed to keep a Trustix system up-to-date of all bug and security fixes with minimal effort. In fact, installing and configuring a package called "swupcron" ensures that the system is kept up-to-date without any human interference. SwUp provides for automatic resolution of dependencies, poll-only functionality (without any actual package installation), strong authentication with GnuPG, filter and search capabilities, caching of downloads and use of HTTP proxies. SwUp also allows for automatic kernel updates, although this ability is turned off by default.
Other new additions in Trustix 2.0 include Courier and Cyrus IMAP daemons, CUPS printing system (replacing LPRng in earlier versions), fcron (replacing vixie-cron), xinetd (replacing inetd), hdparm, rdfgen and many others; see the release announcement for a complete list of changes. The system is based on kernel 2.4.21 and glibc 2.3.2, all compiled with the latest gcc 3.3. Most other packages included with the distribution are also highly up-to-date - Apache comes in version 2.0.46, Bind in 9.2.2 and MySQL is at 4.0.13. Although not even two weeks old, the developers were quick to issue several updates and fixes, so be sure to fire up SwUp right after the installation.
What makes Trustix more secure than a standard Red Hat server? If you are expecting a long list of kernel patches guarding against buffer overflow exploits or stack smashing attacks, then you will be disappointed. The Trustix approach to security is very simple - provide only well-tested and widely used packages, as well as a system with sensible defaults and no unnecessary services running or ports open. Admittedly, these are not particularly earth-shattering qualities, but remember that in its default state, the distribution serves mainly as a base for the company's commercial products. Additionally, Trustix developers pride themselves on being extremely fast to apply patches to any known security issues. All this, combined with complete transparency and open beta testing guarantee a stable and secure operating system -- claims the document describing the company's security policy.
Trustix Secure Linux 2.0 is available as a free download from many mirrors around the world.
Distribution News
Debian GNU/Linux
The Debian Weekly News for July 8, 2003 is out. This week's topics include the enforcability of the GPL in Germany with a rebuttal from the German Institute for Legal Issues on Free and Open Source Software; Linux use in the City of Austin, Texas; and much more.Benj. Mako Hill has announced a potential Debian subproject aimed toward desktop use in non-profit organizations. Right now the project is looking for developers who might be interested in working on this project.
The Debian Project will be represented at several conferences, including Libre Software Meeting, LinuxTag, and Debian Conference 3. Speaking of DebConf, the schedule for talks and events has been posted here.
KDE.News covers a new a new HOW-TO from KDE Hispano on installing KDE 3.1.2 in Debian Sarge.
Debian Planet reports that the UK mirror open.hands.com has been replaced, and is now in need of some load testing.
Gentoo Weekly Newsletter -- Volume 2, Issue 27
The Gentoo Weekly Newsletter for July 7, 2003 is out. This week marks a change in editorship for the GWN; Gentoo coming to Windows with Cygwin; Milestone reached in herds project; Infrastructure changes; Controversy about inappropriate content in ebuilds; GWN seeking additional contributors; and more.10 Questions with Auke Kok
Here is an interview with Lunar Linux developer Auke Kok. "8. Who can benefit from using lunar? Lunar is for everyone. Though it may be extremely hard for the beginner to administer, it provides you with all the possible features you could want from a linux distro."
MontaVista Linux
Motorola, Inc. Semiconductor Products Sector (SPS) and MontaVista Software Inc. have announced that MontaVista Linux Professional Edition 3.0 will support the Motorola i.MX1 and i.MXL family of applications processors.Red Hat Linux
Red Hat has released some bug fix advisories: This one fixes a common GNOME panel crash for RHL 8.0, and new redhat-config-printer packages and updated print-queue manager packages are available for RHL 9.Trustix Secure Linux
Last week Trustix released TSL 2.0. This week they have some bug fixes available for many little bugs that cropped up. Users of TSL 1.2 or 1.5 might want to get these new GnuPG and gzip packages.
New Distributions
distccKNOPPIX
Open Door Software created distccKNOPPIX, a small (~48MB) self-configuring Linux system running a distccd daemon. It is a simple remastering of Damn Small Linux (which is KNOPPIX-based) running a distccd daemon and some general cleaning up/removal of unneeded packages/apps. Its obvious target is for those who have other machines at their hands, and for some reason or an other can not get a distccd daemon running on it. It joins the CD-based section of our list at v0.0.4, released July 4, 2003.Oralux
Oralux is a GNU/Linux distribution for blind or visually impaired people. It is based on Knoppix, and runs from the CD-ROM. An audio desktop replaces the graphical user interface. Initial version 0.03 was released July 3, 2003.Salvare
Salvare (from the Latin "to rescue") is a small Linux distribution designed for small, credit-card sized CDs which typically hold around 34MB. More Linux than tomsrtbt but less than Knoppix, it aims to provide a useful workstation as well as a rescue disk. Initial version 0.1.0 was released July 2, 2003.stresslinux
stresslinux is a minimal Linux distribution that runs from a bootable CDROM or via PXE. It makes use of some utitlities such as stress, cpuburn, hddtemp, lm_sensors, etc. It is dedicated to users who want to test their system(s) entirely on high load and monitor the health of these systems. Initial version 0.1.5b was released July 4, 2003, swiftly followed by 0.1.5c. It has joined our list in the Special Purpose/Mini section of our List.ThePacketMaster
ThePacketMaster Linux Security Server is a CD-based security auditing tool that boots and runs penetration testing and forensic analysis tools. It is handy for security auditors. Some tools included are nessus, ethereal, The Coroner's Toolkit, chntpw, and minicom. It includes modules for any Linux 2.4.20 SCSI driver. Initial version 1.0.0 was released July 5, 2003. It has joined the Secured Distributions section of our List.
Minor distribution updates
Astaro Security Linux
Astaro Security Linux has released v4.009 with minor bugfixes. "Changes: This Up2Date improves the performance for POP3 and SMTP AntiVirus scanning, and fixes two POP3-related bugs."
Coyote Linux
Coyote Linux has released v2.0-rc1 with minor bugfixes. "Changes: Minor bugfixes for the PPP dialup disk creator scripts."
DIET-PC
DIET-PC has released v1.1 with major feature enhancements. "Changes: This version converts DIET-PC from a special-purpose thin client framework into a general- purpose "embedded appliance" framework. This includes greater flexibility with regard to bootstrap methods (e.g. boot from PXE boot ROM, CD, or solid-state/conventional hard disk), and architectural changes permitting offline operation."
MoviX
MoviX has released v0.8.0rc2 with major feature enhancements. "Changes: This release adds remote support for the MoviX menu, improves ISA audio cards and SCSI cards module autoloading, XCD and TV-in support, and subtitles support, gets rid of the Microsoft TrueType fonts for copyright reasons, adds two Open Source TrueType fonts, and adds support for serial remotes."
eMoviX 0.8.0rc2 has been
released with minor feature enhancements. "Changes: This version
adds support for international kbds layouts and TrueType fonts, squeezes
initrd.gz to 6MB, upgrades MPlayer to 0.90, updates and adds several
translations, and improves DVD support.
"
SmoothWall
SmoothWall has released v2.0 beta5 with minor feature enhancements. "Changes: This release includes a 2.4.21 kernel, NTP time sync, tweaks to the UI, several other updates, and bugfixes. The timezone is now set in the UI rather than the setup program. Updates lists can now be retrieved through a (passwordless) HTTP proxy."
ThinStation
ThinStation has released v1.0 beta 4 with major bugfixes. "Changes: Two unused XFree86 libraries were removed. Many binaries were recompiled with size optimizations. The lpr package was fixed by updating its modules. The thinstation.defaults file was added. An ongoing problem with rdesktop parameters was fixed, so now you can specify as many parameters as you want."
Trinity Rescue Kit 1.1
Trinity Rescue Kit may be all you need to save your crashed computer. Now Trinity Rescue Kit 1.1, a major upgrade, has been released. Click below for details.ttylinux
ttylinux has released v3.2 with minor bugfixes. "Changes: The latest versions of e3 and LILO were included, and a status option was added to the ISDN init script."
Distribution reviews
Dyne:bolic: A broadcast studio on a Linux CD (NewsForge)
Russell Pavlicek reviews Dyne:bolic, on NewsForge. "There are Linux distributions galore that target office, home, and server systems. But a new Linux distribution promises to provide a multimedia studio -- complete with the ability to transmit Webcasts worldwide -- without ever installing any software on your hard drive. Sound impossible? Not for a new Linux distribution called Dyne:bolic."
FreeBSD 5.1 Shows Handy New Features (eWeek)
eWeek reviews FreeBSD 5.1. "FreeBSD users can access a large number of software packages for the platform through FreeBSD's ports collection. We could either compile these applications ourselves or install them as precompiled packages. We could also install and run Linux applications on FreeBSD after installing a Linux application compatibility layer."
Savanna Says: Kneat Knoppix!
KDE.News has this article on using Knoppix to try out the latest KDE3. "All you have to do is put it in your CD drive, boot up, and presto! you've got a Linux system -- and a beautiful KDE3 desktop -- running all from your CD drive. No install, no weird lines of code... try it out and you will see how beautiful KDE and Linux are, and you won't even have to get your hands dirty or look under the hood."
LindowsOS: Robust Linux with More than Rookie Appeal (eWeek)
eWeek reviews LindowsOS 4.0. "Beyond its appeal to novices, LindowsOS also has a couple of things to teach bigger-name Linux distributions such as Red Hat Linux. I was particularly impressed by LindowsOS' handling of USB thumb drives, those handy devices for plug-and-play ferrying of data too large for floppies. These devices work with every recent Linux distribution, but most require some command-line fiddling to get going. With LindowsOS, you plug one of these drives into a USB port, and an icon for the auto-mounted drive pops right up on the desktop--just as it should."
Page editor: Rebecca Sobol
Development
Pyro: Python Robotics
Pyro, the Pyro AI and Robotics System, brings the Python language to Robotic control systems. This is not to be confused with the other pyro, Python Remote Objects.
"
Key features of Pyro include:
For those of you who are interested in getting some hands-on experience
with Pyro, the first
Pyro Workshop will be held on August 3-5, 2003 in Lowell,
Massachusetts at U-Mass.
Pyro looks like a fun project to experiment with,
installation instructions and software downloads are available
here.
Pyro is a library, environment, graphical user interface, and low-level drivers to explore AI and robotics using the Python language.
![[Pyro]](https://static.lwn.net/images/ns/pyro.jpg){kind=small}
The
Learning Pyro document is organized as a robotics course
curriculum. The majority of the project documentation is within.
The
PyroWhatsNew document lists the project's history in detail,
version 2.0.2 was just released.
System Applications
Audio Projects
Initial release of Soundmesh for Linux
The initial release of Soundmesh, an Internet2 audio streaming package, has been announced. "Soundmesh is a result of a collaborative work with Mara Helmuth. It originally started as an "Internet Sound Exchange" Internet2 project and has since grown to become a full-fledged audio streaming front-end. The sole purpose of this app is to provide a mechanism for streaming multiple CD-quality (or better) audio soundfiles via fast Internet2 connection, utilizing hacked version of the RTcmix v.3.1.0. Hence, Soundmesh provides for a unique "jamming" tool via Internet for a larger groups of participants."
Planet CCRMA changes
The latest changes to the Planet CCRMA audio utility packaging project include the addition of Ardour version 0.9beta2-1. Ardour is an up and coming multi-track audio recording package.
Database Software
libgda/libgnomedb 0.90.0 released (GnomeDesktop)
Version 0.90.0 of libgda/libgnomedb, a framework for developing database applications under GNOME, has been released. "This release marks the beginning of the end of the normal development process, since this is one of the latest releases before the 1.0 beta testing cycle starts."
Electronics
Icarus Verilog snapshot 20030705 available
A new development snapshot of the Icarus Verilog electronic simulation language compiler has been released. See the release notes for change information.Xcircuit 3.1.16 released
Version 3.1.16 of Xcircuit, an electronic circuit drawing package, has been released. The change information is somewhat sparse at this time.
Mail Software
MailBoxer 2.2.5 released (ZopeMembers)
MailBoxer 2.2.5 has been announced. "MailBoxer is a lightweight ZOPE-Product to run mailinglists, newsletters and mailarchives. Its main idea is to give you an extensible framework for building mailinglist-based applications with the power of ZOPE. Out of the box it provides a full featured mailinglist/ newsletter/ mailarchiving-framework." A number of bug fixes and new features are included in this release.
Printing
LinuxPrinting.org news
The latest addition to the Foomatic printer database on LinuxPrinting.org is the Minolta Color PageWorks Pro L color laser printer.
Web Site Development
Zope 2.7.0a1 Released (ZopeMembers)
Version 2.7.0a1 of Zope has been released. "Zope 2.7.0 represents a concentration on software configuration and installation improvement over older versions. It requires Python 2.2.3."
Epoz 0.5.1 released (ZopeMembers)
Version 0.5.1 of Epoz, a wysiwyg editor for Zope, has been released. Changes include bug fixes for bold text, a new timeout feature, a view/edit source switch, a French translation, a change of license to Zpl 2.0, and more.PortalTransforms 1.0a1 released ! (ZopeMembers)
The first alpha release of PortalTransforms is available for the Zope platform. "It provides two new CMF tools in order to make MIME types based transformations on the portal contents and so an easy to way to plugin some new transformations for previously unsupported content types. You will find more info in the package's README and docs directory."
NewsMonster 1.0 Released (MozillaZine)
MozillaZine has an announcement for version 1.0 of NewsMonster, a cross-platform web log manager. "Come and get it gang! This build focuses on stability while we work hard on 1.1."
Web Services
A PHP Web Services Client (O'Reilly)
Adam Trachtenberg introduces SOAP and web services on O'Reilly. "Web services allow you to exchange information over HTTP using XML. When you want to find out the weather forecast for New York City, the current stock price of IBM, or the best-selling DVD according to Amazon.com, you can write a short script to gather that data in a format you can easily manipulate. From a developer's perspective, it's as if you're calling a local function that returns a value."
Miscellaneous
EVMS 2.1.0 released (SourceForge)
Version 2.1.0 of EVMS, the Enterprise Volume Management System, is available. "This release is for the new EVMS design, which is based on user-space volume discovery and communication with existing kernel drivers, such as MD/Software-RAID and Device-Mapper."
Desktop Applications
Audio Applications
gmorgan 0.01 released
The first release of gmorgan has been released. "Gmorgan is a .. Rhythm Station, an organ with auto-accompaniment. Uses MIDI and the ALSA sequencer for play the rhythm patterns. Styles, patterns and sounds, the mixer settings, can be edited and saved."
JACK Rack 1.4.2 announced
Version 1.4.2 of JACK Rack has been released and features a Russian translation as well as some bug fixes.Musik 0.1.2 released
Musik is an open-source, multi-platform multimedia library that supports mp3 and ogg formats. "New features include: unicode support, threaded operation, smoother playback, faster mp3 and ogg tagging, better drag and drop support, less flashing, new selection schemes, new user interface preferences, a profanity filter, and the beginnings of a web based interface to "remote control" playback."
Tkeca 2.0.0 Released!
Version 2.0.0 of Tkeca, the Tk GUI for Ecasound, has been released.
Desktop Environments
GNOME Development Series Desktop 2.3.3: (GnomeDesktop)
GnomeDesktop.org covers the release of the GNOME Development Series Desktop 2.3.3. "This release is a feature-frozen, development series snapshot. It is used by developers and testers as their day-to-day working desktop, nd is ready for wider testing by our user community."
GNOME Summary (GnomeDesktop)
Gnomedesktop.org has the announcement and feedback for the July 1-6, 2003 GNOME Summary. "So once again we are out with a new GNOME Summary, this time we look at some really cool new stuff like Nat Friedmans Dashboard and Jeff Waugh's new planet."
KDE Traffic #57
The July 2, 2003 issue of KDE Traffic is out. Topics include: KDE Release Plan take 2, KDE 3.1.3, Hex Editor Widget, System Modules for Control Center, and Privacy Control Center Module.KDE-CVS-Digest
The July 4, 2003 edition of the KDE-CVS-Digest is out. "This week in KDE-CVS-Digest: News about a new patch collection in qt-copy module, the Darwin port of KDE and Quanta. Optimizations in KSVG, listview and iconview modes."
GUI Packages
SPTK 2.0 alpha 4 released
Version 2.0 alpha 4 of SPTK, the Simply Powerful ToolKit, has been released and features a number of bug fixes.
Interoperability
Wine Traffic
Issue #177 of Wine Traffic is out. Topics include: Updated DLL Status Page, DirectShow / Quartz Patches, Fix For Kazaa Lite, Clipboard Problems, Wine Keyboard Handling, and Printing Out the Wine Version.
Mail Clients
Columba 0.11.0 (unstable) released (SourceForge)
Version 0.11.0 (Unstable) of Columba is available. "Columba is an email client written in Java, featuring a user-friendly graphical interface with wizards and internalionalization support. Its a powerful email management tool with features to enhance your productivity and communication."
Office Applications
AbiWord Weekly News
Issue #151 of the AbiWord Weekly News is out. The summary says: "Tomas expands the clipboard capabilities, MailMerge to become a new animal, Windows gets several big boosts and Beta2 soon to arrive. Also, one of the more productive weeks for the user discussions, on our mailing list and at FootNotes."
OpenOffice.org Newsletter
Volume 1 of the OpenOffice.org Newsletter has been published. Take a look for the latest OpenOffice.org development news.StarDict 2.2.1 released (GnomeDesktop)
Versions 2.2.1 of StarDict, an international dictionary for GNOME, has been announced.
Web Browsers
Mozilla Status Update
The July 4, 2003 Mozilla Status Update has been published. Topics include: Mozilla 1.4, Mozilla Thunderbird, Mozilla Firebird, Mozilla Calendar, Relicensing Scripts, CSS3 Support, Tree Status, and Staff Meeting Minutes.Mozilla Independent Status Reports
The latest round of Mozilla Independent Status Reports are out. The MozillaZine summary says: "The latest set of status reports includes updates from mozdev, Mnenhy, Mozex, MessageID-Finder, Tinderstatus, XULMaker and NeedleSearch."
Miscellaneous
ReciteWord-0.8.2 released (GnomeDesktop)
Version 0.8.2 of ReciteWord is available. "reciteword is education software developed using GTK 2 to help people study English and recite English words. It has a very beautiful interface to make reciting words an interesing thing. It can change skins, and comes with many sound events, including over 400 books for you to choose. It also includes a dictionary, which can also run separately."
Terminal Server Client 0.116 Released (GnomeDesktop)
GnomeDesktop.org has an announcement for version 0.116 of Terminal Server Client. "A new release of Terminal Server Client, a frontend for rdesktop and other remote desktop tools, has been unleashed. Version 0.116 fixes a lot of bugs that have been reported."
gnome-jabber v0.1.0 released! (GnomeDesktop)
GnomeDesktop.org has an announcement for a new version of gnome-jabber. "Anonymous George writes "The first ever version of gnome-jabber has now been released making full use of Gnome2 and GTK2. Gnome-jabber is an Instant Message Client for Gnome using the Jabber Protocol (which supports all major IM protocols, like ICQ, MSN, AIM, etc)."
Gossip 0.3 released (GnomeDesktop)
GnomeDesktop.org has an announcement for version 0.3 of Gossip. "Imendio is proud to announce the first release of Gossip, an easy to user Jabber client for the magnificent GNOME platform. What is Gossip? Gossip aims at making Jabber easy to use and tries to give GNOME users a real user friendly way of chatting with their friends."
Languages and Tools
Caml
Caml Weekly News
The July 1-8, 2003 edition of the Caml Weekly News is out with the latest Caml language news.The Caml Light / OCaml Hump
The latest Caml language additions on the Caml Light / OCaml Hump include CDuce: A strongly typed higher-order functional programming language for XML documents, IBAL: A general-purpose language for probabilistic modeling, parameter estimation and decision making, Fresh Objective Caml: An extension of OCaml with facilities for correctly manipulating object-language syntax involving alpha-convertible names and binding operations, and Flow Caml: A prototype implementation of an information flow analyzer for the Caml language.
FORTRAN
G95 x86-linux binaries available
Linux binaries of GNU Fortran 95 (G95) are available. "These include a complete FORALL implementation and some support for internal IO, amongst other things."
Java
Java-GNOME Bindings 0.8 Released (GnomeDesktop)
Version 0.8 of Java-GNOME Bindings has been announced. This version features support for GTK+ 2.x and GNOME 2.x.JDO Architectures (O'ReillyNet)
O'Reilly has published an excerpt from the book Java Data Objects. "In this excerpt from Java Data Objects, authors David Jordan and Craig Russell provide a high-level overview of the architectural aspects of JDO, as well as examples of environments in which JDO can be used."
Enhance the accessibility of your GUIs (IBM developerWorks)
Yannick Saillet covers GUI accessibility issues on IBM's devloperWorks. "One of the main characteristics of the JFC/Swing framework is its ability to use pluggable look-and-feel designs. The same application can be run with different look-and-feel designs without requiring any modification. In this article, Software Engineer Yannick Saillet explains the mechanism behind the Metal look and feel -- one of the standard look and feel designs provided with the J2SE platform -- and demonstrates how to modify it into a universal, customizable look and feel to accommodate special user needs, such as high contrast or large fonts for the visually impaired."
Perl
PerlBugAthon (use Perl)
Use Perl has announced the PerlBugAthon. "cwest writes "There are currently around 1450 open tickets in the perlbug database. Many of these are years old. Others are already resolved in current versions of perl. Some might not be bugs at all.The goal of the PerlBugAthon is to reduce the number of open tickets by 500. We have a week to make it happen."
This Week on perl5-porters (use Perl)
The June 30 - July 6, 2003 edition of This Week on perl5-porters is online. "As the next maintenance release of perl is getting closer, the porters are still fixing bugs. Among the subjects that have been investigated this week, we can remember some hash-ordering-dependent bugs, process name problems, and more syntactic issues."
This week on Perl 6 (O'Reilly)
The July 06, 2003 edition of This week on Perl 6 is out with lots of Parrot information.Project Ponie: Perl On New Internals Engine (use Perl)
UsePerl reports on Larry Wall's new Ponie project. "acme writes "Today at his State of the Onion speech during the 2003 O'Reilly Open Source Convention, Larry Wall announced the Ponie project (somewhere within his legendary humorous presentation). Ponie involves rewriting central parts of the Perl 5 interpreter to run on Parrot, the Perl 6 virtual machine, including a C API emulation layer to make existing XS code work."
PHP
PHP Weekly Summary for July 7, 2003
The PHP Weekly Summary for July 7, 2003 is out. Topics include: PHP 5 beta 1 comments, TODO list for Beta 2, Reflection API, Renaming php4* to php5*, PCRE extension changes, No official PHP 5 documentation yet, SQLlite and sessions.
Python
Python 2.3b2 (SourceForge)
SourceForge has an announcement for Python version 2.3b2. "Python 2.3b2 has been released (29-Jun-2003). We encourage you to test your applications with this release, as we plan on a final Python 2.3 release by early August."
Dr. Dobb's Python-URL!
The July 7, 2003 edition of Dr. Dobb's Python-URL! is out with the week's Python language development news.
Ruby
Ruby/Java Integration Through JNI
Dmitry Borodaenko has sent us an announcement for a project called RJNI that involves mapping the JNI API as an extension to Ruby. "Combining the vast set of Java libraries with the power of Ruby language has all the potenti[al] to become a serious breakthrough in application development."
Scheme
Scheme Weekly News
The July 7, 2003 edition of the Scheme Weekly News is out with the latest Scheme language developments.
Tcl/Tk
Dr. Dobb's Tcl-URL!
The July 7, 2003 edition of Dr. Dobb's Tcl-URL! is available for your reading pleasure.
XML
XML Publishing with Cocoon 2, Part 1 (O'ReillyNet)
David Cummings and Collin VanDyck introduce Cocoon in part 1 of a 2 part series on O'Reilly. "Apache Cocoon is an XML-publishing framework that allows you to uild powerful applications from customized components. Yeah, that's a mouthful. Collin VanDyck and David Cummings demonstrate Cocoon's sitemap and XML generation capabilities."
XML Data Bindings in Python, Part 2 (O'Reilly)
Uche Ogbuji continues his series on XML Data Bindings in Python with part 2. "In my last article I started a discussion of data bindings for Python with a close look at generateDS.py. This time I'll look at another package, gnosis.xml.objectify from David Mertz's Gnosis Utilities."
Debunking SAML myths and misunderstandings
Frank Cohen writes about SAML on IBM's developerWorks. "At the beginning of 2003, the OASIS group approved the Security Assertion Markup Language (SAML) specification. With 55 individuals from 25 companies participating, one would think SAML does everything and would be well understood. Instead, misconceptions about SAML exist in the software development community. In this article, Frank Cohen details and debunks many of the myths and misunderstandings surrounding SAML."
Page editor: Forrest Cook
Linux in the news
Recommended Reading
Linux lab hires second guru (News.com)
News.com reports that Andrew Morton is also joining the Open-Source Development Lab and also names him as the primary 2.6 kernel maintainer. "Although OSDL will fund Morton to work full time on the 2.6 kernel, he'll retain his principal engineer title at Digeo, which makes set-top boxes."
Hacker group releases software-only Xbox mod details (Register)
The Register reports that Free-X has now released details of their software-only Xbox security exploits. "Last night, in a statement from the Free-X hackers, the team said that its attempts to contact Microsoft had been rebuffed, and a meeting arranged with a Microsoft representative had been cancelled at the last minute. The group is now believed to have released details of its exploit (being called the "Fourth of July hack" in some quarters) onto certain Internet mailing lists."
The mozdev site is back online
The mozdev site was taken down by a distributed denial of service last week. The site is now back online and is mostly functional. Mozdev is now running on new server hardware.
Companies
Microsoft antitrust case takes Linux twist (News.com)
News.com looks at the continuing saga of the Microsoft antitrust case and allegations that Microsoft has retaliated against a computer maker for promoting Linux. "A Microsoft representative denied the allegations. "Microsoft's compliance is being closely monitored, and the consent decree is being closely enforced," spokesman Jim Desler said on Monday."
Microsoft, Open Source Leaders Coming Together (eWeek)
eWeek talks to Microsoft people at OSCON. "Jason Matusow, manager of Microsoft's Shared Source Initiative, told eWEEK on Monday that the Redmond, Wash., software company's specific goal at the conference is "participation.""
SCO takes Linux case to Japan (News.com)
News.com covers SCO's fishing expedition to Japan. "McBride will try to outline SCO's position to Asian business leaders, many of whom already pay SCO to use Unix, Stowell said. "This trip is partly to explain to them our position with our current dealings with IBM," he said. "It's also to see where we're at, with them, in terms of the Unix license that many of them already have." Gordon Haff, an analyst with research firm Illuminata, saw the overseas trip as more of a fishing expedition for SCO."
Linux Adoption
Group urges Australian governments to adopt open standards (The Age)
The Age reports that Open Source Victoria has urged the Australian Federal and State governments to mandate the use of open, documented and inter-operable file formats and data communication protocols. "Consultations within the group had shown that such policies would attract widespread support across the political spectrum, OSV said, adding that if this mix of purchasing policies was adopted, Free and Open Source Software such as Linux would be the best route to fulfilling these requirements, but all technologies could compete openly and fairly." (Thanks to Vladimir Likic)
EDC: Enterprise interest in Linux not abating (ZDNet)
ZDNet Australia takes a brief look at an Evans Data survey. "EDC's bi-annual survey of enterprise software developers in the U.S. found a 24 percent jump in the number of respondents employed by enterprises using Linux on corporate servers over the last 12 months." (Thanks to Con Zymaris)
Technische Universität München opts for Zope and Open Source (ZopeMembers)
Zope Members News reports on the adoption of Linux and Zope by the Technische Universität München. "One of the leading European universities, the Technische Universität München (TUM), with over 20000 students and 9000 employees has decided in favor of the powerful and well established open source product Zope as base for its future internet platform. The objective on the one hand is to gain permanent independence from specific vendors and to dramatically reduce license and maintenance costs, on the other hand to obtain a flexible and powerful platform for web based services and information systems."
Legal
Linux Access in State and Local Government, Part IV (Linux Journal)
Linux Journal takes a look at the process of getting legislation passed at the state level of government. "Other ways of initiating legislation exist. In the circumstances of open-source legislation, sponsors' constituents began by presenting a business case. For example, I presented an argument based on cost savings. My senator (Senator Carona of Texas) liked the idea and moved forward. According to Carona's senator's aide, I presented more research than was needed. Most lobbyists or special interests achieve results with far less information. Fortunately, Senator Carona knew about Linux and open-source software as a businessperson."
Interviews
Securing Linux (The Age)
The Australian magazine The Age interviews Russel Coker about his work on SE-Linux. "On the community front, he has ported and packaged SELinux for Debian GNU/Linux and now handed off maintenance of the package for Debian stable to fellow Australian, Brian May."
An Interview with the Author of Practical mod_perl (O'Reilly)
O'Reilly has published an interview of Stas Bekman, author of Practical mod_perl. "Stas Bekman is a long-time contributor to mod_perl. In addition to writing the mod_perl guide, he's also coauthor of the recently released Practical mod_perl. Stas recently agreed to a brief email interview about his work, mod_perl 2, and what it's like to be sponsored to work on free software full-time."
Resources
Asterisk: A Bare-Bones VoIP Example (O'ReillyNet)
O'Reilly has an article by John Todd on Asterisk. "Asterisk is both an open source toolkit for telephony applications and a full-featured PBX application. Learn how to configure a simple telephone system with Asterisk in this tutorial."
LDAP Programming in Python (Linux Journal)
Linux Journal has a HOW-To article on LDAP programming in Python. "Most major programming languages have an LDAP API, but I chose to use Python because it is perhaps the easiest and clearest language with which to demonstrate. If you do not already understand the basics of the Python programming language and LDAP, you probably should come back to this tutorial after you have become better acquainted with them."
Reviews
A users look at changes in Nautilus since 2.2 (GnomeDesktop)
GnomeDesktop features a review of the latest Nautilus features. "I am a simple Gnome user and have been following Nautilus's cvs Changelog during its 2.3 development. Now as Gnome has reached it's feature freeze state and I thought about listing the major changes. The main reason I decided to do this was because of how immensely impressed I was with Nautilus's improvement from 2.2 and how practically most of the things that people said they felt missing were taken care of."
Mozilla 1.4 and Netscape 7.1 News and Reviews (MozillaZine)
MozillaZine points to a large number of reviews of Mozilla 1.4 and Netscape 7.1.TVBrick to pump Japanese TV across Net (Register)
The Register covers French open source software company Nexedi as it launches TVBrick. "TVBrick works something like this. At home, in Japan, you connect your TVBrick to your TV and to the Internet via a broadband link. When you're away, you can use a standard PC, again connected by broadband, to log into your TVBrick and start watching. Nexedi also offers what it calls the TVBrick Player, a simple playback system for users without a PC in their remote location."
Sticking with it -- Zope
Edd Dumbill writes about Zope on his blog site. "When I saw Zope, I realised that it was pretty much my dream come true. Zope's huge advantage is the way that functionality can be deployed in reusable "products" that can be dropped into a site. For example, navigation elements. Then I hit the other side of Zope, the steep learning curve! In the earlier days, however much you admired the ideas behind Zope, the learning curve hit you hard. Still, there was enough of value to me there, as well as a friendly and helpful community, and I put Zope to work."
Miscellaneous
Linux Users Standing Fast Despite SCO Legal Threats, InternetWeek Readers Say (TechWeb)
Tech Web reports that SCO's Linux lawsuit and threats seem to be having little affect on IT managers except to make them angry. "Fully 91 percent of people responding to an InternetWeek Reader Question said they will not change their Linux deployment plans as a result of SCO's actions."
Page editor: Forrest Cook
Announcements
Non-Commercial announcements
Gnumeric's 5 year anniversary
The Gnumeric spreadsheet has reached its five year anniversary. "This seemed like a good time to thank all the people who have contributed to Gnumeric over the years. We're about to start the run up to the the next stable release which will be out in a few weeks. We look forward to continuing work with the GNOME community to produce the most powerful spreadsheet in the world."
Mozilla Calendar Project Lead Mike Potter Retires (MozillaZine)
MozillaZine reports on the changing of the lead of the Mozilla Calendar Project. "Mike Potter retired as the lead of the Mozilla Calendar project. Mostafa Hosseini has now taken over Mike's duties, which include reviewing patches, checking in code, creating new builds and updating the project website."
Commercial announcements
Out-of-the-Box 2.1 Java project collection
A collection of open-source Java projects has been put together by EJB Solutions, Inc. "EJB Solutions, Inc. today announced the immediate availability of Out-of-the-Box 2.1, an intelligent distribution of over 100 Open Source projects for Java(r) and LAMP developers. This version marks the first release to fully support LAMP developers."
Interact-TV ships Digital Entertainment Centers
Interact-TV is offering a Linux-based digital entertainment system. "Interact-TV(tm), a leading innovator in home entertainment technology, today began shipping the Telly(tm) MC1000 Digital Entertainment Center throughout the country-the first fully customizable and expandable digital entertainment system."
Neverwinter Nights release for Linux
A Linux version of the role playing game Neverwinter Nights is now available.Pogo Linux and MySQL AB Announce Partnership to Deliver First MySQL Database Appliance
Pogo Linux Inc. and MySQL AB have announced a partnership to build the first MySQL(R) database appliance, a pre-configured, fully-integrated hardware/software offering. The database appliance, the DataWare 2600 Server, will be shown at OSCON.Sistina Software Announces Sistina GFS 5.2
Sistina Software has announced the release of Sistina GFS (Global File System) version 5.2 for the Intel Architecture.Softbank Uway Selects Linux and the IBM eServer z990 Mainframe
Here's a press release from Korea's Softbank Uway announcing that the company has replaced 45 database and Web servers from HP and Sun with one IBM eServer z990 mainframe, running Linux.SourceForge.Net Update
SourceForge has published a site status update for June 20, 2003. "One of our biggest challenges in managing SourceForge.net has been handling our growth. With approximately 70 new Open Source Projects and 700 new registered users being added to the site each day, it can be quite a trick trying to stay ahead of the curve. This month I want to mention two improvements that are noteworthy. The first is project search. You can read about it below, but essentially the average time for searching for projects (using the left navbar) been reduced from 30 seconds to 1 second. The second is the beginning of the process of weeding out "dead" projects."
"Google Pocket Guide" Released by O'Reilly
O'Reilly has published the "Google Pocket Guide", a guide to using the google search engine."Perl 6 Essentials" Released by O'Reilly
O'Reilly has published the book "Perl 6 Essentials".
Resources
Linux Gazette #92 is out
The July 2003 edition of Linux Gazette is available. This issue contains select() on Message Queue, by Hyouck "Hawk" Kim; Linux to Save the Health of the World, by Janine M Lodato; My Open Radio, by Mark Nielsen; and much more.Linux Focus July 2003
The July issue of LinuxFocus is available. This month you can read about Going 3D with Blender; Building an autonomous light finder robot; A GNUstep "small apps" tour; A 1 Bit Data Scope; and more.LDP Weekly News
The July 8, 2003 edition of the Linux Documentation Project Weekly News is out with the latest documentation news for Linux.LPI-News June 2003
The June edition of the Linux Professional Institute newsletter is out. This month's issue looks at LPI's redesigned web site; volunteers are needed to translate the web site into different languages; LPI at Linux User and Developer conference; LPI in Brazil; Linux training; OSCON; and much more.
Upcoming Events
KDE Presence at LinuxTag 2003 (Karlsruhe, Germany)
KDE.News previews the KDE presence at LinuxTag 2003 in Karlsruhe, Germany. "The KDE Project's primary focus this year will be the latest stable KDE release, KDE 3.1.2, though KDE volunteers will also demonstrate other KDE programs like the KDE PIM family including the pcoming integrated personal information suite Kontact, the KOffice suite and the development tool KDevelop."
ZOPE at LinuxTag in Germany (ZopeMembers)
ZopeMembers has posted a reminder that the Deutsche/German User ZOPE Group will be present at the Linux Tag conference in Karlsruhe, Germany on July 10-13, 2003.Miguel de Icaza to Present Mono Project Update and Successes at OSCon Keynote
Ximian CTO Miguel de Icaza will present a keynote address at the O'Reilly Open Source Convention, which begins Wednesday. His presentation will provide an update on the Mono Project and highlight early Mono adoption.Events: July 10 - September 4, 2003
| Date | Event | Location |
|---|---|---|
| July 10 - 11, 2003 | O'Reilly Open Source Convention 2003(OSCON) | (Portland Marriot)Portland, Oregon |
| July 10 - 13, 2003 | LinuxTag | Karlsruhe, Germany |
| July 10 - 12, 2003 | Libre Software Meeting | Metz, France |
| July 12 - 17, 2003 | Debcamp | Oslo, Norway |
| July 18 - 20, 2003 | Debconf 3 | (The University of Oslo)Oslo, Norway |
| July 23 - 26, 2003 | Ottawa Linux Symposium | Ottawa Canada |
| July 23 - 25, 2003 | YAPC::Europe 2003 | (CNAM Conservatory)Paris, France |
| July 25 - 27, 2003 | Fifth Annual Linux Festival in Kaluga Region | (bank of the river Protva)Kaluga region, Russia |
| July 29 - August 2, 2003 | The 10th Annual Tcl/Tk Conference | Ann Arbor, Michigan |
| July 31 - August 3, 2003 | UKUUG Linux Developers' Conference(LINUX 2003) | (George Watson's College)Edinburgh Scotland |
| August 4 - 7, 2003 | LinuxWorld Conference and Expo 2003 | (Moscone Convention Center)San Francisco, CA |
| August 5 - 7, 2003 | 5th Annual CERT Conference(NEbraskaCERT) | (Scott Conference Center)Omaha, NE USA |
| August 7 - 10, 2003 | Chaos Communication Camp 2003 | Paulshof, Altlandsberg, Germany |
| August 18 - 21, 2003 | New Security Paradigms Workshop 2003(NSPW 2003) | (Centro Stefano Francini)Ascona, Switzerland |
| August 23 - 25, 2003 | KDE Developers' Conference | (Zamek Castle)Nove Hrady, Czech Republic |
| August 27 - 29, 2003 | International Conference on Principles and Practice of Declarative Programming(PPDP 2003) | (Uppsala University)Uppsala, Sweden |
| September 3 - 4, 2003 | LinuxWorld Conference & Expo | (The NEC)Birmingham, UK |
Event Reports
Europython conference report, day 3
Stéfane Fermigier has sent in a report for day 3 of the Europython conference.EuroPython 2003 reviews
Two new reports are available from the EuroPython 2003 conference. Jarno Virtanen describes the event in Some general thoughts on EuroPython 2003, and Michael Hudson has contributed his EuroPython 2003 diary. These articles were found on the Daily Python-URL, which also features Guido Van Rossum's Powerpoint slides for the State of the Python Union keynote speech.Report from the OMG Information Days In Europe
A report has been published for the OMG Information Days traveling conference that was recently held in Europe. "The OMG Information Days offered information on the MDA approach and related standards like the XML Metadata Interchange (XMI), CORBA, and UML. Issues such as scalability, availability, integration with legacy systems, integration with EJB and other technologies such as XML, SOAP, and .NET, were discussed in detail." Thanks to Milos Gedosev.
OSCON links and resources (O'ReillyNet)
0'Reilly's 2003 Open Source Convention is in high gear. This page contains links to articles, announcements and pictures from OSCON.GUADEC 4 Slides and Paper - GNOME Documentation: Past, Present, and Future (GnomeDesktop)
GnomeDesktop.org mentions the availability of a set of papers and slides on GNOME Documentation that were presented at the GUADEC conference.
Web sites
Keith's PHP Editors
Keith Edmund's PHP Editors page, which currently lists 105 PHP editing packages, has been moved to a new site.New Section on the KOrganizer Website: Calendars
KDE.News mentions a new KOrganizer web site section. "The KOrganizer website has a new section covering information about sharing and exchanging iCal calendars. First, we have an overview over calendar sites, websites offering calendars in iCal format. These sites have a huge offer of downloadable iCal calendars covering arts, culture, economics, finance, government, science, sports and many more. The second page offers the so called hot new stuff calendars that are available via the new 'Get Hot New Stuff' feature in KOrganizer."
Software announcements
This week's software announcements
Here are the software announcements, courtesy of Freshmeat.net. They are available in two formats:
- Sorted alphabetically,
- Sorted by license.
Page editor: Forrest Cook
Letters to the editor
PLEASE do some real research before sounding off!
| From: | Leon Brooks <leon@cyberknights.com.au> | |
| To: | john.parkinson@cgey.com | |
| Subject: | PLEASE do some real research before sounding off! | |
| Date: | Thu, 3 Jul 2003 18:17:58 +0800 | |
| Cc: | thorgan@cio.com, koch@cio.com, letters@lwn.net |
Dear John Quoting http://www.cio.com/archive/070103/et_pundit.html - > Second, a lot of the intellectual property in Linux is actually > owned by companies that never officially agreed to make it > available under an open-source license. I'd like to see it named. If it is *ever* named, I can promise you it will be replaced with dizzying speed. The SCO Group (TSG, they are not The Santa Cruz Operation) won't tell us which of the IP they claim as their own supposedly is contained in Linux. Mind you, TSG are claiming that everything since Babbage and Lovelace is conceptually included in their flavour of UNIX, which they have some licencing rights to (no patents, no trademark rights, and no official copyrights) and therefore they own everyone's OS, even Microsoft's. Please, since you're obviously clear on what IP is involved, identify it for us so that we can wash our hands of it! We play our cards with an open hand, John Parkinson. Everybody can see everything on our table. It makes no sense at all for us to steal code from anybody, because we know that it's out there for them to see, inspect, cross-reference, search, compare. If TSG had any real evidence of plagiarism, they need only show it to us and it's gone, rewritten in a flash. The fact that they have so totally sanitised the handful of "evidence" so far seen (under NDA) that it can't possibly be identified among the 3 or 4 million lines of code in Linux speaks volumes for the weakness of their case. I would expect TSG to sue people, and so should you - *if* you had done any serious research. Darl McBride has a history of being a suer, and The Canopy Group (the effective owners of TSG) are long-time suers too. If not Linux companies, then someone else. Their barratry is against IBM alone, not any other Linux company or user, and it's over contractual limitations, not over patents or copyrights. TSG are disputing software that they never wrote. > But there are others, including Microsoft, that could do the same > if they chose. Yes, Microsoft are certainly at liberty to sue - but over what? Microsoft's NT-series code-base is derived from MICA, a Vax/VMS variant so totally different to Linux even before it became MS-Windows that it would be much easier to write a new component from scratch than to try bending MS-Windows code to fit Linux. MS-Windows is alien to everything else. Linux, OS X, BeOS, Irix, FreeBSD all have more practices in common between them than MS-Windows has with anything else. It's worth noting that VMS features military-grade security which can be enabled with very little effort, but MS-Windows NT and derivatives are notorious for their lack of security (to say nothing of MS-Windows 9X). Many of my own customers asked me to install Linux for them specifically because they knew it was more secure and robust than the MS-Windows systems they had previously been using. > Open-source software is free in the sense of "free speech" > (which carries with it the connotations of certain rights > and obligations), not "free ride" (which implies something > for nothing). It can be both. The whole concept of price is a bit outdated when applied to Free/Open Source Software (FOSS). Someone who writes and releases FOSS can be "paid" in fame, in people improving his/her software for free, in people writing and improving related software for free, in work that was previously unavailable, in many ways. For the company employing FOSS, the up-front cost can make a significant difference, and despite the many other advantages of FOSS it is often cited as the primary reason for adoption. But the real advantages of FOSS lie elsewhere, and the bigger ones are implicit in not being owned by a company. Microsoft's software, for example, can never enjoy these benefits to the same degree. When a Microsoft employee writes software, it is Microsoft's software, not his/her own. When a FOSS programmer writes software, (s)he owns it. This one factor makes an enormous difference to the quality of product and responsiveness of support as viewed by the end user. When a program is FOSS, somebody else can audit it for security flaws or useability, and change things to see what effect it has. This is much more effective than a company doing its own auditing, since the auditor brings very little of the author's corporate culture to the table with them; they test things in different and unexpected ways and so find more flaws. When a program is FOSS, the authors are not as isolated from the end users as they are in a corporation. The feedback loop is so tight that it squeaks. When their program fails, the authors hear about it directly. They are often able to ask detailed questions on the spot that an ex-waiter with a tech-support knowledge base would never even think of. When a program is FOSS, there's no doubt or prevarication about how it achieves any particular task. As well as debug-and-trace on a program that you're trying to get interoperating with it, you have complete access to the FOSS program for step-by-step and fine-grained diagnoses. And of course no point in mystery protocols or proprietary barnacles like lumps of binary amid one's XML. If you want to learn about how a program, process or protocol works, you have a working practical real-world example before you to tweak and prod to your heart's content. Nobody can force you to upgrade a FOSS program or accept new, intrusive, insecure, unstable or dangerous features of it; the same cannot be said of software with something to hide. There are many, many ways besides the obvious ones in which FOSS saves you money, not just up front but also in TCO. Many of the TCO studies that I've seen do not even address these, yet time and time again I've seen an attribute peculiar to FOSS save an office several thousand dollars in consultancy time in ways that secret software could not. > By my count, Red Hat issued more critical patches to its Linux > distribution in 2002 than did Microsoft for the Windows 2000 > Server. Which of RedHat's many Linux distributions? Did you remember to also count the patches for MS-SQL Server, MS-Office, MS-Exchange, MS-Outlook, Microsoft's games and so on? Most modern Linux distributions include at least two each of SQL database servers, web servers, FTP servers, full-strength mail transfer agents, office suites, web browsers, email clients, instant messenger clients, multimedia players, integrated development environments, the list is endless. If Microsoft sold a CAD package, we'd even have something to compare patches with against with QCAD and friends. From Microsoft, you get Windows, from Linux distributors, you get a full house. If you're going to compare, it must be on an apples-to-apples basis. > The most successful open-source movement prior to Linux was the > hacker movement That statement is without rational meaning. There was no "hacker movement". People swapped recipes long before Richard Stallman was born; his GNU tools long predate Linux (many of them predate the GNU Manifesto you mention) and were in their time wildly successful. You mean "crackers" anyway, not "hackers". A cracker is malicious and destructive, a hacker is benign and constructive. Many crackers claim to be hackers, but they're mere wannabees. Hardware hackers basically invented computers, built the working implementations that led to what you sit in front of today. All crackers really do is write viruses, boast, and destroy stuff. Crackers are not predisposed to opening their sources, and often entertain themselves by burying unannounced back-doors in the closed-source "root kits" that they do release. Back Orifice, for example, is not Open Source. > not exactly the kind of folks that corporate decision-makers > want associated with their platform software What you have done here is create that association ex nihilo. Without careless, destructive and purportedly authoritative statements along these lines, no other association between crackers and the people making quality FOSS code exists or can exist. Have a look at the list of authors that contribute to a typical FOSS project: engineers, IT managers, scientists, system administrators. They are talented, constructive people. They exemplify the *enemies* of the destructive people you here claim sit in their places. Do you get both fresh water and salt from the same spring? Do car thieves suddenly turn around to tune your car, add a towbar and fix any scratches for free? To say that your assertion insults me as a FOSS developer is a gross understatement. > Some of these folks (reportedly from the fringes of the > open-source community) surfaced last week and shut down the > SCO website with a targeted denial-of-service attack that > used knowledge of Linux's innerworkings to improve its > effectiveness. And your evidence for that is...? Who reported that? Wouldn't it make more sense to assume that the attackers were black-hats glad to feel justified in doing something destructive? If you're going to badmouth people, John, at least have enough sense to be able to defend yourself against the libel charges when they arrive. > Is open source mature yet? Probably not-but it's certainly > getting closer. This statement is completely meaningless without comparison, and mostly meaningless with it. And do you use the software you damn with mixed praise? Would you really know what it's like? Is KMail more mature than virus-flypaper MS-Outlook? Yes. Is PostFix more mature than resource-hog management-nightmare MS-Exchange? Yes. Is Linux more mature than lets-shove-everything-in-slash-etc SCO? Yes. Is The GIMP more mature than PhotoShop? No, but it can do things that PhotoShop can't. Is Apache more mature than IIS? Yes. Is OpenOffice.org more mature than MS-Office? That depends on what you're doing with it. Software will never be "mature." There will always be more things you can do with it, more areas it can include and which it will be immature. You should be asking questions like "Is a FOSS product available to do X which is at least as functional, secure and reliable as its secret counterparts?" How does FOSS stack up on those terms? Web server? Check. FTP server? Check. SQL database? Check. File server? Check. Office suite? Check. Operating system? Check. VPN technology? Check. Mail application? Check. Web browser? Check. CD/DVD burner? Check. Development suite? Check. Sound editor? Check. Clustering? Check. Network management? Check. And so on. Pick a topic. Many of those are wildly more successful than most privately held counterparts, and/or have two or more candidates for the slot. For examples: Linux is pushing for the top seats in clustered computing, the same Linux that runs your workstation and maybe your router. The only other systems which seriously compete with it in the supercomputer arena are purpose-built Unices. Microsoft competes in TPC benchmarks only by using machines with twice the horsepower. Apache powers more than twice as many websites as IIS. Yes, "and so on". > Encouraging independent developers is an important part of the > innovation process in the software industry; and widely shared, > adequately protected intellectual property is a powerful > incentive for innovation. You're describing the GPL. It encourages independent development by adequately protecting the intellectual property of FOSS developers against poaching, and innovation by providing enough prerequisites that each innovator doesn't have to re-invent the wheel by themselves. But your article doesn't encourage independent development, it actively discourages it by undermining confidence in the very breed of software which is presently undergoing the most innovation. The bottom line is that the "issues" you raise are all phantoms, mostly wrong and often insulting. If you were trying to write a balanced article, you failed. If you were trying to cast destructive doubt upon Linux, you succeeded. Naysayers will be pointing to your article for years to come, not because they think it is in any way fair or balanced but because of the fear-inducing assertions in it. I'd very much appreciate you publishing a retraction. Cheers; Leon -- http://cyberknights.com.au/ Modern tools; traditional dedication http://plug.linux.org.au/ Committee Member, Perth Linux User Group http://slpwa.asn.au/ Committee Member, Linux Professionals WA http://linux.org.au/ Committee Member, Linux Australia
Opinion Piece: Taking the wind out of SCO's sails
| From: | "conradsandx ." <conradsandx -at- junglemate -dot- com> | |
| To: | <editor@lwn.net>, <lwn@lwn.net> | |
| Subject: | Opinion Piece: Taking the wind out of SCO's sails | |
| Date: | Thu, 3 Jul 2003 13:40:27 -0000 |
Opinion Piece: Taking the wind out of SCO's sails
The open-source community prides itself in being able to develop
useful and good quality software as well as quickly addressing bugs
& security issues. If a problem/obstacle appears on our path, we fix
it or work around it.
Why not take this to the next step, and apply it to legal matters ?
What I'm talking about is taking the wind out of SCO's sails,
by removing and/or replacing the code in the Linux kernel that
they have contention with; we have a pretty good idea what this
code is (I'll expand on this point later). While pre-emptively removing
code may seem like capitulating to SCO, it is not. We can always put
the code back in after the SCO vs IBM dust settles.
In the larger picture we all want the Linux/GNU system to replace
expensive and closed proprietary systems. To do this, we need the right
atmosphere, which has been brewing for quite some time. The problem
here is that SCO's legal actions have put question marks around
open-source software in people's minds (never mind that only the Linux
kernel is affected) - in effect the atmosphere for open-source is being poisoned.
Incidentally (or on purpose), this benefits Microsoft. The SCO vs IBM
lawsuit can last for _years_, with the very real possibility of stifling adoption
of open-source products for the foreseeable future.
We have a pretty good idea what areas in the Linux kernel SCO has
a problem with. After all, they're suing IBM, so the contributions
must have come from IBM (or from the companies that IBM recently
acquired, such as Sequent). Specifically, we have a clear idea that
the problem is with NUMA {Non Uniform Memory access} and
RCU {Read Copy Update} (see [1] and [2] for more information on this).
IBM's JFS should also be removed. I have nothing against JFS,
but what is at stake here is more than a replaceable file system;
moreover, I don't know how many people actually use JFS, but I'd
put a bet that it's a lot less than other journaling systems,
such as Ext3 and ReiserFS.
There's also the question of SMP. I'm not suggesting that SMP should
be removed (after all, the Linux kernel had SMP way before IBM got
interested in it) but a careful search should be done to see if IBM has
contributed to the SMP infrastructure.
I'm sure that Linux will be slower without NUMA and RCU, but it will
still work. Some people could be annoyed at the removal of JFS, but
we have other journaling file systems. As mentioned before, these
removed pieces could be put back in, once the legal wrangling is over.
In the meantime, the open-source community would have shown that
it is serious about respecting intellectual property rights (even if SCO's
case is proven to be baloney), which would go a long way to repairing
the atmosphere; ... and a good atmosphere is needed for the progress
of open-source.
References
[1] "Does SCO own read-copy-update?", http://lwn.net/Articles/36164/
[2] "Analyst who saw SCO 'evidence' ...",
http://www.theage.com.au/articles/2003/06/13/1055220751243.html
Other Relevant Links
[3] "FSF Statement ...", http://www.fsf.org/philosophy/sco-statement.html
[4] "Penguin on Thin Ice?", http://writ.news.findlaw.com/commentary/20030626_chander.html
[5] "OSI Position Paper ...", http://www.opensource.org/sco-vs-ibm.html
FORBES PICK - Professional Groupware Service
Share Calendars, Files, Contacts & Eliminate SPAM!
Click to learn more: http://www.norada.com
Page editor: Forrest Cook