LWN Weekly Edition
Leading itemsSecurity
Kernel development
Distributions
Development
Linux in Business
Linux in the news
Announcements
Letters to the editor
->Multipage format
This page
Previous weekFollowing week
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
LWN.net Weekly Edition for July 11, 2002The European Commission's open source software poolThe European Commission sent out a press release on July 8 announcing a new report it had published on sharing of open source software between European governments. Those who are interested can get the full report as a 3 MB PDF file; for the rest of you, we have read it through and distilled out the main points.The focus of this report is relatively narrow. The Commission is not trying to promote open source in general, and it is not trying to get governments to use free software desktops. Instead:
The object of the study is the specialized software produced by the
public authorities across Europe, to respond to the administration
or more generally to eGovernment needs: administration of roads,
hospitals and public health, education, tax payment and recovery,
justice, territory management.
In other words, the Commission thinks that open software can maybe help keep the trains running on time. Performing these governmental tasks requires large amounts of custom software. In general, there is not a market for this kind of administrative software, since there are so few buyers. So governments end up writing their own. And that, of course, leads to the obvious question:
...rather than to develop nearly identical solutions separately,
why not adopt the open source development model to share the cost
between a broader (trans-border) development team?
The open source case is helped by the fact that governments will, in general, need to be able to adapt any shared software to their particular needs. So the report's authors envision setting up a "Pool of Open Source Software" (POSS) portal where governments could share their software. The end result looks very much like a multilingual, restricted access version of SourceForge. They have already picked out the components they expect to use in the creation of this portal: Linux, Apache, ProFTPd, MySQL, phpMyAdmin, exim or sendmail, mailman, python, fetchmail, webalizer, PHP, cvs, sourceforge, OpenSSH, etc. They picked open source tools "to reinforce the credibility" of the project, "although we do not consider this requirement as a technical one." Running this project is expected to cost about EUR 6 million over five years. Much space is dedicated to worrying about licenses, patents, and liability. Governments, it is said, satisfy two criteria that make them especially prone to litigation: they are easy to find, and they have deep pockets. So a licensing or liability issue that attracts little attention when a small company or development group is involved could turn into a big court case for a governmental agency. To avoid such troubles, the report authors want to nail down a number of legal items with more than the usual amount of precision. For example, very few free software licenses specify where any disputes should be resolved. The report states that the license for any software distributed through POSS should be augmented (with a separate agreement, perhaps) by a statement of jurisdiction. If a licensing issue goes to court, they want to know which court. Similarly, they want a declaration of which country's laws apply in a dispute. Patents are a concern as well; the report seems to accept that software patents are in Europe's future. There is a discussion of an IBM submarine patent in the ebXML specification as an example of the sort of trouble that can come up. The report concludes:
A practical consequence of software patentability regarding the
publication or the pooling of open source software inside the POSS
is the requirement to investigate on possible patents, in order to
avoid legal hassles and even higher costs.
The report has no suggestions, though, on how to find all of the potential patent problems in a given piece of software. Then, there is the issue of liability for software-related problems. The report writers worry that the standard liability exclusions found in both free and proprietary licenses may not be legally valid. They hope to address this problem by instituting a review process within the POSS system - though it's hard to imagine how this group could, with confidence, issue a clean bill of health for any package. There is one other component to the report's solution to licensing, patent, and liability issues: restricting access to the software to "public administrations," initially in Europe only. With a restricted user base, contracts can be signed that give the POSS system - and those contributing software to it - a better handle on the various legal issues. A "public administration" which obtained software from the system could, of course, redistribute it under the terms of its (open source) license; they would, then, take on the related legal issues. In practice, it would not be surprising if very few government agencies redistributed software obtained from POSS. In other words, the software involved may be open source, but there are limits to the openness of POSS. European Union citizens wanting to look at the code used by their government may have a hard time getting access - even though said code is, in theory, under an open source license. POSS looks more like a private code sharing club than a true open source project. Sharing code may be helpful for governmental efficiency, but the "members only" approach could deprive both governments and citizens of many of the advantages of truly free software.
The end of the road for the 2600 caseThe Electronic Frontier Foundation has issued a press release on the abandonment of the 2600 DVD case, which will not be appealed to the Supreme Court. This marks the end of one of the more prominent DMCA cases, and it sets some unfortunate precedents - at least, in the second federal court circuit. The ban on a piece of software as a "circumvention device" remains intact, and, chillingly, it is fine for the government to prohibit linking to content that it does not like.The EFF's position is that this is not the right case to take to the Supreme Court - the end result would be much the same as with the lower courts. It is true that the EFF's resources are limited and should not be expended tilting at windmills. One can only hope that the right case comes along and we can begin to put a stop to the erosion of freedom in the name of protecting intellectual property.
A few site changesA few small changes have been made to the site, in response to user requests. They include:
There are many other enhancements we would like to make to the site if we can keep things going long enough. If you have not already done so, please consider donating to LWN or advertising to help keep LWN on the air.
Security Brief items Squid Security Update Advisory 2002:3The Squid proxy server project has released Squid-2.4.STABLE7, which contains several security fixes. Some of the vulnerabilities are thought to be remotely exploitable. If you are running Squid, you should be looking to upgrade. Vendor alerts are listed in the vulnerability report as we get them.
Security reports Local artsd real time shell vulnerabilityOlaf Kirch looks at a posted artsd exploit (implemented using artswrapper). A local attacker may use such an exploit to get a shell with realtime scheduling priority but no other privledge escalation.
New vulnerabilities bind buffer overflow vulnerability in DNS resolver libraries
nn remote code execution vulnerability
Multiple vulnerabilities fixed in Squid-2.4.STABLE7
Kernel vulnerabilities in CIPE, ICMP and netfilter.
Acrobat reader temporary files
Updated vulnerabilities Apache 'chunk handling' vulnerability
Heap corruption vulnerability in at
Denial of service vulnerability in version 9 of BIND
Ethereal buffer overflow, infinite loop and memory management vulnerabilities
GNU fileutils race condition
Buffer overflow problem in glibc
Buffer overflow in groff
UW imapd remotely exploitable buffer overflow
Apache mod_ssl off-by-one local code execution and DoS vulnerability
LPRng accepts jobs from any host.
Mailman 2.0.11 fixes two cross-site scripting vulnerabilities
Mozilla XMLHttpRequest file disclosure vulnerability
String format bug in pam_ldap logging
Privilege escalation vulnerability in OpenSSH 2.9.9 through 3.3
Remotely exploitable vulnerability in pine
Sharutils potential privilege escalation using uudecode
Squid DNS vulnerability fixed in Squid-2.4.STABLE6
Malformed NFS packet buffer overflow vulnerability in tcpdump
Multiple vendor telnetd vulnerability
Multiple vulnerabilities in SNMP implementations
webalizer: reverse DNS buffer overflow vulnerability
Webmin/Usermin vulnerabilities
Problems with libgtop_daemon
xchat IC server based dns query vulnerability
Resources BOON, a buffer overrun detection toolDavid Wagner has released BOON, a tool for scanning C source code for buffer overrun vulnerabilities.
Be warned that this code is primarily a research prototype and has some
serious problems. Nonetheless, I hope it will be useful to you in your
security auditing work.
Linux Security WeekThe July 8th Linux Security Week newsletter from LinuxSecurity.com is available.
Using MonMotha's firewall script to build safe Internet sharing with Debian GNU/Linux (LinuxOrbit)LinuxOrbit has this tutorial on building firewalls on a Debian system. "This tutorial will give you the necessary steps to turn one of your old PCs into a firewall with IP Masquerading, using a popular Linux distribution. I will leave it to you to get and install Debian onto your machine and work out connectivity to your ISP, then I will guide you through a kernel compile and install - which is necessary to enable features in the 2.4.x series kernels which allow your Linux machine to act as a firewall."
Events USENIX Security SymposiumThe USENIX Security Symposium will be here in less than a month. The list of accepted papers has been published; there are some interesting ones.
RAID 2002 Call for ParticipationThe Fifth International Symposium on Recent Advances in Intrusion Detection (RAID 2002) issued a call for participation. The symposium will be held October 16-18, 2002 in Zurich, Switzerland.
Upcoming Security Events
For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net.
Page editor: Dennis Tenney Kernel development Brief items Release statusThe current development kernel is 2.5.25, which was announced by Linus on July 5. It includes a 1000 HZ internal clock on x86 processors (though that may change, the real point of interest is that the internal clock has been detached from the HZ seen in user space), some SCSI midlayer work (see last week's LWN Kernel Page for a description of the plan for SCSI), a bunch of filesystem and VM layer cleanups, an NTFS update, more kbuild tweaks, and many other changes. Those wanting details can look at the long-format changelog.Linus's BitKeeper tree for 2.5.26 contains only a small set of fixes as of this writing. The latest prepatch from Dave Jones is 2.5.25-dj1, which catches up to the 2.5.25 kernel and throws in a number of fixes and a "fatfs crapectomy." The latest 2.5 status summary from Guillaume Boissiere is dated July 10. The current stable kernel is 2.4.18; Marcelo has not released any new 2.4.19 release candidates over the last week. Alan Cox has released 2.4.19-rc1-ac1, which catches up to the first 2.4.19 release candidate and adds a small set of additional fixes.
Kernel development news The end of the road for kiobufs?Andrew Morton's "direct-to-BIO for O_DIRECT" patch is another step in the process of converting the file I/O subsystem over to the new BIO request structure. Files opened with O_DIRECT are a bit of a special case, in that I/O happens directly to or from a userspace buffer. Andrew's patch sets up a BIO request pointing directly to that buffer; for large operations, the result is a significant speedup.That sort of optimization is certainly worthwhile. The really interesting part of this patch, however, is that it shorts out the "kiobuf" layer for O_DIRECT, and for the raw block I/O devices as well. Kiobufs were initially implemented to support that sort of raw I/O; they were intended to be a generic abstraction for a collection of physical pages in I/O operations. Kiobufs have been gradually falling out of favor over the last couple of years, however, as their limitations have come to light. They are a relatively heavyweight data structure, with high setup and teardown costs. Kiobufs also break down operations into relatively small chunks which must be processed sequentially, slowing down large requests. The direct-to-BIO patch has eliminated the original and largest use of kiobufs within the kernel. That leads to the obvious question: is it time to remove kiobufs from 2.5? The answer seems to be "yes," and some patches removing the last remaining uses of kiobufs have started appearing. Kiobufs, it seems, are on the way out. The only gap left if kiobufs are removed would be direct I/O support for character devices. There are devices which can benefit from direct I/O: consider the SCSI generic layer, video devices, or high-speed tape drives. Requests have been posted for a function which would map a userspace buffer into a "scatterlist," a data structure representing memory which has been set up for DMA operations. This capability would take almost all of the pain out of supporting direct I/O in character devices; no such patch has yet been posted, though.
2.5 IDE considered harmfulThe volume of the complaints about the 2.5 IDE subsystem is increasing. Consider this posting from Russell King:
If stuff in 2.5 wasn't soo broken (looking at IDE here) then more
people would be using it, and less people would be wanting the 2.5
features back ported to 2.4. IMHO, at the moment 2.5 has a major
problem. It is not getting the testing it deserves because things
like IDE and such like aren't reasonably stable enough.
...or this one from Andi Kleen...
Testing 2.5 (in this case with x86-64) is a major problem unless
you're lucky enough to find a SCSI adapter and a SCSI disk. IDE
just deadlocks and hangs too often. This prevents testing
everything else and stops development in 2.5 for many things.
The state of the IDE code is seen by many as a drag on the 2.5 development process as a whole. For those who are concerned, there are a few things worth looking at. Part of the problem, apparently, is that the 2.5.25 kernel is missing several of the more recent patches, which fix serious problems. As Martin Dalecki puts it:
My plan is to provide a 98 soon which will be cummulative against
2.5.25, just to geive people a chance to work on it again. But as
it stands - *plain* 2.5.25 is indeed very dangerous in this regard.
Martin's IDE-98 patch has not been posted as of this writing; those wanting to run 2.5.25 on an IDE system in the mean time and actually keep their files should apply this set of patches. Interestingly, most of those patches were not posted by Martin (who has been on vacation). Instead, the recent IDE patches have been produced by Bartlomiej Zolnierkiewicz. Bartlomiej seems to take a bit more cautious approach, and even has the respect of former IDE maintainer Andre Hedrick. With luck, he will be more involved in future IDE work. Few people contest the need to "clean up" the IDE layer, but this work needs to be done in a very careful way. Meanwhile, a different approach has been taken by Jens Axboe. It is normal for interesting features in the current development series to be backported to the previous stable kernel. Thus, for example, Alan Cox's 2.4.19-ac patch includes the O(1) scheduler from 2.5. Jens has gone the other direction and posted a patch (since updated) which "foreports" the 2.4 IDE layer to 2.5. His purpose was to have a stable platform to work on; the patch will be maintained until the 2.5 IDE layer becomes a little more trustworthy. It is not intended to be a long-term replacement for that layer. With luck, the 2.5 IDE issues will settle out soon. Meanwhile, caution (or a SCSI system) is suggested for people running 2.5.
How scalable is too much?In the beginning Alan Cox created the big kernel lock (BKL), and Linux became SMP-capable. The BKL ensured that only one processor could be running kernel code at any given time, thus keeping the processors from stepping on each other. It was an effective way of bringing SMP support to a kernel which had not been designed for multiple processors.The problem with the BKL, of course, is that multiple processors often want to run concurrently in kernel code. Most of the time, those processors are working on entirely different tasks and would not interfere with each other. The more processors you have, the worse the problem gets; the Linux kernel with just one big lock (i.e. 2.0) really did not function all that well with more than two processors. Any additional CPUs would just spend their time waiting to be able to get into the kernel code. Scalability to larger systems, thus, requires finer locking. The BKL can be split into a memory management lock, a networking lock, a filesystem lock, etc. In the 2.1 development series, for example, the block I/O subsystem adopted its own lock (io_request_lock) to keep the block code and drivers from getting into trouble. Scalability was improved, since the block code no longer needed the BKL, and could execute concurrently with other kernel code. But the io_request_lock serialized all block request handling. A process submitting requests for one drive could not run concurrently with a different process working with a different device. Floppy operations contended for the same lock as performance-critical disk requests. The I/O request lock improved scalability, but, once you get enough processors and drives, it was still a bottleneck. So, one of the first steps in the 2.5 block subsystem work was to replace io_request_lock with a per-queue lock, one for each device. The result will be better performance on large, disk-intensive systems. Most other kernel subsystems have been going through a similar development process: global locks are replaced by multiple locks which protect smaller data structures. This increasingly fine-grained locking makes the kernel scalable to more and more processors, but it also brings some real costs. For example, most of us do not run Linux on huge systems, and probably never will. Embedded SMP systems are also rare. All that locking will have a cost, even though the compiler optimizes it out on uniprocessor systems. The real cost, however, is in the complexity of the kernel code. As the kernel becomes populated with thousands of little locks, it becomes increasingly difficult to write correct kernel code. Which lock(s) must you have to access a given data structure, or to call a given function? In which order should locks be taken? Consider two code paths, both of which need locks L1 and L2. The first thread takes L1, the second takes L2; each then tries to take the other lock. The result is a deadlocked system. Avoiding this problem requires specifying ordering relationships for every lock in the system - and the number of those relationships grows exponentially with the number of locks. One can try to document the locking requirements of each data structure and function in the kernel, and every lock ordering constraint. But, even if one honestly believed that such a document would be created (and, importantly, maintained), it would be a very thick, complicated manual. A kernel with many locks will be a kernel that is difficult to program. Some people (i.e. Larry McVoy) have been arguing for years that Linux should not chase the "scalability" goal too far. Down that road lies a kernel that is twisted beyond maintainability, and, once you realize that this has happened, it is too late to go back. For the most part, scalability work has continued in the face of those warnings, but there are signs that things are beginning to change. For example, a recent patch which removed the BKL from the driverfs code was shouted down in a fairly strong way. Alexander Viro stated, in characteristic fashion:
"Zillion little spinlocks" means that kernel is scaled into
oblivion. Literally. If you want to play with resulting body -
feel free, but I like it less kinky.
So, while there has been no definitive statement of policy, it looks like at least some kernel developers are thinking that locking in the kernel is complex enough. There may be no 64-processor Linux in our future... ...at least, not in the classic SMP form. Larry McVoy has been pushing "cache-coherent clusters" as an alternative approach for some time. A CC/cluster takes a large machine and divides it into small group of (four, say) processors; each group runs an independent Linux kernel. The kernels have minimal interactions with each other, so locking issues fade to the background. Nobody has, yet, implemented such a cluster, though a lot of the pieces are there. If somebody runs with this idea, Linux could yet be the most scalable system of them all.
Patches and updates Kernel trees
Core kernel code
Development tools
Device drivers
Filesystems and block I/O
Memory management
Networking
Architecture-specific
Miscellaneous
Page editor: Jonathan Corbet Distributions Distribution News Debian Weekly NewsThe Debian Weekly News for July 9 is out. It looks at Debian ports to FreeBSD and NetBSD, the Woody release, the new wiki-based documentation project, and several other topics.
Debian Woody release status updateAnthony Towns has posted a release status update for Debian "Woody." "As most of you will have noticed by now, ISS and Theo de Raadt have been kind enough to provide some stress tests for the new security infrastructure we deployed last month." In the end, there remain a few security and other issues to resolve, but the Woody release is actually starting to look like it could happen soon.
It's on: Debian miniconf @ LCA2003!Plans are already underway for a Debian mini-conference at the 2003 Linux.conf.au. The call for speakers is out.
Mandrake Linux Community Newsletter - Issue #49The Mandrake Linux Community Newsletter for July 4 is out. It looks at MandrakeSoft's stand on UnitedLinux, the Libre Software Meeting, and more.
MDKA-2002:009 - lsb updateNew packages are available that bring Mandrake Linux 8.2 into compliance with the LSB (Linux Standard Base) version 1.2.
New Distributions Caixa MágicaCaixa Mágica comes from Portugal. There is a desktop version, "Computador Mágico", available now, and a server version, "Servidor Mágico", coming soon. This distribution is partialy based on Debian and SuSE, but much of it was rewritten, and localized in Portuguese. It includes OpenOffice. (Thanks to sitaar!COM and Henrique Rodrigues)
Phayoune Secure LinuxHere's a new distribution from Thailand, Phayoune Secure Linux. The Phayoune-Desktop 0.0.11 is available now, with KDE 3.0.2, Mozilla 1.0 rc2, and much more. (Thanks to Speed Net Club)
RxLinuxRxLinux seeks to centralize configuration and management of multiple Linux servers. A Web interface is used to build custom ISO CD-ROMs dedicated for specific servers. Servers, also called rxnodes, boot up from that CD-ROM and get the rest of the configuration and software from a master server. No administration is done directly on the nodes; everything is controlled from the master servers. When the rxnode has finished booting up and all software is running, it is completely independent from the rxmaster until the next reboot. Version 1.0 beta1 was released July 5, 2002.
Shilosh OSShilosh OS provides a secure and stable operating system based on a highly modified Linux kernel, with its own package system similar to BSD's "ports", BSD Init scripts. Compatible with x86 and Power PC, it is also 99% compatible with Windows 9x. It is easy to use and includes complete documentation in many languages. Version 0.1 was released July 7, 2002.
Minor distribution updates ALT Linux JuniorALT Linux Junior has released version 2.0j. This distribution is available for purchase as a lighweight boxed set that includes 1 CD and a handbook. You can also download a package tree or an ISO image. It features an enhanced desktop which includes KDE 3.0.1, GNOME 1.4, OpenOffice.org 1.0, Mozilla 1.0, and more, with an additional development CD available. Supported languages include English, Russian, Ukrainian, Belarussian, German, and French.
Astaro Security LinuxAstaro Security Linux has released stable verion 2.027 with major security fixes. Version 2.027 for Sun Cobalt is also out, as is the i386 version 3.202.
Kondara Project dissolved and Momonga Linux launchedKondara Project has announced its dissolution scheduled on July 15 due to some reasons, after about a month of discussion. In the meantime, some folks from the ex-Kondara team seem to be trying to fork it as Momonga Linux so their code will survive. They say the name "Momonga" (a Japanese word for the "flying squirrels") was chosen because flying squirrels are small but work hard and have a lot of guts. (Thanks to Maya Tamiya <lwn at changelog dot net>)
Leka Rescue FloppyLeka Rescue Floppy has released version 0.7.1. It looks like this will be the last update for a while. Check the website for details.
NSA Security-enhanced LinuxThe SELinux web site has been updated, including the mail list archives. The site includes a new release of the LSM-based SELinux prototype.
PXES Linux Thin ClientPXES Linux Thin Client has released version 0.5-RC2 with bug fixes.
Rock LinuxRock Linux version 1.5.16 is available for download. The dRock project has announced the final release of dRock 1.6.0.
TA-LinuxTA-Linux has released version 0.2.0-Preview1 with major feature enhancements.
Distribution reviews Distribution Review - SuSE 8.0 Download EditionDistroWatch reviews SuSE 8.0 Download Edition. "The fact is that SuSE 8.0 is now available for free. With this release, SuSE has made extra effort to provide a more user-friendly FTP installation routine -- with all the past releases you had to download a set of floppy images, use an obscure Windows or Linux utility to create the floppies, juggle them in and out of your floppy drive when looking for the correct Kernel modules... Things have become a lot easier, so go and get the new SuSE now. You can always reward the SuSE developers once you find out how much solid hard work they have been putting into making your computing life that much easier..."
Review: Lindows on Microtel (San Jose Mercury News)Here's a review of the Microtel computer running Lindows from the San Jose Mercury News. "The resulting mess will make no one happy. Experienced Linux users, a savvy bunch, won't need the hand-holding provided by what the company calls LindowsOS. Ordinary non-technical consumers are likely to fall into one of the many holes in the LindowsOS structure, canceling out any benefit from the slightly lower cost of buying a personal computer without Microsoft's current Windows XP Home Edition."
Page editor: Rebecca Sobol Development System Applications Audio Projects GStreamer "Desperately Seeking Sexiness" 0.4.0 releasedVersion 0.4.0 of the GStreamer streaming media framework has been released with bug fixes and new features. See the release notes for more information.
Ogg Traffic for July 9, 2002The July 9, 2002 edition of Ogg Traffic is out. News includes a bunch of status reports and an updated Ogg Theora video codec and integration project web site.
Education Linux in education report #74The July 8, 2002 edition of the Linux in Education Report looks at efforts to get Linux into the classroom in India, Malaysia, Canada, and England. The Schoolforge Coalition is examined, and a number of new educational software packages are listed.
Electronics New gEDA softwareThe gEDA News page lists new versions of the Icarus Verilog compiler, Gerber Viewer, and the GTKWave waveform viewer.
Mail Software miltrassassin releasedA new mail filtering package, miltrassassin, has been announced. "Miltrassassin is a sendmail milter, to connect sendmail to the spamd from the spamassassin package. The milter is multithreaded and implements the spamd protocol version 1.2 for tcp connection to spamd." Miltrassassin has been released under the Postcardware License.
Medical Software OpenEMR Released (LinuxMedNews)LinuxMedNews reports on the release of OpenEMR, a GPL licensed Electronic Medical Record System. "OpenEMR has been in development and beta testing for the past 2 years, and is finally released to the public for download. The system is cross platform, and operates on top of Apache or IIS, PHP and MySQL."
Printing AFPL Ghostscript 7.21 developer releaseA new developer release of AFPL Ghostscript has been announced "artofcode LLC and Artifex software are pleased to announce the 7.21 developer release of AFPL Ghostscript. This release, while a development snapshot, should be reasonably stable, thanks to our regression testing processes. This is the last snapshot before the DeviceN integration, and also Peter's pdfwrite font copying improvements."
Web Site Development ASPseek v.1.2.9 releasedVersion 1.2.9 of ASPseek, a web site search engine, is available. A number of bugs have been fixed, see the Changes document for a detailed list.
Zope-CMF-1.3-beta2 ReleasedZope Corporation has announced the second beta release of version 1.3 of its Content Management Framework (CMF). The list of changes include:
Plus numerous bugfixes. The final release of version 1.3 should follow within two weeks.
Documentation LDPWN for 2002-07-09Here is the lastest news from the Linux Documention Project.
Desktop Applications Desktop Environments Equinox Desktop Environment 1.0-beta releasedVersion 1.0-beta of the Equinox Desktop Environment has been released. "Equinox Desktop Environment is desktop environment that is simple, fast with good look and feel. It use FLTK2 GUI library." The companion edelib-1.0beta has also been released.
GARNOME 0.12.1 releasedJeff Waugh has announced the release of GARNOME 0.12.1. GARNOME, of course, is "the bad-ass, bleeding edge GNOME distribution for testers and tweakers everywhere." That said, much of the new stuff in this release is KDE related; it includes KDE 3.0.2 and a whole set of new KDE packages.
Office Applications AbiWord Weekly NewsThe July 8 AbiWord Weekly News is available. Things have been relatively quiet on the development front - mostly improvements in the table support. The interesting news, perhaps, is that the AbiWord Weekly News is about to turn into a subscription publication. "I feel I need to know that I'm not just continuing editing AWN because it's what I've been doing for more than a year. I need to know that the readers appreciate it - otherwise, there's little point in continuing (I mean, I know the information I put in AWN, so I hardly gain anything from doing it). So I've decided to go commercial."
Web Browsers Mozilla Status UpdateThe July 4, 2002 Mozilla Status Update is out with all of the latest Mozilla project developments.
Mozilla Independent Status ReportsThe latest Mozilla Independent Status Reports are available. Updated projects include Diggler, K-Meleon, Livelizard, and Mycroft.
New DOCTYPE sniffing in upcoming Mozilla releases (evolt.org)evolt.org looks at additions to Mozilla that will support some common, but broken web standards. "In the upcoming 1.01 and 1.1 releases, Mozilla will add an "almost standards" mode to its mix. This mode is virtually identical to the standards mode (now being referred to as "full standards mode") but with one crucial change. In almost standards mode, Mozilla will not implement the CSS-2 line-height rules that causes many pages with pixel-precise image layouts via tables to break apart."
Languages and Tools Caml The Caml HumpThis week, The Caml Hump looks at lablglut: A GLUT binding for OCaml, the findlib library, OCaml-MySQL, netclient, the xstr thread-safe string tools, and the Cameleon IDE.
HTML XHTML: The power of two languages (IBM developerWorks)Sathyan Munirathinam introduces XHTML on IBM's developerWorks. "This article takes a pragmatic look at XHTML, a markup language that effectively bridges the gap between the simplicity of HTML and the extensibility of XML. It also covers the essential features of the various flavors of XHTML and includes discussions of the language and a number of real-world applications."
Java Turning streams inside out, Part 1 (IBM developerWorks)Merlin Hughes shows how to read data from an output stream using Java. "The Java I/O framework is, in general, extremely versatile. The same framework supports file access, network access, character conversion, compression, encryption and so forth. Sometimes, however, it is not quite flexible enough. For example, the compression streams allow you to write data into a compressed form but they don't let you read it in a compressed form. Similarly, some third-party modules are built to write out data, without consideration for scenarios where applications need to read in the data."
Perl This Week in Perl6 (use Perl)Use Perl has posted the Perl 6 Porters summary for July 1-7, 2002, a wide variety of Perl 6 topics are covered.
This Week on perl5-porters (use Perl)The Perl 5 Porters summary is available on use Perl. Topics include PerlIO::Via, an encoding.pm parsing bug, common opcodes combinations, and more.
diagnostics.pm Enhanced (use Perl)Use Perl is carrying an announcement about a new release of the Perl diagnostics core module. "Jean FORGET writes 'I have released a CPAN-ized version of the diagnostics core module. This is an alpha version. You can download and install it as any CPAN module, but you should backup first, this is an alpha version!'"
PHP PHP Weekly SummaryThe July 9, 2002 edition of the PHP Weekly Summary covers Python in PHP, Presentation system, a file_exists() bug, PHP and serial ports, TrustCommerce, the return of Jason Greene, and a PHP Bughunt.
Python This week's Python-URLHere is Dr. Dobb's Python-URL for July 8; look inside for pictures from the EuroPython conference, information on thread safety, the first Python Director release, and more.
Daily Python-URLThis week's entries on the Daily Python-URL include Python in the enterprise, the Journyx Timesheet, Python Programming with the Java Class Libraries, CherryPy, Pythius, Eep3, Memigo, Yio, pycgirpc, Python Director, and more.
PYTHON: Yes, You SHOULD Be Using it! (Linux Magazine)Linux Magazine is running an introductory article on the Python language. "Python has been around for a dozen years and is going strong -- two production releases a year, a vibrant community, lively Net presence, yearly conferences, tracks on Python at Open Source and Web Development venues, books, articles, the works. Why is Python so popular? The reasons are simplicity, regularity, and the talent of Guido van Rossum, Python's inventor and Benevolent Dictator For Life."
Ruby Ruby Weekly NewsThe July 8, 2002 Ruby Weekly News is out. Topics include Ruby documentation, Ruby as a replacement for shell scripts, packaged level protection, Ruby logos, a new irb type, and more. Some new Ruby software contributions are also included.
Tcl/Tk This week's Tcl-URLDr. Dobb's Tcl-URL for July 8 is out with the usual collection of interesting happenings from the Tcl/Tk development community.
XML Integrating data at run time with XSLT style sheets (IBM developerWorks)Andre Tost writes about data integration with XSLT style sheets on IBM's developerWorks. "Many applications now take advantage of XML to format business data. This allows the use of self-describing, tagged data that can be handled on a wide range of platforms and programming languages. Integration between heterogeneous applications is made easier through the use of XML data formats. Web services technology, for example, promotes the use of XML-based message formats for backend application data. However, integrating that data into user output during run time can be a challenge. In this article, Andre Tost describes how data integration can be achieved through the use of XSLT style sheets."
Sorting in XSLT (O'Reilly)Bob DuCharme shows how to use xsl:sort on O'Reilly's XML.com site. "XSLT's xsl:sort instruction lets you sort a group of similar elements. Attributes for this element let you add details about how you want the sort done -- for example, you can sort using alphabetic or numeric ordering, sort on multiple keys, and reverse the sort order."
Page editor: Forrest Cook Linux in Business Business News W3C Patent Policy: Latest NewsThe chairman of the W3C and three undisclosed participants made an exception proposal to bring back a type of RAND track/hybrid, allowing patented material into the W3C specifications.
Linux for Astronomy V7,8,9Volumes 7, 8, and 9 of the "Linux for Astronomy" software collection have been released. "Now in its 8th year, LfA is in use by both amateur and professional astronomers worldwide. The packages on LfA represent the state-of-the-art in Astronomical data processing, and are identical to the versions used on high end scientific workstations."
Larry Ellison to talk at LinuxWorldJust what everybody was waiting for: Oracle CEO Larry Ellison has been added to the list of keynote speakers at LinuxWorld. The press release gives the details.
Linux Stock Index for July 05 to July 10, 2002LSI at closing on July 05, 2002 ... 23.05LSI at closing on July 10, 2002 ... 22.08
The high for the week was 23.05
Press Releases Distributions and Bundled Products
Software for Linux
Hardware with Linux support
Cross Platform/Porting Product
Linux at Work
Training and Certification
Partnerships
Financial Results
Personnel and New Offices
Miscellaneous
Page editor: Rebecca Sobol Linux in the news Recommended Reading EC report advises open source for Europe (ZDNet)ZDNet looks at the European Commission report recommending greater governmental use of open source software. "The study does not say that European governments should use off-the-shelf open-source software from companies such as Red Hat, but rather focuses on specialized software produced in-house by public authorities. Such software is typically used for the administration of roads, hospitals and public health, education, tax payment and recovery, justice, and territory management."
Copyright fight comes to an end (News.com)According to this News.com article, the parties involved have decided not to appeal the 2600 (New York) DVD case. "The Electronic Frontier Foundation (EFF), which represents the magazine, said other cases in the future 'will provide a better foundation for the Supreme Court to act on the problems created by the Digital Millennium Copyright Act.'"
Tollbooths of the mind (Christian Science Monitor)The Christian Science Monitor has an opinion column on the excesses of current copyright law. "These are mere annoyances, however, compared with what's coming next: the computer as informational Coke machine, on which we have to pay for every view. As publishers move increasingly to the Web, for example, they will be able to restrict not just access, but downloading and printing as well."
Sites bow to Microsoft's browser king (News.com)News.com is running an article that looks into the problem of sites that use broken web standards, and only support the Internet Explorer browser. "Non-agnostic Web sites "are saying, 'We're only interested in people if they use this browser,'" said Janet Daly, a representative for standards group the World Wide Web Consortium (W3C). "That's a mistake on their part. The browser is a basic utility for people, and it's about having access to information regardless of who made that information or what authoring tool they used.""
Business Want to Make a Living From Linux? (Linux Magazine)Linux Magazine has some suggestions on making a living in the Linux world. "Can't stomach the idea of working on Microsoft software? Then consider picking up Web development, eXtensible Markup Language (XML), and the Web Services XML trifecta of Simple Object Access Protocol (SOAP), Web Services Definition Language (WSDL), and Universal Description, Discovery, and Integration (UDDI). Trust me, with sufficient knowledge of those protocols, you won't have any trouble finding a job this year."
Is Transparency the Killer Virtue? (Linux Journal)Doc Searls points out transparency as, perhaps, the greatest virtue of free software in this Linux Journal article. "But most significantly, stockholders are finally--thanks to Enron and WorldCom--fed up with opaque accounting practices. How long will it take before they get equally as fed up with opaque infrastructural software?"
Interviews Interview: John Cox (Easino)The Easino site has an interview with John Cox, the lead developer of PostNuke. "As far as our relationship [with PHP-Nuke], quite frankly we have none. If we are aware of a security hole from the legacy code, we will forward it to Mr. Burzi, but seldom (if ever) get a reply."
Resources Embedded Linux Newsletter for July 4, 2002 (LinuxDevices.com)The LinuxDevices Embedded Linux Newsletter for July 4, 2002 is available. See what's new in Embedded Linux.
Tips and Tricks: Learn GNU/Linux in One Stanza (Linux Journal)The Linux Journal looks at the Linux in One Stanza Project, which seeks to distribute Linux usage tips via short email signatures. "As time went, however, the team found that readership of e-mail signature tips was about 80%, much higher than any of the other information available on the server. So, more attention was paid to developing these short, info-containing signatures to disseminate Linux-related knowledge."
Reviews FREESCO Review (LinuxOrbit)LinuxOrbit reviews the FREESCO firewall distribution. "I gave it a shot and was very impressed. It seems ideal for someone who wants to get a quick and secure protected network up with some enhanced services behind it."
Tabbed-Browsing Coming to KDE's Konqueror Browser (Mozillaquest)Mozillaquest reviews the tabbed browsing capabilities of KDE's Konqueror browser. "The K Desktop Environment (KDE) certainly has done lots to narrow the gap between the Linux desktop and the Microsoft Windows desktop. And the addition of tabbed-browsing to KDE's Konqueror browser is one more large step in closing that gap. In our opinion, the K Desktop Environment already is just as good as, if not better than, the MS Windows desktop."
KWord 1.2beta2 snapshots (TuxReports)TuxReports reviews KWord 1.2beta2. "Many bug reports were sent to the development team because people didn't realize that the application was not meant to be WYSIWYG. Apparently the team changed it's mind and the latest 1.2beta2 offering is extremely good at matching the print preview with the document."
The Simputer - Back again (TekCentral)TekCentral takes a look at the Simputer. "A little fact that Cnet neglected to mention was that all the information required to manufacture the product is available under the Simputer Trust's own hardware license, the SGPL. As the name suggests, the license is inspired by the GNU GPL. The SGPL differs in many ways though, the main way is that if you use the information for a commercial product you must make a one-off payment to the Simputer Trust ($25,000 for devloping countries and $250,000 for developed countries)." (Thanks to Thesmelialichu)
Miscellaneous Quiet, Sad Death of Net Pioneer (Wired)Wired News covers the recent death of Gnutella hacker Gene Kan. "Kan, peer-to-peer file-sharing programmer extraordinaire, died on June 29. His professional life revolved around developing new ways to share information easily and quickly. Thousands of people use Gnutella to swap files, a program Kan was instrumental in developing and promoting."
Congressman vows Pigopolist legislation (Register)The Register reports on Congressman Rick Boucher and his legislative efforts. "We don't know what holy light guides Rep. Boucher, but it's a holy light indeed: he's singular amongst public representatives in daring to reclaim the works of popular culture as something that belong to The Commons (that's us) ... rather than something that belongs in perpetuity to an industry that depends on its legitimacy on an antiquated distribution system."
IT Surfs The Ocean's Waves (TechWeb)Here's a TechWeb article on how Johns Hopkins University is using a Linux cluster for ocean modeling. "Johns Hopkins' staff considered systems from Silicon Graphics Inc. and Sun Microsystems but ultimately chose Dell and Linux because of price. An expensive supercomputer was out of the question."
Companies pledge support for Itanium 2 (News.com)News.com reports on the porting of various operating systems to the Itanium architecture. "MSC Software came out with its own version of Linux for Itanium 2 on Monday. The Department of Energy's (DOE) Pacific Northwest National Laboratory will incorporate HP Itanium 2 servers running MSC's Linux into a clustered supercomputer."
Page editor: Forrest Cook Announcements Resources Ardour Basic Editing & Recording Howto (Quick Toots)The Quick toots site has published a FAQ on using the Ardour multi-track audio package for editing and recording.
The Perl Review, issue 0.4The July issue of The Perl Review (PDF format) is out. Topics include Perl Golf: The Kolakoski sequence, Parroty Bits: Bit 2, BASIC Parrot!, The Facade Design Pattern, and more.
Upcoming Events Boston GNOME Summit now open to non-foundation membersThe Boston GNOME Summit is happening on July 18 to 20. Attendance at this event has now been opened up to people who are not members of the GNOME Foundation; if you would like to be a part of GNOME planning process, this could be a good event to be at.
KDE report for Linux@work 2002 (KDE.org)KDE.org has a report from the Linux@work 2002 conference that was held this June in Amsterdam.
Ruby Conference 2002: Second call for presentation proposalsA second call for presentation proposals has been posted for the Ruby Conference 2002, to be held in November, 2002. The deadline for proposals is August 15.
Events: July 11 - September 5, 2002
Web sites Gallery of Geeks (use Perl)Use Perl mentions the Gallery of Geeks, which features photographs of over 100 geeks. The Perl software for the gallery is also available.
Software announcements This week's software announcementsHere are the software announcements, courtesy of Freshmeat.net. They are available in two formats:
Miscellaneous Perl Foundation Grant Status (use Perl)Use Perl covers the status of the Perl Foundation grants, donations are needed to keep Perl development moving forward.
comp.lang.php newsgroup startedAccording to php.net, a new Usenet newsgroup, comp.lang.php, has been created.
Page editor: Forrest Cook Letters to the editor Would you like an Education miniconference at LCA2003?
The LCA2003 people (http://linux.conf.au/) are currently assembling a
I still don't understand this SSH release fiasco
The rationale for not releasing details (like disable a specific
Page editor: Jonathan Corbet
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||