LWN.net Weekly Edition for August 21, 2003
The Xouvert project
[This article was contributed by Joe 'Zonker' Brockmeier]
After the much-publicized controversy earlier this year
![[Xouvert]](https://static.lwn.net/images/ns/xouvert.png){kind=small}
about the XFree86 Project's development process, it seemed inevitable
that there would eventually be a fork of the project. Though it's not
exactly a fork, an experimental branch of XFree86 is now in the works.
Called "Xouvert," the project wasn't officially announced so much as outed on Slashdot.
The Xouvert project (pronounced "Zoo-vaire") is looking to allow developers to add driver support and new features to XFree86 in a modular fashion that should be easy to track and re-apply to the official XFree86 tree. One complaint raised by Keith Packard, and others, is that it has been difficult for developers outside the core team to contribute to XFree86. Xouvert project coordinator Jonathan Walther says that a main goal of the Xouvert project is to make it easier:
Xouvert is being hosted on Savannah, though it's not an official GNU project. The project is not officially connected to XFree86 either. Walther says that the only communication between the XFree86 team and the Xouvert team, thus far, was when David Dawes "asked us to capitalize XFree86 correctly" and indicate that XFree86 is a trademark. Walther says he'd like to work with the XFree86 team in the long run, however.
The project is designed so that it is both easier to contribute to, and easier to download and install. Walther mentioned that compiling XFree86 has "often been a source of frustration," so Xouvert's Cameron Berkenpas is working on a HOWTO to make it easier on users looking to compile their X server from source. Walther also says that the Xouvert lead developer, William Lahti, is working on a developer's handbook that will cover Xouvert's overall architecture and API's, though it may not be ready until the second stable release.
Right now, there's no real difference between the XFree86 codebase and Xouvert's. Users eager to see the first release of Xouvert don't have too long to wait -- the first release is slated for October 1, and stable releases are expected every six months after that. According to Walther, the first release will only contain "small additions and changes" but the second release next April should contain more comprehensive changes like the DRI/DRM and Utah-glx projects.
New projects often fizzle before they reach maturity, so it's too soon to say whether the Xouvert project will become a mainstay of the Linux and open source community. However, given the importance of a free X Server to the long-term (and short-term, for that matter) health and success of Linux, one hopes that the project will be successful.
No escape from SCO
Here at LWN, we start each week in the hope that we'll be able to keep SCO off the front page. Each week, the company finds some way to make that impossible. This time around, there are two separate episodes which require attention, and thus two articles to look at them.First, we look at the interesting claim from SCO's lawyers that the GPL is not enforceable, since it is preempted by federal copyright law. This would appear to be a very difficult argument to back up, as has been established by a number of people. But a sinister agenda may yet lurk behind this goofy attack on the GPL; it bears watching.
Then, of course, there is our article on SCO's disastrous (for them) demonstration of "stolen" code. This article is responsible for the busiest day LWN's server has ever experienced. As this Weekly Edition goes to "press," this situation is still developing. SCO has not, yet, managed a response beyond the one they sent to us:
Chris Sontag, GM and SVP of SCOsource, said that not only are their assertions incorrect, but the code is absolutely owned by SCO. In fact SCO knows exactly which version of UNIX System V the code came from and which licensee was responsible for illegally contributing it to Linux.
Look for the inevitable "Chris and Darl" teleconference in the near future.
It is worth noting that the inclusion of BSD-licensed code into the Linux kernel without the accompanying copyright notice is, indeed, a copyright violation. It is something that absolutely should not be done; in cases where it has happened, it needs to be fixed. We need to take greater care with the licensing of code that we use.
But this has never been SCO's point. You don't hire brand-name lawyers over a missing attribution; a simple "please restore my copyright" email will do. A missing attribution does not justify billions of dollars in damages, or even a $699 license fee. There may well have been a copyright violation when BSD-licensed code was used without attribution. But SCO has managed to undermine its own case anyway.
(For more information on SCO's Las Vegas slide show, see this article by Bruce Perens, who gained access to the full set of slides presented there).
Aiming at the GPL?
It is time to have a look at some statements by Mark Heise of Boies, Schiller, & Flexner - SCO's outside law firm - which were initially reported in the Wall Street Journal and extensively repeated thereafter. According to Mr. Heise, the General Public License (GPL), under which the Linux kernel (and much other code) is licensed, is invalid because it is preempted by federal copyright law. The problem, it is said, is that the GPL allows unlimited copying of the software it covers (as long as its other terms are met) while federal law only allows the creation of a single copy for backup purposes.This is a breathtaking bit of legal reasoning. In one quick blow, Mr. Heise has blown away every free software license, every proprietary site license, and many other end user agreements that have been made over the years. We tried to discuss Mr. Heise's pathbreaking legal work with him, but he didn't feel the need to return our phone calls. So let's just have a quick look at the law he is talking about.
The relevant bit of law is section 117 of the U.S. copyright law. It reads (in part):
(a) Making of Additional Copy or Adaptation by Owner of Copy. -- Notwithstanding the provisions of section 106, it is not an infringement for the owner of a copy of a computer program to make or authorize the making of another copy or adaptation of that computer program provided:
- that such a new copy or adaptation is created as an essential
step in the utilization of the computer program in conjunction with
a machine and that it is used in no other manner, or
- that such new copy or adaptation is for archival purposes only and that all archival copies are destroyed in the event that continued possession of the computer program should cease to be rightful.
In other words, the "backup copy" language is an additional right granted to users of copyrighted material. Nothing in the GPL attempts to restrict this right. The biggest danger posed by Mr. Heise's argument would seem to be the potential for contempt of court findings against those who are unable to control their laughter. (See this article by Eben Moglen for a more complete demolition of the preemption argument).
Bizarre statements out of the SCO camp are nothing new. But we should not let the clownish aspect of the SCO Group take attention away from what, increasingly, appears to be part of their real agenda: an attack on the GPL. Consider the latest from CEO Darl McBride, as reported in eWeek:
The "GPL and all it stands for" has made life difficult for SCO, and they want to take it out. The GPL stands for software which is free, software which is under the control of no company - not even SCO. It stands for a world where nobody can collect large taxes for the concept of "Unix-like systems on commodity hardware." The SCO Group evidently sees such taxes as its birthright. No wonder it wants to destroy "the GPL and all it stands for."
This campaign is off to an amateurish start, but it may not stay that way. It bears watching. The GPL is strong, and so are its defenders; it is telling that, over the better part of twenty years, nobody has thought it worthwhile to challenge the GPL in court. The GPL will almost certainly prove far stronger than SCO. But every trip to court has its dangers, and the community cannot affort to be complacent with this one. If SCO follows through on its rhetoric, we have a big and important fight ahead of us.
Why SCO won't show the code
At SCO's annual reseller show, the company's executives put up a couple of slides as a way of demonstrating how Unix code had been "stolen" and put into Linux. The two slides were photographed and have since appeared on Heise Online; see them here and here. The escape of these slides has allowed the Linux community to do something it has been craving since the beginning of the SCO case: track down the real origins of the code that SCO claims as its own. The results, in this case, came quick and clear. They do not bode well for SCO.
The code in question is found in arch/ia64/sn/io/ate_utils.c in the 2.4 tree. It carries an SGI copyright. It seems that SGI was not entirely forthcoming in documenting the source of its source; some of the code in question was, indisputably, not written at SGI. So where does it really come from?
This code is from sys/sys/malloc.c in V7 Unix. It has been widely published; among other things, it can be found in Lion's Commentary on Unix (if you can get a copy). It was featured in this 1984 Usenet posting. And, crucially, it has been circulated with the V7 Unix source, which was released by Caldera (now the SCO Group) under the BSD license. SCO would like the world to forget about that release now, but the Wayback Machine remembers.
So...SCO's code demonstration, the one that it put up to convince its resellers of its case, comes from a version of Unix which first came out in 1979. The code was publicly circulated in the 1980's, and explicitly released under the BSD license by [the company now known as] SCO at the beginning of 2002. SCO might well have a complaint that SGI did not properly give credit for the code it used. But there is no possible way the company can argue that this code's presence in Linux is an infringement of its copyrights.
And this, of course, is why SCO refuses to show the code that, it claims, is copied. These claims do not stand up to even a few hours' scrutiny on the net. SCO may yet have an interesting contract dispute with IBM, but, from what we have seen so far, its claims of direct copying of code are hollow.
(Many thanks to those who commented on an earlier LWN posting on this subject - those comments are the source for just about everything that appears in this article. Many thanks are due to LWN's readers; you have shown the best of what the community can do. Update: see also: this analysis of SCO's code by Bruce Perens.)
Security
Brief items
On the value of virus notifications
Many readers will, by now, be familiar with the results of "SoBig," this week's worm afflicting Microsoft systems. This worm, by some estimates, is accounting for some 70% of all email traffic on the net as this article is being written. Even those of us smugly running Linux, and who are thus not directly susceptible to this worm, have been affected by the flood of incoming email.Interestingly, here at LWN we might have remained almost unaware of this worm. SpamAssassin does a perfectly fine job of filtering out SoBig mail; it never made it to our mailbox. The same cannot be said for the steady stream of "your email contained a virus" mail which continues to pour in. Finding our real mail among all of the virus notifications has become a bit of a challenge.
The thing is, of course, that we have not sent infected mail to anybody. Honest. Neither have many of the other people who have gotten these notifications. The software sending these notifications is working on the assumption that email containing virulent malware will also be so polite as to contain a correct return address. SoBig is far from the first infestation which forges return addresses, and it will certainly not be the last.
If virus notification email ever served a purpose, it has long since outlived it. Virus/worm scanning software has its place in organizations which are running vulnerable software, but as soon as it starts sending mail to addresses found in hostile mail, it becomes part of the problem. If you have anything to do with the development, deployment, or administration of such software, please consider turning the notification feature off.
New vulnerabilities
autorespond: buffer overflow
| Package(s): | autorespond | CVE #(s): | CAN-2003-0654 | ||||
| Created: | August 18, 2003 | Updated: | October 1, 2003 | ||||
| Description: | Christian Jaeger discovered a buffer overflow in autorespond, an email autoresponder used with qmail. This vulnerability could potentially be exploited by a remote attacker to gain the privileges of a user who has configured qmail to forward messages to autorespond. This vulnerability is currently not believed to be exploitable due to incidental limits on the length of the problematic input, but there may be situations in which these limits do not apply. | ||||||
| Alerts: |
| ||||||
eroaster: insecure temporary file
| Package(s): | eroaster | CVE #(s): | CAN-2003-0656 | ||||||||||||
| Created: | August 19, 2003 | Updated: | October 1, 2003 | ||||||||||||
| Description: | A vulnerability was discovered in eroaster where it does not take any security precautions when creating a temporary file for the lockfile. This vulnerability could be exploited to overwrite arbitrary files with the privileges of the user running eroaster. | ||||||||||||||
| Alerts: |
| ||||||||||||||
netris: buffer overflow
| Package(s): | netris | CVE #(s): | CAN-2003-0685 | ||||
| Created: | August 18, 2003 | Updated: | October 1, 2003 | ||||
| Description: | Shaun Colley discovered a buffer overflow vulnerability in netris, a network version of a popular puzzle game. A netris client connecting to an untrusted netris server could be sent an unusually long data packet, which would be copied into a fixed-length buffer without bounds checking. This vulnerability could be exploited to gain the priviliges of the user running netris in client mode, if they connect to a hostile netris server. | ||||||
| Alerts: |
| ||||||
openslp: temporary file creation vulnerability
| Package(s): | openslp | CVE #(s): | |||||
| Created: | August 18, 2003 | Updated: | August 20, 2003 | ||||
| Description: | According to this advisory there's a symbolic link vulnerability in one of the initscripts provided with openslp. The slpd.all_init file uses '/tmp/route.check' as a temporarily file in an unsafe manner. | ||||||
| Alerts: |
| ||||||
Resources
August CRYPTO-GRAM newsletter
Bruce Schneier's CRYPTO-GRAM newsletter for August is out. It looks at airline security silliness, hidden text in documents, and Bruce's new book. "If I can name one overarching goal of the book, it's to explain how we all can make ourselves safer by thinking of security not in absolutes, but in terms of trade-offs -- the inevitable expenses, inconveniences, and diminished freedoms we accept (or have forced on us) in the name of enhanced security."
CERT Advisory on GNU FTP server compromise
CERT has issued an advisory on the compromise of the GNU FTP server. "Because this system serves as a centralized archive of popular software, the insertion of malicious code into the distributed software is a serious threat. As the above announcement indicates, however, no source code distributions are believed to have been maliciously modified at this time"
LinuxSecurity.com newsletters
The latest Linux Advisory Watch and Linux Security Week newsletters from LinuxSecurity.com are available.
Page editor: Jonathan Corbet
Kernel development
Brief items
Kernel release status
The current development kernel is 2.6.0-test3; no development kernels have been released over the last week.-test4 must be getting closer, however; Linus's BitKeeper tree includes several hundred patches, including numerous networking fixes, a new free_netdev() method for networking drivers, a new cpumask_t type for systems with more processors than bits in a long integer, a CONFIG_BROKEN option to control access to drivers known to be broken, a magic, fast new strncpy() implementation, the addition of wireless statistics to sysfs, Twofish and Serpent support for IPSec, the beginnings of Patrick Mochel's power management merge, new sysfs attributes to control scanning of SCSI devices, a number of IDE patches, a new sysfs "attribute group" mechanism which enables the addition of attributes in a safer way and with less boilerplate code, and a mind-numbing array of other fixes and updates.
The current stable kernel is 2.4.21; Marcelo has not released any 2.4.22 release candidates since 2.4.22-rc2 on August 8.
Kernel development news
Alan Cox goes on sabbatical
Alan Cox, a crucial figure in kernel development since, almost, the beginning, has announced his intention to take a one-year sabbatical from Red Hat and "vanish" from kernel development. He has, apparently, decided to don a tie and go back to school for an MBA. "A few years ago I'd have worried about doing this, the great thing is that with the kernel community we have today I know I'm not a critical cog in the machine. In fact I'm surrounded by people far better than I am and we even have Andrew Morton to keep Linus in check 8)" He'll be around until the end of September. Most of his current projects have been dropped or passed on, but there is an opportunity for somebody who would like to maintain the 2.2 kernel...
The end of /proc/kcore?
Russell King recently posted a patch which makes Linus's kernel tree build properly for the ARM architecture. One of the remaining issues, it seems, was getting /proc/kcore to work. /proc/kcore, of course, is a virtual file which appears to be a core image of the running kernel. It can be used to run debuggers on a running kernel to dump out data structures and such.The problem with /proc/kcore is that it has to handle loadable modules, which are placed in address space that is separate from the rest of the kernel. Providing user-space access to that space is easier on some architectures than others. ARM, it seems, is one of the harder architectures to support. So, rather than put in large amounts of effort to produce an ugly solution, Russell simply threw in the towel and decreed that /proc/kcore would not be supported on ARM - at least, in the absence of a volunteer to take on the work.
Linus responded by suggesting that /proc/kcore be removed for all architectures.
There were a couple of followups from people who occasionally use it, but a notable lack of impassioned defenses for /proc/kcore. The biggest problem, perhaps, is that OProfile uses that file for some information, but there suggestions for small changes in how OProfile works to get around that problem. Unless somebody comes up with a stronger argument soon, /proc/kcore is likely to be history.
User-data replication on NUMA systems
Non-Uniform Memory Access (NUMA) systems have the interesting feature that access times to memory vary from one node (group of one or more processors) to another. Each node has local memory, which is relatively fast, but access to another node's memory will be slower. So performance work on NUMA systems tends to emphasize getting rid of cross-node memory traffic.The latest step in that direction is this patch from Dave Hansen. Dave notes that one source of cross-node traffic is shared user text - things like shared libraries and executible images. Once a particular page from, say, glibc has been faulted into memory, it will exist in a particular node's range. Every other node will have to reach across the system to run code out of that page (though processor caches also figure into this picture, of course). In some cases, such as with the C library, it may well make sense to make a local copy of each page as needed.
To that end, Dave's patch makes some fundamental changes to the kernel's page cache. This change is required, since the cache can now contain more than one memory page for each corresponding file page. So the page cache now contains a set of page_cache_leaf structures, the main component of which is a per-node array of struct page pointers. A page cache lookup will preferentially return a node-local copy of the page if it exists; depending on the situation, it can return a page on a remote node if that's all that is available.
When the kernel handles a page fault for a mapped text page, it insists on a local copy of the page. If no such copy exists, and memory is available, a local copy will be made and added to the page cache. The processor then continues with its work, using the local version of the shared page. The results, from a set of quick benchmarks posted with the patch, is a performance improvement of 109% to 143%. In other words, it may well be worth the trouble.
This patch is not quite ready for prime time, however; Dave notes:
The current code punts on a couple of important issues. When a process tried to write to a file with replicated pages, for example, those pages must be collapsed down to a single copy before the write can be allowed - or inconsistent copies will result. Similarly, if the last writer closes a file, that file suddenly becomes a candidate for replication. The patch, as posted, detects these situations but does not fully implement their resolution. A production-ready patch would also certainly have a mechanism for freeing replicated pages when memory gets tight. Given that this patch is clearly not 2.6 material, however, Dave has a long time to work out those details.
Harping on ARP
One of the longer-running current discussions on linux-kernel (and linux-net, and netdev) was started on July 27, when Bas Bloemsaat pointed out a problem that he was having. The Linux implementation of ARP, it seems, it not working as he would like.ARP, the Address Resolution Protocol, is the means by which IP addresses are translated to physical layer MAC (usually ethernet) addresses. ARP makes local area networks work by enabling systems to find each other. When one system has a packet to transmit to another on the local network, it broadcasts an ARP request packet seeking a MAC address for a given IP address. Some machine (usually the intended recipient) hopefully responds with the corresponding MAC address, and the packet gets sent.
If a Linux system (with a default configuration) receives an ARP request on one of its interfaces, and that request is looking for an IP address assigned to any of the systems interfaces, the system will respond to the ARP request through the interface that received it. This response happens even if the interface involved is not the one to which the requested address has been assigned. Mr. Bloemsaat's problems came about because his system has two interfaces plugged into the same network. Both interfaces receive - and respond to - ARP requests sent on that network. Depending on the order in which the responses are sent, traffic could be directed to the wrong interface.
Mr. Bloemsaat included a patch which restricts ARP responses to the interface actually implementing the requested address. But, over almost a month of discussion, the networking hackers have made it clear that they do not intend to change the way Linux behaves. Their reasoning follows, more or less, these lines:
- Blocking ARP responses in this way is putting filtering decisions
at the wrong layer of the networking code. This sort of action
belongs at the netfilter level, rather than down at the device level.
- Linux's approach to ARP responses is fully compliant with all
applicable RFCs.
- In some situations, responding out of all interfaces is the only way
to successfully get communication established.
- For situations where the default ARP behavior causes problems, the arp_filter sysctl knob can be used to change things. This knob is described in networking/ip-sysctl.txt in the kernel documentation directory. For those who do not want to do this sort of tweaking directly, the ebtables package presents an easier interface.
A lot of the confusion, it seems, comes down to a subtle difference in how systems handle IP addresses. Many (perhaps most) networking implementations treat addresses as "belonging" to the interfaces they are assigned to. With that view of the world, no network interface has any business responding to an ARP request for an address which is assigned elsewhere. Linux, instead, sees IP addresses as a property of the system as a whole. So it makes sense for an interface to respond to a request for one of the system's addresses, even if that address is normally associated with a different interface.
The networking RFCs make it clear that either view of IP addresses is legitimate. Armed with that, and their sense of how things should work, the networking hackers are determined to keep Linux's ARP behavior as it is.
Patches and updates
Kernel trees
Architecture-specific
Build system
Core kernel code
Development tools
Device drivers
Janitorial
Memory management
Networking
Page editor: Jonathan Corbet
Distributions
News and Editorials
BRLSPEAK and Oralux - Distributions for Visually Impaired
BRLSPEAK and Oralux are two specialist Linux distributions catering for our less fortunate friends and colleagues who happen to be blind or otherwise visually impaired. But even if you have a perfect 20/20 vision, it is worth taking a closer look at these projects - they are not only enormously useful, they are great fun too!
BRLSPEAK www.brlspeak.net is a
project started by Osvaldo La Rosa some 3 years ago. The author is visually
impaired and since he also happens to be a great fan of GNU/Linux and Free
Software, he decided to create a mini Linux distribution for those who suffer
from similar disabilities. From the author's web site: "Too many blind
computer users believe that only Microsoft operating systems are accessible
for them with braille or speech - this is not the case! There are
alternatives, and one of them is GNU/Linux. If you are looking for a free,
powerful, blind-friendly, stable, open source, network-enabled,
multi-tasking, multi-user and command line-minded operating system, then you
must absolutely learn about GNU/Linux!
"
BRLSPEAK is a mini Linux distribution (the size of the downloadable ISO image is only 36MB) with two objectives. Firstly, it has been designed in such a way that blind persons can install it without any outside assistance, and secondly, they should be able to pre-configure and compile the braille drivers all by themselves. These drivers will be immediately operational upon boot. All stated goals were achieved in November 2001 and BRLSPEAK version 7.0 was released later that month. It was based on Slackware's ZipSlack (hence the inflated version number), which can be installed in a directory on a DOS file system (no hard disk partitioning is necessary) or a ZIP drive. A new beta version, several related utilities, as well as a repository of pre-compiled braille terminal drivers are currently under development.
Oralux www.oralux.org is a recently launched project, first announced in July 2003. The distribution's web site does not provide much information about the project origins or its authors, but it does have a fair amount of useful documentation in the form of FAQs. Its major advantage over BRLSPEAK is that it runs directly from a bootable CD and no installation is required. It is based on Knoppix, with the usual excellent hardware auto-detection and immediate availability after boot. The size of the downloadable ISO image is under 400MB.
Booting Oralux is half the fun. After the obligatory hardware detection and configuration, the user is greeted with the sound of a cockerel, the distribution's official logo, which gives the user an opportunity to adjust speaker volume. The next step is the language selection with English as the only supported language in version 0.04 (courtesy of the Flite synthesis engine), although future releases might include Spanish and German, if there is sufficient demand and enthusiasm to contribute to the project. This is followed by a keyboard selection and a chance to install DECTalk, a popular commercial application with support for English and French, which some users might have available on their hard disks. All instructions are given in a surprisingly clear and crispy voice.
As soon as the initial configuration is completed, the users find themselves in Emacspeak. Emacspeak is a complete audio desktop, a speech interface that allows visually impaired users to interact independently and efficiently with their computers. This is a very simple definition and it would be more accurate to say that Emacspeak is a massive suite of dozens of speech-enabled applications. The range is quite astonishing and it includes multimedia control tools, authoring and productivity applications, and even development tools and games. Fancy a speech-enabled front-end to ssh? Or editing support for Perl with aural highlighting and access to online help? Or a spreadsheet application with support for customizing spoken feedback on a per-sheet basis? Yes it's all there. Also included is a simple, but standards-compliant w3 web browser and vm mail reader with full mime support.
It goes without saying that the usability of many of these applications depends on external factors. One of the more important ones is the skill of the user to navigate Emacspeak and those who are already familiar with Emacs and its commands will have a substantial advantage. But those who are not do not need to despair. A few essential commands are given right within the initial screen and further links to tutorials and online documentation are also provided. The complete Oralux web site with FAQs is available on the CD. Other notable features include the ability to save user preferences on a floppy disk, hard disk or USB pen drive and support for braille terminals.
Besides providing visually handicapped persons with access to computers and technology, the above projects demonstrate the tremendous value of open source software and the GPL license. Thanks to these qualities, those most in need are able to modify software to better suit their own requirements and release the modifications for the benefit of those who find themselves in a similar situation. This in turn creates communities of users, developers and enthusiasts with one common goal - to create better software and, in case of BRLSPEAK and Oralux, to enhance the quality of lives of our less fortunate fellow citizens. Well done!
Distribution News
Debian GNU/Linux
The Debian Weekly News for August 19, 2003 is out. This week covers a review of LibraNet, GNU/LinEx distribution more free than Debian?, discussions on debian-legal on the definition of "software", new rescue CDs, and much more.August 16, 2003 was the tenth anniversary of the first release of the Debian distribution. Debian has come a long way; congratulations are due to the many hundreds of developers who have worked at making it better over the years.
In commemoration of the event, "zwazo" has created 10 Years!, a wallpaper made with The GIMP for the 10 year anniversary of the Debian project with text from Ian Murdock's original announcement.
In this lengthy Bits from the RM, Debian Release Manager Anthony Towns examines the possibility of a stable release (of Sarge) before the end of the year. To get there, the experimental branch needs to be more widely used. Also outlined is a new policy for NMUs.
DebianPlanet covers a
Netcraft
article which says, "Debian is the second most popular Linux
distribution we find on internet web sites, surpassed only by Red Hat, and
leaving the likes of SuSE and Mandrake in its wake.
"
Manoj Srivastava, Debian Project Secretary, has re-opened some pending issues. The issues are: Constitutional amendment: disambiguation of 4.1.5 and Constitutional amendment: alternate disambiguation of 4.1.5.
Gentoo Weekly Newsletter -- Volume 2, Issue 33
The Gentoo Weekly Newsletter for the week of August 18, 2003 is out. This week Gentoo migrates to a more robust DNS infrastructure, more photos from LWE, and more.Trustix Secure Linux
The TSL developers have announced that the contributions area for TSL 2.0 is now up and running. Those with packages they wish to contribute may place the package on a convenient web server, and tell the contrib maintainers where to find it.The TSL developers have also announced a public testing area for TSL users.
Trustix has released a bug fix advisory for several TSL 2.0 packages including anaconda, ftpd-BSD, iputils, nss_ldap, ntp, openssh, pam_ldap, perl, perl-dbi, postfix, reiserfsprogs, swup, swupcron, and sysklogd.
Conectiva Linux 9 update CD
Conectiva has announced an update ISO image for Conectiva Linux 9. This update CD contains a new and improved installer as well as all official packages released as updates up to July 4, 2003.Slackware Linux
Slackware Linux has ugraded KDE, GNOME, made some changes to make CUPS and LPRng play better together, and lots more. See the slackware-current changelog for complete details.Red Hat Linux
Red Hat has new cdrtools packages fix locking issues that occur while burning CD ROMs while running newer errata kernels.
New Distributions
Mepis Linux
Mepis Linux is a desktop Linux that is also easy to configure as a dedicated server. It is designed for both personal and business purposes. The first official release was version 2003.0, dated May 10, 2003. The live CD allows installation or functions as a recovery CD. MEPIS Linux 2003.06 for Pentium processors, released June 16, 2003, includes features such as automatic hardware configuration, NTFS partition resizing, ACPI power management, WiFi support, anti-aliased truetype fonts, personal firewall, KDE 3.1.2, and much more. MEPIS Linux is derived from the Debian GNU/Linux code base. There is a review of Mepis at PCLinuxOnline.
Minor distribution updates
Astaro Security Linux
Astaro Security Linux has released stable v4.010 with minor feature enhancements. "Changes: This Up2Date added new features to the SMTP Content Filter such as MIME error checking, a global whitelist, user authentication for SMTP Smarthost, and improved anti-spam configuration options. It also included minor bugfixes for the SMTP and POP3 proxy and fixed timezone files."
Coyote Linux
Coyote Linux has released v2.02 with major security fixes. "Changes: The internal SSH server was upgraded to dropbear .35 to fix a remote security exploit. Bugfixes were made to the port-forwarding code. Additional items were added to the command line menu to make it easier to edit some of the system scripts."
Damn Small Linux
Damn Small Linux has released v0.4.4 with minor feature enhancements. "Changes: Not many cosmetic changes were made, but some functionality was added. Mount.App was added, providing a handy app for quickly mounting and unmounting drives. Newly added programs include telnet, less, un/zip, autofs, and a new version of Links-Hacked."
dyne:bolic GNU/Linux
dyne:bolic has released v1.0beta with major feature enhancements. "Changes: With this release all features planned for 1.0 are implemented, including nesting (save home and settings in a file on the hard disk or USB storage, also with AES128 encryption), new customized configuration tools in GTK+, support for many language locales, automount of USB dongles and cameras, firewire support, new applications for video acquisition, editing, online conferencing, and CD burning. There are various updates aimed at better performance and stability, and more VGA cards and video4linux devices are now supported."
MoviX2
MoviX has released MoviX2 0.3.1pre3 with minor feature enhancements. "Changes: Support for CastleRock EPIA's video cards was improved. A script to automatically install MoviX2 on USB pens and CompactFlash cards was added. An application to visualize pictures was added."
NSA Security Enhanced Linux
NSA Security Enhanced Linux has released v2003081307 with major feature enhancements. "Changes: The SELinux module has been merged into the mainline kernel as of 2.6.0-test3. This release includes new kernel patches based on the 2.6.0-test3 kernel and a backport of the 2.6 SELinux module to the 2.4.21 kernel. The new API is consistent between 2.4 and 2.6. The old 2.4 API and user-space utilities are no longer actively maintained. There have been a number of bug fixes and cleanups to the library and utilities, as well as new contributions to the example policy."
PXES Linux Thin Client
PXES Linux Thin Client has released v0.6-4 with minor bugfixes. "Changes: There have been some fixes and small changes in this new release. The kernel was upgraded to 2.4.20-6pxes including Tulip NIC support. The ICA Client 7.00 has now had some small bugs fixed. A new LTSP session was added to support existing deployments, session parameters can be provided by the DHPC options, as usual, or can be included in the kernel command line or remote configuration files or even asked at run time. Rdesktop version is selectable from 1.2.0 and 1.1.0. There is a new libcrypto.so.0.9.6-pxes. Pre-built images can be found in pxes-images featuring initrd, NBI, and ISO."
RUNT
RUNT has released v2.0 with major feature enhancements. "Changes: Rebuilt from Slackware 9.0 and updates. Includes hotplug, improving hardware autodetection. Kernel 2.4.21 includes substantially improved device support and support for USB 2.0. It installs the APM module by default (remove from rc.modules if you don't want it), and deletes the DHCP cache on startup to prevent requests for previous IPs."
Sentry Firewall
Sentry Firewall has released v1.5.0-rc3 with major feature enhancements. "Changes: There have been a lot of updates since the last release including an updated kernel, snort, and squid. The howto has also been updated."
Distribution reviews
Ark Linux, taking penguins on a ride to the future (TuxReports)
TuxReports reviews Ark Linux 1.0 alpha8. "After grub is loaded and KDE starts, Ark Linux does an autologin using the default user arklinux. This user id is disabled but a tool called kapabilities allows the login to occur. It also allows the user to install software without access to root. Instead of a login prompt, a new user is greeted with the KDE desktop."
Page editor: Rebecca Sobol
Development
The Enterprise Volume Management System
The Enterprise Volume Management System (EVMS) is an open-source data storage system that has been developed at IBM, it has been released under the GNU General Public License, version 2.
EVMS has been designed to work with a large number of existing storage management systems on a number of different operating system platforms, it also supports all of the common Linux filesystem types. Management of EVMS can be performed with a gtk-based GUI, a curses-based terminal mode, and a command line mode. The EVMS User Guide has examples of the various interfaces, in addition to a lot of additional information.
Further information on the inner workings of EVMS can be had from the EVMS 2.0 Architecture Overview and the EVMS Cluster Design Document.
Version 2.1.1 of EVMS has been announced this week. It is a maintenance release that features a few bug fixes and support for the latest version of Device-Mapper.
If you have a need for managing large amounts of data, EVMS is worth checking out.
System Applications
Audio Projects
Planet CCRMA updates
A number of new versions of various audio utilities are available from Planet CCRMA. See the Change Log for details.Helix Community Updates #5
Issue #5 of the Helix Community Updates has been published with the latest Helix Community news. "The Helix community is a collaborative effort among RealNetworks, independent developers, and leading companies to extend the Helix DNA platform, the first open multi-format platform for digital media creation, delivery and playback."
Database Software
PostgreSQL Weekly News
The August 13, 2003 edition of the PostgreSQL Weekly News is out with the latest PosgreSQL database news.
Electronics
PCB 20030815 released
After a long period of inactivity, Harry Eaton's printed circuit board CAD program, PCB has been revived. The Change Notes say: "For those who have not tried out the CVS sources lately, you'll note that this snapshot includes DJ Delorie's trace optimizer as well as some library fixes."
Mail Software
Bogofilter-0.14.5-New Current Release (SourceForge)
A new version of the spam email filter Bogofilter has been released with the following changes: "Two parser fixes, a new '-T' (terse mode) option for scripting, and FAQ updates."
milter-sender 0.34 released
Version 0.34 of milter/sender, an email spam filtering application, has been released with several bug fixes and new features.
Medical Software
OSCAR 1.1 Available (LinuxMedNews)
Version 1.1 of Open Source Clinical Application and Resource (OSCAR), a web-based electronic patient record system, has been announced. "The new version contains quite a number of new and improved features."
Printing
Alambic 0.2a released
Version 0.2a of Alambic, an enterprise class PDF creation and distribution utility, has been released. The project's documentation is currently in a fairly early state. "Alambic receives PostScript documents and sends their PDF counterpart. It can operate in two modes, HTTP or SMTP. In SMTP mode, the resulting PDF document is sent directly to the requesting user. In HTTP mode, the PDF file is stored on the Alambic server and a URL is sent to the requesting user for later retrieval."
Web Site Development
Bricolage 1.6.4 released
Version 1.6.4 of Bricolage, a web publishing platform, has been released. This release follows on the heels of Bricolage 1.6.3, and includes some additional bug fixes.mod_caml 0.6.0 released
Version 0.6.0 of mod_caml, the Objective Caml language bindings for the Apache web server, has been released.
Miscellaneous
Animal Shelter Manager 1.20 Stable released (SourceForge)
Version 1.20 Stable of Animal Shelter Manager has been released. "This release contains the awaited medical tracking, lots of new features, improvements and of course the obligatory bug fixes. Animal Shelter Manager is a complete computer solution for animal sanctuaries and rescue shelters. Features complete animal management, document generation, full reporting, charts, internet website publishing, PetFinder integration and more."
Using libldap, the LDAP Client Library (O'ReillyNet)
Rory Winston illustrates the use of libldap on O'Reilly. "In this article, we have the task of creating an employee information database that contains such information as employee name, job title, and department. We will use LDAP to store this basic employee information for our company. Using an LDAP repository allows us to easily retrieve and change the data. We will write our data-lookup modules in C, in order to integrate with an existing application. Without further ado, let's set up our LDAP information store."
Desktop Applications
Audio Applications
Ardour 0.9 beta 3 available
Version 0.9 beta 3 of Ardour, a multi-track audio recording and editing package, has been released. "This fixes a few dozen bugs reported from earlier beta releases, and includes a new design for the Region list. Progress is slow with madness around your feet, but Ardour continues to move toward 1.0 status, later than expected, but hopefully early September. The biggest task right now is writing the manual, although the selection system in the editor still requires some deep modifications to be adequately useful."
Two new releases of gmorgan
Two new releases of gmorgan, an electronic organ synthesizer with auto-acommpaniement, have been released this week. See the announcements for version 0.12 and version 0.13.jackEQ: dj eq and meter announced
A new equalizer plugin is available for the Jack Audio Connection Kit (JACK). "For those of you who are interested in dj tools or tools for live performance, Steve Harris has made a new plugin called DJ EQ which is a three band EQ commonly found on dj mixing consoles."
Rhythmbox 0.5.0 released (GnomeDesktop)
GnomeDesktop.org has an announcement for version 0.5.0 of Rhythmbox, a music management application for GNOME. "First of all, the netRhythmbox branch has been merged back into the Rhythmbox mainline. It is always a good thing when a fork is resolved amicably. Secondly, a very large number of outstanding bugs have been quashed, and a number of new features have been added. This release was a long time in the making, and we feel that it is quite solid and usable. The code base is also cleaner in many respects, and I think this bodes quite well for the future."
Desktop Environments
GNOME Desktop 2.4 Beta 1 released (GnomeDesktop)
GnomeDesktop.org has the announcement for version 2.4 Beta 1 of the GNOME Desktop. "Due to the huge success of our time-based release and 'always buildable, testable and usable from CVS' policies, this GNOME beta does not fulfill the 'dangerous fruit' attraction of past beta releases. In fact, the 2.3 series has been a thoroughly stable and comfortable working environment for hackers and dedicated testers throughout its development."
Dropline GNOME 2.2.5 available (GnomeDesktop)
GnomeDesktop.org has an announcenent for version 2.2.5 of Dropline GNOME. "While the development for GNOME 2.4 is in full-swing, official GNOME 2.2 packages are still being released as needed. This update adds a month and a half of bug-fix releases for Slackware users, plus some new things like Evolution 1.4.4 and Xine 1.0-RC. The long-standing problem with the gnome-python package lacking pyorbit support has also been been resolved, and the two popular patches adding slimmer toolbars and a cleaner, more functional file selector to GTK+ have been intergrated into Dropline GNOME."
Beautify your desktop (GnomeDesktop)
Several new desktop themes are available for GNOME. "Please check out the gnome-themes-extras homepage for details on our 5 included themes; Amaranth, Gorilla, Lush, Nuvola and Wasp. Including many screenshots of course!"
KDE CVS Digest
The KDE CVS Digest for August 15, 2003 is out. Here's the summary: "Kooka, the KDE scanning application, now supports ocrad, a GPL OCR engine. Juk gets a history playlist feature, along with some serious optimizations. Kmenu, the Kmail address selection dialog, Korganizer and Ksnapshot get usability improvements. Kstars has added the capability to generate a skymap from the commandline. And many bugfixes in Koffice, Kate and Kopete."
Adding WhatsThis Help To KDE Applications (KDE.News)
KDE.News looks at a new document that helps people add to the online KDE documentation. "Adding WhatsThis Help To KDE Applications is the first installment in the Non-Programmer's Guide to Participating in KDE tutorial series. This series is designed to aid those who would like to participate in the KDE project, but for one reason or another can't do so by contributing source code. Fortunately, there are many tasks in KDE that don't involve writing code, and many of them don't require much investment in the way of time, either."
cuckooo: OpenOffice.org nested in KDE
KDE.News looks at The CuckOOo project. "Have you ever dreamt of OpenOffice.org integration in KDE? Perhaps you should try cuckooo, a KDE Part which allows OpenOffice.org to be run in a Konqueror window. It is currently limited to just viewer capabilities, but as you can see from the screenshots, the technology is promising."
Financial Applications
BIE 5.4.2 released (SourceForge)
Version 5.4.2, a stable release of the Business Integration Engine (BIE), is available. "Version 5.4.2 adds features to the Map Builder tool, including unit conversion macros, and provides better recovery from internal exceptions in the web interface. New features in BIE 5.4 include a cron-like task scheduler, POP3 message listener, and an "Assign to Message" action allowing routes to create new messages from existing ones by evaluating XPath expressions. Enhancements to the Map builder include 3 new conditional macros, and an SQL get macro allowing a connection to external database during map creation. This version also fixes a number of bugs in the 5.4 beta releases, and should be considered the most stable version of BIE currently available."
Compiere 2.5.0b released (SourceForge)
Version 2.5.0b of Compiere, an ERP/CRM (Enterprise Resource Planning/Customer Relationship Management) package, has been announced. "Release 2.5.0b provides improved Project Management functionality as well as Recurring Documents, Merging Business Partners and Products, Improved support for high latency networks and Replication (e.g. for remote POS). The first Language Packs (Spanish and German) are out."
GnuCash version 1.8.5 released
GnuCash 1.8.5 is out, with a long list of bug fixes and a few new features. There is also a new documentation release to go along with it.GNUe Traffic
Issue #93 of GNUe Traffic is online. This week's topics include: Triggers in AppServer, Display masks and 'select count distinct', Relative stability of old 0.5.0 release and CVS, Multiple data blocks in Forms, Oracle and ODBC with Microsoft Windows versions of GNUe, Character-only (curses) User Interface for Forms, and GNUe Small Business and arias.
Games
PCGen 5.3.4 is available (SourceForge)
Version 5.3.4 of PCGen, a cross-platform Java-based RPG character generator and maintenance program, is available. This release features many changes and bug fixes.
Graphics
libgphoto2/gphoto2 2.1.2 released (SourceForge)
Version 2.1.2 of libgphoto2/gphoto2 has been announced. "gPhoto is a program and library framework that lets users download pictures from their digital cameras. There are currently more than 300 supported digital cameras across several platforms. On 2003-08-10, we released 2.1.2. It features fixes for some nasty bugs and support for even more cameras."
GUI Packages
FLTK Updates
The latest new software for FLTK, the Fast Light ToolKit, includes SPTK 2.0b3, the Simply Powerful ToolKit, and FLU 2.6, a library of FLTK widgets.Glib/Gtk2 0.94 and GladeXML 0.90 (SourceForge)
SourceForge has the announcement for Glib/Gtk2 0.94 and GladeXML 0.90. "The latest beta cycle introduces more missing functions and quite a lot of documentation for those wishing to write bindings for other gtk2/gobject-based libraries. This is also the first release in a beta cycle that should take the GladeXML module to 1.0. We need bug and missing functionality reports!"
A Beginner's Guide to Using pyGTK and Glade (Linux Journal)
Linux Journal has published a beginner's guide that covers the use of pyGTK and Glade for developing Python GUI applications on GNOME. "The beauty of pyGTK and Glade is they have opened up cross-platform, professional-quality GUI development to those of us who'd rather be doing other things but who still need a GUI on top of it all. Not only does pyGTK allow neophytes to create great GUIs, it also allows professionals to create flexible, dynamic and powerful user interfaces faster than ever before. If you've ever wanted to create a quick user interface that looks good without a lot of work, and you don't have any GUI experience, read on."
Instant Messaging
Gaim 0.67 & Gossip 0.5 released (GnomeDesktop)
New versions of the instant messaging clients Gossip and Gaim have been announced. "Imendio is happy to announce the release of Gossip 0.5. We have, with help from others, added a couple of new features that will help you use Gossip more efficiently. A lot of small bugs have been fixed as well."
"Gaim 0.67 has been released. It looks really nice. Some choice nuggets include a brand new
IRC plugin from Ethan "The Man" Blanton and some beautiful status icons on conversation
tabs by Etan "Also The Man" Reisner. And even though this version is totally awesome,
we're already working hard on 0.68. Stay tuned.
"
Interoperability
Samba-3.0.0 RC1 available
Version 3.0.0 RC1 of Samba has been released. "The first release candidate of the Samba 3.0.0 code base is now available for download. A release candidate implies that the code is very close to a final release, but remember that this is still a non-production snapshot intended for testing purposes. Use at your own risk. One of the main additions in this release is the stable support for both client and server SMB signing." See the release notes for more information.
Wine Traffic
Issue #183 of Wine Traffic has been published. Topics include: Wine-20030813, Interview with Francois Gouget, Linux Format Mag, BiDi Test Program, Configuring Keyboard Layouts, RedHat 7.3 RPMs, and Wine History.
Word Processors
AbiWord Weekly News
Issue #157 of the AbiWord Weekly News is available. Here's the lead-in: ""Who is John Gaalt" is a pathetic question. Try these: "Where are the Release Candidates?" "What do RTF and ABW have in common?" "What virus was stashed inside AbiWord binaries?" And, before you answer those, read my personal article on "Why Isn't Windows Ready for Me?""
KOffice 1.3 Beta 3 Released (KDE.News)
KDE.News has an announcement for version 1.3 Beta 3 of the KOffice integrated office suite. "It brings a lot of bugfixes and a couple of new features compared to KOffice 1.3 Beta 2. This release is the last beta in the 1.3 series. There will be only one more release candidate and the final version is expected to be released in September after the KDE Contributor Conference during which hopefully many of the remaining bugs will be fixed."
OpenOffice.org Newsletter
The August 2003 edition of the OpenOffice.org Newsletter has been published. Take a look to see what's new in the world of OpenOffice.org.OpenOffice.org 1.1 RC3
OpenOffice.org 1.1 RC3 is ready for download. This release is functionally equivalent to the final version, so get a copy and find those bugs.
Miscellaneous
Mono 0.26 released (GnomeDesktop)
GnomeDesktop.org has an announcement for version 0.26 of Mono, the open source implementation of the .NET Development Framework. "A new version of Mono is available, the new features include: Cairo support, Remoting.Corba support, as well as a managed XSLT implementation."
Languages and Tools
Caml
Caml Weekly News
The August 12-19, 2003 edition of the Caml Weekly News has been published. Take a look for a number of new Caml articles.Camomile 0.4.1 released
Version 0.4.1 of Camomile has been released. "Camomile is a comprehensive Unicode library for objective caml language. The library is currently designed to conform Unicode Standard 3.2." See the Changes document for information on this version.
Java
JGoose Echidna v1.5.1 alpha-release (SourceForge)
Version 1.5.1 alpha of JGoose Echidna is available. "This release contains a big step concerning the advanced refactoring. Furthermore we have got an MDR file format support. Moreover we have restored the old Echidna functionality to the new JGraphpad framework. Beside it we have removed several small bugs. With Echidna you can import and analyze Java Source Code."
Stored Procedures for Java Programmers (O'Reilly)
Nic Ferrier covers Java database issues on O'Reilly. "This article explains how to use DBMS stored procedures. I explain the basics and some advanced features such as returning ResultSets. The article presumes you are fairly familiar with DBMSs and with JDBC. It also assumes you're fairly comfortable reading code in a foreign language (that is, not Java), but does not expect any previous stored procedure experience."
Perl
This Week on perl5-porters (use Perl)
The August 11-17, 2003 edition of This Week on perl5-porters is available. "The next maintenance release of Perl approaches, but the porters want to take the time to do it right. Meanwhile, discussions and bug reports continue to occur, as usual. Read about new and old documentation, valgrind, backwards [in]compatibility, and other stuff."
Perl Design Patterns, Part 3 (O'Reilly)
Phil Crow completes his series on Perl design patterns with part three. "This article continues my treatment by considering patterns which rely on objects. As such, this article's patterns bears the most resemblance to the GoF book. Before presenting some patterns, I'll give you my two cents about object applicability."
PHP
PHP 4.3.3RC4 released
Version 4.3.3RC4 of PHP has been released. "This is should be the last release candidate prior to the final 4.3.3 release. Please test this release as much as possible, so that any remaining issues can be uncovered and resolved." Change information is in the NEWS file.
phpDocumentor 1.2.2 is released (SourceForge)
Version 1.2.2 of phpDocumentor, a documentation solution for PHP, has been announced. "Several critical bugs were discovered in the implementation of HighlightParser, post-processing of tutorials. In addition, the algorithm used to find file-level documentation was changed to be more natural. All users should upgrade existing installations to 1.2.2."
Turck MMCache for PHP version 2.3.23 is released (SourceForge)
Version 2.3.23 of Turck MMCache, a PHP accelerator, has been released. "This is should be the last version prior to the stable 2.4.0 release. Please test this release as much as possible."
PHP Weekly Summary for August 18, 2003
The PHP Weekly Summary for August 18, 2003 is out. Topics include: COM and .NET extension for PHP 5, variable_exist(), zend_alter_ini_entry, statistics extension, pspell for Win32, indexing bug.
Python
New Python Documentation
Several new Python language documents have been published this week. Among them are new versions of the General Python FAQ, the Python Programming FAQ, the GUI FAQ, and the Extending/Embedding FAQ.Dr. Dobb's Python-URL!
The August 17, 2003 edition of Dr. Dobb's Python-URL is out with the latest Python language news.Python-dev Summary
The Python-dev summary for the first half of August is now available. It looks at making Python run with Parrot, development of python-mode.el, where packages should go, the hazards of __slots__, and various other topics.
Smalltalk
Unix Squeak 3.6-beta2 available
Version 3.6 Beta-2 of the Unix Squeak Smalltalk virtual machine has been released. "Second beta release of version 3.6. Display/sound drivers are now dynamically loaded (and can be selected) at startup. New display driver for running on the raw Linux console. Copy/paste compatibility problems fixed (thanks to Ned Konz). Problems with plugin and shared library searching fixed. Dependencies on glibc2.3 in the 386 GNU/Linux version removed. Updated OSProcessPlugin from Dave Lewis."
Tcl/Tk
Dr. Dobb's Tcl-URL!
The August 18, 2003 edition of Dr. Dobb's Tcl-URL has been published. Take a look for lots of Tcl/Tk news and articles.
XML
Introducing Anobind (O'Reilly)
Uche Ogbuji discusses his Python-XML binding software, Anobind. "My recent interest in Python-XML data bindings was sparked not only by discussion in the XML community of effective approaches to XML processing, but also by personal experience with large projects where data binding approaches might have been particularly suitable. These projects included processing both data and document-style XML instances, complex systems of processing rules connected to the XML format, and other characteristics requiring flexibility from a data binding system. As a result of these considerations, and of my study of existing Python-XML data binding systems, I decided to write a new data Python-XML binding, which I call Anobind."
Discover key features of DOM Level 3 Core, Part 1 (IBM developerWorks)
Arnaud Le Hors and Elena Litani write about DOM on IBM's developerWorks. "In this two-part article, the authors present some of the key features brought by the W3C Document Object Model (DOM) Level 3 Core Working Draft and show you how to use them with examples in Java code. This first part covers manipulating nodes and text, and attaching user data onto nodes."
Make the most of Xerces-C++, Part 2
IBM's developerWorks has published part 2 in the series on Xerces-C++ by Rick Parrish. "This two-part article offers an introduction to the Xerces-C++ XML library. Here in Part 2, Rick Parrish demonstrates how to load, manipulate, or synthesize a Document Object Model (DOM) document, and how to recreate the bar graph in Part 1 using Scalable Vector Graphics (SVG). C++ programmers who read these articles should be able to easily add XML parsing and processing capabilities to their applications."
DocBook for Eclipse: Reusing DocBook's Stylesheets (O'Reilly)
Jirka Kosek explains how to use DocBook with Eclipse on O'Reilly. "DocBook is a popular tool for creating software documentation among developers. One reason for its success is the existence of the DocBook XSL stylesheets, which can be used to convert DocBook XML source into many target formats including HTML, XHTML, XSL-FO (for print), JavaHelp, HTML Help, and man pages. The stylesheets can be further customized to get other outputs as well. In this article I am going to show you how easily you can integrate DocBook documents into the Eclipse platform help system by reusing existing stylesheets."
Miscellaneous
SCons 0.91 adds support for Qt and SWIG (SourceForge)
Version 0.91 of SCons, a replacement for Make, has been announced. "This release most notably adds support for building from Qt source (.ui) files and SWIG (.i) files."
Python & Java: a Side-by-Side Comparison
Stephen Ferg compares programmer productivity between Java and Python. "A programmer can be significantly more productive in Python than in Java. How much more productive? The most widely accepted estimate is 5-10 times. On the basis of my own personal experience with the two languages, I agree with this estimate. Managers who are considering adding Python to their organization's list of approved development tools, however, cannot afford to accept such reports uncritically. They need evidence, and some understanding of why programmers are making such claims. This page is for those managers."
Server clinic: R handy for crunching data (IBM developerWorks)
Cameron Laird looks at R on IBM's developerWorks. "R is sophisticated open-source software for managing statistical calculations. It's easy enough to use that it can benefit you even if you need only a fraction of its capabilities."
Page editor: Forrest Cook
Linux in the news
Recommended Reading
Global IT firm predicts Linux will have 20% desktop market share by 2008 (NewsForge)
NewsForge reports that Siemens Business Systems has declared that Linux has matured as a desktop. "[Senior program manager Duncan] McNutt says that when Siemens, with 33,000 employees in 44 countries, initially evaluated Linux as a productivity desktop, it saw little utility outside of technical departments. "We didn't see Linux on the desktop as a major market, but we were wrong.""
Heise reports from SCO Forum
Here is a Heise News report (in German) from SCO Forum. An English translation can be had via Babelfish, but, perhaps, the most interesting feature of the article is a couple of photos from Darl McBride's "copied code" presentation; these images are available in enlarged form here and here. The offending code, it seems, is from arch/ia64/sn/io/ate_utils.c, which carries an SGI copyright.
Companies
Los Alamos lab orders Opteron clusters (ZDNet)
ZDNet reports on "Lightning" and "Orange", two new Linux cluster supercomputers built by Linux Networx, with AMD Opteron processors. "The advent of clusters has also opened up scientific computing market to more competition. Dell, often chided by large companies such as IBM for not conducting much independent research, is one of the largest providers of Linux clusters."
SCO's proof bogus, Linux advocate says (InfoWorld)
As seen in this InfoWorld article, the mainstream press is beginning to get the word about SCO's "copied code." "SCO spokesman Blake Stowell had not viewed Perens' analysis, but he reasserted his company's belief that the code was inappropriately contributed. 'At this point it's going to be his word against ours,' he said of Perens."
Linux Adoption
Rockin' on without Microsoft (News.com)
Recommended reading: this News.com interview with Sterling Ball, CEO of guitar string manufacturer Ernie Ball, which converted over to free software. "I became an open-source guy because we're a privately owned company, a family business that's been around for 30 years, making products and being a good member of society. We've never been sued, never had any problems paying our bills. And one day I got a call that there were armed marshals at my door talking about software license compliance."
China blocks foreign software use in gov't (CNETAsia)
Here's a CNETAsia article on a decision by the Chinese government that ministries must buy locally-produced software. "In addition to commercial reasons for protecting local software, there are security concerns. China is placing official support behind the Red Flag Linux operating system, which they trust because the open-source code allows officials to see that there are no data spyholes installed by foreign powers."
World's Largest Country Goes for KDE (KDE.News)
KDE.News announced that KDE will be bundled with Redflag Linux Desktop 3.2 on Chinese desktops. "Redflag Linux, a Linux distribution backed by the Chinese government, seems to be well situated to to fill their OS needs. And along with Redflag Linux Desktop 3.2 comes none other than our favorite desktop."
Interviews
SuSE putting dents in Microsoft's armor (ZDNet)
ZDNet interviews Richard Seibt, SuSE CEO. "After a long career at Big Blue, where among other things he was managing director of IBM Germany, Seibt joined SuSE in January. He recently sat down for a roundtable discussion with CNET News.com's Editorial Board to talk about the future of open-source software and his plans for expanding the company's profile in the United States."
Guido van Rossum Speaks (ONLamp)
ONLamp interviews Guido van Rossum on his departure from PythonLabs and several other topics. "The role of PythonLabs has actually been diminished, and although the perception is that PythonLabs still controls a large percentage of the core code, in fact the reality is that PythonLabs folks have all been hacking on various pieces of Zope and ZODB. So the larger developer community has taken over and has done so very successfully."
GNU Questions: RMS on SCO, Distributions, DRM (OfB.biz)
Open for Business interviews Richard Stallman. The discussion includes many topics including SCO, GNU/Linux distribution choices, Digital Rights Management, dual licenses schemes, and more. "RMS: No wise person looks forward to a major battle, even if he expects to win it. Rather than being concerned that we have not yet tested the GPL in court, I'm encouraged by the fact that we have been successful for years in enforcing the GPL without needing to go to court. Many companies have looked at the odds and decided not to gamble on overturning the GPL. That's not the same as proof, but it is reassuring."
SCO Turns Up the Heat on Linux Users (eWeek)
eWeek had a conversation with SCO Group CEO Darl McBride. "'In a nutshell, this litigation is essentially about the GNU General Public License and all it stands for. That license has not yet been challenged or tested in court, but it is now going to be. We are also firmly and aggressively challenging the notion that Linux is a free operating system,' McBride said."
Resources
Dispelling the Myth of Wireless Security (O'ReillyNet)
Rob Flickenger, author of Wireless Hacks, circumvents security on a standard 802.11b network, on O'ReillyNet. "[Even] if all standard precautions are in place, how much "security" do wireless access points actually provide? Having heard all sorts of widely varying estimates and assumptions from people who should be able to make an educated guess, I finally decided to see for myself what it would take to circumvent the security of my own standard 802.11b network."
Winning the War on spam: Comparison of Bayesian spam filters (dataparity.no)
A comparison of Bayesian spam filters by Kristian Eide is available on dataparity.no. "Fortunately, just as we seemed to be losing the war on spam, a new technique appeared on the scene after a paper by Paul Graham: Bayesian filters, our last, best hope for spam-free inboxes." Four spam filters are compared in the article.
An Introduction to perl-ldap (Linux Journal)
Linux Journal has published a review of perl-ldap. "As systems get larger and the number of users they support increases, it becomes more difficult to manage systems using only the old-fashioned UNIX /etc/passwd file. A common solution to this problem is to use a Lightweight Directory Access Protocol (LDAP) server. The use of an LDAP server presents a problem to the system administrator, however, in that the contents of the database are no longer available in an easy to read or modify format. Hence, new tools must be written that allow standard, everyday tasks, such as adding or deleting users, to be performed. This is where perl-ldap comes in. perl-ldap provides the Net::LDAP perl module, which enables easy access to the data contained in LDAP directories from Perl scripts. This makes the module a useful tool for system administrators and Web developers alike."
Reviews
Rapid Pace of Development for Mozilla Firebird (MozillaZine)
MozillaZine looks at the rapid development pace of the Firebird browser project. "Mozilla Firebird has grown from its modest beginnings as an offshoot of the mainstream Mozilla project to become the centre of the Mozilla Foundation's future strategy. In the past, development has sometimes been tumultuous: weeks of furious activity have often been followed by periods of almost no change at all and at several points the project has come close to death. Fortunately, Firebird development has been rapid in recent weeks as the program makes the last remaining changes necessary for it to become the default Mozilla browser, which is likely to occur in the 1.6 timeframe."
An introduction to Thunderbird, part 5 (Nidelven-it)
Kay Frode continues the introduction to Thunderbird series with part 5. "One of the best features about Thunderbird is the spam (junk) mail filter. Thunderbird has a built-in filter which can be adjusted and tuned in for your own pleasure. You may need to spend a week or two training it what's spam and what's not spam, but it will be worth it. :)"
Linux supercomputer rocks down under (Vnunet)
Vnunet covers the Australian Computational Earth Systems Simulator (ACcESS) at the University of Queensland in Brisbane, Australia. "It is based around an SGI Altix 3000 supercomputer, powered by 208 Intel Itanium 2 processors. Built on SGI's NUMAflex non uniform memory access scalable architecture, it boasts a hefty 208GB of main memory and also uses the new Silicon Graphics Onyx4 UltimateVision graphics system."
Project searches for open-source niche (ZDNet)
ZDNet covers a new open-source search engine. "Called Nutch, the project is developing open-source software for locating documents online. But unlike major search providers, it won't cloak its formulas for matching relevant results to visitors' queries. Rather, it will provide an open window into its calculations with links to explanations on how it determined each result, according to lead architect Doug Cutting."
Miscellaneous
V8 racers get in-car Linux safety system (ZDNet)
ZDNet Australia reports on a different Linux-based crash analysis application: video data collection in race cars. "For a trial run at Oran Park on the weekend, Opia Vision fitted each car with a camera linking back to a customised computer using Red Hat Linux. The computers measure 285 x 200 x 85 mm and use SOM (system on module) motherboards, essentially a full computer on a four-inch square board."
Page editor: Forrest Cook
Announcements
Non-Commercial announcements
OSDL Response to SCO Lawsuit - No Reason to Pay
The Open Source Development Labratory (OSDL) has released a Q&A paper on the SCO lawsuit, designed to help IT managers understand the risks of ignoring SCO's demands for Linux license fees. Here's the press release announcing the paper, in which OSDL CEO Stuart Cohen states, "we see no evidence that end users are slowing down their Linux implementation plans because of SCO's actions.. OSDL's position on this issue: .. there is real doubt as to whether end users should purchase a license from SCO." The paper, written by technology law expert Lawrence Rosen, can be found here (PDF format) and in HTML here.
Commercial announcements
D. H. Brown's server vendor study
D.H. Brown has announced a study of Linux server vendors. "This report documents the Linux strategies of the market leaders -- Dell, Hewlett-Packard, IBM and Sun Microsystems, and highlights areas of distinction and difference among their offerings. Along with describing these vendors' maturing Linux strategies and offerings, the study notes Linux use by mainstream users for mission critical applications. These include Precision Response Corporation using Linux for CRM applications; Amazon.com using Linux to support a large part of their web infrastructure; and Tommy Hilfiger Corporation's use of Linux in its value-chain management application."
SCO's earnings report
Here is SCO's press release on its third quarter earnings. The company claims a $3.1 million profit, thanks to ongoing payments on the licenses sold to Sun and Microsoft. "We intend to use this capital to continue our intellectual property protection and licensing initiative as well as for launching SCOx, our Web services strategy." SCO has also put out a press release on insider trading that, as far as we can tell, says almost nothing at all.
A report from SCO Forum
A report from the first day at SCO Forum has been posted on the Yahoo investment boards; it is split up so you have to look separately at part 1, part 2, and part 3. It is an interesting look into what is happening there. "There was a strange disconnect between the morning sessions, putting down the GPL, and the afternoon sessions, where GPL'd software was used as a 'savior' of the OpenServer and UNIXWare products. It was mystifying to me how the participants could achieve this disconnect, but they seemed happy about the use of SAMBA 3 to achieve Active Directory compatibility and the announcements of other ports of GPL'd software from the Linux codebase to SCO products."
Toshiba Server available with Astaro Security Linux Installed
The Toshiba compact Magnia SG20 server is now available with Astaro Security Linux. "Astaro, a developer of all-in-one security software Astaro Security Linux, today announced that the Toshiba Computer Systems Groups (CSG) compact Magnia SG20 server with Astaros security software (Astaro Security Linux) is now shipping."
Desktop Evolution, Lycoris, and Toshiba Join Forces to Launch Mainstream Linux Tablet
A new Linux tablet pc has been announced. "Desktop Evolution Incorporated, a leading developer of high-performance, appliance and embedded devices, today announced De-Tablet, a Linux Tablet built on the Toshiba Portege® tablet platform and pre-installed with Lycoris Desktop L/X® Tablet Edition, Linux Operating System."
New Books
XUL Bookshelf Launches (MozillaZine)
MozillaZine reports on a new XML User Interface Language (XUL) Bookshelf site that has been put together by the folks at the Open XUL Alliance. Take a look to see all of the literature that's available on XUL.New books from Bruce Perens
Addison-Wesley/ Prentice Hall PTR have published two new books in the Bruce Perens' Open Source Series: Implementing CIFS: The Common Internet File System, and Managing Linux Systems with Webmin: System Administration and Module Development.
Contests and Awards
Nominations Open for 2003 Linux Medical News Achievement Award (LinuxMedNews)
Nominations are being accepted for the LinuxMedNews Software Achievement Award. "Open source software isn't 'magic pixie dust' and there are real people making significant personal sacrifices as well as doing difficult work to make medicine's free software future a reality. This award is intended to honor the individul who has accomplished the most towards the goal of improving medical education and practice through free/open source medical software."
Upcoming Events
PyCon DC 2004
PyCon DC 2004 is a Python language conference that will be held in Washington, D.C. on March 24-26, 2004. "A Call For Proposals will be issued by mid-August. Presentations will be required in electronic form for publication on the web."
Events: August 21 - October 16, 2003
| Date | Event | Location |
|---|---|---|
| August 21, 2003 | New Security Paradigms Workshop 2003(NSPW 2003) | (Centro Stefano Francini)Ascona, Switzerland |
| August 22 - 30, 2003 | KDE Developers' Conference | (Zamek Castle)Nove Hrady, Czech Republic |
| August 27 - 29, 2003 | International Conference on Principles and Practice of Declarative Programming(PPDP 2003) | (Uppsala University)Uppsala, Sweden |
| August 31 - September 2, 2003 | AUUG 2003 Conference | (Duxton Hotel)Sydney, Australia |
| September 3 - 4, 2003 | LinuxWorld Conference & Expo (Cancelled) | (The NEC)Birmingham, UK |
| September 8, 2003 | Boundaryless Information Flow: Open Source in the Enterprise | (Hilton London Paddington)London, UK |
| September 11 - 12, 2003 | Python for Scientific Computing Workshop(SciPy'03) | (CalTech)Pasadena, CA |
| September 15 - 18, 2003 October 7 - 8, 2003 | LogOn Web Days | Across Europe |
| September 15 - 18, 2003 | Embedded Systems Conference(ESC) | (Hynes Convention Center)Boston, Mass |
| September 26 - 27, 2003 | Third DZUG-Conference | Paderborn, Germany |
| October 12 - 15, 2003 | International Lisp Conference 2003(ILC 2003) | New York, NY |
| October 15 - 17, 2003 | The First Plone Conference | (Tulane University)New Orleans, Louisiana |
Web sites
FootNotes in German (GnomeDesktop)
GnomeDesktop.org has announced a new German language version of the site. "GnomeDesktop-de.org is intended to make GNOME more considered in german-speaking countries like Germany and Austria by reaching people who cannot understand the original english news."
GnuCash Documentation Page
The GnuCash Documentation Project has announced the new GnuCash Documentation Page. "Yup, that's right, we've got our own web page now. Full of useful information of access and hacking GnuCash documentation. From answers to the most basic newbie questions, to information on how to write docbook xml, it is all here."
Software announcements
This week's software announcements
Here are the software announcements, courtesy of Freshmeat.net. They are available in two formats:
- Sorted alphabetically,
- Sorted by license.
Page editor: Forrest Cook
Letters to the editor
an irish linux user's attempt to purchase a license...
| From: | kevin lyda <kevin+dated+1061376018.36d039@ie.suberic.net> | |
| To: | lwn@lwn.net | |
| Subject: | an irish linux user's attempt to purchase a license... | |
| Date: | Fri, 15 Aug 2003 11:40:11 +0100 |
in case you'd like to print a reader's experience story on purchasing a
license. well, ok, just getting an invoice for it. unless sco comes up
with proof that they're owed money i'm not buying one. anyway it would
be nice to hear from an eff or fsf attorney if an invoice for linux that
a user requested still constitutes extortion (if it constitutes
extortion at all). i'm sure they can't answer it for irish or uk law,
but it might be nice to inform us-based readers.
----
here follows my attempts to get a linux license from sco. to date i've
had to ring sco offices in three countries and have been put on hold,
transferred and had to explain sco's linux licensing program to sco's
own sales staff more times then i care to detail. the hardest part is
to keep a straight face while calling.
On calling +1 800 726 8649 I reached an IVR system. The correct option
to pick is option 1 (product sales) and option 1 again (to speak to an
operator). At that I got a nice lady on the phone who didn't sound like
she'd been screamed at a lot lately. That's a good thing - if people call
be nice to the operators. I then found out they aren't taking orders -
they're taking contact details and they'll ring back in 7 to 10 days. I
explained I was in Ireland and she gave me the number for the Irish
office, which is a UK number... +44 171 722 6014. She thought they'd
moved to Dublin, so that might not be correct. The consensus is that the
number is wrong since the 171 area code is gone in the UK. Another ILUG
member is looking up the correct number for dublin.
So I contacted the number in Ireland (+353 1 260 6300) since the UK number
I was given didn't work. The first person put me on hold while trying to
find a local distributor. She was unable to find one so she transfered
me to the "support department" (not sure I heard that correctly). The
woman who answered there was unclear what I wanted so I explained that I
had downloaded Linux off the net and was calling to get the license SCO
said I needed. She still seemed unclear but suggested I call the UK and
gave me a number (and she gave it with the country code and the leading
0 which is incorrect, but I'll manage). I'm calling that number now -
country number three in my quest for a Linux license!
Called the UK number I was given (+44 170 722 6014). I gave my details -
do you know how ridiculous the phrase, "Hi, my name is Kevin Lyda and
I'm calling about purchasing a Linux license" sounds after you've said
it about a dozen times? Anyway she gave me the number of the Irish
office. I explained that I'd already called them and I'd been sent
to the UK number. So after going on hold and being transfered about, I
finally was asked for my details with a promise they'd call me back. I
gave my details and upon asking when I could expect a call back was told
they'd try to get back to me today. As licensing schemes go I think this
one is terribly inefficient. And to date I've yet to be asked how many
machines I have to license - 3 desktops and 2 servers for the curious.
--
kevin@ie.suberic.net http://ie.suberic.net/~kevin/cgi-bin/blog
I said on my program, if, if the Americans go in & overthrow Saddam Hussein &
it's clean, he has nothing, I will apologize to the nation, & I will not trust
the Bush admin again. -- Bill O'Reilly on Good Morning America, March 18.
LWN gets more valuable
| From: | Max.Hyre@cardiopulmonarycorp.com | |
| To: | letters@lwn.net | |
| Subject: | LWN gets more valuable | |
| Date: | Wed, 20 Aug 2003 17:36:42 -0400 |
Dear Editors (all three of you :-):
I was reading the comments appended to ``All SCO all the time'',
and my eye was caught by http://lwn.net/Comments/45417/, asking
that LWN continue to cover the story because it ``has by far the
best coverage of this issue''...and I had a horrible thought:
suppose you'd quit last year, and we had to rely on /.?
While a lot of your normal (read: non-SCO) coverage would
filter into my consciousness eventually, and I'd not miss a lot
of the rest, this issue is vital, and I'd be searching for
everything I could find to learn how things are going (or not
going).
Instead, I have it laid out neatly, cross-referenced,
interpreted, and commented on (all intelligently done) in one
convenient site. For this, you're simply indispensable. My
subscription's up next month, and I'm going to re-up at double
your suggested rate. It's worth every penny.
--
Best wishes,
Max Hyre
Page editor: Jonathan Corbet