LWN.net Weekly Edition for July 18, 2002
The road to World Domination
Linux, it seems, is on a roll. In the past week we've had news of the LLNL cluster sale (see below), of Norway's decision to drop its exclusive contract with Microsoft (despite losing the substantial discounts that contract provided), of Steve Ballmer's admission that Linux is giving Microsoft some trouble, of MandrakeSoft's improving bottom line, and more. The world increasingly understands that free software is better, cheaper, and, of course, free.Those of us who wish to promote the free software cause can't rest yet, however. Free software still has a great many hurdles to overcome, including:
- Security. The free software community likes to claim greater
security, and this claim may even be true. The security of free
software is not yet good enough, however. Recent bugs in packages
like Apache, Squid, and OpenSSH have put large numbers of systems at
risk; they are the stuff that large-scale destructive worms are made
of. There are still too many silly mistakes turning up in free
software; we need to do better.
- Interoperability. The free office suites currently available
are more than good enough for most users at this point. At least,
until those users need to exchange documents with people using
proprietary packages. Until this problem is solved, people will stay
with proprietary systems. Linux systems also need to do better at running
software written for other operating systems. Progress is being made,
but we are not yet there.
- Proprietary software support. It will be a long time before
free packages rival the variety of proprietary software out there.
Where are the free business plan writers, training systems, contact
managers, math tutors, foreign language instructors, genealogy
assistants, home designers, tax preparers, high-end games, etc.?
Until we have filled in those gaps, we should be friendlier to
software vendors who make Linux systems more attractive to more
people. That means standards compliance, stable interfaces, and an
end to outright hostility toward software vendors. As long as those
vendors comply with the licenses of the free software they are using,
they are only helping the Linux cause by porting their products.
- Business models. Some companies seem to be doing OK, if not
great, as free software businesses. Consider Red Hat, Zope Corp.,
Sleepycat, Collabnet, IBM, etc. Many others are hurting, or have gone
out of business. Free software needs successful businesses to keep up
its current rate of growth, and it would be better if we didn't end up
with just a small number of huge companies employing most free
software hackers. There is still work to be done on the business side
of free software.
- Legal issues. Intellectual property law, including repressive copyright terms, "anti-circumvention" provisions, software patents, and more, threatens to hamper (or ban outright) Linux in many parts of the world. Somehow we have got to get a handle on our legislative systems and not allow free software to be pushed aside by laws favoring a small number of large corporations. This battle will not be easy; the opposing interests are powerful and this is not an issue that is interesting or understandable to most people. We must fight it anyway, though, or much of the rest of our work may turn out to be in vain.
There is, in other words, a lot of work to do still. Free software has always been surprising in what it has been able to accomplish, though. The free software community has a great chance of being able to handle these challenges as well.
The largest Linux cluster
Linux NetworX has sent out a press release proclaiming the sale of "the largest and most powerful Linux cluster" ever. This system has been sold to Lawrence Livermore National Laboratory, and should be operational this fall. This cluster, which will employ 1920 2.4-GHz Intel Xeon processors, is expected to be one of the five fastest supercomputers in the world.LWN has long maintained that Linux-based clusters were going to take over the supercomputing field. The economics of clusters built with commodity hardware and free software are simply too good to ignore. The biggest impediment to cluster World Domination, perhaps, has been the "some assembly required" nature of Linux clusters. Supercomputers are, in general, not low-maintenance devices, but Linux clusters have tended to require even more than the usual amount of work. To be truly successful, Linux clusters must become polished, easy to manage products.
Linux NetworX, like other cluster vendors, has long understood the need for more refined cluster products. Some of the features of their current cluster offerings are worth a look as an indication of how far Linux clustering has come. Linux NetworX is certainly not the only vendor offering these sorts of features; in the context of this sale, however, they make a good example.
Early Linux clusters consisted of large numbers of beige boxes with even larger numbers of cables between them. Modern cluster vendors have long since moved past that mode, which is wasteful of energy, space, and system administrator time. In this case, Linux NetworX is employing its "Evolocity II" product, which crams two processors into a "sub 1U" rack space. Throw in easy interconnects and the basic job of plugging the cluster together becomes much easier.
Then, throw in the "ICE Box," a small, Linux-powered box which performs console management, power management, and temperature monitoring for a set of cluster nodes. Among other things, this box allows a (remote) administrator to power down sets of nodes when they are not in use; when your cluster has thousands of nodes, turning off unneeded nodes can yield significant power savings.
What about when you want to bring those idle nodes back up to get some work done? One of the interesting things that Linux NetworX has done is to work with the LinuxBIOS project. LinuxBIOS replaces the regular BIOS on the motherboard, allowing a system to boot into a Linux kernel in as little as three seconds.
Finally, there is the issue of how one manages a cluster with almost 2000 nodes. The Simple Linux Utility for Resource Management (SLURM) is a cooperative project between Linux NetworX and LLNL; it gives administrators the ability to control access to groups of processors in an easy manner. SLURM appears to be in an early state of development at this time; the plan is to release it under the GPL at some point.
All of this, of course, leaves out one crucial part of the problem: making the customer's applications work on a clustered system. Parallelizing a program so that it makes the best use of a cluster is a hard task. There is still no easy way around this one. A cluster-optimizing version of gcc remains the stuff of dreams at this point.
Even with the programming challenges, Linux clusters are earning an
increasing amount of respect in the high performance computing world. They
are getting steadily more powerful, easier to buy, and easier to run. Brad
Rutledge of Linux NetworX tells us: "We anticipate this is the first of
many Linux clusters that will measure as top supercomputers within in the
next year.
" Things look likely to turn out just that way.
Some advertising changes on LWN.net
We're trying out a new way of selling advertising space on LWN. The old "cost per thousand" scheme is out; instead, advertisers get a percentage of the total site impressions proportional to the amount of money they wish to spend on the campaign. So, if advertising demand is low (as it generally is), a small investment will buy a great many exposures on the site. In other words, advertising on LWN has just gotten cheaper; please see the announcement for the details.
Security
Security Vulnerabilities in Sharp Zaurus
On July 10th, a report of remote filesystem access and screen-locking passcode disclosure vulnerabilities in Sharp Zaurus was released by the Syracuse University Center for Systems Assurance. The first is a little scary: the sync service gives anybody with network access to the Zaurus (through a wireless net, say) the ability to overwrite any file on the filesystem. The second is a problem with relatively weak encryption of passwords. It was pointed out, on posts to BugTraq, that Sharp did mitigate, but not resolve, the remote filesystem access risk by restricting access to the vulnerable port.Sharp has apparently known about these problems for more than a month, but no update is yet available that fixes them. The Zaurus developer community apparently knew about the remote filesystem access vulnerability as early as March 29th. An independently compiled list of problems with the Zaurus, that last updated May 6th, includes the remote filesystem access vulnerability and some pointed comments on Sharp's management.
Richard Shim reported on the security vulnerabilities for News.com, including his own comments on Sharp's management of Zaurus development.
"Sharp committed to Linux and the open-source community, but they've realized that they don't want to live the lifestyle," said a source familiar with the company's plans.
Brief items
Linux attacks on the rise? (Register)
The Register speaks about a recent security study from security consultancy Mi2g. "Attacks on Linux and open source Web applications appear to have risen sharply this year, while attacks on Windows systems are markedly down. That's the conclusions of a study by security consultancy mi2g after it compiled a database on attacks culled from data from defacement archives (such as alldas.org), hacker bulletin boards and 'information from automatic robots'."
Hack attacks on Linux on the rise (News.com)
News.com writes about a report by U.K.security consultancy MI2g that claims that successful hacks on Linux web servers are on the rise. "In the past, hackers and virus writers have largely focused their efforts on the Windows platform, as its dominance on desktop PCs makes it a ready target. However, Linux has a large share of the Web server market, and Linux server applications are often vulnerable to attack because of mismanagement, according to the study."
Debian GNU/Linux 2.2 updated (r7)
This is the seventh revision of Debian GNU/Linux 2.2 (codename `potato') which mainly adds security updates to the stable release, along with a few corrections of serious bugs.Cyberterrorists don't care about your PC (ZDNet)
ZDNet looks at vulnerabilities in SCADA systems "Currently, power grids, dams, and other industrial facilities are monitored by Supervisory Control and Data Acquisition (SCADA) systems; approximately three million of these exist throughout the world. Based on telemetry and simple data acquisition, they give scant regard to security, often lacking the memory and bandwidth for sophisticated password or authentication systems. SCADA typically runs on DOS, VMS, and Unix platforms, although vendors are now shipping Windows NT and Linux versions, as well."
July CRYPTO-GRAM newsletter
Bruce Schneier's CRYPTO-GRAM newsletter for July is out; it looks at security threats to embedded devices, the "Perrun" virus, and more. "I have long suspected a cozy little link between virus writers and antivirus software makers. The latter certainly needs the former, both to keep viruses in the news and to provide a steady revenue stream from updates. And here's an example of them sharing information."
Security reports
CARE 2002 file disclosure and sql injection vulnerabilities
CARE 2002 version 1.0.0.2 fixes file disclosure and sql injection vulnerabilities. CARE 2002 is an open source software package for hospitals, clinics and private medical practices. The first beta version of CARE 2002 was created by Elpidio Latorilla.Double Choco Latte multiple vulnerabilities
Ulf Harnhammar reports file upload, file download and cross site scripting vulnerabilities in Double Choco Latte which are fixed in version 20020706.
Vulnerabilities in the GoAhead Web Server
Matt Moore reports two vulnerabilities in GoAhead Web Server v2.1:- Cross Site Scripting via 404 messages.
- Read arbitrary files from the server running GoAhead(Directory Traversal)
New vulnerabilities
libpng buffer overflow vulnerability
| Package(s): | libpng libpng2 libpng3 | CVE #(s): | |||||||||
| Created: | July 17, 2002 | Updated: | August 19, 2002 | ||||||||
| Description: | Versions of libpng prior to
1.2.4 and 1.0.14 have a buffer
overflow vulnerability that could lead to remote code execution.
Since libpng is used by programs that talk to the outside
world (i.e. mozilla), it is worth upgrading.
libpng is the official PNG reference library. It supports almost all PNG features, is extensible, and has been extensively tested for over five years.
| ||||||||||
| Alerts: |
| ||||||||||
Resources
Flawfinder 1.20, a security auditing tool for C/C++
David A. Wheeler has released Flawfinder version 1.20, "a tool that examines C/C++ code and reports possible security flaws in the code (sorted by risk level)."
Linux Advisory Watch
The July 12th Linux Advisory Watch newsletter from LinuxSecurity.com is available.Papers from the 11th USENIX Security Symposium
A number of interesting papers considering security and open source will be presented at the 11th USENIX Security Symposium the week of August 5th in San Francisco, California, USA. We noticed a few that have already been released by the authors.-
Linux Security Modules: General Security Support for the Linux Kernel (HTML format).
"
The Linux Security Modules (LSM) project has developed a lightweight, general purpose, access control framework for the mainstream Linux kernel that enables many different access control models to be implemented as loadable kernel modules. A number of existing enhanced access control implementations, including Linux capabilities, Security-Enhanced Linux (SELinux), and Domain and Type Enforcement (DTE), have already been adapted to use the LSM framework. This paper presents the design and implementation of LSM and discusses the challenges in providing a truly general solution that minimally impacts the Linux kernel.
" -
Linux Security Module Framework
(PDF format).
"
This paper presents the design and implementation of the LSM framework, a discussion of performance and security impact on the kernel, and a brief overview of existing security modules.
" -
Deanonymizing Users of the SafeWeb Anonymizing Service
(PDF
format).
"
The SafeWeb anonymizing system has been lauded by the press and loved by its users; self-described as "the most widely used online privacy service in the world," it served over 3,000,000 page views per day at its peak. SafeWeb was designed to defeat content blocking by firewalls and to defeat Web server attempts to identify users, all without degrading Web site behavior or requiring users to install specialized software. In this paper we describe how these fundamentally incompatible requirements were realized in SafeWeb's architecture, resulting in spectacular failure modes under simple JavaScript attacks.
" -
Secure Execution Via Program Shepherding
(PDF
format).
"
We introduce program shepherding, a method for monitoring control flow transfers during program execution to enforce security policies. Program shepherding provides three techniques as building blocks for security policies. [...] This system operates on unmodified native binaries, requires no special hardware or operating system support, and runs on existing IA-32 machines under both Linux and Windows.
" -
Setuid Demystified
(PDF
format).
"
Access control in Unix systems is mainly based on user IDs, yet the system calls that modify users IDs (uid-setting system calls), such as setuid, are poorly designed, insufficiently documented, and widely misunderstood and misused. This has caused many security vulnerabilities in application programs. [...] Finally, we provide general guidelines on the proper usage of the uid-setting system calls, and we propose a high-level API that is more comprehensible, usable, and portable than the usual Unix API.
" -
Infranet: Circumventing Web Censorship and Surveillance
(PDF format).
"
An increasing number of countries and companies routinely block or monitor access to parts of the Internet. To counteract these measures, we propose Infranet, a system that enables clients to surreptitiously retrieve sensitive content via cooperating Web servers distributed across the global Internet.
" -
Trusted Paths for Browsers: An Open-Source Solution to Web Spoofing
(PDF
format).
"
The security of the vast majority of "secure" Web services rests on SSL server PKI. However, this PKI doesn't work if the adversary can trick the browser into appearing to tell the user the wrong thing about the certificates and cryptography. [...] This paper reports the results of our work to systematically defend against Web spoofing, by creating a trusted path from the browser to the user.
"
Events
Black Hat Briefings 2002 Keynote Speakers
Black Hat Inc has announced the keynote speakers for Black Hat Briefings 2002 coming up July 31st to August 1st in Las Vegas, Nevada, USA.Upcoming Security Events
| Date | Event | Location |
|---|---|---|
| July 31 - August 1, 2002 | Black Hat Briefings 2002 | (Caesars Palace Hotel and Resort)Las Vegas, NV, USA |
| August 2 - 4, 2002 | Defcon | (Alexis Park Hotel and Resort)Las Vegas, Nevada |
| August 5 - 9, 2002 | 11th USENIX Security Symposium | San Francisco, CA, USA |
| August 6 - 9, 2002 | CERT Conference 2002 | Omaha, Nebraska, USA |
| August 19 - 21, 2002 | Canadian Security & Intelligence Conference(CSICON) | (Hyatt Regency)Calgary, Alberta Canada |
| August 28 - 30, 2002 | Workshop on Information Security Applications(WISA 2002) | Jeju Island, Korea |
For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net.
Page editor: Dennis Tenney
Kernel development
Brief items
Current kernel release status
The current development kernel is 2.5.26, which was announced by Linus on July 16. Changes include some ACPI updates, the "direct to BIO for O_DIRECT" patch (see last week's LWN Kernel Page), a number of NTFS updates, some USB changes, some IDE fixes, an ARM update, and a great many other changes. The long-format changelog is also available.The latest prepatch from Dave Jones (as of this writing) is 2.5.25-dj2, released on July 12. The most significant feature of this release, perhaps, is that Dave has included the 2.4 IDE "foreport" (also discussed last week).
The latest 2.5 status summary from Guillaume Boissiere came out on July 17.
The current stable kernel is still 2.4.18. The second 2.4.19 release candidate showed up on the kernel.org sites on July 17, but Marcelo has not posted any sort of changelog or announcement.
The current prepatch from Alan Cox is 2.4.19-rc1-ac7. Alan has been merging a lot of code for the IBM "Summit" architecture, PA-RISC, and more.
Kernel development news
Read-copy-update
One of the biggest challenges in kernel programming is managing concurrency. If multiple threads try to access the same resources at the same time, the result can be chaos. Users tend to have a dislike for chaos, so kernel programmers work hard to avoid uncontrolled access to shared data.In the Linux kernel, this sort of mutual exclusion is usually done with spinlocks. By obtaining a spinlock, a process running in kernel mode can ensure that it is the only one working with the data structures protected by that lock. A variant on spinlocks, called the "reader writer lock," allows numerous threads to access a data structure as long as they do not modify it, but provides exclusive access to processes which make changes.
Spinlocks work well in most situations, but they are not free. Taking out a lock takes time, especially on SMP machines, where the cache line containing the lock must be moved between processors. The overhead of a heavily used lock can be significant. So kernel hackers interested in scalability have long kept an eye out for alternatives; one such alternative is a technique called "read-copy-update," or RCU. A "new and shiny" RCU patch was posted by Dipankar Sarma recently (the code credits Paul McKenney, Andrea Arcangeli, Rusty Russell, Andi Kleen, and "etc."). So it seems like a good time to give RCU a look.
RCU works by requiring shared kernel data structures to be accessed via pointers. Code needing read-only access to a given data structure (a network routing table entry, say) follows a pointer and is able to work with the data with no locking at all (OK, almost none, see below). The reader case is, thus, handled in a fast and efficient manner. When the code needs to make a change to the data, however, life gets rather more complicated; the sequence of steps required is, roughly:
- The writer allocates a new data structure and makes a copy of the
structure to be changed.
- The new structure is then modified to reflect the new state of the
world.
- The writer saves the pointer to the old version of the data, and sets
the global pointer to the new structure. Kernel threads that access
the data after this change will see the new version; any thread that
came along before will still be working with the old copy.
- The writer asks for a callback when the kernel knows that no code
has any reference to the old version of the data.
- When the callback happens, the old data can be freed, and the RCU cycle is complete.
This technique is clearly optimized for situations where the data is read frequently and modified rarely. For frequently-changed data, the overhead of the RCU cycle would likely exceed that of simply using spinlocks. The "frequent reads/infrequent writes" mode of operation is quite common in the kernel, though, so there are many places where this technique could be employed. For example, Rusty Russell's hotplug CPU patch uses RCU, on the assumption that processors do not actually come and go very often.
All of the above, however, has glossed over one interesting detail: how, exactly, does the kernel know when it is safe to release an old data structure? The RCU patch handles this with a basic assumption: kernel code will not retain pointers to RCU-protected data after it sleeps or returns to user space. Thus, it is sufficient to wait until every processor in the system has been seen to be running in user space or to be idle. The RCU patch describes such a processor as being "quiescent." Each CPU in the system has a quiescent counter, which is incremented by the scheduler whenever a quiescent state is observed.
To call the RCU writer callbacks at the right time, the RCU code maintains a list of pending RCU completions on each processor. A tasklet runs periodically on any processor with pending RCU callbacks; it polls the quiescent counter for all CPUs and waits until every one of them has changed. Once that has happened, it is safe to free any old RCU data, so the list of callbacks is processed. If, by that time, a new list of pending callbacks has accumulated, the whole thing starts over again.
All of this works until you throw in one other little detail: the preemptive kernel. If a process is preempted while running in kernel space, it could retain a pointer to old RCU data even though the CPU appears to be quiescent. The RCU patch provides two different ways of dealing with this problem. One is that code accessing RCU data for reading can bracket that access with calls to rcu_read_lock() and rcu_read_unlock(), which simply disable preemption in the critical section. Spinlocks, of course, do the same thing.
Alternatively, code can read the RCU data in an unprotected mode as always. In this case, the RCU callback code gets even a little more complicated; it must now wait until every process which had been preempted in kernel mode either exits or is rescheduled normally. This waiting is not quite as bad as it might seem; it is handled with a couple of atomic counters. It does, however, introduce an indeterminate delay between when the new data appears and the old can be freed. If the memory areas involved are large, quite a bit of kernel memory could be tied up waiting for RCU callbacks; disabling preemption is a safer way to go in most cases.
RCU thus involves some complexity, but it holds out a promise of better performance for certain kinds of data access patterns. Will it get into the 2.5 kernel? There is one little problem, being that Linus doesn't like the RCU approach. From a message posted last October:
In short, RCU seems to be a case of "hey, that's cool", but it's a solution in search of a problem so severe that it is worth it.
There are no indications that Linus believes such a problem has yet come up. Work continues on RCU patches (and other patches that use it), however, so the story is not yet finished. (For information in numbing detail about RCU - but without the preemptive kernel changes - see this page on the LSE site).
Documenting and enforcing locking requirements
As was discussed last week, one problem with an increasingly fine-grained kernel is that it becomes difficult to know which locks, out of thousands, must be held at any given point. Some functions include documentation on their locking requirements (and sometimes it's even current), but many others don't. And there is no way for the code to actually enforce those requirements.That may be about to change, however. Jesse Barnes, in discussion with Daniel Phillips and others, has posted a patch which addresses both problems. A function which expects to be called with a given lock held simply includes a line like:
MUST_HOLD_SPIN(&some_lock);
In kernels compiled for production use, this macro expands to nothing and serves as documentation only - anybody looking at the code sees immediately that some_lock must be held before calling the function. The CONFIG_DEBUG_SPINLOCK compilation option gives the macro some teeth, however: if the given lock is not actually held at that point the kernel panics immediately. The end result is that erroneous calls are likely to get fixed in a hurry.
Dave Jones jumped in with a suggestion for tracking down a related (and common) problem: code which sleeps while holding a spinlock. Sleeping while holding a lock is against the rules, since it can cause other processors to spin for a very long time. But it is easy, while programming the kernel, to call a function which, three functions later, goes to sleep. Once again, one could try to document the "can sleep" status of every function and expect programmers to follow that documentation. But, says Dave, why not just add a line like:
FUNCTION_SLEEPS();
to any function that can sleep? If the macro is called while a lock is held, a bug exists. A quick kernel panic will allow the kernel hackers to track down the offending call in a hurry.
Neither of these changes has found its way into a mainline kernel yet. If they do, though, they could well help in the early detection of a number of programming errors.
Patches and updates
Kernel trees
Architecture-specific
Build system
Core kernel code
Development tools
Device drivers
Filesystems and block I/O
Janitorial
Memory management
Networking
Security-related
Miscellaneous
Page editor: Jonathan Corbet
Distributions
Distribution News
Debian Weekly News - July 16th, 2002
The July 16, 2002 edition of the Debian Weekly News is out with coverage of the latest developments in the Debian community.Debian GNU/Linux 2.2 updated (r7)
This is the seventh revision of Debian GNU/Linux 2.2 (codename `potato') which mainly adds security updates to the stable release, along with a few corrections of serious bugs.Debian Jr. -- How are we doing?
Ben Armstrong provides some insight into the progress of Debian Jr.Interview with Ian Jackson (Debian Planet)
Debian Planet has interviewed the dpkg author, Ian Jackson. "As well as being a former DPL, a current member of the technical commitee and the author of dpkg, the original BTS, debiandoc-sgml, constitution, policy and other documents, and several other free software projects including SAUCE, userv and adns, he holds a doctorate in computer security and is the owner of the machine chiark.greenend.org.uk, home to multiple nefarious internet geeks, projects like PuTTY, and 'a few other weirdos too'."
Mandrake Linux Community Newsletter - Issue #50
Issue number 50 of the Mandrake Linux Community Newsletter has been published. Check it out for the latest Mandrake Linux developments.Red Hat Linux bug fixes
Red Hat has an updated miniChinput package which fixes the way Chinese characters are displayed when the locale is set to zh_CN. Available for RH 7.3 - i386.GDB 5.2 packages are available for a variety of Red Hat releases, from 7.0 through 7.3, including alpha and ia64 in addition to i386 versions.
Minor distribution updates
Familiar Linux
Familiar Linux has released v0.5.3 with minor feature enhancements.LEAF (Linux Embedded Appliance Firewall)
LEAF has announced updates for several branches. WISP-Dist release 2290 has been announced. Updates we missed last week include a delayed release of Mosquito 3.4 and Shorewall 1.3.3 has also been announced.Mindi Linux
Mindi Linux has released v0.65 with minor feature enhancements.Openwall
The Openwall GNU/*/Linux (Owl) CVS tree may now be accessed via the anonymous CVS server.RxLinux
RxLinux has released v1.0.4 with major feature enhancements.Trustix Secure Linux
TSL has issued a bug fix advisory. It seems older versions of imap and the samba package manipulated the configuration file /etc/inetd.conf in their post install scripts. The imap package also manipulated the /etc/services system file. Since this is not considered nice behaviour, these manipulations have been removed.uClinux
uClinux has released 20020701.
Distribution reviews
Is SuSE 8 SuPERB? (Open for Business)
Open for Business reviews SuSE Linux 8.0. "SuSE Linux is one of the most usable Linux distributions on the market today. Rivaled only by Mandrake Linux as a mainstream desktop Linux distribution, SuSE offers a nicely setup user interface with everything needed for a productive office."
Preview: Limbo Time (OS News)
OS News takes a look at Limbo, the latest Red Hat Linux beta. "For the most part, though, what Red Hat brings to the table is a Linux based OS that can truly compete on the desktop. Make no mistake about it - Linux is not for the average user, but it is getting closer. You still need the command line for true system performance, but almost everything can be performed from within the GUI once you learn where the controls reside. Is Limbo a Windows killer, then? For some, it may be. For some of the more experienced, it may appear to be no more than a hack target. But for the middle ground users, those who are UNIX-capable, but not experts, who are just searching for a robust, flexible but powerful, alternative desktop OS, I wouldn't hesitate to say "Hey, let's do the Limbo rock!""
[Lindows] Applications have a spotty performance
The San Jose Mercury News takes a look at Lindows' Click-N-Run Warehouse. "Although the Click-N-Run Warehouse for Lindows is a great idea in theory, real-world users will run smack into the many ragged edges of open-source software. None of the Click-N-Run applications have been developed by Lindows.com, the creator of the Lindows operating system; the company is merely gathering open-source software from elsewhere on the Web and putting it one place for easy access by LindowsOS users."
Page editor: Rebecca Sobol
Development
System Applications
Database Software
Ten MySQL Best Practices (O'Reilly)
O'Reilly has published a tutorial that shows how to manage a MySQL database. "MySQL is a complex piece of software that may seem overwhelming when you're first trying to learn it. This article describes a set of best practices for MySQL administrators, architects, and developers that should help in the security, maintenance, and performance of a MySQL installation."
Mail Software
Mailman 2.0.12 released
Version 2.0.12 of the stable tree for Mailman, the GNU Mailing List Manager, has been released. Click below for the list of changes included in this version.
Web Site Development
Web Development in Heavy Traffic (O'Reilly)
Pier Fumagalli writes about tuning JVM for optimal performance on high-bandwidth web sites. "It happens from time to time: you spend a few years working on one peculiar aspect of a problem, you believe you become "experienced" in that problem, and, once your environment changes, you notice how you were looking at it with the eyes of a blind man."
Getting Started With Cocoon 2 (O'Reilly)
Steve Punte gives an overview of the Cocoon 2 XML publishing framework on O'Reilly. "Cocoon 2, part of the Apache XML Project, is a highly flexible web publishing framework built from reusable components. Although reusability is an oft-touted quality of software frameworks, Cocoon stands out because of the simplicity of the interface between the components. Cocoon 2 uses XML documents, via SAX, as its intercomponent API. As long as a component accepts and emits XML, it works."
Improving mod_perl Sites' Performance: Part 3 (Perl.com)
Stas Bekman continues his series on tuning mod_perl with part 3. "This time we talk about tools that help us with code profiling and memory usage measuring."
Zope Members News
This week, the Zope Members News looks at the Silva through-the-web authoring system for structured content, DTMLTeX 0.2, and a new WebMail release.
Web Services
Clustering with JBoss 3.0 (O'Reilly)
Bill Burke and Sacha Labourey introduce JBoss 3.0 on O'Reilly. "Whenever an organization thinks about building and deploying a J2EE application, they think scalability and reliability. How can my Web site stay up 24/7? Will my infrastructure be able to handle the traffic? How can I ensure that I don't lose any transactions or data? How do I manage large server farms?"
"To answer these questions, many Java architects look to their application server's clustering features. This article looks at the kinds of features needed to develop robust J2EE applications and how JBoss 3.0, an open source J2EE application server, can be the solution of choice.
"
Miscellaneous
Koha Library Management System Released (use Perl)
Use Perl has an announcement for Koha version 1.2.1, Koha is a freely redistributable application for managing book libraries.
Desktop Applications
Desktop Environments
KDE 3.1 Alpha1: Brings New Eye Candy, New Features
KDE.News looks at the new KDE 3.1 Alpha 1 development release. "This release sports everything from wonderful new eye candy to tons of popular new features including new and exciting "easter eggs" (aka bugs) just waiting to be discovered. Remember, this is not a stable release".
Bringing KDE Closer to Joe User's Desktop (OSNews)
OSNews has posted a review of KDE 3. "It lacks two things: integration with the underlying system and UI polishing. Today, I will mostly talk about the polishing part, as a lot has been already said elsewhere about the seemingly unsolvable integration issue (because of the modularity and completely independant/remote software projects.) Update: And as I was just publishing this article, KDE 3.1-Alpha was released. I hope that some of my recommendations will make it to the final version of KDE 3.1."
Kernel Cousin KDE #40
Kernel Cousin KDE Issue #40 is out. Topics include KOffice Clipart, new artwork for Atlantik, printing issues, new OpenGL screensavers and an upcoming website on debunking KDE Myths.
Games
Humongous Python (O'Reilly)
Stephen Figgins writes about the use of Python by Humongous Entertainment. "While several game companies are now using Python in their games, Dawson says they are one of the few companies using Python as the base language of their game. "In most games, the game itself is written in C++ and they call out to the scripting language for a few triggers or AI events or something. With our games, and the Disney game Toontown, the executable is Python.exe. You boot up with a python script that starts the game, and it calls out the C++ modules to do the heavy lifting, like the graphics and sound. The game logic is written in Python, with the C++ off in the leaf nodes, instead of the reverse, which is much more common.""
Interoperability
Wine release 20020710
A new developer release of Wine, dated July 10, 2002 has been announced. New features include:- DirectSound 8 and DirectInput 8 support.
- Many OLE improvements.
- Support for font downloading in Postscript driver.
- ALSA sound driver.
- More portability fixes, particularly for Sparc.
- Lots of bug fixes.
Wine Weekly News
The July 10, 2002 edition of the Wine Weekly News covers Winamp Plugins in XMMS, Wine DGA Input, Running Warcraft 3, Running AutoCAD R14, and more.
Office Applications
AbiWord Weekly News #100
Issue #100 of the AbiWord Weekly News is out with the latest developments on the AbiWord word processor. Long-time editor Jesper Skov is contemplating stepping down in the near future.
Web Browsers
Mozilla Status Update
The Mozilla Status Update for July 11, 2002 is out. Work is being done on Mail/News, JavaScript, Necko, Imagelib, and XPCOM.mozillaZine headlines
This week's headlines on mozillaZine include two mozilla developer interviews, a mozilla 1.1 beta trunk freeze, and more.
Languages and Tools
Caml
The Caml Hump
This week, the Caml Hump features Caml's stdclasses which has classes for manipulating buffers, queues, and hash tables.
Java
Is your Java code secure -- or exposed? (IBM developerWorks)
IBM's developerWorks has an article about dealing with static security vulnerabilities in Java web applications. "Applications can be vulnerable to two kinds of security threats: static and dynamic. While dynamic threats are not fully under a developer's control, there are precautions you can take to counteract static threats while developing an application. This article outlines and explains 13 types of static exposures -- flaws in a system that leave it open to an attacker who wants to usurp privileges on that system. You'll learn how to deal with these exposures and discover the impact they can have if they are not addressed."
Perl
This Week on Perl 6 (Use Perl)
Use Perl's This Week on Perl 6 for July 8-14, 2002 looks at Exegesis 5, Parrot as a second system, labels vs. comments, support for non-native bytecodes, PARROT QUESTIONs, and much more.Perl 5.8.0 RC 3 Released (Use Perl)
usePerl is carrying the announcement for the third and hopefully final release candidate of Perl 5.8. Now is the time to test it out and find those last bugs before the real release happens.Fluent Perl (SAGE)
SAGE has published A Perl Tutorial that explains how to improve your Perl coding style. "Writing good Perl is not just about writing code that solves the task at hand correctly when run. If that were the only yardstick by which code were measured, winners of the Obfuscated Perl Contests would be lauded for their compact efficiency and emulated whenever possible. In this series of articles, I'll explore how you can write Perl fluently, so that your code is more readable, maintainable, and efficient."
A Test::MockObject Illustrated Example
O'Reilly's perl.com features an article that shows how to perform unit testing on object-orient code with Test::MockObject. "People like to find excuses to avoid writing tests for their code. One of the most common goes something like, "It's not feasible to test this, because it relies on external objects" - CGI code, code using the Apache request object, TCP/IP servers, and so on. The Test::MockObject module makes it much easier to isolate code that uses such objects."
PHP
PHP Weekly Summary for July 15, 2002
The July 15, 2002 edition of the PHP Weekly Summary is out. Topics include naming extension functions, ZE2 progress and PHP 5.0, a PHP Meetup, an Apple Developer Connection, and more.
Python
This week's Dr. Dobb's Python-URL!
The Dr. Dobb's Python-URL! for July 15 is out. Topics include capturing debugging info, a SIG for producing a common Python persistence and transactional framework, an overview of multi-threading on multi-CPU machines, Python in the enterprise, launching Python programs from vim, and much more.Cooking with Python (O'Reilly)
O'Reilly's ONLamp site features an article with a bunch of Python language tips from the authors of the Python Cookbook.Generator-based state machines (IBM developerWorks)
David Mertz writes about Python simple generators on IBM's developerWorks. "It takes a while to completely "get" Python 2.2's new generators. Even after writing an introduction to simple generators in an earlier "Charming Python" installment, I could not say that I fully understood the "gestalt" of generators. This article presents some additional patterns for the use of generators, and hopefully brings both myself and readers further into the mindset of "resumable functions.""
Daily Python-URL
This week's Daily Python-URL looks at the Bicycle Repair Man refactoring browser, the GadflyB5 1.0.0 relational SQL database system, the Portage build manager from Gentoo Linux 1.2, the Luxor XUL XML User Interface Language toolkit, Mailman 2.0.12, and more.
Ruby
The Ruby Garden
This week, the Ruby Garden covers the upcoming Ruby workshop at the LinuxWorld Conference & Expo in Frankfurt, the overload pack() method, and a Ruby BOF at the Open Source Conference.The Ruby Weekly News
This week's Ruby Weekly News looks at Jabber4R 0.2.0, ruby-libxml, the Grankos Graphical 1D CA generator, the YAML4R 0.20 library for dealing with YAML documents, creating a FIFO in ruby, Ruby user groups, and more.
Tcl/Tk
This week's Tcl-URL
Here is Dr. Dobb's Tcl-URL for July 15; it looks at the first Tcl/Tk 8.4 beta and several other topics of interest to the Tcl/Tk development community.
XML
XSH, An XML Editing Shell
Kip Hampton introduces XML::XSH on O'Reilly. "A few months ago we briefly examined some of the command line utilities available to users of Perl and XML. This month we will continue in that vein by looking at the 300-pound gorilla of Perl/XML command line tools, Petr Pajas' intriguing XML::XSH. XML::XSH and the xsh executable provide a rich shell environment which makes performing common XML-related tasks as terse and straightforward as using a UNIX shells like bash or csh. Yes, that's right -- an XML editing shell. As we will see, it's not as crazy as it seems."
Keeping pace with James Clark
Uche Ogbuji writes about the accomplishments James Clark, a leading authority on markup languages. An interview is also included in the article. "James Clark is arguably the most accomplished developer in the world of markup languages. In his distinguished career of contributing to both SGML and XML, he has served on standards bodies, provided important practical perspectives on where markup meets traditional code, and most importantly, written many of the programs that have moved XML (and SGML before it) from the world of abstract speculation into hard practicality. In this article, Uche Ogbuji interviews James Clark, concentrating on a discussion of practical developments, current and future, in the world of XML."
Page editor: Forrest Cook
Linux in Business
Business News
MandrakeSoft Shareholder Newsletter
The third quarter MandrakeSoft Shareholder Newsletter is out. The company's revenues were EUR 1.6 million over the quarter, up from EUR 1.2 million a year ago. It is a good sign for MandrakeSoft that it is able to increase revenues in these difficult times. "The company's growth is mainly due to the success of new revenue lines: MandrakeStore, OEM and the Mandrake Linux Users Club totalled 35% of the 3rd quarter revenue."
Evans Data Corp. study on Chinese software development market
Evans Data has put out a press release announcing its new study of the Chinese software development market. "Although the largest group of Chinese developers still target Windows 9x, more than two-thirds expect to write apps for Linux in the next year."
Linux Stock Index for July 12 to July 17, 2002
LSI at closing on July 12, 2002 ... 22.42LSI at closing on July 17, 2002 ... 22.48
The high for the week was 22.48
The low for the week was 22.34
Press Releases
Open Source Announcements
- OneName Corporation (SEATTLE): OneName Releases the XNS Technical Specifications.
- Open CASCADE (PARIS): A New Shape Healer Application from Open CASCADE Facilitates Correction of CAD Data.
- Trabas (Jakarta, Indonesia): Trabas has open-sourced Trabas VoIP Billing.
Distributions and Bundled Products
- Guardian Digital, Inc. (Saddle River, NJ): "Project Volition" provides savings on Guardian Digital products.
- Lindows.com, Inc. (San Diego): Lindows.com Adds First Commercial Offering: Sun StarOffice 6.0; Complete Business Solution Added to Click-N-Run Warehouse.
- MandrakeSoft, Inc. (ALTADENA, CA): MandrakeSoft, Inc. and Microtel Computer Systems Announce Agreement to Offer Pre-Loaded PCs With Mandrake Linux(R) Now Available at Walmart.com(R).
- Solid Information Technology Corp. (MOUNTAIN VIEW, Calif.): Solid FlowEngine Certified as the Preferred Embeddable Data Management Solution for Leading Linux Provider.
Software for Linux
- Alias/Wavefront (TORONTO): Alias/Wavefront Announces Maya 4.5 - Innovative Fluid Effects Technology Brings Solutions to Some of CG's Most Difficult Challenges.
- Art & Logic, Inc. (GLENDALE, Calif.): Embedded Web Server Toolkit Enables HTML and Flash(TM) User Interfaces.
- BSM Development (Norwood, MA): New Mail Filtering Software Is Released -- Combats Viruses and Spam.
- Bynari (DALLAS): Bynari Inc. Maker of Exchange Replacement Software Going Open Source.
- CORE SECURITY TECHNOLOGIES (NEW YORK): Core Security Technologies Delivers Advanced Solution for Network Risk Assessment.
- Check Point Software Technologies (REDWOOD CITY, Calif.): Check Point Announces Worldwide Agreement With HP; Customers to Benefit from End-to-End Security Through Integrated Check Point and HP Solutions.
- Cumulus (NEW YORK): Canto Releases Free Cumulus Upgrade.
- High Tower Software (ALISO VIEJO, Calif.): High Tower Software Introduces TowerView Security for Real-Time Response to Enterprise Attacks.
- PKWARE, Inc. (BROWN DEER, Wis.): PKWARE Announces Security-Enabled PKZIP 5.0.
- PoliVec (MOUNTAIN VIEW, Calif.): PoliVec Introduces PoliVec Builder 2.5 To Provide More Complete Security Policy Automation Solution.
- Symantec (CUPERTINO, Calif.): Symantec First to Offer Antivirus Solution to Lotus Domino for Linux; Symantec's Antivirus Solution Now Protects Full Range of Groupware Systems from New and Unknown Threats.
- Syspro (COSTA MESA, Calif.): Syspro Launches IMPACT Encore e.net Solutions.
Hardware with Linux support
- AMD (SAN JOSE, Calif.): Top Tool Vendors Announce Support for Upcoming AMD Opteron and AMD Athlon Processors Based On Hammer Technology.
- Videolocity International Inc. (SALT LAKE CITY): Videolocity Announces Integration of Digital Entertainment System Into 27'' TV Set.
Cross Platform/Porting Product
- InterNetworX Systems (BROOKFIELD, Wis.): Linux vs. Microsoft Windows? - Now Small Manufacturers Don't Have to Choose.
Linux at Work
- Linux NetworX (Salt Lake City): World's Fastest Linux Supercomputer at Lawrence Livermore National Lab.
Java Products
- Sun Microsystems, Inc. (SANTA CLARA, Calif.): Sun Microsystems Broadens Availability of Sun(TM) ONE Studio Tools For Education and Research Organizations.
- VistaPortal Software, Inc. (LEXINGTON, Mass.): VistaPortal Announces VistaView for Peer-to-Peer Visualization and Reporting of Data for Knowledge Management; Peer-to-Peer Personal Portal with Reporting Capabilities.
Books and Documentation
- No Starch Press (San Francisco, CA): Absolute BSD, released by No Starch Press.
- Wiley & Sons Publishing (CAMBRIDGE, Mass.): Curl Programming Bible Promotes Client-Side Cool; Definitive Guide to Industry's First Client/Web Platform Supports Groundswell of Curl Adoption, Web-Enabled Enterprise.
Training and Certification
- Cumulus (NEW YORK): Canto Introduces Cumulus JAVA Classes.
- LynuxWorks, Inc. (SAN JOSE, Calif.): LynuxWorks to Hold LynxOS 4.0 Seminars.
Partnerships
- CollabNet (BRISBANE, Calif.): CollabNet Extends SourceCast to Korea Through Exclusive Partnership With Nextel-Korea.
- Dice Inc. (NEW YORK): Dice to Develop and Power Career Center for OSDN.
- Egenera Inc. (MARLBORO, Mass.): Egenera Inc. Launches Alliance Program; Relationships with Industry Leaders Drive Exceptional Customer Value.
- Hitachi, Ltd. (TOKYO): Hitachi Joins Eclipse; Hitachi Announces Support for the Open Source Eclipse Platform for Tools Integration.
- MontaVista Software Inc. (SUNNYVALE, Calif.): MontaVista Announces Distributor in Korea.
Investments and Acquisitions
- Linuxwizardry Systems, Inc. (RICHMOND, British Columbia): Acquisition of a Sports Collectible Company Being Negotiated.
Miscellaneous
- Caldera International, Inc. (LINDON, Utah): Caldera Linux and Unix Solutions Come to Life At GeoFORUM 2002: Powerful Choices.
- Fusion Systems International (PORTLAND, Ore.): LDR International Restructures, Creates Fusion Systems International - A Global Prepress Systems Integrator.
- IEEE Computer Society (PALO ALTO, Calif.): IEEE Computer Society to Hold First Bioinformatics Conference; International Conference at Stanford University Draws Presentations From 18 Countries.
Page editor: Rebecca Sobol
Linux in the news
Recommended Reading
Peru mulls Free Software, Gates gives $550k to Peru Prez (Register)
The Register looks into issues behind a recent donation of $550,000 to Peru in money, software, and consulting by Microsoft. "Peru, you see, has been threatening to outlaw Windows by mandating Free Software in government departments. And seriously folks, it is not widely known (or at least, not widely enough) that when major Microsoft contracts or customers are in peril, Bill is frequently deployed as the Ultimate Weapon."
MS licensing deadline looms - buy or die (Register)
The Register covers the upcoming Microsoft Licensing 6 regime, which starts on August 1. "Gartner does not suggest never upgrading again and phasing in Linux systems instead as an alternative, but really that's a leap you should have been planning from the moment Licensing 6 was announced, rather than at this late stage."
Copies, Webcasters tangled in draft bill (News.com)
News.com reports on a draft bill that two US House legislators have put together. "The first part of their proposal, which would limit backup copies, has already drawn objections from academics and nonprofit groups that have reviewed it. Under current copyright law, Americans who record a TV program or radio segment generally may "sell or otherwise dispose of" that analog recording or digital file as they wish. The proposed bill would end that exemption, handing copyright owners substantial new control over the distribution of their works by curtailing copying rights granted to consumers under a doctrine known as "fair use.""
Why Are So Many Internet Radio Stations Still on the Air? (Linux Journal)
Here's a detailed Linux Journal article on the plight of online radio stations. "So why are the record labels taking such a hard line? My guess is that it's all about protecting their Internet-challenged business model. Their profit comes from blockbuster artists. If the industry moved to a more varied ecology, independent labels and artists would thrive--to the detriment of the labels, which would have trouble rustling up the rubes to root for the next Britney."
Companies
30 lose jobs in RidgeRun closure
The Idaho Statesman covers the closure of RidgeRun, a company that was working on Linux-based smart phones. "The board of directors unanimously agreed not to accept some funding terms presented to us and rather than encumber the company on what we saw as difficult terms, we decided to shut down, Prince said. In the midst of the shutdown, however, Prince remained hopeful some part of the company could be resurrected in the future. I think a fair number of people here are looking at regrouping and attacking the same markets, said Prince, who blamed a soft technology market for the company´s troubles."
Preinstalled Mandrake Linux PCs go live at Walmart (Register)
The Register reports on the new Microtel Linux PCs that are being sold by Wallmart. "Draw your own conclusions about that one, friends, but it'll be interesting to see how the respective offerings do at Walmart, or indeed if preinstalled Linux from a major consumer outlet will hit the spot."
Walmart.Com Starts Offering Mandrake Boxes (Open for Business)
Open for Business covers the availability of pre-installed Mandrake Linux on computers from Walmart.com. "The PC's range in price from just below $400 for a 900 MHz AMD Duron-based system to $700 for a very nicely equipped Intel Pentium 4 2 GHz system. The systems also include 128 megabytes of RAM, a 40 GB hard disk, and either a CD-ROM or CD-RW drive. A monitor is not included in the package."
WalMart puts more Linux PCs on shelves (ZDNet)
ZDNet reports on Wall Mart's continuing efforts to sell inexpensive Linux based PCs. "A Wal-Mart representative declined to provide sales figures for the Lindows PCs, citing company policy, but said sales have been above expectations. "We're very pleased with the response so far," the representative said."
Meanwhile, the Arizona Daily Star gives a fairly
negative review of the Wall Mart/Lindows machine.
"The resulting mess will make no one happy. Experienced Linux users, a savvy bunch, won't need the hand-holding provided by what the company calls LindowsOS. Ordinary non-technical consumers are likely to fall into one of the many holes in the LindowsOS structure, canceling out any benefit from the slightly lower cost of buying a personal computer without Microsoft's current Windows XP Home Edition.
"
Thanks to Eric Bueschel.
Business
Norway government cancels Microsoft contract (ZDNet)
According to ZDNet, Norway has cancelled an exclusive software contract with Microsoft. "The government made the decision because it was unsatisified with the Microsoft procurement contract, which effectively handed Microsoft a monopoly on government office software, according to Victor Norman, Norway's minister of labour and government administration. The news was reported on Friday by the Norwegian daily Aftenposten."
Ballmer 'fesses up to Linux/Windows cost FUD (Register)
The Register reports that Microsoft CEO Steve Ballmer has admitted that Linux is indeed less expensive to run than Microsoft products. "Windows is a lot more expensive to run than Linux, Microsoft CEO Steve Ballmer has finally confessed. Despite Redmond's heroic efforts to defeat common knowledge with elaborately-rigged total cost of ownership 'studies', innuendo, FUD and outright distortions, the rhetorical power of common experience has become too powerful, even for a marketing behemoth like MS."
Building the Linux business infrastructure (ZDNet)
ZDNet has an article on building infrastructure using products from IBM, Oracle and others. "...it should come as no surprise that of the more than 300 IBM middleware products available, more than 50 are now available on Linux on IBM's Intel-based xSeries servers and 20 are ready to go on the mainframe zSeries."
Linux Not Just For Geeks Anymore (Forbes.com)
Forbes.com says Linux is here to stay, but still has some concerns. "There likely isn't a large company out there that isn't at least evaluating Linux, but the biggest independent suppliers and distributors are losing money and--after an initial boom--have largely turned out to be a dud for investors."
All the Pleasure of iSeries Linux, Without the OS/400 (midrangeserver.com)
Midrangeserver.com is running an article that details the reasons why YKK USA decided to go with the Linux platform for its web site. "eOneGroup also encouraged YKK USA to deploy its new application on Linux, although it wasn't the only software vendor YKK USA dealt with that has come out in support for Linux. "eOne was very fair in what they presented to us," Carnell said. eOne introduced YKK USA to Linux, Carnell said, but all the independent software vendors believed Linux was an attractive alternative. "More developers were more excited about Linux," she added." Thanks to Martin Rowe.
Jamie Harrison: The age of aggressive Linux advocacy is upon us. (Linux Orbit)
Jamie Harrison has written an editorial on Linux Orbit that looks at the current state of Linux. "Whether we want to admit it or not, Linux has entered a critical period in its development - a period that may, in fact, determine in fate forever."
"Now that Linux is no longer a strange little niche Operating System, and has developed to the point where Microsoft actually feels threatened by its proliferation, the folks in Redmond are doing everything they can in the way of software design, legislation, regulation and control of the internet to snuff Linux out. The main reason that they have failed up to this point is that Linux has matured and grown in popularity, gaining public and private defenders in the consumer market and especially the corporate boardroom.
"
Thanks to John Gowin.
Interviews
Marcelo Tosatti: The future is Linux (ZDNet)
ZDNet interviews Conectiva's Marcelo Tosatti. "Embedded is a really big market and I guess people don't realize how big it is. You could have Linux in a camera mounted on the wall over there. It's everywhere. So it's a really big market. And it's a really big challenge, because it's really hard and complex to work with this stuff in my opinion."
"And the enterprise is a big market, a big opportunity for us. Linux could be moving much more deeply into the enterprise and on the desktop. Linux is growing in the enterprise very quickly but not so quickly on the desktop.
"
Interview with SuSE's and KDE's Waldo Bastian (OSNews)
OSNews is running an interview with KDE hacker Waldo Bastian. "I think [Linux] is very close to being viable, in fact I expect to see an increasing number of large deployments this year. I think the business desktop is viable right now, especially for organizations that have an IT department already. The consumer desktop is more difficult, partly because Linux still requires a certain level of expertise from its users, partly because the OEM market is under mob-rule from Redmond. I think Lindows is very bold in this regard by selling PCs through Walmart with a KDE-based desktop pre-installed. They will be a good test to see if Linux is ready for the consumer market."
How a CTO faced his worst nightmare (News.com)
News.com talks with Roger Burkhardt, CTO of the New York Stock Exchange. "Our application servers are all off site at two data centers that run in active-active mode. They are always processing work, and either one is capable of taking the whole load, and the clients on the trading floor are very, very thin so you can boot them very fast. That is one of the things about Linux--you can recover very quickly."
Resources
Embedded Linux Newsletter for July 11, 2002
The July 11, 2002 edition of the Linux Devices Embedded Linux Newsletter is out, with the latest Embedded Linux news.Building an Office Network from Spare Parts (Linux Journal)
A detailed account of a network revitalization has been posted on Linux Journal. "We've learned that by using open-source, it is possible to build office solutions with a minimum investment in software and hardware."
Virtual Prototyping for Embedded Linux Product Development (Linux Journal)
Linux Journal looks at virtual prototyping for embedded Linux products. "As for the advantages of prototyping, the first and probably most significant benefit is involving other people early in the design process. As mentioned earlier, the virtual prototype presents your product plan to non-engineers in a way that they can understand and visualize, without having to wait until a hardware mock-up is available. You don't want the marketing department, product experts and management requesting specification changes when the product is nearly done. At that point, such changes may take months to implement. Often it is too late to make all the necessary revisions, so a less-than-perfect product goes on to market."
Improving Network-Based Industrial Automation Data Protocols (Linux Journal)
Bryce Nakatani writes about issues involved with running industrial automation over TCP/IP connections. "TCP/IP breaks into industrial automation, but not without some problems. The industrial automation sector is rapidly advancing into the use of TCP/IP over Ethernet as a replacement for traditional data connectivity. Many of these devices implement application protocols that mirror their older cousins. With the implementation of IP, the operation, flexibility and reliability of these devices may be jeopardized due to oversights in the implementation of sockets as a new connection medium. In this article I will discuss many issues I've stumbled over while dealing with these issues. I'll also present solutions that future data protocols may improve on."
The Game Theory of Open Code
Mikael Pawlo has written a paper that applies game theory to open and closed-source software models. "A company selling proprietary software to third parties will never open its code if the company has a competitor. It will never release its software under the GNU GPL. If you consider open code a benefit to society, you may want to propagate open code-legislation or otherwise try to stimulate new competition in the marketplace."
Reviews
Yopy brings Linux to wider audience (ZDNet)
Here's a ZDNet article about the Linux-based Yopy PDA,which is now gaining popularity in Europe. "Tuxmedia says it will offer French-language applications for Yopy directly from its Web site beginning this summer. Tuxmedia suggested it would be porting some desktop Linux applications to G.Mate's Linupy distribution of Linux. "Generic Linux applications can be easily ported to the Yopy within a couple of hours, sometimes less," the company said in a statement."
Miscellaneous
Pakistan Government Looks to the Linux Users Group (Linux Journal)
Pakistan is looking at Linux. "The Government of Pakistan is committing itself to the reduction of piracy and the protection of intellectual property. Linux and open source technologies are the corner stone of this initiative."
Sharp's Zaurus PDA suffers security holes (News.com)
News.com reports on some security vulnerabilities in Sharp's Linux based Zaurus PDAs. "Linux is an open-source operating system, giving developers equal access to the code. Many consider that an advantage in a situation like this, as security flaws are found quickly and fixes and other software improvements can be added by a whole community of programmers, not just those employed by a particular company. However, Sharp has not released the source code for the Zaurus' particular operating system to the open-source community, nor has it integrated any community updates to its OS, choosing instead to go a more proprietary route."
""Sharp committed to Linux and the open-source community, but they've realized that they don't want to live the lifestyle," said a source familiar with the company's plans.
"
Microsoft claim shakes graphics world (ZDNet)
According to ZDNet, Microsoft is claiming ownership of several patents on technologies that are used in the OpenGL graphics standard. "Microsoft clarified its claims somewhat at this month's quarterly ARB meeting, according to the meeting's minutes, but its proposals still appear likely to throw a wrench in the works of OpenGL, according to legal experts. At the July meeting, Microsoft also added that it may have claims to a technology called fragment shading."
Open source developers wary of MS graphics patent grab (Register)
The Register follows up on a previous article with comments from its readers. "We know from their other publications that "more effective in a corporate sense" means "proprietary", and especially "not GPL", in Microsoftese. The subtext is that they're offering a Devil's bargain - OpenGL can have this technology without fear of Microsoft's claims on it, provided OpenGL makes it and all the rest of OpenGL's own technology unavailable to those Godless commie open source loons."
Page editor: Forrest Cook
Announcements
Resources
Linux Journal Announces Opening of 2002 Readers' Choice Awards (Linux Journal)
Linux Journal is accepting input for its eighth annual Readers' Choice Awards. Check it out and vote for your favorite applications, web sites (LWN, of course...:), books, and more.Little Linux systems for projects and products (LinuxDevices)
LinuxDevices has posted an updated version of its guide to pre-packaged hardware solutions that are capable of running Linux. "Are you looking for small pre-built systems for implementing your Linux-based projects or products? Look no further. LinuxDevices.com has just completed an update to its popular Quick Reference Guide to Little Linux Systems for Projects and Products. This handy reference guide lists small systems that can serve as ready-made platforms for prototyping applications, or as the basis of application-specific Linux-based systems and devices. The style, performance, and costs of these systems vary greatly. Pictures included!"
Upcoming Events
The Conference for Open Source Content Management
OSCOM Berkeley 2002, the Conference for Open Source Content Management, will be held September 25 to 27 in Berkeley, California; Ted Nelson will be the keynote speaker. "With presentations from over ten leading content management system (CMS) projects and a full day of tutorials, the conference promises to galvanize the role of open source in the CMS market."
Gnumeric Summit
A summit for the Gnumeric spreadsheet will be held in Boston on July 24th.Perl Mentoring BOF at OSCON (use Perl)
A Birds-of-a-Feather session on 'Perl Mentoring/Code Reviews' will be held at the upcoming Open Source Convention on Thursday, July 25. Top Perl people will be on hand to answer your Perl questions.Linux-Kongress 2002 tutorials
The list of tutorials for the Linux-Kongress 2002 has been published. Topics include a Debian Packaging Tutorial, Samba, The New Generation of Printing: CUPS and Foomatic,Pfeifle IPsec in action: Secure Wireless Networks, and a Hands-On Tutorial for NSA Security Enhanced Linux. The conference will be held from September 4-6, 2002 in Cologne, Germany.Events: July 18 - September 12, 2002
| July 18 - 20, 2002 | Boston GNOME Summit | Boston, Mass. |
| July 20, 2002 | Fourth Australian Open Source Symposium(AOSS4) | (UNSW, Sydney)Sydney, Australia |
| July 22 - 26, 2002 | O'Reilly Open Source Convention | (Sheraton San Diego Hotel and Marina)San Diego, California |
| July 23, 2002 August 27, 2002 | Seattle Ruby Brigade Meeting | Seattle, Washington |
| August 1 - 2, 2002 | 3rd annual Bioinformatics Open Source Conference(BOSC 2002) | Edmonton, Canada |
| August 12 - 15, 2002 | Linux World Conference & Expo | (Moscone Center)San Francisco, California |
| September 11 - 13, 2002 | Open source GIS - GRASS users conference 2002(GRASS) | (Centro Servizi Culturali S. Chiara)Trento, Italy |
Web sites
Welcome to the mod_perl world
A new, official mod_perl web site is online with lots of information on using mod_perl and Apache. See the announcement for more details.
Software announcements
This week's software announcements
Here are the software announcements, courtesy of Freshmeat.net. They are available in two formats:
- Sorted alphabetically,
- Sorted by license.
Miscellaneous
Linux clique rewards its own (News.com)
According to News.com, Lindows.com will be giving awards to the developers of desktop applications. "Lindows, a start-up attempting to popularize Linux on the desktop, announced Thursday that it would host awards for consumer Linux applications, giving the winners a total of $54,000. The company plans to give a "Clicky" award and, more importantly, prize money to the top three applications in six categories: audio/MP3, business/finance, Games, home/education, Internet, and multimedia/design."
Gnome users need a Forum!
The Gnotices site has posted a request by Mark Finlay for the creation a Gnome users' forum. "One thing that I²ve always found to be lacking in the Gnome community is a bulletin board. People will say that Gnome has mailing lists, Gnome has IRC etc¥ But these are very much development communication channels ¶ and with the release of GNOME2 we²re all hoping to see a lot more non-technical users using Gnome in the not too distant future, aren't we? ;)"
Page editor: Forrest Cook
Letters to the editor
Scalability is a double edged sword...
| From: | Duncan Simpson <dps@io.stargate.co.uk> | |
| To: | letters@lwn.net | |
| Subject: | Scalabitiy is a double edged sword... | |
| Date: | Thu, 11 Jul 2002 11:26:30 +0100 |
A unix kernel with very fine grained locking exists already. It is called
solaris and nobody is impressed with its performance on small systems. If you
have a 64+ processor Ultra Enterprise 10000, or whatever it's current
equivalent is, the fine grained locking is a big win. If you only have 3 or
fewer processors the locking costs more than the time saved by reduced lock
contention. At least one MPI implementation is also guilty of sacrificing
performance on small systems, like the systems the many people have access to,
at the altar of scalability.
I think it would be a mistake for Linux to follow the policy of sacrificing
performance on small systems just for scalability to vast numbers of processors,
which practically nobody using linux has. Scalability improvements that also
help small systems should be pursued instead, for example the O(1) scheduler.
If the lack of scalablity to vast numbers of processors is an issue for you
then you can presumably afford to buy solaris, unicos max, or whatever.
The spin lock deadlock issue is probably best resolved by a simple, well
maintained, list of spinlock in increasing or decreasing order. Deadlock is,
provably, avoided if you always take locks in the same order everywhere, which
should be moderately easy given such a list. I, perhaps forunately, am not in a
position to construct or maintain such a list. Victims^H^H^H^H^H^H^Hvolunteers
who are in a position to do so should probably file their application on the
linux kernel mailing list.
P.S. I do have some (paper) claims to knowledge of parallel systems. Just when
it was freshly minted parallel systems went out of fashion :-(
--
Duncan (-:
"software industry, the: unique industry where selling substandard goods is
legal and you can charge extra for fixing the problems."
Switching Back. (Don asbestos: your very first assertion was wrong!)
| From: | Leon Brooks <leon@cyberknights.com.au> | |
| To: | flamesbegin@dual-enforcers.net | |
| Subject: | Switching Back. (Don asbestos: your very first assertion was wrong!) | |
| Date: | Thu, 11 Jul 2002 10:49:58 +0800 | |
| Cc: | letters@lwn.net |
> Mr Joe Average is someone who wants to install their OS, boot it up,
> and it works.
No. Mr Joe Average User doesn't want to install his OS at all. He just wants
it to work. You are _not_ Joe Average.
Mandrake Linux 8.2 does that, when you install it, it stays installed. No DLL
hell, no random lockups.
Even if poor Joe is left to install his own OS, Mandrake is easier to do this
with than Windows even for many scanners, cameras, USB ADSL modems and other
mechanisma obscurata. Pretty good for an OS without billions of dollars of
influence behind it to help manufacturers decide to write drivers for it.
SuSE, I am told, is about the same.
> He wants to be able to upgrade his PC, and have the hardware work in a
> few short minutes.
Agree. It's called HardDrake, and the hardware works pretty much instantly.
> Stupid users don't doggedly stick at something for three and a half years,
> trying distribution after distribution in the hope of finding the holy
> grail of Linux desktops.
Sorry, I have trouble connecting the preposition with the reasoning...? (-:
> They give up in less than a few hours of trying to (unsuccessfully)
> install RedHat Linux.
If it was something new to you, I would expect a *clever* user to either give
up or call for help after a few hours of futility. RedHat do have support, but
I generally turn to the community.
What do you do when faced with the same situation in Windows? Call Microsoft?
The technical term for move that is `a cwoft' (Complete Waste Of Time).
If you're on the verge of claiming that this never happens, don't. I'll bury
you in real-life counterexamples - with names - down to a machine which acts
like it's been virussed (files go missing, sooner or later it wipes most of
the disk in one go and the machine dies) when Win98SE is installed on it, but
works flawlessly with Linux. Yes, we did run a modern virus scanner over it.
> I was getting tired of the 'stable' Debian release being so out of date,
> and the 'unstable' distribution being so... well... unstable.
You were too impatient. Debian now has a `testing' branch which has the mix
you dream of.
> My experience with X is that it's too big, bloated, slow and unstable to
> be any good to the home user. [...] What home users need is something
> small and fast, so they can run local applications efficiently.
On one hand, I have home users completely happy with X, playing BZflag,
TuxRacer, The Sims and the like. On the other, perhaps you want to try Berlin
or one of the direct framebuffer drivers.
> Fonts are truly awful under X.
Can be. They work fine (antialiased) under Mandrake 8.2 for me, but I know of
others who have trouble. FontDrake co-ordinates font installation for the
diverse font-using systems within my boxes.
Fonts are worth discussing. While there are some good justifications for those
diverse systems, I personally think that having everything able to get fonts
from some single source like xfs would be a good idea. Unlike Windows, if you
also think this is a good idea, there's no impassible obstacles standing
between you and (for example) Ghostscript to prevent you from making it so.
For an example of justifying a diverse system, any UNIX app can make a
PostScript file with a limited set of fonts and know that it is printable,
rather than having to learn and link to a complex GDI which wiggles. But
we've digressed again from Joe Average.
> and use a readable naming scheme as well.
There is nothing stopping you from mapping simple names like "Courier 15" to
the full name of a font. GIMP, for example, does this. I do agree that a
standard way of doing this is worth while. I do _not_ agree that dumbing down
fonts to suit dumb users is a good idea. Computers are good at translating,
so let the computer translate dumb concepts to suit a powerful underlying
metaphor.
> Got RedHat Linux 7.3? Perhaps you run SuSE 7.3 or Debian 2.2. You'll have
> to download a binary package specific to your distro.
The vast majority of devices are dealt with by a driver already present in the
kernel; of the remainder, most manufacturer's sites have a small set of
generic drivers which suit (for example) all 2.2 and another for all 2.4
kernels, just like most have generic drivers for all Win95/98/ME and another
set for NT/2k/XP.
I think thrice in my life as a Linux consultant have I had to download drivers
for stuff, one being an esoteric multiport serial board, one being a NetGear
FA311 network card when it was brand new and `modprobe natsemi' didn't work
for it, and the third being a NetComm Lucent-based software modem (which
works faster and more stably under Linux, BTW).
> I believe that a home user shouldn't have to do more than plug it in. It's
> an IDE device, it's not that complicated!
Earth to Tony? Did I just hear you advocate having Joe Average - or perhaps to
make the point plain, Joe Sixpack, the supermarket-PC-and-AOL user - messing
around inside his case?
And do you recall having on several distinct occasions to download and install
Windows software (and reboot, what a surprise!) to deal with bigger IDE hard
drives at certain size boundaries?
> I'll put this simply. I'm a home user, not a programmer. Why on earth
> should I have to compile the software I want to use?
You don't. Either use the package provided in many cases, or accept that your
market is currently much less than 1/20th of the Windows market and be
prepared to wait for pre-built apps. Meanwhile, go search on rpmfind.net and
in you distro's contrib directory, someone other than the authors may have
packaged it for you.
This, it is worth noting, is not a service available to Windows users. If you
want to compile software for your Windows box (e.g., to optimize it for your
CPU, or make a version for your CPU type - oops, hang on, Windows only has
one supported CPU type... :-).
Now let me pose you a question: why on Earth should I have to pay AUD$495
(retail price of XP) for an OS to run on my AUD$599 computer? And then why on
Earth should I have to pay another AUD$265 for a virus scanner (Sophos) that
works reliably and doesn't tinker too much with your system's internals?
Think about that: I've just spent $760 on `necessary' software for a $600 box.
You did pay for your version of Windows, didn't you? Alternatively I can get
a supermarket box with XP pre-installed for AUD$1200 and _then_ pay AUD$265
for AV software which works. Yay.
Contrast this with adding Mandrake Linux 8.2 at AUD$10 for the download
edition burnt to CDs or AUD$129 for the PowerPack with a swathe of commercial
software on top of the 3000-odd Open Source packages (including three
complete office suites) from the download edition. Better support, too. (-:
> cdrecord [...] refused to allow me to copy a cd directly.
That's never been a problem for me, even with early versions of cdrecord.
Also, I can just copy a CD onto the hard drive as an image, mount it and have
access to the files on it, no special software required - or burn from the
HDD copy.
> Although having package databases (such as the rpm and deb systems use) is
> great, there should definitely be seperation between system packages and
> additionally installed software. There needs to be a standard installer
> and database for user-installed applications such as word processors,
> email clients and games, and it should be seperate from the rpm or deb
> databases used for system software such as lilo, init and cron. This will
> make it much easier for home users to know what applications they have
> installed on their PC, and to easily uninstall them if necessary, without
> knowing some arcane commands and weird package names.
Oh, be still, my aching ribs! (-:
Is IE an application, or not? How do I uninstall it? Gee, aren't those
commands you've given me just a tad arcane? Did they come from Microsoft's
web site?
There are scores of GUI package managers available, most of which will show
you dependencies, descriptive information, which package owns what file and
so on. Where in Windows do I go to find out who owns the file
C:\WINDOWS\SYSTEM\VBRUN700.DLL?
> This may not apply to most of the community, but there is a very vocal
> minority that gives Linux a bad name.
Likewise for anything, in any arena. If you can't see a similar vocal minority
in the Windows crowd, I suggest looking up Alex Boge, AKA Drestin Black. The
point you've made holds true for football, geology, democracy, avocado
farmers, name it.
> My CDRW worked right away, without a hitch.
Mine did too. However, I can point you to a Windows guru (and this guy really
is a genius) who finally gave up and replaced his CDRW drive with another
because the software that drove it under Win2k would never work. He did not
have the option of "hdc=ide-scsi", LILO and reboot.
> A quick install of Nero Burning Rom, and I was able to make a backup copy
> of my game CDs.
I didn't need to install anything to do that. The Mandrake installer already
had it sorted.
> All [W]indows software comes in binaries, either with an installer or in a
> zip file. I hope to never compile an application ever again.
Instant counter: http://solon.cma.univie.ac.at/~neum/software/arfit/ plus
gazillions of other packages like BlueFish, which will (in this case with the
Windows GTK libraries) run under Windows but are not packaged for it.
We're talking about Joe Average here, else I'd be asking if you now have tools
for recompiling an application, should you wish to alter one...?
> I can't comment on the Windows using community yet. I've not yet had a
> problem that a simple point and click couldn't fix.
You will. (-:
> However, I will say that my original concern with Windows '95 has been
> addressed in Windows XP. The stability is finally there.
Generally, and speaking from exposure to scores of XP machines (including
fixing them and having to use them, horrah for CygWin): better than 95, worse
than NT. How about security? Socket and see. (-:
> I expect that the Linux community will have something to say about this
> article;
<horrified>No! Really...?</horrified> (-:
If you state up front that this article is *not* about Joe Average user, but
about *your*own* needs and experiences, demi-power-user, it will be a lot
more believable.
Come to LCA2003 and discuss it in person!
Cheers; Leon
--
CyberKnights Modern tools, traditional dedication.
+61-409-655-359 http://www.cyberknights.com.au/
linux.conf.au 2003 The Australian Linux Technical Conference
http://conf.linux.org.au/ 22-25 January 2003 in Perth, Western Australia
Page editor: Jonathan Corbet