| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
LWN.net Weekly Edition for July 18, 2002The road to World Domination Linux, it seems, is on a roll. In the past week we've had news of the LLNL cluster sale (see below), of Norway's decision to drop its exclusive contract with Microsoft (despite losing the substantial discounts that contract provided), of Steve Ballmer's admission that Linux is giving Microsoft some trouble, of MandrakeSoft's improving bottom line, and more. The world increasingly understands that free software is better, cheaper, and, of course, free.Those of us who wish to promote the free software cause can't rest yet, however. Free software still has a great many hurdles to overcome, including:
There is, in other words, a lot of work to do still. Free software has always been surprising in what it has been able to accomplish, though. The free software community has a great chance of being able to handle these challenges as well.
The largest Linux cluster Linux NetworX has sent out a press release proclaiming the sale of "the largest and most powerful Linux cluster" ever. This system has been sold to Lawrence Livermore National Laboratory, and should be operational this fall. This cluster, which will employ 1920 2.4-GHz Intel Xeon processors, is expected to be one of the five fastest supercomputers in the world.LWN has long maintained that Linux-based clusters were going to take over the supercomputing field. The economics of clusters built with commodity hardware and free software are simply too good to ignore. The biggest impediment to cluster World Domination, perhaps, has been the "some assembly required" nature of Linux clusters. Supercomputers are, in general, not low-maintenance devices, but Linux clusters have tended to require even more than the usual amount of work. To be truly successful, Linux clusters must become polished, easy to manage products. Linux NetworX, like other cluster vendors, has long understood the need for more refined cluster products. Some of the features of their current cluster offerings are worth a look as an indication of how far Linux clustering has come. Linux NetworX is certainly not the only vendor offering these sorts of features; in the context of this sale, however, they make a good example. Early Linux clusters consisted of large numbers of beige boxes with even larger numbers of cables between them. Modern cluster vendors have long since moved past that mode, which is wasteful of energy, space, and system administrator time. In this case, Linux NetworX is employing its "Evolocity II" product, which crams two processors into a "sub 1U" rack space. Throw in easy interconnects and the basic job of plugging the cluster together becomes much easier. Then, throw in the "ICE Box," a small, Linux-powered box which performs console management, power management, and temperature monitoring for a set of cluster nodes. Among other things, this box allows a (remote) administrator to power down sets of nodes when they are not in use; when your cluster has thousands of nodes, turning off unneeded nodes can yield significant power savings. What about when you want to bring those idle nodes back up to get some work done? One of the interesting things that Linux NetworX has done is to work with the LinuxBIOS project. LinuxBIOS replaces the regular BIOS on the motherboard, allowing a system to boot into a Linux kernel in as little as three seconds. Finally, there is the issue of how one manages a cluster with almost 2000 nodes. The Simple Linux Utility for Resource Management (SLURM) is a cooperative project between Linux NetworX and LLNL; it gives administrators the ability to control access to groups of processors in an easy manner. SLURM appears to be in an early state of development at this time; the plan is to release it under the GPL at some point. All of this, of course, leaves out one crucial part of the problem: making the customer's applications work on a clustered system. Parallelizing a program so that it makes the best use of a cluster is a hard task. There is still no easy way around this one. A cluster-optimizing version of gcc remains the stuff of dreams at this point. Even with the programming challenges, Linux clusters are earning an increasing amount of respect in the high performance computing world. They are getting steadily more powerful, easier to buy, and easier to run. Brad Rutledge of Linux NetworX tells us: "We anticipate this is the first of many Linux clusters that will measure as top supercomputers within in the next year." Things look likely to turn out just that way.
Some advertising changes on LWN.net We're trying out a new way of selling advertising space on LWN. The old "cost per thousand" scheme is out; instead, advertisers get a percentage of the total site impressions proportional to the amount of money they wish to spend on the campaign. So, if advertising demand is low (as it generally is), a small investment will buy a great many exposures on the site. In other words, advertising on LWN has just gotten cheaper; please see the announcement for the details.
Page editor: Jonathan Corbet Security Security Vulnerabilities in Sharp Zaurus On July 10th, a report of remote filesystem access and screen-locking passcode disclosure vulnerabilities in Sharp Zaurus was released by the Syracuse University Center for Systems Assurance. The first is a little scary: the sync service gives anybody with network access to the Zaurus (through a wireless net, say) the ability to overwrite any file on the filesystem. The second is a problem with relatively weak encryption of passwords. It was pointed out, on posts to BugTraq, that Sharp did mitigate, but not resolve, the remote filesystem access risk by restricting access to the vulnerable port.Sharp has apparently known about these problems for more than a month, but no update is yet available that fixes them. The Zaurus developer community apparently knew about the remote filesystem access vulnerability as early as March 29th. An independently compiled list of problems with the Zaurus, that last updated May 6th, includes the remote filesystem access vulnerability and some pointed comments on Sharp's management.
The Zaurus SL5000D and SL5500 are palmtop computers with great potential, but the maker, Sharp Electronics, has botched several things and has not taken any steps to deal with the issues even though they have had feedback about most of the problems below on the developer web site for months. Unfortunately Sharp has not answered the concerns raised by developers during the beta period. The SL5500 is now a released product and the general public will begin to run into these problems. It is sad that Sharp has refused to fix the problems with their unit as the Zaurus may be a first introduction to Linux/Unix systems for many users. The problems the Zaurus has will give the false impression to new users that the problems are with Linux in general rather than with the choices that Sharp made in implementing Linux on the Zaurus.
Richard Shim reported on the security vulnerabilities for News.com, including his own comments on Sharp's management of Zaurus development. Linux is an open-source operating system, giving developers equal access to the code. Many consider that an advantage in a situation like this, as security flaws are found quickly and fixes and other software improvements can be added by a whole community of programmers, not just those employed by a particular company. However, Sharp has not released the source code for the Zaurus' particular operating system to the open-source community, nor has it integrated any community updates to its OS, choosing instead to go a more proprietary route.
[...]
"Sharp committed to Linux and the open-source community, but they've realized that they don't want to live the lifestyle," said a source familiar with the company's plans.
Security news Linux attacks on the rise? (Register) The Register speaks about a recent security study from security consultancy Mi2g. "Attacks on Linux and open source Web applications appear to have risen sharply this year, while attacks on Windows systems are markedly down. That's the conclusions of a study by security consultancy mi2g after it compiled a database on attacks culled from data from defacement archives (such as alldas.org), hacker bulletin boards and 'information from automatic robots'."
Hack attacks on Linux on the rise (News.com) News.com writes about a report by U.K.security consultancy MI2g that claims that successful hacks on Linux web servers are on the rise. "In the past, hackers and virus writers have largely focused their efforts on the Windows platform, as its dominance on desktop PCs makes it a ready target. However, Linux has a large share of the Web server market, and Linux server applications are often vulnerable to attack because of mismanagement, according to the study."
Debian GNU/Linux 2.2 updated (r7) This is the seventh revision of Debian GNU/Linux 2.2 (codename `potato') which mainly adds security updates to the stable release, along with a few corrections of serious bugs.
Cyberterrorists don't care about your PC (ZDNet) ZDNet looks at vulnerabilities in SCADA systems "Currently, power grids, dams, and other industrial facilities are monitored by Supervisory Control and Data Acquisition (SCADA) systems; approximately three million of these exist throughout the world. Based on telemetry and simple data acquisition, they give scant regard to security, often lacking the memory and bandwidth for sophisticated password or authentication systems. SCADA typically runs on DOS, VMS, and Unix platforms, although vendors are now shipping Windows NT and Linux versions, as well."
July CRYPTO-GRAM newsletter Bruce Schneier's CRYPTO-GRAM newsletter for July is out; it looks at security threats to embedded devices, the "Perrun" virus, and more. "I have long suspected a cozy little link between virus writers and antivirus software makers. The latter certainly needs the former, both to keep viruses in the news and to provide a steady revenue stream from updates. And here's an example of them sharing information."
Security reports CARE 2002 file disclosure and sql injection vulnerabilities CARE 2002 version 1.0.0.2 fixes file disclosure and sql injection vulnerabilities. CARE 2002 is an open source software package for hospitals, clinics and private medical practices. The first beta version of CARE 2002 was created by Elpidio Latorilla.
Double Choco Latte multiple vulnerabilities Ulf Harnhammar reports file upload, file download and cross site scripting vulnerabilities in Double Choco Latte which are fixed in version 20020706.
Double Choco Latte is a package that provides basic project
management capabilities, time tracking on tasks, call tracking,
email notifications, online documents, statistical reports,
a report engine, and more features are either working or being
developed/planned. It is licensed under the GPL (GNU Public License),
which means it is free to study, distribute, modify, and use.
Vulnerabilities in the GoAhead Web Server Matt Moore reports two vulnerabilities in GoAhead Web Server v2.1:
New vulnerabilities libpng buffer overflow vulnerability
Updated vulnerabilities Acrobat reader temporary files
Heap corruption vulnerability in at
Denial of service vulnerability in version 9 of BIND
bind buffer overflow vulnerability in DNS resolver libraries
Ethereal buffer overflow, infinite loop and memory management vulnerabilities
GNU fileutils race condition
Buffer overflow problem in glibc
Buffer overflow in groff
UW imapd remotely exploitable buffer overflow
Apache mod_ssl off-by-one local code execution and DoS vulnerability
LPRng accepts jobs from any host.
Mailman 2.0.11 fixes two cross-site scripting vulnerabilities
Mozilla XMLHttpRequest file disclosure vulnerability
nn remote code execution vulnerability
String format bug in pam_ldap logging
Remotely exploitable vulnerability in pine
Sharutils potential privilege escalation using uudecode
Squid DNS vulnerability fixed in Squid-2.4.STABLE6
Multiple vulnerabilities fixed in Squid-2.4.STABLE7
Malformed NFS packet buffer overflow vulnerability in tcpdump
Multiple vendor telnetd vulnerability
Multiple vulnerabilities in SNMP implementations
webalizer: reverse DNS buffer overflow vulnerability
Webmin/Usermin vulnerabilities
Problems with libgtop_daemon
xchat IC server based dns query vulnerability
Resources Flawfinder 1.20, a security auditing tool for C/C++ David A. Wheeler has released Flawfinder version 1.20, "a tool that examines C/C++ code and reports possible security flaws in the code (sorted by risk level)."
Flawfinder works by using a built-in database of C/C++ functions with well-known problems,
such as buffer overflow risks (e.g., strcpy(), strcat(), gets(), sprintf(), and the scanf() family),
format string problems ([v][f]printf(), [v]snprintf(), and syslog()), race conditions (such as access(),
chown(), chgrp(), chmod(), tmpfile(), tmpnam(), tempnam(), and mktemp()), potential shell metacharacter
dangers (most of the exec() family, system(), popen()), and poor random number acquisition (such as random()).
Linux Advisory Watch The July 12th Linux Advisory Watch newsletter from LinuxSecurity.com is available.
Papers from the 11th USENIX Security Symposium A number of interesting papers considering security and open source will be presented at the 11th USENIX Security Symposium the week of August 5th in San Francisco, California, USA. We noticed a few that have already been released by the authors.
Events Black Hat Briefings 2002 Keynote Speakers Black Hat Inc has announced the keynote speakers for Black Hat Briefings 2002 coming up July 31st to August 1st in Las Vegas, Nevada, USA.
Upcoming Security Events
For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net.
Page editor: Dennis Tenney
Kernel development Release status Current kernel release status The current development kernel is 2.5.26, which was announced by Linus on July 16. Changes include some ACPI updates, the "direct to BIO for O_DIRECT" patch (see last week's LWN Kernel Page), a number of NTFS updates, some USB changes, some IDE fixes, an ARM update, and a great many other changes. The long-format changelog is also available.The latest prepatch from Dave Jones (as of this writing) is 2.5.25-dj2, released on July 12. The most significant feature of this release, perhaps, is that Dave has included the 2.4 IDE "foreport" (also discussed last week). The latest 2.5 status summary from Guillaume Boissiere came out on July 17. The current stable kernel is still 2.4.18. The second 2.4.19 release candidate showed up on the kernel.org sites on July 17, but Marcelo has not posted any sort of changelog or announcement. The current prepatch from Alan Cox is 2.4.19-rc1-ac7. Alan has been merging a lot of code for the IBM "Summit" architecture, PA-RISC, and more.
Kernel development news Read-copy-update One of the biggest challenges in kernel programming is managing concurrency. If multiple threads try to access the same resources at the same time, the result can be chaos. Users tend to have a dislike for chaos, so kernel programmers work hard to avoid uncontrolled access to shared data.In the Linux kernel, this sort of mutual exclusion is usually done with spinlocks. By obtaining a spinlock, a process running in kernel mode can ensure that it is the only one working with the data structures protected by that lock. A variant on spinlocks, called the "reader writer lock," allows numerous threads to access a data structure as long as they do not modify it, but provides exclusive access to processes which make changes. Spinlocks work well in most situations, but they are not free. Taking out a lock takes time, especially on SMP machines, where the cache line containing the lock must be moved between processors. The overhead of a heavily used lock can be significant. So kernel hackers interested in scalability have long kept an eye out for alternatives; one such alternative is a technique called "read-copy-update," or RCU. A "new and shiny" RCU patch was posted by Dipankar Sarma recently (the code credits Paul McKenney, Andrea Arcangeli, Rusty Russell, Andi Kleen, and "etc."). So it seems like a good time to give RCU a look. RCU works by requiring shared kernel data structures to be accessed via pointers. Code needing read-only access to a given data structure (a network routing table entry, say) follows a pointer and is able to work with the data with no locking at all (OK, almost none, see below). The reader case is, thus, handled in a fast and efficient manner. When the code needs to make a change to the data, however, life gets rather more complicated; the sequence of steps required is, roughly:
This technique is clearly optimized for situations where the data is read frequently and modified rarely. For frequently-changed data, the overhead of the RCU cycle would likely exceed that of simply using spinlocks. The "frequent reads/infrequent writes" mode of operation is quite common in the kernel, though, so there are many places where this technique could be employed. For example, Rusty Russell's hotplug CPU patch uses RCU, on the assumption that processors do not actually come and go very often. All of the above, however, has glossed over one interesting detail: how, exactly, does the kernel know when it is safe to release an old data structure? The RCU patch handles this with a basic assumption: kernel code will not retain pointers to RCU-protected data after it sleeps or returns to user space. Thus, it is sufficient to wait until every processor in the system has been seen to be running in user space or to be idle. The RCU patch describes such a processor as being "quiescent." Each CPU in the system has a quiescent counter, which is incremented by the scheduler whenever a quiescent state is observed. To call the RCU writer callbacks at the right time, the RCU code maintains a list of pending RCU completions on each processor. A tasklet runs periodically on any processor with pending RCU callbacks; it polls the quiescent counter for all CPUs and waits until every one of them has changed. Once that has happened, it is safe to free any old RCU data, so the list of callbacks is processed. If, by that time, a new list of pending callbacks has accumulated, the whole thing starts over again. All of this works until you throw in one other little detail: the preemptive kernel. If a process is preempted while running in kernel space, it could retain a pointer to old RCU data even though the CPU appears to be quiescent. The RCU patch provides two different ways of dealing with this problem. One is that code accessing RCU data for reading can bracket that access with calls to rcu_read_lock() and rcu_read_unlock(), which simply disable preemption in the critical section. Spinlocks, of course, do the same thing. Alternatively, code can read the RCU data in an unprotected mode as always. In this case, the RCU callback code gets even a little more complicated; it must now wait until every process which had been preempted in kernel mode either exits or is rescheduled normally. This waiting is not quite as bad as it might seem; it is handled with a couple of atomic counters. It does, however, introduce an indeterminate delay between when the new data appears and the old can be freed. If the memory areas involved are large, quite a bit of kernel memory could be tied up waiting for RCU callbacks; disabling preemption is a safer way to go in most cases. RCU thus involves some complexity, but it holds out a promise of better performance for certain kinds of data access patterns. Will it get into the 2.5 kernel? There is one little problem, being that Linus doesn't like the RCU approach. From a message posted last October:
RCU obviously has major subtle issues, ranging from memory ordering
to "what is quiescent", ie the scheduling points. And "subtlety"
directly translates into bugs and hard-to-debug seldom-seen
problems that end up being "unexplainable".
In short, RCU seems to be a case of "hey, that's cool", but it's a solution in search of a problem so severe that it is worth it. There are no indications that Linus believes such a problem has yet come up. Work continues on RCU patches (and other patches that use it), however, so the story is not yet finished. (For information in numbing detail about RCU - but without the preemptive kernel changes - see this page on the LSE site).
Documenting and enforcing locking requirements As was discussed last week, one problem with an increasingly fine-grained kernel is that it becomes difficult to know which locks, out of thousands, must be held at any given point. Some functions include documentation on their locking requirements (and sometimes it's even current), but many others don't. And there is no way for the code to actually enforce those requirements.That may be about to change, however. Jesse Barnes, in discussion with Daniel Phillips and others, has posted a patch which addresses both problems. A function which expects to be called with a given lock held simply includes a line like:
MUST_HOLD_SPIN(&some_lock);
In kernels compiled for production use, this macro expands to nothing and serves as documentation only - anybody looking at the code sees immediately that some_lock must be held before calling the function. The CONFIG_DEBUG_SPINLOCK compilation option gives the macro some teeth, however: if the given lock is not actually held at that point the kernel panics immediately. The end result is that erroneous calls are likely to get fixed in a hurry. Dave Jones jumped in with a suggestion for tracking down a related (and common) problem: code which sleeps while holding a spinlock. Sleeping while holding a lock is against the rules, since it can cause other processors to spin for a very long time. But it is easy, while programming the kernel, to call a function which, three functions later, goes to sleep. Once again, one could try to document the "can sleep" status of every function and expect programmers to follow that documentation. But, says Dave, why not just add a line like:
FUNCTION_SLEEPS();
to any function that can sleep? If the macro is called while a lock is held, a bug exists. A quick kernel panic will allow the kernel hackers to track down the offending call in a hurry. Neither of these changes has found its way into a mainline kernel yet. If they do, though, they could well help in the early detection of a number of programming errors.
Patches and updates Kernel trees
Core kernel code
Development tools
Device drivers
Filesystems and block I/O
Janitorial
Kernel building
Memory management
Networking
Architecture-specific
Security-related
Miscellaneous
Page editor: Jonathan Corbet
Distributions Distribution News Debian Weekly News - July 16th, 2002 The July 16, 2002 edition of the Debian Weekly News is out with coverage of the latest developments in the Debian community.
Debian GNU/Linux 2.2 updated (r7) This is the seventh revision of Debian GNU/Linux 2.2 (codename `potato') which mainly adds security updates to the stable release, along with a few corrections of serious bugs.
Debian Jr. -- How are we doing? Ben Armstrong provides some insight into the progress of Debian Jr.
Interview with Ian Jackson (Debian Planet) Debian Planet has interviewed the dpkg author, Ian Jackson. "As well as being a former DPL, a current member of the technical commitee and the author of dpkg, the original BTS, debiandoc-sgml, constitution, policy and other documents, and several other free software projects including SAUCE, userv and adns, he holds a doctorate in computer security and is the owner of the machine chiark.greenend.org.uk, home to multiple nefarious internet geeks, projects like PuTTY, and 'a few other weirdos too'."
Mandrake Linux Community Newsletter - Issue #50 Issue number 50 of the Mandrake Linux Community Newsletter has been published. Check it out for the latest Mandrake Linux developments.
Red Hat Linux bug fixes Red Hat has an updated miniChinput package which fixes the way Chinese characters are displayed when the locale is set to zh_CN. Available for RH 7.3 - i386.GDB 5.2 packages are available for a variety of Red Hat releases, from 7.0 through 7.3, including alpha and ia64 in addition to i386 versions.
Minor distribution updates Familiar Linux Familiar Linux has released v0.5.3 with minor feature enhancements.
LEAF (Linux Embedded Appliance Firewall) LEAF has announced updates for several branches. WISP-Dist release 2290 has been announced. Updates we missed last week include a delayed release of Mosquito 3.4 and Shorewall 1.3.3 has also been announced.
Mindi Linux Mindi Linux has released v0.65 with minor feature enhancements.
Openwall The Openwall GNU/*/Linux (Owl) CVS tree may now be accessed via the anonymous CVS server.
RxLinux RxLinux has released v1.0.4 with major feature enhancements.
Trustix Secure Linux TSL has issued a bug fix advisory. It seems older versions of imap and the samba package manipulated the configuration file /etc/inetd.conf in their post install scripts. The imap package also manipulated the /etc/services system file. Since this is not considered nice behaviour, these manipulations have been removed.
uClinux uClinux has released 20020701.
Distribution reviews Is SuSE 8 SuPERB? (Open for Business) Open for Business reviews SuSE Linux 8.0. "SuSE Linux is one of the most usable Linux distributions on the market today. Rivaled only by Mandrake Linux as a mainstream desktop Linux distribution, SuSE offers a nicely setup user interface with everything needed for a productive office."
Preview: Limbo Time (OS News) OS News takes a look at Limbo, the latest Red Hat Linux beta. "For the most part, though, what Red Hat brings to the table is a Linux based OS that can truly compete on the desktop. Make no mistake about it - Linux is not for the average user, but it is getting closer. You still need the command line for true system performance, but almost everything can be performed from within the GUI once you learn where the controls reside. Is Limbo a Windows killer, then? For some, it may be. For some of the more experienced, it may appear to be no more than a hack target. But for the middle ground users, those who are UNIX-capable, but not experts, who are just searching for a robust, flexible but powerful, alternative desktop OS, I wouldn't hesitate to say "Hey, let's do the Limbo rock!""
[Lindows] Applications have a spotty performance The San Jose Mercury News takes a look at Lindows' Click-N-Run Warehouse. "Although the Click-N-Run Warehouse for Lindows is a great idea in theory, real-world users will run smack into the many ragged edges of open-source software. None of the Click-N-Run applications have been developed by Lindows.com, the creator of the Lindows operating system; the company is merely gathering open-source software from elsewhere on the Web and putting it one place for easy access by LindowsOS users."
Page editor: Rebecca Sobol
Development System Applications Database Software Ten MySQL Best Practices (O'Reilly) O'Reilly has published a tutorial that shows how to manage a MySQL database. "MySQL is a complex piece of software that may seem overwhelming when you're first trying to learn it. This article describes a set of best practices for MySQL administrators, architects, and developers that should help in the security, maintenance, and performance of a MySQL installation. "
Mail Software Mailman 2.0.12 released Version 2.0.12 of the stable tree for Mailman, the GNU Mailing List Manager, has been released. Click below for the list of changes included in this version.
Web Site Development Web Development in Heavy Traffic (O'Reilly) Pier Fumagalli writes about tuning JVM for optimal performance on high-bandwidth web sites. "It happens from time to time: you spend a few years working on one peculiar aspect of a problem, you believe you become "experienced" in that problem, and, once your environment changes, you notice how you were looking at it with the eyes of a blind man."
Getting Started With Cocoon 2 (O'Reilly) Steve Punte gives an overview of the Cocoon 2 XML publishing framework on O'Reilly. "Cocoon 2, part of the Apache XML Project, is a highly flexible web publishing framework built from reusable components. Although reusability is an oft-touted quality of software frameworks, Cocoon stands out because of the simplicity of the interface between the components. Cocoon 2 uses XML documents, via SAX, as its intercomponent API. As long as a component accepts and emits XML, it works."
Improving mod_perl Sites' Performance: Part 3 (Perl.com) Stas Bekman continues his series on tuning mod_perl with part 3. "This time we talk about tools that help us with code profiling and memory usage measuring."
Zope Members News This week, the Zope Members News looks at the Silva through-the-web authoring system for structured content, DTMLTeX 0.2, and a new WebMail release.
Web Services Clustering with JBoss 3.0 (O'Reilly) Bill Burke and Sacha Labourey introduce JBoss 3.0 on O'Reilly. "Whenever an organization thinks about building and deploying a J2EE application, they think scalability and reliability. How can my Web site stay up 24/7? Will my infrastructure be able to handle the traffic? How can I ensure that I don't lose any transactions or data? How do I manage large server farms?""To answer these questions, many Java architects look to their application server's clustering features. This article looks at the kinds of features needed to develop robust J2EE applications and how JBoss 3.0, an open source J2EE application server, can be the solution of choice."
Miscellaneous Koha Library Management System Released (use Perl) Use Perl has an announcement for Koha version 1.2.1, Koha is a freely redistributable application for managing book libraries.
Desktop Applications Desktop Environments KDE 3.1 Alpha1: Brings New Eye Candy, New Features KDE.News looks at the new KDE 3.1 Alpha 1 development release. "This release sports everything from wonderful new eye candy to tons of popular new features including new and exciting "easter eggs" (aka bugs) just waiting to be discovered. Remember, this is not a stable release".
Bringing KDE Closer to Joe User's Desktop (OSNews) OSNews has posted a review of KDE 3. "It lacks two things: integration with the underlying system and UI polishing. Today, I will mostly talk about the polishing part, as a lot has been already said elsewhere about the seemingly unsolvable integration issue (because of the modularity and completely independant/remote software projects.) Update: And as I was just publishing this article, KDE 3.1-Alpha was released. I hope that some of my recommendations will make it to the final version of KDE 3.1."
Kernel Cousin KDE #40 Kernel Cousin KDE Issue #40 is out. Topics include KOffice Clipart, new artwork for Atlantik, printing issues, new OpenGL screensavers and an upcoming website on debunking KDE Myths.
Games Humongous Python (O'Reilly) Stephen Figgins writes about the use of Python by Humongous Entertainment. "While several game companies are now using Python in their games, Dawson says they are one of the few companies using Python as the base language of their game. "In most games, the game itself is written in C++ and they call out to the scripting language for a few triggers or AI events or something. With our games, and the Disney game Toontown, the executable is Python.exe. You boot up with a python script that starts the game, and it calls out the C++ modules to do the heavy lifting, like the graphics and sound. The game logic is written in Python, with the C++ off in the leaf nodes, instead of the reverse, which is much more common.""
Interoperability Wine release 20020710 A new developer release of Wine, dated July 10, 2002 has been announced. New features include:
Wine Weekly News The July 10, 2002 edition of the Wine Weekly News covers Winamp Plugins in XMMS, Wine DGA Input, Running Warcraft 3, Running AutoCAD R14, and more.
Office Applications AbiWord Weekly News #100 Issue #100 of the AbiWord Weekly News is out with the latest developments on the AbiWord word processor. Long-time editor Jesper Skov is contemplating stepping down in the near future.
Web Browsers Mozilla Status Update The Mozilla Status Update for July 11, 2002 is out. Work is being done on Mail/News, Java | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||