LWN.net Weekly Edition for November 6, 2003
Will the real Linux Gazette please stand up?
The Linux Gazette has been a fixture of the Linux community since its beginnings in 1995. The first issue, published entirely by John Fisk, introduced itself in this way:
The Gazette grew quickly, attracting new readers and new authors. By the fifth issue, mirrors were necessary; these were contributed by Phil Hughes (of SSC, the publisher of the Linux Journal) and Alan Cox. Putting out the Linux Gazette took time, however, and the project lapsed for some months in early 1996. When Issue 8 came out in August of that year, it carried the following announcement:
Once it came under the Linux Journal's wing, the Linux Gazette thrived. Over 80 issues were produced, on an approximately monthly basis, and the range of authors and topics seemed to increase every month. The Linux Gazette carried early articles by a number of well known community authors, including Joe Barr, Miguel de Icaza Chris DiBona, Jon 'maddog' Hall, Michael J. Hammel, Dwight Johnson, Evan Leibovitch, Dave Phillips, Alessandro Rubini, Doc Searls, Jamie Zawinski, and many others. And, of course, the infamous "Answer Gang" - though the Gang started small with Jim Dennis as the Answer Guy. Over the years, the Linux Gazette has remained true to its roots, providing high-quality, noncommercial information aimed at making Linux more fun.
The Linux Gazette has reached a fork in the road, however, which threatens to make things somewhat less fun for a while. The volunteer core which puts together the Gazette has announced that the publication is leaving SSC's embrace, and is striking out on its own. This group has put out an Issue 96 which includes a fairly strongly-worded editorial:
The dissidents have set up shop at LinuxGazette.net. Meanwhile, SSC continues to operate LinuxGazette.com, which has published an Issue 96 of its own. There are, in other words, two competing publications using the same name and even the same issue numbering scheme.
The core of the dispute is a decision by SSC to move the Linux Gazette to a modern content management system with reader forums, a constant stream of articles, etc. Phil Hughes explained the reasoning for this change to us:
To many in the Linux Gazette organization, the changes to the site went against everything the Gazette had always been: a high-quality, edited, carefully-selected, monthly publication which can be mirrored worldwide. Rather than be part of a publication which, from their point of view, has been thoroughly compromised, these people decided to leave SSC - and to take the Linux Gazette with them.
What will happen now is unclear. Having two publications each claiming to
be the "real" Linux Gazette seems unlikely to be good for either one of
them. The departing contributors have asked that the LinuxGazette.com
domain name be transferred to them, but that seems unlikely to happen.
According to Phil Hughes, "SSC will continue to run Linux Gazette and
it will continue to appear at www.linuxgazette.com.
" SSC does own
that domain name, and it has a seven-year history of publishing the Linux
Gazette (and employing its editor for most of that time); it could be hard to
find anybody with a stronger legal claim to the
right to use that name if it came down to a fight.
There have been signs that this disagreement could turn nasty, and some accusations have started to fly. These include stripped copyrights (since fixed, apparently) and censorship issues: the LinuxGazette.net Issue 95 mailbag contains a couple of letters which are missing from the LinuxGazette.com version. SSC has, by its own admission, been deleting posts on LinuxGazette.com that reference LinuxGazette.net, and has started making noises about trademark violations. Even so, most of the people involved seem to understand that neither the Linux community nor the Linux Gazette (either version) needs an ugly public feud. One can only hope that the relevant parties are able to keep that idea in mind as they carry their respective projects forward.
On Novell's acquisition of SUSE
As most readers will know by now, Novell has announced a deal to acquire SUSE Linux. Many of the details can be found in the associated press release; others came out during the press conference and afterward.SUSE was bought for $210 million in cash. The deal thus values SUSE at less than one tenth the market capitalization of Red Hat ($2.4 billion as of this writing, down somewhat after Novell's announcement). Since SUSE has never been a public company, information on its finances has been hard to come by; at the press conference, however, SUSE's revenues for this year were estimated to be between $35 and $40 million. Red Hat's revenue will be on the order of three times that figure. So SUSE truly is a smaller company, deserving of a lower valuation. The magnitude of the difference is striking, however.
The press conference was full of upbeat "forward looking statements" on how this acquisition positions SUSE as a proper competitor for Red Hat. Novell's large, global support and training operation was mentioned several times; indeed, having a business on that scale behind the distribution might just help nervous CIOs sleep better at night. Novell and SUSE also have high hopes for Novell's large sales (and reseller) channel. Of course, Caldera/SCO was also supposed to succeed based on its channel... Novell also wastes no opportunity to point out that it now has "the whole stack" of offerings, from the base operating system through its proprietary enterprise products.
SUSE currently has 399 employees. It appears that Novell plans, for now, to keep the technical staff around; there may be some reductions in the administrative area, however. Novell has stated that it is committed to maintaining SUSE's presence in Nuremberg.
Novell's management has learned to say the right things with regard to the open source community - though they accepted no questions from community publications at the conference. Novell, says CEO Jack Messman, "expects to learn a lot" from the SUSE engineers, and plans to continue to be a leader in the development community.
After the conference, we asked about Novell's plans in a couple of areas. Unlike Red Hat, Novell/SUSE does not plan to drop its retail distribution; instead, it will fire up its sales channels and try to create a much larger presence for all of SUSE's products, especially in the U.S. The situation with desktops is a little less clear. SUSE has long been a supporter of the KDE desktop, but Novell owns Ximian, which is rather firmly in the GNOME camp. Novell, apparently, doesn't yet know how it will resolve that difference; PR person Kevan Barney told us "We'll be evaluating how to proceed on the desktop front in the coming months."
The same press release announced that IBM is investing $50 million into Novell. The two companies will be negotiating other deals in the future for the continued support of SUSE Linux on IBM's platforms.
The long-term consequences of this deal could be large. Red Hat is no longer the biggest Linux distributor; it will now be competing with an established, large company with a huge installed base of customers. The upper end of the Linux distribution market looks increasingly like a duopoly controlled by two giants. Despite the wealth of distributions available to Linux users, only a very few of those distributions will ever develop the mass to be successful in the commercial arena.
It's also worth noting that, for the first time, one of the core Linux distributions is owned by something other than a community-based company. It is certainly possible for a large company like Novell to handle such a resource properly and not ruin SUSE's relationship with the development community that supports it. Novell does seem to be trying to do the right thing in this regard. This acquisition might just work, and it could turn out to be a good thing for everybody involved, but the Linux commercial landscape has a different look than it did last week.
Red Hat Linux ends - now what?
Red Hat's announcement earlier this week that it would be ending the Red Hat Linux product line should not be too surprising for those who have been reading the tea leaves -- or LWN. Red Hat announced the end of the Red Hat Linux product line in July, and merged the Red Hat Linux Project and Fedora Project in September. Still, the end-of-life announcement sent to Red Hat Network (RHN) subscribers this week seemed to catch some by surprise:
While Red Hat will continue to sell and support its enterprise line of products, users who have grown accustomed to the (relatively) inexpensive Red Hat Linux line and RHN support are now looking for other options. Users have about six months to decide what direction they want to go. RHN channels with updates for discontinued versions will remain available for at least six months after the end-of-life, but the April 30 date will be the end of new errata for regular Red Hat Linux products. RHN subscribers who are paid-up past April 30 will receive an evaluation ISO for Red Hat Enterprise Linux WS and channel access to updates for that distribution until their subscription expires. Red Hat is no longer allowing subscribers to extend their subscription past April 30, though subscribers can renew up until April 30 for $20.
The first option for Red Hat loyalists is Red Hat Enterprise Linux. Red Hat is offering introductory pricing for Red Hat Enterprise Linux WS or Red Hat Enterprise Linux ES; the deal is 50% off either product for up to two years, putting annual cost of the workstation product (WS) at $89.50 per system and the server product (ES) at $174.50 per system. This pricing structure, while not overly expensive for a single system, may not be popular with Red Hat users who have been maintaining multiple systems with Red Hat Linux.
Another likely choice for hobbyists and users who have grown fond of Red Hat Linux is the Red Hat Linux Project's successor: Fedora (which has just made its first core release). Fedora will likely replace Red Hat on many systems as Red Hat Linux 9 approaches end-of-life. However, many users are likely to be a bit wary about adopting Fedora as the project is still in its infancy and it has yet to be seen how well the project will evolve. Fedora will will also be a more volatile distribution, with each release being, essentially, a "dot-zero" version.
Users might also choose to move to derivative products like Tummy.com's KRUD, or KRUD Server. KRUD is based on Red Hat Linux and users can opt for a monthly subscription with updates via CD-ROM. A one-year subscription to KRUD will run users $65, a one-year subscription to KRUD Server is $190. This may be an attractive option to many users, since Tummy.com does not require a per-machine subscription. Thus, a KRUD subscription is usable on any number of machines, unlike subscriptions to Red Hat Enterprise products.
There are, of course, other distributions which will be more than happy to pick up customers left behind by Red Hat. Red Hat's termination of the "consumer" line of products may be a blessing for other commercial Linux distributions with a strong interest in the retail Linux market. SUSE, Mandrake Linux, Xandros, Lindows and other commercial distributors may pick up some of Red Hat's audience still looking to buy a supported retail product. Non-commercial distributions like Debian might gain users as well; see this week's Distributions page. In the commercial arena, Mandrake is still working to emerge from bankruptcy, leaving SUSE as the strongest contender for the retail market at this point, particularly with the backing of Novell.
Joseph Eckert, SUSE's Vice President of Corporate Communications, told us that he is optimistic about SUSE's prospects in the retail channel. He noted that SUSE has seen a jump in sales with the 9.0 release, though it has not been available for very long. Unlike Red Hat, SUSE's retail products still account for a significant portion of their overall sales. According to Eckert, SUSE expects between €35 million and €40 million in sales this year, with the SUSE's desktop products accounting for more than 50 percent of their business.
Eckert also said that SUSE has no plans to cancel its desktop products. "As Red Hat continues to distance itself [from retail products] we consider it a service to the community to keep the desktop alive...it's not just about the enterprise desktop, it's about making sure that our community of developers and enthusiasts are satisfied."
Indeed, it may be important for any vendor interested in the enterprise to keep developers and enthusiasts happy. Red Hat's decision to abandon retail products and focus solely on its enterprise products may help boost Red Hat's rivals in the enterprise market as well. Red Hat found its way into many organizations because that was what IT staff used at home. With some of Red Hat's user base looking at moving to different distributions, they may decide to bring those distributions into the workplace with them.
FCC "broadcast flag" approved
The U.S. Federal Communications Commission has approved the "broadcast flag" scheme put forth by the MPAA and its associates. Details can be found on the FCC site in the form of a news release and the actual order - both in PDF format.Why do we need a digital broadcast flag? From the order:
So "mass indiscriminate redistribution" is not a problem now, but preemptive action is the way of things in the US these days, so we have to mandate copy protection mechanisms for transmissions on our public spectrum.
The actual broadcast flag rule, as found in page 40 of the order document, states that a digital TV demodulator cannot send unprotected content to any output, except in a set of specific cases:
- Analog output continues to be allowed.
- Specific digital output formats which much maintain the presence of
the broadcast flag.
- Digital outputs are allowed if they are protected by an "Authorized
Digital Output Protection Technology." Encrypted output to devices
which also follow the broadcast flag rules is allowed as well.
- Output to a recording device is allowed - but, of course, that device,
too, must implement an "Authorized Recording Method."
- Digital output from computers is allowed as long as the resolution of the image is reduced to no more than 350,000 pixels per frame.
The FCC repeatedly asserts that home recording will not be affected by the broadcast flag. The rules, however, do place significant constraints on digital recordings. In particular, the resulting recording cannot be transferable to another device, or the recorder must be explicitly "authorized" by the FCC. The MPAA had pushed hard for the "authorization" mechanism to require, among other things, approval by at least two "major studios," but the FCC, at least didn't buy that. Instead, there will be an involved bureaucratic process where manufacturers of recorders have to show the FCC how their product will implement copy protection schemes.
Much debate evidently went into the specification of "robustness rules." The MPAA wanted an extensive set of regulations on things like "how content may be transmitted on data paths within Demodulator Products" and such, an an effort to make circumvention as difficult as possible. The FCC, however, concluded that a level of robustness sufficient to defeat an "ordinary user" would be enough. Interestingly, the FCC uses the CSS scheme used on DVDs as an example:
One might have just as easily concluded that a copy protection (and "region coding" price support) scheme like CSS was unnecessary in the first place, but the FCC wasn't willing to go there.
The resulting "robustness requirements" say that the broadcast flag scheme must be implemented in products in a way that can't be defeated or circumvented by "an ordinary user using generally-available tools or equipment." Examples of such tools, as listed in the regulation, include screwdrivers, jumpers, clips, soldiering irons, EEPROM writers, debuggers, and decompilers.
This rule will have an obvious effect on free software - under the broadcast flag provisions, there simply cannot be a free TV demodulator system. Even if somebody wrote a free system which implemented the broadcast flag restrictions, a source-available system clearly would not meet the "robustness requirements." The FCC report does, at least, note this problem:
Given that the FCC seeks further comments, the free software community would be well advised to provide them with those comments. The Electronic comment filing system can be used for this purpose (the docket number for the report is 02-230). The chances of getting any sort of free software exemption to the broadcast flag requirements appear slim, however. The MPAA might not have gotten everything it wanted out of the FCC - thanks to the efforts of the EFF and many others - but that organization remains the driving force behind the FCC's rulemaking.
Security
Brief items
Which OpenSSL are you running?
OpenSSL is a well-advanced project developing a free implementation of the Secure Socket Layer and Transport Layer Security protocols. The OpenSSL code can be used in many contexts, but the most prominent use is almost certainly in web servers which need to offer the "https" protocol. When you (hint...) type your credit card number at LWN.net, the OpenSSL code ensures that said number cannot be captured by eavesdroppers lurking between your browser and our server. OpenSSL is, in other words, a critical part of the net's infrastructure.The central role played by OpenSSL makes any security vulnerabilities in that package especially frightening. The software is widely deployed and exposed directly to the net, so holes can open up large numbers of systems to compromise. Sites using OpenSSL are also relatively likely to have something worth protecting, and are thus also relatively likely to be targets for certain types of crackers.
One would thus think that administrators of sites running OpenSSL would tend to stay current on their security updates. According to a survey run by Netcraft, however, one would be wrong. Netcraft looked at the advertised OpenSSL versions running on just over 50,000 web sites. Fully half of those sites were running version 0.9.6d (or earlier), which has vulnerabilities that are fully exploitable by a remote attacker. Only 1,356 out of 50,891 sites were running versions 0.9.6k or 0.9.7c, which were, at the time, free of known vulnerabilities (a vulnerability has since been found which can lead to crashes on Windows platforms). OpenSSL users, it would seem, have not been keeping up with their patches.
As Netcraft acknowledges, the above results are overly pessimistic. Security updates provided by distributors usually just backport the fix for the specific problem(s) to the (older) version of the software that was originally included in the distribution. So numerous sites which appear (to the outside) to be running vulnerable software are, in fact, up to date. Netcraft could have improved its numbers by seeing if an actual exploit worked on each system tested, but that approach to data collection has practical problems of its own.
The bottom line, however, is that there are certainly many vulnerable sites out there. The fact that widespread exploits have not happened suggests that the net is not quite as scary a place as it is sometimes made out to be. But, sooner or later, an opening of this magnitude will certainly be exploited. Whether it is used for some sort of unpleasant worm or for a credit card scam doesn't really matter. Either way, it will impair the trust in Linux, Apache, and network commerce in general. And it is entirely avoidable.
If you have systems running older versions of OpenSSL, it is past time to update them. The LWN vulnerability entry will point you at the relevant distributor updates.
New vulnerabilities
bugzilla: multiple vulnerabilities
| Package(s): | bugzilla | CVE #(s): | |||||
| Created: | November 5, 2003 | Updated: | November 5, 2003 | ||||
| Description: | Several new vulnerabilities have been found in bugzilla; these include a pair of SQL injection bugs (usually only exploitable by privileged users) and some information leaks. See this advisory for details; upgrading to versions 2.16.4 or 2.17.5 fixes the problems. | ||||||
| Alerts: |
| ||||||
CUPS: denial of service
| Package(s): | CUPS | CVE #(s): | CAN-2003-0788 | ||||||||||||||||
| Created: | November 3, 2003 | Updated: | March 4, 2004 | ||||||||||||||||
| Description: | Paul Mitcheson reported a situation where the CUPS Internet Printing Protocol (IPP) implementation in CUPS versions prior to 1.1.19 would get into a busy loop. This could result in a denial of service. In order to exploit this bug an attacker would need to have the ability to make a TCP connection to the IPP port (by default 631). | ||||||||||||||||||
| Alerts: |
| ||||||||||||||||||
postgresql: remote code execution
| Package(s): | postgresql | CVE #(s): | CAN-2003-0901 | ||||||||||||||||||||||||
| Created: | October 31, 2003 | Updated: | November 17, 2003 | ||||||||||||||||||||||||
| Description: | Two bugs leading to a buffer overflow in the PostgreSQL RDBMS, versions 7.2.x and
7.3.x prior to 7.3.4, were discovered. The vulnerability exists in the
PostgreSQL abstract data type (ADT) to ASCII conversion functions.
It has been conjectured that excessive data passed to the involved to_ascii_xxx() functions may overrun the bounds of an insufficient buffer reserved in heap memory, resulting in the corruption of heap based memory management structures that are adjacent to it. It is currently believed that under the correct circumstances an attacker may use this to execute arbitrary instructions in the context of the PostgreSQL server. The Common Vulnerabilities and Exposures (CVE) project assigned the id CAN-2003-0901 to the problem. | ||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||
Page editor: Jonathan Corbet
Kernel development
Brief items
Kernel release status
The current development kernel remains 2.6.0-test9; Linus has not done a kernel release since October 25.Patches do continue to accumulate slowly in Linus's BitKeeper repository. In keeping with the current policy, these patches are restricted to relatively important fixes.
Dave Jones has released a new version of his "Post-Halloween Document", which describes new features and things to watch out for in the 2.6 kernel.
The current stable kernel is 2.4.22. Marcelo released 2.4.23-pre9 on October 30; this patch backs out a couple of previous ACPI changes which had caused problems and includes some filesystem and driver updates. At this point, Marcelo is only accepting bug fixes for 2.4.23, so, with luck, we may see the first release candidate soon.
Kernel development news
Loading NDIS drivers into the kernel
Hardware manufacturers which refuse to release programming information are a constant source of frustration for Linux users. Without that information, writing a Linux driver is nearly impossible. As a result, Linux users are unable to use the hardware in question, and the vendor loses potential sales.A company called Linuxant has been offering a product called DriverLoader which is intended to relieve some of this frustration, at least for network devices. It is a kernel module that serves as a wrapper for Windows NDIS drivers. Using DriverLoader, a network device with a Windows driver can be made to function under Linux. There are, needless to say, a few objections that one could make to this product, one of which being that DriverLoader, itself, is not free software.
If the non-free nature of DriverLoader is your only objection, however, there is an alternative called ndiswrapper, which is licensed under the GPL. ndiswrapper is clearly in a very early stage of development, but, as its author (Pontus Fuchs) notes, "it works for me." With a bit of work, it could probably be made to work for a lot of other users as well.
The ndiswrapper module, when loaded, starts by registering a special purpose "misc" device; its only real reason for existing is to export an ioctl() call which can be invoked to load an NDIS driver. This call accepts the driver code from user space, performs the necessary relocation, and sets it up as Linux network device. In the modern world, using the register_firmware() interface might have been preferable to creating another ioctl() call, but that can always be done in the next revision.
Once the driver is loaded, ndiswrapper provides two separate glue layers to make the NDIS driver actually work. The first provides a set of net_device operations which can be invoked by the networking subsystem; these translate the requested operations into the calls that the NDIS driver will be expecting. At the other end, the wrapper code must provide emulation functions for a few dozen Windows routines that the NDIS driver will call. These map the requested operation (allocate an interrupt, remap I/O memory, feed a received packet into the kernel, etc.) back to their Linux equivalents.
All told, it is not a huge amount of code. The NDIS API is well enough documented that the requisite glue code could be written without a great deal of guesswork.
The wrapper approach to device support is far from optimal. Performance and reliability cannot be improved through the addition of glue layers, and many users will be unenthusiastic about shoving proprietary code - Windows code, even - into their Linux kernels. There is also the risk that hardware vendors might conclude that the existence of wrapper code frees them from the need to worry about Linux driver support at all. Against these disadvantages one can point out that the wrapper will enable Linux to be used on systems that would otherwise be inaccessible to it. This sort of wrapper module could also, with little effort, be turned into an ideal platform for the reverse engineering of unsupported hardware. A module like ndiswrapper may be a hard sell for the mainline kernel, but some users will certainly be glad that it is available.
The future of the Linux filesystem
The upcoming release of Microsoft's "Longhorn" version of Windows is two years off by the best estimates, but some people are beginning to worry about whether Linux will be able to compete with the features that Longhorn is promising. Even when factoring in the (often significant) differences between what Microsoft promises ahead of time and what it actually delivers, some feel that Longhorn might be good enough to be worth thinking about.The Longhorn feature that attracts the most attention is WinFS, a new filesystem. WinFS will push an SQL-based database management system into the filesystem layer, enabling users to use searches to find their files. With some attention to metadata, Longhorn users will be able to ask the system to find, say, all of their William Shatner MP3s or all images of Tux the penguin in a swimsuit. Applications will be able to set up their own schemas for their specific object types; if mail agents can agree on a email message schema, then users should be able to switch easily between them.
Making all of this work well could be an interesting challenge. Making applications work well on top of WinFS will be another one. Even so, some people get the sense that Microsoft might just come out with something that people will want to use. If Linux wants to be able to compete on the desktop, it may have to provide a WinFS-like interface too.
There are two projects out there which could provide something similar to WinFS's capabilities. Thankfully, neither one proposes to put an SQL query engine into the kernel.
One is ReiserFS, a topic which has been covered here before. Hans Reiser believes that the existence of any sort of storage layer above the filesystem implies that the filesystem itself has failed in its duty to organize information in the required way. His Naming System Venture paper describes a world where filesystems impose no structure on data, leaving that task instead to the user. A query language (not SQL) would enable files to be found via free-form searches. In the Reiser vision, everything - even complex databases - could be implemented directly in the filesystem.
The current state of ReiserFS is far from that vision. Work so far has concentrated on the infrastructure that will be necessary to implement the wider vision - and on the features that can attract funding for their development. The Reiser4 filesystem, which is in testing now, adds features like built-in transactions, even better small file performance, and a well-developed plugin architecture which makes it easier to add advanced features to the filesystem. The Reiser4 developers hope to get it into the 2.6 kernel, but it is not clear whether that will happen.
The other approach doesn't involve the kernel at all. The GNOME Storage project plans to "replace the traditional filesystem with a new document store," but, in fact, it is built on top of existing filesystems and operates entirely in user space. GNOME storage is accessed via (a modified version of) gnome-vfs, so it can operate in user space and be used by GNOME applications without modifying those applications. Underneath the hood, GNOME Storage uses PostgreSQL as its object store, though efforts are being made to make the system portable to other databases. GNOME Storage has an ambitious set of goals; see the features document to see where they are heading - and what has already been done.
Where either of these projects will end up is unclear at this time. What is clear, however, is that interesting work is being done in the area of Linux object storage. By the time Longhorn starts showing up on desktops, it might not be the only system with an interesting new approach to storing user data.
Patches and updates
Kernel trees
Architecture-specific
Core kernel code
Development tools
Device drivers
Documentation
Filesystems and block I/O
Benchmarks and bugs
Miscellaneous
Page editor: Jonathan Corbet
Distributions
News and Editorials
Time to move from Red Hat to Debian?
Are you thinking about removing Red Hat Linux from your servers and replacing it with something else? If so, you are not the only one. There seems to be an increase of current and ex-Red Hat users making discreet inquiries on the Debian and SUSE mailing lists, forum posts with less than flattering opinions about the recent changes at Red Hat, and even full articles explaining reasons behind contemplating such moves (see "Is There a Place for Debian in the Enterprise?" by NewsFactor and "Should I switch from Red Hat to Debian?" by Screaming-Penguin). Even the most devoted Red Hat users are unlikely to be immune to headlines such as "BREAKING NEWS: Red Hat To Drop Linux" by the usually calmer LinuxWorld.com. While things are rarely as bad as some sensationalist journalists make them look, it does help to analyze the complaints and list all the pros and cons before making that final decision.The main reason for users' dissatisfaction is simple - Red Hat wants us to pay for its products. As businesses go, this is not particularly unusual position to take - except that the world of Linux has created different expectations. Since version 1.0 (released in 1995) until version 7.3 (May 2002), Red Hat Linux was not only completely free for all, the company even provided errata, security and bug fixes for years after release. Updating a running server with the latest security patches required as little as registering for a free account and running up2date every time a Red Hat security advisory showed up in your inbox. For many system administrators life couldn't be any more pleasant!
But about a year ago, things started to change. As Red Hat increased the sales pitch for their enterprise class products while at the same time limiting the life-span of the free edition to 12 months and making it harder for non-paying customers to take advantage of the up2date service, many system administrators in small and medium-size businesses began voicing their concerns. The Red Hat Enterprise Linux (RHEL) products, priced from $180 to $2,500 per system are excellent choices for large enterprises with matching IT budgets, but what about the rest of us?
Let's look at some of the often cited concerns of those who are considering a move away from Red Hat:
- Fear of change. Fedora is a major change, an evolution of the much trusted
original Red Hat Linux. Any change of this magnitude is bound to create
uncertainty and confusion.
- Value for money. This is probably the most often raised concern: why pay
for RHEL? While most users are not opposed to rewarding Red Hat financially
for all their great work, many find RHEL overpriced for their needs. Do I
really need an $180 product to run a web, mail and file server?
- Fedora life span. Red Hat has made it clear that Fedora will have a fast
development cycle and a short life span. It will be up to the community to
continue supporting past Fedora releases with errata and security fixes.
- Fedora quality control. Indications are that Red Hat developers will spend fewer man hours on future Fedora releases than they used to on Red Hat Linux. Yes, the most critical features will still be developed by Red Hat, but some of the more mundane tasks will probably be handed over to the community. This is not to say that the Fedora community is not up to the task. But the new development model does create an aura of unaccountability - after all, it is "only" Fedora, not the "true" Red Hat (Enterprise) Linux.
First, the advantages:
- Freedom. Debian is a non-commercial entity, so you won't find any
restrictions on
Debian downloads and usage. There are no forms to fill in just to get the
latest security updates, and no newsletters promoting certification courses
or offering specials on professional products and services. The security
updates are available to all without restrictions and without having to wait
until paying customers disconnect from the servers providing the update
service.
- Stability. Debian's release cycle, at an average of about one stable
release every two years, is slow by any standard. Yet, this conservative
approach means that the releases are extremely well-tested and comparatively
bug-free.
- Popularity. According to this
report by Netcraft, "
Debian is the second most popular Linux distribution we find on Internet web sites, surpassed only by Red Hat, and leaving the likes of SUSE and Mandrake in its wake
". - Documentation and software. Debian has comprehensive, multi-lingual documentation, plenty of software and unmatched package installation and upgrade infrastructure.
- Installation and configuration. A lot has been said about the archaic
Debian installer, although the truth is that a skilled system administrator
has little to fear. Still, if you are used to Anaconda, the new reality will
not be pleasant. (This is about to change in the upcoming Debian Sarge
release, which will have a new installer - still text-based, but with many
new options, as well as hardware auto-detection.) System configuration is
done either by editing text files or by following text-mode apt-config
wizards.
- Printed manuals and books. While books on Red Hat are a dime a dozen in
every bookstore, the publishing houses tend to stay away from books
about Debian (or indeed about any other distribution). Books on Debian
do exist, however, if you look for them.
- Mailing lists. The Debian mailing lists, especially the developer ones,
tend to get rough from time to time. Try not to take offense when somebody
expresses their disagreement too bluntly.
- Learning curve. Those of you who have invested time and money into Red Hat certification programs will have to forget the Red Hat-specific parts of the program and learn how to do things the Debian way. Of course, most of the gained knowledge is general enough to apply to any distribution.
Distribution News
Red Hat / Fedora
The first release of the Fedora Core was made available on November 5, a couple of days later than planned. The release notes contain a great deal of information about the contents of this release and how to install it. See the download page to get a copy of the release. It you have trouble with the Red Hat FTP site, try a mirror site or use bittorrent.The Red Hat Linux Migration Resource Center is online to help people evaluate Red Hat's offerings as Red Hat Linux reaches its end-of-life. Support for RHL 9 ends April 30, 2004, sooner for older versions. Register to download the whitepapers or just browse the links to learn more about Red Hat Enterprise Linux and Fedora. (Thanks to Xose Vazquez Perez)
People who working on Fedora projects might want to take a look at Warren's Package Naming Proposal. "The
following is based upon current fedora.us package naming guidelines,
quickly edited and dramatically simplified because fedora.redhat.com no
longer needs many of fedora.us special considerations.
"
OpenBSD 3.4 Released
OpenBSD 3.4 has been released. As one might expect, this release includes many new security features; these include better protection against buffer overflow attacks, randomized locations for shared libraries, some protection against trojan horses in build scripts, and much more. See the announcement (click below) for the details.Debian GNU/Linux
The Debian Weekly News for November 4, 2003 is out. This week see what's happening with nonfree.org; Debian faster than Gentoo? revisited; System Recovery with Knoppix; Improving KDE Maintainership; Amendment of the Social Contract; and much more.Most people are probably aware that Debian developers have been voting on proposed amendments to the Debian constitution. It you would like more background, this post to debian-vote by Branden Robinson may help. The voting results are available, showing that of the options presented on the ballot, Option 1 was preferred by Debian developers.
Ben Armstrong attended an Open Source Education Foundation (OSEF) public meeting recently and reports on renewed ties between Debian Jr. and OSEF that should help both organizations accomplish many important and complementary goals.
Alex Perry reports on Debian events at Comdex in Las Vegas, Nevada. These include a Debian InstallFest on Thursday, November 20, 2003.
Gentoo Weekly Newsletter -- Volume 2, Issue 44
The Gentoo Weekly Newsletter for the week of November 3, 2003 is out. This week's edition notes that Embedded Gentoo is seeking developers.GNU-Darwin annual report at OSNews
The current annual report for the GNU-Darwin Distribution is now available at OSNews.com. "Recently, Apple's public source license was revised so that Darwin could be distributed as an FSF recognized free operating system, and we have modified Darwin in accordance with that goal, so that the GNU-Darwin developers now feel free to compete directly against "Linux" and other "open source" projects. In addition, GNU-Darwin continues to support the PowerPC platform and to help Apple users, who may be free software novices. Moreover, now that we have a free version of Darwin, our horizons are greatly expanded. Here we present our third yearly report."
Creating a Complete Distribution on CD (Linux Journal)
Linux Journal looks at the process of creating a Linux CD. "In creating a Linux distribution that can boot from a CD-ROM and doesn't need anything else, you are likely to encounter some challenges. The main problem is the root filesystem is read-only, but some files have to be created and/or modified. This stage concerns files in /dev, in /var and eventually in the user's home directory. The next challenge is to turn off everything you do not need, especially commands that try to create a file somewhere."
National Background Data Adapts Astaro for IT Security
Astaro has announced that National Background Data, LLC is deploying Astaro Security Linux for their perimeter defense needs, including protection of its critical SQL servers that run the company's data warehouse.KRUD Linux
tummy.com, makers of Kevin's Redhat Uber Distribution, are offering support for their flavor of Red Hat Linux through 2004. Those with production servers that need more time to migrate might find relief here.Mandrake Linux
Mandrake has a couple of bug fixes available for 9.2:- GConf; gnucash and possibly other applications, could crash.
- libbonobo; a bug could cause problems with various GNOME applications, and logging in properly, when the user's home directory was on a NFS-mounted share.
Slackware Linux
Slackware Linux has another round of bug fixes and upgrades in slackware-current. Some of the upgrades listed include epiphany-1.0.4, galeon-1.3.10, qt-3.2.2, gaim-0.71, mozilla-1.4.1, swaret-1.3.4, and abiword-2.0.1. As usual, the change log has complete details.
Minor distribution updates
Devil-Linux
Devil-Linux has released version 1.0 with Kernel 2.4.22 with FreeS/WAN and Netfilter patches applied, Kernel Security through GRSecurity, Almost all software compiled with the GCC stack smashing protector, and much more.Linux From Scratch 5.0 released
Version 5.0 of the Linux From Scratch distribution has been released. "This major milestone features a new method with strong emphasis on building a correct compilation environment and base libraries independent from the host system." The distribution's documentation - a major part of the appeal of LFS - has also seen significant upgrades.
Mindi Linux
Mindi Linux has released stable v0.87. Find the change log and downloads here.ThinStation
ThinStation has released v1.0.2. Changes in this version: "Thinstation 1.0.2(Many Authors & Contributors) Release Date: 05/11/03 * Added fix for samba and defining a local host, From Mike * Added libstd fix for vncviewer package, From Paolo * changed build script to use rm -Rf, From Paolo * Fixed ts.bat causing cramfs wrong magic error in ts.bat from Romano Trampus [trampus@univ.trieste.it] * Added new line to thinstation.conf, From Paolo * Updated loadlin to 1.6c, Fix from Roberto Wagner..." Download here.
Distribution reviews
Devil-Linux 1.0: The (hell)firewall (NewsForge)
NewsForge takes a look at Devil-Linux 1.0, which was released October 31. "X-window is not part of Devil-Linux. The only way you can browse the Web through it is with Lynx or another text-based browser. But the lack of an X-based graphical desktop is what makes it able to run at a decent speed directly from a CD."
Vector Linux 4.0 Review (OSNews)
OSNews has a review of Vector Linux 4.0. "Vector Linux is a distribution based on the oldest Linux distribution available today - Slackware. It comes in two flavours - a freely downloadable ISO 'lite' version (which I used for this review) and a Deluxe CD edition which can be ordered from www.vectorlinux.com. The deluxe edition includes extras such as Gnome and KDE, as well as a whole pile of extra software."
Page editor: Rebecca Sobol
Development
GTK-Gnutella
GTK-Gnutella is a Graphical GNOME client that is used for accessing the Gnutella Peer to Peer file sharing network.
Your development page editor had a chance to install and play with the latest version of GTK-Gnutella this week. From a network security standpoint, there is something rather unnerving about an application that starts up and immediately starts connecting to hosts all over the net, especially an application that is designed to share files from Your System. Fortunately, the application defaults to sharing no files. One UI component that is immediately obvious in its absence is an easily findable STOP button. By default, the application wants to continue to generate lots of network traffic, even if the operator only wants to get familiar with the many UI options.
Rationality was pushed aside, and the exploration of the utility commenced. It took a while to figure out that most of the functionality of GTK-Gnutella is controlled by the small command tree that's located in the upper left corner of the application. Further exploration revealed that the power of the application can be accessed by going into the search section and entering search terms.
A search was set for mp3, and the application was left running. After a while, there was a screen full of potential mp3 files to be downloaded. A file was chosen, and the application cranked away. A short while later, I had an MP3 file with the group Phish singing some Hebrew music. Serious time could be wasted on such an application.
Unfortunately, a good percentage of the available files appeared to be illegal copies of copyrighted material. One wonders, with all of the freely copyable music that's available these days, why one would go to the trouble to copy and distribute the commercial music that's so readily available from the usual distribution channels. Enter the DMCA. Perhaps the contributors would be well advised to become more familiar with some of the bands that allow taping, or the countless free music sites such as the IUMA.
A search for all jpg files located a ton of "T&A" images, not too surprising considering the percentage of Internet bandwidth that's dedicated to such stuff.
Content aside, this does look to be a utility with the potential for many interesting uses. The concepts behind the distributed storage network are quite fascinating. Although the aforementioned network connections look like they are generating a lot of traffic, the protocol has been optimized for minimum bandwidth usage. Just let it crank, possibly share some of your favorite files, and plug into a global network that's full of free content.
Version 0.93 of GTK-Gnutella has been announced this week on SourceForge. See the announcement for the list of changes with this version. Development help is needed for GTK-Gnutella, see the GTK-Gnutella development page for more information.
System Applications
Audio Projects
Planet CCRMA Changes
The latest changes from the Planet CCRMA audio utility packaging project includes new versions of MidiShare, Qjackctl, libsigc++, Gtkmm2, Scons, Cheesetracker, Fluidsynth, and more.
Database Software
PostgreSQL v7.4 Release Candidate 1
The first release candidate for PostgreSQL 7.4 is out. There is one major change between Beta5 and RC1 found so far, RC1 will no longer work with TCL8.0.x, due to a change to pgtclCmds.c.PostgreSQL Weekly News
The October 30, 2003 edition of the PostgreSQL Weekly News has been published, take a look for the latest PostgreSQL news and a report of the beta5 testing.QUASAR Persistence 1.3 released (SourceForge)
Version 1.3 of QUASAR Persistence has been announced. "QUASAR Persistence is an object-relational persistence-manager written in Java. Persistent objects and the corresponding or-mapping are described in a model. Instances of this persistence classes can interact with the database and can be queried with a language, that is oriented at the objectmodel. It has an open architecture, is J2EE conform, and can be run standalone or integrated in EJB application servers."
Mail Software
Spambayes version 1.0a7 is released
Version 1.0a7 of Spambayes, a Bayesian anti-spam filter, has been released. Numerous changes and bug fixes are included.
Networking Tools
iptables 1.2.9 released
Version 1.2.9 of iptables, part of the Linux firewalling subsystem, has been announced. "1.2.9 is (like most other 1.2.x releases) a maintenance release, containing lots of bugfixes that have accumulated over time."
Sync4j 1.1 released (SourceForge)
Version 1.1 of Sync4j, an open-source SyncML server and framework, has been announced. "Along with many bugs fixed, this release adds the following features: multimessage support, message processing pipeline architecture."
Web Site Development
moregroupware 0.6.9 has been released (SourceForge)
Version 0.6.9 of moregroupware, a web-based groupware package that was written in PHP 4, has been released. "The new release features a lot of changes, some of them have fundamental character. There have been bug fixes done to all areas of the application, and a lot of new features have been added."
Lindows.com Announces Mozilla-Based Nvu Web Publishing Software (MozillaZine)
MozillaZine covers an announcement that Lindows.com is starting a project to build a Web publishing product for Linux, based on Mozilla Composer and released under the Mozilla Public License.Open Guides (O'Reilly)
Kake Pugh explains Open Guides, a Perl-based web application for managing tourist guides for cities. "I meant it when I said I wanted to be able to find pubs. I want to find all pubs in Notting Hill that serve food and have a beer garden. The Open Guide to London must have this information! There's no obvious way to get to it directly, though. I may have to write some code."
Web Services
Invoking Web services with Java clients (IBM developerWorks)
Bertrand Portier discusses Java web services on IBM's developerWorks. "In this article, IBM developer Bertrand Portier describes the different types of Java Web services clients and explains how to write portable, vendor independent code. There are two families of Web services clients in the Java world: unmanaged and J2EE container-managed clients. The article starts by briefly describing the Web services invocation process and the Web services standards for Java environments. The two families of Java Web services clients are then described, including their similarities and differences for the two steps they need to perform: service lookup and access."
Desktop Applications
Audio Applications
Audacity 1.2.0-pre3 released
Version 1.2.0-pre3 of the Audacity sound file editor is available. "This version fixes all of the known major bugs in 1.2.0-pre2 and adds support for the VST Enabler. Everyone who is testing 1.2.0-pre2 or any previous beta version of Audacity (1.1.x) is encouraged to upgrade immediately."
Speex 1.1.1 Released
Version 1.1.1 of Speex, an audio CODEC package, is available. "This release adds a partial fixed-point port which can be enabled using the --enable-fixed-point option at configure time. Not all floating-point operations have been converted yet, but all the code should work."
Desktop Environments
Announcing KDE 3.2 Beta 1 'Rudi'
The first beta release of KDE 3.2 is now available. Code named "Rudi", this release has all the features you can expect to see in the final 3.2 release.KDE-CVS-Digest
The October 31, 2003 KDE-CVS-Digest has been announced on KDE.News. "In this week's CVS-Digest: Feature freeze instituted for 3.2 release. Groupware support merged, sort of. Many bug fixes, including 'enter closes completion popup' in Konqueror." The digest is available here.
XFree86 Independent Driver Releases
The XFree86 project has announced the availability of Independent Driver Releases. "These Independent Driver Releases help making plugging in the latest experimental driver try-outs all the easier in your base XFree86. This is a real bonus for those who only install full releases of XFree86 and just want to see what's new or those who are worried that the Snapshots are just a little too cutting edge and may leave an unstable XFree86 platform for them to use."
New releases of GNOME Commander, Straw and more (GnomeDesktop)
GnomeDesktop.org has a multiple announcement for new versions of Gnofract 4D, gThumb, GNOME Commander, Straw, Gammu, Gewels, and gLabels. For those who appreciate cool fractal images, Gnofract 4D is worth a quick install.
Desktop Publishing
Conglomerate 0.7.6 Released (GnomeDesktop)
GnomeDesktop.org reports on the release of Conglomerate 0.7.6, an XML editor that is aimed at the DocBook document type. "A fair amount has changed since the last release: there are plenty of new features which need testing. In particular, support for non-Roman scripts should be substantially better - we now support GTK Input Methods, and I believe I've fixed the last remaining multibyte character bug. Testers welcome!"
Graphics
GIMP 1.3.22 Released (GnomeDesktop)
GnomeDesktop.org covers the release of version 1.3.22 of the GIMP, the GNU Image Manipulation Program. "This release features lots of bug fixes and also has some new features like a dockable histogram and improved session management."
Interoperability
Wine Traffic
The October 31, 2003 edition of Wine Traffic has been published. Take a look for the latest Wine news.
Medical Applications
FreeB Initial Release (LinuxMedNews)
LinuxMedNews has an announcement for the initial release of FreeB. "The FreeB project is the only known Free and Open Source medical billing package in existence. Its importance to FOSS in medicine cannot be over-stated. Project leader Fred Trotter announces: 'FreeB was released today. FreeB is the only Free and Open Source Medical Billing Project that is designed to integrate with any Practice or Hospital Management System.'"
News Readers
leafnode-1.9.45 released (SourceForge)
Version 1.9.45 of leafnode, a caching Usenet news proxy, is available. "Leafnode 1.9.45 fixes a very old bug that let fetchnews confuse 'line that starts with a dot' and 'a line that consists only of a dot', leading to random error messages when the upstream server offered a group that started with a dot."
Web Browsers
Mozilla 1.6 Alpha Released (MozillaZine)
Version 1.6 Alpha of the Mozilla browser is available. "The Mozilla Foundation has just released Mozilla 1.6 Alpha, the first milestone of the 1.6 development cycle. Amongst its other enhancements, 1.6a features many Mail & Newsgroups improvements, including vCard support, an option to remove mail from a POP server after x days and a preference for placing the user's signature above quoted text when composing an email or newsgroup posting."
Minutes of the mozilla.org Staff Meeting (MozillaZine)
The minutes from the October 20, 2003 Mozilla.org staff meeting are online. "Issues discussed include facilities, FTP, CD sales, website traffic and the website beta."
Word Processors
AbiWord 2.0.1 released (GnomeDesktop)
GnomeDesktop.org covers the release of AbiWord version 2.0.1, which features a number of bug fixes.AbiWord Weekly News
Issue #168 of the AbiWord Weekly News has been published. "2.0.1 is now out, or atleast, by the time most of you read this. A new and exciting feature just hits head. And, a possible preemptive strike against SCO!"
Languages and Tools
Caml
Caml Weekly News
The October 28 - November 4, 2003 edition of the Caml Weekly News is available with more Caml language news.
Java
Scheduling recurring tasks in Java applications (IBM developerWorks)
Tom White shows how to perform scheduling in Java on IBM's developerWorks. "All manner of Java applications commonly need to schedule tasks for repeated execution. Enterprise applications need to schedule daily logging or overnight batch processes. A J2SE or J2ME calendar application needs to schedule alarms for a user's appointments. However, the standard scheduling classes, Timer and TimerTask, are not flexible enough to support the range of scheduling tasks typically required. In this article, Java developer Tom White shows you how to build a simple, general scheduling framework for task execution conforming to an arbitrarily complex schedule."
Use a consistent trace system for easier debugging (IBM developerWorks)
Scott Clee introduces his Java trace class on IBM's developerWorks. "When faced with a thorny bug, many developers use System.out.println statements to send status messages to the console so that they can more easily pin down the moment at which their program goes awry. But those statements slow down program execution and can be difficult to clean up once the code is ready for production; more to the point, they are more of a stop-gap measure than a truly consistent debugging system. In this article, Scott Clee introduces a tracing utility class that improves upon this debugging method."
Lisp
lgtk 0.0.3 released
Version 0.0.3 of lgtk, the Common Lisp bindings for the GTK toolkit, is out. This is the first public release for the project.
Perl
Perl 5.8.2 RC2 is out (use Perl)
Use Perl covers the release of Perl 5.8.2 RC2. "Perl 5.8.2 Release Candidate 2 has been uploaded to CPAN. I hadn't planned on RC2, but there have been a few significant tweaks since RC1, most notably in some library calls with threading."
Parrot 0.0.13 'Screaming Pumpkin' Released (use Perl)
Version 0.0.13 of Parrot, the Perl 6 virtual engine, has been announced. "Proposed originally as a fun release it has a remarkable list of improvements, additions, and fixes. While some milestones have not really been reached, there have been many steps towards getting these done."
This Week on perl5-porters (use Perl)
The October 27- November 2, 2003 edition of This Week on perl5-porters is online. "The big news of the week is of course the first release candidate of perl 5.8.2, the problems it solves, and the new problems it causes."
This week on Perl 6 (O'Reilly)
The October 26, 2003 edition of This week on Perl 6 is available from O'Reilly. Take a look for lots of Perl 6 language topics and techniques.
PHP
PHP 4.3.4 and 5.0.0 Beta 2 released
Two new releases of PHP are available. The description for version 4.3.4 says: "This release contains a fair number of bug fixes and we recommend that all users of PHP upgrade to this version."
The version 5.0.0 Beta 2 description says:
"This is the first feature complete version of PHP 5, and we recommend for PHP users to try it. PHP 5 is still not ready for production use!
"
PHP Weekly Summary for November 3, 2003
The PHP Weekly Summary for November 3, 2003 is out. Topics include: PHP 5 Beta 2, PHP 5, Windows DLLs, PHP 4.3.4 RC 3, LZO extension, Continuity SAPI, DOM and SimpleXML.PHP Web Services Without SOAP (O'ReillyNet)
Adam Trachtenberg explains how to use REST on O'Reilly. "Web services are hot these days, and SOAP gets a lot of the buzz. It's not the only game in town, though. REST advocates claim their approach is how the Web was meant to be. You decide. Adam Trachtenberg, coauthor of PHP Cookbook, demonstrates how to access Amazon.com's web services with PHP and REST; no special tools needed!"
phpDocumentor 1.2.3 is released (SourceForge)
Version 1.2.3 of phpDocumentor, a JavaDoc-like automatic documentation generator for PHP, has been announced. "This is a bugfix maintenance release. Only a few small bugs have been found and fixed."
Python
Dr. Dobb's Python-URL!
The Dr. Dobb's Python-URL for November 3, 2003 is out, with weekly news and links for the Python community.PEP 239: Generator Expressions accepted
Python PEP #239, entitled Generator Expressions, has been accepted into version 2.4 of the language. "This PEP introduces generator expressions as a high performance, memory efficient generalization of list comprehensions and generators."
Charming Python: Numerical Python (IBM developerWorks)
David Mertz explores Numerical Python and the newer Numarray on IBM's developerWorks. "Numerical Python (often called NumPy) is a widely used extension library for fast operations on fixed-type arrays, of any dimensionality, in Python. Since the underlying code is well-optimized C, any speed limitations of Python's interpreter usually go away when major operations are performed in NumPy calls. As successful as NumPy has been, its developers have decided to supercede NumPy with a new module called Numarray that is mostly, but not quite entirely, compatible with NumPy. In this installment, David looks both at the general features of NumPy and at the specific improvements forthcoming with Numarray."
Capturing the power of re.split
Simon Willison examines the use of re.split on his weblog. "The second tip is so powerful I've been kicking myself for not finding out about it sooner. It relates to the regular expression module's re.split() function. Just like string.split(), this lets you split up a string based on a certain token."
Tcl/Tk
This week's Tcl-URL
Dr. Dobb's Tcl-URL for November 5 is out with the latest from the Tcl/Tk development community.
XML
XML Schema Design Patterns: Is Complex Type Derivation Unnecessary? (O'Reilly)
Dare Obasanjo discusses XML type derivation issues on O'Reilly. "W3C XML Schema (WXS) possesses a number of features that mimic object oriented concepts, including type derivation and polymorphism. However real world experience has shown that these features tend to complicate schemas, may have subtle interactions that lead tricky problems, and can often be replaced by other features of WXS. In this article I explore both derivation by restriction and derivation by extension of complex types showing the pros and cons of both techniques, as well as showing alternatives to achieving the same results."
Page editor: Forrest Cook
Linux in the news
The SCO Problem
Gartner analyst scrutinizes SCO-Linux flap (SearchEnterpriseLinux)
SearchEnterpriseLinux.com is running an interview with Gartner analyst George Weiss. On the BayStar investment: "I can't say much more about it, other than that I think they're playing a strategic game of banking on intellectual property as an important revenue generator to drive up their stock price and then, if and when that should happen, to get out of the market, essentially, or sell themselves out to the highest bidder. My feeling was that the other part of the business was pretty much getting destroyed in the process. So it looks like an end game to me."
FSF General Counsel Eben Moglen on Cisco and SCO (NewsForge)
Joe Barr talks with Eben Moglen, General Counsel for the Free Software Foundation. "It is well known that the Free Software Foundation does not hold copyright in the Linux system kernel program. Linux is not part of the gnu project, which is why Mr. Stallman insists so much on the verbal distinction between GNU and Linux. Since we do not hold copyright in the Linux kernel, we do not enforce the GPL with respect to the Linux operating system kernel. Where, however, we believe the kernel is being distributed in a non-compliant fashion, that's an impediment to the full resolution of disputes about compliance where other free software foundation programs are involved, because we want the license respected as to all free software."
Companies
View from the Trenches: Goodbye SuSE? (Linux Journal)
The Linux Journal ponders the implications of Novell's acquisition of SUSE. "First, I think we're going to see a lot more support for Linux on the desktop, in terms of gee-whiz programs and interoperability and in terms of toll-free numbers we can call when things break. Second, Novell is going to need people to write all that code and man all those support desks (or to re-train the folks that already do). This will be a fine shot in the wallet for us penguinheads."
Is Novell-SuSE deal a brilliant Big Blue power play? (ZDNet)
Here's a ZDNet column describing IBM's involvement in the acquisition of SUSE as a move against SCO. "One of the companies (IBM) is the subject of a giant lawsuit from the company that claims to own the intellectual property rights to the technology in Linux. The other is a company that, dating back to its UnixWare days, is rumored to still have just enough Unix intellectual property rights to be immune to the wrath of SCO. The customers of these two companies want some assurances, and the CTO of Novell wants to provide them in the way of solid stack interoperation and issue-free intellectual property rights."
Interviews
Doctor prescribes Linux for more reliable networks, lower cost (DesktopLinux)
DesktopLinux.com interviews Dr. Martin Echt, a Cardiologist who moved his 200-user network to Linux-based thin clients. "After commissioning a feasibility study, Dr. Echt concluded Linux thin clients were his company's long term strategy to counter rising licensing costs and would scale to meet future technologies. With system integrator Lille Corp. onboard to facilitate the move from Microsoft to Linux, CCA has realized cost savings. Hear the practical reasons why Dr.Echt picked Linux."
Reviews
Open source network administration with MRTG (NewsForge)
This NewsForge article looks at MRTG, the Multi Router Traffic Grapher. "MRTG relies on SNMP version one, and optionally SNMP version two, to obtain data from routers or other network hardware. MRTG sends SNMP requests every five minutes and stores the responses in a specialized data format. This format allows MRTG to present the daily, weekly, monthly, and yearly graphs without the data files forever growing larger. It does this by summarizing the older data as necessary. The graphs themselves are created in Portable Network Graphics (PNG) format and can be included in Web pages or used in other applications."
Outside Looking In: The BSD Operating Systems (eWeek)
eWeek examines the BSD variants. "BSD software, in any variety, is stable, extremely flexible, arguably better tested, more secure. At the same time, those things also mean that it tends to be less bleeding edge, slower to come out with new features, and more difficult to initially install."
TimeSys expands tools strategy (LinuxDevices.com)
LinuxDevices.com takes a look at new tools from TimeSys. "TimeSys claims its TimeStorm Linux Tool Suite is now the first to support the entire embedded Linux development cycle -- including kernel and driver development, BSP development, target configuration, board bringup, application development, and system debug, test, and validation -- regardless of the kind of Linux used."
Page editor: Forrest Cook
Announcements
Non-Commercial announcements
Ask questions to the candidates running for the GNOME Foundation elections (GnomeDesktop)
GnomeDesktop.org has posted an announcement concerning the upcoming GNOME foundation election. "We want the GNOME community to be involved in the GNOME Foundation, and one way to involve you is to allow you to ask questions to the candidates running for the GNOME Foundation elections. Here's your chance to know what the candidates think about what is concerning you."
Shirts for Germany (GnomeDesktop)
GnomeDesktop.org has published an announcement concerning the search for a German GNOME T-shirt design. "The german GNOME community is currently looking for designs for their GNOME Shirt 2004. This shirt is going to be worn on Linux/Free Software events in and around Germany by the people who are representing GNOME in their booth."
wxWindows forms an IP protection organization
The wxWindows project, an open-source, cross-platform user interface framework, has announced the creation of the wxWindows Software Foundation. "The wxWindows Software Foundation is a non-profit organisation set up to promote and protect wxWindows' interests. We are very pleased to have help from Mitch Kapor, OSAF, Borland and others in setting up the foundation." See this letter to wxWindows users for more information on why the foundation was created.
Commercial announcements
American Express adopts Linux
Netcraft reports that www.americanexpress.com migrated its web server from AIX to Linux last week.SuSE and Epcom announce Linux Training Partnership
SuSE and Epcom have announced that they have formed a Linux training partnership. "Epcom Corporation, a leader in educational and consulting services, and SUSE LINUX today announced that Epcom has become the founding SUSE training partner in North America -- adding the complete SUSE LINUX curriculum to its suite of software and systems development courses."
Voting Solutions to Release Voting Software under Open License
Voting Solutions, LLC, in association with The Center for Voting and Democracy (CVD), has announced plans to release ChoicePlus Pro under an open source license and development agreement.
New Books
Samba-3 Book Release
Prentice Hall has published the book The Official Samba-3 HOWTO and Reference Guide. "The book is written through a collaboration among the core developers of the Samba-Team and expert end-users, with Samba-Team Co-Founder John H. Terpstra as one of the book's lead editors."
"Spidering Hacks" Released by O'Reilly
O'Reilly has published the book Spidering Hacks by Kevin Hemenway and Tara Calishain. "'Spidering Hacks' takes you to the next level in Internet data retrieval--beyond search engines--by showing you how to create spiders and bots to retrieve information from your favorite sites and data sources."
Resources
LDP Weekly News
The November 5, 2003 edition of the Linux Documentation Project Weekly News has been published, take a look for the latest new documentation.LPI-News October 2003
The LPI-News for October 2003 is now available with news from LPI-UK and much more.IEEE and Open Group launch POSIX certification program
A new POSIX Certification Program has been launched by the IEEE and The Open Group.
Upcoming Events
Darl McBride to speak on "no free Linux"
Those of you in Las Vegas for Comdex or ApacheCon may want to head over to the Mandalay Bay (after sufficient fortification) to hear Darl McBride's talk entitled "There's no free lunch - or free Linux". The press release, at least, gets closer to SCO's real issue: "McBride will also explore how the information technology industry - software, hardware, networking and services -- depends on money passing from one hand to another, asserting that the livelihood of engineers and developers rests on paid models, even as those developers donate time to free projects such as Linux." The question and answer period could be fun.
Boston Desktop Linux Event
A Desktop Linux event will be held near Boston, Mass. on November 10, 2003. Thanks to Bruce Perens.Linux.Conf.Au 2004
Linux.Conf.Au 2004 is coming in January. Take a look at the list of keynotes, activities, tutorials, and papers that will be presented.Desktop Linux Conference Program is complete
The program for the Boston area Desktop Linux Conference, on November 10, 2003, has been finalized. Click below for details.EGOVOS 3 has been canceled
The EGOVOS 3 event, which was scheduled for November 24-26, 2003 in Paris, France has been cancelled.Linux user group to hold installfest (The Age)
The Age reports that the Linux Users of Victoria will hold its annual installfest on November 29, 2003.Events: November 6, 2003 - January 1, 2004
| November 6, 2003 | Netherlands Unix Users group fall conference | (Conference Center De Reehorst)Ede, the Netherands |
| November 8, 2003 | Lightweight Languages 2003(LL3) | (MIT)Cambridge MA |
| November 10 - 11, 2003 | Congreso Nacional de Software Libre(CONASOL) | (Universidad de Talca)Talca, Chile |
| November 14 - 16, 2003 | Third International Ruby Conference | (Red Lion Hotel)Austin, Texas |
| November 15 - 21, 2003 | Supercomputing Conference(SC2003) | (Phoenix Civic Plaza Convention Center)Phoenix, AZ |
| November 16 - 19, 2003 | ApacheCon 2003 | Las Vegas, Nevada |
| November 20 - 21, 2003 | ObjectWeb Conferenc3 | (INRIA Rocquencourt)Rocquencourt, France |
| November 22, 2003 | Southern California Linux Expo(SCALE) | (Los Angeles Convention Center)Los Angeles, CA |
| November 22 - 24, 2003 | New York GNOME Summit | (Brooklyn College)New York, NY |
| November 24 - 26, 2003 | Open Standards and Libre Software in Government Conference (CANCELLED)(EGOVOS 3) | Paris, France |
| November 26 - 27, 2003 | Forum PHP Paris 2003 | (Club Confair)Paris, France |
| December 9 - 13, 2003 | International Conference on Logic Programming(ICLP'03) | Mumbai (Bombay), India |
Software announcements
This week's software announcements
Here are the software announcements, courtesy of Freshmeat.net. They are available in two formats:
- Sorted alphabetically,
- Sorted by license.
Miscellaneous
IP lawyer turns patent foe, gets grant funding
Bruce Perens writes: "Dan Ravicher used to be an intellectual property attorney at Patterson Belknap and Tyner, a prestigious NY City law firm. He left the firm to pursue challenging abuses of the patent system, and got grant funding to do that."
Action on IBM's motion to compel
According to Groklaw, there was a conference on Halloween day before the judge in the SCO/IBM case regarding IBM's motion to compel SCO to make its claims specific. A second conference has been set for November 21, with oral arguments on the motion scheduled for December 5, if need be. "It looks like the judge is putting SCO on notice that they have a real deadline now, and should they fail to meet the November deadline without a mighty good excuse, the Motion is already set for oral arguments. She could instead have said that she wanted both sides to report back to her in November and then she'd see what to do. Instead, she set a firm date for oral arguments, so it's a kind of a warning that they've delayed as long as they can get away with."
IBM's reply memo to SCO
Groklaw has posted a copy of IBM's reply memorandum supporting its motion to compel discovery in the SCO case. "Put bluntly, SCO's public relations efforts are at odds with its conduct in this litigation. SCO has made repeated, public accusations of IBM's supposed misconduct, while refusing to disclose its alleged evidence to IBM. Either SCO has evidence to support its accusations or it does not. If it does, IBM is entitled to see it now; if it does not, IBM will be entitled to dismissal of this case." The whole thing is worth a read; IBM's lawyers clearly do not intend to let SCO off the hook.
Page editor: Forrest Cook
Letters to the editor
Three (more) things that need fixing for Linux to work on the desktop
| From: | Paul Sheer <psheer-AT-icon.co.za> | |
| To: | letters-AT-lwn.net | |
| Subject: | Three (more) things that need fixing for Linux to work on the desktop | |
| Date: | 05 Nov 2003 11:42:15 +0200 | |
| Cc: | psheer-AT-icon.co.za |
Yesterday I tried to listen to a radio station over streaming audio
that happens to only broadcast in an adjacent province. The
procedure on an Apple or Windows box is as simple as doing a
double-click on the URL. Under RedHat, I assumed that my expertise
(i.e. rute.2038bug.com) would be sufficient. Here is the procedure:
1. Right click on the URL to copy the link location
2. Do a google search to try figure out what kind of
Free application would play this. Mplayer seemed like
the thing.
3. Read through the install guide and download three
rpm files.
4. Installed only to discover they had bad signatures.
5. Read through the rpm man page to learn how to turn
off signature checking.
6. One of the rpm's was corrupted. Rpmfind.net revealed
an alternative copy.
7. Try to install again, but now it seems I need the SDL
library >= 1.1.7
8. Located, downloaded and installed libSDL 1.1.7.
9. SDL library needs to be over version .so.1.2
10. located the latest SDL library, downloaded, and
installed.
11. Install mplayer rpm's with the --nosignature option
12. Read the mplayer man page.
13. Run mplayer with mms://<site>:8080 as required.
14. mplayer says something about its cache and sits
there for 10 minutes producing no sound.
15. Check my sound modules, run aumix, and test that
sound is working fine with,
play /usr/share/sounds/KDE_Beep_Beep.wav
16. Search mplayer man page for anything about "cache"ing
17. Run mplayer with a smaller cache option.
18. Mplayer says "ASF file format detected" ...
"Cannot find codec for audio format 0xA."
19. In the mplayer FAQ section under "2.1.2.4. WMA/ASF files"
there is no text, and the mailing list archives do not
have much about it.
I mean no disrespect to the Mplayer developers: they have done a
truly outstanding job. This is a systemic problem to do with
proprietary-ness of formats. It is also simply a matter of fact
that: on an Apple or Windows machine I simply double-click, whereas
on Linux, I spend over four hours fiddling, and still cannot listen
to this really nice radio station.
The industry will *always* be coming out with new formats,
hardware, and protocols. How is the Free software community
going to keep up?
I had the identical problem with a Logitech camera (although with a
bit of kernel hacking I managed to get it to work: 16+ hours later).
An HP USB scanner I bought I could not get working (unsupported by
Sane: 2 hours) and resorted to installing Windows just to scan stuff
in (1 hour install, 30 minutes to get the scanning working).
Most of the sites *I* visit work perfectly under either Konqueror,
Mozilla or Opera; BUT most of the sites my trancing 16-year-old
cousin visits are completely unreadable with anything except IE.
They have so much javascript, flash, audio, etc. they don't even
come up at all.
Any company that is considering donating money to "Open Source"
needs to have a serious look at these issues above any others. It is
insufficient to look at Linux "on-the-desktop" from the perspective
of an Emacs user. A critical mass of users is surely going to
require such basic features as I have described.
And I haven't even got started discussing the deficiencies in
OpenOffice *sigh*. Stay tuned....
-paul
I *want* linux support but *not* support requiring a GUI.
| From: | Duncan Simpson <duncan-AT-commercialuk.com> | |
| To: | letters-AT-lwn.net | |
| Subject: | I *want* linux support but *not* support requiring a GUI. | |
| Date: | 30 Oct 2003 10:45:44 +0000 |
In the old days on linux 0.99pl13 and the like, buggy hardware was often
deemed to "work" even if it did not work with linux---for evidence it
did not work I use mess-dos. Every time the hardware proved broken in M$
DOS too. Now can you say it does not work in linux and not get laughed
at 98% of the time. This is an improvement.
However the UPS example shows how limited and clueless vendor support
is. Programming information should be provided too. A windows style UPS
control application is *useless* on the servers I would want to protect,
which do not have X11 or anyone logged in and are not going to get
either just for a UPS.
Instead I want a small *non GUI* scriptable solution that can be relied
upon to shut my system down cleanly when the power outage requires it.
There have been times when I tried the vendor solution and not was it
unsuitable but also did not work. Fortunately there was a free, light
weight small, appropriate alternative piece of software for that UPS
(made by APC, I think).
Hopefully vendors will get the clue about that serious un*x servers,
especially paranoid firewalls and embedded boxen, do not do users or
GUIs eventually. My servers usually do not have a web admin interface
either---instead I use root shells via an ssh connection (and, in
extremis, 80x24 text mode on the console). For an audit trail all have a
log book which *should* record all authorised changes, symptoms and
steps taken to solve a problem.
Page editor: Jonathan Corbet