LWN.net Weekly Edition for December 18, 2003
Looking forward to Fedora Core 2
Commercial Linux distributions have provided much of the driving force behind the increasing adoption of free software. These distributions tend to be high-quality products, and most Linux users end up running one of them. One disadvantage of commercial distributions, however, has typically been the relatively closed nature of their development process. It is hard to know where a distribution is going until the next release arrives; consider how surprised many Red Hat users were when the expected Red Hat Linux 8.1 release turned into Red Hat Linux 9 with a number of disruptive changes. This situation is not unique to Red Hat; of the commercial distributions, only Mandrake has really gone out of its way to open up its development process to its users.The evolution of Red Hat Linux into Fedora has changed things. Red Hat may still guide Fedora with a firm hand, but the process is now being carried out in a relatively open manner, with input from the wider community. As a result, it is possible to develop a reasonable idea of what will appear in the Fedora Core 2 (FC2) release, which is now scheduled for April 5, 2004.
From the beginning, FC2 was destined to be based on the 2.6 kernel. It will thus likely be the first big-name distribution to be truly committed to 2.6, rather than just offering it as an option. There may be a backup 2.4 kernel available for systems that simply can't run 2.6, but its use will probably be rare.
FC2 is not stopping at adopting 2.6, however; this distribution will also be set up to use the NSA Security Enhanced Linux (SELinux) subsystem. SELinux is packaged with 2.6 (as a Linux security module), but actually making use of it is not just a matter of turning it on. SELinux is based on a complex, rule-based mandatory access control mechanism which requires that a whole set of rules and policies be created. To this end, Red Hat has hired Russell Coker, who got his start in this area doing SELinux work for Debian. Russell's SELinux work will show up in FC2, and, after the Fedora users have shaken out the bulk of the problems, in the Enterprise Linux Advanced Server products.
FC2 will also include full IPSec support, given that the requisite protocol support exists in 2.6. Not everybody is happy with the choice of IPSec-Tools for configuration and management, however.
A big issue on the fedora-devel list was whether GNOME 2.6 would make it into FC2. Nobody spoke against the idea, but Fedora leader Michael Johnson did point out one issue with GNOME and Fedora: how their respective schedules work together. GNOME tries to make releases every six months, while Fedora is trying to go a little faster than that. The result is that, sooner or later, Fedora will miss a major GNOME release and spend a few cycles catching up. Recent discussions suggest, however, that GNOME 2.6 will be in FC2. The FC2 release schedule should allow the developers plenty of time to incorporate the imminent KDE 3.2 release as well.
Web browsers are a topic of conversation. It may be hard to remember that, only a few years ago, the only real browser alternative for Linux was the proprietary Netscape 4.x release - and we were glad to have it. There are now so many browsers available for Linux there there is no real hope of including them all. For FC2, it looks like the choices may be Konqueror, Epiphany, and Mozilla. In the future, when Mozilla Firebird stabilizes somewhat, it may replace Mozilla "classic" in Fedora.
There have been a fair number of requests to drop sendmail in favor of a more secure mail transfer agent. Postfix would appear to be the preferred replacement. There does not appear to be a whole lot of desire within Red Hat to change the system's MTA, however, so sendmail looks likely to hang around for a while yet.
One user requested a natively-compiled version of the Eclipse development environment. That wish appears likely to come true; the FC2 schedule states that a number of Java components, compiled with GCJ, are on the list to be incorporated into the distribution.
There is a fair amount of interest in a "bare-bones" installation mode. A minimal install could be used for old and small systems, or as a base platform for a subsequent network install (much as Debian installations can be done). This "bootstrap" install option may well show up in FC2.
Some desired packages will be kept out as a result of licensing issues. Thus valgrind, though often requested, is off the list; it apparently suffers from software patent problems. MySQL 4.x is also an interesting problem; with the 4.x release, the license on the MySQL libraries was changed from the LGPL to the GPL. That change makes it harder to write proprietary applications using the libraries, which can be a concern for distributors (UserLinux is coping with similar issues). The MySQL 4.x library license, however, also blocks the use of MySQL with PHP, which has a GPL-incompatible license. A MySQL/PHP adaptor, as a derived product of both systems, cannot be distributed. So MySQL 3.x will likely be in Fedora Core for a while yet.
The actual Fedora Core 2 release will doubtless contain some surprises. But it will be, by far, the most open release ever to come out of Red Hat. This visibility into the development process will give Fedora users the opportunity to be better prepared for future releases (a good thing, since quick upgrades will be required to keep getting security patches) and to have some influence on how the distribution is developed. It is too soon to say whether Fedora will be a success, but the new approach to its development is already showing some benefits for its users.
A look at Thunderbird 0.4
Now that Thunderbird has reached its 0.4 milestone, we thought we would take it for a test drive and see how far the new email and newsgroup client has come. The conclusion is that Thunderbird is indeed maturing into quite a nice email client.
Setting up Thunderbird is as simple as uncompressing a tarball in the
directory you'd like Thunderbird to live in. Configuring Thunderbird is
likewise an easy task, and it only takes a minute or two to have the client
![[Screenshot]](https://static.lwn.net/images/ns/thunderbird-sm.jpg)
up and ready to send and retrieve email from the default account. Like most
modern email clients, Thunderbird allows users to set up multiple email
accounts if they wish to do so.
One of the more exciting features with Thunderbird is adaptive spam filtering. Users can tag email as "junk" and Thunderbird will try to automatically determine which incoming email is spam in the future. This feature is not on by default, so the user will need to enable the junk folder and features.
Thunderbird's adaptive junk mail controls aren't perfect (yet), but after only using Thunderbird for a little more than a week, I found that it was catching on pretty quickly. Thunderbird didn't tag all of the spam I received as junk, but it didn't tag any of my legitimate email as junk after a few days. While some may be annoyed when they see spam slip through Thunderbird's filter, I'm much happier to know that it does very well at avoiding false positives. There is also a junk mail log, so users can follow which messages have been tagged and moved. I would recommend using the Junk folder rather than deleting messages for at least a few weeks.
As the developers point out in the release notes, the default interface for Thunderbird has matured since the last release, and is looking very nice. If the default theme isn't quite right, Thunderbird allows the user to choose custom themes instead. Right now there are about twenty themes available for Thunderbird. Installation of themes is easy, though it's still necessary to restart the application once you've installed a new theme.
Themes aren't the only thing that's changeable. One of the nicest features of Thunderbird is the ability to add extensions to the application. One of the goals for Thunderbird was to stay "small and unbloated," which is a laudable goal. However, most users will differ on the features which are necessary, and the features that should be considered bloat. Extensions allow users to modify Thunderbird's feature set to their liking; available extensions include a calendar, external application launchers, "splitter grippies," a calculator, an offline operation mode, and numerous others. Installing extensions in Thunderbird is as simple as downloading an extension and running the "Install New Extension" wizard.
By default, (unfortunately) Thunderbird's message composer is set to send mail in HTML format rather than plain text, but this behavior is easy to turn off. If a user prefers to send HTML-formatted email, or if certain recipients prefer to receive HTML-formatted email, Thunderbird allows the user to set specific domains that will receive plain-text or HTML email. However, at this point this feature only works if the user has Thunderbird set to compose HTML email by default. It would be nice if this worked both ways, so a user could send grandma HTML emails by default and avoid getting flamed by accidentally sending HTML email to a mailing list.
Another welcome feature in Thunderbird is customizable message views. Users are able to view messages according to a wide range of criteria, which makes it very easy to sort through your inbox. For example, the user can choose only to view messages with attachments, or only messages sent by people who are in their address book. Thunderbird includes only a few preset filters, but users can create others of their own.
One of the few gripes I have with Thunderbird is that it only allows the user to import mail from Communicator 4.x clients. If the user wishes to switch from Pine, Evolution, Outlook, Eudora, Sylpheed or any number of other mail clients, there is no automated tool with Thunderbird to help with the task. A simple utility to import email stored in mbox format would be a nice addition, and might help Thunderbird add to its user base.
It should also be noted that the application isn't entirely stable. It did crash during testing a few times though it didn't lose any messages or important data. Note that I experienced crashes during testing before installing any extensions, so it wasn't the addition of third-party code that caused the problems. The interface is also a bit slow, even on a fast machine. Often, it takes a few additional seconds for dialog boxes to disappear completely and for new windows to appear. Of course, one does not normally expect perfection from such an early release.
Overall, however, Thunderbird is a well-designed mail client, and is quite usable for an application that is only a 0.4 release. I expect that as Thunderbird matures, the stability will improve even further and that the speed of the interface will also be improved. Thunderbird should be acceptable for daily use for users who are looking for a different mail client. Though I only tested the Linux version of Thunderbird, there are also builds for Windows and Mac OS X for users of those platforms.
The continuing Linux Gazette saga
We first reported on the dispute over the direction and management of the Linux Gazette back in November. Since then, the Linux Gazette has tended to resemble a forked development project; both LinuxGazette.com (at SSC) and LinuxGazette.net (where the departing editors set up shop) remain online. Both have published an Issue #97 for December. Each maintains its own "Answer Gang." And both claim to be the real Linux Gazette. Behind the scenes, however, things have been happening.There have been repeated charges that LinuxGazette.com has been censoring its forums to keep them free of criticism of SSC's actions. SSC, it would seem, has dealt with that issue by eliminating the forums altogether. Most of the forum posts will, evidently, be simply deleted.
SSC has sent a letter claiming trademark rights over the name "Linux Gazette" and requesting that ownership of the LinuxGazette.net domain name be forcibly transferred. Over at LinuxGazette.net, they respond that no trademark was ever transferred to SSC when it started running the Linux Gazette, and, in any case, the Linux Gazette is a noncommercial operation. In the U.S., trademarks are for commercial use and cannot be obtained for names which are not used in a commercial setting.
Rick Moen, of LinuxGazette.net, took the time to track down John Fisk, who founded the Linux Gazette back in 1995. In his response, Mr. Fisk betrays a clear desire to not get drawn into the current dispute. He also states, however, that he had no intent to transfer any sort of trademark rights to SSC when he let SSC take over operation of the Linux Gazette.
In other words, the waters have been well and truly muddied. If the rights to use the "Linux Gazette" name end up being the subject of a legal battle, it is hard to predict what the eventual result would be. One can predict, however, that such a fight would not be good for either Linux Gazette, the people who contribute their articles, or the community as a whole.
It's that time of year
For the sixth year in a row, LWN has put together its annual Linux Timeline. We've gone over the events of the last year, sorted out the most significant happenings and quotes, and put them together in a concise, informative, and (we hope) fun form. Have a look and relive the last year in the Linux world - some of which even doesn't involve SCO.The next Weekly Edition will be published on December 24, one day earlier than usual, in anticipation of the Christmas holiday. There will be no Weekly Edition the week of January 1; the front page will continue to be updated, however, and we may put up a feature article or two. We will return to our regular schedule on Thursday, January 8.
Security
Brief items
Spam-proofing the mail system
One of the major problems with Simple Mail Transport Protocol (SMTP) is that it allows email senders to forge information about who they are. The lack of sender authentication allows unscrupulous users to send email that appears to come from a domain other than where it truly originates. Spammers use this 'feature' to disguise their email and to cause any bounces or responses to be handled by someone else.There are several proposals for combating this problem that are currently being worked on; we will describe some of them below. Before we do, however, a bit of a review on how SMTP currently works is in order.
When a host wants to send mail, it looks at the DNS Mail Exchanger (MX) record for the destination domain and makes a connection to the host that is indicated. The sending host identifies itself, the email address of the sender of the message, and the address of the recipient of the message to the destination host via SMTP messages. This is known as the envelope of the message and, if it is accepted by the destination host, the sender proceeds to send the body of the message. The message body contains RFC822 headers (From:, To:, Subject:, etc.) that are used by Mail User Agents (MUAs) to identify the message to users. SMTP servers traditionally do not do any kind of checking on the envelope data they receive, believing that other hosts will not deceive them. Any part of the envelope and RFC822 headers can be forged (except, of course, the recipient in the envelope). Obviously, SMTP has its roots in a much friendlier Internet where trusting other hosts was the norm.
Recently, Yahoo announced an initiative that is meant to combat spam called Domain Keys. Technical details are somewhat sketchy, but the basic idea is that the DNS records for a domain would include a public key. Email that originates from that domain would use the corresponding private key to encrypt some data (it is not clear exactly what, but a cryptographic hash of the message contents would seem an obvious choice) that would be placed in an email header. Mail Transfer Agents (MTAs) that received the message could decrypt it using the public key in the DNS record and if the decrypted value was correct, the MTA would know that the message originated from the domain that was claimed.
Sender Permitted From (SPF) is a proposal to add information to the DNS records for a domain specifying what machines legitimately send email for that domain. This information is the reverse of the MX record, rather than specifying hosts that receive email for the domain, they specify hosts that send it. This would allow MTAs to check the IP address of the sender and the host name provided in the SMTP envelope along with the SPF information in DNS to determine whether that IP address is a legitimate sender for that domain. (LWN covered SPF in more detail last October).
The Trusted Email Open Standard (TEOS) is a wide-ranging proposal that has three implementation steps and would eventually allow for third-party certification of email messages as coming from a trusted source. This scheme would operate in some ways like the SSL Certificate Signing Authorities; an MTA could verify that a message came from a source trusted by the third party. The first step that TEOS proposes is similar to the Domain Keys proposal; it would provide a way to authenticate email senders. The second stage adds the ability for senders to make assertions about the contents of the email, saying, for example, that it contains advertising or an opt-in mailing, or that the sender and recipient have a business or family relationship. Users would be able to filter the mail based on the assertions (or lack thereof). If the sender incorrectly categorizes a message, the authentication will not allow the blame to be shifted elsewhere, providing a large incentive to be truthful when making the assertions.
The Tripoli proposal envisions an entirely new email infrastructure, at first running in parallel with the current SMTP-based system, but eventually supplanting it. The underlying principle is that the receiver of email should have greater control than any of the other parties involved, including the sender, ISPs that transmit the email, or governments. The system proposed would eventually have end-to-end encryption for all email traffic. Associated with each email would be a cryptographic token that is certified by a third-party to a particular level of authentication; email recipients could then choose the level of authentication that they wish to require and can reject any messages that fall below this standard.
These proposals are a testament to just how problematic and widespread the spam problem has become. The scope of some of these proposals, particularly TEOS and Tripoli, show how far some people are willing to go to try and combat it. Adding third-parties to email sending could have a number of security and privacy concerns and would almost certainly add a cost to sending email. If that cost breaks the current economic model of spamming, however, it may be effective, but it would also impact lots of other bulk email uses today (legitimate mailing list traffic, opt-in newsletters and the like). On the other hand, Domain Keys and SPF could be circumvented by spammers willing to create throwaway domains that conform to the requirements. Once the domains are identified as spam domains, they can be added to blacklists, of course, but there have been any number of problems with that particular solution as well. Authenticating senders might help track down spammers, but until the risk of detection and the cost of conviction are greatly increased, it is likely to only slow things down and perhaps not by much.
It should be interesting to watch the battle over our email inboxes play out over the next few years. It may well be that one or more of these proposals is adopted (or some combination of them) by a significant portion of email users and providers. Unfortunately, in the meantime, less technical email users are suffering at the hands of the spammers to the point where email is no longer a useful communications medium for many.
New vulnerabilities
lftp buffer overflows
| Package(s): | lftp | CVE #(s): | CAN-2003-0963 | ||||||||||||||||||||||||||||||||||||||||||||||||
| Created: | December 15, 2003 | Updated: | February 13, 2004 | ||||||||||||||||||||||||||||||||||||||||||||||||
| Description: | According to this advisory versions of lftp prior to 2.6.10 are vulnerable to two exploitable buffer overflow problems. Both occur when you connect to a web server with lftp using HTTP or HTTPS, and then use lftp's "ls" or "rels" commands on specially prepared directories on the web server. | ||||||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||||||||||
xchat: remotely exploitable denial of service vulnerability
| Package(s): | xchat | CVE #(s): | |||||
| Created: | December 15, 2003 | Updated: | December 17, 2003 | ||||
| Description: | There is a remotely exploitable bug in xchat 2.0.6 that could lead to a denial of service attack. This is caused by sending a malformed DCC packet to xchat 2.0.6, causing it to crash. Versions prior to 2.0.6 do not appear to be affected by this bug. For more information, please see this advisory. | ||||||
| Alerts: |
| ||||||
Resources
December CRYPTO-GRAM newsletter
Bruce Schneier's CRYPTO-GRAM newsletter for December is out. It looks at whether the Blaster worm caused the August 14 blackout (he thinks it may have), electronic voting, and products using quantum cryptography. "I don't have any hope for this sort of product. I don't have any hope for the commercialization of quantum cryptography in general; I don't believe it solves any security problem that needs solving. I don't believe that it's worth paying for, and I can't imagine anyone but a few technophiles buying and deploying it."
Page editor: Jonathan Corbet
Kernel development
Brief items
Kernel Release Status
The current development kernel is 2.6.0-test11; there has been no development kernel release since November 26. Linus continues to accumulate small, critical patches in his BitKeeper repository, but appears to be waiting for Andrew Morton to return to the scene for the preparation of the next release, be it another -test kernel or the real 2.6.0.Andrew did release 2.6.0-test11-mm1 on December 17. The -mm tree now contains a full 300 patches, ranging from small fixes to new drivers and major subsystem work. Andrew has indicated that at least some of the patches in -mm will find their way into the mainline after 2.6.0 comes out.
The current stable kernel is 2.4.23; Marcelo has not released any 2.4.24 prepatches since 2.4.24-pre1 on December 10.
Kernel development news
Lustre 1.0 released
Linux-based clusters would appear to be the future of high-performance computing. No other approach can combine the power and flexibility of the Linux system with the economic advantages of using commercial, mass-market hardware. For many kinds of problems, a room full of racks of Linux systems is by far the most cost-effective way of obtaining high-end computing power. For other sorts of tasks, ad-hoc "grid" computing networks promise the ability to offer computing power on demand from otherwise idle systems.Making these clusters work and scale well is more than a simple matter of plugging them all into a network switch, however. Distributing data around a cluster can be a hard task; often, data transfer, rather than computing power, is the limiting factor in system performance. Faster networking technology can help, but what is really needed is a reliable way of making tremendous amounts of data available to any node in the cluster on demand.
With the announcement of Lustre 1.0, the Linux community just got a new tool for use in the creation of high-performance clusters. Lustre is a cluster filesystem which is intended to scale to tens of thousands of nodes and more stored data than anybody would ever want to have to back up. It offers high-bandwidth file I/O throughout the cluster while suffering from no single points of failure that could bring your expensive cluster to a halt. Luster 1.0 is licensed under the GPL, and is currently available for 2.4 kernels; a 2.6 version should be coming out before too long.
The Lustre filesystem is implemented with three high-level modules:
- Metadata servers keep track of what files exist in the cluster,
along with various attributes (such as where the files are to be
found). These servers also handle file locking tasks. A cluster can
have many metadata servers, and can perform load balancing between
them. Large directories can be split across multiple servers, so no
single server should ever become a bottleneck for the system as a
whole.
Lustre supports failover for the metadata servers, but only if the backup servers are working from shared storage.
- Object storage targets store the actual files within a
cluster. They are essentially large boxes full of bits which can be
accessed via unique file ID tags. Linux systems can serve as object
storage targets, using the ext3 filesystem as the underlying storage,
but someday specialized OST appliance boxes may become available from
the usual vendors. Object storage targets are stackable, allowing the
creation of virtual targets which provide high-level volume management
and RAID services.
The object storage targets are also responsible for implementing access control and security. Once again, failover targets can be set up, as long as the underlying storage is shared.
- The client filesystem is charged with talking to the metadata servers and object storage targets and presenting something that looks like a Unix filesystem to the host system. Typical requests will be handled by asking one or more metadata servers to look up a file of interest, followed by I/O requests to the object storage target(s) which hold the data contained by that file.
A key part of the Lustre design is failure recovery. Each component keeps a log of actions that it has committed - or attempted to commit. If a server (metadata or object storage) falls off the net, the other nodes which were working with that server remember the operations which were not known to be complete. When the server comes back up, it implements a "recovery period" where other nodes can reestablish locks, replay operations, and so on, so that it can return to a state which is consistent with the rest of the cluster. New requests will be accepted only after the recovery period is complete.
Lustre uses the Sandia Portals system to handle communications between the nodes. A full Lustre deployment will also likely involve LDAP and/or Kerberos servers to handle authentication tasks.
The 1.0 release may have just happened, but Lustre has been handling real loads for some time. According to this press release from Cluster File Systems, four of the top five Linux supercomputers are running Lustre. The press release also claims that a Lustre deployment achieved a sustained throughput of 11.1 GB/second, which is rather better than most of us can get with NFS.
The 2.6 version of Lustre has not yet been released, but should be available soon. Apparently there have already been talks with Linus about getting Lustre merged into the 2.6 kernel. Before too long, that shrink-wrapped Linux box in the local computer store may come with a high-end cluster filesystem included.
Linux for little systems
Matt Mackall has picked up a new project: making the 2.6 kernel work on very small systems. This is, he says, "an area Linux mainstream has been moving away from since Linus got a real job." To this end, he has released a tree called 2.6.0-test11-tiny which incorporates a large set of patches aimed at slimming down the kernel. It's worth a look as an expression of just what needs to be done if you want to run Linux on small systems.
So what's required? The -tiny patch includes, among others, the following:
- Building the kernel with the -Os compiler option, which
instructs gcc to optimize for size. This option results in a smaller
kernel; interestingly, there have also been reports that -Os
yields better performance on large systems as well, since the
resulting executable has better cache behavior.
- The 4k kernel stack patch cuts the runtime per-process memory use
significantly.
- Various patches shrink the size of internal data structures to their
minimum values. Target structures include the block and char device names hash
tables, the maximum number of swapfiles, the maximum number of
processes, the futex hash table, CRC lookup tables, and many others.
- For truly daring users, the -tiny kernel has an option to remove
printk() from the kernel entirely, along with its associated
buffers and most of the strings passed to printk(). The
space savings will be considerable; you just have to hope that the
kernel has nothing important to tell you. Strings for BUG()
and panic() calls can also be removed.
- Various subsystems which are not normally optional become so. With
the -tiny kernel, it is possible to configure out sysfs (which can
take a lot of run-time memory), asynchronous I/O,
/proc/kcore, ethtool support, core dump support, etc.
- Inline functions are heavily used in the kernel; they can improve performance, and, in some situations, the use of inline code is mandatory. Excessive use of inline functions can bloat the size of the kernel considerably, however. The -tiny kernel includes a patch which makes the compiler complain about the use of inline functions, allowing a size-conscious developer to find which ones are invoked most often.
There are almost 80 separate patches in all. Matt claims that his kernel, when configured with a full networking stack, fits "comfortably" on a 4MB box, which is, indeed, considered small these days. Matt has some ambitious future plans, including cutting functionality out of the console subsystem and (an idea that is sure to raise some eyebrows) making parts of the kernel be pageable. It remains to be seen whether things will get that far, but there is no doubt that making Linux work on small systems is a worthy goal.
Patches and updates
Kernel trees
Core kernel code
Development tools
Device drivers
Documentation
Filesystems and block I/O
Memory management
Benchmarks and bugs
Miscellaneous
Page editor: Jonathan Corbet
Distributions
News and Editorials
LindowsOS or Xandros Desktop?
Earlier this week, two almost simultaneous release announcements from Lindows.com and Xandros Corporation provided some entertainment during the otherwise quiet, pre-holiday season. Lindows.com's LindowsOS 4.5 and Xandros Corporation's Xandros Desktop 2.0 are in many ways similar products with a more or less identical target market. If you still need a Christmas present for a less technically inclined member of your family or if you find it hard to make a decision whether to get one or the other, then this brief feature comparison might be of help.Installation.. Both LindowsOS and Xandros Desktop provide easy system installation in no more than a few clicks. Both have excellent auto-detection of most hardware, including hundreds of digital cameras and many wireless network cards. However, the Xandros installer is a lot more sophisticated in its advanced mode - it allows partition resizing, custom software selection, user setup and even some advanced security configuration. It detects an existing Xandros installation and offers an upgrade path while preserving user data and settings. In contrast, the LindowsOS installer is primitive even in its "advanced" mode, with the only available choice being an option to specify a partition to which to install the operating system. LindowsOS 0, Xandros 1.
First impressions. While developers of both products have clearly done many usability studies to make migration from Windows as easy as possible, LindowsOS has been more imaginative in this effort. A series of well-presented audiovisual tutorials on various subjects is a good example of that. On top of it, Lindows.com arguably employs more talented graphics designers, a fact that is further enhanced by the availability of stunning scenic desktop backgrounds, beautiful icons and a matching default desktop theme. Although Xandros does have an advantage in providing a more comprehensive printed manual, this round will have to go to LindowsOS for its combination of an eye-catching desktop, innovative tutorials, and jargon-free product guides easily palatable by even a less technically skilled audience. LindowsOS 1, Xandros 0.
Applications. Earlier versions of LindowsOS were criticized for having a very limited set of available applications out of the box. This has improved in version 4.5, with previously absent OpenOffice.org, CD burner and certain multimedia applications, such as RealPlayer, now provided without having to subscribe to the $50-a-year Click-N-Run service. Still, Xandros Desktop 2.0 comes on two CDs with a larger range of applications. It is also more up-to-date with KDE 3.1.4 (as opposed to KDE 3.0.1 in LindowsOS 4.5) and OpenOffice.org 1.1.0. It can't be a coincidence that LindowsOS 4.5 ships with an older OpenOffice.org 1.0.3, while it uses every opportunity to promote the non-free StarOffice 7. LindowsOS 0, Xandros 1.
Online updates. One of the strong points of LindowsOS is its excellent Click-N-Run (CNR) service for one-click software installation and updates. Perhaps inspired by CNR, Xandros has a similar service, called Xandros Networks. Although not as sophisticated as its LindowsOS counterpart, it does the job of installing applications, and it does it so for free (installing certain applications requires free online registration). Nevertheless, the CNR service is better designed with comprehensive package information, options to group applications into software "aisles" for batch installation and availability of many interesting commercial applications and games at greatly reduced prices. We'll give this round to LindowsOS: LindowsOS 1, Xandros 0.
Special features. Both LindowsOS and Xandros are quick to point out many unique characteristics of their products. The latest LindowsOS comes with a SIPphone, an Internet telephony application (see this screenshot) which allows users to place free telephone calls anywhere in the world. SIPphone requires a broadband connection to be effective, but our brief tests with the application showed excellent voice quality. The catch? The phone calls can only be made to a physical SIPphone, a product by Lindows.com's sister company SIPphone, Inc, or another user running LindowsOS. Other new features in LindowsOS 4.5 are remote desktop sharing and a Google-powered web page search and translation service nicely integrated into Mozilla's right click menu.
Xandros, on the other hand, has focused its development on the excellent Xandros File Manager, providing many pleasant features. These include drag-and-drop archive creation and audio ripping, seamless file sharing across mixed networks and integrated drag-and-drop CD burning. The "switch user" feature is a convenient tool for quick desktop switching between several virtual desktops. The Deluxe Edition also comes with CrossOver Office and Plugin for running certain Windows applications under Linux. This round ends in a draw: LindowsOS 1, Xandros 1.
Price. LindowsOS costs $49.95 (download) or $59.95 (retail package), while Xandros sells for $39.95 (Basic Edition) or $89.95 (Deluxe Edition). The cost of LindowsOS is slightly misleading, because it costs additional $49.95 per year to join the CNR service, without which the product isn't nearly as much fun. However, after joining CNR, all future product updates, including newly released ISO images are free as long as the CNR membership is maintained. Still, the $39.95 Xandros Desktop Standard Edition is probably a better value, especially since it includes a lot more software than LindowsOS and it does not require regular payments. LindowsOS 0, Xandros 1.
Conclusion. Even after comparing many aspects of the two products, it is still hard to pick a winner. Xandros has a superior installer, more software and is better value for the money, while LindowsOS has more eye-candy, imaginative tutorials and the excellent Click-N-Run service. Some users might also value certain non-technical aspects of these products - those interested in online interaction with other users will find LindowsOS forums more active, while others might prefer to support a company that contributes back to the Linux community; unlike Xandros, Lindows.com sponsors several open source projects, such as Gaim. The innovative SIPphone application might be another good reason to prefer LindowsOS. But some might be put off by a constant barrage of anti-Microsoft propaganda found in Lindows.com newsletters and press releases, with more court battles with the Redmond software giant over the name "Lindows" coming up in the near future.
Both LindowsOS 4.5 and Xandros Desktop 2.0 are excellent distributions that won't disappoint.
Distribution News
White Box Enterprise Linux 3.0 released
White Box Enterprise Linux 3.0 is available. "Take the freely available SRPMS for Red Hat's RHEL3, strip out the trademarks required by the license and some other obvious references, go through a few compile/test cycles and you get White Box."
Immunix Releases Latest Secure Linux Operating System
Immunix has announced the release of the Immunix Secure OS 7.3 Linux server operating system with integrated host intrusion prevention technologies. "In early November, Red Hat Linux announced that they would discontinue maintenance support of Red Hat Linux 7.x and 8.x at the end of December 2003. Immunix will offer security updates for the Red Hat-compatible Immunix 7.3 through March of 2005."
LindowsOS 4.5 Launches
Lindows.com Inc. has announced the immediate availability of LindowsOS 4.5 with support for English, Spanish, French, Italian, German, and Portuguese.Xandros Desktop Operating System
Xandros, Inc. announced the general availability of version 2 of the Xandros Desktop OS.Gentoo Weekly Newsletter - Volume 2, Issue 50
The Gentoo Weekly Newsletter for the week of December 15, 2003 is out, with a summary of the December 1st Gentoo Managers' Meeting, and much more.Debian GNU/Linux
The Debian Weekly News for December 16 looks at the remaining issues for getting CVS back online, installer status, a problem with the new Debian stable update CDs, Debian Spain, and more.Branden Robinson has announced the availability of anonymous, read-only, public access to the X Strike Force Subversion repositories.
Joey Hess reports on the status of the new Debian installer.
Registration is still open for Debian Miniconf taking place January 12 - 13, 2004 in Adelaide, South Australia.
Fedora Core 2 schedule posted
A release schedule for Fedora Core 2 has been posted. The Fedora hackers are going to be busy; this schedule anticipates putting together a distribution with the 2.6 kernel, SELinux, GNOME 2.6, KDE 3.2, and much more, and making the final release available on April 5.End of Life for Red Hat Linux 7.1, 7.2, 7.3, 8.0
Red Hat has sent out a friendly reminder that the end of life for most Red Hat Linux products is almost here. After December 31, 2003 there will be no security fixes or other errata for Red Hat Linux 7.1, 7.2, 7.3 and 8.0.Slackware Linux
The slackware-current changelog shows upgrades to GIMP, CUPS, syslinux and Perl among the other upgrades and fixes. There are also lftp and cvs security fixes available for both current and stable.Mandrake Linux
Mandrake has updated gaim packages that restore MSN support, available for Mandrake Linux 9.1 and 9.2.Fedora updates
Fedora Core 1 has bug fixes and updates available for net-snmp and redhat-config-printer.
New Distributions
PCLinuxOS
PCLinuxOS is a live CD based on Mandrake 9.2. Data on the CD is uncompressed on the fly, allowing up to 2 GB worth of system and programs on one CD including a complete X server, KDE 3.1.4 and Gnome 2.4, and large packages like OpenOffice 1.1final and Mozilla 1.5 plus plugins. Since it runs solely off the CD, PCLinuxOS can be used as a portable Linux demo or system rescue disk, but its completeness makes it a good general purpose desktop as well. PCLinuxOS should work on most modern computer hardware. PCLinuxOS 2K4 Preview 4 is currently available for download.SACIX
SACIX is a Debian-based distribution for São Paulo's public computer labs, the telecentros. (Thanks to Konrad Holzbauer)SCMLinux
The SCMLinux distribution provides a minimal, secure, and redundant architecture for those who seek a software configuration management system. It includes a rewrite of CVS version 1.11.6 with problem reporting functionality. Version Alpha was released December 11, 2003.
Minor distribution updates
Buffalo Linux
Buffalo Linux has released v1.0.4 with major feature enhancements. "Changes: Major improvements include an improvement in login security/actions, a major cleanup of printer devices, numerous help pages, a Christmas theme, and installation cleanup. This release uses CUPS 1.1.20 and GIMP 1.3."
CDLinux
CDLinux has released v0.4.7 with major feature enhancements. "Changes: This version incorporates SysV-like init scripts, NIC autoprobing, netfilter, better CJK support, and many other features."
Coyote Linux
Coyote Linux has released v2.03 with major feature enhancements. "Changes: This release includes the 2.4.23 kernel, iptables 1.2.29, and thttpd 2.24. It includes the chat program and several updates to the Web-based administrative interface to simplify firewall rule generation."
CRUX
CRUX has released v1.3 with minor feature enhancements. "Changes: The default kernel is now 2.4.23. About 70 packages were updated, such as GCC 3.3.2, Perl 5.8.2, Sendmail 8.12.10, and Firebird 0.7."
Damn Small Linux
Damn Small Linux has released v0.5.1.1 with minor bugfixes. "Changes: The AA font option has been removed from Fluxbox. The dsl-hdinstall script cleans up some left over files. The fluxbox menu selected X-setup error has been fixed. A bbpager/enhance bug has been fixed."
DeLi Linux
DeLi Linux has released v0.5 with minor feature enhancements. "Changes: delisetup was enhanced, and it is now a complete administration tool. mc was replaced with the smaller mc-MP. Some cleanup was done. Bugfixes were made."
Feather Linux
Feather Linux has released v0.2.2 with minor feature enhancements. "Changes: Sambahas been added. An sshd setup script, hard disk install script, and Opera download script have been added to the menu. A "run command" option has been added to the menu; it uses fbrun. naim icon fixed. Monkey Web server startup has been fixed. A keymap selection has been added to the X11 configuration script."
floppyfw
floppyfw has released stable v2.0.8 with minor security fixes. "Changes: Upgraded to kernel 2.4.23 and iptables 1.2.9."
PLD RescueCD
PLD RescueCD has released v1.90 with major feature enhancements. "Changes: Based on the modern distribution PLD AC/NEST. Boot process and hardware detection were improved. Now it requires an i386 PC with only 16 MB of RAM. Booting from IDE, SCSI, USB CD-ROM, or disk was implemented. The kernel was updated to 2.4.23 with many new modules (e.g. SATA, a driver for the Eagle 8051 Analog, and improved NTFS). 243 packages were updated in this release. 53 new packages were added (e.g. chntpw, dar, dhcp, disktype, e2salvage, hotplug, mtools, ntfsprogs, oidentd, and tinyproxy)."
Distribution reviews
Reviews of some Debian-based distributions (OSNews)
OSNews has a series of reviews on commercial Debian based distributions, covering, including Lindows, Libranet and MEPIS. From the introduction: "The criteria for these reviews will be a bit unusual. I am looking intently at some things that other reviewers don't seem to care about, while many aspects that ordinarily get covered in a review will be brushed over, if I mention them at all. For instance, ease of installing the OS is a non-issue for me. It took me a while to get here, but I believe I can install any modern OS, given enough time and motivation. I don't care if it has a GUI, or command line, or is carved in mud with a sharp spoon. All I ask is that it work. I will only describe the installation if it causes problems." (Found on Debian Planet)
Introducing PCLinuxOS 2K4 (MadPenguin)
MadPenguin reviews PCLinuxOS 2K4, a new Mandrake based live-CD distribution. "Applications on PCLinuxOS are not lacking at all. As a matter of fact, this is the most complete live Linux distro I have ever seen in terms of applications. As a matter of fact, I would go as far as saying that it is the perfect blend of packages in any distro today. This CD was obviously built by someone who understands the desktop and the way it should be built. Well, at least understands the way I think it should be built. After all, I cannot speak for everyone and their individual tastes. For me, this distro has the applications to satisfy my daily needs with little modification."
Migrating to Astaro Security Linux (LinuxJournal)
Linux Journal covers this migration tale. "Facing a time-consuming and expensive upgrade process, Lloyd found an ideal solution: he turned to an all-in-one security product. Lloyd set up his own network at home where he downloaded a free 30-day trial of Astaro Security Linux. "To meet my own firewall requirements for my Linux- and Windows-based network, I investigated several open-source solutions. I looked at SmoothWall, IPCop and Astaro, among others, and as I investigated the features offered by each, I found that with Astaro I could turn an inexpensive server into an all-purpose security appliance", he said."
Slackware Linux - Back to Basics (DistroWatch)
Here's a review of Slackware on DistroWatch.com. "Despite the lack of cute and cuddly graphical tools, many system administrators swear by Slackware and would use nothing else. Why? Because they understand Unix and it makes sense to them. Because they can learn the nuts and bolts of the operating system (if nothing else, running Slackware is educational). It should also be mentioned that Slackware is fast, stable and secure. And besides all that, graphic utilities are for wimps."
Page editor: Rebecca Sobol
Development
The Double Choco Latte Project Management System
Double Choco Latte is an open-source project management system, it is one component of the GNU Enterprise (GNUe) collection of business-related software tools.
![[DCL]](https://static.lwn.net/images/ns/dcl.jpg)
Double Choco Latte is a web-based system. The software requires PHP 4, a web server, an SQL database, and a web browser for its use. See the Requirements document for details.
DCL assists in project management by providing work orders and call center tickets. It can be used for tracking project history and other statistics. See the features page for some examples, and the screenshots page to see the software in action.
Double Choco Latte is being used for general project management, task and time management, customer call tracking, bug tracking, order fulfillment, and call logging. The list of users shows many examples of companies who are using the software.
The online documentation for DCL is somewhat out of date, Up and Running with Double Choco Latte gives a project overview, and the Developer Documentation delves into the internals.
Version 0.9.4 of Double Choco Latte
was announced this week.
"After many months, DCL 0.9.4 has been released.
This is a major release for many reasons.
" The
release notes contain a detailed list of changes as well as this
summary:
"Many bug fixes, security fixes, and enhancements, including web-based setup, SCCS integration support, moved all menus to phpLayersMenu, significant changes to UI, and much more.
"
System Applications
Audio Projects
Planet CCRMA Changes
The latest changes from the Planet CCRMA audio utility packaging project include updates to CM/CLM/CMN, Cmucl, JACK, Hydrogen, JAMin, QJackctl, Gmorgan, Alsaplayer, Xosd, Sndlib, Mammut, and more.
Database Software
MySQL 4.0.17 has been released
Version 4.0.17 of the MySQL database has been released. "This is a bugfix release for the current production version."
phpMyAdmin-2.5.5-rc2 is released! (SourceForge)
Version 2.5.5-rc2 of phpMyAdmin is out. "This is the second release candidate for 2.5.5. A few problems were discovered and fixed from 2.5.5-rc1. phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the Web."
PostgreSQL Weekly News
The PostgreSQL Weekly News for December 15, 2003 is available. "Well, holidays are coming and going which will probably be a least a little disruptive to development the next few weeks. Case in point; the holding off of the 7.4.1 release in order to get schedules better worked out."
Embedded Systems
BusyBox 1.0.0-pre4 released
Version 1.0.0-pre4 of BusyBox, a collection of Unix-like command line utilities for embedded systems, has been announced. "This release includes major rework to sed, lots of rework on tar, a new tiny implementation of bunzip2, a new devfsd applet, support for 2.6.x kernel modules, updates to the ash shell, sha1sum and md5sum have been merged into a common applet, the dpkg applets has been cleaned up, and tons of random bugs have been fixed."
Mail Software
milter-sender 0.48 available
Milter-sender 0.48 and LibSnert 1.29 are available. "This release has several important fixes and its recommend that all sites update. Well I won't bore you with highlights as its time for me to prepare supper."
Printing
AFPL Ghostscript 8.12 release
Version 8.12 of AFPL Ghostscript has been announced. "This is mainly a bugfix release. However there are a number of feature improvements as well. Highlights include improved font rendering and color[space] handling, and unicode text support for high-level devices."
LPRng 3.8.24 available
Version 3.8.24 of the LPRng print system is available. Change information is in the source code.
Web Site Development
phpWebSite 0.9.3-2 Stable released (SourceForge)
Version 0.9.3-2 of the phpWebSite content management system has been announced. "This release is mainly a performance enhancement upgrade from previous versions. The memory requirements have been dropped below the 8MB php default and the execution time has been cut in half. Many of the interfaces have been cleaned up and made more consistent. Also a new category view has been implemented for announcements, links, and documents."
TownPortal 0.5 "Little Christmas" released
Version 0.5 of Town Portal, an open-source web-based portal system for villages and local communities, is out with lots of new features.
Miscellaneous
Divmod Quotient Release 0.8.8
Version 0.8.8 of Quotient, an open source product that combines a multi-protocol messaging server with tools for information management and retrieval, has been announced. "In this release there has been a lot of polish and bugfixing applied to existing code. In particular, the database has been simplified and streamlined, and the extraction framework has been made more robust."
Desktop Applications
Audio Applications
Cultured Perl: Fun with MP3 and Perl (IBM developerWorks)
Teodor Zlatanov writes about MP3 manipulation with Perl in part one of a series on IBM's developerWorks. "Every self-respecting computer and music fan needs to be able to manipulate MP3s -- the defacto standard for recreational digital music use. In this article, Ted looks at ways to manage and manipulate MP3s (searching, tagging, renaming, commenting, etc.) using the autotag.pl application. Ted takes you through the application, illustrating how CPAN modules enable the application."
Desktop Environments
Ettore Perazzoli is now gone (GnomeDesktop)
Footnotes eulogizes GNOME/Ximian hacker Ettore Perazzoli who died unexpectedly on December 10.GNOME Development Release 2.5.1 (GnomeDesktop)
Development Release 2.5.1 of GNOME has been announced. "This release is a snapshot of development code. Although it is buildable and usable, it is primarily intended for testing and hacking purposes."
This week's GNOME Summary
The GNOME Summary for December 13 is out; it looks at the passing of Ettore Perazzoli, the new Foundation board, the 2.5.1 development release, and many other topics.KDE-CVS-Digest
The December 12, 2003 KDE-CVS-Digest has been published, here's the summary: "Mostly bug fixes. Code folding and highlighting fixes in Kate. Message selection and deleting bugs fixed in KMail. Screenshots of Kexi, the graphical database front-end."
KDE Traffic
Issue #71 of KDE Traffic has been posted. The KDE.News summary says: "Lots of news await you in the just-released KDE Traffic. If you're interested in hearing about KDE Performance, Quanta, KOffice, KDevelop, Image Viewers and more, check it out."
Electronics
XCircuit 3.1.32 released
Version 3.1.32 of XCircuit, an electronic schematic drawing package with lots of other uses, is available. Change information is in the source code.
Financial Applications
BIE 5.7.0 (alpha) released (SourceForge)
Version 5.7.0 alpha of BIE, the Business Integration Engine, has been announced. "BIE (Business Integration Engine) is an open source integration system that makes it easy for organizations to exchange data with external trading partners regardless of their native applications. It competes in the same space as applications like Microsoft BizTalk except that it is truly cross-platform since it written in Java. BIE 5.7.0 includes multiple feature enhancements and bug fixes. An LDAP action and LDIF message formatter have been added to assist in working with LDAP data sources."
SQL-Ledger 2.2.1 released
Version 2.2.1 of SQL-Ledger, a web-based accounting package, has been released. The changes include a new cash transfer entry screen, improved translations, better multibyte encoding support, and bug fixes.
Graphics
Inkscape 0.36 released (GnomeDesktop)
FootNotes is carrying the announcement for the second release of the Inkscape vector drawing editor. There is a long list of new features; it seems the Inkscape developers have been busy.
GUI Packages
New FLTK software available
A number of new software releases are available for FLTK, the Fast, Light ToolKit. Updates include version 2.7 of the FLU library of FLTK Widgets, version 1.2rc1 of flPhoto, an image management system, version 0.1rc2 of the flCash personal finance application, and more.
Interoperability
Samba 3.0.1 released
Version 3.0.1 of Samba is out. See the release notes for the full story. "This is the latest stable release of Samba and the version that all production Samba servers should be running for all current bug-fixes."
Wine Traffic
Issue #200 of Wine Traffic is available with the latest Wine news.Wine 20031212 available
Wine version 20031212 has been announced. "This is still a developers only release. There are many bugs and unimplemented features. Most applications still do not work correctly."
Music Applications
gmorgan 0.18 released
Version 0.18 of gmorgan, an electronic organ simulator with rhythm station and auto-accompaniment, is out. This release features new documentation, new edit functions, code improvements, bug fixes, and more.
Office Suites
OpenOffice.org: KDE Integration project launched today (KDE.News)
A new OpenOffice KDE Integration Project has been announced. "Maybe you remember Cuckooo, a KPart allowing OOo to be embedded in the Konqueror window (as a viewer). In the meantime this has evolved into an OpenOffice.org Qt port and the development does not stop there. KDE Integration is now an official "Incubator" project at OpenOffice.org, which means that it has been accepted by the OpenOffice.org community and if it continues well, it will become an official "accepted" project."
OpenOffice.org Newsletter
The December, 2003 OpenOffice.org Newsletter has been published. Take a look to read about the latest deployments, software developments, and more.
Web Browsers
Mozilla.org Staff Meeting Minutes (MozillaZine)
The Minutes are available for two Mozilla.org staff meetings. For the December 1, 2003 meeting: "Issues discussed include Mozilla 1.6 Beta, the website, localisations on CD and the Mozilla Foundation."
For the
December 8, 2003 meeting:
"Issues discussed include CVS over SSH, Mozilla 1.6 Beta, Talkback, Mozilla Firebird 0.8, streamlining the release process, localisation packs, the website, upgrading bugzilla.mozilla.org and future meetings.
"
Word Processors
AbiWord 2.0.2 released (GnomeDesktop)
Version 2.0.2 of AbiWord has been announced. "This release is a bugfix release over 2.0.1 and includes fixes to footnote handling, Windows font rendering (now matching Word's text layout exactly) and table handling, amongst others."
AbiWord Weekly News
Issue #174 of the AbiWord Weekly News is available, here's the summary: "Finally, Abi-Centric releases! AbiWord 2.0.2 and Enchant 1.1.2 have been released! AbiWord 2.1.0 has been almost released. And, a new major feature hits CVS HEAD; all those details, and more news on AbiRelatives inside."
Languages and Tools
Caml
Caml Weekly News
The December 9-16, 2003 edition of the Caml Weekly News is out with another roundup of Caml articles.
Java
Explorations: Generics, Erasure, and Bridging (O'Reilly)
William Grosso writes about Java Generics, Erasure, and Bridging on O'Reilly. "In my first two articles, I'm going to talk about some of the more advanced aspects of the current generics implementation. More specifically, this first installment is about erasure and bridging. Both of these are code transformations the compiler performs in order to implement the generics specification."
Perl
Gtk2-perl 1.020 released (SourceForge)
The second stable release of gtk2-perl, the Perl bindings to Gtk+ has been announced, along with some new related libraries. "The major focus of this release is documentation: now we have full API reference documentation, generated automagically from the source code. It also includes a fix for major memory leak, as well as the ability to create your own CellRenderers in Perl, and fixes a bunch of bugs. We strongly recommend all users upgrade to this version."
This Week on perl5-porters (use Perl)
The December 8-14, 2003 edition of This Week on perl5-porters is online. "In two words, this was a busy week. Various topics were discussed, from the low-level C portability stuff to the Perl anguage considerations."
This week on Perl 6 (O'Reilly)
O'Reilly's This week on Perl 6 for the week ending on December 7, 2003 is out with more Perl 6 information.
PHP
PHP Weekly Summary for December 16, 2003
The PHP Weekly Summary for December 16, 2003 is out. Topics include: New fgetcsv() behaviour, rmdir() and mkdir() are now using streams, Magic __toString() method, ext/tidy enabled by default in PHP 5, New “with” construct request, PECL vs. Sibiria.Using data structures in PHP (DevChannel)
Josh Bressers explains the use of data structures in PHP. "Some languages, such as PHP, do not provided a straightforward way of easily working with data structures. The most challenging, yet most important, part of working with data structures in PHP lies in handling variable references."
Python
Python-dev Summary
The Python-dev Summary for November 16-30, 2003 is out with a look at the traffic on the python-dev mailing list.Dr. Dobb's Python-URL!
Dr. Dobb's Python-URL! for December 15, 2003 is available. Take a look for links to lots of Python articles.numarray-0.8 released
Version 0.8 of numarray, a re-implementation of Numeric array manipulation extension module for Python, is available. See the release notes for change details.
Tcl/Tk
Dr. Dobb's Tcl-URL!
The December 16, 2003 edition of Dr. Dobb's Tcl-URL! is out with another weekly collection of Tcl/Tk article links.
XML
DocBook XSL Stylesheets 1.64.0 released (SourceForge)
Version 1.64.0 of DocBook XSL Stylesheets is available. "This release includes many bugfixes (including an experimental fix for correctly generating links when the dbhtml 'dir' PI is used), some performance improvements, and some new features, including a new option for controlling which sections are included in running headers or footers, better control over superscript/subscript properties, and support for the newly add "code" and "stepalternatives" markup."
The XOM Java XML API (IBM developerWorks)
David Mertz examines XOM on IBM's developerWorks. "In this installment, David looks at Elliotte Rusty Harold's XOM. Broadly speaking, this is yet another object-oriented XML API, somewhat in the style of DOM, however a number of features set XOM apart, and Harold argues that they are important design elements. Chief among these is a rigorous insistence on maintaining invariants in in-memory objects so that an XOM instance can always be serialized to correct XML. In addition, XOM aims at greater simplicity and regularity than other Java XML APIs."
Cross Compilers
The GPAL compiler
The GPAL compiler has been added to the GPUTILS collection of tools for Microchip PIC microcontrollers. "GPAL is the GNU PIC Algorithmic Language. It is a very simple Ada like language for Microchip PIC microcontrollers. The language is still being defined, so I will have to provide the details later."
Editors
Leo 4.1 rc1 released (SourceForge)
Version 4.1 rc1 of Leo, a programmer's outlining editor and browser, has been announced. Changes include a new batch mode, support for Unicode characters, new script capabilities, bug fixes, and more.
IDEs
Charming Python: Review of Python IDEs (IBM developerWorks)
David Mertz reviews Python IDEs on IBM's developerWorks. "David looks at four open source development environments for working with Python code on Unix-like operating systems. He evaluates two general-purpose editors/environments and two Python-specific ones, and compares the merits of each."
Miscellaneous
OOP over the top (Inspirational Technology)
This article on the Inspirational Technology site looks at the effects of too much Object Oriented design. "OO techniques are a tool, they are not an end goal. Starting to design a system to achieve OO purity is the fastest way to build a system that will be ten times more complex then it likely needs to be."
Page editor: Forrest Cook
Linux in the news
Recommended Reading
Myths Open Source Developers Tell Ourselves (O'ReillyNet)
chromatic has some suggestions for free software developers in this ONLamp.com article. "Many of the users you most want to test your code before an official release won't. The phrase 'stable release' has special magic that 'alpha,' 'beta,' and 'prelease' lack. The best way to get user feedback is to release your code in a stable form."
Getting open source into public libraries (NewsForge)
Here's a NewsForge article that looks at spreading open source software through local libraries. "The first reaction from the open source community is usually "Great, I'll burn a whole set of CDs and donate them to my local library." This is completely and utterly the wrong thing to do. It is wrong because you will not be taking into account the responsibilities libraries have for their patrons. The CDs you burn will have to be thrown away. You will also be trying to force libraries to do what you want them to do, and nobody likes that."
On the GUI Selection in UserLinux (NewsForge)
Bruce Perens defends his decision to include GNOME and not KDE in UserLinux, in this NewsForge article. "We held about a week of discussion on the GUI issue, on the UserLinux mailing list - about 200 postings. It drowned out all other work. It was clear from the discussion that while GNOME and KDE each exceed the other in some areas, when you weigh them all together they are of equal technical merit. However there is a critical business difference between the two GUIs: GNOME does not require a royalty in connection with proprietary software development based upon their SDK. Qt, the widget set upon which KDE is based, does have a proprietary developer licensing fee connected with it."
The SCO Problem
Transcript of SCO v. IBM motion to compel hearing
For those of you who haven't seen enough of this yet: Groklaw now has the official transcript from the December 5 hearing on IBM's motions to compel discovery from SCO. It's an interesting read. From SCO lawyer Kevin McBride's presentation: "... I want to walk the Court through enough of our complaint to help the Court understand that IBM clearly did contribute a lot of the Unix-related information into Linux. We just don't know what it is."
Security Expert Doubts SCO's Attack Story (Groklaw)
Groklaw takes a skeptical look at SCO's claims of having been subjected to another DDOS attack. "The consensus of what I am hearing is: That it is probably not an attack. That their description of the "attack" makes no sense. And that if what they are saying were true, SCO would be admitting to gross negligence."
The Protective Order (Groklaw)
Groklaw has gotten hold of the protective order in the SCO case. This order could result in the community never seeing SCO's evidence, even if the company turns out to have some.
Linux Adoption
Linux Gaining Support In Embedded Systems (TechWeb)
TechWeb reports on Wind River's moves toward Linux. "Linux today lacks the maturity, for example, to operate in real-time systems, which are computer systems that respond to input signals fast enough to keep an operation moving at its required speed. Such systems are used to control airplanes and space shuttles. But while Linux is behind proprietary and homegrown systems in this space, the gap is closing."
Israel accelerates free software migration (Register)
The Register reports that several departments in the Israeli government are evaluating Linux. "Writing for Israel's Ynet, Gal Mor reports that the Israeli Treasury has decided to walk away from the Government's contract with Microsoft. Signed two years ago, the contract expires this month, and the ministry is testing localized builds of Mandrake Linux."
Followup with the LUG Of Iraq (Linux Journal)
Here's a Linux Journal article looking at the software situation in Iraq. "As Ashraf told me, Iraq is now a blank, unformatted hard disk and can be loaded with anything. Everything is open in Iraq right now. There are no regimented standards or massive expenditure in a particular monopoly's software. Now is the time to convince Iraqis--government, business, and users--that linux will meet their needs better than proprietary software."
Legal
ACT passes open source law (ComputerWorld)
The Australian ComputerWorld has an article on the new open source law passed in the Australian Capital Territory. "Section 6A of the Government Procurement Guideline amendment bill regarding the procurement of computer software stated: 'In the procurement of computer software, a Territory entity should, as far as practicable, prefer open source software.'... The bill was later amended by independent member Helen Cross to substitute 'consider' for 'prefer', and then passed by the Labor government." (Thanks to Frederic Schutz).
Australian Capital Territory passes open source bill (ARNnet)
The Australian Capital Territory (ACT) has passed legislation that requires its agencies to consider non-proprietary software, ARNnet reports. "Section 6A of the Government Procurement Guideline amendment bill regarding the procurement of computer software stated: "In the procurement of computer software, a Territory entity should, as far as practicable, prefer open source software."" (Found on Open Sector)
Interviews
An interview with Chris Hofmann (Digital Web)
Digital Web interviews Chris Hofmann of the Mozilla Foundation. "The development and testing community is still strong. We have nine people on the Foundations staff. IBM and others have stepped in to hire key developers. In a small engineering meeting to talk about some Gecko work at the Foundation headquarters a few days ago, we had eight or so developers representing five different companies. We really are fulfilling the dream of Mozilla being a collaborative project with involvement from many companies and individuals with a passion for internet client software."
FOSDEM interviews: Hans Reiser, Stefan Seefeld, and Tom Tromey
FOSDEM 2004 is happening in February; in keeping with its tradition, the conference is posting interviews with developers who will be speaking at the event. The first set includes Hans Reiser (of ReiserFS fame), Stefan Seefeld (the Fresco project), and Tom Tromey (GCJ - GNU Compiler for Java). The conference has also announced that the beginning keynote talk will be given by Tim O'Reilly.Interview with Mandrake Linux Founder Gael Duval
LinuxQuestions talks with Gael Duval about the past, present and future of Mandrake Linux. "LQ) Before releasing the first Mandrake version (which was based on Red Hat) you were working on a Slackware-based OS. Any regrets on that distro switch? Do you think things would be different had you not made that change? GD) No regret at all, for a simple reason: it was not serious anymore to release a Linux distribution without a good package management like RPM. I seriously considered to switch to Debian as a base because at the time, Red Hat's reaction was very unclear (as far as I know, forking from a commercial Linux distribution never happened before Mandrake). But back in 1998, Debian's installation procedure was really not friendly at all. As a result, a key success of Mandrake was also that all packages made for Red Hat were compatible with Mandrake, including commercial packages. So the choice of RPM was the good one."
Interview: Author of Ambitous Flash4Linux Project (KDE.News)
KDE.News interviews Özkan Pakdil, author of the Flash4Linux project. "I think that, within any given Linux environment, there is an extreme lack of WYSIWYG type applications -- particularly of the Flash variety. In the Windows world, Flash is a well-known tool for creating animated vector graphics. I want to bring this type of functionality to Linux, but I do realize that this will not be an easy task."
Zander to light a fire under Motorola (ZDNet)
ZDNet talks with Ed Zander, formerly of Sun, about his move to Motorola. "When we bought Cobalt, we basically told the executive team and the board that we had to get behind Linux big, but I left soon after, and people just didn't agree with me. Sun should have owned Linux and should have owned the community. It is Unix and all Unix developers should have been Sun developers with Linux."
Beyond Hacking the Xbox (O'Reilly)
Bruce Stewart interviews Andrew "bunnie" Huang, author of Hacking the Xbox, on O'Reilly. "To some extent, the DMCA has already stifled reverse engineering. The fear and doubt that surrounds the activity has been enough to deter most technical people. The contrast between engineers in the U.S. and those overseas in countries without the DMCA, or DMCA-like laws, is quite stark. The technology marketplace is extremely competitive, and anything that slows down our ability to compete, such as depriving engineers of the unfettered freedom to reverse engineer competing products, may prove to have very undesirable long-term consequences."
Reviews
KDE 3.2-beta2, Towards a Better KDE (OSNews)
OSNews previews KDE3.2-beta2. "KDE 3.2 offers a slew of new features, including an updated khtml engine, an SVG viewer/player kpart, better tab integration on Konqueror (which are now available for file management as well for web pages), CD burning via Konqueror, and even an addon-like technology, named Service Menus. Any user can hack together their own custom service menus and create their ideal addon menu without any C/C++ code. There is also a better Kiosk support, support for graphically connecting to Windows machines, and support for inline automatic spellchecking for some apps like kmail." (Found on KDE.News)
Device Profile: Samsung SCH-i519 smartphone (LinuxDevices)
LinuxDevices.com is running a profile of the Samsung SCH-i519 Linux-powered phone, including pictures and screenshots. "The i519 is the first embedded Linux device to run Voice Signal's Voice Activated Phonebook (VAP) application, which lets users launch any installed application by voice, using commands such as 'Open Browser' or 'Open Instant Messenger.'"
Flying the Open Skies with FlightGear (O'Reilly)
Howard Wen reviews FlightGear, an open-source flight simulator, and interviews the developers. "Flying has never been so impressive or free. FlightGear is a flight simulator that boasts surprising technical realism, supported by an equally sophisticated pedigree several of its active developers work in the aeronautics industry. "What keeps the project going is a wide range of people who care deeply."
From Browser to Platform: Mozilla Rises (LinuxInsider)
LinuxInsider takes a detailed look at the Mozilla development platform. "What is new with Mozilla is that apparently simple technologies used in Web development, like XML, CSS and JavaScript, are all equally applicable to Mozilla applications. Instead of a Web page, you can build a traditional user-oriented, GUI-based application with these technologies."
Miscellaneous
Linux set for Mars landing (vnunet)
Vnunet covers a UK project to send the Beagle 2 Mars Lander to the red planet. "In true British low-budget fashion, a single Linux-based workstation at the Lander Operations Control Centre (LOCC) is being used to send commands and receive vital data from Beagle 2."
Page editor: Forrest Cook
Announcements
Non-Commercial announcements
Linux Group Aims for Enterprise Desktop
Developers from both the Debian and KDE projects have announced an initiative to provide a Linux desktop operating system aimed at the needs of large organizations. By working together the group intends to deliver an integrated solution for the desktop needs of government agencies, educational institutions and enterprises.Preliminary results for the GNOME Foundation elections (Footnotes)
Footnotes reports on the preliminary results of the GNOME Foundation Board of Directors. "The next board of directors will consist of:"
Owen Taylor - Glynn Foster - Jody Goldberg - Jeff Waugh - Luis Villa - Jonathan Blandford - Nat Friedman - Leslie Proctor - Bill Haneman - Dave Camp - Malcolm Tredinnick
Healthcare Desktop Project Announced (LinuxMedNews)
A new open-source health care project has been announced. "I would like to notify everyone interested in Open Source healthcare software about a new Open Source project - Healthcare Desktop. In short our project goal is to create an open source (snip.) software package that covers all aspects of work in modern hospital."
Commercial announcements
MandrakeSoft shareholder newsletter
MandrakeSoft has posted its shareholder newsletter for the 2002/2003 fiscal year. Revenue for the year was €3.9 million, down from €4.7 million the year before; the company attributes the decline to its bankruptcy proceedings, the weak economy, and the decline of the dollar. The company's losses also fell, however, to €2.2 million, less than half of what it lost the year before, and gross margins have increased considerably. MandrakeSoft claims to cash-flow positive since January, and to be heading toward a positive operating result in the current quarter. It looks like an exit from the bankruptcy process will be happening before too long.Reasoning Study Reveals Code Quality of MySQL
Reasoning Inc. has released the results of a study of MySQL. "Reasoning's inspection study shows that the code quality of MySQL was six times better than that of comparable proprietary code. A key quality indicator is defect density, which is defined as the number of defects found per thousand lines of source code. In its latest study, Reasoning found 21 software defects in 236,000 lines of MySQL source code. The defect density of the MySQL code was 0.09 defects per thousand lines of source code. Using a benchmark that covered over 200 recent projects totaling 35 million lines of commercial code, Reasoning found that the commercial average defect density of these projects came to 0.57 defects per thousand lines of source code."
Fujitsu Promoting PostgreSQL
Fujitsu is promoting PostgreSQL. "In cooperation with SRA/Japan, Fujitsu has developed a custom version of PostgreSQL which is a merger of the community PostgreSQL release and its powerful, proprietary storage engine called Symfoware. The resulting product, called Powergres Plus, is now being marketed by Fujitsu".
Bob Young writes a letter to Darl
Bob Young, co-founder of Red Hat, has posted an open letter to Darl McBride, CEO of SCO. "Darl, for the sake of your case in front of the courts, for the sake of your company's ability to win customers, for the sake of everyone's blood pressure, and to save yourself further personal embarrassment, you might want to be less vocal. All you are doing is causing your audience to educate themselves. Once everyone understands how wrong you are your stock price will suffer."
3rd Millennium releases code as open source
3rd Millennium has announced the release of its knowledge management system to the open source community. The software is a foundation technology for knowledge management solutions in biopharmaceutical research and development.Use of "Lindows" name blocked in Sweden
Lindows.com has sent out a press release entitled "Microsoft blocks distribution of desktop Linux in Sweden." What has really happened, of course, is that Microsoft has succeeded in a trademark challenge against the "Lindows" name in that country. Lindows is portraying Microsoft's actions as directed against Linux in general ("Microsoft is using lawsuits as a battering ram to smash Linux, to prevent it from reaching retail stores"), but the real scope of the case is a bit narrower than that.
RWE Innogy Selects Verano's Linux-based Performux
Verano has announced that RWE Innogy, a UK energy company, has installed Verano's Performux, a real-time plant intelligence software platform. According to Verano, Performux is the first Linux-based, plant operations software platform to offer secure, Internet-enabled management of critical industrial operations.Red Hat Application Server *Beta 1* Availability
Red Hat has announced the general availability of Red Hat Application Server v1.0 Beta 1. The package includes Tomcat 4.1.27, Struts 1.0.2, JOnAS 3.3, sample JOnAS and Struts web applications, supporting modules for file uploads, AJP and WARP protocols, and JDBC drivers for MySQL.Novell Nterprise Linux Services released
Novell has sent out a press release proclaiming the availability of its "Novell Nterprise Linux Services 1.0" offering. This product brings Novell's variety of integrated printing, file management, directory management, and messaging services to the Red Hat and SUSE enterprise distributions.
Resources
Report: Open Source Software: Perspectives for Development
The Dravis Group has published a report called "Open Source Software: Perspectives for Development," it is available as a 44-page PDF file. The report looks at the use of free software in the developing world, with case studies and "lessons learned" from several countries. (Seen on OpenSector).December Troubleshooters Magazine
The December issue of Troubleshooters is out, with a comprehensive GIMP tutorial and lots of other stuff. "If I were stranded on a desert island with only one graphical tool, I pray it would be Gimp. Gimp might not be easiest for specific applications, but it can do just about anything. This article gives an overview of a select few of Gimp's abilities. Gimp has MANY more abilities than discussed in this article."
PHP Magazine
The first issue of the new PHP Magazine is available online for free. "The PHP Magazine is your monthly dose of PHP, containing an assortment of carefully handpicked articles from the vast resource pool of the international PHP Magazine editorial."
Introduction to Mozilla Manual Available (MozillaZine)
MozillaZine has an announcement for a new Mozilla introductory manual. "Kevin Quiggle writes: "A guide to Mozilla 1.5 — Introduction to Mozilla — A Manual for First Time Users — is now complete and is available for download as an illustrated PDF file (source documents used to create the manual are also available). This publication is intended to introduce new users of Mozilla to key features and functions."
The Independent Qt Tutorial (KDE.News)
Johan Thelin has announced the availability of a new Qt tutorial. "I have started writing a gentle introduction to Qt called The Independent Qt Tutorial. It currently consists of nine chapters and deals with how to setup Qt, how to use QtDesigner, how to write an application by hand, etc. The purpose of the tutorial is to cover all areas of Qt needed to write top quality applications."
Upcoming Events
CodeCon 3.0 Call for Papers (Linux Journal)
Linux Journal covers a call for papers for CodeCon. The deadline for proposals is December 15, 2003. CodeCon 3.0 will be held February 20-22, 2004, in San Francisco, California.Linux Audio Conference #2 CFM
A Call For Music has gone out for the 2nd conference of the Linux Audio Developers, to be held in Karlsruhe, Germany on April 29 - May 2, 2004. "As a new feature there will be presentations of music in addition to technical talks. For this, we are looking for music that has been produced completely or mostly under Linux."
PostgreSQL Bootcamp
Bruce Momjian will be leading a PostgreSQL Bootcamp on February 23-27, 2004 near Atlanta, GA.Nordic Perl Workshop in Copenhagen (use Perl)
The Nordic Perl Workshop for 2004 has been announced. The event will take place in Copenhagen from March 27-28, 2004. Also, see the event's Call for Papers.YAPC::Taipei::2004 - Call For Participation (use Perl)
A Call For Participation for the YAPC::Taipei::2004 conference is online. "YAPC::Taipei::2004 will take place on 27th-28th, March 2004; the topic of this conference is "Projects for Developers", where we will unveil "OpenFoundry", a collaboration environment based on widely-used Perl projects such as Mason, RT, Sympa and Kwiki."
PyCon DC 2004 Submissions Open
Submissions are being accepted for the PyCon DC 2004 Python conference. The event will take place in Washington, DC in March, 2004.MySQL Users Conference 2004 Call for Papers
A Call for Papers has gone out for the MySQL Users Conference & Expo 2004. The event will be held in Orlando, Florida on April 14-16, 2004.Linux Installfest in Davis
The Linux Users' Group of Davis will be holding another Linux Installfest on December 21, 2003 at UC Davis.Linux.Conf.Au 2004 update
An update notice has gone out for the Linux.Conf.Au 2004 event. "Just over 4 weeks to go - and it's all getting a little bit exciting!"
OSCon 2004 Call for Participation (use Perl)
Use Perl has a Call for Participation for the OSCon 2004 conference, the event will take place in Portland, OR on July 26-30, 2004.Mozilla Developers Meeting in Europe 4.0 Announced (MozillaZine)
The Mozilla Developers Meeting in Europe 4.0 has been announced. The event will take place in Brussels on February 21-22, 2004.Events: December 18, 2003 - February 12, 2004
| Date | Event | Location |
|---|---|---|
| January 12 - 13, 2004 | Linux.Conf.au Miniconfs | Adelaide, Australia |
| January 12 - 13, 2004 | EducationaLinux 2004 | Adelaide, Australia |
| January 14 - 17, 2004 | Linux.conf.au | Adelaide, Australia |
| January 20 - 23, 2004 | LinuxWorld Conference & Expo 2004 | (Jacob K. Javits Convention Center)New York, New York |
| January 31 - February 1, 2004 | WineConf 2004 | (Court International Building)St. Paul, Minnesota |
| February 2 - 6, 2004 | EclipseCon 2004 | (Disneyland Hotel)Anaheim, CA |
| February 2 - 4, 2004 | Open Standards and Certification Conference | (San Diego Marriott Mission Valley)San Diego, CA |
| February 3 - 5, 2004 | Linux Solutions 2004 | Paris, France |
| February 9 - 12, 2004 | O'Reilly Emerging Technology Conference(ETech) | (The Westin Horton Plaza)San Diego, CA |
Event Reports
Report: KDE at Linux Bangalore 2003
KDE.News has a report on Linux Bangalore, as viewed from the KDE booth. "One thing I've noticed is that in India, Linux is synonymous with Red Hat simply because they seem to be the only distribution to have put serious effort into this market so far. Almost all the demo machines at the conf were running it, and most people's KDE experiences seem to be from Red Hat too. Not such a great thing, especially as downloading software off the net is hard due to the low availability of broadband. I hadn't really anticipated this, so at the conf itself I spent quite a bit of time burning and giving away CDs with whatever KDE sources happened to be on my laptop at the time. It's going to be very important to get good KDE packages onto the next few Fedora releases, as its quite hard to even find other distributions for sale."
UMEET 2003 conference
The fourth edition of the UMEET Conference is underway. UMEET 2003 is a virtual conference (taking place via the web and IRC) and it includes topics like software patents, free software, security and recent Linux developments. You can look at the program and register to receive updates about the conference. The conference began on December 15, and will finish December 23, with a talk by Rik van Riel.
Mailing Lists
New Mailing List 'kdepim-users'
A new kdepim-users mailing list has been announced. "pim.kde.org reports that a new mailing list kdepim-users for discussion about the usage of the KDE PIM applications (Kontact, KAddressBook, KMail, KOrganizer and everything else in the kdepim CVS module) has been created. Users who want to help with user support for the KDE PIM applications are very welcome to the new mailinglist."
Web sites
The Abusable Technologies Awareness Center
The Abusable Technologies Awareness Center site has been set up "to provide current and accurate information about technology that oversteps its bounds." The site is run by an extensive set of panelists which includes Steve Bellovin, Matt Bishop, Matt Blaze, Bill Cheswick, Ed Felten, Dan Geer, Avi Rubin, Bruce Schneier, and several others.EC Open Source Observatory launches
The Open Source Observatory, operated by the European Commission's "Interchange of Data Between Administrations" agency, is now online. It includes a news section, an events calender (incomplete - it's missing FOSDEM,for example), case studies, etc.
Software announcements
This week's software announcements
Here are the software announcements, courtesy of Freshmeat.net. They are available in two formats:
- Sorted alphabetically,
- Sorted by license.
Page editor: Forrest Cook