LWN Weekly Edition
Leading itemsSecurity
Kernel development
Distributions
Development
Linux in Business
Linux in the news
Announcements
Letters to the editor
->Multipage format
This page
Previous weekFollowing week
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
LWN.net Weekly Edition for August 22, 2002The hard side of the BazaarThe "Bazaar" style of project management, as described by Eric Raymond and typified by the Linux kernel development model, is undoubtedly effective at producing quality software, at least in some situations. It can also, however, be a harsh environment in which to operate, as demonstrated by events in the kernel community over the 2.5 series, and especially over the last week.Readers of the LWN.net weekly Kernel Page will have been following the development of the IDE/ATA layer in the 2.5 series for some time. For the rest, here is some quick background to provide context for the rest. The IDE layer, of course, is the low-level code that handles the disk (and CD) drives found on most Linux systems. This code operates under a number of serious constraints. It must be fast - able to drive the hardware at its maximum speed; the performance of a Linux system as a whole is highly dependent on how fast its disks can go. It also must be absolutely correct; users get grumpy when their data is lost or corrupted. And it must deal with a wide variety of, um, "inexpensive" hardware that does not always behave as the documentation and standards say it should. Hacking on the IDE subsystem is not for the faint of heart. In recent times the IDE maintainer has been Andre Hedrick. Andre has had numerous communication problems with Linus (and others) which have made it difficult for him to get patches into the kernel. It is also fashionable in certain quarters to criticize the quality of Andre's code. But, it should be said: Andre's IDE layer has proved, over time, to be rigidly standards compliant and highly reliable. Andre's inability to get patches into the kernel left a void in the 2.5 series, however. That void was filled by Marcin Dalecki, who started posting his "IDE cleanup" patches back in February. The "cleanups" began to look increasingly like a complete rework (and hostile takeover) of the IDE code, and, with IDE 18, Marcin put his name into the MAINTAINERS file. Marcin's work has been controversial all along - especially after he started removing features that people were using, and when the IDE layer started breaking for some users. His approach was not subtle, and he seemed untroubled by the concerns of the other Linux kernel hackers. After all, said Marcin, "Breakage is the price you have to pay for advancements." Linus, for the most part, seemed to agree; he merged almost every patch from Marcin through IDE 115, posted on August 9. All this changed on August 16, when Linus, without fanfare, deleted the entire 2.5 IDE subsystem and replaced it with the "foreport" of the 2.4 IDE layer, done by Jens Axboe and others. The word from Linus is that Marcin got tired of all the criticism and quit; Marcin, himself, has been silent since then. It is telling, though, that Linus responded by simply deleting and replacing the entire body of 2.5 IDE work, rather than trying to find somebody who would continue that task. Either Linus came to agree with other kernel hackers about the quality of the reworked IDE code, or he concluded that nobody else would be willing to work with that code. The end result is that six months worth of Marcin's work, in the form of 115 IDE patches, has just been dumped into the bit bucket. And that is an example of the harsh side of participating in the kernel bazaar. One can work for months, see that work apparently accepted, then have it vanish in a moment. Linus has said numerous times that the doesn't much care about the feelings of kernel hackers; he is far more concerned about the quality of the code. This approach may well be part of why Linus is a good manager for Linux development - in the end, the code quality must remain high or the whole thing will collapse under its own weight. But it also explains why kernel hackers occasionally get frustrated and leave the kernel development community. The bazaar can be fun and effective, but it's not always nice.
The GNOME Human Interface GuidlinesThe GNOME project has announced the release of version 1.0 of the GNOME Human Interface Guidelines (HIG). The HIG is, according to the announcement:
...the most complete and carefully researched document of its kind
in the Free Software community [and] a major step
toward the creation of an easy to use and powerful set of free
applications with a distinctive and coherent style.
Leaving aside the hype, some examination of this 130-page document shows that it is, indeed, an impressive piece of work. The HIG examines many aspects of the usability of graphical applications, from window layouts, color selections, icon design, etc. through to things like how to label menu entries. A simple example of the sort of work that has been done:
User testing of MIT's Athena system revealed that users had
difficulty finding the file manager because they were unfamiliar
with the name "Nautilus". Because users did not associate the word
"Nautilus" with the concept "file manager" the menu item did not
help them.
Like many things in the usability arena, this conclusion seems obvious - in retrospect. Even after years of human factors research, creating highly usable applications still requires a great deal of plain hard work. Application designers are often blind to things they do that confuse their users. Creation of the best desktop applications available requires more than just great hacking; it requires serious attention to all of the little things that make those applications really work for the people who will use them. The HIG, thus, is a great contribution to the free software community, in that it will help to focus and guide that attention. The HIG is also the sort of work that free software developers are not supposed to be good at. What self-respecting, ego-driven, itch-scratching free software hacker is going to bother with human factors research, after all? Such claims have been increasingly hard to defend for some time; the HIG is just one more example of what the free software community is really capable of. One other quote from the announcement is worth a look:
Further, we would like to challenge the KDE project to serve the
general user community by partnering with us in developing these
guidelines to create a common Free Software interface style.... We
call on the members of the KDE project to rise above Not Invented
Here (a natural tendency that neither project has been particularly
succesful in repressing, we know) in taking a major step for the
good of both our user bases and the long term success of Free
Software on the desktop.
A true gesture toward cooperation could certainly have been done in a less public and challenging way. It is true, though, that the creation of a common interface document could be a good way for the two projects to work together. The creation of a more consistent desktop environment across the two projects would help both - as would a more formal approach to human factors in general. And both projects could join this work while maintaining their own code bases. It's worth some thought.
The obligatory LWN status updateThere is not a whole lot to report this week with regard to LWN's status and life expectancy. We are still in "discussions" with our credit card clearing company. We are still hacking on the subscription code (it's mostly complete) but are not sure if we will be able to accept credit cards to pay for those subscriptions. Hopefully all of this will settle out before too long. Meanwhile, we're doing what we can to continue to produce the best news available for the Linux and free software community. Thanks, as always, for your continuing support.
Security Brief items Konqueror and digital certificatesHere is an advisory from the KDE project regarding a flaw in Konqueror's digital certificate handling. It seems that Konqueror (along with certain other, proprietary web browsers) doesn't look hard enough at how a site's certificate was signed, meaning that anybody can fake a certificate for anybody else's site. Thus, with a little additional trickery, it would be possible to set up "man in the middle" attacks and steal credit card numbers.The Register described this vulnerability as "a colossal stuff-up." Certainly the error is worth fixing, but anybody who is greatly concerned about this vulnerability would be well advised to look at the end of the "Certificates and Credentials" chapter in Bruce Schneier's Secrets & Lies:
I visited www.palm.com to purchase something for my PalmPilot.
When I went to the online checkout, I was redirected to
https://palmorder.modusmedia.com/asp/store.asp. The SSL
certificate was registered to Modus Media Internatinoal; clearly a
flagrant attempt to defraud web customers, which I deftly uncovered
because I carefully checked the SSL certificate. Not.
All that SSL does in almost every use is to verify that the remote site has a certificate issued by a trusted authority. There is no verification that said certificate has anything to do with the site that the user expects to be interacting with. Man in the middle attacks are easily done even when the web browser properly checks how digital certificates were signed; the Konqueror vulnerability has not really opened up any new holes. The real issue, which nobody is all that concerned about, is that the digital certificate system is not doing much for its users. Quoting Schneier again: "Digital certificates provide no actual security for electronic commerce; it's a complete sham." Konqueror users should go ahead and apply the patch (see the LWN vulnerability entry for distributor updates as they arrive), but it's not going to make them all that much more secure against man in the middle attacks.
August CRYPTO-GRAM newsletterBruce Schneier's CRYPTO-GRAM newsletter for August is out; it includes a look at Palladium, the proposed law allowing attacks against online copyright violators, and the idea of arming airline pilots. "To me, it's another example of the insane lengths the entertainment companies are willing to go to preserve their business models. They're willing to destroy your privacy, have general-purpose computers declared illegal, and exercise special vigilante police powers that no one else has...just to make sure that no one watches 'The Little Mermaid' without paying for it. They're trying to invent a new crime: interference with a business model."
Security reports FUDforum file access and SQL InjectionFUDforum is a web-based forum system. Ulf Harnhammar has reported two vulnerabilities in this package; one can provide access to files outside of the FUDforum directory, and the other can lead to SQL injection issues. The problems have been fixed in version 2.2.0.
New PHP-Nuke cross-site scripting bug exposes admin accountsA new cross-site scripting vulnerability has been reported in PHP-Nuke v5.6; properly exploited, this hole can be used to obtain access to the site's administrative accounts. No fix is available as of this writing. (Additional note: this vulnerability was actually first reported in March. PostNuke also, apparently, has this problem).
Input validation attack in php-affiliatephp-affiliate - a script for running web site affiliate programs - places a little too much trust in the hidden fields it puts into forms, with the result that users can modify information belonging to other users.
Remote command execution in Web Shop ManagerThe Web Shop Manager e-commerce system has trivial remote command execution vulnerability. This problem exists in version 1.1; no updates are yet visible on the project web site.
New vulnerabilities Numerous vulnerabilities in bugzilla
Filename disclosure vulnerability in fam
Buffer overflow in libpng
Inadequate digital certificate verification in Konqueror
Multiple vulnerabilities in mantis
Safemode vulnerability in PHP
XDR vulnerability in krb5
Updated vulnerabilities Heap corruption vulnerability in at
Denial of service vulnerability in version 9 of BIND
bind buffer overflow vulnerability in DNS resolver libraries
Off by one buffer overflow vulnerability in cvsd
Potential unauthorized root access vulnerability in dietlibc
Ethereal buffer overflow, infinite loop and memory management vulnerabilities
GNU fileutils race condition
Buffer overflow vulnerability in the Jabber plug-in module for gaim
Remote execution vulnerability in gallery
Potential remote root exploit in glibc
Buffer overflow in groff
HylaFAX 4.1.3 fixes multiple vulnerabilities
Buffer overflow and format string vulnerabilities in ipppd
UW imapd remotely exploitable buffer overflow
File exposure vulnerability in interchange
Kerberos 5 unauthorized root access to KDC host vulnerability
Remotely exploitable vulnerabilities in l2tpd
Apache mod_ssl off-by-one local code execution and DoS vulnerability
libpng buffer overflow vulnerability
LPRng accepts jobs from any host.
Mailman 2.0.11 fixes two cross-site scripting vulnerabilities
Remote arbitrary code execution vulnerability in mantis
Temporary file vulnerability in mm library
PHP Remote Compromise/DOS Vulnerability
Mozilla XMLHttpRequest file disclosure vulnerability
Potential MIME encoded email arbitrary coded execution vulnerability
String format bug in pam_ldap logging
OpenAFS potential remote code execution vulnerability
OpenSSL remotely-exploitable buffer overflow vulnerabilities
Remotely exploitable vulnerability in pine
Buffer overflow vulnerabilities in PostgreSQL
Local denial of service vulnerability in sendmail
Sharutils potential privilege escalation using uudecode
Multiple vulnerabilities fixed in Squid-2.4.STABLE7
Local root access vulnerability in super
Tcl/Tk local root vulnerability
Malformed NFS packet buffer overflow vulnerability in tcpdump
Multiple vendor telnetd vulnerability
Potential arbitrary code execution vulnerability in tinyproxy
Multiple vulnerabilities in SNMP implementations
Local root vulnerability in chfn
webalizer: reverse DNS buffer overflow vulnerability
Webmin/Usermin vulnerabilities
Problems with libgtop_daemon
Wwwoffle remote privilege escalation vulnerability
xchat IC server based dns query vulnerability
Denial of service vulnerability in xinetd
Resources New SecurityFocus ListsThe folks at SecurityFocus have set up two new mailing lists for security discussions - one aimed at BSD systems, and the "unix-other" list for proprietary Unix systems.
Linux Security WeekThe LinuxSecurity.com weekly newsletter for August 19 is available.
Events Upcoming security events
Page editor: Jonathan Corbet Kernel development Brief items Kernel release statusThe current development kernel is still 2.5.31; Linus has not released a development kernel (as of this writing) since August 10.Linus has not been idle, however; his BitKeeper repository (which may well be released as 2.5.32 by the time you read this) contains many changes. At the top of the list, of course, is the replacement of the IDE subsystem. Other stuff merged by Linus includes some NFS changes, the "scalable exit" patch from Ingo Molnar (see below) along with his other thread support improvements, an ACPI update, a set of page cache improvements from Andrew Morton, a new MTRR driver, more device model work, a new RTC driver, and a very long list of other fixes and updates. The latest 2.5 status summary from Guillaume Boissiere came out on August 20. The current stable kernel is 2.4.19. Marcelo released 2.4.20-pre4 on August 19; the biggest change in this prepatch is the addition of the JFS journaling filesystem. The current prepatch from Alan Cox is 2.4.20-pre2-ac6. The "ac" series looks to be the testing area for new IDE patches for some time, and thus may be, at times, less stable than people have come to expect.
Kernel development news IDE - now what?As covered on this week's front page, all of Marcin Dalecki's "IDE cleanup" work has been removed from the 2.5.32 kernel and replaced with the 2.4 "foreport." That leaves the IDE code in a state not that far removed from where it was when the 2.5 series started, and the Halloween freeze date is getting closer. What is going to happen to the IDE code now, and who will do it?At the moment, nobody is stepping forward to be the next IDE maintainer. For the time being it looks like Jens Axboe and Alan Cox are willing to oversee new IDE work and filter it on its way to Linus - but they will not necessarily do a lot of that work themselves. Alan has laid down some conditions, though:
I want order to this. That means all the driver cleanup goes into
2.4-ac (or "2.4-ide" or some suitable branch) first where we can
verify we aren't hitting 2.5 generic bugs and ide corruption is a
meaningful problem report. It means someone (not me) is the
appointed 2.5 person and handles stuff going to 2.5 (I'm happy to
identify stuff that tests ok in 2.4 as candidates). It also means
random patches not going past me.
If we can do it that way I'll do the job. If Linus applies random IDE "cleanup" patches to his 2.5 tree that don't pass through Jens and me then I'll just stop listening to 2.5 stuff. In other words, the 2.4-ac tree becomes the development area for new IDE work before it heads into 2.5. And Alan doesn't want to have to contend with patches taking other paths into 2.5. (Alan has also posted the set of attributes an IDE maintainer should have for anybody who is interested in the job). What is going to happen with the IDE code? A few people have requested that somebody pick up Marcin's work and finish the job, but nobody who is actually working with IDE seems to have much interest in that. Quoting Alan again:
Its easier to go back to functionally correct code and do the job
nicely than to fix the 2.5.3x code. Right now I'm working on
Andre's current code in 2.4.20pre2-ac* starting off with only
provably identical transforms between AndreCode and C and
documenting it
So it looks like the 2.4 IDE implementation is here to stay. Or, at least, something based on it - Andre Hedrick, as it turns out, has not been idle during this time. He has a whole set of patches - much of which is already in the -ac series - for nice things like Serial ATA, pluggable low-level transport drivers, modular chipset support, etc. At this point, it's hard to imagine this code not moving into 2.5 once it proves stable. Linus has his own plans for the future of the IDE code. These plans involve making some relatively minor changes to the current IDE core, mostly around moving some functionality up toward the block layer. Once that's done, development on a new "IDE-TNG" driver would begin. The existing IDE code at that point would be mostly frozen and thus remain stable; new work would happen in the new, scary, dangerous "TNG" driver. Support for older hardware would be removed from the TNG driver, allowing a great deal of historical cruft to be cleaned out. In retrospect, creating a new version of the IDE subsystem was the obvious way to carry out a major reworking of this code. You simply can not have a fundamental layer like IDE be unstable for months and expect to get a lot of other work done. The previous IDE transition (from the old "hd" driver) was handled in this manner. Had Marcin's work been done this way, he might well still be at it now. As it is, the window of opportunity for major IDE work in 2.5 has closed. There is time for smaller cleanups and the addition of needed features, but nobody has any appetite for anything that would seriously destabilize IDE again this close to the freeze date.
Making threads die quicklyIngo Molnar's work to improve the kernel's support of threads was covered here last week. This week, Ingo has moved on to the final part of a thread's life cycle: the exit() call. It turns out that the Linux exit() implementation has some real scalability problems, which are described and fixed in this patch.The cost of killing a process, it turns out, is proportional to the total number of processes running. In situations where thousands of tasks are running (and, remember, some threaded applications run thousands of threads) the exit() call can become truly expensive. Why is this happening? When a process exits, the kernel must "reparent" all of its children to keep the process hierarchy consistent. This should be a straightforward job, since each process keeps a list of its children in the task_struct structure. Unfortunately, due to some weirdness in how the ptrace() system call is handled, that list is not sufficient. ptrace(), it seems, rearranges the process tree so that the process being traced becomes a child of the process doing the tracing. To find processes which have been temporarly relocated to a "foster parent," the exit() system call must iterate over all processes in the system. And that, of course, is where the scalability problems come in. Ingo's solution is simply to maintain a separate list of all processes which are being debugged with ptrace() at any given time. That list will generally be quite short. When a process exits, it is now necessary to look at its list of children and the ptrace list, but at no other processes. No more scalability problems.
How random is random enough?Oliver Xymoron posted a set of /dev/random patches this week, introducing them with:
I've done an analysis of entropy collection and accounting in
current Linux kernels and founds some major weaknesses and bugs. As
entropy accounting is only one part of the security of the random
number device, it's unlikely that these flaws are compromisable,
nonetheless it makes sense to fix them.
Entropy, of course, can be thought of as the amount of random data the kernel currently has available for the creation of random numbers. The entropy pool is filled by looking at (hopefully) random events as seen by the processor - such as the timing of device interrupts. Oliver's claim is that the kernel is vastly overestimating the amount of entropy it is accumulating, and thus handing out numbers that are not as random as expected. Some of the trouble comes from over-optimistic assumptions of the amount of randomness really contained in interrupt timings. Simply put, the resolution of interrupt timing is not what the kernel thinks it is. Oliver also claims that interrupt timing is often observable or controllable by hostile users. The timing of network packets has long been considered suspect for this very reason; Oliver says that disk timing is subject to the same sort of manipulation. Oliver has also pointed out a bug in the way timing samples are merged into the entropy pool. Finally, Oliver claims:
Worst of all, the accounting of entropy transfers between the
primary and secondary pools has been broken for quite some time and
produces thousands of bits of entropy out of thin air.
Interestingly, this last one may not be a real bug - read Ted Ts'o's explanation of why things are done this way for the details. Generating random numbers that are resistant to guessing is a difficult task. Oliver's fixes have the result of greatly reducing the amount of entropy available to the system, and thus the number of random numbers that can be obtained from /dev/random. Linus doesn't like this aspect of the patch; he fears that making /dev/random difficult to use will just cause people to not use it.
Randomness is like security: if you make it too hard to use, then
you're shooting yourself in the foot, since people end up unable to
practically use it.
If /dev/random can not obtain enough entropy to be useful, says Linus, it's probably better to just get rid of it altogether. This discussion has reached no real resolution as of this writing, and the entropy patches have not been merged. Some sort of fix will likely go in at some point, once a compromise between "proper" entropy accounting and usefulness has been reached.
Patches and updates Kernel trees
Build system
Core kernel code
Development tools
Device drivers
Documentation
Filesystems and block I/O
Memory management
Architecture-specific
Security-related
Miscellaneous
Page editor: Jonathan Corbet Distributions News and Editorials Lycoris and Ericom Software Announce Desktop/LX InterConnectLycoris and Ericom Software teamed up to offer Desktop/LX InterConnect, a simple corporate desktop with full office suite and host connectivity tools. Desktop/LX InterConnect features Ericom Software's native Linux PowerTerm InterConnect software, the Lycoris ProductivityPak office suite, and the Lycoris Remote Desktop Client.
Distribution News Debian GNU/LinuxThe Debian Weekly News for August 20 is available. This week spotlights Tux Paint, a paint program designed for children with sounds, fun to use "magic" tools, and a simple user interface for Debian Jr.LinuxOrbit has an article entited Debian Package Management HOWTO Version 1.0. "This guide covers the basics of finding, installing and upgrading applications in Debian. In it, I have covered some of the very easy commands and command line tools available for package management in Debian. I then take a brief look at the stormpkg graphical interface available for Debian." Stable (woody), Testing (sarge) and Unstable(sid) are covered separately. UltraSPARC III+ systems are now supported and boot images are available.
Mandrake LinuxThe Mandrake Linux Community Newsletter - Issue #55 for August 15, 2002 is available. This issue looks at the new 8.2 "Update CDs" at MandrakeStore; and more.The Mandrake Linux 8.2 ProSuite Edition is one of the first distributions to be certified Linux Standards Base compliant. Mandrake Linux 9.0 Beta 3 is now available. Beta 3 contains numerous corrections and improvements to the DrakX installer and assorted software.
Red Hat LinuxRed Hat has a new (null) beta out. This one has a shiny new gcc-3.2 for better ABI compatibility.Red Hat has an updated redhat-lsb package available with LSB 1.2 support for Red Hat Linux 7.3 - i386.
New Distributions a-Linuxa-Linux is a single-floppy x86 mini-distribution. The distribution grew out of a collection of utilities written in assembly language, known as asmutils. A-Linux announced its initial release, 0.17, on August 17, 2002.
ThizLinuxThizLinux is a product of the Hong Kong company ThizLinux Labratory Ltd. Products include Thiz Linux Desktop 6.0, Thiz Office 3.0 (an Open Office clone localized for Hong Kong users), and Thiz Server 6.0.. (Thanks to Fred Mobach)
xbox-linuxxbox-linux, a version of GNU/Linux that will run on the Microsoft Xbox gaming console, has released version 0.1. This is the initial Freshmeat announcement for this project.
Minor distribution updates Astaro Security LinuxAstaro Security Linux has released stable version 3.208 with minor bugfixes.
Cool Linux CDCool Linux CD, introduced last week, is still working on code cleanup and releasing often with version 1.32 being the current at this writing.
Coyote Linux - WolverineCoyote Linux has announced updates to Wolverine. This should be the last wave of updates before the final.
Gentoo LinuxGentoo Linux has install guides available for PPC and Sparc machines.
LoopLinuxLoopLinux has released v2.0 with minor feature enhancements.
Lunar LinuxLunar Linux has frozen the moombeam until 1.0 is released.
Source Mage GNU/LinuxSource Mage GNU/Linux has a revitalized news site. Security updates and new packages are showing up there. Also, October 10th has been set as the freeze date for the 1.0 grimoire.
TA-LinuxTA-Linux has released TA-Linux 0.2.0-Beta1 (Alpha) with major feature enhancements.
VectorLinuxVectorLinux announced version 1.0 of its distribution. This small office/home office edition features the KDE 3.x desktop, the OpenOffice.org 1.0 office suite, and hand-picked software for every category from graphics to gaming. The kernel has been upgraded to 2.4.18, and is available in SCSI and IDE configurations. Reiserfs support has been added as well.
Page editor: Rebecca Sobol Development libsndfile 1.0.0Erik de Castro Lopo has announced version 1.0.0 of his libsndfile C language audio file conversion library, libsndfile is an offshoot of the wavplay utility. The libsndfile library can be compiled under Linux, many different Unixes, and Windows.The following audio file formats are supported:
Features of libsndfile include on-the-fly soundfile conversion, optional floating point normalization support, support for opening files in read/write mode with support for file header modification. The latest version features API modifications, and efficiency improvements for supporting multitrack disk recorder applications. The API changes may be viewed here. libsndfile has been released under the LGPL license.
System Applications Audio Projects ALSA 0.9.0 rc 3 releasedVersion 0.9.0 release candidate #3 of the ALSA sound driver, libraries, and utilities package have been released. Click below for the official announcement.
Database Software MySQL 3.23.52 ReleasedMySQL 3.23.52 has been released. This is a bugfix release for the stable tree.
Electronics gEDA NewsThe latest gEDA project news includes a new snapshot of the Icarus Verilog compiler and a complete update of the online symbol library.
Mail Software Bogofilter 0.2 releasedEric Raymond has released version 0.2 of bogofilter, a new spam filtering package. "Bogofilter is a Bayesian spam filter. In its normal mode of operation, it takes an email message or other text on standard input, does a statistical check against lists of "good" and "bad" words, and returns a status code indicating whether or not the message is spam. Bogofilter is designed with fast algorithms (including the Judy fast-associative-array technique), coded directly in C, and tuned for speed, so it can be used for production by sites that process a lot of mail."
Medical Software Open Paradigms Announces TORCH (LinuxMedNews)LinuxMedNews has an announcement for TORCH (Trusted Open source Records for Care & Health), an open-source medical practice management package. "TORCH is a forked development based on the GPL licensed FreePM code and as such maintains backwards compatibility to version 1.0b6 of FreePM. However, TORCH has been developed extensively beyond the capabilities of FreePM."
Printing AFPL Ghostscript 7.22 developer releaseVersion 7.22 (developer release) of AFPL Ghostscript has been announced. "This release contains a number of pdfwrite fixes, particularly for incremental fonts. The Device work was not ready for merge at the time of the release, so we expect it in the next."
Foomatic adds support for more Epson printersLinuxPrinting.org mentions that the Foomatic printer driver now has support for a number of new Epson inkjet printers.
Web Site Development Zope Members' NewsThis week's entries on the Zope Members' News include the release of Easy Publisher 1.7, Silva 0.8.3, a new ZDataQueryKit, and a report from Bug Day 8/02.
Desktop Applications Audio Applications WaveSurfer 1.4.3 releasedVersion 1.4.3 of the WaveSurfer sound visualization and manipulation tool is available. "The new version of WaveSurfer uses Snack v2.2, which incorporates code from the ESPS speech analysis library. ESPS was recently licensed to the Centre for Speech Technology by Microsoft and AT&T, with the aim to make it available to speech researchers again." See the changes file for more information.
Legasynth 0.4.1 is out!Version 0.4.1 of the Legasynth legacy audio synthesizer emulator package has been released. This version adds TB303 drum machine emulation, fixes for the SID filters, "controllers per machine", and bug fixes.
Desktop Environments KDE 3.0.3 releasedKDE 3.0.3 has been released. This is mainly a bugfix release, but it also includes a fix for the security problem in Konqueror, wherein it could be fooled into accepting invalid certificates (see this week's Security Page).
Kernel Cousin KDE #43Issue #43 of Kernel Cousin KDE is out with the latest KDE development threads.
GNOME 2.0.1 Desktop and Developer Platform Released!The GNOME 2.0.1 Desktop and Developer Platform has been released. Over 1000 bugs have been fixed, and performance has been improved.
The latest GNOME SummaryThe GNOME Summary for August 16 is out; it looks at the 2.0.1 release, GNOME's fifth birthday, gnome-print, and many other topics.
Games Pygame Patch Release 1.5.2 availablePatch Release 1.5.2 of the Pygame game module set for Python has been released. "The main reason for the change is our continuing struggle to find a 'free' default font. There are also some minor bugfixes included." See the ChangeLog for the details.
Graphics the GIMP 1.3.8 releasedVersion 1.3.8 of the GIMP, the GNU Image Manipulation Program, has been announced. "This is an unstable release in the development branch. Here's where the development takes place on the road to the next stable release dubbed GIMP 1.4. This release is targetted at developers and curious users. Don't use it for your daily work. If you are looking for the stable version, get GIMP version 1.2.x. Please install GTK+ before configuring the GIMP for compilation. This GIMP requires GTK+ version 2.0.0 or later."
Office Applications AbiWord Weekly News #105Issue #105 of the AbiWord Weekly News is out with the latest AbiWord development news.
Release of stable GnuCash version 1.6.7 (Gnotices)Stable version 1.6.7 of GnuCash has been released. Bug fixes and additional translations have been added.
Kernel Cousin GNUe #42Issue #42 of the Kernel Cousin GNUe is out with the latest GNU Enterprise development news.
LyX 1.2.1 is releasedVersion 1.2.1 of the LyX GUI interface for the TeX typesetting language has been released. This is a maintenance/bug fix release.
Web Browsers Mozilla 1.0.1 and 1.1 Release Candidates (MozillaZine)MozillaZine has an announcement for the new Mozilla 1.0.1 and 1.1 release candidates. "We think that these builds will prove themselves in more widespread testing and will not require significant changes to become the 1.0.1 final builds later this month. The 1.0.1 release candidate builds also give our localization and theme contributors a couple weeks head start in getting their work ready in time for the 1.0.1 final release."
Languages and Tools Caml Caml Weekly NewsThe Caml Weekly News for August 13 - 20, 2002 is out. Topics include camlp4 One Day Compilers, the XEmacs ocaml mode, Unison status, and PXP 1.1.91.
Objective Caml 3.06 releasedVersion 3.06 of Objective Caml has been released. This is a bug-fix release.
The Caml HumpThis week, the Caml Hump looks at CIL, an infrastructure for C Program Analysis and Transformation.
Eiffel ELJ 0.3 releasedVersion 0.3 of ELJ, the open source projects and library bindings for Eiffel, has been released.
Java Get started with Castor JDO (IBM developerWorks)Bruce Snyder shows how to do object-relational data binding with the Castor JDO (Java Data Objects) on IBM's developerWorks. "A growing number of enterprise projects today call for a reliable method of binding Java objects to relational data -- and doing so across a multitude of relational databases. Unfortunately (as many of us have learned the hard way) in-house solutions are painful to build and even harder to maintain and grow over the long term. In this article, Bruce Snyder introduces you to the basics of working with Castor JDO, an open source data-binding framework that just happens to be based on 100 percent pure Java technology."
JSTL 1.0: Standardizing JSP, Part 1 (O'Reilly)Hans Bergsten introduces JSTL 1.0 on O'Reilly. "June 11, 2002 started a new phase for JSP developers. That's when the JSP Standard Tag Library (JSTL) 1.0 specification was released. The Apache Taglibs project followed up with a reference implementation a few days later. JSTL answers developers' demand for a set of standardized JSP custom actions to handle the tasks needed in almost all JSP pages, including conditional processing, internationalization, database access, and XML processing."
XML Basics for Java Developers, Part 5 (O'Reilly)Jonathan Knudsen and Pat Niemeyer have released the fifth and final part in their series on XML Basics for Java Developers. "In this final in a series of XML basics for Java developers book excerpts from Learning Java, 2nd Edition, get an introduction to XSL/XSLT and Web services."
GCJ updatesThe GCJ home page mentions that Andrew Haley has updated the gcc tree-based inliner to work for GCJ.
Lisp OpenMCL 0.13 releasedVersion 0.13 of OpenMCL Common Lisp has been released. New features include better shared library access, more examples, faster bignum multiplication, and more.
Perl This Week on Perl 6 (O'Reilly)This Week on Perl 6 for August 18, 2002 covers Scratchpad.pmc, Perl 6 regexes, GC issues, a quotematch speedup, Keyed access to PerlArray/PerlHash, a PASM problem, set Boolean, The first pirate parrot, External Data Interfaces, and more.
This Week on perl5-porters (use Perl)The August 11-18, 2002 edition of the Perl 5 Porters summary covers a wide range of Perl topics.
Functional Perl 6 Compiler for Parrot Arrives (use Perl)Use Perl has an announcement for a new, functional Perl 6 compiler for parrot. Perl 6 compiler for parrot. "This implements pretty much all of the language specified in Apocalypses 1 through 4, and we're working on Perl 6 regexes."
PHP PHP Weekly SummaryThe August 19, 2002 edition of the PHP Weekly Summary covers the following topics: "Windows Manual released, PHP 4.2.3 revisited, PHP on AIX, Sorting arrays, Thread safety in PHP, ext/java RMI, DOM-XML updates, debug_backtrace() for PHP 4.X, Streams support, Commenting code."
PHP References (O'Reilly)John Coggeshall illustrates PHP objects on O'Reilly. "In my last article, I wrapped up my discussion of using objects in PHP. This week I'll be changing gears a little bit and discussing one of the more elusive aspects of PHP -- references. For those of you with a C programming background (although they are fundamentally different), references serve the same purpose as a C-style pointer. For those of you without programming experience in C, don't worry! I'll be covering everything you'll need to know today."
the Pear Weekly NewsThe latest Pear Weekly News is out with: "A very interesting read this week on the pear development list, with 4 New Releases, 1 New package proposed, and discussions on PHPDoc Tags, OpenOffice Docbook converters, Permission Management and an upgraded Net_Whois package."
Python Dr. Dobb's Python-URL! - weekly Python news and links (Aug 19)This week's Python-URL covers the death of Kristen Nygaard; The Dijkstra quote spawns a debate on the Zen koan "There should be one -- and preferably only one -- obvious way to do it."; and much more.
the Daily Python-URLThis week, the Daily Python-URL covers Easy Publisher 1.7, Python cPickle, Python Bibliotheca, Objects and classes in Python, the Persistence-SIG, UDDI4Py, Parsing with the Spark module, a review of the book 'Practical Python', and more.
Ruby The Ruby GardenThis week, The Ruby Garden covers a new version of GMP bindings to Ruby, TCLink for Ruby, the Ruby Conference 2002 CFP, and a Ruby workshop at the LinuxWorld Conference & Expo in Frankfurt.
The Ruby Weekly NewsThe Ruby Weekly News for August 19, 2002 looks at ZenWeb 2.11.0, FXRuby-1.0.12, the ONI Object Network Interface, Net/Proto, the Narf cgi library alpha release, and other Ruby language threads.
Scheme Scheme Weekly NewsThe August 19, 2002 edition of the Scheme Weekly News looks at scm-pdf 0.2, Schematics PLT SRFI, Quack 0.5 for Emacs, the SRFI-Discuss mailing list, and the upcoming International Lisp Conference 2002.
Tcl/Tk Dr. Dobb's Tcl-URL! - weekly Tcl news and links (Aug 19)Here is the latest Tcl-URL. Inside: Richard Suchenwirth and Rolf Ade show how easy it is to create "a little XML browser" in a few lines of Tcl; tips for writing Tcl scripts that will be run out of inetd; and much more.
XML Exploring XML Encryption, Part 2 (IBM developerWorks)Bilal Siddiqui continues his series about implementing an XML Encryption engine on IBM's developerWorks with part two. "In this second installment, Bilal Siddiqui examines the usage model of XML Encryption with the help of a use case scenario. He presents a simple demo application, explaining how it uses the XML Encryption implementation. He then continues with his last implementation of XML Encryption and makes use of JCA/JCE classes to support cryptography. Finally, he briefly discusses the applications of XML Encryption in SOAP-based Web services."
The Absent Yet Present Link (O'Reilly)Kendall Grant Clark writes about some issues with the W3C draft specifications for XHTML 2.0 on O'Reilly. "As is often the case, however, reaction to a new W3C specification, even a very early draft, exposed a venerable, enduring fault line in the XML world, namely, the split between XML users and XML core developers. In this case, we'll let the former be represented by the weblogging community, the latter by the XML-DEV list. Of course, this division is mostly a fiction, a little heuristic I'm using to make a larger point, but it's not entirely divorced from reality."
Miscellaneous Mastering Linux debugging techniques (IBM developerWorks)Here's a developerWorks article that explains Linux debugging tools and techniques in various scenarios. "When your program contains a bug, it is likely that somewhere in the code, a condition that you believe to be true is actually false. Finding your bug is a process of confirming what you believe is true until you find something that is false." (Thanks to Debra Suzuki)
Page editor: Forrest Cook Linux in Business Business News August 2002 Netcraft Web Server SurveyThe August, 2002 Netcraft Web Server Survey is out, with the latest web server statistics. This month, Apache use is up and Microsoft use is down, mostly due to moves by a few large corporations.
Press Releases Distributions and Bundled Products
Software for Linux
Products and Services Using Linux
Hardware with Linux support
Linux at Work
Java Products
Trade Shows and Conferences
Partnerships
Investments and Acquisitions
Financial Results
Personnel and New Offices
Miscellaneous
Page editor: Rebecca Sobol Linux in the news Recommended Reading Free Culture (O'Reilly)The full text of Lawrence Lessig's keynote speech at the 2002 Open Source Convention, is up at the O'Reilly Network. "In 1774, free culture was born. In a case called Donaldson v. Beckett in the House of Lords in England, free culture was made because copyright was stopped. In 1710, the statute had said that copyright should be for a limited term of just 14 years. But in the 1740s, when Scottish publishers started reprinting classics (you gotta' love the Scots), the London publishers said "Stop!" They said, "Copyright is forever!" Sonny Bono said "Copyright should be forever minus a day," but the London publishers said "Copyright is forever.""
MS yanks free Web TTFs (Register)Microsoft has ended free downloads of their TrueType fonts for the Web, reports this Register article. "Ultimately, this is probably all for the best. While it's undoubtedly irritating to see a much-appreciated resource coldly and suddenly withdrawn by the Beast merely to make alternatives to its licensing extortion less attractive, it's high time that the open-source community got serious about developing some really handsome fonts."
Embedded Linux Platform Spec achieves 'strawman' phase (LinuxDevices)LinuxDevices reports on progress towards an embedded Linux Core Platform. "Meeting nine times since kickoff in March, the Embedded Linux Consortium's Core Platform Working Group has achieved consensus on a strawman specification. The document will soon circulate for comment among member companies under the organization's intellectual property rules. This cycle will enable the group to build a completed core platform specification for the global embedded Linux community by year's end. A difficult but worthy goal, the Core Platform is expected to bring order to the market by reducing concerns and silencing competitive disinformation about operating system fragmentation and support."
Corporate Open Source Collaboration? (Clustering Foundries)Brian Finley examines how corporate involvment in open source development has changed things. "Now the individuals working on a project are doing it because they're told to, they're adding the features that they're paid to add, and corporations are providing direction to the developers instead of the individuals being self directing. Sure the individuals have a certain degree of autonomy, but they must now work within the scope of the "corporate good" instead of being focused on what they think would be fun or on what they need to get their own job done."
Penguin Power! (TechWeb)This article on Tech Web claims that Linux may make it onto corporate desktops by accident. "With so many companies lining up behind Linux enterprise solutions, the top-down theory that the open-source operating system might gain a piece of the corporate desktop market by being a server OS has some merit. Red Hat and UnitedLinux are the two organizations most likely to deliver such a version. But it'll be the big guns of IBM, Sun, Oracle, HP, Dell, and others whose increasingly Linux-based missions could literally push Linux onto the desktop almost as an afterthought."
Trade Shows and Conferences LinuxWorld Day 3Russell Pavlicek has sent us his coverage of LinuxWorld, Day 3. Click below for the full story.
IBM name calling at LinuxWorld (Register)The Register covers the LinuxWorld keynote by IBM's Global Services vice president and group executive Douglas Elix. ""Microsoft began calling it a cancer, a threat to intellectual property and the American way," he said. "Yesterday I saw Microsoft's booth in the convention center and had to pinch myself to make sure I wasn't dreaming," he said."
Sun readies open source desktop (ZDNet)ZDNet covers Sun CEO Scott McNealy's LinuxWorld keynote. "Sun cites the fact that Linux has been growing faster on the desktop than in the server market as a primary reason that Sun plans to focus attention on the client side. The new focus also fits neatly into McNealy's goal to do whatever he can to stymie the Microsoft Windows machine, which, in typical McNealy-speak, he called a "welded-shut hairball.""
Get a Linux desktop--and lose your cozy office! (ZDNet)Here's an article about Sun's participation in LinuxWorld, with other LinuxWorld observations. "Sun will be able to shove nearly two people into every office--and cube, more likely--because the software will allow them to log on from any workstation, anywhere. McNealy said this proves you don't need Microsoft Windows to do your work, although how Linux would be different from Sun's Solaris OS in powering such a project, I really don't understand."
Ellison seeks open-source unity (News.com)News.com covers Oracle CEO Larry Ellison's LinuxWorld keynote. ""We are moving very aggressively, not just to jump on the Linux hype bandwagon, but we're using Linux to run our own business," Ellison said. "We're encouraging our customers to pick Linux because it's cheaper and fasterÂ…and more reliable than any other environment around."" Ellison also stated that the lack of an office suite that is equivalent to Microsoft Office is holding Linux back.
Ellison Pushes Clustering On Linux (TechWeb)TechWeb covers Oracle CEO Larry Ellison's LinuxWorld address. "All of Oracle's midtier applications will run on Linux by the end of this year, Ellison says. The company's Linux clustering customers already include Dell Computer and the Federal Aviation Administration, as well as several European companies. Market research shows that Oracle's databases and application servers are the No. 1 choices on Linux, he says. "I don't think we've had a single new technology take off as rapidly as clustering on Linux," says Ellison, adding that the company has expanded its strategy of promoting Linux to existing users to others who might not have considered it."
eWeek coverage of LinuxWorldeWeek has posted a bunch of articles on the happenings at LinuxWorld.
Can Linux duck the Redmond death ray? (News.com)Here's a News.com perspective on Microsoft's presence at LinuxWorld Expo. "Yet at the same time, Microsoft understands that Linux may be the biggest threat to its domination of the desktop since Janet Reno and her legions at the Justice Department. Some Redmond insiders would love to crush Linux, but it?s way too late for that. And so it becomes all the more important to engage the Linux community--if not co-opt it."
Linux users march on city hall (News.com)News.com reports that a small but enthusiastic crowd of Linux lovers hit the streets of San Francisco on Thursday. "Led by Michael Tiemann, chief technology officer of Linux seller Red Hat, the group marched the mile-long stretch from the LinuxWorld conference to San Francisco City Hall. There, Tiemann unveiled the Digital Software Security Act, a proposal that would prohibit the state from buying software that doesn't open its code."
HP's Linux icon chooses politics over paycheck (InfoWorld)InfoWorld reports that Bruce Perens is leaving HP. "While taking part in a San Francisco rally Thursday in support of proposed legislation that would require California's government IT systems to use open source software over proprietary programs, Perens said his corporate ties are getting in the way of his political ideals."
No Free Dinner for Free Software (Wired)Wired News covers a dinner to benefit the Free Software Foundation. "The night's guest of honor? Not, as one might imagine, the FSF's well-known leader; he was in Costa Rica. Instead, the FSF recruited Stanford law professor Lawrence Lessig as the main draw for an intimate discussion of the coming battles between the individual artists and hackers who create copyrighted material, and the large technology and media corporations that Lessig says are stifling this creativity."
Open Sourcers Say Grid Is Good (Wired)Wired covers reactions to various keynotes at LinuxWorld. "You have to wonder how all this backstabbing business stuff is going to affect the camaraderie of Linux development," Frank Pfeil, a systems administrator from New York, said. "Linux coders aren't all sweetness and light, but we never stood around and mocked each others' work for three days straight at a public event like these big companies have done.""
International House of Penguins (Wired)Wired looks at the international flavor of this year's LinuxWorld. "Most prominent was the announcement of a Chinese government-sponsored Linux distribution called Yangfan Linux. Built by a coalition of government, universities and private companies, the distribution will eventually replace Windows on all government computers."
Linux goes from strength to strength (BBC News)The BBC News reports from LinuxWorld Expo. "Events and announcements at the 2002 Linuxworld Expo show how the operating system is evolving and how it is being adopted and adapted by the biggest technology companies."
BlackHat 2002: The White House and Free Software Will Guide the Industry (Linux Journal)Linux Journal reports from BlackHat 2002. "A focus on security is necessary, but can the government and the Free Software and Open Source communities agree on what that means? For the first time since the September 11th attacks, one of the foremost computer security conventions took place: BlackHat 2002 in Las Vegas, Nevada. The American government embraced the occasion as an opportunity to show the new direction they want to take for dealing with security in cyberspace. Their new approach involves cooperation with the industry, because the next major strike of terrorism very well could be through cyberspace. And any attack on our society could be severe. Fortunately, a lot of progress is being made in the field of security, and a lot of that innovation is coming from the Open Source and Free Software communities. When it comes to issues of security, however, many governments have yet to find a good way to deal with free and open-source software."
Companies IBM, Borland Team On Development Tools (TechWeb)Internet Week reports on the collaboration between Borland and IBM. "Borland Software on Monday said it will work more closely with IBM to create and market development tools for Windows and Linux platforms. Under the deal, IBM will bundle Borland Delphi Studio Architect, C++Builder Enterprise, and Borland Kylix Enterprise trial versions with its DB2 database. In exchange, Borland will bundle the IBM database with the three development tools as well. The two companies will also jointly create a customer portal to help developers migrate from their current tools to the Borland and IBM platforms, they said."
Orem, Utah-Based Caldera, Partners Announce Debut of New Linux System (The Salt Lake Tribune)The Salt Lake Tribune covers Caldera International and UnitedLinux. "A public test release of UnitedLinux -- a uniform product based on the "open source," or freely distributed Linux kernel program that has inspired hundreds of versions since its release in 1991 -- is expected Sept. 15, with the final commercial product to appear sometime in November."
IBM takes eLiza to low-end servers (Register)The Register examines IBM's new Intel-based eServer x205.
It's reality check time for Lindows (ZDNet)ZDNet examines the changing business strategy at Lindows. "Lindows.com chief executive Michael Robertson has said in the past that marketing, rather than technology, was the key to increasing Linux's acceptance in the mainstream market, and the company's marketing has shifted away from Windows compatibility to features such as the company's application download service. The change has led some industry observers to question whether Lindows really has anything to offer that isn't already available in existing Linux distributions."
LSB certifications confuse Sun's Linux standards story (Register)The Register looks at LSB compliance and Sun Linux 5.0. "McNealy's comment seems strange given that, according to Sun's own developer resources, Sun Linux 5.0 is "highly compatible with Red Hat Linux 7.2", and differentiated from Red Hat Linux 7.2 only by different RPM package manager versions and installer functions. Now that Raleigh, North Carolina-based Red Hat is one of the first distributors to become LSB-certified, McNealy's comments look increasingly like smoke and mirrors."
Microsoft lobby opens fire on open source (News.com)News.com reports on the CompTIA lobbying group's Initiative for Software Choice. "The initiative takes aim squarely at what has become one of the major themes in the software business this year: government use of open-source software, best known as the development model behind the Linux operating system. Governments in France, Germany, Peru and other countries have passed or are considering bills that would encourage the use of open-source software in the public sector." Microsoft is the largest supporter of the group, Intel is also a member.
Sun needs more Linux partners (ZDNet)ZDNet looks at Sun's Linux strategy. "Dell, Hewlett-Packard and IBM partner with one or more OS distributors for kernel integration and support. Sun's limitation in using a version of Red Hat's Linux will likely prevent it from capitalizing on performance enhancements in enterprise applications and database management offered by Red Hat's Advanced Server--drawn from partnerships with Oracle and other ISVs. However, this limitation reflects Sun's plan to target edge-server applications based on LAMP (Linux, Apache, MySQL and PHP) and Sun One."
Turbolinux sells Linux business, name (News.com)News.com reports on changes at Turbolinux. "Turbolinux has sold its Linux business to Japan's Software Research Associates and in the process has completed its transformation into a proprietary software company. Brisbane, Calif.-based Turbolinux has transferred all of its Linux assets, including its name, to SRA, one of Japan's oldest software firms, Turbolinux said Tuesday. Turbolinux came to prominence by selling a version of the Linux operating system in the Japanese market." The company's new name has not yet been announced.Internetnews.com also has an article on the Turbolinux story.
Business Amazon.com Says Switch to Linux Operating System Has Saved It MillionsAccording to this article in the Seattle Times, Amazon.com has saved millions of dollars by switching to Linux. "Amazon.com switched nearly its entire computer network to the freely shared Linux operating system not because of politics but because it is helping the company grow and cut costs, Amazon's engineering chief said yesterday. "We wanted the best tool for the task," said Jacob Levanon, director of systems engineering at the Seattle-based Internet retailer. Amazon has become a poster child for the progress Linux is making in large-enterprise computing since the Web giant began using Linux to run 92 percent of its network computers last September."
Verizon switches programmers to Linux (News.com)According to News.com, Verizon has switched its programmers to Linux, and is saving bundles of cash as a result. "Telecommunications company Verizon Communications saved $6 million in equipment costs by moving its programmers to Linux computers, the company said Wednesday. The company cut costs by replacing programmers' Unix and Windows workstations with Linux systems that run OpenOffice instead of Microsoft Office, said George Hughes, a Verizon executive overseeing the work. The average desktop cost went from $22,000 to $3,000 per developer, he said in a talk at the LinuxWorld Conference and Expo."
Westport Rivers Toasts Open Source (TechWeb)The Westport Rivers Winery dumped Windows in favor of Linux to save money and support expansion, reports TechWeb. "Westport also wasn't getting the performance it needed. The servers were going through memory like a wedding party through champagne, causing the winery's system to lock up. Microsoft couldn't give Russell a satisfactory explanation as to why this was happening."
International Organisations Take a Close Look at Linux (Linux Journal)This Linux Journal article looks at Linux adoption around the world. "GNU/Linux is a suitable tool for organising too, as it was recently pointed out by LINC. "The Low Income Networking and Communication (LINC) Project of the Welfare Law Center has helped many low-income led organizing groups acquire access to the Internet and use technology more effectively," says Dirk Slater, senior circuit rider for LINC at the Welfare Law Center."
Interviews LWN talks to CodeWeavers Chief Jeremy WhiteEmploying 12 full-time Wine developers, CodeWeavers is a company that builds business solutions based on Wine. Jeremy White, company CEO, was kind enough to answer a few of my questions in e-mail. Click below to read Jeremy's thoughts on Lindows, free office packages, and a pile of information about Wine.
Freehackers.org Interviews KDevelop TeamFreehackers.org talks with the people behind KDevelop IDE about the history of the project and their contributions.
Interview: IBM's Linux Tech Chief (ZDNet)ZDNet has interviewed Daniel Frye, Director of IBM's Linux Technology Center on topics including the SourceForge Enterprise Edition, IBM's Solaris to Linux migration program, and the future of AIX.
Interview: Caldera's new CEO (ZDNet)ZDNet interviews Caldera's new CEO, Darl McBride. "The first four weeks on the job I've spent a lot of time looking for value points, leverage points, if you will, in terms of "what do we do with this company". And I just sent out a letter to shareholders a couple of days ago--I won't bore you with all the details--but there are a couple of interesting things in there that I found out about Caldera that I didn't know before."
Sun Microsystems' Chief Puts Confidence in Open-Source MomentumThe Seattle Times interviews Sun Microsystems' CEO Scott McNealy. "Sharing is not a new thing. Sharing in our industry would have happened a lot more had (IBM) not grabbed the server monopoly a long time ago, and then (Microsoft) grabbed the desktop monopoly. I've always said A through Z, 0 through 9, grammar, syntax and basic math should not be copyrightable. Microsoft says "I'm going to own the alphabet. I'm going to add new characters. I'm going to charge you extra for the vowels. And I'm going to own grammar and syntax, too."
MozillaNews interviews David AscherMozillaNews has interviewed David Ascher, tech lead for the ActiveState Komodo Mozilla-based IDE.
Resources Embedded Linux Newsletter for August 15, 2002The LinuxDevices Embedded Linux Newsletter for August 15, 2002 is out with lots of stories from the LinuxWorld conference.
Reviews Open-Source Databases Hike Enterprise Appeal (eWeek)eWeek looks at open source databases as they add support for enterprise applications. "A PostgreSQL feature that would enable point-in-time recovery, so that database administrators don't have to restore an entire database after a crash, should be out within six months, said Lockhart, in Wolfville, Nova Scotia."
Miscellaneous Secure Linux OS seeks global dominance (ZDNet)Here's a ZDNet article on security, and the NSA's SELinux. "The lynchpin in SELinux security is mandatory access control, a method that NSA championed as early as October 1998 in a white paper on computer security failures. The problem is, mandatory access control systems can't do a thing if they don't have rules to follow. Having your developers write all those rules would be cumbersome to say the least, a fact not lost on CPI."
Dodging pop-ups with Mozilla (News.com)According to News.com, Netscape 7.0 will not include Mozilla's ability to block popup advertising windows. ""Netscape is a commercial offering--it's not in its interest to offer a browser that could kill pop-up ads," said Michael Gartenberg, research director with Jupiter Research. "That's the equivalent of one of the broadcast networks coming out with a digital video recorder that can skip commercials.""
Linux makes a run for government (News.com)News.com looks into the process of getting Linux into the US government. "The Cyberspace Policy Institute, established a decade ago at George Washington University, plans to push for Linux to be certified under the Common Criteria, a standard grading of technology required by the United States and other countries before products can be sold into sensitive government applications."
Linux battle becomes political (BBC)BBC News reports on efforts by the Initiative for Software Choice lobby to stifle adoption of open-source software by governments. "Many governments like this software because it is cheap, has a ready source of experts to help with problems, runs on a huge variety of hardware and does not lock them into lengthy licence agreements. Some have even gone as far as to mandate the use of open source software in big projects." Thanks to Martin Rowe.
Linux: Penguin Suitability (NineMSN)Linux receives some mainstream press coverage from MSN. "Whatever happened to Linux on the desktop? Once upon a time the open, free operating system held a philosophical magnetism that promised to bring down Microsoft. But its reliability and low cost count for nothing at the PC coalface, where Windows rules. It's different in corporate-land. Linux has had a dream run, its acceptance accelerated with support from heavyweights such as IBM and Hewlett-Packard. These companies want Linux to power their back-end servers, but when it comes to the PC, familiarity is more important than cost, and few are familiar with Linux." Thanks to Con Zymaris.
China targets Windows with Linux-based OS (Register)The Register looks at Linux in China. "In last month's report on a Chinese effort to build a home-grown Win98, we appealed for further enlightenment on the nature of the project. Well, it's taken a while, but a kindly Chinese speaker has done some digging, and reveals it's Linux-based, and GPLed."
O'Reilly questions free-SW regs (Register)The Register discusses comments made by Tim O'Reilly on the politicization of software by radical fringe groups. "Where are these 'radicals' O'Reilly is concerned about? Apparently he's been frightened by a handful of teenage Slashdot trolls. Meanwhile the grownups are making sense, so far as I can tell. So what if they get a bit dramatic to make their point? Drama, like open source software (and skateboarding), is hardly a crime."
Free speech, free beer and free software (News.com)Simon Philips writes about open-source concepts on News.com. "The early years of open source have thus focused on free (as in beer) software, so it is still possible to misunderstand. But we have seen a definite shift in thinking. The open-source community has welcomed companies that build commercial enterprises, as long as they act symbiotically rather than parasitically. Today it is clear that open source has matured."
Call It the U.S. Open Source (Wired)Wired looks at the use of Linux at the U.S. Open. "Laptop computers running Linux will be used on the tennis courts to collect and transmit scores during the games."
Page editor: Forrest Cook Announcements Resources The history of BugzillaTelsa Gwynne has summarized the history behind GNOME's use of the Bugzilla bug reporting system.
OpenOffice Developer's Guide - CFPSun Microsystems is working on a new OpenOffice.org Developer's Guide. Community users of OpenOffice are being requested to participate in the writing of the guide.
OpenOffice.org Address Books and Form Letters (Linux Journal)Linux Journal has published a tutorial on importing data sources for address books and form letters into OpenOffice 1.0.
Upcoming Events AUUG 2002 Conference Student Day, MelbourneThe AUUG will be holding a free Student Day in Melbourne, Australia on September 3, 2002 with the aim of getting students involved in Linux and free software.
FLOSS final reportThe FLOSS (Free/Libre/Open Source Software) study from the University of Maastricht is now available in its final form. Set aside a fairly large chunk of time to read through the whole thing. "Almost half of the sample (46%) does not earn money from OS/FS, neither directly nor indirectly. In turn, this means that the majority of the OS/FS developers receives some kind of reward for contributions to OS/FS. Comparing the amount of monetary and non-monetary rewards with regard to the respective shares of developers in the different items, both kinds of rewards seem to have the same importance for the community."
Ruby Conference 2002 CFPA Call for Presentation proposals has been posted for the Ruby Conference 2002, to be held on November 1-3 in Seattle, WA.
Events: August 22 - October 17, 2002
Web sites We Want Linux press releaseWe Want Linux is a self-funded non-commercial group of IT professionals, who would like to see the computing consumer have as many options in the marketplace as possible. They are currently running a survey to see how many people would be interested in demoing Linux at the retail outlets.
Software announcements This week's software announcementsHere are the software announcements, courtesy of Freshmeat.net. They are available in two formats:
Miscellaneous TPJ Ceases Publication (use Perl)Use Perl mentions that final issue of The Perl Journal has been published, the journal is being discontinued due to low advertising revenues.
Artifex and artofcode announce Ghostscript "bug bounty"In an effort to track down bugs before the 8.0 release of AFPL Ghostscript, Artifex Software, Inc., and artofcode LLC have announced a "bug bounty" program, in which $500 will be awarded to those who find bugs in AFPL Ghostscript. There are a few restrictions on the awards.
Zope Community Awards (ZopeZen)ZopeZen is carrying the results of the latest Zope Community Awards.
Page editor: Forrest Cook Letters to the editor RAND Licenses
Dear LWN readers,
Debunking DMCA myths
Hi Declan,
You left off...
> Several governments, including those of France, Germany, Britain and
Page editor: Jonathan Corbet
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||