LWN.net Weekly Edition for August 22, 2002
The hard side of the Bazaar
The "Bazaar" style of project management, as described by Eric Raymond and typified by the Linux kernel development model, is undoubtedly effective at producing quality software, at least in some situations. It can also, however, be a harsh environment in which to operate, as demonstrated by events in the kernel community over the 2.5 series, and especially over the last week.Readers of the LWN.net weekly Kernel Page will have been following the development of the IDE/ATA layer in the 2.5 series for some time. For the rest, here is some quick background to provide context for the rest.
The IDE layer, of course, is the low-level code that handles the disk (and CD) drives found on most Linux systems. This code operates under a number of serious constraints. It must be fast - able to drive the hardware at its maximum speed; the performance of a Linux system as a whole is highly dependent on how fast its disks can go. It also must be absolutely correct; users get grumpy when their data is lost or corrupted. And it must deal with a wide variety of, um, "inexpensive" hardware that does not always behave as the documentation and standards say it should. Hacking on the IDE subsystem is not for the faint of heart.
In recent times the IDE maintainer has been Andre Hedrick. Andre has had numerous communication problems with Linus (and others) which have made it difficult for him to get patches into the kernel. It is also fashionable in certain quarters to criticize the quality of Andre's code. But, it should be said: Andre's IDE layer has proved, over time, to be rigidly standards compliant and highly reliable.
Andre's inability to get patches into the kernel left a void in the 2.5 series, however. That void was filled by Marcin Dalecki, who started posting his "IDE cleanup" patches back in February. The "cleanups" began to look increasingly like a complete rework (and hostile takeover) of the IDE code, and, with IDE 18, Marcin put his name into the MAINTAINERS file.
Marcin's work has been controversial all along - especially after he
started removing features that people were using, and when the IDE layer
started breaking for some users. His approach was not subtle, and he
seemed untroubled by the concerns of the other Linux kernel hackers. After
all, said
Marcin, "Breakage is the price you have to pay for
advancements.
"
Linus, for the most part, seemed to agree; he merged almost every patch from Marcin through IDE 115, posted on August 9.
All this changed on August 16, when Linus, without fanfare, deleted the entire 2.5 IDE subsystem and replaced it with the "foreport" of the 2.4 IDE layer, done by Jens Axboe and others. The word from Linus is that Marcin got tired of all the criticism and quit; Marcin, himself, has been silent since then. It is telling, though, that Linus responded by simply deleting and replacing the entire body of 2.5 IDE work, rather than trying to find somebody who would continue that task. Either Linus came to agree with other kernel hackers about the quality of the reworked IDE code, or he concluded that nobody else would be willing to work with that code.
The end result is that six months worth of Marcin's work, in the form of 115 IDE patches, has just been dumped into the bit bucket.
And that is an example of the harsh side of participating in the kernel bazaar. One can work for months, see that work apparently accepted, then have it vanish in a moment. Linus has said numerous times that the doesn't much care about the feelings of kernel hackers; he is far more concerned about the quality of the code. This approach may well be part of why Linus is a good manager for Linux development - in the end, the code quality must remain high or the whole thing will collapse under its own weight. But it also explains why kernel hackers occasionally get frustrated and leave the kernel development community. The bazaar can be fun and effective, but it's not always nice.
The GNOME Human Interface Guidlines
The GNOME project has announced the release of version 1.0 of the GNOME Human Interface Guidelines (HIG). The HIG is, according to the announcement:
Leaving aside the hype, some examination of this 130-page document shows that it is, indeed, an impressive piece of work. The HIG examines many aspects of the usability of graphical applications, from window layouts, color selections, icon design, etc. through to things like how to label menu entries. A simple example of the sort of work that has been done:
Like many things in the usability arena, this conclusion seems obvious - in retrospect.
Even after years of human factors research, creating highly usable applications still requires a great deal of plain hard work. Application designers are often blind to things they do that confuse their users. Creation of the best desktop applications available requires more than just great hacking; it requires serious attention to all of the little things that make those applications really work for the people who will use them. The HIG, thus, is a great contribution to the free software community, in that it will help to focus and guide that attention.
The HIG is also the sort of work that free software developers are not supposed to be good at. What self-respecting, ego-driven, itch-scratching free software hacker is going to bother with human factors research, after all? Such claims have been increasingly hard to defend for some time; the HIG is just one more example of what the free software community is really capable of.
One other quote from the announcement is worth a look:
A true gesture toward cooperation could certainly have been done in a less public and challenging way. It is true, though, that the creation of a common interface document could be a good way for the two projects to work together. The creation of a more consistent desktop environment across the two projects would help both - as would a more formal approach to human factors in general. And both projects could join this work while maintaining their own code bases. It's worth some thought.
The obligatory LWN status update
There is not a whole lot to report this week with regard to LWN's status and life expectancy. We are still in "discussions" with our credit card clearing company. We are still hacking on the subscription code (it's mostly complete) but are not sure if we will be able to accept credit cards to pay for those subscriptions. Hopefully all of this will settle out before too long. Meanwhile, we're doing what we can to continue to produce the best news available for the Linux and free software community. Thanks, as always, for your continuing support.
Security
Brief items
Konqueror and digital certificates
Here is an advisory from the KDE project regarding a flaw in Konqueror's digital certificate handling. It seems that Konqueror (along with certain other, proprietary web browsers) doesn't look hard enough at how a site's certificate was signed, meaning that anybody can fake a certificate for anybody else's site. Thus, with a little additional trickery, it would be possible to set up "man in the middle" attacks and steal credit card numbers.The Register described this vulnerability as "a colossal stuff-up." Certainly the error is worth fixing, but anybody who is greatly concerned about this vulnerability would be well advised to look at the end of the "Certificates and Credentials" chapter in Bruce Schneier's Secrets & Lies:
All that SSL does in almost every use is to verify that the remote site has a certificate issued by a trusted authority. There is no verification that said certificate has anything to do with the site that the user expects to be interacting with. Man in the middle attacks are easily done even when the web browser properly checks how digital certificates were signed; the Konqueror vulnerability has not really opened up any new holes.
The real issue, which nobody is all that concerned about, is that the
digital certificate system is not doing much for its users. Quoting
Schneier again: "Digital certificates provide no actual security for
electronic commerce; it's a complete sham.
" Konqueror users should
go ahead and apply the patch (see the LWN
vulnerability entry for distributor updates as they arrive), but it's
not going to make them all that much more secure against man in the middle
attacks.
August CRYPTO-GRAM newsletter
Bruce Schneier's CRYPTO-GRAM newsletter for August is out; it includes a look at Palladium, the proposed law allowing attacks against online copyright violators, and the idea of arming airline pilots. "To me, it's another example of the insane lengths the entertainment companies are willing to go to preserve their business models. They're willing to destroy your privacy, have general-purpose computers declared illegal, and exercise special vigilante police powers that no one else has...just to make sure that no one watches 'The Little Mermaid' without paying for it. They're trying to invent a new crime: interference with a business model."
Security reports
FUDforum file access and SQL Injection
FUDforum is a web-based forum system. Ulf Harnhammar has reported two vulnerabilities in this package; one can provide access to files outside of the FUDforum directory, and the other can lead to SQL injection issues. The problems have been fixed in version 2.2.0.New PHP-Nuke cross-site scripting bug exposes admin accounts
A new cross-site scripting vulnerability has been reported in PHP-Nuke v5.6; properly exploited, this hole can be used to obtain access to the site's administrative accounts. No fix is available as of this writing. (Additional note: this vulnerability was actually first reported in March. PostNuke also, apparently, has this problem).Input validation attack in php-affiliate
php-affiliate - a script for running web site affiliate programs - places a little too much trust in the hidden fields it puts into forms, with the result that users can modify information belonging to other users.Remote command execution in Web Shop Manager
The Web Shop Manager e-commerce system has trivial remote command execution vulnerability. This problem exists in version 1.1; no updates are yet visible on the project web site.
New vulnerabilities
Numerous vulnerabilities in bugzilla
| Package(s): | bugzilla | CVE #(s): | CAN-2002-0804 CAN-2002-0805 CAN-2002-0806 CAN-2002-0807 CAN-2002-0808 CAN-2002-0809 CAN-2002-0810 CAN-2002-0811 CAN-2002-0803 | ||||
| Created: | August 21, 2002 | Updated: | August 21, 2002 | ||||
| Description: | The bugzilla bug tracking system has a long list of security problems which can lead to data disclosure, administrative access, and denial of service attacks. The Red Hat advisory (below) gives the full list. | ||||||
| Alerts: |
| ||||||
Filename disclosure vulnerability in fam
| Package(s): | fam | CVE #(s): | CAN-2002-0875 | ||||||||
| Created: | August 19, 2002 | Updated: | January 5, 2005 | ||||||||
| Description: | "fam" (file alteration monitor) watches files and directories for changes and lets interested applications know when something happens. This package has a flaw in its group handling that blocks some legitimate operations while, at the same time, exposing the names of files that should otherwise be invisible. | ||||||||||
| Alerts: |
| ||||||||||
Buffer overflow in libpng
| Package(s): | libpng | CVE #(s): | CAN-2002-0728 CAN-2002-0660 | ||||||||||||||||||||||||
| Created: | August 20, 2002 | Updated: | August 20, 2002 | ||||||||||||||||||||||||
| Description: | Versions of libpng prior to 1.0.14 contain a buffer overflow in the progressive reader when the PNG datastream contains more IDAT data than indicated by the IHDR chunk. Such deliberately malformed datastreams would crash applications that are linked to libpng and that use the progressive reading feature. (From the Red Hat alert). | ||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||
Inadequate digital certificate verification in Konqueror
| Package(s): | Konqueror | CVE #(s): | |||||
| Created: | August 19, 2002 | Updated: | August 21, 2002 | ||||
| Description: | The Konqueror web browser, versions 3.0.2 and prior, does not properly
check how digital certificates were signed; the result is that anybody can
create fake certificates and use them for "man in the middle" attacks. The
problem was fixed in Konqueror 3.0.3.
See also:
| ||||||
| Alerts: |
| ||||||
Multiple vulnerabilities in mantis
| Package(s): | mantis | CVE #(s): | |||||||||
| Created: | August 20, 2002 | Updated: | September 4, 2002 | ||||||||
| Description: | The Mantis project has reported a number of bugs in the Mantis bug tracking
system, including:
| ||||||||||
| Alerts: |
| ||||||||||
Safemode vulnerability in PHP
| Package(s): | PHP | CVE #(s): | CAN-2001-1246 | ||||||||||||||||
| Created: | August 20, 2002 | Updated: | October 9, 2002 | ||||||||||||||||
| Description: | PHP versions 4.0.5 through 4.1.0 fail to properly cleanse a parameter to the mail() function, allowing arbitrary command execution by local and (possibly) remote attackers. | ||||||||||||||||||
| Alerts: |
| ||||||||||||||||||
XDR vulnerability in krb5
| Package(s): | krb5 | CVE #(s): | CAN-2002-0391 | ||||||||||||
| Created: | August 19, 2002 | Updated: | August 20, 2002 | ||||||||||||
| Description: | The Kerberos 5 implementation suffers from the same SunRPC XDR buffer overflow problem as many other packages (see the CERT advisory). | ||||||||||||||
| Alerts: |
| ||||||||||||||
Resources
New SecurityFocus Lists
The folks at SecurityFocus have set up two new mailing lists for security discussions - one aimed at BSD systems, and the "unix-other" list for proprietary Unix systems.Linux Security Week
The LinuxSecurity.com weekly newsletter for August 19 is available.
Events
Upcoming security events
| August 28 - 30, 2002 | Workshop on Information Security Applications(WISA 2002) | Jeju Island, Korea |
| September 19 - 20, 2002 | SEcurity of Communications on the Internet 2002(SECI'02) | Tunis, Tunisia |
| September 23 - 26, 2002 | New Security Paradigms Workshop 2002 | (The Chamberlain Hotel)Hampton, Virginia, USA |
| September 23 - 25, 2002 | University of Idaho Workshop on Computer Forensics | (University of Idaho)Moscow, Idaho, USA |
| September 26 - 27, 2002 | HiverCon 2002 | (Hilton Hotel)Dublin, Ireland |
| September 27 - 29, 2002 | ToorCon 2002 | (San Diego Concourse)San Diego, CA, USA |
| October 16 - 18, 2002 | Recent Advances in Intrusion Detection 2002(RAID 2002) | Zurich, Switzerland |
Page editor: Jonathan Corbet
Kernel development
Brief items
Kernel release status
The current development kernel is still 2.5.31; Linus has not released a development kernel (as of this writing) since August 10.Linus has not been idle, however; his BitKeeper repository (which may well be released as 2.5.32 by the time you read this) contains many changes. At the top of the list, of course, is the replacement of the IDE subsystem. Other stuff merged by Linus includes some NFS changes, the "scalable exit" patch from Ingo Molnar (see below) along with his other thread support improvements, an ACPI update, a set of page cache improvements from Andrew Morton, a new MTRR driver, more device model work, a new RTC driver, and a very long list of other fixes and updates.
The latest 2.5 status summary from Guillaume Boissiere came out on August 20.
The current stable kernel is 2.4.19. Marcelo released 2.4.20-pre4 on August 19; the biggest change in this prepatch is the addition of the JFS journaling filesystem.
The current prepatch from Alan Cox is 2.4.20-pre2-ac6. The "ac" series looks to be the testing area for new IDE patches for some time, and thus may be, at times, less stable than people have come to expect.
Kernel development news
IDE - now what?
As covered on this week's front page, all of Marcin Dalecki's "IDE cleanup" work has been removed from the 2.5.32 kernel and replaced with the 2.4 "foreport." That leaves the IDE code in a state not that far removed from where it was when the 2.5 series started, and the Halloween freeze date is getting closer. What is going to happen to the IDE code now, and who will do it?At the moment, nobody is stepping forward to be the next IDE maintainer. For the time being it looks like Jens Axboe and Alan Cox are willing to oversee new IDE work and filter it on its way to Linus - but they will not necessarily do a lot of that work themselves. Alan has laid down some conditions, though:
If we can do it that way I'll do the job. If Linus applies random IDE "cleanup" patches to his 2.5 tree that don't pass through Jens and me then I'll just stop listening to 2.5 stuff.
In other words, the 2.4-ac tree becomes the development area for new IDE work before it heads into 2.5. And Alan doesn't want to have to contend with patches taking other paths into 2.5. (Alan has also posted the set of attributes an IDE maintainer should have for anybody who is interested in the job).
What is going to happen with the IDE code? A few people have requested that somebody pick up Marcin's work and finish the job, but nobody who is actually working with IDE seems to have much interest in that. Quoting Alan again:
So it looks like the 2.4 IDE implementation is here to stay. Or, at least, something based on it - Andre Hedrick, as it turns out, has not been idle during this time. He has a whole set of patches - much of which is already in the -ac series - for nice things like Serial ATA, pluggable low-level transport drivers, modular chipset support, etc. At this point, it's hard to imagine this code not moving into 2.5 once it proves stable.
Linus has his own plans for the future of the IDE code. These plans involve making some relatively minor changes to the current IDE core, mostly around moving some functionality up toward the block layer. Once that's done, development on a new "IDE-TNG" driver would begin. The existing IDE code at that point would be mostly frozen and thus remain stable; new work would happen in the new, scary, dangerous "TNG" driver. Support for older hardware would be removed from the TNG driver, allowing a great deal of historical cruft to be cleaned out.
In retrospect, creating a new version of the IDE subsystem was the obvious way to carry out a major reworking of this code. You simply can not have a fundamental layer like IDE be unstable for months and expect to get a lot of other work done. The previous IDE transition (from the old "hd" driver) was handled in this manner. Had Marcin's work been done this way, he might well still be at it now.
As it is, the window of opportunity for major IDE work in 2.5 has closed. There is time for smaller cleanups and the addition of needed features, but nobody has any appetite for anything that would seriously destabilize IDE again this close to the freeze date.
Making threads die quickly
Ingo Molnar's work to improve the kernel's support of threads was covered here last week. This week, Ingo has moved on to the final part of a thread's life cycle: the exit() call. It turns out that the Linux exit() implementation has some real scalability problems, which are described and fixed in this patch.The cost of killing a process, it turns out, is proportional to the total number of processes running. In situations where thousands of tasks are running (and, remember, some threaded applications run thousands of threads) the exit() call can become truly expensive.
Why is this happening? When a process exits, the kernel must "reparent" all of its children to keep the process hierarchy consistent. This should be a straightforward job, since each process keeps a list of its children in the task_struct structure. Unfortunately, due to some weirdness in how the ptrace() system call is handled, that list is not sufficient. ptrace(), it seems, rearranges the process tree so that the process being traced becomes a child of the process doing the tracing. To find processes which have been temporarly relocated to a "foster parent," the exit() system call must iterate over all processes in the system. And that, of course, is where the scalability problems come in.
Ingo's solution is simply to maintain a separate list of all processes which are being debugged with ptrace() at any given time. That list will generally be quite short. When a process exits, it is now necessary to look at its list of children and the ptrace list, but at no other processes. No more scalability problems.
How random is random enough?
Oliver Xymoron posted a set of /dev/random patches this week, introducing them with:
Entropy, of course, can be thought of as the amount of random data the kernel currently has available for the creation of random numbers. The entropy pool is filled by looking at (hopefully) random events as seen by the processor - such as the timing of device interrupts. Oliver's claim is that the kernel is vastly overestimating the amount of entropy it is accumulating, and thus handing out numbers that are not as random as expected.
Some of the trouble comes from over-optimistic assumptions of the amount of randomness really contained in interrupt timings. Simply put, the resolution of interrupt timing is not what the kernel thinks it is. Oliver also claims that interrupt timing is often observable or controllable by hostile users. The timing of network packets has long been considered suspect for this very reason; Oliver says that disk timing is subject to the same sort of manipulation. Oliver has also pointed out a bug in the way timing samples are merged into the entropy pool.
Finally, Oliver claims:
Interestingly, this last one may not be a real bug - read Ted Ts'o's explanation of why things are done this way for the details. Generating random numbers that are resistant to guessing is a difficult task.
Oliver's fixes have the result of greatly reducing the amount of entropy available to the system, and thus the number of random numbers that can be obtained from /dev/random. Linus doesn't like this aspect of the patch; he fears that making /dev/random difficult to use will just cause people to not use it.
If /dev/random can not obtain enough entropy to be useful, says Linus, it's probably better to just get rid of it altogether.
This discussion has reached no real resolution as of this writing, and the entropy patches have not been merged. Some sort of fix will likely go in at some point, once a compromise between "proper" entropy accounting and usefulness has been reached.
Patches and updates
Kernel trees
Architecture-specific
Build system
Core kernel code
Development tools
Device drivers
Documentation
Filesystems and block I/O
Memory management
Security-related
Miscellaneous
Page editor: Jonathan Corbet
Distributions
News and Editorials
Lycoris and Ericom Software Announce Desktop/LX InterConnect
Lycoris and Ericom Software teamed up to offer Desktop/LX InterConnect, a simple corporate desktop with full office suite and host connectivity tools. Desktop/LX InterConnect features Ericom Software's native Linux PowerTerm InterConnect software, the Lycoris ProductivityPak office suite, and the Lycoris Remote Desktop Client.
Distribution News
Debian GNU/Linux
The Debian Weekly News for August 20 is available. This week spotlights Tux Paint, a paint program designed for children with sounds, fun to use "magic" tools, and a simple user interface for Debian Jr.
LinuxOrbit has an article entited Debian
Package Management HOWTO Version 1.0. "This guide covers the
basics of finding, installing and upgrading applications in Debian. In
it, I have covered some of the very easy commands and command line tools
available for package management in Debian. I then take a brief look at
the stormpkg graphical interface available for Debian.
" Stable
(woody), Testing (sarge) and Unstable(sid) are covered separately.
UltraSPARC III+ systems are now supported and boot images are available.
Mandrake Linux
The Mandrake Linux Community Newsletter - Issue #55 for August 15, 2002 is available. This issue looks at the new 8.2 "Update CDs" at MandrakeStore; and more.The Mandrake Linux 8.2 ProSuite Edition is one of the first distributions to be certified Linux Standards Base compliant.
Mandrake Linux 9.0 Beta 3 is now available. Beta 3 contains numerous corrections and improvements to the DrakX installer and assorted software.
Red Hat Linux
Red Hat has a new (null) beta out. This one has a shiny new gcc-3.2 for better ABI compatibility.Red Hat has an updated redhat-lsb package available with LSB 1.2 support for Red Hat Linux 7.3 - i386.
New Distributions
a-Linux
a-Linux is a single-floppy x86 mini-distribution. The distribution grew out of a collection of utilities written in assembly language, known as asmutils. A-Linux announced its initial release, 0.17, on August 17, 2002.ThizLinux
ThizLinux is a product of the Hong Kong company ThizLinux Labratory Ltd. Products include Thiz Linux Desktop 6.0, Thiz Office 3.0 (an Open Office clone localized for Hong Kong users), and Thiz Server 6.0.. (Thanks to Fred Mobach)xbox-linux
xbox-linux, a version of GNU/Linux that will run on the Microsoft Xbox gaming console, has released version 0.1. This is the initial Freshmeat announcement for this project.
Minor distribution updates
Astaro Security Linux
Astaro Security Linux has released stable version 3.208 with minor bugfixes.Cool Linux CD
Cool Linux CD, introduced last week, is still working on code cleanup and releasing often with version 1.32 being the current at this writing.Coyote Linux - Wolverine
Coyote Linux has announced updates to Wolverine. This should be the last wave of updates before the final.Gentoo Linux
Gentoo Linux has install guides available for PPC and Sparc machines.LoopLinux
LoopLinux has released v2.0 with minor feature enhancements.Lunar Linux
Lunar Linux has frozen the moombeam until 1.0 is released.Source Mage GNU/Linux
Source Mage GNU/Linux has a revitalized news site. Security updates and new packages are showing up there. Also, October 10th has been set as the freeze date for the 1.0 grimoire.TA-Linux
TA-Linux has released TA-Linux 0.2.0-Beta1 (Alpha) with major feature enhancements.VectorLinux
VectorLinux announced version 1.0 of its distribution. This small office/home office edition features the KDE 3.x desktop, the OpenOffice.org 1.0 office suite, and hand-picked software for every category from graphics to gaming. The kernel has been upgraded to 2.4.18, and is available in SCSI and IDE configurations. Reiserfs support has been added as well.
Page editor: Rebecca Sobol
Development
libsndfile 1.0.0
Erik de Castro Lopo has announced version 1.0.0 of his libsndfile C language audio file conversion library, libsndfile is an offshoot of the wavplay utility. The libsndfile library can be compiled under Linux, many different Unixes, and Windows.The following audio file formats are supported:
- Microsoft WAV
- SGI/Apple AIFF/AIFC
- Sun/DEC/NeXT AU/SND
- Header-less RAW
- Paris Audio File PAF
- Commodore Amiga IFF/SVX
- Sphere Nist SF
- IRCAM SF
- Creative VOC
- Soundforge W64
Features of libsndfile include on-the-fly soundfile conversion, optional floating point normalization support, support for opening files in read/write mode with support for file header modification.
The latest version features API modifications, and efficiency improvements for supporting multitrack disk recorder applications. The API changes may be viewed here.
libsndfile has been released under the LGPL license.
System Applications
Audio Projects
ALSA 0.9.0 rc 3 released
Version 0.9.0 release candidate #3 of the ALSA sound driver, libraries, and utilities package have been released. Click below for the official announcement.
Database Software
MySQL 3.23.52 Released
MySQL 3.23.52 has been released. This is a bugfix release for the stable tree.
Electronics
gEDA News
The latest gEDA project news includes a new snapshot of the Icarus Verilog compiler and a complete update of the online symbol library.
Mail Software
Bogofilter 0.2 released
Eric Raymond has released version 0.2 of bogofilter, a new spam filtering package. "Bogofilter is a Bayesian spam filter. In its normal mode of operation, it takes an email message or other text on standard input, does a statistical check against lists of "good" and "bad" words, and returns a status code indicating whether or not the message is spam. Bogofilter is designed with fast algorithms (including the Judy fast-associative-array technique), coded directly in C, and tuned for speed, so it can be used for production by sites that process a lot of mail."
Medical Software
Open Paradigms Announces TORCH (LinuxMedNews)
LinuxMedNews has an announcement for TORCH (Trusted Open source Records for Care & Health), an open-source medical practice management package. "TORCH is a forked development based on the GPL licensed FreePM code and as such maintains backwards compatibility to version 1.0b6 of FreePM. However, TORCH has been developed extensively beyond the capabilities of FreePM."
Printing
AFPL Ghostscript 7.22 developer release
Version 7.22 (developer release) of AFPL Ghostscript has been announced. "This release contains a number of pdfwrite fixes, particularly for incremental fonts. The Device work was not ready for merge at the time of the release, so we expect it in the next."
Foomatic adds support for more Epson printers
LinuxPrinting.org mentions that the Foomatic printer driver now has support for a number of new Epson inkjet printers.
Web Site Development
Zope Members' News
This week's entries on the Zope Members' News include the release of Easy Publisher 1.7, Silva 0.8.3, a new ZDataQueryKit, and a report from Bug Day 8/02.
Desktop Applications
Audio Applications
WaveSurfer 1.4.3 released
Version 1.4.3 of the WaveSurfer sound visualization and manipulation tool is available. "The new version of WaveSurfer uses Snack v2.2, which incorporates code from the ESPS speech analysis library. ESPS was recently licensed to the Centre for Speech Technology by Microsoft and AT&T, with the aim to make it available to speech researchers again." See the changes file for more information.
Legasynth 0.4.1 is out!
Version 0.4.1 of the Legasynth legacy audio synthesizer emulator package has been released. This version adds TB303 drum machine emulation, fixes for the SID filters, "controllers per machine", and bug fixes.
Desktop Environments
KDE 3.0.3 released
KDE 3.0.3 has been released. This is mainly a bugfix release, but it also includes a fix for the security problem in Konqueror, wherein it could be fooled into accepting invalid certificates (see this week's Security Page).Kernel Cousin KDE #43
Issue #43 of Kernel Cousin KDE is out with the latest KDE development threads.GNOME 2.0.1 Desktop and Developer Platform Released!
The GNOME 2.0.1 Desktop and Developer Platform has been released. Over 1000 bugs have been fixed, and performance has been improved.The latest GNOME Summary
The GNOME Summary for August 16 is out; it looks at the 2.0.1 release, GNOME's fifth birthday, gnome-print, and many other topics.
Games
Pygame Patch Release 1.5.2 available
Patch Release 1.5.2 of the Pygame game module set for Python has been released. "The main reason for the change is our continuing struggle to find a 'free' default font. There are also some minor bugfixes included." See the ChangeLog for the details.
Graphics
the GIMP 1.3.8 released
Version 1.3.8 of the GIMP, the GNU Image Manipulation Program, has been announced. "This is an unstable release in the development branch. Here's where the development takes place on the road to the next stable release dubbed GIMP 1.4. This release is targetted at developers and curious users. Don't use it for your daily work. If you are looking for the stable version, get GIMP version 1.2.x. Please install GTK+ before configuring the GIMP for compilation. This GIMP requires GTK+ version 2.0.0 or later."
Office Applications
AbiWord Weekly News #105
Issue #105 of the AbiWord Weekly News is out with the latest AbiWord development news.Release of stable GnuCash version 1.6.7 (Gnotices)
Stable version 1.6.7 of GnuCash has been released. Bug fixes and additional translations have been added.Kernel Cousin GNUe #42
Issue #42 of the Kernel Cousin GNUe is out with the latest GNU Enterprise development news.LyX 1.2.1 is released
Version 1.2.1 of the LyX GUI interface for the TeX typesetting language has been released. This is a maintenance/bug fix release.
Web Browsers
Mozilla 1.0.1 and 1.1 Release Candidates (MozillaZine)
MozillaZine has an announcement for the new Mozilla 1.0.1 and 1.1 release candidates. "We think that these builds will prove themselves in more widespread testing and will not require significant changes to become the 1.0.1 final builds later this month. The 1.0.1 release candidate builds also give our localization and theme contributors a couple weeks head start in getting their work ready in time for the 1.0.1 final release."
Languages and Tools
Caml
Caml Weekly News
The Caml Weekly News for August 13 - 20, 2002 is out. Topics include camlp4 One Day Compilers, the XEmacs ocaml mode, Unison status, and PXP 1.1.91.Objective Caml 3.06 released
Version 3.06 of Objective Caml has been released. This is a bug-fix release.The Caml Hump
This week, the Caml Hump looks at CIL, an infrastructure for C Program Analysis and Transformation.
Eiffel
ELJ 0.3 released
Version 0.3 of ELJ, the open source projects and library bindings for Eiffel, has been released.
Java
Get started with Castor JDO (IBM developerWorks)
Bruce Snyder shows how to do object-relational data binding with the Castor JDO (Java Data Objects) on IBM's developerWorks. "A growing number of enterprise projects today call for a reliable method of binding Java objects to relational data -- and doing so across a multitude of relational databases. Unfortunately (as many of us have learned the hard way) in-house solutions are painful to build and even harder to maintain and grow over the long term. In this article, Bruce Snyder introduces you to the basics of working with Castor JDO, an open source data-binding framework that just happens to be based on 100 percent pure Java technology."
JSTL 1.0: Standardizing JSP, Part 1 (O'Reilly)
Hans Bergsten introduces JSTL 1.0 on O'Reilly. "June 11, 2002 started a new phase for JSP developers. That's when the JSP Standard Tag Library (JSTL) 1.0 specification was released. The Apache Taglibs project followed up with a reference implementation a few days later. JSTL answers developers' demand for a set of standardized JSP custom actions to handle the tasks needed in almost all JSP pages, including conditional processing, internationalization, database access, and XML processing."
XML Basics for Java Developers, Part 5 (O'Reilly)
Jonathan Knudsen and Pat Niemeyer have released the fifth and final part in their series on XML Basics for Java Developers. "In this final in a series of XML basics for Java developers book excerpts from Learning Java, 2nd Edition, get an introduction to XSL/XSLT and Web services."
GCJ updates
The GCJ home page mentions that Andrew Haley has updated the gcc tree-based inliner to work for GCJ.
Lisp
OpenMCL 0.13 released
Version 0.13 of OpenMCL Common Lisp has been released. New features include better shared library access, more examples, faster bignum multiplication, and more.
Perl
This Week on Perl 6 (O'Reilly)
This Week on Perl 6 for August 18, 2002 covers Scratchpad.pmc, Perl 6 regexes, GC issues, a quotematch speedup, Keyed access to PerlArray/PerlHash, a PASM problem, set Boolean, The first pirate parrot, External Data Interfaces, and more.This Week on perl5-porters (use Perl)
The August 11-18, 2002 edition of the Perl 5 Porters summary covers a wide range of Perl topics.Functional Perl 6 Compiler for Parrot Arrives (use Perl)
Use Perl has an announcement for a new, functional Perl 6 compiler for parrot. Perl 6 compiler for parrot. "This implements pretty much all of the language specified in Apocalypses 1 through 4, and we're working on Perl 6 regexes."
PHP
PHP Weekly Summary
The August 19, 2002 edition of the PHP Weekly Summary covers the following topics: "Windows Manual released, PHP 4.2.3 revisited, PHP on AIX, Sorting arrays, Thread safety in PHP, ext/java RMI, DOM-XML updates, debug_backtrace() for PHP 4.X, Streams support, Commenting code."
PHP References (O'Reilly)
John Coggeshall illustrates PHP objects on O'Reilly. "In my last article, I wrapped up my discussion of using objects in PHP. This week I'll be changing gears a little bit and discussing one of the more elusive aspects of PHP -- references. For those of you with a C programming background (although they are fundamentally different), references serve the same purpose as a C-style pointer. For those of you without programming experience in C, don't worry! I'll be covering everything you'll need to know today."
the Pear Weekly News
The latest Pear Weekly News is out with: "A very interesting read this week on the pear development list, with 4 New Releases, 1 New package proposed, and discussions on PHPDoc Tags, OpenOffice Docbook converters, Permission Management and an upgraded Net_Whois package."
Python
Dr. Dobb's Python-URL! - weekly Python news and links (Aug 19)
This week's Python-URL covers the death of Kristen Nygaard; The Dijkstra quote spawns a debate on the Zen koan "There should be one -- and preferably only one -- obvious way to do it."; and much more.the Daily Python-URL
This week, the Daily Python-URL covers Easy Publisher 1.7, Python cPickle, Python Bibliotheca, Objects and classes in Python, the Persistence-SIG, UDDI4Py, Parsing with the Spark module, a review of the book 'Practical Python', and more.
Ruby
The Ruby Garden
This week, The Ruby Garden covers a new version of GMP bindings to Ruby, TCLink for Ruby, the Ruby Conference 2002 CFP, and a Ruby workshop at the LinuxWorld Conference & Expo in Frankfurt.The Ruby Weekly News
The Ruby Weekly News for August 19, 2002 looks at ZenWeb 2.11.0, FXRuby-1.0.12, the ONI Object Network Interface, Net/Proto, the Narf cgi library alpha release, and other Ruby language threads.
Scheme
Scheme Weekly News
The August 19, 2002 edition of the Scheme Weekly News looks at scm-pdf 0.2, Schematics PLT SRFI, Quack 0.5 for Emacs, the SRFI-Discuss mailing list, and the upcoming International Lisp Conference 2002.
Tcl/Tk
Dr. Dobb's Tcl-URL! - weekly Tcl news and links (Aug 19)
Here is the latest Tcl-URL. Inside: Richard Suchenwirth and Rolf Ade show how easy it is to create "a little XML browser" in a few lines of Tcl; tips for writing Tcl scripts that will be run out of inetd; and much more.
XML
Exploring XML Encryption, Part 2 (IBM developerWorks)
Bilal Siddiqui continues his series about implementing an XML Encryption engine on IBM's developerWorks with part two. "In this second installment, Bilal Siddiqui examines the usage model of XML Encryption with the help of a use case scenario. He presents a simple demo application, explaining how it uses the XML Encryption implementation. He then continues with his last implementation of XML Encryption and makes use of JCA/JCE classes to support cryptography. Finally, he briefly discusses the applications of XML Encryption in SOAP-based Web services."
The Absent Yet Present Link (O'Reilly)
Kendall Grant Clark writes about some issues with the W3C draft specifications for XHTML 2.0 on O'Reilly. "As is often the case, however, reaction to a new W3C specification, even a very early draft, exposed a venerable, enduring fault line in the XML world, namely, the split between XML users and XML core developers. In this case, we'll let the former be represented by the weblogging community, the latter by the XML-DEV list. Of course, this division is mostly a fiction, a little heuristic I'm using to make a larger point, but it's not entirely divorced from reality."
Miscellaneous
Mastering Linux debugging techniques (IBM developerWorks)
Here's a developerWorks article that explains Linux debugging tools and techniques in various scenarios. "When your program contains a bug, it is likely that somewhere in the code, a condition that you believe to be true is actually false. Finding your bug is a process of confirming what you believe is true until you find something that is false." (Thanks to Debra Suzuki)
Page editor: Forrest Cook
Linux in Business
Business News
August 2002 Netcraft Web Server Survey
The August, 2002 Netcraft Web Server Survey is out, with the latest web server statistics. This month, Apache use is up and Microsoft use is down, mostly due to moves by a few large corporations.
Press Releases
Distributions and Bundled Products
- Lycoris and Ericom (REDMOND, Wash.): Lycoris and Ericom Software Announce Desktop/LX InterConnect.
- Montavista Software Inc (Sunnyvale, CA): MontaVista Linux Preview Kit.
- WireX, Inc. (PORTLAND, Ore.): WireX Announces Secure Linux Solutions Development Agreement with HP.
Software for Linux
- BakBone Software (SAN DIEGO): BakBone Software Announces Oracle9i Support for Linux.
- BakBone Software (SAN DIEGO): BakBone Software Announces Support for UnitedLinux.
- Computer Associates International, Inc. (ISLANDIA, N.Y.): CA Extends Linux Management Leadership With New Solutions For Distributed and Mainframe Deployments.
- Digi-Net Technologies, Inc. (GAINESVILLE, Fla.): Digi-Net Technologies Releases DigiChat V4.0; Industry Leading Chat Software Unveils New Features and Upgrades.
- Expand Beyond Corporation (CHICAGO): Expand Beyond Corp. Raises the Bar for Security, Manageability and Performance With Next Generation of PocketAdmin.
- Fujitsu Software Corporation (SAN JOSE, Calif.): Fujitsu Software Corporation's NetCOBOL for Linux Now Available; Fujitsu expands NetCOBOL's set of supported platforms to include Linux.
- Halliburton, Houston (HOUSTON): Magic Earth Launches MagicDesk; New PC Solution for Visualization and Interpretation Delivers Significant Price Performance Differential.
- Kerio Technologies, Inc. (SANTA CLARA, Calif.): Kerio Adds McAfee Anti-Virus to Secure E-Mail Messaging Platform.
- Macrovision Corporation (SANTA CLARA, Calif.): Macrovision's Globetrotter Software Division Releases New Version of GTlicensing.
- OPTX International (CHICO, Calif.): OPTX International's ScreenWatch is the First Screen Capture Software to Generate SCORM-Compliant Learning Objects.
- PixelPoint (AUSTIN, Texas): Wincor Nixdorf's BEETLE /iPOS System Certified on PixelPoint Software for the Hospitality Industry.
- PolyServe, Inc. (SAN FRANCISCO): PolyServe Announces Enterprise Linux Clustering Solutions for Sun(TM) LX50 System.
- SWsoft, Inc. (S. San Francisco, Calif.): Study Predicts Internet Hosting Companies Targeting SMBs, Web Services to Brighten a Weak U.S. Economy with Strong Future Growth.
- Trustix, Inc. (SAN JOSE, Calif.): New Suite from Trustix Provides Benefits of Linux Operating System Without Sacrificing Features of Windows Products.
Products and Services Using Linux
- Eagle Broadband (SANTA CLARA, Calif.): Tvia's Mutli-Media Display Processor Helps Eagle Broadband's Media Pro Set-Top Box Compete; Tvia's Display Processors are a Real Benefit to Eagle.
Hardware with Linux support
- Alacritech, Inc. (SAN JOSE, Calif.): Alacritech Announces General Availability of its Patented TCP Offload and iSCSI ASIC.
- Alacritech, Inc. (SAN JOSE, Calif.): Alacritech Introduces New Products to Address All Segments of Server, Storage and Networking Markets.
- Atmel (SAN JOSE, Calif.): Atmel Announces 802.11b Media Access Controller -- MAC -- with Integrated Baseband for Wireless Applications.
- Fast-Chip and Kenati Technologies (SUNNYVALE, Calif.): Kenati Ports Linux to Fast-Chip Multi-Rate Development Platform; Open Source Linux Empowers Customers With Increased Flexibility and Faster Software Development.
- Fujitsu PC Corporation (SANTA CLARA, Calif.): Fujitsu Packs Heavyweight Performance in Portable Package With CELSIUS Mobile H Workstation.
- GMx Solutions (TAMPA, FL): GMx Solutions Releases VAPServer Infrastructure Management Appliance.
- IBM (ARMONK, N.Y.): IBM extends popular high-end x440 server to mid-sized businesses.
Linux at Work
- EloraSoft (Chennai, India): Rex Rotary India Embraces EloraSoft's Linux Based Enterprise Sales Force Automation Solution.
- Ensim Corporation (SUNNYVALE, Calif.): Ensim Announces New Customer, Host Europe, to Standardize Dedicated Server Offerings on Ensim WEBppliance; Dedicated Servers Launches New Offerings based on WEBppliance for Windows and WEBppliance for Linux.
- RackSaver Inc. (SAN DIEGO): RackSaver Delivers Second Supercluster to University of Delaware Research Institute.
- Sapient (CAMBRIDGE, Mass.): Sapient Selects IBM Linux-Based Hardware and Software For Its Java Scalability Lab.
Java Products
- AltoWeb Inc. (PALO ALTO, Calif.): AltoWeb Application Platform Now Available for IBM eServer iSeries.
- Docucorp International (DALLAS, TX): Docucorp Announces Java-based Version of iEntry/iPPS.
- Sun Microsystems, Inc. (SANTA CLARA, Calif.): NetBeans(TM) Open Source Project Expands Functionality With 18 New Contributions.
Trade Shows and Conferences
- CodeWeavers, Inc. (ST. PAUL, Minn.): CodeWeavers CrossOver Office Wins 'Best Desktop Office Solution' At LinuxWorld 2002.
- Computer Associates International, Inc. (ISLANDIA, N.Y.): CA Continues Winning Ways at LinuxWorld Conference & Expo.
- IDG World Expo (SAN FRANCISCO): Winners of Open Source Product Excellence Awards Announced at LinuxWorld; IDG World Expo, UniForum Reward Product Innovation at San Francisco Event.
- LinuxWorld Expo (FRAMINGHAM, Mass.): LinuxWorld Delivers New Products, Active Business Environment and Increased Attendance; Linux and Open Source Solve Tough Business Issues.
- Trolltech (Santa Clara, CA): Trolltech Wins 'Best Embedded Solution' For Second Straight Year.
Partnerships
- Borland Software Corporation (SAN FRANCISCO): Borland Announces Global Agreement with IBM to Promote Development in the Enterprise.
- SteelEye Technology, Inc. (Mountain View, CA): SteelEye Works With HP to Deliver HP ProLiant DL380 Packaged Clusters to Linux Customers Worldwide.
Investments and Acquisitions
- Aduva, Inc. (SUNNYVALE, Calif.): Aduva Receives a $4.0 Million Investment From Elwin Capital Partners.
- GraphOn Corporation (BELLEVUE, Wash.): GraphOn Corp. Announces Agreement to Acquire Telecommunications Entities.
Financial Results
- 1mage Software Inc. (ENGLEWOOD, Colo.): 1mage Software Reports Second-Quarter Financial Results.
- JNI Corporation (SAN DIEGO): JNI Corporation Announces Intent to Implement Voluntary Stock Option Exchange Program.
Personnel and New Offices
- Open SystemC Initiative (SAN JOSE, Calif.): Open SystemC Initiative Announces 2002 Officers; Appoints Chief Strategy Officer as Proliferation of System-Level Modeling Platform Grows.
Miscellaneous
- Evans Data Corp. (SANTA CRUZ, Calif.): Linux Continues to be Extremely Secure According to Latest Evans Data Survey; Linux Developers Also Report Low Incidence of Computer Viruses.
- Linuxcare, Inc. and Sytek Services, Inc (SAN FRANCISCO): Linuxcare and Sytek Services Revitalize BayBunch User Group for Bay Area IBM z/VM Customers; Linux on IBM Mainframe Drives Interest in z/VM Software and Skills.
Page editor: Rebecca Sobol
Linux in the news
Recommended Reading
Free Culture (O'Reilly)
The full text of Lawrence Lessig's keynote speech at the 2002 Open Source Convention, is up at the O'Reilly Network. "In 1774, free culture was born. In a case called Donaldson v. Beckett in the House of Lords in England, free culture was made because copyright was stopped. In 1710, the statute had said that copyright should be for a limited term of just 14 years. But in the 1740s, when Scottish publishers started reprinting classics (you gotta' love the Scots), the London publishers said "Stop!" They said, "Copyright is forever!" Sonny Bono said "Copyright should be forever minus a day," but the London publishers said "Copyright is forever.""
MS yanks free Web TTFs (Register)
Microsoft has ended free downloads of their TrueType fonts for the Web, reports this Register article. "Ultimately, this is probably all for the best. While it's undoubtedly irritating to see a much-appreciated resource coldly and suddenly withdrawn by the Beast merely to make alternatives to its licensing extortion less attractive, it's high time that the open-source community got serious about developing some really handsome fonts."
Embedded Linux Platform Spec achieves 'strawman' phase (LinuxDevices)
LinuxDevices reports on progress towards an embedded Linux Core Platform. "Meeting nine times since kickoff in March, the Embedded Linux Consortium's Core Platform Working Group has achieved consensus on a strawman specification. The document will soon circulate for comment among member companies under the organization's intellectual property rules. This cycle will enable the group to build a completed core platform specification for the global embedded Linux community by year's end. A difficult but worthy goal, the Core Platform is expected to bring order to the market by reducing concerns and silencing competitive disinformation about operating system fragmentation and support."
Corporate Open Source Collaboration? (Clustering Foundries)
Brian Finley examines how corporate involvment in open source development has changed things. "Now the individuals working on a project are doing it because they're told to, they're adding the features that they're paid to add, and corporations are providing direction to the developers instead of the individuals being self directing. Sure the individuals have a certain degree of autonomy, but they must now work within the scope of the "corporate good" instead of being focused on what they think would be fun or on what they need to get their own job done."
Penguin Power! (TechWeb)
This article on Tech Web claims that Linux may make it onto corporate desktops by accident. "With so many companies lining up behind Linux enterprise solutions, the top-down theory that the open-source operating system might gain a piece of the corporate desktop market by being a server OS has some merit. Red Hat and UnitedLinux are the two organizations most likely to deliver such a version. But it'll be the big guns of IBM, Sun, Oracle, HP, Dell, and others whose increasingly Linux-based missions could literally push Linux onto the desktop almost as an afterthought."
Trade Shows and Conferences
LinuxWorld Day 3
Russell Pavlicek has sent us his coverage of LinuxWorld, Day 3. Click below for the full story.IBM name calling at LinuxWorld (Register)
The Register covers the LinuxWorld keynote by IBM's Global Services vice president and group executive Douglas Elix. ""Microsoft began calling it a cancer, a threat to intellectual property and the American way," he said. "Yesterday I saw Microsoft's booth in the convention center and had to pinch myself to make sure I wasn't dreaming," he said."
Sun readies open source desktop (ZDNet)
ZDNet covers Sun CEO Scott McNealy's LinuxWorld keynote. "Sun cites the fact that Linux has been growing faster on the desktop than in the server market as a primary reason that Sun plans to focus attention on the client side. The new focus also fits neatly into McNealy's goal to do whatever he can to stymie the Microsoft Windows machine, which, in typical McNealy-speak, he called a "welded-shut hairball.""
Get a Linux desktop--and lose your cozy office! (ZDNet)
Here's an article about Sun's participation in LinuxWorld, with other LinuxWorld observations. "Sun will be able to shove nearly two people into every office--and cube, more likely--because the software will allow them to log on from any workstation, anywhere. McNealy said this proves you don't need Microsoft Windows to do your work, although how Linux would be different from Sun's Solaris OS in powering such a project, I really don't understand."
Ellison seeks open-source unity (News.com)
News.com covers Oracle CEO Larry Ellison's LinuxWorld keynote. ""We are moving very aggressively, not just to jump on the Linux hype bandwagon, but we're using Linux to run our own business," Ellison said. "We're encouraging our customers to pick Linux because it's cheaper and fasterÂ…and more reliable than any other environment around."" Ellison also stated that the lack of an office suite that is equivalent to Microsoft Office is holding Linux back.
Ellison Pushes Clustering On Linux (TechWeb)
TechWeb covers Oracle CEO Larry Ellison's LinuxWorld address. "All of Oracle's midtier applications will run on Linux by the end of this year, Ellison says. The company's Linux clustering customers already include Dell Computer and the Federal Aviation Administration, as well as several European companies. Market research shows that Oracle's databases and application servers are the No. 1 choices on Linux, he says. "I don't think we've had a single new technology take off as rapidly as clustering on Linux," says Ellison, adding that the company has expanded its strategy of promoting Linux to existing users to others who might not have considered it."
eWeek coverage of LinuxWorld
eWeek has posted a bunch of articles on the happenings at LinuxWorld.Can Linux duck the Redmond death ray? (News.com)
Here's a News.com perspective on Microsoft's presence at LinuxWorld Expo. "Yet at the same time, Microsoft understands that Linux may be the biggest threat to its domination of the desktop since Janet Reno and her legions at the Justice Department. Some Redmond insiders would love to crush Linux, but it?s way too late for that. And so it becomes all the more important to engage the Linux community--if not co-opt it."
Linux users march on city hall (News.com)
News.com reports that a small but enthusiastic crowd of Linux lovers hit the streets of San Francisco on Thursday. "Led by Michael Tiemann, chief technology officer of Linux seller Red Hat, the group marched the mile-long stretch from the LinuxWorld conference to San Francisco City Hall. There, Tiemann unveiled the Digital Software Security Act, a proposal that would prohibit the state from buying software that doesn't open its code."
HP's Linux icon chooses politics over paycheck (InfoWorld)
InfoWorld reports that Bruce Perens is leaving HP. "While taking part in a San Francisco rally Thursday in support of proposed legislation that would require California's government IT systems to use open source software over proprietary programs, Perens said his corporate ties are getting in the way of his political ideals."
No Free Dinner for Free Software (Wired)
Wired News covers a dinner to benefit the Free Software Foundation. "The night's guest of honor? Not, as one might imagine, the FSF's well-known leader; he was in Costa Rica. Instead, the FSF recruited Stanford law professor Lawrence Lessig as the main draw for an intimate discussion of the coming battles between the individual artists and hackers who create copyrighted material, and the large technology and media corporations that Lessig says are stifling this creativity."
Open Sourcers Say Grid Is Good (Wired)
Wired covers reactions to various keynotes at LinuxWorld. "You have to wonder how all this backstabbing business stuff is going to affect the camaraderie of Linux development," Frank Pfeil, a systems administrator from New York, said. "Linux coders aren't all sweetness and light, but we never stood around and mocked each others' work for three days straight at a public event like these big companies have done.""
International House of Penguins (Wired)
Wired looks at the international flavor of this year's LinuxWorld. "Most prominent was the announcement of a Chinese government-sponsored Linux distribution called Yangfan Linux. Built by a coalition of government, universities and private companies, the distribution will eventually replace Windows on all government computers."
Linux goes from strength to strength (BBC News)
The BBC News reports from LinuxWorld Expo. "Events and announcements at the 2002 Linuxworld Expo show how the operating system is evolving and how it is being adopted and adapted by the biggest technology companies."
BlackHat 2002: The White House and Free Software Will Guide the Industry (Linux Journal)
Linux Journal reports from BlackHat 2002. "A focus on security is necessary, but can the government and the Free Software and Open Source communities agree on what that means? For the first time since the September 11th attacks, one of the foremost computer security conventions took place: BlackHat 2002 in Las Vegas, Nevada. The American government embraced the occasion as an opportunity to show the new direction they want to take for dealing with security in cyberspace. Their new approach involves cooperation with the industry, because the next major strike of terrorism very well could be through cyberspace. And any attack on our society could be severe. Fortunately, a lot of progress is being made in the field of security, and a lot of that innovation is coming from the Open Source and Free Software communities. When it comes to issues of security, however, many governments have yet to find a good way to deal with free and open-source software."
Companies
IBM, Borland Team On Development Tools (TechWeb)
Internet Week reports on the collaboration between Borland and IBM. "Borland Software on Monday said it will work more closely with IBM to create and market development tools for Windows and Linux platforms. Under the deal, IBM will bundle Borland Delphi Studio Architect, C++Builder Enterprise, and Borland Kylix Enterprise trial versions with its DB2 database. In exchange, Borland will bundle the IBM database with the three development tools as well. The two companies will also jointly create a customer portal to help developers migrate from their current tools to the Borland and IBM platforms, they said."
Orem, Utah-Based Caldera, Partners Announce Debut of New Linux System (The Salt Lake Tribune)
The Salt Lake Tribune covers Caldera International and UnitedLinux. "A public test release of UnitedLinux -- a uniform product based on the "open source," or freely distributed Linux kernel program that has inspired hundreds of versions since its release in 1991 -- is expected Sept. 15, with the final commercial product to appear sometime in November."
IBM takes eLiza to low-end servers (Register)
The Register examines IBM's new Intel-based eServer x205.It's reality check time for Lindows (ZDNet)
ZDNet examines the changing business strategy at Lindows. "Lindows.com chief executive Michael Robertson has said in the past that marketing, rather than technology, was the key to increasing Linux's acceptance in the mainstream market, and the company's marketing has shifted away from Windows compatibility to features such as the company's application download service. The change has led some industry observers to question whether Lindows really has anything to offer that isn't already available in existing Linux distributions."
LSB certifications confuse Sun's Linux standards story (Register)
The Register looks at LSB compliance and Sun Linux 5.0. "McNealy's comment seems strange given that, according to Sun's own developer resources, Sun Linux 5.0 is "highly compatible with Red Hat Linux 7.2", and differentiated from Red Hat Linux 7.2 only by different RPM package manager versions and installer functions. Now that Raleigh, North Carolina-based Red Hat is one of the first distributors to become LSB-certified, McNealy's comments look increasingly like smoke and mirrors."
Microsoft lobby opens fire on open source (News.com)
News.com reports on the CompTIA lobbying group's Initiative for Software Choice. "The initiative takes aim squarely at what has become one of the major themes in the software business this year: government use of open-source software, best known as the development model behind the Linux operating system. Governments in France, Germany, Peru and other countries have passed or are considering bills that would encourage the use of open-source software in the public sector." Microsoft is the largest supporter of the group, Intel is also a member.
Sun needs more Linux partners (ZDNet)
ZDNet looks at Sun's Linux strategy. "Dell, Hewlett-Packard and IBM partner with one or more OS distributors for kernel integration and support. Sun's limitation in using a version of Red Hat's Linux will likely prevent it from capitalizing on performance enhancements in enterprise applications and database management offered by Red Hat's Advanced Server--drawn from partnerships with Oracle and other ISVs. However, this limitation reflects Sun's plan to target edge-server applications based on LAMP (Linux, Apache, MySQL and PHP) and Sun One."
Turbolinux sells Linux business, name (News.com)
News.com reports on changes at Turbolinux. "Turbolinux has sold its Linux business to Japan's Software Research Associates and in the process has completed its transformation into a proprietary software company. Brisbane, Calif.-based Turbolinux has transferred all of its Linux assets, including its name, to SRA, one of Japan's oldest software firms, Turbolinux said Tuesday. Turbolinux came to prominence by selling a version of the Linux operating system in the Japanese market." The company's new name has not yet been announced.
Internetnews.com also has an article on the Turbolinux story.
Business
Amazon.com Says Switch to Linux Operating System Has Saved It Millions
According to this article in the Seattle Times, Amazon.com has saved millions of dollars by switching to Linux. "Amazon.com switched nearly its entire computer network to the freely shared Linux operating system not because of politics but because it is helping the company grow and cut costs, Amazon's engineering chief said yesterday. "We wanted the best tool for the task," said Jacob Levanon, director of systems engineering at the Seattle-based Internet retailer. Amazon has become a poster child for the progress Linux is making in large-enterprise computing since the Web giant began using Linux to run 92 percent of its network computers last September."
Verizon switches programmers to Linux (News.com)
According to News.com, Verizon has switched its programmers to Linux, and is saving bundles of cash as a result. "Telecommunications company Verizon Communications saved $6 million in equipment costs by moving its programmers to Linux computers, the company said Wednesday. The company cut costs by replacing programmers' Unix and Windows workstations with Linux systems that run OpenOffice instead of Microsoft Office, said George Hughes, a Verizon executive overseeing the work. The average desktop cost went from $22,000 to $3,000 per developer, he said in a talk at the LinuxWorld Conference and Expo."
Westport Rivers Toasts Open Source (TechWeb)
The Westport Rivers Winery dumped Windows in favor of Linux to save money and support expansion, reports TechWeb. "Westport also wasn't getting the performance it needed. The servers were going through memory like a wedding party through champagne, causing the winery's system to lock up. Microsoft couldn't give Russell a satisfactory explanation as to why this was happening."
International Organisations Take a Close Look at Linux (Linux Journal)
This Linux Journal article looks at Linux adoption around the world. "GNU/Linux is a suitable tool for organising too, as it was recently pointed out by LINC. "The Low Income Networking and Communication (LINC) Project of the Welfare Law Center has helped many low-income led organizing groups acquire access to the Internet and use technology more effectively," says Dirk Slater, senior circuit rider for LINC at the Welfare Law Center."
Interviews
LWN talks to CodeWeavers Chief Jeremy White
Employing 12 full-time Wine developers, CodeWeavers is a company that builds business solutions based on Wine. Jeremy White, company CEO, was kind enough to answer a few of my questions in e-mail. Click below to read Jeremy's thoughts on Lindows, free office packages, and a pile of information about Wine.Freehackers.org Interviews KDevelop Team
Freehackers.org talks with the people behind KDevelop IDE about the history of the project and their contributions.Interview: IBM's Linux Tech Chief (ZDNet)
ZDNet has interviewed Daniel Frye, Director of IBM's Linux Technology Center on topics including the SourceForge Enterprise Edition, IBM's Solaris to Linux migration program, and the future of AIX.Interview: Caldera's new CEO (ZDNet)
ZDNet interviews Caldera's new CEO, Darl McBride. "The first four weeks on the job I've spent a lot of time looking for value points, leverage points, if you will, in terms of "what do we do with this company". And I just sent out a letter to shareholders a couple of days ago--I won't bore you with all the details--but there are a couple of interesting things in there that I found out about Caldera that I didn't know before."
Sun Microsystems' Chief Puts Confidence in Open-Source Momentum
The Seattle Times interviews Sun Microsystems' CEO Scott McNealy. "Sharing is not a new thing. Sharing in our industry would have happened a lot more had (IBM) not grabbed the server monopoly a long time ago, and then (Microsoft) grabbed the desktop monopoly. I've always said A through Z, 0 through 9, grammar, syntax and basic math should not be copyrightable. Microsoft says "I'm going to own the alphabet. I'm going to add new characters. I'm going to charge you extra for the vowels. And I'm going to own grammar and syntax, too."
MozillaNews interviews David Ascher
MozillaNews has interviewed David Ascher, tech lead for the ActiveState Komodo Mozilla-based IDE.
Resources
Embedded Linux Newsletter for August 15, 2002
The LinuxDevices Embedded Linux Newsletter for August 15, 2002 is out with lots of stories from the LinuxWorld conference.
Reviews
Open-Source Databases Hike Enterprise Appeal (eWeek)
eWeek looks at open source databases as they add support for enterprise applications. "A PostgreSQL feature that would enable point-in-time recovery, so that database administrators don't have to restore an entire database after a crash, should be out within six months, said Lockhart, in Wolfville, Nova Scotia."
Miscellaneous
Secure Linux OS seeks global dominance (ZDNet)
Here's a ZDNet article on security, and the NSA's SELinux. "The lynchpin in SELinux security is mandatory access control, a method that NSA championed as early as October 1998 in a white paper on computer security failures. The problem is, mandatory access control systems can't do a thing if they don't have rules to follow. Having your developers write all those rules would be cumbersome to say the least, a fact not lost on CPI."
Dodging pop-ups with Mozilla (News.com)
According to News.com, Netscape 7.0 will not include Mozilla's ability to block popup advertising windows. ""Netscape is a commercial offering--it's not in its interest to offer a browser that could kill pop-up ads," said Michael Gartenberg, research director with Jupiter Research. "That's the equivalent of one of the broadcast networks coming out with a digital video recorder that can skip commercials.""
Linux makes a run for government (News.com)
News.com looks into the process of getting Linux into the US government. "The Cyberspace Policy Institute, established a decade ago at George Washington University, plans to push for Linux to be certified under the Common Criteria, a standard grading of technology required by the United States and other countries before products can be sold into sensitive government applications."
Linux battle becomes political (BBC)
BBC News reports on efforts by the Initiative for Software Choice lobby to stifle adoption of open-source software by governments. "Many governments like this software because it is cheap, has a ready source of experts to help with problems, runs on a huge variety of hardware and does not lock them into lengthy licence agreements. Some have even gone as far as to mandate the use of open source software in big projects." Thanks to Martin Rowe.
Linux: Penguin Suitability (NineMSN)
Linux receives some mainstream press coverage from MSN. "Whatever happened to Linux on the desktop? Once upon a time the open, free operating system held a philosophical magnetism that promised to bring down Microsoft. But its reliability and low cost count for nothing at the PC coalface, where Windows rules. It's different in corporate-land. Linux has had a dream run, its acceptance accelerated with support from heavyweights such as IBM and Hewlett-Packard. These companies want Linux to power their back-end servers, but when it comes to the PC, familiarity is more important than cost, and few are familiar with Linux." Thanks to Con Zymaris.
China targets Windows with Linux-based OS (Register)
The Register looks at Linux in China. "In last month's report on a Chinese effort to build a home-grown Win98, we appealed for further enlightenment on the nature of the project. Well, it's taken a while, but a kindly Chinese speaker has done some digging, and reveals it's Linux-based, and GPLed."
O'Reilly questions free-SW regs (Register)
The Register discusses comments made by Tim O'Reilly on the politicization of software by radical fringe groups. "Where are these 'radicals' O'Reilly is concerned about? Apparently he's been frightened by a handful of teenage Slashdot trolls. Meanwhile the grownups are making sense, so far as I can tell. So what if they get a bit dramatic to make their point? Drama, like open source software (and skateboarding), is hardly a crime."
Free speech, free beer and free software (News.com)
Simon Philips writes about open-source concepts on News.com. "The early years of open source have thus focused on free (as in beer) software, so it is still possible to misunderstand. But we have seen a definite shift in thinking. The open-source community has welcomed companies that build commercial enterprises, as long as they act symbiotically rather than parasitically. Today it is clear that open source has matured."
Call It the U.S. Open Source (Wired)
Wired looks at the use of Linux at the U.S. Open. "Laptop computers running Linux will be used on the tennis courts to collect and transmit scores during the games."
Page editor: Forrest Cook
Announcements
Resources
The history of Bugzilla
Telsa Gwynne has summarized the history behind GNOME's use of the Bugzilla bug reporting system.OpenOffice Developer's Guide - CFP
Sun Microsystems is working on a new OpenOffice.org Developer's Guide. Community users of OpenOffice are being requested to participate in the writing of the guide.OpenOffice.org Address Books and Form Letters (Linux Journal)
Linux Journal has published a tutorial on importing data sources for address books and form letters into OpenOffice 1.0.
Upcoming Events
AUUG 2002 Conference Student Day, Melbourne
The AUUG will be holding a free Student Day in Melbourne, Australia on September 3, 2002 with the aim of getting students involved in Linux and free software.FLOSS final report
The FLOSS (Free/Libre/Open Source Software) study from the University of Maastricht is now available in its final form. Set aside a fairly large chunk of time to read through the whole thing. "Almost half of the sample (46%) does not earn money from OS/FS, neither directly nor indirectly. In turn, this means that the majority of the OS/FS developers receives some kind of reward for contributions to OS/FS. Comparing the amount of monetary and non-monetary rewards with regard to the respective shares of developers in the different items, both kinds of rewards seem to have the same importance for the community."
Ruby Conference 2002 CFP
A Call for Presentation proposals has been posted for the Ruby Conference 2002, to be held on November 1-3 in Seattle, WA.Events: August 22 - October 17, 2002
| August 24 - 31, 2002 | Linux Beer Hike | (Russell Community Centre)Doolin, Co. Clare |
| August 27, 2002 | Seattle Ruby Brigade Meeting | Seattle, Washington |
| September 4 - 6, 2002 | Linux Kongress 2002 | (Physics Institutes, University of Cologne)Cologne, Germany |
| September 5 - 6, 2002 | SciPy '02 | (CalTech)Pasadena, CA |
| September 11 - 13, 2002 | Open source GIS - GRASS users conference 2002(GRASS) | (Centro Servizi Culturali S. Chiara)Trento, Italy |
| September 12 - 13, 2002 | Perl 6 Mini::Conference | (ETF, E1, ETH Zurich)Zurich, Switzerland |
| September 16 - 20, 2002 | 9th Annual Tcl/Tk Conference | Vancouver, BC, Canada |
| September 18 - 20, 2002 | Yet Another Perl Conference Europe 2002(YAPC::Europe 2002) | Munich, Germany |
| September 27 - 29, 2002 | Lulu Tech Circus | (State Fairgrounds Complex)Raleigh, North Carolina, USA |
| October 11 - 13, 2002 | V Congreso Hispalinux | San Sebastian-Donostia, Spain |
| October 14 - 16, 2002 | The Singapore Linux Conference 2002 | (Le Meridien Singapore)Singapore |
| October 17 - 18, 2002 | Open Source for E-Government | Washington, DC |
Web sites
We Want Linux press release
We Want Linux is a self-funded non-commercial group of IT professionals, who would like to see the computing consumer have as many options in the marketplace as possible. They are currently running a survey to see how many people would be interested in demoing Linux at the retail outlets.
Software announcements
This week's software announcements
Here are the software announcements, courtesy of Freshmeat.net. They are available in two formats:
- Sorted alphabetically,
- Sorted by license.
Miscellaneous
TPJ Ceases Publication (use Perl)
Use Perl mentions that final issue of The Perl Journal has been published, the journal is being discontinued due to low advertising revenues.Artifex and artofcode announce Ghostscript "bug bounty"
In an effort to track down bugs before the 8.0 release of AFPL Ghostscript, Artifex Software, Inc., and artofcode LLC have announced a "bug bounty" program, in which $500 will be awarded to those who find bugs in AFPL Ghostscript. There are a few restrictions on the awards.Zope Community Awards (ZopeZen)
ZopeZen is carrying the results of the latest Zope Community Awards.
Page editor: Forrest Cook
Letters to the editor
RAND Licenses
| From: | Tres Melton <class5@pacbell.net> | |
| To: | letters@lwn.net | |
| Subject: | RAND Licenses | |
| Date: | Thu, 15 Aug 2002 04:11:56 -0700 | |
| Cc: | www-patentpolicy-comment@w3.org |
Dear LWN readers,
There has been much discussion on the net - and particularly within the
free software / open source community on the issue of Reasonable and
Non-discriminatory Licenses. It has been pointed out that these
Licenses are discriminatory when it comes to free software. I also
believe that they are more discriminatory to smaller software publishers
than they are to the large ones. Especially the ones that are large
enough to have an arsenal of patents that they can use to manipulate
better arrangements with the holder in question.
I have a suggestion of what I would call a truly nondiscriminatory
license: Let's base it not on dollars or dollars per unit but on a
percentage of profit. For example if a new protocol were to be
developed to serve WWW pages and it became so prolific that all of the
major WWW servers (IIS, iPlanet, Apache, AOL, etc.) needed to
incorporate it to stay competitive then they should all be able to
license it in a way that made since to their business plan: whether
motivated by profit or not. If all of the WWW servers were forced to
license it for say 2.5% of their net sales then it would work out.
Apache is free. Two and a half percent of nothing is nothing. Problem
solved. Even AOL would score under this proposal as I believe that they
made the source code for their WWW server open source long ago. However
companies like Micro$oft - who charge lots of $$$ for their software -
would have to pay 2.5% of that some to the patent holder of said
protocol.
On the same note suppose someone developed NaI-HTML (New and Improved
HTML), patented it, and licensed it using this new RAND License.
Mozilla would obviously be able to use it for free (they charge nothing
for their software). Opera would be able to include it in the free
version of their software but may have to pay a small percent to include
it in their commercial version (or should I say
commercial/advertisement-free version) because they charge for it. The
tricky part would be Micro$oft's IE. If on the one hand it is solely
contained in IE and IE is given away for free I suppose that they would
be able to not pay. But, on the other hand if they embed the protocol
in Windows, so their other applications can understand it, then it
becomes part of a non-free system and they should have to pay. If they
chose to add the functionality to the Office suite then they would for
sure have to pay for it.
The tricky part is something like Mandrake distributing Mozilla: they
do charge for Mandrake but not for Mozilla; should they have to pay for
including a free program that uses the RAND protocol in their non-free
distribution? What about the people that download the ISO off off the
Internet and don't pay them anything for that - surely Mandrake cannot
afford to pay the RAND fee in that case.
Micro$oft is documenting many protocols at this very moment in its
attempt to comply with its anti-trust settlement. Further they are
trying to claim that by using a (current) RAND proposal that their
protocols are open to everyone. We, in the open source community,
understand that we are being discriminated against but we need a way to
articulate that point to Judge Colleen Kollar-Kotelly and others that
have the political power to affect change. Especially to organizations
such as the W3C who are getting stuck in the middle of a bad situation
by overpaid patent litigators.
Regards,
Tres Melton
P.S. This, by no means, means that I agree with the prospect of
patenting software. This is just an idea that would make it taste a
little bit less bitter.
Debunking DMCA myths
| From: | "Anand Srivastava" <Anand.Srivastava@ascom.ch> | |
| To: | declan.mccullagh@cnet.com | |
| Subject: | Debunking DMCA myths | |
| Date: | Tue, 20 Aug 2002 11:48:26 +0200 | |
| Cc: | letters@lwn.net |
Hi Declan,
I think that your article is of the same type that a German would have
written when Nazi's had started. Yes we know that Prof. Felton would not
have been prosecuted, but you know if the present trend continues for
another 10 years, the then Prof. Felton will not be given any warning and
would be prosecuted when presenting the paper and then he will go to
Jail. You think things are not that bad, only Russian employees are getting
Jailed. You will say that Skylarov broke the law, but no his company broke
the law. Do you think if you were a scientist for a brewing company, and
that company tried to sell the brew into some country where its prohibited,
and you happen to be in that country, should you be jailed. Skylarov was
just giving a presentation, like Felton would have been giving a
presentation. Ofcourse, if we take the German and Nazi example he was just
a jew, they won't do that to a German right.
I think your profession is also under the firing line. But you think that
you would be able to recognize a gun held to your head, right.
I think at the end of the article you get to the point of understanding
that this just a point in the battle and of course the proponents of DMCA
would much rather have Prof. Felton in jail. They just know that its not
possible with the current state of legislation. They will much rather wait
till they get to the next 10 steps.
I think Orwell's 1984 is coming, it would just be delayed some 25-30 years.
thanks,
-anand
You left off...
| From: | Leon Brooks <leon@cyberknights.com.au> | |
| To: | mark.hollands@gartner.com | |
| Subject: | You left off... | |
| Date: | Tue, 20 Aug 2002 15:04:41 +0800 | |
| Cc: | letters@lwn.net |
> Several governments, including those of France, Germany, Britain and
> even Peru,
...China (one and a half billion people), Korea, Singapore, Taiwan, Argentina,
Malaysia, the EU itself (e.g. their document standard is shaping up to be
OpenOffice with extra tags), Norway, England, India (another billion souls),
Pakistan, and I'm sure I could think of others.
> Since that commitment, IBM has only E*trade to offer as a high-profile
> case study.
...oh, and that IBM has more than made that billion back already...
> According to IDC figures, Linux sales on servers are falling.
(1) a single study does not a trend make
(2) you just finished pointing out that Linux costs less
(3) perhaps, even given support for the study and ignoring the unit
price impact, more companies are installing their own Linux?
> But the hype around Linux appears to be inversely proportional to
> reality. The idea of free software sounds great, but the practicalities
> of implementing it across a bank or a car plant are another matter.
Good choice of industries. European banks use it, and Korean car plants. (-:
> it must be done without billion-dollar research and development budgets,
> which is what made Unix and Windows the platforms they are today.
To wit, obsolete on the one hand (too slow to adapt), and expensive,
unreliable security colanders on the other?
> But we should beware of vendors simplistically hyping Linux as the
> next great enterprise-wide technology.
We should be wary of vendors hyping _anything_ as the next great technology.
Remember the extreme agony (multiple tries, multiple faux pas, and several
times as many servers for the same job) Microsoft themselves went through to
get Hotmail off the ground on Windows instead of FreeBSD? Think back further:
do you remember a program called `The Last One?'
Linux isn't the _next_ great enterprise-wide technology, it is the _current_
great enterprise technology. 95% of the tools you need exist now, are being
used in worldwide enterprises, and - as has been said in many places - are
getting better faster than anything else around them.
My little corner of the market is already to busy for me to deal with, the big
problem is to get enough ex-Windows people up to speed on Linux to cope with
the stampede.
Oracle have just realised that they're undermined, Sun is panicking because
they're a bit brighter than Oracle and really have seen the writing on the
wall, SCO have essentially vanished from the map (less than 12 months between
`Linux is a fad, ignore it' to being bought out by a Linux company), and the
screams and thrashing from Microsoft are kind of self-evident.
SGI jumped on the bandwagon early, although they still seem to be unsure how
to ride it. Gartner don't seem to know what to make of it. Every new report
seems to work against the last.
Cheers; Leon
--
http://www.cyberknights.com.au/ Modern tools, traditional dedication
http://slpwa.linux.org.au/ Member, Linux Professionals West Aus
http://conf.linux.org.au/ THE Australian Linux Technical Conf:
22-25 January 2003, Perth: be there!
Page editor: Jonathan Corbet