LWN Weekly Edition
Leading itemsSecurity
Kernel development
Distributions
Development
Linux in Business
Linux in the news
Announcements
Letters to the editor
->Multipage format
This page
Previous weekFollowing week
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
LWN.net Weekly Edition for September 5, 2002The two-edged nature of the DMCARemember Adobe Systems? They are the folks who used the DMCA to bring about the arrest of Dmitry Sklyarov and the whole Elcomsoft case. Adobe has now found out that the DMCA, like software patents, can cut both ways.TrueType fonts include a couple of bits stating whether the font may be embedded in documents or not. Tweaking these bits has been taken, by font companies, as "circumvention" in the past, and the DMCA invoked in attempts to shut down distribution of useful tools. See, for example, the history of the dispute regarding the simple "embed" program. In the case of embed, the program's author has resisted, and the program is still available on the net. It turns out now, however, that Adobe's Acrobat software is capable of ignoring the "do not embed" bits at times. Adobe claims that things work this way because the company has secured a contractual right to distribute the fonts in question within PDF documents. Font producers ITC and Agfa Monotype disagree, and have invoked the DMCA. Acrobat, it seems, is a circumvention device. Adobe has taken the offensive and gone to court to secure its rights to the fonts and to be freed of the DMCA charges. The company could have an interesting battle on its hands, however. Adobe may well be within its rights when it claims that embedding of the fonts is legal. But the DMCA makes no exceptions for "circumvention" which enables the exercise of existing rights. Adobe has no sympathy for those wanting to use Elcomsoft's eBook processor to exercise their fair use rights against electronic books. There is no reason to believe that Acrobat should be treated differently. There is a certain sense of poetic justice in watching Adobe take this fall. But the use of laws like the DMCA to prevent legitimate activities is wrong, no matter who the victim is. Every one of these actions makes us all a little less free. It appears that Adobe's rights (and those of its customers) are being violated here; we should be just as willing to challenge the excesses of the DMCA in this case as in others.
A different use of software patentsMany electrons have been expended in the discussion of Microsoft's "Palladium" trusted computing initiative. Many fear that Palladium will become the digital rights management (DRM) system of the future, threatening to bring a definitive end to fair use rights and our control over our own computers in general. Microsoft has done its best to distance Palladium from DRM; in fact, it may have distanced itself a little too far. Consider this message from Lucky Green, posted to the cryptography mailing list in early August:
Peter Biddle, Product Unit Manager for Palladium, very publicly and
unambiguously stated during Wednesday's panel at the USENIX
Security conference that the Palladium team, despite having been
asked by Microsoft's anti-piracy groups for methods by which
Palladium could assist in the fight against software piracy, knows
of no way in which Palladium can be utilized to assist this end.
Palladium, they say, is just a way to protect users from rogue software - no DRM stuff there, honest. Lucky, however, is apparently a little more creative in this regard; thus he has announced:
I, on the other hand, am able to think of several methods in which
Palladium or operating systems built on top of TCPA can be used to
assist in the enforcement of software licenses and the fight
against software piracy. I therefore, over the course of the night,
wrote - and my patent agent filed with the USPTO earlier today - an
application for an US Patent covering numerous methods by which
software applications can be protected against software piracy on a
platform offering the features that are slated to be provided by
Palladium.
As Lucky points out, there is no way that the Microsoft Palladium team could be unaware of any prior art with regard to his patent filing; their public statement that no such art exists must thus be true. The patent might just be granted. One assumes that the licensing terms for such a patent might be other than favorable. One could even imagine that, in a fantastic scenario, this patent could end Palladium's usefulness as a platform for DRM systems. Of course, that scenario does require a great deal of fantasy about one's ability to stand up to the industry's lawyers. Many of us worry a great deal about the use of software patents to gain a lock on the many worthwhile things that can be done with computers. The offensive use of patents in an attempt to shut down things that somebody thinks should not be done with computers is a rather different way of doing things. It is an approach that carries a number of risks: legal expenses, for example, not to mention the lack of any sort of consensus on what techniques, if any, should be blocked in this manner. Of course, with enough fantasy, one can envision another outcome from use use of blocking patents: a wider realization of the damage caused by software patents and a reform of software patent law. One can always hope. (Thanks to NTK, which always beats us to the really good stuff.)
Security Brief items Lobbying for insecurity (Register)Here is an article in the Register on the U.S. National Security Agency's contribution to open-source security, Security-Enhanced Linux. "The most secure software in the world doesn't improve security if nobody runs it, or if it's incompatible with what the vast majority of people run. Standard is better than better. VINES networks might be more secure than TCP/IP but it does little to secure the Internet as a whole. MD5 password hashing was always more secure than old Unix crypt password hashes, but until vendors started shipping the code, and integrating it via Pluggable Authentication Modules, it made little difference."
Website Security Flaw Costs ZD (Wired)Brian McWilliams reports, in Wired, that a security oversight which allowed unauthorized web access to some customer's identifying information and credit card numbers has resulted in Ziff-Davis Media agreeing to pay $500 each to about 50 affected customers and an additional $100,000 to the state of New York.
An investigation led by New York with the assistance of Neohapsis
revealed that Ziff-Davis failed to follow industry-standard security
practices, such as encrypting and password-protecting the data, and
keeping track of who accessed it.
According to the settlement agreement (PDF), the attorneys general concluded that Ziff-Davis was guilty of violating their states' business laws prohibiting deceptive business practices and false advertising.
Security reports SWS Web Server version 0.1.0 denial of service vulnerabilityA proof of concept has been published for a denial of service attack on version 0.1.0 of the SWS Web Server.
Cacti security issuesKnights of the Routing Table reports three low priority security issues in Cacti version 0.9.8, and possibily earlier versions. A valid username and password with administrator rights is required to exploit any of the vulnerabilities.
Cacti is a complete frondend to rrdtool, it stores all of the nessesary information to create graphs and populate them with data in a MySQL database. The frontend is completely PHP driven. Along with being able to maintain Graphs, Data Sources, and Round Robin Archives in a database, cacti handles the data gathering also. There is also SNMP support for those used to creating traffic graphs with MRTG.
(Proprietary product) Aestiva's HTML/OS cross-site scripting vulnerabilityA cross-site scripting vulnerability was reported in Aestiva's HTML/OS.
New vulnerabilities Ethereal 0.9.6 fixes potential remote code execution vulnerability
Scrollkeeper temporary file vulnerability
KDE 3.0.3 fixes X.509 certificate check vulnerability
PXE server denial of service vulnerability
Updated vulnerabilities Heap corruption vulnerability in at
bind buffer overflow vulnerability in DNS resolver libraries
Potential unauthorized root access vulnerability in dietlibc
Light remotely-exploitable code vulnerability
Ethereal buffer overflow, infinite loop and memory management vulnerabilities
Filename disclosure vulnerability in fam
GNU fileutils race condition
Buffer overflow vulnerability in the Jabber plug-in module for gaim
Remote arbitrary code execution vulnerability in gaim
Potential remote root exploit in glibc
Buffer overflow in groff
HylaFAX 4.1.3 fixes multiple vulnerabilities
UW imapd remotely exploitable buffer overflow
Denial of service vulnerability in irssi IRC client
Kernel update for RedHat 7.3 i810 video
Kerberos 5 unauthorized root access to KDC host vulnerability
Locally exploitable buffer overflow in linuxconf
LPRng accepts jobs from any host.
Mailman 2.0.12 closes cross-site scripting vulnerability
Mailman 2.0.11 fixes two cross-site scripting vulnerabilities
Multiple vulnerabilities in mantis
PHP Remote Compromise/DOS Vulnerability
Mozilla XMLHttpRequest file disclosure vulnerability
String format bug in pam_ldap logging
OpenSSL remotely-exploitable buffer overflow vulnerabilities
Safemode vulnerability in PHP
Remotely exploitable vulnerability in pine
Buffer overflow vulnerabilities in PostgreSQL
Local arbitrary code execution vulnerability in Python
Sharutils potential privilege escalation using uudecode
Multiple vulnerabilities fixed in Squid-2.4.STABLE7
Tcl/Tk local root vulnerability
Malformed NFS packet buffer overflow vulnerability in tcpdump
Multiple vendor telnetd vulnerability
Multiple vulnerabilities in SNMP implementations
Local root vulnerability in chfn
webalizer: reverse DNS buffer overflow vulnerability
Webmin/Usermin vulnerabilities
Problems with libgtop_daemon
Wwwoffle remote privilege escalation vulnerability
xchat IC server based dns query vulnerability
Denial of service vulnerability in xinetd
Resources CERT Summary CS-2002-03The latest CERT summary, dated August 30, 2002, is available.
Each quarter, the CERT Coordination Center (CERT/CC) issues the CERT
summary to draw attention to the types of attacks reported to our
incident response team, as well as other noteworthy incident and
vulnerability information. The summary includes pointers to sources of
information for dealing with the problems.
Linux Security WeekThe September 2nd Linux Security Week newsletter from LinuxSecurity.com is available.
Metis 1.4.1 releasedSacha Faust announces the release of Metis 1.4.1 to fix a bug in last week's release of version 1.4.0. "This is a tool I wrote to collect information from web servers." Metis was written for the Open Source Security Testing Methodology (OSSTM).
Events Upcoming Security Events
For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net.
Page editor: Dennis Tenney Kernel development Brief items Kernel release statusThe current development kernel is 2.5.33, which was announced by Linus on August 31. Among other things, this kernel includes support for the SCTP protocol, offloading of TCP segmentation into network cards (see below), some IDE work, more memory management and file I/O improvements from Andrew Morton, more input driver work, and, perhaps, a floppy driver that actually works. The long format changelog is also available.As of this writing, Linus's BitKeeper tree includes the removal of list_t (once again, see below), a number of memory management changes from Andrew Morton (including the NUMA discontiguous memory patch), more floppy driver fixes, and a number of other fixes and updates. The current 2.5 Status Summary from Guillaume Boissiere came out on September 4. The current stable kernel is 2.4.19. Marcelo released 2.4.20-pre5 on August 28; it includes a long list of fixes and a big merge from Alan Cox. Speaking of Alan, he released 2.4.20-pre5-ac2 on September 4. It includes a number of fixes and a small bit of IDE work, but this prepatch was aimed more at stabilizing things than adding new work. Alan has also released 2.2.22-rc2. It contains more fixes than one might expect for a release candidate; among other things, it contains some worthwhile security fixes.
Kernel development news IDE development moves forwardThe direction of Linux IDE development - now that most of the work previously done for 2.5 had been thrown out - is becoming a little clearer. Andre Hedrick has posted a 2.5 IDE patch, his first in many months. Along with the patch, Andre states:
We are back. We is a development team being composed to reduce my
load and import fresh ideas. If you wnat to help please join in,
we can make the halloween party.
The initial 2.5 patch consists mostly of relatively small cleanups, but Andre tells us that much more ambitious changes are in the works. Actually, much of the relevant work has already been done for the 2.4 (or 2.4-ac) series, and the rest, should Alan Cox and Marcelo Tosatti be willing, should go in soon. This work includes complete support for memory mapped ATA controllers, which is a precondition for serial ATA support (which is also on the list); fixes for a number of Promise controller issues; support for split-channel operations; and a tagged command queueing implementation which, says Andre, avoids some potential problems found in Jens Axboe's version. Additional work envisioned for 2.5 includes a standardization of the ATAPI layer and automatic loading of subdrivers. The auto-loading feature is aimed at the classic CD burner problem: regular tasks are handled as standard ATAPI operations, but burning a disk requires loading the IDE-SCSI module. Andre's plan is to have the IDE layer select the appropriate subdriver based on which device the user-space application opened, making this switch be automatic and transparent. That, of course, is a long list of changes to get into the kernel in less than two months. To that end, Andre has recruited help from a number of directions. Alexander Viro is "the BUZZIT guy" helping to improve code quality, as well as continuing his work on things like partition table handling. Bartlomiej Zolnierkiewicz has his hands in the code, as do a number of other people. And all the changes, of course, must pass Alan Cox's inspection on their way into the 2.4-ac tree. Alan has already demonstrated that he will not take IDE patches that don't pass muster, and Andre seems to be doing his best to rework the patches accordingly. Things, thus, seem to be off to an encouraging start. The list remains long, however, and the deadline is close. And Linus hasn't looked at the code yet. The IDE work is going to have to proceed quickly to get that halloween treat.
Ending the list_t scourgeMost people who dig through the kernel source eventually run into struct list_head, the structure used for the management of generic, doubly-linked lists in the kernel. The kernel list implementation has some interesting features, including the fact that every entry in the list is a "list head." The lists are circular, and no one node is special.Recently, a typedef (list_t) was added as an equivalent name for the list_head structure; rumor has it Ingo Molnar added the name to help keep his source lines within 80 columns. One would think that people would not get overly worked up about this addition, but this is the kernel hacker community we are dealing with. The prevailing opinion among kernel hackers has swung strongly against typedef in recent times. Use of typedef is seen as a useless hiding of information that programmers need to see. Defined types also complicate include file dependencies. Structures can be "predeclared" with a line like:
struct my_struct;
and references to that structure (pointers, in particular) can be used as
long as the internals of the structure are not accessed. Defined types can
not be predeclared in this way, making it harder to mix mutually-dependent
types across files.
So Rusty Russell posted a patch which removes list_t from the kernel. Nobody really complained about that change, but some wondered: why not rename the list_head structure to struct list at the same time. As William Irwin rather graphicly put it: "Throw the whole frog in the blender, please, not just half." In the end, a big renaming of struct list_head throughout the kernel tree (and external code) wasn't to most peoples' taste. And Linus isn't into blended frogs. So the patch removing list_t went into Linus's BitKeeper tree (and will be in 2.5.34), but struct list_head remains.
TCP Segmentation OffloadingOne of the many tasks performed by the networking stack is TCP segmentation - turning a large chunk of data sent by an application into a series of packets small enough to fit within the maximum transfer size. The segmentation task involves performing checksums, making headers to match each segment, perhaps copying the data to assemble the packet, and transfering that packet to the network controller. This work is a significant part of the overhead of sending data over a network.Some modern controllers, though, have the ability to do segmentation internally. In this case, the operating system passes in a set of template headers and a single, large chunk of data; the adaptor handles the rest. Much of the segmentation work goes away, and a number of smaller I/O operations turn into one big, fast transfer. As of 2.5.33, the Linux kernel understands segmentation offloading, and the e1000 driver supports it; the work was done mostly by Alexey Kuznetsov and Chris Leech. Some results posted by Scott Feldman show what this change buys. In general, transfers do not go any faster, for a simple reason: the Linux network stack was already able to drive the interface at the speed of the wire. On a send of a long file, however, CPU usage dropped from 40% to 19%. This seems like an optimization worth having.
Leonard Zubkoff killed in helicopter crashLarry Augustin has sent out notice that Leonard Zubkoff, a longtime Linux kernel hacker and former CTO of VA Linux Systems, was killed in a helicopter crash in Alaska. Leonard was the source of many contributions to the Linux community, as well as being a generally nice person; he will be greatly missed.
Patches and updates Kernel trees
Core kernel code
Development tools
Device drivers
Filesystems and block I/O
Janitorial
Kernel building
Memory management
Networking
Architecture-specific
Security-related
Miscellaneous
Page editor: Jonathan Corbet Distributions Distribution News Debian Weekly News - September 3rd, 2002This week's Debian Weekly News contains good news from Venezuela; wearable Debian; the Debian Bug-Fixing Game; and much more.
Mandrake LinuxThe Mandrake Linux 9.0 Release Candidate 1 is out. Beta testers, start bashing.The Mandrake Linux Community Newsletter for August 29, 2002 is available. This week's issue contains information about the ML 9.0 Beta 4 and 9.0 commercial RPMs that are ready for testing; there's also a marketing survey; and much more. Mandrake has issued an update advisory for cdrecord. "In some situations, noteably with xcdroast, the mkisofs utility creates pseudo-empty filesystems. The filesystem is the proper size, but the contents of the filesystem are not available. This update corrects this problem."
Slackware LinuxSlackware Linux has announced the Slackware-9.0-beta, based on gcc-3.2. See the change log for details.
New Distributions FireCastFireCast is a Linux-based software suite for building and managing interactive kiosk networks. It is designed for use with standard PC hardware, and bundles a tamper-resistant kiosk environment, customizable user interface, Web browser, and full multimedia support with a plug-and-play Linux operating system. Version 2.0, the initial Freshmeat announcement, was released August 31, 2002.
Minor distribution updates 2-Disk Xwindow SystemThe 2-Disk Xwindow System has released v1.4rx128 with minor feature enhancements.
Aurora SPARC Linux ProjectThe Aurora SPARC Linux Project announced the release of Build 0.32 (Nashville).
BU LinuxBU Linux (Boston University) has released v2.5 (a.k.a Gigantic). This release is based on Red Hat Linux 7.2 and 7.3, and features an automated update system based around the Debian apt-get tool.
Cool Linux CDCool Linux CD has released v1.34 with updates to Opera, Mozilla and other packages.
Devil-LinuxDevil-Linux has released v0.5 with bug fixes and a kernel upgrade to 2.4.19.
Lunar LinuxLunar Linux has released 1.0 beta for your testing pleasure.
MkLinuxMkLinux has released Security Update 2002-08-28 with updates to sendmail.
PXES Linux Thin ClientPXES Linux Thin Client has released v0.5-final with some minor security enhancements and bug fixes.
Source Mage GNU/LinuxSource Mage GNU/Linux has released Sorcery version 0.8.0.1 with many bug fixes.
uClinuxuClinux has released v2.5.32-uc0 with kernel 2.5.32 and other major feature enhancements. Version 2.5.33-uc0 is also available, with bug fixes and more enhancements.
Page editor: Rebecca Sobol Development Omni Printer Driver Version 0.7.1.Version 0.7.1 of the Omni printer driver has been released by the IBM Linux Technology Center."The Omni printer driver provides support for over 400 printers using the Ghostscript framework. In addition, it provides a model for dynamically loading printer drivers, creating new devices by editing device description files, and simplifies new printer driver development by allowing for the subclassing of previous device features." This version has a long list of new features including:
See the Omni ChangeLog file for the complete project history.
System Applications Audio Projects The Tremor Integer-only Ogg Vorbis playback libAn integer-based Ogg Vorbis playback library, known as Tremor has been released under a BSD-style license. "Xiph.Org has re-released the 'Tremor' integer only Vorbis playback library under a BSD-like, totally royalty-free license. This is an ANSI C compliant library intended for embedded and FPU-less applications, such as portable players and player packages for PDAs." See the Ogg Vorbis site for more information.
Database Software MySQL 4.0.3-beta is releasedVersion 4.0.3-beta of the MySQL database has been released, with a long list of changes. Click below for more details.
Education GNU/Linux in education report #77The August 26, 2002 edition of the GNU/Linux in education report is out. Topics include GEO, DemoLinux, learning objects, Free Software for music classes, free and open-source software in the Mississippi public school system, rescuing nonprofits from the grip of licensed software, and more.
Mail Software Mail Filtering (Perl.com)Michael Stevens illustrates the use of PerlMx and Mail::Audit on O'Reilly's Perl.com. "There are many ways to filter your e-mail with Perl. Two of the more popular and interesting ways are to use PerlMx or Mail::Audit. I took a long look at both, and this is what I thought of them."
Web Site Development Two Open Source content management packages reviewed (NewsForge)NewsForge reviews two Perl-based Content Management Frameworks, E2 and LJ. "The two content management engines that I have been most interested in lately are the engines used for Everything2 and LiveJournal. The E2 and LJ engines are both Open Source and both have a good record of being security conscious. I also respect the developers who own the projects, and for me that makes a difference when I choose Open Source projects to use. The two engines have been designed around similar ideas. They both allow multiple users to create their own content and manage it from the Web. The major difference between them is that LJ focuses content creation and ownership on the individual creator of the information, while E2 concentrates information into a collective resource."
Bricolage 1.4.0 Escapes (use Perl)Use Perl has an announcement for version 1.4.0 of Bricolage, a content management and publishing system.
mnoGoSearch PHP frontend version 1.64 releasedVersion 1.64 of the PHP frontend for the mnoGoSearch web site search engine has been released.
Zope Members NewsThis week, the Zope Members News looks at preview version 1.0 beta 1 of the WhoZnext, Zwiki 0.10.0, a DTML addition to emacs, a new Plone i18n mailing list, NeoBoard 1.0b, the release of OrderedObjectManager, and more.
Securing dynamic Web content (IBM developerWorks)Tom Syroid covers dynamic web site security issues on IBM's developerWorks. "This article details how to secure dynamic content on an Apache Web server. Topics covered include general security issues pertaining to dynamic content, securing Server Side Includes, configuring Apache's Common Gateway Interface, and wrappering dynamic content. The article is targeted primarily at Webmasters and system administrators responsible for maintaining and securing a Web server; however, anyone with a need or desire to server dynamic content will benefit from the topics covered."
Miscellaneous GNU Bayonne 1.0 ReleasedVersion 1.0 of GNU Bayonne, the GNU Telephony Server has been announced. "In this 1.0 release, we have established a Free Software platform for the delivery of quality telephony services everywhere", said David Sugar, GNU Bayonne project leader. "We are committed to establishing Free Software as the primary means to advance telecommunications services as part of enterprise software infrastructure that respects software freedom, and supports both current and next generation telephone networks"."
Mobile file sharing: The scoop on RockyRoad (IBM developerWorks)IBM's developerWorks has an article on the RockyRoad P2P framework. "Get a taste of RockyRoad, an open-source, peer-to-peer framework designed to exploit the strengths of P2P: excellent scalability, ease of deployment, and robustness. RockyRoad allows both mobile and stationary peers to communicate with one another directly through a common language, and lets applications subsist on little RAM and few CPU cycles."
Desktop Applications Audio Applications WaveSurfer 1.4.4 releasedVersion 1.44 of the WaveSurfer audio visualization and manipulation tool has been released. Changes include new support for video, and bug fixes.
Desktop Environments GARNOME 0.14.0 released.Version 0.14.0 of the GARNOME bleeding-edge GNOME distribution is now available. The FootNotes site says: "A new release of GARNOME is available containing what will most likely be the GNOME 2.0.2 RC2 tarballs. New additions include goats (a sticky notes applet), gcalctool (a scientific calculator), quick-lounge-applet (a launcher applet), and some cool stuff from Red Hat's latest beta (without the copyrighted and trademarked stuff). Please note that there are still a few issues with menu editing in this release which will be fixed for GNOME 2.0.2."
GNOME SummaryThe GNOME Summary for August 12-16, 2002 is out. Topics include the return of Medusa, Gstreamer status, gftp, a ZDNet review of Evolution, AbiWord table support, the GNOME 2 todo list, Gtk 0.4, GNOME in Arabic, and more.
Games Civil 0.8 released.The Pygame site mentions a new release of Civil, a turn based network civil war strategy game.
Interoperability Wine Weekly NewsIssue #133 of the Wine Weekly News is out with the latest Wine news.
Samba 2.2.6pre2 Non-Production ReleaseA Samba 2.2.6pre2 Non-Production Release has been made available for testing.
Multimedia Roll Your Own Digital Video Recorder (O'Reilly)Howard Wen writes about video recording with Linux and VDR on O'Reilly. "VDR serves as a user interface for those who want to build their own digital satellite-TV receiver and recorder box running under Linux. It is based mainly on the DVB-S digital satellite TV receiver card from Fujitsu Siemens, and upon drivers developed by the LinuxTV project."
Office Applications Kernel Cousin GNUeIssue #44 of Kernel Cousin GNUe is out with the latest GNU Enterprise development news. Topics include documentation on using GNUe Designer, a possible GNUe consultancy, a new GNU Enterprise website, working on GNU Enterprise, ebXML and e-business in Australia, using GNUe Application Server with phpGW, GNUe on linuxfund, wxGTK2 driver for Forms, wxPython debugging whilst developing GNUe Designer, and transparent blocks in forms.
Web Browsers Netscape 7.0 releasedMozilla.org mentions that Netscape 7.0 has been released. "Netscape Communications has launched Netscape 7.0 the latest version of Netscape's browser software, which is based on Mozilla 1.0.1."
MozilaZine headlinesThe latest news on MozillaZine includes a new guid on making web pages compatible with Mozilla, a Mozilla 1.2 Alpha trunk freeze, a Mozilla installation and setup checklist, and more.
Languages and Tools Caml Caml Weekly NewsThis week's Caml Weekly News looks at OCaml 3.06, LablGTK 1.2.5, CIL, Ocaml-Weblib, OCamOLE pre.3 and pre.3b, Music in Caml, SpamOracle, Cameleon 1.0, Cash 0.20, ocamlgsl, the data structure library, and PXP 1.1.92.
The Caml HumpThe Caml Hump shows off their new web site, with the latest Caml language development news.
Java Kaffee Weekly NewsLongtime Linux contributor Jim Pick has started publishing the Kaffe Weekly News, a summary of developments with the Kaffe Java virtual machine.
Perl The Perl ReviewThe September 1, 2002 edition of The Perl Review has been published. Topics include Extreme Mowing, Perl Assembly Language, What Perl Programmers Should Know About Java, Filehandle Ties, and The Iterator Design Pattern.
PHP PHP Weekly SummaryThe September 2, 2002 edition of the PHP Weekly Summary is out. Topics include: "Apache Hooks, expat upgrade, Ext/pdf, bundled gd, PEAR installer in 4.3.0, DOM-XML leaking, socket_recvfrom, XML-RPC configuration, sort() with 4.2.3 RC 1, COM leak in 4.2.3 RC 1, XSLT problems".
Pear Weekly NewsThis week's Pear Weekly News is out. "This week has seen a flood of new package proposals, PEAR continues to grow into a high quality library of PHP code and extensions. This week sees 1 new Release, along with 6 proposed packages and news on peardoc2, working through issues with environment variables in system and a steady flow of CVS commits."
Python Dr. Dobb's Python-URLThe Dr. Dobb's Python-URL for September 4 is out. Among other things, it looks at a new Psyco release and PiP - a Python interpreter embedded in PHP.
The Daily Python-URLThis week, the Daily Python-URL looks at the SiPy discrete event simulation package, secure protocols, shell utilities, Python for digital photography, literate programming with Leo, MySQL connectivity with Python, operators and string formatting in Python, XMLdiff, and more.
Ruby The Ruby GardenThis week, The Ruby Garden covers local variables and blocks, Ruby Conference 2002, and more.
Scheme Scheme Weekly NewsThe September 2, 2002 edition of the Scheme Weekly News looks at new entries in the ReadScheme library including PLT Scheme v202, SchemeQL version 0.04, and eGuile 1.2.
Tcl/Tk This week's Tcl-URLDr. Dobb's Tcl-URL for September 2 is out; it contains the usual set of news items from the Tcl/Tk community and pointers to some hints about the new company being started by Tcl creator John Ousterhout.
XML Transporting Binary Data in SOAP (O'Reilly)Rich Salz shows how to use SOAP for transporting binary data on O'Reilly. "XML doesn't handle embedded binary data very well. Naive developers first try to embed the data directly into their document, reasoning that since Unicode uses all possible byte values, they'll be able to do this. They realize their mistake as soon as their embedded content has a byte with a special value like 0x3C (less than) or perhaps 0x26 (ampersand). The clever naïf might try to fix this by wrapping their content in a CDATA construct, but that only makes the problem less likely, rather than removing it. Suppose the content is a SAX library -- it's quite possible that the CDATA terminator string, "]]>", will show up."
Miscellaneous KCachegrind: Valgrind UnleashedKDE.News introduces KCachegrind, a KDE front end for the Valgrind memory profiling tool.
Page editor: Forrest Cook Linux in Business Business News Good Reasons for Switching to LinuxSAP has published a paper that details why the Linux platform can save corporations money. "More and more established companies and organizations, such as Hilfiger in the USA or the German Bundestags Administration Section, are changing over to Linux. And a growing number of these companies are also SAP customers. The triggers for this change include tremendous stability, security and a generally lower Total Cost of Ownership. Added to these are a wider range of hardware and enhanced support provided by the partner companies in the SAP Linux Lab." Thanks to Ed Tomlinson.
Sun Linux with J2EE is competitive with MS .NETThis study from D. H. Brown Associates, Inc concludes that Sun Linux with J2EE is competitively priced with Dell-based Microsoft .NET. "The D.H. Brown Associates, Inc. (DHBA) study found that Sun's new LX 50 Intel server with Sun Linux and the Sun ONE J2EE application server is competitive with Microsoft .NET on Dell hardware on a value-offered basis. Further, the J2EE platform offers the lowest acquisition cost with the open-source J2EE server - JBoss - on Linux." Thanks to Maya Tamiya.
Financial results from Caldera/SCOThe Salt Lake Tribune examines recent financial results from Caldera/SCO. "The latest development for the Lindon-based enterprise came Wednesday and was upbeat: Third-quarter revenues exceeded $15.4 million, around $1.4 million more than earlier projected."The Register takes a dimmer view of the same numbers.
Press Releases Open Source Announcements
Software for Linux
Hardware with Linux support
Linux at Work
Java Products
Books and Documentation
Trade Shows and Conferences
Partnerships
Investments and Acquisitions
Miscellaneous
Page editor: Rebecca Sobol Linux in the news Recommended Reading Lessig on Freedom: Use It or Lose It (Linux Journal)The Linux Journal reports on Lawrence Lessig's OSCON keynote. "As a call for the defense of freedom, it was the geek culture equivalent of Martin Luther King's 'I have a dream' speech."
Venezuela eliminates govt. software piracy (Register)The Register reports on Venezuela's new pro-GPL software purchasing policy. "Apparently, from now on all software purchased by or developed for the government must be licensed under the GPL. Even software used for Internet access to e-government must run GPL'd apps on a GPL'd operating system. Reasons for the switch include a desire to promote the local development community rather than enriching those in bondage to foreign software behemoths, and of course assisting in the good work of stamping out unlicensed software from government bureaux."
Open-source software for GovernmentSFGate.com reports on efforts by Bruce Perens to establish open standards for software that is used by government offices. "One thing most technology experts can agree on is that California's state government has squandered billions on ill-conceived information-technology (IT) projects in recent years. Whether it was the more than $100 million in taxpayer funds that state authorities admit were wasted on the state's automated child-support system or the more recent purchase of thousands of unneeded software licenses from Oracle, the sorry record is painfully clear. California desperately needs a more workable IT plan. Fortunately, in the spirit of the open-source software movement, free-software evangelist Bruce Perens has just offered one up."
Companies Dell goes nuts for clusters (News.com)News.com writes about a new Dell Linux-based cluster that is being deployed at SUNY. "The Austin, Texas-based company and The University at Buffalo, the State University of New York (SUNY Buffalo) on Tuesday will unveil a cluster of 2,008 Dell PowerEdge servers running Red Hat Linux. Researchers will use the cluster to study the structure and orientation of human proteins, a crucial step in finding cures for many diseases. The Buffalo cluster, one of the largest of its kind in the world, is the latest in a string of high-tech projects for upstate New York."
Red Hat touts desktop Linux for enterprise users (Register)This Register article looks at Red Hat's plans to build out a growing portfolio of enterprise products with a desktop Linux offering targeted at business users. "Red Hat's desktop offering is expected next year and the company is considering subscription-based pricing. News of the launch comes after Red Hat launched Advanced Server, Content and Collaboration Management, and Database products for corporates and small and medium sized businesses (SMBs)."
The New SCO: Lessons for Linux in Business (Linux Journal)Doc Searls shares his thoughts on the newly named SCO Group.. "The message: SCO is older than Linux by a long shot (the company was founded in 1979), and UNIX is senior to both. UNIX businesses have been around for eras in Linux and Internet prehistory. Some of those businesses involve extremely deep and abiding relationships between vendors and customers. The dependencies are often extreme to the degree that the customers can't live without them. SCO had a bunch of those relationships, long before Linux came along, and many of those relationships are still alive and well. In fact, they're saving the former "Linux company's" butt. What's more, those relationships give SCO a big advantage over Red Hat, SuSE and other Linux companies that still have nothing comparable to offer SCO's traditional kinds of customers--for now."
Sun seeks many Davids for MS Office fight (Register)The Register reports that Sun is working on a set of XML data standards for use in desktop productivity applications. "Once standards for data formats are established, Sun believes two factors will drive development of Office rivals. One is increased maturity of open source browsers such as Mozilla and the Linux operating system - Fowler cited Red Hat 7.3 and SuSE 8.0 as good examples, which he said have "reasonable" install and management."
Has Java Grown Cold? (TechWeb)TechWeb ponders the future of Java and Sun: "Is it too late for Java? Despite some 80 percent of enterprises saying they use Java, the once-steaming development platform seems to have lost its grip on the spotlight. Long after .Net and Linux have become household words, only now is Sun trying to make up for Java's lost time in the low-end Web services and Linux server scenes."
Turbolinux future uncertain (ZDNet)ZDNet covers the results of the Gartner Group's analysis of TurboLinux. "Given SRA's narrow management experience, geography and market recognition, the remaining hope for the Turbolinux distribution to succeed on its own lies with the UnitedLinux effort, in which Turbolinux participates. If UnitedLinux fails to gain market momentum--Gartner believes it will have little effect on the market through 2004 (0.7 probability)--the Turbolinux distribution will also have minimal market impact and little hope of profitability except as an embedded part of SRA's portfolio (0.7 probability)."
Business Is Linux poised to topple Microsoft? (CNN)Linux gets more mainstream press coverage in the form of this article on CNN. "During the Cold War, the initials ABM used to mean Anti-Ballistic Missile. In the late '90s, they stood for Anybody But Microsoft, a reaction to the fact that Bill Gates' Windows operating system was in 90 percent of the world's computers and critics didn't like the restrictions Microsoft Corp. placed on computer companies that licensed its software. But now Microsoft is a convicted monopolist, forced to ease up on those restrictions. The biggest beneficiaries of the New Millennium ABM Club may be proponents of Linux, the open-source operating system, long considered to be as potentially disruptive to Microsoft's dominance as a missile strike on Communist-era Moscow. "
Do We Still Need Microsoft? (Open For Business)Open For Business writes about the coming of age for Linux on the desktop. "Linux has had numerous obstacles to overcome before being truly viable in a corporate desktop environment. Issues such as hardware compatibility, usability, technical support, and software compatibility have restricted Linux' acceptance among IT professionals. Through the hard work and dedication of Open Source Software developers, most of whom write code for free, Linux has overcome these obstacles in the past couple years. Because of this, the recent announcements concerning Linux on the desktop have less to do with Linux than they do with Microsoft Windows. Many companies and IT professionals have come to understand the single biggest reason for Linux' upcoming success on the corporate desktop: There is no longer a compelling reason to run Microsoft Windows on a corporate desktop."
The state of enterprise Linux (ZDNet)ZDNet is carrying a Gartner pronouncement on the future of Linux in the enterprise. "Microsoft will be pressured to change strategies by enabling easier integration and interoperability, and encouraging more open-source-software ports to Windows and .Net. We believe Microsoft will resist these pressures--it will not port Office to Linux--as it attempts to get buy-in by enterprise CIOs for the .Net framework. But the tide has already turned: Most large enterprises are looking for flexibility, leverage, and lower-cost alternatives and believe they have more options in the server world than on the desktop."
All things considered, it's a recipe for revolt (MIS Magazine)MIS Magazine examines the effect that Microsoft's version 6 licensing is having on their user base. "For users, the time will inevitably come when they either succumb or jump to alternative suppliers. US Giga Group analyst Julie Giera told CNET in May 2002 that of the third intending not to sign to version 6.0 licensing, 80 per cent are installing Linux somewhere in their organisation. However, Kablau says he does not believe the alternatives are a significant threat." Thanks to Con Zymaris.
Interviews Introducing the Open Cluster Framework (Linux Journal)The Linux Journal interviews Linux High Availability (HA) expert Alan Robertson. "The goal of the HA Project is to provide an HA clustering solution for Linux via community development, and the goal of OCF might be even more ambitious: to define APIs that provide basic clustering functions and to provide a reference implementation of the API."
Gingell: History will repeat itself (ZDNet)ZDNet's David Berlind further covers an interview with Sun's Rob Gingell on such topics as Java and Linux. "In my previous column on Sun's future reliance on Java as a core asset, I analyzed Sun Chief Engineer Rob Gingell's assertion that Java has succeeded the Solaris/Sparc duo as the company's crown jewel. Now, I've gleaned and analyzed several other noteworthy nuggets from my lengthy interview (Part I and Part II) with Gingell."
Mstation interviews Iain DuncanMstation has an interview with Iain Duncan on the use of Csound in the world of techno music. "Csound is essentially a programming language ( well scripting or mark up language if we want to get picky ) for digital audio, including software synthesis, effects, and other digital manipulation. The main difference between Csound and things like Reaktor, PD, or Max/MXP, is that it is a text based programming language with similarities to basic, C, and assembly."
Resources LinuxDevices Embedded Linux NewsletterThe August 29, 2002 edition of the LinuxDevices Embedded Linux Newsletter is out with all of the latest embedded Linux news.
Introducing Linux Productivity MagazineTroubleshooting Professional Magazine has split in two. The Linux content is now contained in a monthly magazine called Linux Productivity Magazine. The current issue describes the download, installation, and configuration of the IceWM window manager.
Reviews Xbox Linux Project gets SuSE 8.0 running (Register)According to the Register, the Xbox Linux Project has made a big step forward in booting SuSE 8.0 on the Microsoft gaming platform. "The hardware they're using has been subject to "minor" modification, so this falls into category A of the Project. Category B aims to run unsigned code on unmodded hardware, which is a much less do-able looking target."
LinuxOrbit reviews games on WineXLinuxOrbit has reviewed TransGaming Technologies' WineX by running eight different windows games.
Ogg Vorbis tunes in to hardware (News.com)News.com looks at the release of Tremor, an Ogg Vorbis player which uses no floating point arithmetic. "The [Xiph] organization emphasized that adding Ogg Vorbis support would cost hardware makers nothing in license fees, and the group is offering to provide them with any engineering help they may need to integrate the format."
Why Kylix 3 doesn't support Red Hat 7.3 & how to fix it (maybe)LinuxWorld.com reviews Borland's Kylix software development platform, and gives some tips on making it work under RedHat 7.3. "The big news about Kylix 3 is that this excellent RAD for Linux now supports C++ as well as Delphi. Delphi, if you don't already know, is Borland's extended Pascal. Borland, if you don't know, is one of the premier makers of software development tools in the world. Borland has tons of experience bringing Pascal/Delphi, database managers, C, and C++ development tools to market."
Miscellaneous Open EvidenceEarlier this year, the European Commission signed a contract for the use of a project known as OpenEvidence. "OpenEvidence produces technology for "evidence" creation and validation of electronic documents, meaning "evidence" a document certified by some authority that guarantees the data it contains. The technology developed by the project can be used as basic building blocks to support such services as non-repudiation of electronic business transactions, property right protection and notarisation." Thanks to Hector Martinez.
Why Xbox Linux founder left the project (Register)The Register covers the departure of Enrico Kern from the Xbox Linux Project. "The founder of the high-profile Xbox Linux Project has left the group over concerns about the direction of the project and disagreements with the anonymous donor who's contributed $200,000 to port Linux to the Microsoft gaming device."
Page editor: Forrest Cook Announcements Resources September Linux GazetteThe September issue of the Linux Gazette is now available. Contents include a guide to digital photography, adaptive Linux firewalls, Kerberos, and more.
1998 Perl Conference CD Online (use Perl)Use Perl has an announcement for the availability of the 1998 Perl Conference CD.
Upcoming Events Two OSCON Lightning Talks Online (use Perl)Use Perl mentions the availability of two OSCON 2002 lightning talks online, Dan Brian on "What Sucks and What Rocks", and Brian Ingerson on "Your Own Personal Hashbang".
Henri Bergius at OSCOM, BerkeleyHenri Bergius will give a presentation on the Midgard application server at the OSCOM Open Source CMS Conference in Berkeley, California on September 25, 2002 at 11:00 am.
Think-Linux, The Solutions ShowThe third annual Linux Expo in Toledo OH is called "Think-Linux, The Solutions Show". Think-Linux will be held October 30 - 31, 2002.
PICNIC Conference in Paris - Web Services for Regional HealthcareLinux Med News has an announcement for the PICNIC Conference. "PICNIC was initiated by regional health care providers, who are developing the next generation of regional health care networks supporting new ways of providing health and social care. PICNIC will deliver open source components, develop a model for future regional health care networks, and make the European market for telematic care services more cohesive." The conference will be held in Paris, France on September 26 and 27, 2002.
The Third Annual Bioinformatics.Org meetingThe Third Annual Bioinformatics.Org meeting has been announced, it will be held in San Diego, California on February 3-6, 2002.
Events: September 5 - October 31, 2002
Web sites New theme site, ''Theme Depot'' launched. (Gnotices)Gnotices mentions a new site that is home to a collection of themes, themedepot.org.
Software announcements This week's software announcementsHere are the software announcements, courtesy of Freshmeat.net. They are available in two formats:
Miscellaneous GNOME Users and Contributors SurveyThe GNOME foundation has announced the GNOME Users and Contributors Survey. GNOME users might want to take a few minutes to fill it out.
Page editor: Forrest Cook Letters to the editor Re: Red Hat as the "next Redmond"
> There is a backlash against Red Hat from many consumers and government > agencies... What?!? I missed this the first time around. I work with many "Government Agencies" and they are damn near standardizing on Red Hat. I know there's a backlash in the Linux "Power User" community but, as I said on some other site which I can't remember, it's more related to the "fight the establishment" attitude in the Software Libre community. See, the reason many people moved to Linux is because it was "radical". Now that Red Hat is seen as the main Linux vendor it is now look upon as the establishment. If SuSE or Caldera or any distro vendor were in the same position now that Red Hat is in you would see the same backlash against them. -- Attention all planets of the Solar Federation. We have assumed control.
Page editor: Jonathan Corbet
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||