LWN.net Weekly Edition For September 19, 2002
Closed betas and the GPL
Certain issues seem to come around over and over again. One of those, certainly, is that of closed beta tests of Linux distributions. Can a distributor run closed beta tests and still comply with the GPL? The straightforward answer is certainly "no." If you distribute GPL-licensed software to somebody else, you can not restrict their right to further distribute that software.That does not stop distributors from doing closed beta tests, however. Corel did it. Caldera (oops...SCO Group...) has done it. Lindows has done it. And UnitedLinux is doing it. The closed beta period ends on September 23, at which point the UnitedLinux beta, with source, will be available to all. In the mean time, however, one might wonder how the current closed beta is being kept closed.
At the UnitedLinux press conference, FSF director Bradley Kuhn asked about the terms of the non-disclosure agreement that was signed by the beta testers. The UnitedLinux spokesperson evidently agreed to disclose those terms. To help them remember, Mr. Kuhn has sent out an open letter on behalf of the FSF asking them to follow through:
Even as you release your new product to the public, the past
situation must be clarified. Not only does the community deserve to
know, but I also believe it behooves you to put to rest and clarify
the legal ambiguities that arise naturally from doing a "closed
beta" of GPL'ed software.
It remains to be seen whether UnitedLinux violated the GPL, or whether it just picked a set of beta testers who, of their own will, chose not to distribute the UnitedLinux beta.
Closed betas will always raise this sort of issue however. They are also unnecessary. There are distributors, with MandrakeSoft and the Debian Project at the top of the list, who do all of their development and beta testing work in the open. In return, they get a wider pool of testers, the assistance of the free software development community, and the knowledge that they will not be accused of GPL violations. Distributions, too, are free software development projects; they benefit from frequent, public releases. Is it really worth the trouble to keep a Linux distribution under wraps?
Integrating intellectual property rights and development policy
The London-based Commission on Intellectual Property Rights has issued its final report on intellectual property law and developing countries. There is much to be found there in favor of free software and freedom of access to information in general. With regard to DMCA-like legislation, the report recommends:
Where suppliers of digital information or software attempt to
restrict 'fair use' rights by contract provisions associated with
the distribution of digital material, the relevant contract
provision may be treated as void. Where the same restriction is
attempted through technological means, measures to defeat the
technological means of protection in such circumstances should not
be regarded as illegal.
Concerning software for use in government:
Developing countries and their donor partners should review
policies for procurement of computer software, with a view to
ensuring that options for using low-cost and/or open-source
software products are properly considered and their costs and
benefits carefully evaluated. Developing countries should ensure
that their national copyright laws permit the reverse engineering
of computer software programmes beyond the requirements for
inter-operability, consistent with the relevant IP treaties they
have joined.
The full report covers a much wider range of topics, such as drugs, traditional knowledge, agriculture, etc. Reading the whole thing is a substantial commitment of time, but worth the trouble for those who are interested in these topics. Those wanting a rather shorter experience can read The Economist's coverage of the report.
LWN status update
After a few quiet weeks, we actually have some news to report: we have finally been able to set up a new merchant account which will allow us to accept credit cards. Hopefully we'll have better luck with the new bank than with the old - which is still holding a portion of the donations from last July.What this means is that, finally, we will be able to go forward with our subscription offering, at which point we will truly find out if there is enough support out there to keep LWN going on a sustainable basis. There is still some frantic code-bashing to be done; if all goes well, we should be able to start taking subscriptions next week. Next week's LWN Weekly Edition will be free to all readers; thereafter it will be available to subscribers only for an initial period (which will probably be one week).
On another front, our new mailing list mechanism is up and running. The first list is called "Notify;" it simply receives a message once a week when the new Weekly Edition is available. This list thus replaces our old lwn-notify list, which has been running since the beginning - almost five years ago. Other lists, mostly providing access to our content via email, will be available shortly (and mostly limited to subscribers). Mailing list subscriptions require a (free) LWN account, and can be controlled through the "MyAccount" link in the left column.
Thanks, yet again, for your support through this interesting period.
Security
That OpenSSL Worm
This worm has been referred to by at least four different names: Apache/mod_ssl worm, linux.slapper.worm, bugtraq.c worm and Modap worm.On Friday September 13th the first reports appeared on Bugtraq of an active worm exploiting the OpenSSL buffer overflow vulnerability reported at the end of July. The next day CERT issued Advisory CA-2002-27 Apache/mod_ssl Worm.
Compromise by the Apache/mod_ssl worm indicates that a remote attacker
can execute arbitrary code as the apache user on the victim system. It
may be possible for an attacker to subsequently leverage a local
privilege escalation exploit in order to gain root access to the
victim system. Furthermore, the DDoS capabilities included in the
Apache/mod_ssl worm allow victim systems to be used as platforms to
attack other systems.
By Sunday
September 15th, at 17:00 GMT, F-Secure Corporation reported 13,000 infected servers
out of "over 1,000,000 active OpenSSL
installations in the public web.
"
Updates to fix the problem, including backports to earlier versions of OpenSSL, had been available for over a month
from the OpenSSL project, Caldera, Conectiva, Debian, EnGarde, Eridani, Gentoo, Mandrake, OpenPKG, Red Hat, SuSE, Trustix and Yellow Dog.
SecurityFocus has completed and released a full analysis (PDF format) of the worm in addition to their initial incident Alert (PDF format). F-Secure is maintaining a "Virus Description" of this worm with lots of interesting information.
The first reports in the press appeared Friday, the day the worm was first seen, in CNET and Network World Fusion. The next day CNET put up another story with additional information. By Monday evening both the Register and TechWeb had published their reports on events to date. On Tuesday Network World Fusion reported that the worm has infected at least 30,000 Linux Apache Web servers.
Also, see this other article from TechWeb on the worm:
According to Dan Ingevaldson, team lead of the X-Force R&D division at ISS, the first version may be a test to see how well the worm works before more deadlier versions surface. "Unlike Code Red and Nimda, where virus writers didn't have immediate access to the source code, the source code for this worm is already widely public," he says. "I'd expect new versions to start to surface."
RUS-CERT has made available a tool to remotely detect vulnerable servers. However, Eric Rescorla has observed behavior different from what that tool expects.
In the unlikely event that you haven't already, applying the appropriate OpenSSL update might be a very good thing to do before reading any further.
Brief items
Mozilla bug leaks Web surfing data (CNET)
CNET has a short article about a little privacy bug in Mozilla's handling of referers. "The bug reveals the URL of the page someone is viewing to the Web server of the site last visited. This allows a Web server to track where people go after they leave the site, even if the next Web address comes from a bookmark or is manually typed into the browser." If you are using a Gecko-based browser, you can see the bug in action on this page.
September CRYPTO-GRAM newsletter
Bruce Schneier's CRYPTO-GRAM newsletter for September is out. It looks at possible new attack strategies for algorithms like AES, the Word97 vulnerability, and more. "We're seeing more and more of this: vulnerabilities in products that are no longer supported. When the SNMP vulnerabilities were published earlier this year, many products with the vulnerability were no longer supported. Some were made by companies no longer in business."
Security reports
ht://Check cross-site scripting problems
Ulf Harnhammar reports potential cross-site scripting problems in ht://Check version 1.1, and possibly earlier versions as well. "It doesn't remove HTML tags before displaying the crawled web servers' "Server:" headers and other information."
ht://Check is a link checker derived from ht://Dig. It can retrieve
information through HTTP/1.1 and store it in a MySQL database so
that after a "crawl", ht://Check can return broken links, anchors
not found, content-types, and HTTP status codes summaries. A PHP
interface lets the user to query and view the results directly via
the web
xbreaky symlink vulnerability
Marco van Berkum reports a symlink vulnerability in the xbreaky breakout game for X. If xbreaky is installed as suid, the vulnerabilty can be abused by any user to overwrite any file on the filesystem. Distributions which include xbreaky may or may not install it suid root.MIMEDefang version 2.21 scans fragmented mail messages
The folks at Roaring Penguin Software have released, under the GPL, version 2.21 of MIMEDefang to deal with this Outlook Express based attack to bypass SMTP-based content filter engines.
MIMEDefang is a program for inspecting and modifying e-mail messages as they pass through your mail relay. MIMEDefang is written in Perl, and its filter actions are expressed in Perl, so it's highly flexible.
A patched version of MIME-Tools that addresses the problem is also avilable as well as version 1.2-F17 of Roaring Penguin's commercial CanIt anti-spam solution based on MIMEDefang 2.21.
(Proprietary product) Race conditions in BRU Workstation 17.0
A race condition in TolisGroup's BRU Workstation 17.0 can be used to clobber any system file." According to this followup post, TolisGroup have responded with confirmation of an update for a race condition reported previously, and an estimated date for a new update for this one.(Proprietary product) File disclosure vulnerability in DB4Web application server
Stefan Bagdohn reports a file disclosure vulnerability in the DB4Web high-performance application server from Guardeonic Solutions AG. The DB4Web team has already provided an update which is available from here.
New vulnerabilities
Local privilege escalation vulnerability in XFree86
| Package(s): | xf86 xfree86 | CVE #(s): | |||||||||||||||||
| Created: | September 18, 2002 | Updated: | October 27, 2002 | ||||||||||||||||
| Description: | XFree86 version 4.2.1 fixes a problem in Xlib that made it possible to execute arbitrary code in privileged clients. Other libraries are dynamically loaded by libX11.so as needed. When linking against a setuid program, arbitrary code could be loaded and executed from a pathname controlled by the user. | ||||||||||||||||||
| Alerts: |
| ||||||||||||||||||
Cross-site scripting vulnerability in Konqueror for KDE 3.0.3
| Package(s): | kdelibs | CVE #(s): | |||||||||||||||||
| Created: | September 17, 2002 | Updated: | November 18, 2002 | ||||||||||||||||
| Description: | Konqueror for KDE 3.0.3, and earlier versions, is subject to this cross-site scripting vulnerability. Since the problem is in kdelibs, any other application which uses the KHTML renderer is also vulnerable. Javascript code running in one frame can access other frames which should be inaccessible. The problem is fixed in kdelibs 3.0.3a. | ||||||||||||||||||
| Alerts: |
| ||||||||||||||||||
Buffer overflow vulnerabilities in purity
| Package(s): | purity | CVE #(s): | |||||
| Created: | September 17, 2002 | Updated: | September 26, 2002 | ||||
| Description: | It seems that the "purity" game isn't entirely pure itself - a couple of buffer overflows have been found which could be exploited to gain access to the "games" group on Debian systems. Rather than face the prospect of people tampering with their nethack scores, the Debian Project released the first upgrade closing the vulnerability. | ||||||
| Alerts: |
| ||||||
Resources
Linux Security Week and Advisory Watch
The September 16th Linux Security Week and September 13th Linux Advisory Watch newsletters from LinuxSecurity.com are available.chkrootkit 0.37 is now available
Klaus Steding-Jessen announces the release of chkrootkit version 0.37. chkrootkit is a tool to locally check for signs of a rootkit.Well worth a look, especially if you arn't familiar with this useful tool.
Four final computer security guidelines availble from NIST
The US National Institute of Standards and Technology (NIST) announces the final publication of four computer security guidelines available from here.The four NIST Special Publications are:
- Security for Telecommuting and Broadband Communications
- Security Guide for Interconnecting Information Technology Systems
- Procedures for Handling Security Patches
- Use of the Common Vulnerabilities and Exposures (CVE) Vulnerability Naming Scheme.
Choosing passwords: random, mnemonic phrases and more
Folks at the Cambridge University Computer Laboratory have done a good study on different password selection approaches which is summarized in two papers:- The Memorability and Security of Passwords - Some Empirical Results by Jianxin Yan, Alan Blackwell, Ross Anderson and Alasdair Grant (PDF format)
- A Note on Proactive Password Checking by Jianxin Jeff Yan (PDF format)
Crispin Cowan also has some interesting comments on the conclutions reached by the study.
Events
Final Speakers Announced for HiverCon 2002
HiverCon 2002 is scheduled for November 26th and 27th, 2002 in Dublin Ireland.
In total ten speakers have been announced as confirmed to speak
at HiverCon 2002. The industry recognized names will be presenting
papers on a myriad of information security topics, introducing new
tools and research, as well as discussing newly highlighted security
problems and solutions.
Upcoming Security Events
| Date | Event | Location |
|---|---|---|
| September 19 - 20, 2002 | SEcurity of Communications on the Internet 2002(SECI'02) | Tunis, Tunisia |
| September 23 - 26, 2002 | New Security Paradigms Workshop 2002 | (The Chamberlain Hotel)Hampton, Virginia, USA |
| September 23 - 25, 2002 | University of Idaho Workshop on Computer Forensics | (University of Idaho)Moscow, Idaho, USA |
| September 27 - 29, 2002 | ToorCon 2002 | (San Diego Concourse)San Diego, CA, USA |
| October 16 - 18, 2002 | Recent Advances in Intrusion Detection 2002(RAID 2002) | Zurich, Switzerland |
| November 26 - 27, 2002 | HiverCon 2002 | (Burlington Hotel)Dublin, Ireland |
For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net.
Page editor: Dennis Tenney
Kernel development
Brief items
Kernel release status
The current development kernel is 2.5.36, which was released by Linus on September 17. The big news was, of course, is the merge of the XFS journaling filesystem. There's also the x86 "huge page" patch, an IEEE-1394 ("Firewire") update, a big USB update (converting the code to the new driver model scheme), an IDE update, and various other fixes. See the long-format changelog for the details.Linus has had a busy week; 2.5.35 was released on September 15. This (large) patch included, among other things, the merge of User-mode Linux, a large IDE update, various memory management improvements, more threading improvements, a bunch of NFS server patches and PPC64 and SPARC updates. Again, the long-format changelog has the details.
Linus's BitKeeper tree, which will become 2.5.37, has some block I/O work, some RPC fixes, a bit of memory management work, and Linus's simple solution to the get_pid() problem (see below).
The current 2.5 Status Summary from Guillaume Boissere is dated September 17.
The current stable kernel is 2.4.19; Marcelo released 2.4.20-pre7 on September 12. Big MIPS and IA-64 updates make up the bulk of the patch this time around, along with a relatively small set of other fixes.
Alan Cox's current prepatch is 2.4.20-pre7-ac2. The IDE work continues; this patch also contains a number of other, unrelated fixes.
The current ancient kernel is 2.2.22, which was released by Alan Cox on September 16. It contains a few security fixes, so people still running 2.2 will probably want to have a look at this update.
Kernel development news
A new way to sleep?
A quick look through the kernel source will turn up no end of examples of code like:
while (some_condition)
interruptible_sleep_on(some_queue);
The idea, of course, is to put the process asleep until something of interest has happened. The problem with this kind of code is that if the condition changes (and the wakeup happens) between the two lines of code above, the process will miss the wakeup and could sleep for far longer than intended. Because of this inherent race condition, the elimination of sleep_on() and its variants has been on the kernel hackers' todo list for some time.
There is a macro (wait_event) which can be used to sleep safely, but most code which includes race-free sleeps does so manually with the following approximate steps:
- Create a wait queue entry (usually with DECLARE_WAITQUEUE).
- Change the process to a state (usually TASK_INTERRUPTIBLE)
which indicates that it is asleep - even though the process is still
running in kernel code.
- Add the current process to a wait queue which will be awakened when
the condition is met.
- Test the condition of interest; if no sleep is necessary, reset the
process state to TASK_RUNNING, remove the wait queue entry,
and get on with the job at hand.
- Otherwise call the scheduler to let some other process run until
somebody wakes the current process up.
- On wakeup, go back to the top and do it all again.
This sequence works because a wakeup will reset the task state to TASK_RUNNING; this "shorts out" the sleep should the process test its condition at the wrong time and call the scheduler after the wakeup has happened. In many places, the above steps are complicated by the need to release locks or other resources before invoking the scheduler. The result is a lot of duplicated (and error-prone) code throughout the kernel - and this is the "safe" way of doing things.
As part of his 2.5.35-mm1 patch, Andrew Morton has included a new interface designed to simplify the coding of safe sleeps. Code using the new API looks like:
DECLARE_WAIT(queueentry);
prepare_to_wait(&wait_queue, &queue_entry, TASK_INTERRUPTIBLE);
if (condition_not_met)
schedule ()
finish_wait(&wait_queue, &queue_entry);
The actual series of events that occur has not really changed; things have just been packaged inside the new prepare_to_wait() and finish_wait functions. The result, though, is code which is cleaner and more likely to be correct. Now it's just a matter of those hundreds of sleep_on calls still in the 2.5 kernel source...
Solving the process ID allocation problem
Ingo Molnar, in his project to give Linux "world-class threading support," has set his sights on another Linux performance problem: the allocation of process ID (PID) numbers for new processes. This does not seem like it should be a difficult problem, but the current kernel get_pid() shows quadratic behavior when the number of processes gets large. Essentially, the algorithm looks like this:
for each possible PID
for each task in the system
if task_pid == pid
keep_trying
The above is an oversimplification, since the get_pid() code tries to find a range of usable PIDs, not just one. Look here for the real get_pid() implementation. The point is that, with very large numbers of processes (i.e. on the order of 100,000), process ID allocation can lock up the system for long periods of time.
Ingo's solution starts with some work done by William Lee Irwin. William's "idtag" infrastructure adds hash tables for managing things with numeric ID tags; it is used in this patch to manage PID-related things like process groups and session IDs. The idtags help to eliminate many iterations over the whole process space done in the kernel, but do not solve the PID allocation problem.
Ingo handles PID allocation through a new allocator that he wrote from scratch. This allocator maintains an array of pages (allocated as needed) which are used as PID bitmaps; allocating a new PID becomes a matter of finding a page with a free PID available, then finding and clearing the first set bit. It all happens with no locking required. Ingo claims:
Ie. even in the most hopeless situation, if there are 999,999 PIDs
allocated already, it takes less than 10 usecs to find and allocate
the remaining one PID. The common fastpath is a couple of
instructions only.
So it's fast - though a few extra features have been requested. But this patch has stirred up a bit of a debate. Rather than put in a complicated new PID allocator, it is asked, why not just make the maximum PID be very large? Then, in theory, the quadratic part of get_pid() will never run so the performance problems go away, and the code stays simpler. Linus prefers this approach, as do a number of other developers; he has put a simple patch along these lines into his pre-2.5.37 BitKeeper tree.
Ingo disagrees, pointing out that any reasonable maximum PID size can be exceeded eventually. He would rather fix the problem than try to hid it behind a large process ID space. In the absence of real-world examples that show people being bitten by get_pid()'s behavior in a larger PID space, though, Linus appears unlikely to accept any more complicated fix.
Asynchronous I/O moves forward
There has been little (visible) progress with the asynchronous I/O code since the AIO core was merged into the 2.5.32 kernel. AIO author Ben LaHaise has not been idle, however. Slowly the other pieces of the AIO package are beginning to show up for the 2.5 tree.One piece is this patch which adds "synchronous IOCBs" to the mix. One might wonder why an asynchronous I/O infrastructure needs I/O control blocks which have a synchronous option. The answer is that the synchronous IOCB is needed to achieve the goal of making most or all low-level I/O operations in the kernel be asynchronous. Once the I/O primitives expect an IOCB, and they work in an asynchronous mode, it is easy to layer the older, synchronous versions on top through the use of a synchronous IOCB. For now, synchronous IOCBs are only used in the generic_file_read() function.
The next step, perhaps, is this patch from Badari Pulavarty; which reworks the direct I/O (DIO) infrastructure. The DIO code handles direct operations on block devices - such as when a "raw" device is used, or when a file is opened with the O_DIRECT option. The DIO operations, with this patch, are all asynchronous, with synchronous IOCBs used when synchronous behavior is required. With this change, the task of making the block I/O subsystem be asynchronous internally is nearly complete. Other subsystems (i.e. char devices, networking) remain to be converted over to the AIO scheme, however.
The Linux TPC results and kernel changes
HP has recently been trumpeting its results running the TPC-C benchmark with Oracle on Linux. Slightly better performance than that achieved with Windows is claimed. What may be more interesting is this note posted to the linux-kernel list on what HP did to its kernel to achieve those results. The kernel that ran the benchmark had a few patches:
- Asynchronous I/O. Apparently using AIO improved performance by
about 5%.
- Large pages. Going to 2MB pages (i.e. using the large page patch that went into 2.5.36) improved performance by 8%.
The benchmark also made extensive use of high memory (16GB worth), direct I/O, and a number of other recent kernel features.
Patches and updates
Kernel trees
Architecture-specific
Build system
Core kernel code
Development tools
Device drivers
Filesystems and block I/O
Memory management
Networking
Security-related
Benchmarks and bugs
Miscellaneous
Page editor: Jonathan Corbet
Distributions
News and Editorials
Distributors and application configuration
The competing Linux desktop projects have been a favorite source of flamewars for years. Criticism of Red Hat, the largest Linux distributor has also been good for large amounts of inflammatory content. So it's not surprising that those who like to argue have gotten even more mileage than usual out of the combination of the two topics.The problem? Red Hat, it seems, has gone out of its way to configure the GNOME and KDE environments in its "null" beta to look (and act) alike. Red Hat's reasoning is fairly straightforward: they want to improve their desktop by minimizing incompatibilities and making use of the best of what each desktop environment has to offer. Critics complain that features have been configured out, the default behavior of the desktop has been changed, and that desktop "branding" suffers as a result of the configuration changes and mixing of applications.
The problem with these complaints, of course, is that both projects have released their desktops as free software. Red Hat may have applied a heavy hand with some of its changes, but the software involved was released under a license which allows far worse. When you make software free, you explicitly give up a great deal of control over what others can do with that software. Microsoft is able to dictate the appearance of its desktop to resellers; GNOME and KDE have given up that power.
The fact that the software is free means that any distributor can make whatever changes it wants in order to provide (what it sees as) the best desktop for its customers. Red Hat's exercise of this right is a good thing, even if the resulting desktop is a mess. If enough distributors put effort into improving the desktop they ship, the quality of Linux desktops as a whole can only improve. Any good ideas from Red Hat's work should spread; the rest can be ignored. Red Hat is functioning as part of the development process for both desktops.
And, in general, it is the right and responsibility of Linux distributors to make the changes they see fit (within the licensing requirements) to improve their products. The diversity of distributions is one of the great strengths of Linux. Why would we want to change that?
Distribution News
Debian Project updates
Debian Project Leader Bdale Garbee has sent out his first Bits from the DPL posting since May; it is mostly concerned with his extensive travels over the summer. The posting skips over some minor events that happened while Bdale was out of town, like the Woody release. So Anthony Towns has sent out a Bits from the RM message to fill in the gap; have a look for "some of the reasons sarge is going to blow you away."
And, as if that weren't enough, Martin Schulze has sent out Bits from the SRM describing where he is going
with the Woody release. "The regulations for stable are quite
conservative.
"
Mandrake Linux Community Newsletter
The Mandrake Linux Community Newsletter for September 12 is available. It looks at the second Mandrake Linux 9.0 release candidate, the availability of Mandrake-based systems at Walmart, the business case of the week, and more.The YaST2 Package Manager
One of the most anticipated new features in the upcoming SuSE 8.1 release would appear to be the YaST2 package manager. YaST2 is a completely rewritten interface to the (as always, RPM-based) package management system with a number of new features. The interface itself, as seen in the screen shots looks nice. The folks at SuSE seem to have put some serious thought into making package management easier.One new capability is "taboo packages," the ability to block certain packages from ever being installed on a system. If a user wants, for example, to keep that other desktop (for whatever definition of "other") off of a system, making it taboo will keep it from ever being installed. Without this capability, it is easy to find that library packages slip in via dependencies even if they had been originally excluded.
Dependency handling in general appears (from the screenshots) to have received a fair amount of thought. Dependency problems can turn system management into an unpleasant task, especially when complicated conflict scenarios arise. YaST2 appears to have the ability to display conflict problems and to allow users to resolve them as they best see fit - including that all important "I know what I'm doing, just do it" option.
YaST2 has not been made available separately, so it will be necessary to wait for the 8.1 distribution to try it out. That release looks on track to happen before the end of September in Europe; those of us on the western side of the Atlantic will likely have to wait a little longer.
New Distributions
Warewulf 1.0 released
Warewulf 1.0 has been released. "Warewulf is a unique Linux distribution for cluster nodes. It facilitates a central administration model for all nodes (residing on the master) and includes tools needed to build configuration files, monitor, and control the nodes."
Minor distribution updates
CRUX 0.9.4
CRUX 0.9.4 has been released. This release transitions the distribution to gcc 3.2; see the changelog for the full list of updated packages.Gentoo Linux 1.4 RC 1
The first release candidate for Gentoo Linux 1.4 has been announced. "The Gentoo Linux 1.4 release candidate 1 is gcc 3.2-based, supporting optimizations for Pentium III, Pentium 4, Athlon (Classic through XP,) K6 (Classic through K6-3,) PowerPC G3 and PowerPC G4 with AltiVec. Also included is a new 2.4.19-based high-peformance kernel with IBM EVMS (enterprise volume management) support, countless enhancements to Portage and a new "live" bootable CD that boots directly into a runtime version of Gentoo Linux 1.4_rc1."
Probatus Spectra Linux 1.2 released
Probatus Technologies has announced the release of version 1.2 of its "Probatus Spectra" distribution. Features of this distribution include "uDevix" and "uOffix" ("selected state-of-the-art commercial packages") and "uDoctrix," "a fully indexed knowledge base of essential Linux documentation in a transparently compressed CD-ROM format."
Distribution reviews
Xandros Beta 3 Preview (OSnews)
OSnews reviews the third Xandros beta. "Installation Procedure This is a desktop OS, meant to be used by both Windows individual users and Windows-based corporations. The hard core geek Linux user is not what Xandros is aiming for. What I have seen so far from this beta 3b, is that this is meant to be an industrial design, carefully crafted towards people who would want to upgrade from Windows98/ME to Linux. Comparing this distro to Lycoris Build-50 beta or the latest Red Hat Null beta, well, it does not look as sexy or good-looking."
Page editor: Jonathan Corbet
Development
System Applications
Audio Projects
Libsndfile version 1.0.1
Version 1.0.1 of Libsndfile, a library for reading and writing different audio formats, has been released. "The main new feature in this release is the ability to read and write a subset of the binary files used in GNU Octave as well as a couple of Octave script files for loading, saving and playing these files from within Octave. Details of using libsndfile with Octave can be found here." Thanks to Erik de Castro Lopo.
Mail Software
spasm 0.26 released
Version 0.26 of the spasm anti-spam milter has been released. "Changes include a couple bugfixes, a change in the HELO filter, a new curses-based application for modifying settings (replacing spasmbl and spasmwl), and a contrib directory with a skeletal CGI and friends to demonstrate a web interface for modifying spasm settings."
SpamShield: A Perl-Based Spam Filter for sendmail (O'Reilly)
Glenn Graham introduces SpamShield on O'Reilly. "The science of spam (if you can call it that) has taught us one thing: spam leaves a definite "calling card" in the system logs. This calling card is generally repetitive enough that the process of tracking spam may be automated. Based on this theory, a brilliant programmer by the name of Kai Schlichting wrote a Perl-based program called SpamShield."
Stamp out spam with SpamAssassin (IBM developerWorks)
Brian Goetz explains how to use SpamAssassin on IBM's DeveloperWorks. "This article takes a look at the evolution of the spam cycle (for as Sun Tzu and every general who ever came after him said, "Know thine enemy and victory will be forthcoming"). It also takes a look at SpamAssassin, the latest in a long and venerable line of weapons in the fight against spam, as well as a look ahead."
Science
GRASS 5.0.0 released
The release of version 5.0.0 of the GRASS geographical information system has been announced. "This new version is the first major change in GRASS functionality since GRASS 4 was released several years ago. Notable improvements include support for floating point and null values. Users can opt to use a new windowing interface based on Tcl/Tk on those platforms supporting X Window."
Web Site Development
Midgard 1.4.3 for Debian stable
Midgard 1.4.3 is now available for Debian Stable and Unstable distributions.Mod_Python donated to the Apache Software Foundation
The code for Mod_Python has been donated to the Apache Software Foundation. Click below for the full announcement.Zope Members News
This week's entries on the Zope Members News include CMF/Plone training in Europe, TextIndexNG 1.05 Beta 1, and Plone 1.0 beta.Server clinic: PDF for the server (IBM developerWorks)
Cameron Laird writes about server-side PDF file generation on IBM's developerWorks. "PDF is the recognized standard for several categories of top-quality displayable output. While most programmers regard it as a "desktop" technology, a format that a content specialist chooses through a SaveAs operation, you can make your document management processes more powerful through server-side automation of PDF creation. This month, Cameron introduces the ReportLab library for PDF management and programming."
Desktop Applications
Audio Applications
AlsaPlayer 0.99.72 released.
Version 0.99.72 of the AlsaPlayer audio file playing utility has been released. This version features bug fixes and preparatory code for the switch to glib 2.0.
Desktop Environments
GNOME 2.0.2 Desktop and Developer Platform Released!
GNOME 2.0.2 has been released. "The GNOME 2.0.x Desktop and Developer Platform releases are devoted to bugfixes, translations, user interface consistency, and general polish of our major 2.0 release. In GNOME 2.0.2, you'll see the results of continued performance and stability work, plus plenty of bug fixes..."
GNOME Summary for 2002-08-12 - 2002-08-16
The GNOME Summary for September 12th through September 16th is now available, covering GNOME 2.0.2, AbiWord, Red Hat 8 (and their GNOME alterations), and more.KDE Switches To Bugzilla
KDE.News reports on KDE's switch to the Bugzilla bug tracking system. "Unlike the old system, Bugzilla is based on MySQL and thus enables advanced search functions and offers many other features such as email notification and voting."
Graphics
Gimp_print 4.2.2 released
Version 4.2.2 of Gimp-Print has been released. A number of bugs have been fixed for the Epson Stylus printers. This is a stable release for The Gimp version 1.2.
GUI Packages
XFree86 4.2.1 release available
Version 4.2.1 of the XFree86 window system has been announced. Version "4.2.1 is a minor revision of the full 4.2.0 release which must be installed first. This release is a security patch which fixes a security vulnerabilty and is strongly recommended to be applied."
PerlQt 3.002 with RAD support released.
KDE.News covers the first public release of PerlQt 3, a full-featured object-oriented Perl interface to the Qt3 toolkit. "Key features include support for nearly all Qt classes through SMOKE, a language-neutral binding library brought to you by Ashley Winters and David Faure (and Richard Dale's kalyptus), unlimited slots and signals, virtual function overloading, and Rapid Application Development (RAD) through puic, a Qt Designer compatible user interface compiler. Here is a screenshot of some PerlQt applications. There is also a tutorial available to help you get started. Enjoy!"
Interoperability
Roadmap for Samba 3.0 Published
The Roadmap to Samba 3.0 has been published. Check it out to see the progress that is being made toward the release of Samba 3.0.Kernel Cousin Wine
Issue #135 of Kernel Cousin Wine is out. Threads include Patch Submission Tips, Direct3D 8 Support, Wine DLLs under Visual C, Menu Handling Problems, and a New Header: winternl.h.
Office Applications
AbiWord Weekly News #109 (2002, week 37) released
The AbiWord Weekly News #109 is now available.Kernel Cousin GNUe
Issue #46 of Kernel Cousin GNUe is out with the latest GNU enterprise development news.
Web Browsers
Galeon 1.2.6 released!
The latest Galeon is available. "The binary packages there are against mozilla 1.1, but you can recompile against any 1.0 or greater version of galeon and it will build - with one caveat..."
Mozilla 1.2 Alpha Released
Mozilla.org has an announcement for the 1.2 Alpha release of Mozilla. "This release has better keyboard navigation including Type Ahead Find which lets you quickly navigate to links, and browse the web without a mouse." See the release notes for all of the details.
MozillaZine
The latest articles on MozillaZine include an Overview of Mozilla-based Browsers, a Mozilla Privacy Bug, Mozilla Calendar 0.8, and Mozilla 1.2 Alpha.
Languages and Tools
Objective C
Objective-C: the More Flexible C++ (Linux Journal)
Linux Journal has an introduction to "Objective-C for programmers familiar with C++ or any other OOP language.
Caml
The Caml Hump
The latest additions to The Caml Hump include Unlambda, Various functional interpreters, Galax, OCamlSpread, Link, C-, PLAN, and the Oxford Oberon-2 Compiler.
Java
JSTL 1.0: What JSP Applications Need, Part 2 (O'Reilly)
Hans Bergsten covers JSTL 1.0 in part 2 of a series on O'Reilly. "Part 1 of this series gave you an overview of JSTL -- the new specification of commonly-needed JSP tag libraries -- and showed you how to use the core JSTL actions. In this article, I'll dig a bit deeper and discuss how JSTL can help you with internationalization and database access. The bulk of the article does not require any Java programming knowledge, but the sections that deal with how servlets and other Java classes interact with the JSTL actions do."
JFC Swing: The SpringLayout Class (O'Reilly)
Marc Loy explains the SpringLayout manager on O'Reilly. "With SDK 1.4, a new -- but not really new -- layout manager was added. The SpringLayout manager uses the notion of springs and struts to keep everything in place."
Custom SSL for advanced JSSE developers (IBM developerWorks)
Ian Parkinson writes about JSSE on IBM's developerWorks. "JSSE brings secure communications to Java applications, by using SSL to encrypt and protect data as it travels across a network. In this advanced look at the technology, Java middleware developer Ian Parkinson delves into the lesser-known aspects of the JSSE API, showing you how to program your way around some of the restrictions of SSL. Learn how to dynamically select the KeyStore and TrustStore, relax JSSE's password-matching requirements, and build your own customized KeyManager implementation."
Lisp
GNU CLISP 2.30 released
Version 2.30 of GNU CLISP has been released. "This version includes several new features such as a new module for interfacing to the Oracle ODBMS, improved file name and pathname management, improved output of some debugging/introspection tools, new socket functions and functionality, more POSIX functions, UCS-4 character strings, and additional options for image dumping."
Perl
This Week on perl5-porters (use Perl)
The September 9-15, 2002 edition of This Week on perl5-porters is out. Topics include printf format documentation, Data::Dumper and tied objects, -DLEAKTEST problems, Testing for magic, Syntax incompatibility with the // operator, and more.Retire your debugger, log smartly with Log::Log4perl! (O'Reilly)
Michael Schilli explains the Log::Log4perl Perl logging package on O'Reilly. "You've rolled out an application and it produces mysterious, sporadic errors? That's pretty common, even if fairly well-tested applications are exposed to real-world data. How can you track down when and where exactly your problem occurs? What kind of user data is it caused by? A debugger won't help you there. And you don't want to keep track of only bad cases. It's helpful to log all types of meaningful incidents while your system is running in production, in order to extract statistical data from your logs later."
PHP
PHP Weekly Summary
Issue #103 of the PHP Weekly Summary is out. The content summary includes: "License location, type1 fonts with GD, PCRE update, COM extension still broken, NET-SNMP support, strto[upper|lower] and UTF-8PHP scripts as .INI files, ext/ecasound, ext/xmms".
Pear Weekly News
The September 15, 2002 edition of the Pear Weekly News is out. "While the mailing list was slightly quieter, if only because everybody was busy packaging and releasing. This week saw 6 stable, 2 beta and 1 development release, MDB's first stable release, Some discussions on how to use PEAR if you are in a hosted enviroment and some exciting new packages proposed like Christian Stocker Webdav Server Class."
Python
The Daily Python-URL
Topics on this week's Daily Python-URL include Automatic Run-time Interface Building for Aggregated Objects, Thinking in Tkinter, Pyepix, pymqi, SemanText 0.72.1, and more.
Ruby
The Ruby Weekly News
This week, the Ruby Weekly News looks at RubyInline 1.0.4, RubyCocoa 0.3.0, RubyAEOSA 0.2.1, DbTalk 0.7, Programming Ruby translated to Norwegian, Multi-methods and overloading, and an explanation of the various open-source licenses.
Tcl/Tk
This week's Tcl-URL
Dr. Dobb's Tcl-URL for September 17 is out, with the latest from the Tcl/Tk development community.
XML
What Are Topic Maps? (O'Reilly)
Lars Marius Garshol introduces topic maps for organizing XML encoded information. "When XML is introduced into an organization it is usually used for one of two purposes: either to structure the organization's documents or to make that organization's applications talk to other applications. These are both useful ways of using XML, but they will not help anyone find the information they are looking for. What changes with the introduction of XML is that the document processes become more controllable and can be automated to a greater degree than before, while applications can now communicate internally and externally. But the big picture, something that collects the key concepts in the organization's information and ties it all together, is nowhere to be found. This is where topic maps come in."
Simple Text Wrapping (O'Reilly)
Antoine Quint writes about text under SVG 1.0 on O'Reilly. "SVG 1.0 includes support for manipulating and representing text. There's an entire chapter devoted to text in the specification. Text in SVG is real text; to write Hello World! in an SVG document, you have to write something like"Hello World! . This comes in handy with regard to accessibility as it means that SVG text is searchable and indexable.
Adventures in high-performance XML persistence, Part 2 (IBM developerWorks)
Cameron Laird continues his series on speeding up the parsing of XML. "XML-oriented applications vary enormously in performance. This article, the second in a series on XML persistence, presents basic information you should know about XML parsing, including several principles for measuring XML parsing performance that are important for any XML developer who wants more speed."
Miscellaneous
omniORB 4.0.0 and omniORBpy 2.0 release candidates
Release candidates for the omniORB 4.0.0 and omniORBpy 2.0 CORBA ORBs for C++ and Python are available. The omniORB project has also been moved from AT&T Laboratories Cambridge to SourceForge.The Perl Review Suckatude Index
The Perl Review has published its Suckatude Index, a graphical comparison of how various languages "Rock" or "Suck". The index is guaranteed to offend Visual Basic, C++, and Java proponents.Identity Crisis (O'Reilly)
Kendall Grant Clark studies the W3C's "Architectural Principles of the World Wide Web" document on O'Reilly. "In the APW's view, the Web is a "universe of resources". So far, so good. But what is a resource? The APW adopts the definition of resource from RFC 2396, a definition which has always made me uneasy, though probably because I'm still more inclined to think of these things like a philosopher than like a programmer or software system architect."
Page editor: Forrest Cook
Linux in Business
Business News
AMD Appoints Marty Seyer [former Penguin Computing CEO] to Vice President of Server Business
AMD has hired the former CEO of Penguin Computing, Marty Seyer. He "will be responsible for AMD's server business, including marketing, strategy, business planning, product planning and associated operations."
Egenera upgrades top-end Linux servers (News.com)
News.com reports on Egenera's upgraded blade servers, which use the new 2.6 and 2.8 Ghz Intel Xeon processors.Intel dreams of the networked home (ZDNet)
According to ZDNet, Intel is working on a Linux-based "digital media adapter" as part of its wireless PC initiative. The device will allow audio and video components to be networked with computers. "The first generation of the Intel gadget will let people view and play PC-stored image and audio files on a television or stereo receiver, said Vogel. A subsequent generation will also permit the transfer of video. By offering video and photo capabilities, the Intel adapter serves up more bang for the buck than current devices, which mainly store and play music."
Earthlink to provide net access to LindowsOS users
Lindows.com and Earthlink have formed a partnership to place an Earthlink icon on default LindowsOS desktops, providing internet access to users of the Linux distribution.LinOra Corporation Switches From Microsoft Windows to Linux Desktops Using Ximian Evolution
Here is a "Linux at Work" press release from Ximian, announcing that a company called LinOra has switched all their Windows computers over to Linux. "While most of the pieces we needed to make the switch were available, we were missing a high-quality email and personal information management application to replace Microsoft Outlook. With its familiar interface and robust feature set, Evolution became the foundation product that enabled our entire company's changeover to Linux."
Macrovision and Broadcom do DRM on Linux
Here's a press release from Macrovision and Broadcom on how they are producing a digital rights management platform - on a Linux-based set-top box. "The Broadcom DRM Tool Kit consists of a suite of silicon solutions and software drivers that provide end-to-end security and rights management of digital content in home networking and entertainment applications. Included in the suite of services are decryption and encryption engines, authentication services, tamper detection services, and digital recording management services." While much of this work can probably remain proprietary legally, they will have to release their kernel changes; it will be interesting to see how forthcoming they are with that code.
Oracle on Linux edges SQL Server in benchmark (Register)
The Register reports on the results of a recent Oracle benchmark, where Linux was 14 percent faster than Microsoft SQL Server. "The results come from running Oracle9i Database Release 2 with Real Application Clusters on Linux against Microsoft SQL Server 2000 on a 32-processor cluster configuration, with identical processors and the same amount of memory per CPU."
Red Hat, IBM expand Linux deal (CNET)
Red Hat will be bringing its Advanced Server to all four of IBM's server lines, and IBM's Global Services division will provide support for Red Hat's software. "The two companies will jointly market each others' products and tune them to work well together."
Red Hat announces quarterly results
Red Hat has put out a press release on its second quarter results. The "pro-forma" results are a $471,000 loss; with GAAP accounting the number grows to $1.7 million. Underneath all that, however, was a positive cash flow of $2 million; the company now has $288 million in the bank.SGI Shatters World Performance Record (Press Release)
In a press release last week, SGI trumpeted that it has "attained linear scalability on a 64-processor Itanium 2-based system and world-record results among microprocessor-based systems on the STREAM Triad benchmark, which tests memory bandwidth performance."
Sun Microsystems Introduces New Open Desktop Client
Sun has announced its new Linux distribution, targetted at desktops. "The new solution brings together off-the-shelf hardware, open-source software and Sun's own industry-leading intellectual property. These include low-cost desktop systems hardware and several open source software efforts, namely Linux, Mozilla, OpenOffice, Evolution and GNOME. This gives desktop users a familiar desktop environment and the ability to interoperate with Microsoft Office documents, presentations and spreadsheet formats. In addition, with Evolution, the user is provided with a Microsoft Outlook-like client which interoperates with Microsoft Exchange while Sun also provides the fully supported StarOffice, the world's most popular open office productivity suite."
Sun Microsystems Laboratories gives elliptic curve cryptography to OpenSSL
A press release from Sun Microsystems announces their recent contributions to the OpenSSL project. "Sun has contributed an Elliptic Curve cryptography code implementation to the OpenSSL (Secure Socket Layer) project. Elliptic Curve cryptography is an emerging public-key cryptosystem which provides the same degree of security as those used in SSL today with approximately one-eighth the key size. This makes the technology especially useful for mobile devices and other small devices that are limited in the power, CPU performance, memory, or bandwidth."
LOCKSS Digital Archiving System
Sun Microsystems has issued a press release, announcing the LOCKSS ("Lots Of Copies Keep Stuff Safe") Program. "The LOCKSS program is a joint undertaking of Sun Microsystems Laboratories and Stanford University Libraries to develop a secure, reliable system which safeguards and preserves access to digital publications. The LOCKSS system is designed to make it feasible and affordable, even for smaller libraries, to preserve access to the e-journals to which they subscribe, and safeguard their community's access to them." Fourty nine libraries will be using the system, it will be run on Linux systems.
SuSE Linux 8.1 Available on October 7
Here's a press release from SuSE stating that version 8.1 of the SuSE Linux distribution will be available on October 7. It appears that the PR is talking about U.S. availability; it may be released a little sooner in Europe. There is a lot of new stuff in this release; click the link below for the details.
Press Releases
Open Source Announcements
- Automated Business Development Corp. (BOSTON): Blue Express Moves State Governments Toward Paper-Less Compliance.
- Emic Networks (SAN JOSE, Calif.): Emic Application Cluster Enhances MySQL Reliability and Scalability.
- SGI (INTEL DEVELOPER FORUM, SAN JOSE, Calif.): SGI Shatters World Performance Record.
- Sapient (CAMBRIDGE, Mass.): Sapient Releases Java Management Console to the Open Source Community.
- Sun Microsystems, Inc. (SANTA CLARA, Calif.): Sun Microsystems and Stanford University Libraries Awarded Grants for Digital Archiving Program.
- Sun Microsystems, Inc. (SANTA CLARA, Calif.): Sun Microsystems Donates More Than $6 Billion of StarOffice Productivity Software and Sun Technologies to Schools Worldwide, Reaching Over 240 Million Students.
- Sun Microsystems, Inc. (Unknown): Sun Microsystems Laboratories Contribute Next Generation Security Technologies To Open Source Project.
Distributions and Bundled Products
- Cybernet Systems Corporation (Ann Arbor, MI): Cybernet launches NetMAX 4.0.
- Lindows.com (San Diego, CA): Lindows.com and Earthlink Break New Ground by Bringing Easy Dial-Up Access to Linux.
- Lindows.com (San Diego, CA): Choice Just Got Better with Lindows.com 2.0 -- Available Now; Sharp New Look Accompanies Advanced Features in Newly Released LindowsOS 2.0.
- MandrakeSoft (Altadena, CA): MandrakeSoft Announces Courseware at 30 Training Sites Across Americas.
- Probatus Technologies (Turku, Finland): PROBATUS TECHNOLOGIES ANNOUNCES PROBATUS SPECTRA(TM) LINUX 1.2 OPERATING ENVIRONMENT.
- Red Hat, Inc. (PALO ALTO, Calif. & RALEIGH, N.C.): HP First to Offer Red Hat Linux Advanced Workstations for Itanium 2-based Systems.
- SuSE Linux (OAKLAND, Calif.): New SuSE Linux 8.1 Available on October 7th; 10 years of Linux expertise result in comfort and maximum security for professional and private users.
- SuSE Linux (Oakland): New SuSE Linux 8.1 Available on October 7th.
- Sun Microsystems, Inc.: Sun Microsystems Introduces New Open Desktop Client; 100-User Solution Ushers In New Era for Secure, Desktop Economics.
- the STBx25xx (AMSTERDAM): MontaVista Supports New IBM STBX25XX Integrated Controller for Set-Top Boxes.
Software for Linux
- ACCPAC International, Inc. (LAS VEGAS, NV): ACCPAC Extends Linux Support to the Desktop.
- Alias/Wavefront (TORONTO): Alias/Wavefront Ships Maya 4.5.
- BMC Software, Inc. (HOUSTON): BMC Software Improves Productivity and Lowers Management Costs With Dynamic Linux Configuration Management Solution for IBM Mainframe.
- BakBone Software, Inc. (SAN DIEGO): BakBone Software Announces MagnaVault 2.3.0; New Global Caching and Support For Linux 2.4 and Tru64 5.1.
- Bristol Technology (DANBURY, Conn.): Bristol Technology Announces Wind/U 5.0; Enhanced Visual Studio compatibility for Bristol clients.
- Butterfly Security (SAN JOSE, Calif.): Butterfly Security Releases Linux Version of CodeSeeker (TM) Application Security Software.
- Credence Systems Corporation (BEAVERTON, Ore.): IMS Introduces Linux Controller for Vanguard System to Increase Speed, Performance and Usability.
- Discreet (AMSTERDAM, The Netherlands): Discreet Showcases Innovation in Workflow, Asset Utilization and Creativity with New Product Advances at IBC 2002 -- Spotlight Focuses on Groundbreaking Linux Rendering Software.
- Discreet (AMSTERDAM, The Netherlands): Discreet Unveils burn--New Linux-Based Background Rendering Software.
- Get2Chip (SAN JOSE, Calif.): Get2Chip to Exhibit At Magma's Fusion User Group Inaugural Conference September 19 in Santa Clara, Calif.; Will Demonstrate RTL Compiler Synthesis Solution.
- IBackup.com (WOODLAND HILLS, Calif.): IBackup.com releases IBackup for Linux, an Online Backup Application for the Linux Platform.
- Lund (ALBANY, OR): Lund's New Meta-View Provides Versatile 'Three-Click' Performance Management; New Multi-Platform Performance Reporting System Allows Users T Manage Environments More Efficiently .
- Lund Performance Solutions (ALBANY, Ore.): Lund's New Meta-View Provides Versatile ''Three-Click'' Performance Management; New Multi-Platform Performance Reporting System Allows Users to Manage Environments More Efficiently.
- Meetinghouse Data Communications, Inc (PORTSMOUTH, N.H.): Meetinghouse Data Communications Extends Security Support for Wireless LAN Environments; MS Windows 2000, XP, LEAP and LDAP Support Now Included in Meetinghouse AEGIS.
- OPTX International (CHICO, Calif.): OPTX International's ScreenWatch Screen Capture Codec Version 9 Plug-In Delivers Break-Through Quality at Dial-Up Bandwidths.
- Obsidian (AUSTIN, Texas): Obsidian Software Announces RAVEN SE For MIPS64-Based Products; Random Test Generator for Soft Cores.
- Paradigm (HOUSTON): Paradigm Expands Its Product Portfolio to Include Linux-Based Solutions.
- SaberFile, Inc. (CARY, N.C.): SaberFile-HQ Server Now Available for Secure Remote and Local Access to Corporate Enterprise Resources.
- Synchronicity (MARLBORO, Mass.): Synchronicity Developer Suite 3.3 Available with Enhanced Cadence Design Management and International Support.
- Synopsys, Inc (MOUNTAIN VIEW, Calif.): Synopsys Introduces TetraMAX TenX; New Distributed Processing Solution Accelerates ATPG for Today's Largest Designs.
- Thales in Security (WESTON, Fla.): Thales e-Security Brings its Hardware Cryptography to a Wider Audience With New SUN Solaris and Linux Versions of WebSentry.
- XCELERIX (INDIANAPOLIS): Xcelerix Embedded In-Memory Database Available on Linux.
- Yosemite Technologies, Inc. (FRESNO, Calif.): TapeWare Does It Again With New Disaster Recovery for Linux.
Products and Services Using Linux
- AdminForce Remote LLC (Boulder, CO): AdminForce Remote LLC Announces a Breakthrough new Powerwall 3 Network Security System.
- Broadcom (AMSTERDAM, Netherlands): Macrovision and Broadcom Announce Partnership to Expand Digital Rights Management in Next Generation Set-Top Platforms.
- International Datacasting Corp. (AMSTERDAM, The Netherlands): International Datacasting Announces New Products at IBC in Amsterdam.
- the 3eTI Family of Wireless Gateways (ROCKVILLE, Md.): Secure Wireless LAN Solutions With AES & 3DES Introduced by 3e Technologies International; 3eTI's AES and 3DES Encryption Solutions are NIST Certified.
Hardware with Linux support
- Egenera Inc. (MARLBORO, Mass.): Egenera Announces Two-way Processing Blade Based on the Intel Xeon Processor 2.80 GHz; Industry's Most Powerful Two-way Blade Server Runs Customers' Most Demanding Applications.
- HP (PALO ALTO, Calif.): HP Provides IT Flexibility to Emerging Businesses with New ProLiant Servers; New Offerings Provide Growing Businesses Range of Server Options, Enabling Them to Do More with Less.
- SBE (SAN RAMON, Calif.): SBE Announces the Availability of TimeSys Certified Linux Drivers for Five of Its Top Selling PMC Modules.
- SS8 Networks (SAN JOSE, Calif.): SS8 Networks Introduces SS7 Signaling for Carrier-grade Linux OS.
Linux at Work
- AVL Information Systems Inc. (DETROIT, MI): AVL Information Systems Inc.: ABC NEWS Affiliate WTVC NEWS Channel 9 to Air Demonstration of 'i-Track' Chaperone GPS Tracking Device for Teen Safety.
- Dell (AUSTIN, Texas): Dell High-Performance Computing Clusters Power Multiple Research Projects at Penn State; Dell Servers Analyze Data for Biology, Chemistry, Meteorology and Physics Departments.
- Dell and Menasha (AUSTIN, Texas): Menasha Corporation Deploys Oracle and SAP On Dell PowerEdge Servers, Red Hat Linux; Migration is Further Evidence of the Value of Standards-Based Servers.
- Paxonet and Magma Design Automation, Inc (CUPERTINO, Calif.): Paxonet Communications Uses Magma System to Tape Out Multimillion Gate Networking Traffic Management Device; Blast Chip and Blast Noise Enable Easy Adoption of New COT Design Flow.
Java Products
- 2AB (BIRMINGHAM, Ala.): 2AB, Inc. Announces orb2 for Java Version 2.3 With CSIv2.
- Antepo (NEW YORK): Antepo Pushes the Lead on Java Development Within Jabber Community.
- Oak Grove Systems, Inc (CALABASAS, Calif.): Oak Grove Systems Releases Reactor 5.0.7 Workflow Engine.
- Rational Software Corporation (LAKE BUENA VISTA, Fla.): Rational Software Expands 'Quality by Design' Initiative For Developers of Software Products, Embedded Systems And Devices.
Trade Shows and Conferences
- SecureWorld Expo (Seattle, WA): ADVISORY/ Sourcefire To Present Intrusion Detection Insights At SecureWorld Expo Seattle.
Partnerships
- Filanet Corp. and uRoam Inc (SUNNYVALE, Calif.): Filanet and uRoam Announce Merger; Combined Company Delivers Secure Remote Access for Organizations of All Sizes.
- Parasoft and Terra Soft Solutions (MONROVIA, Calif.): Terra Soft Signs on as Parasoft Channel Partner To Offer Insure++ for Yellow Dog Linux on PowerPC.
- Red Hat and IBM (RALEIGH, N.C.): Raleigh, N.C.-Based Red Hat, IBM Upgrade Pact to Push Linux.
- SlickEdit Inc. (MORRISVILLE, N.C.): SlickEdit Elected to Eclipse Board; Eclipse Board of Stewards Represents Eclipse.org; Member Companies Creating an Open Platform for Software Tool Integration.
- SoftIntegration, Inc. and MandrakeSoft (DAVIS, Calif.): SoftIntegration Joins MandrakeSoft Partner Program.
- TimeSys Corporation and Cyclone Microsystems (PITTSBURGH): Cyclone Microsystems Chooses TimeSys(TM) as the Exclusive Linux(R) Distribution for Cyclone's CompactPCI Intelligent I/O Controllers.
- TimeSys(TM) Corporation (PITTSBURGH): TimeSys(TM) Chosen by ADI Engineering Inc. As Exclusive Provider of Embedded Linux(R).
Investments and Acquisitions
- Turbolinux Inc. (SAN FRANCISCO and TOKYO): Software Research Associates Acquires Turbolinux Linux Software Business.
Financial Results
- Red Hat, Inc (RALEIGH, N.C.): Red Hat Announces Earnings Conference Call.
- Red Hat, Inc (RALEIGH, N.C.): Raleigh, N.C.-Based Linux Company's Shares Rise on IBM Deal.
- Red Hat, Inc. (RALEIGH, N.C.): Strong Revenue Growth and Positive Cash Flows Highlight Red Hat's Second Quarter Results; 13% Growth in Enterprise Revenues Evidence Red Hat's Execution of Its Enterprise Strategy.
- The SCO Group (LINDON, Utah): The SCO Group Reports Third Quarter Results; Operating Results Exceed Expectations.
Personnel and New Offices
- AMD (SUNNYVALE, Calif.): AMD Appoints Marty Seyer Vice President of Server Business, Ed Ellett Vice President of Client Business; New Organizational Structure Strengthens Customer Focus.
- HATS OFF COMMUNICATIONS (WILMINGTON, Vt.): Hats Off Communications Expands With Addition of 2 More Former Red Hat Marketers.
- Symark (WESTLAKE VILLAGE, Calif.): Symark Announces Expansion into European Market; Names David Taylor as Managing Director.
- Symark (WESTLAKE VILLAGE, Calif.): Symark Announces Expansion into Asia-Pacific And Japan; Names Rob Prigge as Director, Asia-Pacific.
Miscellaneous
- F-Secure (SAN JOSE, Calif.): Fast spreading Slapper worm enables attacker to take over infected servers.
- SlickEdit Inc. (MORRISVILLE, N.C.): SlickEdit Announces SlickEdit Academic Program; New Program Provides Academic Organizations Easy Access to Visual SlickEdit Editing Environment.
- SnapGear Inc. (SALT LAKE CITY): SnapGear Scoops Linux Journal Editor's Choice Awards; Snap Gear Voted As Best Server Appliance Ahead of Sun's Cobalt Qube.
- StarNet Communications Corp. (SUNNYVALE, Calif.): New PC X Server Tool Brings UNIX and Linux to Every Windows Desktop.
Page editor: Forrest Cook
Linux in the news
Recommended Reading
Assessing the risks of open source (ZDNet and META Group)
ZDNet has published a lengthy article, provided by META Group, on the risks of Open Source, especially as it concerns organizations who are using Java in their enterprise. "By 2003, the use of open-source software will become a standard part of all organizations utilizing Java, with a high number already using the Apache Web server (60 percent of active sites) and a significant group using open-source Java servers (14 percent)."
The Toshiba Standoff (Linux Journal)
Adam Kosmin writes about the troubles he had trying to purchase a Toshiba laptop without paying for Microsoft Windows. "Eventually, I was told that I could not purchase the hardware without a copy of Microsoft's OS pre-installed and this stipulation was not open to negotiation. At this point, I realized that on some level my rights as a consumer were being violated."
RMS: why open source needs Free Software's ideals (Register)
In response to an article written by SecurityFocus Online's Jon Lasser, The Register has posted an open letter from Richard Stallman, which contains at least one rebuttal, followed by a brief history lesson on Free Software.
Companies
HP, Red Hat team on Linux workstation (News.com)
News.com reports on HP's new Itanium 2 based systems, which run a version of Red Hat Linux. "Red Hat had planned to release its Advanced Workstation product in the first half of 2003, but accelerated the schedule as part of an expanded alliance, said Mike Evans, vice president of business development at Red Hat. The alliance shows what companies can--and often will--do to push mainstream acceptance for new technologies."
IBM retooling Linux for new servers (News.com)
News.com reports on IBM's efforts to bring Linux to its line of servers. "IBM will complete the next step in its embrace of the Linux operating system by early 2003 as the company improves how Linux runs on its pSeries servers. Big Blue currently supports Linux, a clone of the Unix operating system, on its xSeries Intel servers, its iSeries mid-range servers, its zSeries mainframes, and its pSeries servers that typically run IBM's AIX version of Unix. Right now, pSeries servers require AIX, but future models will run with just Linux."
Red Hat, IBM push Advanced Server on eServers (Register)
The Register covers the recent collaboration between IBM and Red Hat. "Yesterday's deal seems to indicate that Red Hat is getting more enthusiastic about the eServer line from IBM, and the reason is probably that IBM is ponying up the cash to have Red Hat create the ports of Linux Advanced Server for the zSeries, pSeries, and iSeries machines. Neither IBM nor Red Hat disclosed any financial terms of the latest deal, which only covers Advanced Server as it runs on the eServer line."
It's good news and bad on Red Hat earnings (Nando)
The Raleigh-based News and Observer has published a nice roundup of Red Hat's business lately, specifically addressing the success of the Advanced Server product. "The 8,000 units of Red Hat Advanced Server sold during the quarter exceeded internal forecasts..."
Red Hat nullifies KDE, Gnome (Register)
The Register analyzes Red Hat's attempts to deal with the competing KDE and GNOME desktop environments. "Taylor doesn't beat about the bush. Providing two desktops with different brands and behavior is confusing and costs Red Hat an unnecessary amount of money, he writes. In the latest beta of RedHat Linux, the distro has replaced the KDE and Gnome branding with its own in-house look and feel."
In suspense over Sun's upcoming desktop Linux boxes (Linux Journal)
The Linux Journal looks forward to Sun's upcoming Linux desktop announcements. "But there is a serious prevailing ethic here, and it's one where Sun may be ahead of the curve, and that's cost-cutting. The post-Enron world is all about severely bottom-line-oriented management and accounting practices, and it's a matter of time before IT honchos give Linux a second (more likely tenth or hundredth) look, and finally start making the obvious choices. But will they go for name-brand boxes?"
Sun expands StarOffice giveaway (News.com)
News.com reports that Sun will be giving away copies of StarOffice to educational institutions. "Sun Microsystems will give away its StarOffice software to ministries of education in Europe and Africa, the company is expected to announce Tuesday, in an effort to undermine rival Microsoft. "Sun is committed to giving the global education community access to the StarOffice productivity suite at no cost," Kim Jones, vice president of global education and research, said in a statement."
Business
Open Source .NET supports Office challenge (Register)
The Register reports on KDE's support for project Mono. "KDE developers are working [on] two Mono-based projects. The first is a Mono-based script interface to KDE with planned bindings to Qt. These will allow different languages to be used when building KDE applications. A sub-project is also underway for a plug-in interface to Kate, the KDE advanced text editor. The project would enable developers to write Kate plug-ins, such as a browser, in Qt or a version of Microsoft's C Sharp written for in Mono for KDE called QtC Sharp."
Interviews
Microsoft: All XML, all the time (News.com)
News.com interviews Microsoft's Jim Allchin, the topic of Linux came up:
"
Q:Can you be more specific, beyond it being a challenge? What will Microsoft do? You have China and Latin America embracing Linux quite openly.
Q:What's your current assessment of Linux? Last time we spoke you said you were concerned. Any change?
"
A:I'm just as concerned. They are a very serious competitor. We think very hard about it.
A:There are a number of dimensions we think about. Their community is very, very good, and we're hard at work trying to follow that model. The exchange of source within a certain set of licenses, we've also learned from and we've done a lot today.
Obviously...the way (Linux) work is done--I think about it in a more componentized way. I believe in integration because I believe it makes peoples' lives simpler. On the other hand, I consider componentization to be a great attribute from an engineering perspective. Then there are things I don't want to learn from them. It's very hard to innovate when you're in a decentralized mode.
Resources
Embedded Linux Newsletter
The Linux Devices Embedded Linux Newsletter for Sept. 12, 2002 is out, with the latest embedded Linux news.Running MS Office under Linux (Linux Journal)
Linux Journal shows how to use CrossOver Office with Linux. "For many, making the move to Linux is an easy step. Based on the facts that Linux is fast, stable and of course, free, it's not difficult to see why so many folks are making the move away from the world of Windows. As Linux desktop converts, we do need to accept some limitations, at least in the office applications category. While there are very good open-source office applications and even full office suites, none of them are a complete replacement for, or are fully compatible with, Microsoft's office suite."
Reviews
Does StarOffice shine for the enterprise? (ZDNet)
ZDNet reviews Star Office: "Although competition is welcomed, we believe corporate buyers will not find StarOffice to be a viable option and it will not have an impact on Microsoft Office's dominant position."
Miscellaneous
UnitedLinux readies first public showing (ZDNet)
ZDNet covers the upcoming first public release of the UnitedLinux distribution. "The software is tailored for the enterprise, and as such its main competition will be Red Hat's Advanced Server; both are designed to downplay Linux's traditional do-it-yourself flexibility in favor of rock-solid stability. However, UnitedLinux will deliver more for the money than Advanced Server, promised Gregory Blapp, SuSE's vice president for international business and a member of UnitedLinux's board."
Where the Jobs Are (Linux Journal)
The Linux Journal looks at the Linux employment situation. "An informal survey of employers, employment recruiters, contracting firms, universities and Linux pros shows that job hunters now find: stiffer requirements, a tighter market, leveled salaries, new job responsibilities and new thinking on certification."
Penn State plugs into Dell cluster (News.com)
News.com reports on Penn State's new Dell cluster. "Penn State will use the new cluster, which currently has 80 nodes and will grow to 256, to carry out research in biology, chemistry, physics and meteorology. Each of the 80 nodes is a Dell PowerEdge server with dual Xeon processors from Intel and RedHat's Linux operating system."
Fed cybersecurity initiative boosts TCPA (Register)
The Register examines the latest cyber security initiative from the White House. "On Wednesday a group of federal bureaucrats, business representatives and industry lobbyists will be rolling out a draft of the White House's new initiative to enlist the computing public in the task of defending cyberspace. Originally, the Feds had planned to roll out a final draft, but this has been delayed due to unresolved conflicts among the technology companies the scheme will be affecting."
Page editor: Forrest Cook
Announcements
Resources
Extending Linux
The Linux Standards Base has sent out a press release announcing a "brainstorming phase" concerning the extension of the LSB. "Now it is time to expand LSB's coverage, to better meet the needs of Linux based application developers and "normalize" the use and acceptance of free and open source software. While the LSB is already moving forward with planned updates that will include more interfaces (such as C++) and features (such as standardized package management) we need your input. We need to know what interfaces and features future versions of the LSB should include. For that mater, we need to know what interfaces and features Linux itself is missing."
Recording Audio from JACK-Enabled Applications in Ardour
QuickToots has a tutorial by A. J. (Tony) Schiavone on using Ardour with JACK. "The Jack Audio Connection Kit (JACK) provides a method for JACK-enabled Linux applications to share audio data. Some of the growing number of applications that are currently JACK-enabled include Alsaplayer (an audio player that uses the Linux ALSA sound interface), MusE (a MIDI sequencer with softsynth support) and Ardour (a multi-track digitial audio recorder and workstation). This tutorial describes the method for using Ardour to record audio output from external applications such as Alsaplayer and MusE."
Balancing your books? GnuCash is the answer (LinuxWorld.com)
LinuxWorld.com is running a tutorial on GnuCash. "Joe Barr walks us through his experience with GnuCash personal-accounting software. His conclusion? GnuCash is good enough to trust with the bookkeeping chores at a miniature donkey ranch."
The Perl Journal Returns Online (use Perl)
According to Use Perl, The Perl Journal, a recently discontinued print magazine, will be returning as a subscription-based online magazine. "CMP, owners of The Perl Journal, have brought the journal back, in the form of an online monthly magazine, in PDF form. The subscription rate is $12 a year. They need 3,000 subscriptions to move forward (no word if existing subscriptions will be honored, or included in the 3,000)."
September Yadda Lambda is out.
The September issue of the lisp-p.org Lisp Magazine (also known as Yadda Lambda) is out. "It features an introductory article on partial evaluation and the account of how an experienced programmer approached Common Lisp." Thanks to Paolo Amoroso.
Upcoming Events
Call for nominations for the FSF Award for the Advancement of Free Software
The Free Software Foundation has sent out a call for nominations for its 2002 award for the advancement of free software. "Any kind of activity could be eligible -- writing software, writing documentation, publishing CDs, even journalism -- but whatever the activity, we want to recognize long-term central contributions to the development of the world of software freedom."
'Perl 6: Right Here, Right Now' slides available. (use Perl)
Use Perl has mentions the availability of Leon Brocard's slides from his London Perlmongers talk on Perl 6.HiverCon Speakers Announced
Ten speakers have been selected for the HiverCon 2002 security conference.Events: September 19 - November 14, 2002
| Date | Event | Location |
|---|---|---|
| September 19 - 20, 2002 | Yet Another Perl Conference Europe 2002(YAPC::Europe 2002) | Munich, Germany |
| September 19 - 20, 2002 | 9th Annual Tcl/Tk Conference | Vancouver, BC, Canada |
| September 25 - 27, 2002 | The Second Open Source Content Management Conference(OSCOM) | (Lawrence Hall of Science, University of California)Berkeley, CA |
| September 27 - 29, 2002 | Lulu Tech Circus | (State Fairgrounds Complex)Raleigh, North Carolina, USA |
| October 11 - 13, 2002 | V Congreso Hispalinux | San Sebastian-Donostia, Spain |
| October 14 - 16, 2002 | The Singapore Linux Conference 2002 | (Le Meridien Singapore)Singapore |
| October 14 - 15, 2002 | The Open Group Conference | (Hotel Martinez Palace)Cannes, France |
| October 17 - 18, 2002 | Open Source for E-Government | Washington, DC |
| October 24 - 25, 2002 | PHPCon 2002 | (The Clarion Hotel SFO)Millbrae, California |
| October 28 - 31, 2002 | International Lisp Conference 2002 - The Art of Lisp | San Francisco, CA |
| October 30 - 31, 2002 | Think-Linux, The Solutions Show | (The Pinnacle)Toledo OH |
| November 1 - 3, 2002 | 2nd Annual Ruby Conference(RubyConf 2002) | (Washington State Trade and Convention Center)Seattle, Washington |
| November 2, 2002 | Southern CaliforniA Linux Expo 2002(SCALE) | (Davidson Conference Center, University of Southern California)Los Angeles, CA |
| November 3 - 6, 2002 | International PHP 2002 conference | Frankfurt, Germany |
| November 3 - 8, 2002 | 16th System Administration Conference(Lisa '02) | Philadelphia, PA |
| November 14 - 15, 2002 | The Open Source Health Care Alliance(OSHCA) | (UCLA Medical Center)Los Angeles, CA |
Software announcements
This week's software announcements
Here are the software announcements, courtesy of Freshmeat.net. They are available in two formats:
- Sorted alphabetically,
- Sorted by license.
Page editor: Forrest Cook
Letters to the editor
Releasing old software into public domain.
| From: | David.Kastrup@t-online.de (David Kastrup) | |
| To: | letters@lwn.net | |
| Subject: | Releasing old software into public domain. | |
| Date: | 12 Sep 2002 13:05:57 +0200 | |
| Cc: | gnu@gnu.org, proski@gnu.org |
Pavel Roskin has suggested that
Reading recent discussions in the online media, it is clear that
many people have an issue with the copyright laws that make
copyrights remain in force for many decades.
I believe that the Free Software Foundation should release into
the public domain all the software currently under GPL, that is
at least 15 years old, and for which FSF is the sole copyright
holder.
GPL is a great license because it uses the copyright law to make
software free. However, 15 years should be enough for software to
enjoy copyright protection. Even when our goals are noble, we
should not be using the copyright law beyond the fair limit that
we would like it to have.
In my opinion, FSF could make a good point by releasing its old
software into the public domain. That would be an example for
other copyright holders, even those who produce non-free
software.
I find that this suggestion speaks of a complete misunderstanding of
the Free Software Foundation's aims as I perceive them. The Free
Software Foundation is all in favor of a legal system where the
copyright laws do not permit restricting the freedoms of software
users arbitrarily. Such a system does not exist. The GPL license is
used for effectively creating a pool of software which uses those
exact copyright laws for securing a sanctuary _effectively_ protected
from the bad sideeffects of said laws.
The difference to software released without similar restrictions is
that that is subject to unfair treatment: it can be used in
proprietary software products, whereas those proprietary products may
not in turn be used in the free products.
The FSF has chosen to release their software under a license which
does not merely ask for fair play, but requires it. Making software
available as free-for-all would be diluting their message. Apart from
that, authors having contributed to GNU software have received written
assurances that their contributions may not be used in proprietary
products. Even if the FSF was willing to make such a contraproductive
move, it would probably not be allowed to do so for legal reasons.
This is my personal view and reading of the matters and in no way
is a statement of opinion from the FSF itself.
--
David Kastrup, Kriemhildstr. 15, 44793 Bochum
Email: David.Kastrup@t-online.de
Page editor: Jonathan Corbet