LWN Weekly Edition
Leading itemsSecurity
Kernel development
Distributions
Development
Linux in Business
Linux in the news
Announcements
Letters to the editor
->Multipage format
This page
Previous weekFollowing week
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
LWN.net Weekly Edition For September 19, 2002Closed betas and the GPLCertain issues seem to come around over and over again. One of those, certainly, is that of closed beta tests of Linux distributions. Can a distributor run closed beta tests and still comply with the GPL? The straightforward answer is certainly "no." If you distribute GPL-licensed software to somebody else, you can not restrict their right to further distribute that software.That does not stop distributors from doing closed beta tests, however. Corel did it. Caldera (oops...SCO Group...) has done it. Lindows has done it. And UnitedLinux is doing it. The closed beta period ends on September 23, at which point the UnitedLinux beta, with source, will be available to all. In the mean time, however, one might wonder how the current closed beta is being kept closed. At the UnitedLinux press conference, FSF director Bradley Kuhn asked about the terms of the non-disclosure agreement that was signed by the beta testers. The UnitedLinux spokesperson evidently agreed to disclose those terms. To help them remember, Mr. Kuhn has sent out an open letter on behalf of the FSF asking them to follow through:
Even as you release your new product to the public, the past
situation must be clarified. Not only does the community deserve to
know, but I also believe it behooves you to put to rest and clarify
the legal ambiguities that arise naturally from doing a "closed
beta" of GPL'ed software.
It remains to be seen whether UnitedLinux violated the GPL, or whether it just picked a set of beta testers who, of their own will, chose not to distribute the UnitedLinux beta. Closed betas will always raise this sort of issue however. They are also unnecessary. There are distributors, with MandrakeSoft and the Debian Project at the top of the list, who do all of their development and beta testing work in the open. In return, they get a wider pool of testers, the assistance of the free software development community, and the knowledge that they will not be accused of GPL violations. Distributions, too, are free software development projects; they benefit from frequent, public releases. Is it really worth the trouble to keep a Linux distribution under wraps?
Integrating intellectual property rights and development policyThe London-based Commission on Intellectual Property Rights has issued its final report on intellectual property law and developing countries. There is much to be found there in favor of free software and freedom of access to information in general. With regard to DMCA-like legislation, the report recommends:
Where suppliers of digital information or software attempt to
restrict 'fair use' rights by contract provisions associated with
the distribution of digital material, the relevant contract
provision may be treated as void. Where the same restriction is
attempted through technological means, measures to defeat the
technological means of protection in such circumstances should not
be regarded as illegal.
Concerning software for use in government:
Developing countries and their donor partners should review
policies for procurement of computer software, with a view to
ensuring that options for using low-cost and/or open-source
software products are properly considered and their costs and
benefits carefully evaluated. Developing countries should ensure
that their national copyright laws permit the reverse engineering
of computer software programmes beyond the requirements for
inter-operability, consistent with the relevant IP treaties they
have joined.
The full report covers a much wider range of topics, such as drugs, traditional knowledge, agriculture, etc. Reading the whole thing is a substantial commitment of time, but worth the trouble for those who are interested in these topics. Those wanting a rather shorter experience can read The Economist's coverage of the report.
LWN status updateAfter a few quiet weeks, we actually have some news to report: we have finally been able to set up a new merchant account which will allow us to accept credit cards. Hopefully we'll have better luck with the new bank than with the old - which is still holding a portion of the donations from last July.What this means is that, finally, we will be able to go forward with our subscription offering, at which point we will truly find out if there is enough support out there to keep LWN going on a sustainable basis. There is still some frantic code-bashing to be done; if all goes well, we should be able to start taking subscriptions next week. Next week's LWN Weekly Edition will be free to all readers; thereafter it will be available to subscribers only for an initial period (which will probably be one week). On another front, our new mailing list mechanism is up and running. The first list is called "Notify;" it simply receives a message once a week when the new Weekly Edition is available. This list thus replaces our old lwn-notify list, which has been running since the beginning - almost five years ago. Other lists, mostly providing access to our content via email, will be available shortly (and mostly limited to subscribers). Mailing list subscriptions require a (free) LWN account, and can be controlled through the "MyAccount" link in the left column. Thanks, yet again, for your support through this interesting period.
Security That OpenSSL WormThis worm has been referred to by at least four different names: Apache/mod_ssl worm, linux.slapper.worm, bugtraq.c worm and Modap worm.On Friday September 13th the first reports appeared on Bugtraq of an active worm exploiting the OpenSSL buffer overflow vulnerability reported at the end of July. The next day CERT issued Advisory CA-2002-27 Apache/mod_ssl Worm.
Compromise by the Apache/mod_ssl worm indicates that a remote attacker
can execute arbitrary code as the apache user on the victim system. It
may be possible for an attacker to subsequently leverage a local
privilege escalation exploit in order to gain root access to the
victim system. Furthermore, the DDoS capabilities included in the
Apache/mod_ssl worm allow victim systems to be used as platforms to
attack other systems.
By Sunday September 15th, at 17:00 GMT, F-Secure Corporation reported 13,000 infected servers out of "over 1,000,000 active OpenSSL installations in the public web." Updates to fix the problem, including backports to earlier versions of OpenSSL, had been available for over a month from the OpenSSL project, Caldera, Conectiva, Debian, EnGarde, Eridani, Gentoo, Mandrake, OpenPKG, Red Hat, SuSE, Trustix and Yellow Dog. SecurityFocus has completed and released a full analysis (PDF format) of the worm in addition to their initial incident Alert (PDF format). F-Secure is maintaining a "Virus Description" of this worm with lots of interesting information. The first reports in the press appeared Friday, the day the worm was first seen, in CNET and Network World Fusion. The next day CNET put up another story with additional information. By Monday evening both the Register and TechWeb had published their reports on events to date. On Tuesday Network World Fusion reported that the worm has infected at least 30,000 Linux Apache Web servers. Also, see this other article from TechWeb on the worm:
According to Dan Ingevaldson, team lead of the X-Force R&D division at ISS, the first version may be a test to see how well the worm works before more deadlier versions surface. "Unlike Code Red and Nimda, where virus writers didn't have immediate access to the source code, the source code for this worm is already widely public," he says. "I'd expect new versions to start to surface."
RUS-CERT has made available a tool to remotely detect vulnerable servers. However, Eric Rescorla has observed behavior different from what that tool expects. In the unlikely event that you haven't already, applying the appropriate OpenSSL update might be a very good thing to do before reading any further.
Brief items Mozilla bug leaks Web surfing data (CNET)CNET has a short article about a little privacy bug in Mozilla's handling of referers. "The bug reveals the URL of the page someone is viewing to the Web server of the site last visited. This allows a Web server to track where people go after they leave the site, even if the next Web address comes from a bookmark or is manually typed into the browser." If you are using a Gecko-based browser, you can see the bug in action on this page.
September CRYPTO-GRAM newsletterBruce Schneier's CRYPTO-GRAM newsletter for September is out. It looks at possible new attack strategies for algorithms like AES, the Word97 vulnerability, and more. "We're seeing more and more of this: vulnerabilities in products that are no longer supported. When the SNMP vulnerabilities were published earlier this year, many products with the vulnerability were no longer supported. Some were made by companies no longer in business."
Security reports ht://Check cross-site scripting problemsUlf Harnhammar reports potential cross-site scripting problems in ht://Check version 1.1, and possibly earlier versions as well. "It doesn't remove HTML tags before displaying the crawled web servers' "Server:" headers and other information."
ht://Check is a link checker derived from ht://Dig. It can retrieve
information through HTTP/1.1 and store it in a MySQL database so
that after a "crawl", ht://Check can return broken links, anchors
not found, content-types, and HTTP status codes summaries. A PHP
interface lets the user to query and view the results directly via
the web
xbreaky symlink vulnerabilityMarco van Berkum reports a symlink vulnerability in the xbreaky breakout game for X. If xbreaky is installed as suid, the vulnerabilty can be abused by any user to overwrite any file on the filesystem. Distributions which include xbreaky may or may not install it suid root.
MIMEDefang version 2.21 scans fragmented mail messagesThe folks at Roaring Penguin Software have released, under the GPL, version 2.21 of MIMEDefang to deal with this Outlook Express based attack to bypass SMTP-based content filter engines.
MIMEDefang is a program for inspecting and modifying e-mail messages as they pass through your mail relay. MIMEDefang is written in Perl, and its filter actions are expressed in Perl, so it's highly flexible.
A patched version of MIME-Tools that addresses the problem is also avilable as well as version 1.2-F17 of Roaring Penguin's commercial CanIt anti-spam solution based on MIMEDefang 2.21.
(Proprietary product) Race conditions in BRU Workstation 17.0A race condition in TolisGroup's BRU Workstation 17.0 can be used to clobber any system file." According to this followup post, TolisGroup have responded with confirmation of an update for a race condition reported previously, and an estimated date for a new update for this one.
(Proprietary product) File disclosure vulnerability in DB4Web application serverStefan Bagdohn reports a file disclosure vulnerability in the DB4Web high-performance application server from Guardeonic Solutions AG. The DB4Web team has already provided an update which is available from here.
New vulnerabilities Local privilege escalation vulnerability in XFree86
Cross-site scripting vulnerability in Konqueror for KDE 3.0.3
Buffer overflow vulnerabilities in purity
Updated vulnerabilities Denial of service vulnerability in amavis
Heap corruption vulnerability in at
bind buffer overflow vulnerability in DNS resolver libraries
Input validation vulnerability in cacti
Potential unauthorized root access vulnerability in dietlibc
Ethereal 0.9.6 fixes potential remote code execution vulnerability
Ethereal buffer overflow, infinite loop and memory management vulnerabilities
Filename disclosure vulnerability in fam
GNU fileutils race condition
Buffer overflow vulnerability in the Jabber plug-in module for gaim
Potential remote root exploit in glibc
Buffer overflow in groff
HylaFAX 4.1.3 fixes multiple vulnerabilities
UW imapd remotely exploitable buffer overflow
KDE 3.0.3 fixes X.509 certificate check vulnerability
Kerberos 5 unauthorized root access to KDC host vulnerability
LPRng accepts jobs from any host.
Cross-site scripting vulnerability in mhonarc
PHP Remote Compromise/DOS Vulnerability
Mozilla XMLHttpRequest file disclosure vulnerability
String format bug in pam_ldap logging
OpenSSL remotely-exploitable buffer overflow vulnerabilities
Safemode vulnerability in PHP
Remotely exploitable vulnerability in pine
Buffer overflow vulnerabilities in PostgreSQL
PXE server denial of service vulnerability
Local arbitrary code execution vulnerability in Python
Sharutils potential privilege escalation using uudecode
Multiple vulnerabilities fixed in Squid-2.4.STABLE7
Tcl/Tk local root vulnerability
Malformed NFS packet buffer overflow vulnerability in tcpdump
Multiple vendor telnetd vulnerability
Multiple vulnerabilities in SNMP implementations
Local root vulnerability in chfn
webalizer: reverse DNS buffer overflow vulnerability
Webmin/Usermin vulnerabilities
Multiple vulnerabilities in wordtrans
Problems with libgtop_daemon
Wwwoffle remote privilege escalation vulnerability
xchat IC server based dns query vulnerability
Denial of service vulnerability in xinetd
Resources Linux Security Week and Advisory WatchThe September 16th Linux Security Week and September 13th Linux Advisory Watch newsletters from LinuxSecurity.com are available.
chkrootkit 0.37 is now availableKlaus Steding-Jessen announces the release of chkrootkit version 0.37. chkrootkit is a tool to locally check for signs of a rootkit.Well worth a look, especially if you arn't familiar with this useful tool.
Four final computer security guidelines availble from NISTThe US National Institute of Standards and Technology (NIST) announces the final publication of four computer security guidelines available from here.The four NIST Special Publications are:
Choosing passwords: random, mnemonic phrases and moreFolks at the Cambridge University Computer Laboratory have done a good study on different password selection approaches which is summarized in two papers:
Crispin Cowan also has some interesting comments on the conclutions reached by the study.
Events Final Speakers Announced for HiverCon 2002HiverCon 2002 is scheduled for November 26th and 27th, 2002 in Dublin Ireland.
In total ten speakers have been announced as confirmed to speak
at HiverCon 2002. The industry recognized names will be presenting
papers on a myriad of information security topics, introducing new
tools and research, as well as discussing newly highlighted security
problems and solutions.
Upcoming Security Events
For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net.
Page editor: Dennis Tenney Kernel development Brief items Kernel release statusThe current development kernel is 2.5.36, which was released by Linus on September 17. The big news was, of course, is the merge of the XFS journaling filesystem. There's also the x86 "huge page" patch, an IEEE-1394 ("Firewire") update, a big USB update (converting the code to the new driver model scheme), an IDE update, and various other fixes. See the long-format changelog for the details.Linus has had a busy week; 2.5.35 was released on September 15. This (large) patch included, among other things, the merge of User-mode Linux, a large IDE update, various memory management improvements, more threading improvements, a bunch of NFS server patches and PPC64 and SPARC updates. Again, the long-format changelog has the details. Linus's BitKeeper tree, which will become 2.5.37, has some block I/O work, some RPC fixes, a bit of memory management work, and Linus's simple solution to the get_pid() problem (see below). The current 2.5 Status Summary from Guillaume Boissere is dated September 17. The current stable kernel is 2.4.19; Marcelo released 2.4.20-pre7 on September 12. Big MIPS and IA-64 updates make up the bulk of the patch this time around, along with a relatively small set of other fixes. Alan Cox's current prepatch is 2.4.20-pre7-ac2. The IDE work continues; this patch also contains a number of other, unrelated fixes. The current ancient kernel is 2.2.22, which was released by Alan Cox on September 16. It contains a few security fixes, so people still running 2.2 will probably want to have a look at this update.
Kernel development news A new way to sleep?A quick look through the kernel source will turn up no end of examples of code like:
while (some_condition)
interruptible_sleep_on(some_queue);
The idea, of course, is to put the process asleep until something of interest has happened. The problem with this kind of code is that if the condition changes (and the wakeup happens) between the two lines of code above, the process will miss the wakeup and could sleep for far longer than intended. Because of this inherent race condition, the elimination of sleep_on() and its variants has been on the kernel hackers' todo list for some time. There is a macro (wait_event) which can be used to sleep safely, but most code which includes race-free sleeps does so manually with the following approximate steps:
This sequence works because a wakeup will reset the task state to TASK_RUNNING; this "shorts out" the sleep should the process test its condition at the wrong time and call the scheduler after the wakeup has happened. In many places, the above steps are complicated by the need to release locks or other resources before invoking the scheduler. The result is a lot of duplicated (and error-prone) code throughout the kernel - and this is the "safe" way of doing things. As part of his 2.5.35-mm1 patch, Andrew Morton has included a new interface designed to simplify the coding of safe sleeps. Code using the new API looks like:
DECLARE_WAIT(queueentry);
prepare_to_wait(&wait_queue, &queue_entry, TASK_INTERRUPTIBLE);
if (condition_not_met)
schedule ()
finish_wait(&wait_queue, &queue_entry);
The actual series of events that occur has not really changed; things have just been packaged inside the new prepare_to_wait() and finish_wait functions. The result, though, is code which is cleaner and more likely to be correct. Now it's just a matter of those hundreds of sleep_on calls still in the 2.5 kernel source...
Solving the process ID allocation problemIngo Molnar, in his project to give Linux "world-class threading support," has set his sights on another Linux performance problem: the allocation of process ID (PID) numbers for new processes. This does not seem like it should be a difficult problem, but the current kernel get_pid() shows quadratic behavior when the number of processes gets large. Essentially, the algorithm looks like this:
for each possible PID
for each task in the system
if task_pid == pid
keep_trying
The above is an oversimplification, since the get_pid() code tries to find a range of usable PIDs, not just one. Look here for the real get_pid() implementation. The point is that, with very large numbers of processes (i.e. on the order of 100,000), process ID allocation can lock up the system for long periods of time. Ingo's solution starts with some work done by William Lee Irwin. William's "idtag" infrastructure adds hash tables for managing things with numeric ID tags; it is used in this patch to manage PID-related things like process groups and session IDs. The idtags help to eliminate many iterations over the whole process space done in the kernel, but do not solve the PID allocation problem. Ingo handles PID allocation through a new allocator that he wrote from scratch. This allocator maintains an array of pages (allocated as needed) which are used as PID bitmaps; allocating a new PID becomes a matter of finding a page with a free PID available, then finding and clearing the first set bit. It all happens with no locking required. Ingo claims:
Ie. even in the most hopeless situation, if there are 999,999 PIDs
allocated already, it takes less than 10 usecs to find and allocate
the remaining one PID. The common fastpath is a couple of
instructions only.
So it's fast - though a few extra features have been requested. But this patch has stirred up a bit of a debate. Rather than put in a complicated new PID allocator, it is asked, why not just make the maximum PID be very large? Then, in theory, the quadratic part of get_pid() will never run so the performance problems go away, and the code stays simpler. Linus prefers this approach, as do a number of other developers; he has put a simple patch along these lines into his pre-2.5.37 BitKeeper tree. Ingo disagrees, pointing out that any reasonable maximum PID size can be exceeded eventually. He would rather fix the problem than try to hid it behind a large process ID space. In the absence of real-world examples that show people being bitten by get_pid()'s behavior in a larger PID space, though, Linus appears unlikely to accept any more complicated fix.
Asynchronous I/O moves forwardThere has been little (visible) progress with the asynchronous I/O code since the AIO core was merged into the 2.5.32 kernel. AIO author Ben LaHaise has not been idle, however. Slowly the other pieces of the AIO package are beginning to show up for the 2.5 tree.One piece is this patch which adds "synchronous IOCBs" to the mix. One might wonder why an asynchronous I/O infrastructure needs I/O control blocks which have a synchronous option. The answer is that the synchronous IOCB is needed to achieve the goal of making most or all low-level I/O operations in the kernel be asynchronous. Once the I/O primitives expect an IOCB, and they work in an asynchronous mode, it is easy to layer the older, synchronous versions on top through the use of a synchronous IOCB. For now, synchronous IOCBs are only used in the generic_file_read() function. The next step, perhaps, is this patch from Badari Pulavarty; which reworks the direct I/O (DIO) infrastructure. The DIO code handles direct operations on block devices - such as when a "raw" device is used, or when a file is opened with the O_DIRECT option. The DIO operations, with this patch, are all asynchronous, with synchronous IOCBs used when synchronous behavior is required. With this change, the task of making the block I/O subsystem be asynchronous internally is nearly complete. Other subsystems (i.e. char devices, networking) remain to be converted over to the AIO scheme, however.
The Linux TPC results and kernel changesHP has recently been trumpeting its results running the TPC-C benchmark with Oracle on Linux. Slightly better performance than that achieved with Windows is claimed. What may be more interesting is this note posted to the linux-kernel list on what HP did to its kernel to achieve those results. The kernel that ran the benchmark had a few patches:
The benchmark also made extensive use of high memory (16GB worth), direct I/O, and a number of other recent kernel features.
Patches and updates Kernel trees
Build system
Core kernel code
Development tools
Device drivers
Filesystems and block I/O
Memory management
Networking
Architecture-specific
Security-related
Benchmarks and bugs
Miscellaneous
Page editor: Jonathan Corbet Distributions News and Editorials Distributors and application configurationThe competing Linux desktop projects have been a favorite source of flamewars for years. Criticism of Red Hat, the largest Linux distributor has also been good for large amounts of inflammatory content. So it's not surprising that those who like to argue have gotten even more mileage than usual out of the combination of the two topics.The problem? Red Hat, it seems, has gone out of its way to configure the GNOME and KDE environments in its "null" beta to look (and act) alike. Red Hat's reasoning is fairly straightforward: they want to improve their desktop by minimizing incompatibilities and making use of the best of what each desktop environment has to offer. Critics complain that features have been configured out, the default behavior of the desktop has been changed, and that desktop "branding" suffers as a result of the configuration changes and mixing of applications. The problem with these complaints, of course, is that both projects have released their desktops as free software. Red Hat may have applied a heavy hand with some of its changes, but the software involved was released under a license which allows far worse. When you make software free, you explicitly give up a great deal of control over what others can do with that software. Microsoft is able to dictate the appearance of its desktop to resellers; GNOME and KDE have given up that power. The fact that the software is free means that any distributor can make whatever changes it wants in order to provide (what it sees as) the best desktop for its customers. Red Hat's exercise of this right is a good thing, even if the resulting desktop is a mess. If enough distributors put effort into improving the desktop they ship, the quality of Linux desktops as a whole can only improve. Any good ideas from Red Hat's work should spread; the rest can be ignored. Red Hat is functioning as part of the development process for both desktops. And, in general, it is the right and responsibility of Linux distributors to make the changes they see fit (within the licensing requirements) to improve their products. The diversity of distributions is one of the great strengths of Linux. Why would we want to change that?
Distribution News Debian Project updatesDebian Project Leader Bdale Garbee has sent out his first Bits from the DPL posting since May; it is mostly concerned with his extensive travels over the summer. The posting skips over some minor events that happened while Bdale was out of town, like the Woody release. So Anthony Towns has sent out a Bits from the RM message to fill in the gap; have a look for "some of the reasons sarge is going to blow you away."And, as if that weren't enough, Martin Schulze has sent out Bits from the SRM describing where he is going with the Woody release. "The regulations for stable are quite conservative."
Mandrake Linux Community NewsletterThe Mandrake Linux Community Newsletter for September 12 is available. It looks at the second Mandrake Linux 9.0 release candidate, the availability of Mandrake-based systems at Walmart, the business case of the week, and more.
The YaST2 Package ManagerOne of the most anticipated new features in the upcoming SuSE 8.1 release would appear to be the YaST2 package manager. YaST2 is a completely rewritten interface to the (as always, RPM-based) package management system with a number of new features. The interface itself, as seen in the screen shots looks nice. The folks at SuSE seem to have put some serious thought into making package management easier.One new capability is "taboo packages," the ability to block certain packages from ever being installed on a system. If a user wants, for example, to keep that other desktop (for whatever definition of "other") off of a system, making it taboo will keep it from ever being installed. Without this capability, it is easy to find that library packages slip in via dependencies even if they had been originally excluded. Dependency handling in general appears (from the screenshots) to have received a fair amount of thought. Dependency problems can turn system management into an unpleasant task, especially when complicated conflict scenarios arise. YaST2 appears to have the ability to display conflict problems and to allow users to resolve them as they best see fit - including that all important "I know what I'm doing, just do it" option. YaST2 has not been made available separately, so it will be necessary to wait for the 8.1 distribution to try it out. That release looks on track to happen before the end of September in Europe; those of us on the western side of the Atlantic will likely have to wait a little longer.
New Distributions Warewulf 1.0 releasedWarewulf 1.0 has been released. "Warewulf is a unique Linux distribution for cluster nodes. It facilitates a central administration model for all nodes (residing on the master) and includes tools needed to build configuration files, monitor, and control the nodes."
Minor distribution updates CRUX 0.9.4CRUX 0.9.4 has been released. This release transitions the distribution to gcc 3.2; see the changelog for the full list of updated packages.
Gentoo Linux 1.4 RC 1The first release candidate for Gentoo Linux 1.4 has been announced. "The Gentoo Linux 1.4 release candidate 1 is gcc 3.2-based, supporting optimizations for Pentium III, Pentium 4, Athlon (Classic through XP,) K6 (Classic through K6-3,) PowerPC G3 and PowerPC G4 with AltiVec. Also included is a new 2.4.19-based high-peformance kernel with IBM EVMS (enterprise volume management) support, countless enhancements to Portage and a new "live" bootable CD that boots directly into a runtime version of Gentoo Linux 1.4_rc1."
Probatus Spectra Linux 1.2 releasedProbatus Technologies has announced the release of version 1.2 of its "Probatus Spectra" distribution. Features of this distribution include "uDevix" and "uOffix" ("selected state-of-the-art commercial packages") and "uDoctrix," "a fully indexed knowledge base of essential Linux documentation in a transparently compressed CD-ROM format."
Distribution reviews Xandros Beta 3 Preview (OSnews)OSnews reviews the third Xandros beta. "Installation Procedure This is a desktop OS, meant to be used by both Windows individual users and Windows-based corporations. The hard core geek Linux user is not what Xandros is aiming for. What I have seen so far from this beta 3b, is that this is meant to be an industrial design, carefully crafted towards people who would want to upgrade from Windows98/ME to Linux. Comparing this distro to Lycoris Build-50 beta or the latest Red Hat Null beta, well, it does not look as sexy or good-looking."
Page editor: Jonathan Corbet Development System Applications Audio Projects Libsndfile version 1.0.1Version 1.0.1 of Libsndfile, a library for reading and writing different audio formats, has been released. "The main new feature in this release is the ability to read and write a subset of the binary files used in GNU Octave as well as a couple of Octave script files for loading, saving and playing these files from within Octave. Details of using libsndfile with Octave can be found here." Thanks to Erik de Castro Lopo.
Mail Software spasm 0.26 releasedVersion 0.26 of the spasm anti-spam milter has been released. "Changes include a couple bugfixes, a change in the HELO filter, a new curses-based application for modifying settings (replacing spasmbl and spasmwl), and a contrib directory with a skeletal CGI and friends to demonstrate a web interface for modifying spasm settings."
SpamShield: A Perl-Based Spam Filter for sendmail (O'Reilly)Glenn Graham introduces SpamShield on O'Reilly. "The science of spam (if you can call it that) has taught us one thing: spam leaves a definite "calling card" in the system logs. This calling card is generally repetitive enough that the process of tracking spam may be automated. Based on this theory, a brilliant programmer by the name of Kai Schlichting wrote a Perl-based program called SpamShield."
Stamp out spam with SpamAssassin (IBM developerWorks)Brian Goetz explains how to use SpamAssassin on IBM's DeveloperWorks. "This article takes a look at the evolution of the spam cycle (for as Sun Tzu and every general who ever came after him said, "Know thine enemy and victory will be forthcoming"). It also takes a look at SpamAssassin, the latest in a long and venerable line of weapons in the fight against spam, as well as a look ahead."
Science GRASS 5.0.0 releasedThe release of version 5.0.0 of the GRASS geographical information system has been announced. "This new version is the first major change in GRASS functionality since GRASS 4 was released several years ago. Notable improvements include support for floating point and null values. Users can opt to use a new windowing interface based on Tcl/Tk on those platforms supporting X Window."
Web Site Development Midgard 1.4.3 for Debian stableMidgard 1.4.3 is now available for Debian Stable and Unstable distributions.
Mod_Python donated to the Apache Software FoundationThe code for Mod_Python has been donated to the Apache Software Foundation. Click below for the full announcement.
Zope Members NewsThis week's entries on the Zope Members News include CMF/Plone training in Europe, TextIndexNG 1.05 Beta 1, and Plone 1.0 beta.
Server clinic: PDF for the server (IBM developerWorks)Cameron Laird writes about server-side PDF file generation on IBM's developerWorks. "PDF is the recognized standard for several categories of top-quality displayable output. While most programmers regard it as a "desktop" technology, a format that a content specialist chooses through a SaveAs operation, you can make your document management processes more powerful through server-side automation of PDF creation. This month, Cameron introduces the ReportLab library for PDF management and programming."
Desktop Applications Audio Applications AlsaPlayer 0.99.72 released.Version 0.99.72 of the AlsaPlayer audio file playing utility has been released. This version features bug fixes and preparatory code for the switch to glib 2.0.
Desktop Environments GNOME 2.0.2 Desktop and Developer Platform Released!GNOME 2.0.2 has been released. "The GNOME 2.0.x Desktop and Developer Platform releases are devoted to bugfixes, translations, user interface consistency, and general polish of our major 2.0 release. In GNOME 2.0.2, you'll see the results of continued performance and stability work, plus plenty of bug fixes..."
GNOME Summary for 2002-08-12 - 2002-08-16The GNOME Summary for September 12th through September 16th is now available, covering GNOME 2.0.2, AbiWord, Red Hat 8 (and their GNOME alterations), and more.
KDE Switches To BugzillaKDE.News reports on KDE's switch to the Bugzilla bug tracking system. "Unlike the old system, Bugzilla is based on MySQL and thus enables advanced search functions and offers many other features such as email notification and voting."
Graphics Gimp_print 4.2.2 releasedVersion 4.2.2 of Gimp-Print has been released. A number of bugs have been fixed for the Epson Stylus printers. This is a stable release for The Gimp version 1.2.
GUI Packages XFree86 4.2.1 release availableVersion 4.2.1 of the XFree86 window system has been announced. Version "4.2.1 is a minor revision of the full 4.2.0 release which must be installed first. This release is a security patch which fixes a security vulnerabilty and is strongly recommended to be applied."
PerlQt 3.002 with RAD support released.KDE.News covers the first public release of PerlQt 3, a full-featured object-oriented Perl interface to the Qt3 toolkit. "Key features include support for nearly all Qt classes through SMOKE, a language-neutral binding library brought to you by Ashley Winters and David Faure (and Richard Dale's kalyptus), unlimited slots and signals, virtual function overloading, and Rapid Application Development (RAD) through puic, a Qt Designer compatible user interface compiler. Here is a screenshot of some PerlQt applications. There is also a tutorial available to help you get started. Enjoy!"
Interoperability Roadmap for Samba 3.0 PublishedThe Roadmap to Samba 3.0 has been published. Check it out to see the progress that is being made toward the release of Samba 3.0.
Kernel Cousin WineIssue #135 of Kernel Cousin Wine is out. Threads include Patch Submission Tips, Direct3D 8 Support, Wine DLLs under Visual C, Menu Handling Problems, and a New Header: winternl.h.
Office Applications AbiWord Weekly News #109 (2002, week 37) releasedThe AbiWord Weekly News #109 is now available.
Kernel Cousin GNUeIssue #46 of Kernel Cousin GNUe is out with the latest GNU enterprise development news.
Web Browsers Galeon 1.2.6 released!The latest Galeon is available. "The binary packages there are against mozilla 1.1, but you can recompile against any 1.0 or greater version of galeon and it will build - with one caveat..."
Mozilla 1.2 Alpha ReleasedMozilla.org has an announcement for the 1.2 Alpha release of Mozilla. "This release has better keyboard navigation including Type Ahead Find which lets you quickly navigate to links, and browse the web without a mouse." See the release notes for all of the details.
MozillaZineThe latest articles on MozillaZine include an Overview of Mozilla-based Browsers, a Mozilla Privacy Bug, Mozilla Calendar 0.8, and Mozilla 1.2 Alpha.
Languages and Tools Objective C Objective-C: the More Flexible C++ (Linux Journal)Linux Journal has an introduction to "Objective-C for programmers familiar with C++ or any other OOP language.
Caml The Caml HumpThe latest additions to The Caml Hump include Unlambda, Various functional interpreters, Galax, OCamlSpread, Link, C-, PLAN, and the Oxford Oberon-2 Compiler.
Java JSTL 1.0: What JSP Applications Need, Part 2 (O'Reilly)Hans Bergsten covers JSTL 1.0 in part 2 of a series on O'Reilly. "Part 1 of this series gave you an overview of JSTL -- the new specification of commonly-needed JSP tag libraries -- and showed you how to use the core JSTL actions. In this article, I'll dig a bit deeper and discuss how JSTL can help you with internationalization and database access. The bulk of the article does not require any Java programming knowledge, but the sections that deal with how servlets and other Java classes interact with the JSTL actions do."
JFC Swing: The SpringLayout Class (O'Reilly)Marc Loy explains the SpringLayout manager on O'Reilly. "With SDK 1.4, a new -- but not really new -- layout manager was added. The SpringLayout manager uses the notion of springs and struts to keep everything in place."
Custom SSL for advanced JSSE developers (IBM developerWorks)Ian Parkinson writes about JSSE on IBM's developerWorks. "JSSE brings secure communications to Java applications, by using SSL to encrypt and protect data as it travels across a network. In this advanced look at the technology, Java middleware developer Ian Parkinson delves into the lesser-known aspects of the JSSE API, showing you how to program your way around some of the restrictions of SSL. Learn how to dynamically select the KeyStore and TrustStore, relax JSSE's password-matching requirements, and build your own customized KeyManager implementation."
Lisp GNU CLISP 2.30 releasedVersion 2.30 of GNU CLISP has been released. "This version includes several new features such as a new module for interfacing to the Oracle ODBMS, improved file name and pathname management, improved output of some debugging/introspection tools, new socket functions and functionality, more POSIX functions, UCS-4 character strings, and additional options for image dumping."
Perl This Week on perl5-porters (use Perl)The September 9-15, 2002 edition of This Week on perl5-porters is out. Topics include printf format documentation, Data::Dumper and tied objects, -DLEAKTEST problems, Testing for magic, Syntax incompatibility with the // operator, and more.
Retire your debugger, log smartly with Log::Log4perl! (O'Reilly)Michael Schilli explains the Log::Log4perl Perl logging package on O'Reilly. "You've rolled out an application and it produces mysterious, sporadic errors? That's pretty common, even if fairly well-tested applications are exposed to real-world data. How can you track down when and where exactly your problem occurs? What kind of user data is it caused by? A debugger won't help you there. And you don't want to keep track of only bad cases. It's helpful to log all types of meaningful incidents while your system is running in production, in order to extract statistical data from your logs later."
PHP PHP Weekly SummaryIssue #103 of the PHP Weekly Summary is out. The content summary includes: "License location, type1 fonts with GD, PCRE update, COM extension still broken, NET-SNMP support, strto[upper|lower] and UTF-8PHP scripts as .INI files, ext/ecasound, ext/xmms".
Pear Weekly NewsThe September 15, 2002 edition of the Pear Weekly News is out. "While the mailing list was slightly quieter, if only because everybody was busy packaging and releasing. This week saw 6 stable, 2 beta and 1 development release, MDB's first stable release, Some discussions on how to use PEAR if you are in a hosted enviroment and some exciting new packages proposed like Christian Stocker Webdav Server Class."
Python The Daily Python-URLTopics on this week's Daily Python-URL include Automatic Run-time Interface Building for Aggregated Objects, Thinking in Tkinter, Pyepix, pymqi, SemanText 0.72.1, and more.
Ruby The Ruby Weekly NewsThis week, the Ruby Weekly News looks at RubyInline 1.0.4, RubyCocoa 0.3.0, RubyAEOSA 0.2.1, DbTalk 0.7, Programming Ruby translated to Norwegian, Multi-methods and overloading, and an explanation of the various open-source licenses.
Tcl/Tk This week's Tcl-URLDr. Dobb's Tcl-URL for September 17 is out, with the latest from the Tcl/Tk development community.
XML What Are Topic Maps? (O'Reilly)Lars Marius Garshol introduces topic maps for organizing XML encoded information. "When XML is introduced into an organization it is usually used for one of two purposes: either to structure the organization's documents or to make that organization's applications talk to other applications. These are both useful ways of using XML, but they will not help anyone find the information they are looking for. What changes with the introduction of XML is that the document processes become more controllable and can be automated to a greater degree than before, while applications can now communicate internally and externally. But the big picture, something that collects the key concepts in the organization's information and ties it all together, is nowhere to be found. This is where topic maps come in."
Simple Text Wrapping (O'Reilly)Antoine Quint writes about text under SVG 1.0 on O'Reilly. "SVG 1.0 includes support for manipulating and representing text. There's an entire chapter devoted to text in the specification. Text in SVG is real text; to write Hello World! in an SVG document, you have to write something like
Adventures in high-performance XML persistence, Part 2 (IBM developerWorks)Cameron Laird continues his series on speeding up the parsing of XML. "XML-oriented applications vary enormously in performance. This article, the second in a series on XML persistence, presents basic information you should know about XML parsing, including several principles for measuring XML parsing performance that are important for any XML developer who wants more speed."
Miscellaneous omniORB 4.0.0 and omniORBpy 2.0 release candidatesRelease candidates for the omniORB 4.0.0 and omniORBpy 2.0 CORBA ORBs for C++ and Python are available. The omniORB project has also been moved from AT&T Laboratories Cambridge to SourceForge.
The Perl Review Suckatude IndexThe Perl Review has published its Suckatude Index, a graphical comparison of how various languages "Rock" or "Suck". The index is guaranteed to offend Visual Basic, C++, and Java proponents.
Identity Crisis (O'Reilly)Kendall Grant Clark studies the W3C's "Architectural Principles of the World Wide Web" document on O'Reilly. "In the APW's view, the Web is a "universe of resources". So far, so good. But what is a resource? The APW adopts the definition of resource from RFC 2396, a definition which has always made me uneasy, though probably because I'm still more inclined to think of these things like a philosopher than like a programmer or software system architect."
Page editor: Forrest Cook Linux in Business Business News AMD Appoints Marty Seyer [former Penguin Computing CEO] to Vice President of Server BusinessAMD has hired the former CEO of Penguin Computing, Marty Seyer. He "will be responsible for AMD's server business, including marketing, strategy, business planning, product planning and associated operations."
Egenera upgrades top-end Linux servers (News.com)News.com reports on Egenera's upgraded blade servers, which use the new 2.6 and 2.8 Ghz Intel Xeon processors.
Intel dreams of the networked home (ZDNet)According to ZDNet, Intel is working on a Linux-based "digital media adapter" as part of its wireless PC initiative. The device will allow audio and video components to be networked with computers. "The first generation of the Intel gadget will let people view and play PC-stored image and audio files on a television or stereo receiver, said Vogel. A subsequent generation will also permit the transfer of video. By offering video and photo capabilities, the Intel adapter serves up more bang for the buck than current devices, which mainly store and play music."
Earthlink to provide net access to LindowsOS usersLindows.com and Earthlink have formed a partnership to place an Earthlink icon on default LindowsOS desktops, providing internet access to users of the Linux distribution.
LinOra Corporation Switches From Microsoft Windows to Linux Desktops Using Ximian EvolutionHere is a "Linux at Work" press release from Ximian, announcing that a company called LinOra has switched all their Windows computers over to Linux. "While most of the pieces we needed to make the switch were available, we were missing a high-quality email and personal information management application to replace Microsoft Outlook. With its familiar interface and robust feature set, Evolution became the foundation product that enabled our entire company's changeover to Linux."
Macrovision and Broadcom do DRM on LinuxHere's a press release from Macrovision and Broadcom on how they are producing a digital rights management platform - on a Linux-based set-top box. "The Broadcom DRM Tool Kit consists of a suite of silicon solutions and software drivers that provide end-to-end security and rights management of digital content in home networking and entertainment applications. Included in the suite of services are decryption and encryption engines, authentication services, tamper detection services, and digital recording management services." While much of this work can probably remain proprietary legally, they will have to release their kernel changes; it will be interesting to see how forthcoming they are with that code.
Oracle on Linux edges SQL Server in benchmark (Register)The Register reports on the results of a recent Oracle benchmark, where Linux was 14 percent faster than Microsoft SQL Server. "The results come from running Oracle9i Database Release 2 with Real Application Clusters on Linux against Microsoft SQL Server 2000 on a 32-processor cluster configuration, with identical processors and the same amount of memory per CPU."
Red Hat, IBM expand Linux deal (CNET)Red Hat will be bringing its Advanced Server to all four of IBM's server lines, and IBM's Global Services division will provide support for Red Hat's software. "The two companies will jointly market each others' products and tune them to work well together."
Red Hat announces quarterly resultsRed Hat has put out a press release on its second quarter results. The "pro-forma" results are a $471,000 loss; with GAAP accounting the number grows to $1.7 million. Underneath all that, however, was a positive cash flow of $2 million; the company now has $288 million in the bank.
SGI Shatters World Performance Record (Press Release)In a press release last week, SGI trumpeted that it has "attained linear scalability on a 64-processor Itanium 2-based system and world-record results among microprocessor-based systems on the STREAM Triad benchmark, which tests memory bandwidth performance."
Sun Microsystems Introduces New Open Desktop ClientSun has announced its new Linux distribution, targetted at desktops. "The new solution brings together off-the-shelf hardware, open-source software and Sun's own industry-leading intellectual property. These include low-cost desktop systems hardware and several open source software efforts, namely Linux, Mozilla, OpenOffice, Evolution and GNOME. This gives desktop users a familiar desktop environment and the ability to interoperate with Microsoft Office documents, presentations and spreadsheet formats. In addition, with Evolution, the user is provided with a Microsoft Outlook-like client which interoperates with Microsoft Exchange while Sun also provides the fully supported StarOffice, the world's most popular open office productivity suite."
Sun Microsystems Laboratories gives elliptic curve cryptography to OpenSSLA press release from Sun Microsystems announces their recent contributions to the OpenSSL project. "Sun has contributed an Elliptic Curve cryptography code implementation to the OpenSSL (Secure Socket Layer) project. Elliptic Curve cryptography is an emerging public-key cryptosystem which provides the same degree of security as those used in SSL today with approximately one-eighth the key size. This makes the technology especially useful for mobile devices and other small devices that are limited in the power, CPU performance, memory, or bandwidth."
LOCKSS Digital Archiving SystemSun Microsystems has issued a press release, announcing the LOCKSS ("Lots Of Copies Keep Stuff Safe") Program. "The LOCKSS program is a joint undertaking of Sun Microsystems Laboratories and Stanford University Libraries to develop a secure, reliable system which safeguards and preserves access to digital publications. The LOCKSS system is designed to make it feasible and affordable, even for smaller libraries, to preserve access to the e-journals to which they subscribe, and safeguard their community's access to them." Fourty nine libraries will be using the system, it will be run on Linux systems.
SuSE Linux 8.1 Available on October 7Here's a press release from SuSE stating that version 8.1 of the SuSE Linux distribution will be available on October 7. It appears that the PR is talking about U.S. availability; it may be released a little sooner in Europe. There is a lot of new stuff in this release; click the link below for the details.
Press Releases Open Source Announcements
Distributions and Bundled Products
Software for Linux
Products and Services Using Linux
Hardware with Linux support
Linux at Work
Java Products
Trade Shows and Conferences
Partnerships
Investments and Acquisitions
Financial Results
Personnel and New Offices
Miscellaneous
Page editor: Forrest Cook Linux in the news Recommended Reading Assessing the risks of open source (ZDNet and META Group)ZDNet has published a lengthy article, provided by META Group, on the risks of Open Source, especially as it concerns organizations who are using Java in their enterprise. "By 2003, the use of open-source software will become a standard part of all organizations utilizing Java, with a high number already using the Apache Web server (60 percent of active sites) and a significant group using open-source Java servers (14 percent)."
The Toshiba Standoff (Linux Journal)Adam Kosmin writes about the troubles he had trying to purchase a Toshiba laptop without paying for Microsoft Windows. "Eventually, I was told that I could not purchase the hardware without a copy of Microsoft's OS pre-installed and this stipulation was not open to negotiation. At this point, I realized that on some level my rights as a consumer were being violated."
RMS: why open source needs Free Software's ideals (Register)In response to an article written by SecurityFocus Online's Jon Lasser, The Register has posted an open letter from Richard Stallman, which contains at least one rebuttal, followed by a brief history lesson on Free Software.
Companies HP, Red Hat team on Linux workstation (News.com)News.com reports on HP's new Itanium 2 based systems, which run a version of Red Hat Linux. "Red Hat had planned to release its Advanced Workstation product in the first half of 2003, but accelerated the schedule as part of an expanded alliance, said Mike Evans, vice president of business development at Red Hat. The alliance shows what companies can--and often will--do to push mainstream acceptance for new technologies."
IBM retooling Linux for new servers (News.com)News.com reports on IBM's efforts to bring Linux to its line of servers. "IBM will complete the next step in its embrace of the Linux operating system by early 2003 as the company improves how Linux runs on its pSeries servers. Big Blue currently supports Linux, a clone of the Unix operating system, on its xSeries Intel servers, its iSeries mid-range servers, its zSeries mainframes, and its pSeries servers that typically run IBM's AIX version of Unix. Right now, pSeries servers require AIX, but future models will run with just Linux."
Red Hat, IBM push Advanced Server on eServers (Register)The Register covers the recent collaboration between IBM and Red Hat. "Yesterday's deal seems to indicate that Red Hat is getting more enthusiastic about the eServer line from IBM, and the reason is probably that IBM is ponying up the cash to have Red Hat create the ports of Linux Advanced Server for the zSeries, pSeries, and iSeries machines. Neither IBM nor Red Hat disclosed any financial terms of the latest deal, which only covers Advanced Server as it runs on the eServer line."
It's good news and bad on Red Hat earnings (Nando)The Raleigh-based News and Observer has published a nice roundup of Red Hat's business lately, specifically addressing the success of the Advanced Server product. "The 8,000 units of Red Hat Advanced Server sold during the quarter exceeded internal forecasts..."
Red Hat nullifies KDE, Gnome (Register)The Register analyzes Red Hat's attempts to deal with the competing KDE and GNOME desktop environments. "Taylor doesn't beat about the bush. Providing two desktops with different brands and behavior is confusing and costs Red Hat an unnecessary amount of money, he writes. In the latest beta of RedHat Linux, the distro has replaced the KDE and Gnome branding with its own in-house look and feel."
In suspense over Sun's upcoming desktop Linux boxes (Linux Journal)The Linux Journal looks forward to Sun's upcoming Linux desktop announcements. "But there is a serious prevailing ethic here, and it's one where Sun may be ahead of the curve, and that's cost-cutting. The post-Enron world is all about severely bottom-line-oriented management and accounting practices, and it's a matter of time before IT honchos give Linux a second (more likely tenth or hundredth) look, and finally start making the obvious choices. But will they go for name-brand boxes?"
Sun expands StarOffice giveaway (News.com)News.com reports that Sun will be giving away copies of StarOffice to educational institutions. "Sun Microsystems will give away its StarOffice software to ministries of education in Europe and Africa, the company is expected to announce Tuesday, in an effort to undermine rival Microsoft. "Sun is committed to giving the global education community access to the StarOffice productivity suite at no cost," Kim Jones, vice president of global education and research, said in a statement. "
Business Open Source .NET supports Office challenge (Register)The Register reports on KDE's support for project Mono. "KDE developers are working [on] two Mono-based projects. The first is a Mono-based script interface to KDE with planned bindings to Qt. These will allow different languages to be used when building KDE applications. A sub-project is also underway for a plug-in interface to Kate, the KDE advanced text editor. The project would enable developers to write Kate plug-ins, such as a browser, in Qt or a version of Microsoft's C Sharp written for in Mono for KDE called QtC Sharp."
Interviews Microsoft: All XML, all the time (News.com)News.com interviews Microsoft's Jim Allchin, the topic of Linux came up:
"Q:What's your current assessment of Linux? Last time we spoke you said you were concerned. Any change?
Q:Can you be more specific, beyond it being a challenge? What will Microsoft do? You have China and Latin America embracing Linux quite openly.
Resources Embedded Linux NewsletterThe Linux Devices Embedded Linux Newsletter for Sept. 12, 2002 is out, with the latest embedded Linux news.
Running MS Office under Linux (Linux Journal)Linux Journal shows how to use CrossOver Office with Linux. "For many, making the move to Linux is an easy step. Based on the facts that Linux is fast, stable and of course, free, it's not difficult to see why so many folks are making the move away from the world of Windows. As Linux desktop converts, we do need to accept some limitations, at least in the office applications category. While there are very good open-source office applications and even full office suites, none of them are a complete replacement for, or are fully compatible with, Microsoft's office suite."
Reviews Does StarOffice shine for the enterprise? (ZDNet)ZDNet reviews Star Office: "Although competition is welcomed, we believe corporate buyers will not find StarOffice to be a viable option and it will not have an impact on Microsoft Office's dominant position."
Miscellaneous UnitedLinux readies first public showing (ZDNet)ZDNet covers the upcoming first public release of the UnitedLinux distribution. "The software is tailored for the enterprise, and as such its main competition will be Red Hat's Advanced Server; both are designed to downplay Linux's traditional do-it-yourself flexibility in favor of rock-solid stability. However, UnitedLinux will deliver more for the money than Advanced Server, promised Gregory Blapp, SuSE's vice president for international business and a member of UnitedLinux's board."
Where the Jobs Are (Linux Journal)The Linux Journal looks at the Linux employment situation. "An informal survey of employers, employment recruiters, contracting firms, universities and Linux pros shows that job hunters now find: stiffer requirements, a tighter market, leveled salaries, new job responsibilities and new thinking on certification."
Penn State plugs into Dell cluster (News.com)News.com reports on Penn State's new Dell cluster. " Penn State will use the new cluster, which currently has 80 nodes and will grow to 256, to carry out research in biology, chemistry, physics and meteorology. Each of the 80 nodes is a Dell PowerEdge server with dual Xeon processors from Intel and RedHat's Linux operating system."
Fed cybersecurity initiative boosts TCPA (Register)The Register examines the latest cyber security initiative from the White House. "On Wednesday a group of federal bureaucrats, business representatives and industry lobbyists will be rolling out a draft of the White House's new initiative to enlist the computing public in the task of defending cyberspace. Originally, the Feds had planned to roll out a final draft, but this has been delayed due to unresolved conflicts among the technology companies the scheme will be affecting."
Page editor: Forrest Cook Announcements Resources Extending LinuxThe Linux Standards Base has sent out a press release announcing a "brainstorming phase" concerning the extension of the LSB. "Now it is time to expand LSB's coverage, to better meet the needs of Linux based application developers and "normalize" the use and acceptance of free and open source software. While the LSB is already moving forward with planned updates that will include more interfaces (such as C++) and features (such as standardized package management) we need your input. We need to know what interfaces and features future versions of the LSB should include. For that mater, we need to know what interfaces and features Linux itself is missing."
Recording Audio from JACK-Enabled Applications in ArdourQuickToots has a tutorial by A. J. (Tony) Schiavone on using Ardour with JACK. "The Jack Audio Connection Kit (JACK) provides a method for JACK-enabled Linux applications to share audio data. Some of the growing number of applications that are currently JACK-enabled include Alsaplayer (an audio player that uses the Linux ALSA sound interface), MusE (a MIDI sequencer with softsynth support) and Ardour (a multi-track digitial audio recorder and workstation). This tutorial describes the method for using Ardour to record audio output from external applications such as Alsaplayer and MusE."
Balancing your books? GnuCash is the answer (LinuxWorld.com)LinuxWorld.com is running a tutorial on GnuCash. "Joe Barr walks us through his experience with GnuCash personal-accounting software. His conclusion? GnuCash is good enough to trust with the bookkeeping chores at a miniature donkey ranch."
The Perl Journal Returns Online (use Perl)According to Use Perl, The Perl Journal, a recently discontinued print magazine, will be returning as a subscription-based online magazine. "CMP, owners of The Perl Journal, have brought the journal back, in the form of an online monthly magazine, in PDF form. The subscription rate is $12 a year. They need 3,000 subscriptions to move forward (no word if existing subscriptions will be honored, or included in the 3,000)."
September Yadda Lambda is out.The September issue of the lisp-p.org Lisp Magazine (also known as Yadda Lambda) is out. "It features an introductory article on partial evaluation and the account of how an experienced programmer approached Common Lisp." Thanks to Paolo Amoroso.
Upcoming Events Call for nominations for the FSF Award for the Advancement of Free SoftwareThe Free Software Foundation has sent out a call for nominations for its 2002 award for the advancement of free software. "Any kind of activity could be eligible -- writing software, writing documentation, publishing CDs, even journalism -- but whatever the activity, we want to recognize long-term central contributions to the development of the world of software freedom."
'Perl 6: Right Here, Right Now' slides available. (use Perl)Use Perl has mentions the availability of Leon Brocard's slides from his London Perlmongers talk on Perl 6.
HiverCon Speakers AnnouncedTen speakers have been selected for the HiverCon 2002 security conference.
Events: September 19 - November 14, 2002
Software announcements This week's software announcementsHere are the software announcements, courtesy of Freshmeat.net. They are available in two formats:
Page editor: Forrest Cook Letters to the editor Releasing old software into public domain.
Pavel Roskin has suggested that
Reading recent discussions in the online media, it is clear that
many people have an issue with the copyright laws that make
copyrights remain in force for many decades.
I believe that the Free Software Foundation should release into
the public domain all the software currently under GPL, that is
at least 15 years old, and for which FSF is the sole copyright
holder.
GPL is a great license because it uses the copyright law to make
software free. However, 15 years should be enough for software to
enjoy copyright protection. Even when our goals are noble, we
should not be using the copyright law beyond the fair limit that
we would like it to have.
In my opinion, FSF could make a good point by releasing its old
software into the public domain. That would be an example for
other copyright holders, even those who produce non-free
software.
I find that this suggestion speaks of a complete misunderstanding of
the Free Software Foundation's aims as I perceive them. The Free
Software Foundation is all in favor of a legal system where the
copyright laws do not permit restricting the freedoms of software
users arbitrarily. Such a system does not exist. The GPL license is
used for effectively creating a pool of software which uses those
exact copyright laws for securing a sanctuary _effectively_ protected
from the bad sideeffects of said laws.
The difference to software released without similar restrictions is
that that is subject to unfair treatment: it can be used in
proprietary software products, whereas those proprietary products may
not in turn be used in the free products.
The FSF has chosen to release their software under a license which
does not merely ask for fair play, but requires it. Making software
available as free-for-all would be diluting their message. Apart from
that, authors having contributed to GNU software have received written
assurances that their contributions may not be used in proprietary
products. Even if the FSF was willing to make such a contraproductive
move, it would probably not be allowed to do so for legal reasons.
This is my personal view and reading of the matters and in no way
is a statement of opinion from the FSF itself.
--
David Kastrup, Kriemhildstr. 15, 44793 Bochum
Email: David.Kastrup@t-online.de
Page editor: Jonathan Corbet
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||