The LWN.net Weekly Edition for November 21, 2002 is available.
Book review: Linux In The Workplace
![[Book cover]](https://static.lwn.net/images/ns/litw.gif)
We have not managed to write a great many book reviews over the last couple
years - they take a lot of time, and were never our most popular feature.
Linux In The Workplace, however, is sufficiently interesting that we
took the time to read it through. Read on for our impressions and thoughts
on why this book is worth noting.
Linux In The Workplace is published by the Linux Journal Press. Interestingly, no authors are named on the cover; instead, it is credited to "SSC, publishers of the Linux Journal." It is, in fact, the result of the Linux Journal's staff's experience with running a Linux-based office over the last few years. As a result, it is well grounded in a lot of real-world, Linux-based office work; it is also deeply tied into the Journal's way of doing things.
The cover does not go out of its way to make it clear, but this book is mostly about KDE. GNOME-based applications are mentioned in spots, but anybody wanting to set up an office around the GNOME desktop will not get what they need from Linux In The Workplace. There is no problem with this - trying to cover both desktops would likely turn the book into a confusing mess - but it's a good thing to be aware of.
Actually, anybody wanting to "set up" an office around any desktop will need to look elsewhere. Linux In The Workplace is very much a user's manual; it expects that somebody else has already gone through the trouble of installing Linux and making it work:
Again, that is appropriate; serious use of Linux in offices is only feasible if most users do not have to deal with the administrative issues - something which is also true of Windows in the office.
So, what's covered in this book? After a quick "what is Linux" chapter, we
learn how to log into a KDE-based system, deal with user accounts ("A
good password combines upper- and lowercase letters with nonalphanumeric
keys. Passwords such as *nCk&Ve or *nG]y$Uds- are good examples.
"),
and deal with the basics of the KDE desktop. The approach is low-level and
detailed - we learn about what most of the icons and menus do. Anybody who
is used to working with a Linux desktop at all may find the "now click
here" pace a bit tiresome,
but readers who are entirely new to Linux will likely welcome the detail.
In subsequent chapters, the reader will encounter:
- Chapter 3: a description of Konqueror, but only in its role
as a local file manager.
- Chapter 4: "getting organized." Topics like KOrganizer, KPilot, KArm,
and KNotes.
- Chapter 5: OpenOffice. OpenOffice is the preeminent free office suite
for Linux, and this book recognizes that fact. This chapter provides
a whirlwind tour of the OpenOffice applications; it (like much of the
book) is more useful for getting an idea of what the application can
do than really getting an in-depth understanding. If you want an
overview of how the spreadsheet works, this book will help; if you
need to learn how to write formulas, you'll need to look somewhere
else. (This chapter is available on the net
in PDF form).
- Chapter 6: alternative office software. This chapter is a quick
overview of KOffice and AbiWord; one gets the sense that the authors
expect few readers to go beyond OpenOffice, however.
- Chapter 7: graphics. A quick look at KPaint, Kontour, KView, and
the xscanimage tool.
- Chapter 8: the Gimp. There is, of course, no way to do justice to the
Gimp in a single chapter; this attempt reads mostly like a quick demo
given to somebody who had never seen a serious image editor before.
- Chapter 9: email, netnews, and faxes. KMail is covered in fair
detail, though important points are missing. For example, the KMail
interface to GNUpg is covered, but GNUpg itself is passed over. There
is also an overly scary warning about reading attachments:
"
Attachments are often the vehicle for transmitting computer viruses that can do great damage to both your computer and any computer to which you are connected. A virus can even attack your address book and send replications of itself to everyone listed.
" That is a bit strong, given that this scenario has never, to your reviewer's knowledge, happened to a KMail user.If you were going to cover a second mail user agent in a book like this, what would it be? The authors chose Netscape mail. Pine, mutt, and elm get passing mentions; evolution does not, for the purposes of this book, seem to exist.
Quick mention is made of KNode for reading Usenet news and "K Send a Fax" for dealing with faxes. One could certainly imagine other, better established applications in these categories that would have been worth a mention.
- Chapter 10: Konqueror as a web browser. Quite a bit of detail on
bookmark management and such. There are passing mentions of Netscape
and Opera; nothing about Mozilla or Galeon.
- Chapter 11: customizing the desktop. This chapter will certainly be
useful to anybody wanting to tweak how the KDE desktop works.
- Chapter 12: making backups. A quick look at "Ark" and KOnCD.
- Chapter 13: the command line. Only in the very last chapter does this book get around to discussing terminal emulators, shells, and the Linux command line. A quick overview of a number of basic commands is provided. Emacs is covered in three sentences.
There are a number of shortcomings and strange omissions. For example, office workers are likely to want to view PDF files, but there is no discussion of how to do that - even though gv, which reads (most) PDF files happily, is briefly covered. Printing is mostly passed over, as are multimedia applications. And (by design), there is almost no mention of proprietary software packages that can be useful in real office situations.
But, then, few books are perfect. This one is important as proof that you can get a lot of work done on a Linux system without ever having to mess with partitioning menus, shell prompts, mount commands, and so on. The existence of this sort of book is an important prerequisite for widespread adoption of Linux for desktop use. Desktop Linux is, increasingly, being taken seriously; Linux In The Workplace is full of good examples of why that is happening.
OASIS to create an open office application format
The OASIS Standards Consortium has announced the creation of a "technical committee" which will develop an open, XML-based file format specification for office applications. The goal of the project, of course, is to facilitate interoperability and data exchange between applications. Should they succeed, the days of trying to reverse engineer Word files could come to an end.It is hard to overemphasize the importance of this effort. Microsoft's office suite monopoly is based on two things: (1) that suite's feature set, and (2) the ability to exchange documents with the rest of the world. There are numerous other office suites which are closing the feature gap (though there is still some ground to cover for the free applications, to say the least). But, without the ability to easily exchange documents with MS Office users (and have them look good when they get there), adoption of alternative office suites will remain limited.
And there, of course, lies the rub. A new, XML-based office suite file format will have a rough life if Microsoft does not play along with it. It is worth pointing out that Microsoft is a member of OASIS; the company has also said that Office will use an XML-based format in the future. But the list of supporting companies in the press release (Arbortext, Boeing, Corel, Drake Certivo, and Sun) does not include Microsoft.
Even without Microsoft, standards for document data can only be a good thing. This particular standard is getting a jump start from Sun, which is contributing the OpenOffice.org format under royalty-free terms (OASIS, in general, is quite happy with RAND or UFO (uniform fee only) terms). Should the committee create a standard based on this format, the existence of a free reference implementation should encourage adoption of the standard in both free and proprietary packages.
Proprietary data formats are a problem for a number of reasons, of which proprietary lockin is only one. Another is the ability of proprietary applications to surprise users by retaining information in documents that those users had thought they had deleted (or never put there in the first place). Future historians will find that much of the documentation of this era is encoded into formats which are no longer readable. An Open format for office information will not, by itself, solve any of these problems. But it sure would be a good start.
Notes from LWN
There is a relatively small amount of news to report this week. The individual subscriber count stands almost unchanged from last week - which is not entirely a bad thing, since a number of accounts have expired in that time. We will have to figure out a way to bring in the next round of subscribers, however.We think we have worked out the problem that made it difficult for lynx users to log into the site. Please let us know if it still fails to work for you. (The longer-term task of making the site more lynx-friendly in general remains on the "to do" list).
Next week is the Thanksgiving holiday in the US. We'll be publishing a (perhaps a little smaller than usual) Weekly Edition one day early - on November 27 - because we'll all have eaten too much food to reach the keyboard thereafter. We'll return to our regular schedule for the following week (but there will be no Weekly Edition the week of December 25).
Security
Brief items
When should one apply security patches?
When one considers the question of when security patches should be applied, the standard answer is "immediately." That answer neglects an important question, however: what if the patch itself is broken? Overzealous application of problematic updates could end up causing more trouble than the vulnerabilities that the patches were meant to fix. In an attempt to quantify the risk of that happening, and come up with an optimal time to apply security patches, Steve Beattie et al. carried out a study, which is now available on the net.Finding the optimal time is a matter of finding the intersection of two curves. One curve is determined by the cost of recovering from a failed update, multiplied by the probability of such a failure. The probability of applying a bad update will fall over time, since these updates are discovered and fixed. The other curve, instead, is the cost of dealing with a security breach, multiplied by the probability of that breach happening. The chances of a particular vulnerability being exploited grow over time, of course, especially in the free software world, where vulnerabilities tend to be disclosed before they are actively exploited. The two curves will thus cross at some point; once they intersect, the costs of not applying the patch exceed those of pressing forward.
To find the probability of applying a bad patch, the authors dug through the CVE database, examining 136 entries. For those, they found twenty cases where patches were withdrawn or revised. The median time to revise a patch, it turns out, was just over 17 days; one patch was fixed after a year and a half. To finish the calculation, one must try to determine the probability of an unpatched system being compromised. The authors punt on this one, saying that it must be calculated "locally" for any individual network.
In the absence of that second probability, the authors make their final
conclusions from the "bad patch" data. Looking at a graph of when issues
were "resolved" (a good patch released), they note a couple of obvious
plateaus. "However, since [the probability of a compromise] is
difficult to compute, the pragmatist may want to observe the knees in the
curve ... and apply patches at either ten or thirty days.
" One
should bear in mind that the calculation would be different for a
vulnerability which is being actively exploited, however.
November CRYPTO-GRAM Newsletter
Bruce Schneier's CRYPTO-GRAM Newsletter for November is out. It's a short one - Bruce is finishing up a book project.. "My new book, still untitled, is a book about security. Not computer security, but security in general. Its goal is to teach readers how to think differently, how to tell good security from bad security, and to be able to explain why."
New vulnerabilities
Courier sqwebmail: buffer overflow
| Package(s): | Courier sqwebmail | CVE #(s): | |||||
| Created: | November 15, 2002 | Updated: | November 19, 2002 | ||||
| Description: | A problem in the Courier sqwebmail package, a CGI program to grant authenticated access to local mailboxes, has been discovered. The program did not drop permissions fast enough upon startup under certain circumstances so a local shell user can execute the sqwebmail binary and manage to read an arbitrary file on the local filesystem. | ||||||
| Alerts: |
| ||||||
dhcpcd: Character expansion vulnerability
| Package(s): | dhcpcd | CVE #(s): | |||||||||||||||||
| Created: | November 19, 2002 | Updated: | January 10, 2003 | ||||||||||||||||
| Description: | dhcpcd is an RFC2131 and RFC1541 compliant DHCP client daemon.
dhcpcd has the ability to execute an external script named /sbin/dhcpcd-<interface>.exe when assigning a new IP address to a network interface. This script sources a file named /var/lib/dhcpcd/dhcpcd-<interface>.info that contains several shell variables and assigments with DHCP information. Simon Kelley pointed out a vulnerability in the way quotes inside these assignments are treated. By exploiting this, a malicious DHCP server (or attackers able to spoof DHCP responses) can execute arbitrary shell commands on the DHCP client (which is run by root). | ||||||||||||||||||
| Alerts: |
| ||||||||||||||||||
kernel: local denial of service vulnerability
| Package(s): | kernel | CVE #(s): | |||||||||||||||||||||||||
| Created: | November 19, 2002 | Updated: | February 5, 2003 | ||||||||||||||||||||||||
| Description: | All versions of the Linux kernel from (at least) 2.2.x through 2.4.19 and 2.5.47 contain a vulnerability which allows any local user to crash the system. This LWN article describes how the exploit works in detail. The vulnerability affects only x86 systems. | ||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||
lynx: CRLF injection vulnerability
| Package(s): | lynx | CVE #(s): | CAN-2002-1405 | ||||||||||||||||||||||||||||
| Created: | November 19, 2002 | Updated: | October 1, 2003 | ||||||||||||||||||||||||||||
| Description: | If lynx is given a url with some special characters on the command line, it will include faked headers in the HTTP query. This feature can be used to force scripts (that use Lynx for downloading files) to access the wrong site on a web server with multiple virtual hosts. | ||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||
nullmailer: denial of service
| Package(s): | nullmailer | CVE #(s): | |||||
| Created: | November 18, 2002 | Updated: | November 19, 2002 | ||||
| Description: | A problem has been discovered in nullmailer, a simple relay-only mail transport agent for hosts that relay mail to a fixed set of smart relays. When a mail is to be delivered locally to a user that doesn't exist, nullmailer tries to deliver it, discovers a user unknown error and stops delivering. Unfortunately, it stops delivering entirely, not only this mail. Hence, it's very easy to craft a denial of service. | ||||||
| Alerts: |
| ||||||
samba: buffer overflow
| Package(s): | samba | CVE #(s): | |||||||||||||||||||||||||||||||||||||
| Created: | November 20, 2002 | Updated: | November 29, 2002 | ||||||||||||||||||||||||||||||||||||
| Description: | A buffer overflow has been found in Samba versions 2.2.2 through 2.2.6; while no known exploit exists as of this writing, it is, possibly, remotely exploitable. Upgrading to Samba 2.2.7 fixes the problem. | ||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||
tcpdump: buffer overflow
| Package(s): | tcpdump | CVE #(s): | |||||||||||||
| Created: | November 20, 2002 | Updated: | December 19, 2002 | ||||||||||||
| Description: | A new buffer overflow in the printing of BGP packets could, conceivably, be remotely exploitable. | ||||||||||||||
| Alerts: |
| ||||||||||||||
Resources
The Peon's Guide To Secure System Development
For those of you who are looking for a bit more character in security writing, The Peon's Guide To Secure System Development might just fill the bill. "Increasingly incompetent developers are creeping their way into important projects. Considering that most good programmers are pretty bad at security, bad programmers with roles in important projects are guaranteed to doom the world to oblivion. The author feels that a step toward washing himself clean of responsibility is by writing this document. Checking your memcpy() and malloc() calls have been lectured to death. It's not working. The approach used by this document is to instead shame developers into producing better systems."
Security holes ... Who cares?
Eric Rescorla has announced the availability of a study of user response following the disclosure of the OpenSSL remote buffer overflow vulnerability. When the problem was announced, Mr. Rescorla started monitoring a set of vulnerable servers to see when they were patched up. "Two weeks after the bug announcement, more than two thirds of servers were still vulnerable." Even after the "slapper" worm hit the net, many servers remained vulnerable.
Linux Security Week and Advisory Watch
The Linux Security Week and Linux Advisory Watch newsletters from LinuxSecurity.com are available.Butterfly Security releases CodeSeeker
Butterfly Security has announced the forthcoming release of "CodeSeeker," a firewall and intrusion detection system. Open source licensing is claimed for CodeSeeker, but the actual license has not been made available as of this writing.
Page editor: Jonathan Corbet
Kernel development
Brief items
Kernel release status
The current development kernel is 2.5.48, which was released by Linus on November 17. This one includes the new module loader - so expect surprises if you compile with modules, and note that you need a new set of module utilities (available as a source tarball or source RPM). Other changes include boot process cleanups (part of the initramfs effort), more IPSec fixes, high-resolution times in the stat64() system call, some SCSI cleanups, a bunch of include file cleanup work, and lots of other fixes. And, of course, the fix for the denial of service vulnerability. The long-format changelog has the details.Linus's pre-2.5.49 BitKeeper tree includes a number of module fixes, nanosecond time support for the NFS filesystem, an S/390 update, and a large number of other fixes.
The current development kernel prepatch from Alan Cox is 2.5.47-ac6. Alan continues to issue patches against 2.5.47 because "the 2.5.48 tree is a little bit too broken to run IDE development against."
The current stable kernel is 2.4.19. The second 2.4.20 release candidate was released by Marcelo on November 15; it includes a fix for the denial of service vulnerability and several other updates.
Alan Cox's latest 2.4.20 prepach is 2.4.20-rc2-ac2, which adds a number of fixes to the second release candidate.
Alan has also released 2.2.23-rc2, which is primarily motivated by the denial of service fix.
Kernel development news
The state of the feature freeze
The 2.5 feature freeze is now three weeks old. At this point, it mostly appears to be working as intended. The biggest exception (the new module loader) will be looked at in a separate article.One of the goals of the freeze was to give developers a well-known target date so they would not flood Linus with last-minute patches. There was a big wave of patches that came through in October, but it was small and well organized compared to the deluges that came after previous (surprise) feature freezes. These patches were, for the most part, in reasonably good shape. With relatively few exceptions, the post-freeze kernel is in relatively stable condition.
The freeze is holding reasonably well. The only really new features that have gone in recently are the new module loader and high-resolution times in the stat64() system call. Linus has put his foot down when faced with a number of destabilizing changes, such as some overzealous header file "cleanup" work. He is still considering a few new features (kexec, kernel probes, and POSIX timers), but they are relatively small and went into the queue well ahead of the freeze date.
Of course, it is far too early to conclude that the freeze will actually hold - we have to wait to see what happens in 2003 for that.
The 2.5 stabilization process will, hopefully, be helped by the bugzilla database that has been set up by OSDL. Proper tracking of 2.5 bugs is clearly necessary if they are to be dealt with before the stable release. Whether this database will really fill that need remains to be seen; after a week of operation, it only lists sixty bugs. The 2.5 kernel clearly must have more problems than that; now is the time for people who have encountered problems to put them into bugzilla so they do not get overlooked.
Not all of the kernel developers have shown great enthusiasm for working with the bugzilla system; to some of them, it looks like a lot of bureaucratic work that distracts from the real job of fixing bugs. This should not be a problem as long as people who are interested maintain the bug database and keep it current.
Back at the kernel summit, there seemed to be a consensus that, at this stage, an assistant to Linus would be named to help with stabilization. Linus, by his own admission, does not always do a great job of the release management task. The assistant would help review patches and might also, eventually, become the maintainer of the stable release. That prospect, of course, would help motivate the assistant to look hard at proposed changes and exclude anything that was not really necessary.
This idea was well received at the summit, even by Linus. But this person has not been named, and there has not really even been any discussion of the subject. Following through soon on the appointment of somebody to help stabilize the kernel is probably one of the best things the development community could do to ensure that the freeze (and stable release) are successful.
The x86 denial of service bug
The current 2.5 and 2.4.20-rc releases both contain a patch for a newly-discovered vulnerability in the Linux kernel. Simply put, anybody who can run an arbitrary program on a Linux system can bring it down in flames. Your editor, who is not an expert on x86 assembly (but who can still describe the difference between CDC 6xxx A, B, and X registers), has made an effort to figure out just what is going on here, for those who are curious.The x86 processor contains many flags which affect its operation. Two of these flags are abused in this exploit:
- The trap flag (TF) causes a processor trap to happen after
execution of every instruction. It is used primarily for debugging
purposes.
- The nested task (NT) flag indicates that the current task is executing via an interrupt (or other task-switching operation) that causes another task to be suspended. It is part of the hardware task switching mechanism, which Linux makes only limited use of. When the NT flag is set, the iret instruction performs a hardware task switch via the "backlink" field in the task state segment (TSS). Without NT, iret looks much like a normal return.
The DOS attack works, essentially, by setting both flags (TF and NT), then jumping into the kernel with an lcall instruction. The kernel code did not clear those flags when entered via that path. Thus, the setting of TF would cause an immediate processor trap within the kernel code. That, by itself, is relatively harmless, except that the trap handler returns via iret. That instruction, seeing that the NT flag is set, attempts to perform a task switch via the TSS - an operation the kernel was not expecting, and which had not been prepared for. So the kernel switches into a nonexistent task, and everything comes to a stop. It is at this point that one begins to appreciate the virtues of journaling filesystems.
The solution, as coded up by Linus, is simply to clear those flags when the kernel is entered via a call gate. End of problem - once you get the patch installed.
The call entry code has not changed in a long time, so even very old kernels are affected. The current 2.4.20 release candidate includes a fix, and the distributors are beginning (slowly) to release updates which fix the problem. 2.2 kernels are also vulnerable; if you have a 2.2-based system running with untrusted users, you may want to rebuild the kernel with this patch from Matthew Grant applied.
Fun with modules
So... The feature freeze is in effect, the 2.5 kernel appears to be relatively stable (for this stage of development), and all seems well with the world. Then Rusty Russell's new module loader patch goes in, and all hell breaks loose. What's going on?The inclusion of the module patch is consistent with the policy Linus laid out toward the end of October: the freeze date would be considered the deadline for submission to him. Linus would, when it seemed appropriate, merge new features after the deadline. He has done very little of that sort of merging, but the new module code was one of the exceptions.
There are a few problems with the new module subsystem, most of which have to do with the facts that the job is not complete (i.e. features are missing), and that many of the changes had not been seriously tested out and reviewed prior to being merged. The work is not complete because Rusty never knew whether the patch would go in or not, and was busy enough just keeping it up to date with kernel releases. The lack of testing and review is explained by Rusty in this way:
In other words, the nature of the patch was such that the people who most needed to test it out were uninclined to do so. Many of those people are the ones who are upset by the current state of affairs.
The initial module patch did, indeed, lack some features. Little things like module parameters, device table support (needed for hotplug support), unloading of modules, a working modprobe, modversions, etc. In other words, when the module patch first went in, loadable modules stopped working for almost everybody. Broken features are not that unusual for a development kernel, but this is a much-used feature in a kernel that was supposed to be in a feature freeze, so people complained.
The situation was not helped by the fact that the first module patches were merged just as Rusty got on a plane to the other side of the world. Even so, he has been working frantically to fix up his patches and get them off to Linus. By the time 2.5.48 came out (the first actual kernel release with the new code), some of the worst omissions had been taken care of, and the rest are being addressed quickly. The level of complaints over missing features has dropped significantly.
Other sorts of complaints remain, however, as people try to actually make things work with the new scheme. The biggest controversy has related to Rusty's attempts to eliminate some of the race conditions that tend to crop up during module loading and unloading. A common bug found in module initializion routines is to make resources (i.e. a /proc file or a registered device) available to the kernel, then to fail module loading later on. If some other process has accessed that resource in the mean time, it could find itself trying to execute within a module that was never fully loaded.
Rusty's solution is to add a "live" flag to each module. Any code which calls into a module must first increase that module's reference count with the new try_module_get() function. This function will return a failure status if the live flag is not set. This flag remains cleared until the module initialization function has finished its work. This mechanism guarantees that a module's code will not be called until the module is ready, and it is clear that the module load process will succeed. (It is also used to unload modules safely; see Rusty's FAQ for more information on how this all works).
The problem is that, sometimes, there are legitimate reasons for wanting to call into a module before that module has finished initialization. For example, when a disk driver registers a disk, the upper layers immediately want to have a look at the partition table. Under the new scheme, that look would fail (since the module was not yet marked as being alive) and the drive's partitions would not be registered. Thus, a patch which was intended to fix theoretical problems (very few people have actually been bitten by module load race conditions) ended up creating real problems with drivers that, previously, had been working just fine. That did not go over particularly well.
This problem has been fixed by marking a module as being alive while its initialization function runs. In other words, initialization is, once again, unprotected, and driver authors need to be very careful to not export any interface to the rest of the kernel until they are ready for that interface to be used. Which makes basic sense.
Driver code also needs, in many cases, to be more fault tolerant. Rusty asked a related question: how does one register two /proc files? If the registration of the second file fails, there is no way to safely unregister the first one and fail the module load. Linus's answer makes basic sense once you look at it: the module simply can not fail to load at that point. Once the module has exported an interface, it must be there to handle uses of that interface. It is better to simply do without the failed /proc file than fail the whole load and risk race conditions. The complexity required to allow failing at any time is not justified by the benefits.
Various other problems (such as the requirement that every module have an initialization function, or explicitly include a no_module_init line) are being worked out. Before too long, with luck, modules will just work again (better than before), and the kernel developers will be arguing about something else.
Patches and updates
Kernel trees
Architecture-specific
Core kernel code
Development tools
Device drivers
Documentation
Filesystems and block I/O
Janitorial
Memory management
Networking
Security-related
Benchmarks and bugs
Miscellaneous
Page editor: Jonathan Corbet
Distributions
News and Editorials
United Linux
This week at COMDEX in Las Vegas the UnitedLinux group announced the release of Version 1.0 of its UnitedLinux product, with a launch event sponsored by HP and IBM.UnitedLinux 1.0 was not designed to be a standalone product, but instead will be the engine that powers distributions from its four founding members, Conectiva S.A., The SCO Group, SuSE Linux AG, and Turbolinux, Inc. All four companies were expected to announce new versions of their Linux enterprise distributions, powered by the UnitedLinux core, this week, according to this eWeek article. This announcement for SuSE's Linux Enterprise Server 8 is the first official 'powered by UnitedLinux' announcement we've seen. Each of the four new 'powered by UnitedLinux' offerings will have its own local language support, value-add features, and pricing.
So what's in the basic package?
- Language support: UnitedLinux Version 1.0 will initially be available in English, Japanese, Simplified Chinese, Korean, Portuguese, Spanish, Italian, German, French and Hungarian.
- Standards compliance: UnitedLinux supports standards, such as LSB 1.2 and OpenI18N from the Free Standards group.
- File Systems: UnitedLinux supports the Journaling File System (JFS), Reiser File System (ReiserFS), XFS, and the ext3 filesystem.
- Platform support: UnitedLinux platform support includes Intel (32 and 64-bit), AMD, PowerPC (IBM eServer iSeries and pSeries), and IBM eServer zSeries mainframe.
Distribution News
Debian GNU/Linux
The Debian Weekly News for November 19, 2002 is available. This week you can read about the Debian art collection; the soon-to-expire LZW patent; and much more.Anthony Towns reports on packages with release-critical bugs that have been removed from Debian testing (and in some cases unstable). More will likely be removed in the near future if bugs are not fixed.
The Debian Board of Directors of Software in the Public Interest would like to expand. According to the by-laws, the Board should include 8-12 people, and we may have a number of advisers as well. This message solicits applications and nominations.
A second Bug Squashing Party for the Sarge release will take place during the next weekend (22-24 of November).
A fire at the computing facilities of Twente University has taken out the server known as satie, which may disrupt some services temporarily.
Mandrake Linux Community Newsletter - Issue #68
The Mandrake Linux Community Newsletter for November 14, 2002 is available. This week: 9.0 Packs are shipping; the Advanced Extranet Server is cookin'; MandrakeClub has multilingual forums; and much more.MontaVista Linux Professional Edition 3.0 Launches
MontaVista Software has announced the launch of the MontaVista Linux Professional Edition 3.0, the next generation of this embedded operating system and development platform. "Offering enhanced networking capabilities, increased tools coverage and the latest Linux technology, this newly updated version of the product enables embedded equipment manufacturers to develop an even broader range of devices."
Slackware Linux
Slackware has some more upgrades to the the Slackware current tree, mostly in the KDE packages. Also glibc was patched and recompiled to improve compatibility with older binaries. See the change log for complete details.Trustix Secure Linux
Trustix Secure Linux has released TSL 2.0 Technology Preview 1 (also known as Rainstorm).TSL 1.5 users should check out these bug fix advisories for samba and apache/mod_ssl. The apache/mod_ssl update also applies to older versions of Trustix Secure Linux. Trustix recommends that all systems with these packages installed be upgraded, or if you are not using these packages you should remove them from your system.
Minor distribution updates
Bootix Linux Becomes Phrealon Linux
The Slackware-based CD-ROM distribution formerly known as Bootix has been renamed to Phrealon Linux due to some trademark issues.LindowsOS
According to this article in News.com, Lindows has released LindowsOS 3.0 as an independent product. Previously, LindowsOS was bundled with low-cost PCs, not available as a standalone product. "The company said the LindowsOS 3.0 package will sell for about $129 and support dozens of Linux applications, including ones that mirror Windows applications. The software package, which is available online including at Walmart.com, also features Sun Microsystems' StarOffice 6.0 word processing software and supports more than 800 printers." Thanks to Jay R. Ashworth
Lycoris
Lycoris and Ericom Software team up to release Desktop/LX InterConnect, a simple corporate desktop with full office suite and outstanding host connectivity tools.Lycoris is now offering $199 Desktop/LX Certified Microtel PCs on WalMart.com.
Distribution reviews
Interview: Klaus Knopper, Creator of Knoppix (DistroWatch)
DistroWatch interviews Klaus Knopper, creator of Knoppix - a Linux distribution which runs from CD-ROM. "I have heard of some unusual ways of using Knoppix, apart from the usual "coaster" thing, if someone has no success in booting a computer with exotic chip sets with Linux. The CD is used as a certified running Linux system for commercial proprietary products (which is perfectly legal in the sense of the GPL), and some are working on a version with a Mosix kernel or other clustering stuff to boot an array of PCs without hard disk installation."
Page editor: Rebecca Sobol
Development
The OpenOffice Installation Project
The OpenOffice office suite project has announced a new initiative, known as the OpenOffice Installation Project. The project aims to address some of the deficiencies of the current installation system.
The project aims to make installation of OpenOffice follow the systems native installer for the user's Linux distribution. This sounds like a very good idea, since the majority of applications on most distributions are installed as packages, and packaging the code should allow it to be correctly integrated into the chosen distribution.
Package support is being planned for several commercial UNIX varients, RedHat Linux, Windows, OS X, Debian Linux, FreeBSD, and as generic tar.gz files.
Your development page editor recently made several attempts at installing OpenOffice on a new Debian system. The first attempt involved following the instructions found on the OpenOffice.org in Debian site, which recommended doing:
apt-get install openoffice.orgThat attempt failed to find the package at all, even after pointing the /etc/apt/sources.list file to several different sources and OS versions. I will admit to being a very new Debian user, although I've been using UNIX and Linux for a long time.
Ultimately, it was necessary to download the enormous tar.gz file from the OpenOffice site. I had to uncompress the file, and run the install script to get the files plugged into the system. I then had to further install the software from a user account, which nicely duplicated a huge tree of already-copied files into my home directory. Not pretty, although it did eventually produce a working program.
Once OpenOffice was actually installed, it took a fair amount of digging around to figure out that the command to run OpenOffice was soffice, not openoffice or OpenOffice. This is, no doubt, a relic from StarOffice, the project from which OpenOffice was derived.
Clearly, an effort to make installation of OpenOffice easier will greatly expand the OpenOffice user base. The installation experience as it currently exists, will likely scare off many potential users. This is a project that is past-due, it may even be critical for the long-term success of OpenOffice.
System Applications
Audio Projects
applications using jack
AlsaModularSynth and JACK Rack have been added to the JACK Audio Connection Kit's list of applications. JACK allows multiple audio applications to simultaneously share the same sound card.
Database Software
SAP DB Beta Version 7.4.03.07
A new beta version of the SAP DB database and accompanying documentation is available. Change information is in the code.
Education
Linux in Education Report
Issue #83 of the Linux in Education Report is out. Topics include European Schools Projects Finland, SchoolNet Namibia, Sun's aim to oust MSOffice from UK schools, the Northwest Educational Technology Consortium, the National Meeting of Free and Open Source Software, and a bunch of new educational software releases.
Electronics
a VHDL front-end for GCC
A VHDL front-end for GCC, known as GHDL, has been announced. "GHDL has been developped on a GNU/Linux x86 system, and only this configuration has been tested (porting to other processor or system should not be an hard task, but there are system dependent files in the run time)." Thanks to Andi Kleen.
Printing
LinuxPrinting.org news
LinuxPrinting.org lists some new changes to the Foomatic printer support database. New stuff includes an option setting bug fix, new converters for plain text printing, a bug fix for custom paper size support, and a fix for the Lexmark Z31 printer support.
Science
Open source in the biosciences (IBM developerWorks)
Cameron Laird looks at the use of open-source software in the bioscience and bioinformatics fields. "Bioinformatics and the use of open source in the biosciences are both still in the take-off phase. There's a lot of growth ahead of us. Here are a few of the technical software developments that will matter most in bioinformatics over the next year."
Web Site Development
NemeinNavBar library released
The initial public release NemeinNavBar, a URL parsing and navigation bar system for Midgard, is available.Zope Members News
The most recent headlines on the Zope Members News include: New York ZUG - November 21, 2002, ZAnnot 0.3 released, File System Cache Manager 0.1, DZUG-Meeting: Call For Papers, File system storage version of MSWordDocument, Austrian Government Deploys Zope, CMF in Portal to Public Services, NeoBoard 1.1 alpha 2 released, and Turkish Zope Hosting.
Standards
lsb-runtime-1.2.3-1 for IA32
Version 1.2.3-1 of the binary lsb-runtime test suite for the IA32 platform has been released. This is a maintenance release.
Desktop Applications
Audio Applications
Ardour changes
The latest changes to the Ardour multi-track audio recording program include new meter and tempo editing, mix templates, and changes to undo/redo to support branching.
Desktop Environments
FootNotes
Headlines on the GNOME desktop FootNotes site include: Yarnobs-0.2 released, GnuCash 1.7.3 beta, Gnumeric 1.1.12, Dropline GNOME Desktop 1.2.2, Mozilla gtk2 port progress update, An Inside look at Abiword Development, GNOME 2.1.2 available for FreeBSD, Rhythmbox 0.4 is out, Robin Rowe Interview, GNOME Development Series Snapshot 2.1.2: ''Life Preserver'', GNOME Summary for 2nd to 9th November, Evolution 1.2 available!, Sawfish 1.2 released, and an OpenOffice.org Project Update.KDE.News
This week's headlines on KDE.News include: Quickies: Boson, K3b, KDE-Forum.de, and OfB.biz: Geramik Reduces KDE/GNOME Style Differences.
Games
Announcing Durabuild 0.0.9 (World Forge)
World Forge games has an announcement for Durabild version 0.0.9. "zzorn has released Durabuild 0.0.9. Durabuild is a python program for building html versions of Worlds documents from CVS for web deployment and LaTeX post processing."
Boson 0.7 released
Game lovers may want to check out the new release of Boson. "Boson is an OpenGL real-time strategy game, with the feeling of Command&Conquer(tm) or StarCraft(tm). It is designed to run on Unix (Linux) computers, and is built on top of the KDE, Qt and kdegames libraries. A minimum of two players is required, since there is no artificial intelligence yet."
Interoperability
Kernel Cousin Wine
Issue #144 of Kernel Cousin Wine is out. Topics include: WineX 2.2.1, TransGaming Highlights, New Wine FAQ, Updated To-Do List, Fun Projects, Preliminary Supported Applications List, Cabextract Offered to Wine, MPlayer Supports Sorenson SVQ3, Better OpenGL Separation, Filesystem Change Notifications, Wine Visual Basic Compatibility, and Screenshots-R-Us.
Office Applications
AbiWord Weekly News
Issue #118 of the AbiWord Weekly News is out with the latest AbiWord word processor development news. "Great week for news! First, Mark is already tagging pre-releases for 1.0.4! If you want to know what's different, visit the Release HackDown And if you're in the gtk2 world and are just dying to test out the next developer's release, feel free to keep your eyes peeled for the upcoming 1.1.2. You may have noticed 1.1.1 didn't really go anywhere (not even in links on SourceForge), but 1.1.2 will be very pleasing, especially printing with XFT (i.e. it's there now!)."
Gnumeric 1.1.12 released
Version 1.1.12 of the Gnumeric spreadsheet has been released. "This release marks the start of the run up to the next stable release. While there are still some big pieces left to arrive, much of the 1.2 checklist is complete and we're starting to audit things."
Web Browsers
mozillaZine
The latest mozillaZine topics include: Mitchell Baker Joins OSAF Staff, Spell Checker for 1.2 and Trunk Builds, MozTweak 1.2 Beta Released, Minotaur Update, Project Documentation Updates, Linux Kernel Bugzilla Database Launched, Mozilla 1.2 Status, and Junk Mail Classification Turned On in Trunk Builds.
Languages and Tools
Caml
Caml Weekly News
The November 12-19, 2002 edition of the Caml Weekly News is out. Topics include exuberant ctags for ocaml, Aqua (non-X) labltk on Mac OS 10, The need for opcode GRAB?, and Even at compile time 2*2=4!.The Caml Hump
This week, the new software on The Caml Hump includes OCaml-HTTPA, a "library inspired from perl's HTTP::Daemon that permits to write simple HTTP daemons in OCaml."
Java
EJB Inheritance, Part 3
Emmanuel Proulx continues his series on EJB Inheritance with Part 3. "A session bean's life revolves around pure business logic. Implementing session bean inheritance is nowhere near as hard as it is with entity beans. Home interfaces are plain, containing no tricky business logic. The problems we had with entity beans were regarding access or lifecycle of the bean, not the actual bean invocation. There were issues also regarding the mapping of in-memory objects to database tables. These problems are gone in the case of session beans."
Developer's introduction to JAX-RPC, Part 1 (IBM developerWorks)
IBM's developerWorks has an article on JAX-RPC. "The Java APIs for XML-Based Remote Procedure Call (JAX-RPC) are an important step forward in the quest for Web services interoperability. In this first of two articles, Joshy Joseph takes you to the heart of that interoperability effort: the JAX-RPC type-mapping system. You'll learn how XML types are translated into Java types to ensure a smooth exchange of data between Web service clients and Java-based applications."
Learning the New Jakarta Struts 1.1, Part 2
Sue Spielman finishes her two part series on Jakarta Struts 1.1 on O'Reilly. "The whole point of having nested tags is that the tags can relate to each other and describe the structure of the model they're managing. The assumptions made by the tags simplify the necessary coding. Struts 1.0 developers can heave a sigh of relief knowing that they won't have to mangle code any longer to render a display of a list within a list."
Perl
This Week on perl5-porters
The November 11-17 edition of This Week on perl5-porters is out. Topics include Non-ASCII in POD, Test::* modules change, Assertions in Perl, CPAN::MakeMaker, Version bug, and more.This week on Perl 6 (Dr. Dobb's)
This week on Perl 6 for November 3-10, 2002 is out. Topics include: The Myth of Fingerprints, on_exit not portable, Should Memory be Washed?, string_set Is Back, Unifying Invocant and Topic-Naming Syntax, UTF-8 and Unicode FAQ, Supercomma!, The Interminable Operator Thread, FMTWYENTK about :=, Junctions and Laziness, Primitive vs. Object Types, perl6-documentation was born, Meanwhile, in perl-documentation, Who's who in Perl 6?, and more.Object Oriented Exception Handling in Perl
Arun Udaya Shankar covers Perl exception handling on O'Reilly. "The main goal of this article is to discuss in detail about exception handling in Perl and how to implement it using Error.pm. On our way, we'll be touching upon the advantages of using exception-handling over traditional error-handling mechanisms, exception handling with eval {}, problems with eval {} and the functionalities available in Fatal.pm. But by and large, our focus we'll be on using Error.pm for exception handling."
PHP
PHP Weekly Summary
Topics on this week's PHP Weekly Summary include: Compiling with LCC, snaps.php.net, 4.3 branched, Manual translations, Errors with URLs, Log() with bases, Squashing bugs for 4.3.0, Changelog bugs, CLI without .ini, Improved string speeds, GD filters, Session survey, Range() enhancement, and Birdstep (Velocis) support.PHP 4.3.0RC1 released
Version 4.3.0RC1 of PHP is available. The release blurb on PHP.net says: "This is the first release candidate and should have a very low number of problems and/or bugs. Nevertheless, please download and test it as much as possible on real-life applications to uncover remaining issues."
Python
Python-dev Summary
The latest Python-dev Summary, covering activity through November 15, is out. It looks at the process of becoming a Python contributor, the Snake Farm, "metaclass insanity," and numerous other topics.The Daily Python-URL
This week's Daily Python-URL article topics include: Mnet, the open-source successor to MojoNation, Cooperative multithreading with generators and signal handling, Proper XML output in Python, Python - language of choice for EAI, Python Journal 3(1), Variety is the Spyce of Python, and more.
Ruby
The Ruby Garden
New topics on the Ruby Garden include Move "timeout" method into its own class, and Should Ruby have static typing?.The Ruby Weekly News
Topics on this week's Ruby Weekly News include New signs of life [Cardinal], RubyConf 2002 FreeRIDE slides, Enumerable#zip, Sydney RUG, RUG mailing lists, and Ruby NEWS maintainers [wanted]. New Ruby software includes rdep, YAML.rb 0.47, FXRuby 1.0.16, Radical 0.5, and ncurses-ruby 0.6.
Scheme
Scheme Weekly News
The November 18, 2002 edition of the Scheme Weekly News is out with the latest Scheme development news.
Tcl/Tk
Dr. Dobb's Tcl-URL!
The November 19, 2002 edition of Dr. Dobb's Tcl-URL! is out with lots of Tcl information.
XML
Proper XML Output in Python
Uche Ogbuji delves into the production of XML output from Python on O'Reilly. "First, I consider ways of producing XML output in Python, which might make you wonder what's wrong with good old print? Indeed programmers often use simple print statements in order to generate XML. But this approach is not without hazards, and it's good to be aware of them. It's even better to learn about tools that can help you avoid the hazards."
Normalizing XML, Part 1 (O'Reilly)
Will Provost writes about XML normalization on O'Reilly. "As regular readers of the XML Schema Clinic likely know, I tend to view the world of XML through object-oriented glasses. For this installment, though, we're reaching out to the relational data folks, switching lenses for one eye at least. The goal is to see what relational concepts we can usefully apply to XML. Can the normal forms that guide database design be applied meaningfully to XML document design?"
RDF, What's It Good For? (O'Reilly)
Kendall Grant Clark covers RDF on O'Reilly's XML.com. "The Resource Description Framework is still among the most interesting of W3C technologies. But it's got persistent troubles, including having had its reputation beaten up unfairly as a result of the many and often nasty fights about RSS."
Miscellaneous
nocrew's PDP-10 stuff
For those of you who collect old computers, a group known as nocrew has been porting GNU software to the pdp10 computer platform. Thanks to Lars Brinkhoff.
Page editor: Forrest Cook
Linux in the news
Recommended Reading
AUUG hails govt stance on Open Source (The Age)
The Age covers a new strategy launched this week by the Australian Minister for Communications, Information Technology and the Arts, Senator Richard Alston. "The Australian UNIX and Open Systems User Group (AUUG) has welcomed the identification of Open Standards and Open Source as critical factors for the "Efficient Application of Technology" in the high level e-government strategy Better Services, Better Government, a media release from the group says." Thanks to Gordon Hubbard
iSeePet: a remote pet-communication system powered by Linux
The iSeePet is a remote pet-communication system powered by Linux, popular in Japan. Here is an article from Japan Corporate News Network: "Weighing 3kg, iSeePet is composed of a web cam-equipped water tank and a food dish. Beginning November 29, owners can log on to the Internet or mobile-phone service (www.iseepet.jp/), to see animated or static images of their pet waiting for food. At meal times the owner presses the Call button over the Web, and the remote-controlled system plays a melody to catch the pet's attention."
According to AlphaOmega's pages (in Japanese) [1][2], this machine
(iSeePet) is powered by Linux.
[1] an
overview and specifications
[2] pictures
Thanks to Maya Tamiya
Open-Source Milestone: UnitedLinux Ships (TechWeb)
TechWeb reports on the release of UnitedLinux version 1.0. "UnitedLinux backers say the new common release -- which will compete most directly with Red Hat Linux, the most widely-used version of Linux in the enterprise -- will be welcome for its business focus and the strong support, training and certification programs backing it. Hardware vendors, including IBM and Hewlett-Packard, which participated in the announcement, like the consolidated operating system because it means they have to certify their hardware to fewer Linux distributions."
Companies
Race for fastest computer heats up (CNN)
CNN covers a couple of new supercomputers from IBM. "At the SuperComputing 2002 conference in Baltimore on Tuesday, U.S. Energy Secretary Spencer Abraham was to announce a $290 million contract with IBM to build two new supercomputers, one of which, dubbed ASCI Purple, is expected to clock in at 100 teraflops, or trillions of calculations per second."
Here's IBM's press release.
IBM's Linux Push Shows AIX Is No Sacred Cow (TechWeb)
TechWeb examines IBM's Linux commitment and its effect on the company's proprietary AIX OS. "That is, as Linux continues to take on more enterprise features, it could come into conflict with AIX. But the vendor seems to be encouraging that development, rather than resisting it. It's got 250 or so programmers working on Linux development and, most recently, came out with a high-end, aggressively priced system that will run AIX, Linux or both."
Metrowerks Set To Acquire Lineo (eWeek)
eWeek speculates that an Metroworks is about to acquire Lineo. "Sources close to Lineo said the company had 'not to date been acquired,' but indicated an announcement was imminent. Metrowerks officials confirmed that it is making an announcement next week but would not disclose its nature."
Motorola subsidiary Metrowerks to acquire Lineo? (LinuxDevices)
LinuxDevices examines rumors that Motorola's Metrowerks software tools subsidiary may acquire Lineo. "Rumors have surfaced of an impending acquisition of Lineo (aka Embedix Inc.) by Motorola's Metrowerks software tools subsidiary. Metrowerks is well known for its popular CodeWarrior integrated development environment (IDE), which is used for embedded system software development. Lineo and Metrowerks have had a long standing strategic partnership including a $22.5 million investment by Metrowerks in Lineo in September 2000."
Business
Japan may drop Windows to boost security (Forbes)
Forbes is carrying a Reuters article stating that the Japanese government is taking a hard look at switching over to Linux. "The Ministry of Public Management, Home Affairs, Posts and Telecommunications will set up a panel of experts to study how other countries are using open source operating systems as early as the next fiscal year that starts next April, the paper said." (Thanks to Maya Tamiya).
Robert Hawkins also sent us a pointer to an article in Japanese on Asahi.com for those who can read it.
Red Hat wins over Windows convert (News.com)
Here's a News.com article about a company called Acuity Lighting Group. This company decided to use Red Hat's Advanced Server version of the Linux operating system to run Oracle's 9i RAC database software atop a group of Dell Computer servers. "Acuity is running three new Linux databases, Dell said. The first is spread across a four-computer cluster, each database system a four-processor Dell PowerEdge 6450. The second database runs on an eight-processor PowerEdge 8460, while the third is on a four-processor PowerEdge 6450."
Open-source CMS: On the rise (ZDNet)
ZDNet looks at free content management systems. "But the advantage of open-source solutions goes beyond cost savings. Content management, by its very nature, requires a degree of customization, and by having access to the source code, developers can do things like add support for a unique content type right into the codebase--an option not possible with proprietary tools."
Legal
Tux Fights Bux for the Soul of India (Linux Journal)
Linux Journal takes a look at open source vs. Bill Gates in India. "November 12 - Business Times Asia runs "Bill Gates lands in India amid a Linux debate", adding this about the initiative: Just weeks before Mr Gates' impending arrival, officials in India's Department of Information Technology in New Delhi leaked details of an effort called the Linux India Initiative. It is meant to promote Linux for use in government departments and corporations. Information Technology Minister Pramod Mahajan has declined to discuss the initiative. "I don't want to comment on Linux so close to Gates' visit," he said last week."
Interviews
Interview with Don Eigler: What's wireless and miniscule? (IBM developerWorks)
IBM's developerWorks has an interview with Don Eigler on the miniaturization of wireless devices. "It seems that every generation of new wireless technology is smaller than the last. At IBM's Almaden Research Center, IBM Fellow Don Eigler and his research group are reaching whole new frontiers of miniaturization, building molecule-sized logic gates, one atom at a time. Ira Kalb talked to Don to learn what today's developers can do to prepare for the future of wireless."
Resources
Embedded Linux Newsletter for Nov. 14, 2002
Get all the Embedded Linux News with the Embedded Linux Newsletter from LinuxDevices.com
Reviews
Sharp upgrades Linux handheld (News.com)
News.com looks at the latest version of Sharp's Linux-powered Zaurus. "The Zaurus has some appeal for a small section of the market--people who like the control they can have through the version of Linux from Lineo that Zaurus uses. "That certainly could be a benefit that could be a draw for leading-edge technophiles," Slawsby said."
A Linux smartphone that does Bluetooth (Register)
The Register covers the Swiss Army knife of smartphones. "CDL's Paron is a practical industrial handheld capable of using GPRS 2.5G packet data networks, runs Opera and Trolltech Qtopia-based embedded applications, and boasts a biometric fingerprint sensor, 320x240 color screen and USB. It's also a phone."
Tool of the Month: K3b (Unix Review)
Unix Review looks at K3b, a CD burning utility for KDE. "Do you miss the nice, slick GUI CD burning programs under Windows and Mac OS X? Or just want to stop using command-line tools to burn your CDs? K3b might just be what the doctor ordered."
Insided UnitedLinux (developerWorks)
IBM developerWorks has taken a lengthy look at UnitedLinux (in the form of SCO Linux 4.0), with the usual emphasis on the installation process. "In my opinion, the UnitedLinux 1.0 base product demonstrates excellent hardware scalability and every capability to meet the demands of a wide range of deployment scenarios. There is a generous level of support for hardware RAID devices, software raid, logical volume management, high performance and high bandwidth ethernet, and more. It will be interesting to see what OEM bundled platform deals this new platform will inspire."
Why Linux is a desktop dud (ZDNet)
Despite its title, this ZDNet article is a reasonably positive look at the Linux desktop. "To refine the user interface and evolve more useful tools, development must move beyond creative cloning. To prevail over proprietary systems, it must take the lead in providing both ease of use and productivity for the desktop user."
Linux--doomed on the desktop? (ZDNet)
ZDNet talks with Gartner research director Phil Sargeant about Linux on the desktop. ""There's quite a lack of tools in that particular space," said Sargeant. "We are going to need to see more tools if it's to make any inroads." He cited StarOffice and OpenOffice.org as examples of the few good tools available."
Lindows.com Introduces Version 3 Of Linux Desktop (TechWeb)
TechWeb takes a look at the recently released LindowsOS 3.0. "For Linux to achieve popularity on the desktop, it will require channels offering PCs for sale with Linux pre-installed, Robertson said. That's already starting to happen; Lindows.com is available on PCs from Wal-Mart and Tiger Direct, and Lindows.com is also working to recruit enterprise channels."
Sun plays safe with Linux device (News.com)
News.com covers a new product from Sun. The Sun LX50 Firewall/VPN appliance runs a version of Linux with enhanced security and uses firewall and virtual private network (VPN) software from Israeli-based Check Point. "Sun plans to unveil the new network security device at the Comdex Fall 2002 trade show during a keynote speech by Sun CEO Scott McNealy."
Geramik Reduces KDE/GNOME Style Differences (OfB.biz)
Open for Business covers the Geramik theme. "Craig Drummond has released a new theme and "engine" for GTK programs that provides something many people have been looking for: a common look and feel for KDE and GNOME applications. While Red Hat's Blue Curve attempts to do something similar, Mr. Drummond's Geramik is the first theme implementation to provide smooth integration between environments."
Miscellaneous
UCLA CIO 'Humbled' By Open Source Quality (LinuxMedNews)
LinuxMedNews reports on comments made by UCLA CIO Mike McCoy, MD on the quality of open-source software. "...I am humbled by the quality of open source software. [Medical software] Vendors have awful software behind the scenes because they don't have a review process. Vendor companies frequently have 500 employees: 495 in sales, the rest in support...Most companies cannot afford to maintain quality sources themselves..."
Linux Professional Institute raises the bar on testing (Register)
The Register looks at LPI certification. "So far, more than 6,000 people have been certified through LPI. [Evan] Leibovitch says they have distributed some 20,000 examinations. A quick math check points out the obvious: LPI ain't easy, so don't stroll into LWCE to take the free test on a whim."
Page editor: Forrest Cook
Announcements
Commercial announcements
Mark's Work Wearhouse adopts Linux-based POS system
Mark's Work Wearhouse has replaced and centralized its point-of-sale (POS) system and reduced operating and maintenance costs with a new Java-based Retek Point-of-Service (RPOS) solution running Linux on IBM SurePOS 500 systems.IDC Reports Latest Supercomputer Rankings Based On The IDC Balanced Rating Test
IDC has announced the newest rankings of supercomputer performance based on its comprehensive test, called the IDC Balanced Rating. Linux NetworX is the newest vendor entering the top ten list. See also this press release from Linux NetworX.Linux NetworX Supercomputer Ranked as Fifth Fastest in the World
Linux NetworX has achieved the rank of Fifth Fastest computer for its 2,304-processor cluster, coming in at 5.694 teraFLOPs.MontaVista Linux powers NEC's new home server
MontaVista Software has announced that NEC's new AX10 "home server" product will be based on MontaVista Linux. The AX10 looks like another TiVo-style home recorder system, with the added ability to network with (and distribute content to) other systems.Starbase Introduces StarTeam Datamart
Starbase Corporation has introduced StarTeam Datamart, their new decision support system for software developers.SuSE and Arrow Electronics announce distribution agreement
SuSE and Arrow Electronics have announced an agreement whereby Arrow will distribute SuSE's products in the United States. SuSE, in other words, is making another attempt to get into the U.S. market, but they are outsourcing the sales work, rather than setting up an entire U.S. operation.Terra Soft Installs BioPhysics Cluster at U of Colorado
Terra Soft Solutions, Inc. announced the installation of a 30-node Xserve cluster running Yellow Dog Linux and Black Lab at the University of Colorado.uClinux and Linux set to merge
SnapGear Inc. announced that their core contributions to the uClinux project are making their way into mainstream Linux.World Wide Web Consortium Releases Last Call Working Draft of Patent Policy
The World Wide Web Consortium (W3C) has announced a revised, Last Call Working Draft of its Royalty-Free Patent Policy whose goal is to enable W3C Recommendations to be implemented on a royalty-free basis. To achieve the goal of producing royalty-free (RF) specifications, all who participate in the development of a W3C Recommendation must agree to license essential claims (that is, patents that block interoperability) on a royalty-free basis. Last Call Working Drafts are published when a W3C Working Group feels it has solved internal issues and is seeking outside review. The Last Call comment period is open for public and Member comments through 31 December 2002.
Resources
Jacking Pd and Ardour - a tootorial (Quick Toots)
Quick Toots has a new tutorial on doing realtime musical synthesis while using the JACK Audio Connection Kit. "Realtime synthesis is one of the cornerstones of digital audio recording and performance. This toot gives you a helping hand into the world of Pure Data - One of the most popular and powerful synthesis applications/environments. With JACK it is now possible to stream more audio than ever before through applications like Pd and Ardour is there to help record the results."
RedHat Sendmail::Milter installation mini-howto (milter.org)
Oliver Schulze has put together a mini-faq on using the Perl Sendmail::Milter mail filtering module under RedHat 7.3.New PHP Magazines announced
PHP.net has announcements for two new PHP magazines, the online php|a, and the print publication PHP Magazin.Joint revision of POSIX and Single UNIX Specification Approved
ISO/IEC Joint technical committee has approved the joint revision to POSIX and the Single UNIX Specification as an International Standard. Designated as ISO/IEC 9945:2002, the joint revision forms the core of The Open Group's Single UNIX Specification Version 3 (IEEE 1003.1-2001, POSIX.1).
Upcoming Events
Free Software Event in Portugal
A free software event called Porto Cidade Tecnológica 2002 will be held in Porto, Portugal on November 28 and 30, 2002.Linux Bangalore/2002 announces first sponsor
Linux Bangalore/2002, to be held in Bangalore, India on December 3-5, 2002, has announced that Hewlett Packard will be the event's first sponsor.Linux Financial Summit to Debut at LinuxWorld Conference & Expo
IDG World Expo announced the launch of its first-ever Linux Financial Summit at LinuxWorld Conference & Expo/New York 2003. LinuxWorld will be taking place January 21-24, 2003 at New York City's Javits Center.Linux.Conf.Au speakers announced
The list of speakers has been announced for the Linux.Conf.Au 2003, to be held in Perth, Australia on January 22-25.O'Reilly Emerging Technology Conference CFP
A call for participation has been sent out for the O'Reilly Emerging Technology Conference, to be held on April 22-25, 2003 in Santa Clara, CA.Events: Nov 21, 2002 - Jan 16, 2003
| Date | Event | Location |
|---|---|---|
| November 21, 2002 | Embedded Systems Conference, Boston | (Hynes Convention Center)Boston, Mass |
| November 21, 2002 | ApacheCon US 2002 | (Alexis Park Resort)Las Vegas, NV |
| December 3 - 5, 2002 | Linux Bangalore/2002 | (J.N.Tata Auditorium)Bangalore, India |
| December 9 - 20, 2002 | UMeet conference | On IRC |
Software announcements
This week's software announcements
Here are the software announcements, courtesy of Freshmeat.net. They are available in two formats:
- Sorted alphabetically,
- Sorted by license.
Page editor: Forrest Cook
Letters to the editor
Release of LWN to non-subscribers
| From: | "Howell, Stephen" <Stephen.Howell@team.telstra.com> | |
| To: | "'letters@lwn.net'" <letters@lwn.net> | |
| Subject: | Release of LWN to non-subscribers | |
| Date: | Wed, 20 Nov 2002 13:29:37 +1100 |
Hi, I must admit to being surprised at the 2300 subs level. Are there only 2300 people interested in reading the most informative bunch of electrons about Linux that is around? Although it may go against the "information just wants to be free" idea, I want to ask what the imacpt of releasing LWN weekly edition, 1 month later to non-subs would be. I would imagine you have an idea of how often pages are visted vs time. Do you see a large number of people visiting the weekly edition once it is released for free? My subscription to LWN was pure altruism. I could easily wait 1 week but I value the information you supply and are happy to pay for it. Regards, Stephen Howell
Re: Why Linux is a desktop dud
| From: | anandsr@hss.hns.com | |
| To: | don@soeg.ne | |
| Subject: | Re: Why Linux is a desktop dud | |
| Date: | Fri, 15 Nov 2002 11:10:31 +0530 | |
| Cc: | letters@news.com, letters@lwn.net |
Hi, You article on ZDNet was very interesting and very positive towards Linux. I think you should look at the recent Linux distributions and you will find that normal tasks are pretty easy, and they will be much easier soon. I would say that you missed the real reason why Linux will be a dud for some time to come on the home desktops. The reason is lack of native games. That is the single biggest reason why people want Windows. There are emulators for running Win apps on linux but running games is not very useful, because it will not work as well as on Windows. That is what interests most users. But I expect that the situation is beginning to improve. Hardware is already not a problem for Linux, as its got big in the Server space. Atleast you can buy a Linux PC from Walmart. On the desktop first Linux is getting into POS devices. Next would be corporate desktops, in positions that have not to use speciallized apps available only on Windows (This is already happening). Then we will see a demand for those speciallized apps for Linux just like the special effects industry went through recently. I expect this to happen by the end of next year. When we start getting speciallized apps (2-3 years down the line) Linux penetration would be enough for the game industry to start looking at Linux more seriously. When we get moderate no. of games on Linux, we will be above 20% penetration in the home user base. This should happen by 2006. regards, -anand
Page editor: Jonathan Corbet