LWN.net Weekly Edition for July 3, 2003
An interview with Linus Torvalds
LWN has been reporting on the Linux and free software community for well over five years now, but, during that time, we've never gotten around to interviewing Linus Torvalds, the creator and maintainer of the Linux kernel. That oversight has now been rectified. In the following interview, Linus talks about 2.5, 2.6, and 2.7, SCO, and how the kernel development process works.
Kernel releases
What are, in your opinion, the most significant accomplishments from the 2.5 development series?
During 2.5.x, the things I thought were most noticeable are a nicer and better VM subsystem, a better block IO layer, and the improved threading support. All of them do help performance in various circumstances, but more importantly (to me) they were all fairly central cleanups and help keep the code maintainable.
Any regrets or things you wish had come out differently in 2.5?
Looking forward to 2.7, do you have any particular goals in mind for that development series?
But inevitably, new needs and uses will come up, and I'm not worried about running out of stuff to do. I just don't plan much ahead, I much prefer to take a reactionary stance and see what people actually complain and care about, rather than having a "5-year plan".
Do you have any particular expectations or hopes for the upcoming kernel summit in Ottawa?
It took the better part of a year - after 2.4.0 - for the 2.4 series to stabilize sufficiently for the 2.5 fork to happen. Do you foresee doing anything differently to stabilize 2.6 more quickly?
Development process
Over the course of 2.5, a number of developers, some of whom have contributed useful stuff, bowed out of the kernel project after facing too much criticism that was too harsh. Do you think this is a "if you can't stand the heat, get out of the kitchen" sort of situation, or could the process perhaps change to be a little more friendly?
I'll see what I can do about it, if anything.
There have been complaints that recent development has been strongly oriented toward large-system scalability at the expense of the rest of us with "normal" systems. Over the longer term, however, a high priority has been placed on not allowing support for high-end systems to compromise performance for everybody else. How do you feel about the balance between the kernel's support for large and small systems? Does anything need to be done to ensure scalability to the low end?
And yes, scalability has improved a lot, but at the same time you should realize that 99% of all Linux development is still done on basic desktop machines. So most developers still care mostly about that kind of hardware, and so while the "big iron" thing gets most attention and is most visible, it's not where most of the action _really_ is.
I personally, for example, always just work with a "high end desktop" system, expecting that what is high end today will be pretty much regular in another year or two.
In many ways, the kernel development process appears to be working better than it ever has. The flow of patches into the mainline is astounding, and most of the major developers seem to be relatively happy. Things appeared rather rougher at the beginning of 2.5; to what do you attribute the improvement? Is it all due to BitKeeper, or are there other things going on?
The lawsuit
SCO has finally fingered some specific contributions to the kernel as, they say, infringing on their rights. Do you think there's a chance that things like RCU and JFS will have to come out before 2.6 can be released? How do you think you might respond if SCO demands their removal?
I'd find it very unlikely that IBM had given exclusive licenses to SCO for the thing, especially as IBM apparently used some of the same technology for other projects earlier (ie OS/2). So from what I can tell, SCO really doesn't have a case - at least on the IP side of things.
Whether SCO has a case on the contract side, I just don't know. I'd be surprised. But I don't even have to care, since any contractual issues are clearly between IBM and SCO, and have nothing to do with me or the kernel (and contract law is a whole different area from IP rights, so SCO's blathering about Linux not respecting IP rights seems to be just a rabid rat frothing at the mouth, as far as I can see).
Do you foresee any changes to the kernel development process in the future to avoid the possibility of proprietary code being incorporated?
Miscellaneous topics
You've just announced a move over to OSDL, to work full-time on the kernel. Do you have any great plans for your extra time?
Recently you have been peppering the kernel with __user annotations which can be used by the "sparse" tool to find improper use of user-space pointers. I've always wondered why the kernel doesn't simply define a "userptr" type which would allow mistakes to be caught by the compiler?
I mentioned that to some gcc people, and nothing ever appeared, so I decided to do it myself.
Would it not make sense to make a similar distinction between physical and kernel virtual addresses?
Thank you, Linus, for taking the time to answer these questions.
[This article was contributed by Joe 'Zonker' Brockmeier]
The Gentoo project is experiencing a few growing pains. The Gentoo project announced some major management changes for the project itself last week, while Zachary Welch has announced his intention to form a non-profit called the Zynot Foundation and a plan to fork the Gentoo distribution.
Why the "Zynot Foundation?" Apparently, because it was available. The project's FAQ says the new name was chosen because the domains were available, and because it's a name that can easily be spoken and spelled. The name of the actual distribution is still up in the air, according to the Zynot FAQ, and will be chosen by the community. Welch's "Reasons for Forking A Linux Distribution" details his reasons to break off from Gentoo and to form a new project. It's a lengthy read, but to put it succinctly, Welch had a number of issues with Gentoo lead Daniel Robbins and the way that the project was being managed -- both from a business perspective, and from a developer's perspective. Welch had hoped to further Gentoo in the embedded market, and eventually decided that it was too risky to move forward using the Gentoo name.
Welch isn't the only developer to express dissatisfaction with Robbins' leadership of the project. Last April, Geert Bevin left the project and wrote up a summary of his reasons for doing so. According to Welch's "Welcome to Zynot" e-mail, the Zynot Foundation will be putting out some kind of release in time for LinuxWorld Expo in August, as well as having a booth at the show.
While the Zynot Foundation is getting started, the Gentoo project will be busy implementing a formalized management structure. The proposal, put forth by Robbins, seems to be fairly straightforward. It establishes a formal management hierarchy and responsibilities, channels of communication and so forth. The document doesn't address process by which one would become a project manager, so it seems they will be granted their position by the "Chief Architect," which would be Robbins himself.
Welch's departure also means that Gentoo will need to find some new hardware and hosting. Apparently, much of Gentoo's infrastructure, including CVS, their Web server, Wiki and Gentoo Bugzilla are hosted on machines owned by Welch and co-located at Oregon State University.
Regardless of Welch's reasons for doing so, it remains to be seen whether many in the Gentoo community will be willing to follow Welch's fork of the project. Gentoo has a fairly devoted user community as well as a fair number of core developers. According to Welch's estimate, Gentoo currently has a user base of about 150,000 people. It will take some doing to achieve the same kind of success with a new project.
Interview with Gaël Duval
LWN editor Jonathan Corbet talks with Gaël Duval, creator of Mandrake Linux and co-founder of MandrakeSoft.____
LWN: You were the creator of the original Mandrake Linux distribution, and a co-founder of MandrakeSoft. What is your current role with the distribution and the company?
GD - I'm officially taking care of MandrakeSoft's communication, but I'm helping for other things and projects as well.
LWN: In an OSNews interview last
March, you said "9.1 sales and club subscriptions are going to be
key.
" How are sales and subscriptions going at this point? Are
they at the level you need?
GD - The levels of Club subscriptions and 9.1 sales have been very good. That's one of the reasons why our future is becoming better every day. Mandrake 9.1 is an excellent product, that made it successful. On the other hand, the Mandrake Club and all its benefits, in particular the huge application repository that can be interfaced with the Mandrake application manager and dependency solver (URPMI/RPMDrake), has gained popularity among Mandrake users. As a result, the Club is turning into a real business model (in short: a free product plus value-added online services). As the whole Linux retail market has been dramatically and continuously decreasing during the past 3 years (mostly due to high-speed domestic Internet connections), this new business model for selling Free Software products really makes sense, and we certainly are one of the first Linux makers to enter this model.
LWN: The Mandrake Linux distribution has become difficult to find - at least, in U.S. stores. Do you plan to try to get back onto retail shelves (if so, how?), or are retail sales no longer a priority for MandrakeSoft?
GD - There is a simple reason for that: we broke our agreement with distributor Pearson recently. They are not interested in Linux as they have been in the past, and we weren't very happy with the sales. So we made the decision to take time to look for new distributors in the USA, and we encouraged users to come to MandrakeStore.com where our margins are really much more interesting than with traditional retail sales. Anyway Mandrake packs should be back in many US stores with the 9.2 version, with a new distributor. This is important at least for MandrakeSoft's brandname exposure and presence.
LWN: How is the reorganization process going in general? What changes is MandrakeSoft making, and how do you expect them to help the company's long-term survival?
GD - The reorganization is nearly completed. We had to review the company's priorities in term of technology and businesses. We had to scale the structure down to the point where we do not spend more money than we earn. We also had to convince everyone at MandrakeSoft that sales are now the big priority.
LWN: When does MandrakeSoft expect to emerge from the bankruptcy process?
GD - We plan to emerge somewhere by the end of the year. So far this has been a very positive action for us.
LWN: Mandrake Linux tends to be perceived as a desktop-oriented distribution. Is that how you see it internally? Where do you expect to see Mandrake deployed most in the future?
GD - The mission of MandrakeSoft is to simplify Linux and make it available to all. This means: providing full-featured Linux systems that are easy to install, easy to set up, easy to use. But this doesn't mean that we focus on the desktop, because we ship many server products, including very complex ones such as the Multi Network Firewall or MandrakeClustering... Additionally, simple command line tools such as our package management tool "URPMI", are often as important as graphical wizards or applications. The result is now a large range of MandrakeSoft products, from the "Standard 9.1" which is a desktop OS, to server and dedicated security products such as the Corporate Server 2.1 and the Multi Network Firewall. Such a large offering is perfect for answering companies' needs, and that's good for MandrakeSoft because this is currently a growing market.
LWN: Increasingly, other distributors are coming forward with versions of their products aimed at the desktop. The trickle of reports of companies and governments choosing Linux for desktop use is growing. Do you have a sense of when desktop Linux may take a serious part of the market? How does Mandrake plan to succeed in a larger but more competitive desktop market?
GD - This desktop thing has been the most recent Linux' hype. Currently it's clear that "joe user" is not ready yet to migrate his Windows desktop to a Linux desktop, for many reasons that are not only technical reasons. This doesn't mean that there is not a growing base of users who have definately made the switch to Linux on the desktop (this includes myself). But the point here is that the real market in the desktop field, which is not a big market yet, is inside corporations, and that is the market we are currently interested in.
LWN: You have mentioned that MandrakeSoft will be introducing a clustering product. Clustering seems like an increasingly crowded marketplace - though, perhaps, one in which a fair amount of money should be made. What has drawn Mandrake into this market at this time?
GD - There are two simple answers: 1) we had the chance to get funding for a research project in this area, and this has resulted into a great and powerful Clustering product. 2) We don't plan yet to sell this product everywhere in the world like we do with Mandrake Linux: there are very few actors in the field of Clustering solutions in France, so we are going to sell it in France and Europe first. Additionally, it's not only a product, it's a complete solution that doesn't make sense without the support and knowledge-transfer which are are provided with this solution.
LWN: What is MandrakeSoft's position on the SCO lawsuit? Are you taking any steps in response to SCO's allegations?
GD - Our position is very simple: so far there are mostly FUD and rumours. Let's wait for facts. Anyway, the whole story could possibly impact Linux' image negatively so we have to take care of that. But in the end my guess is that SCO is doing a huge error and is going to suffer much from the situation.
LWN: What enhancements can Mandrake Linux users look forward to in the next release?
GD - Wait and see :-)
LWN: Is there anything else you would like our readers to know?
GD - Producing and selling Free Software products makes sense. It only needs a good business model.
JBoss
[This article was contributed by Joe 'Zonker' Brockmeier]
A few weeks ago a group of JBoss developers split from The JBoss Group and decided to strike it out on their own as the Core Developers Network (CDN). We spoke with Greg Wilkins, one of the Core Developer Network members as well as the founder and director of Mort Bay Consulting. Mort Bay sponsors development of the Jetty Java HTTP server and servlet container. Marc Fleury, President of the JBoss Group, refused to comment for this story.
Wilkins wrote that his experience with JBoss Group had been less than profitable. "I got 6 hours of support work for being on call for 2 years - I also was not pushing my own Jetty support business to JBG clients so I was loosing sales of my own." Wilkins also said that Fleury demanded a cut of a deal that he had negotiated through Mort Bay for out-source development that used JBoss "among many other things."
Since leaving the project, Wilkins noted that the names of the Core Developers have been removed from the JBoss site as contributors, though they still have CVS access to JBoss and continue to contribute to the project. JBoss has also replaced Jetty with Tomcat as the default Web container. Wilkins says that the Core Developers do not want to fork JBoss, but "we can see situations that may force that to happen." In the end, there are really two main issues, says Wilkins:
But the other is the control of an open source project. It appears that getting control over just the trademark and CVS write access can be used to build a very good control mechanism over an open source community. This can be used to build a near monopoly on commercial services sold for that project and distribution of those benefits.
While Fleury refused to comment for this story, it's interesting to note something he said in an interview on TheOpenEnterprise.com:
As open source continues to grow in popularity, and profitability, this will undoubtably be an increasingly important issue. While the JBoss code is available for anyone to use, distribute and modify, the trademark is controlled by a single party. The ability to contribute code and participate in the direction of the project is also controlled by the same people who are making it a business venture. Certainly these abilities could be abused to give one party an advantage over other companies or individuals seeking to make money from the code. Withholding the ability to use the trademark, for example, could certainly hinder the ability of other parties to build a business that centers around JBoss.
Free and open source software licenses only protect access to the code itself. Any business based on an open source project will need to be able to advertise and promote itself -- something that could prove difficult if they are unable to use the name of the project in their advertising or marketing materials. Developers who are contributing to other open source projects may wish to ask the owners of those projects to clarify their long-term intentions for the projects. If nothing else, the JBoss situation may prove a cautionary tale for other business-minded open source developers. According to Wilkins, things would have been much different if they had gotten the business aspects taken care of earlier.
Security
Brief items
Email Virus Scanning for Linux: A review of alternatives to RAV Antivirus
[This article was contributed by tummy.com]
With the purchase of RAV by Microsoft, many Linux email providers and ISPs, are looking for an affordable, reliable replacement for RAV Antivirus.
Kevin Fenzi, Senior Member Technical Staff of tummy.com, ltd. and the co-author of the Linux Security HOWTO, has reviewed some of the currently available alternatives.
Kevin evaluated the alternatives on several different criteria, including Pricing policy (unlimited use is better than a per-domain or per-user price), broad support for Mail Transport Agents, and ease of installation and configuration.
Criteria Used:
- Pricing policy: Unlimited use got the highest score. Per-domain pricing
was next best, and per-user pricing was last. Those products that did
not have pricing information on their website received no score in this
category.
- Support for MTAs: A point was awarded for each of the popular Mail
Transport Agents supported (Qmail, Postfix, Exim, SuSE,
Sendmail+Milters, Sendmail, Dmail).
- Ease of Installation: Is the product easy to download and install?
- Ease of Configuration: Is the product easy to configure with your
local MTA?
- Scores are on a 'bad, fair, good, excellent' scale.
Read the full article here.
New vulnerabilities
gtksee: buffer overflow
| Package(s): | gtksee | CVE #(s): | CAN-2003-0444 | ||||||||
| Created: | June 30, 2003 | Updated: | July 11, 2003 | ||||||||
| Description: | Viliam Holub discovered a bug in gtksee whereby, when loading PNG images of certain color depths, gtksee would overflow a heap-allocated buffer. This vulnerability could be exploited by an attacker using a carefully constructed PNG image to execute arbitrary code when the victim loads the file in gtksee. | ||||||||||
| Alerts: |
| ||||||||||
imagemagick: insecure temporary file
| Package(s): | imagemagick | CVE #(s): | CAN-2003-0455 | ||||||||
| Created: | June 30, 2003 | Updated: | July 10, 2003 | ||||||||
| Description: | There are circumstances in which imagemagick's libmagick library creates temporary files without taking appropriate security precautions. This vulnerability could be exploited by a local user to create or overwrite files with the privileges of another user who is invoking a program using this library. | ||||||||||
| Alerts: |
| ||||||||||
PHP: Cross site scripting vulnerability
| Package(s): | PHP | CVE #(s): | CAN-2003-0442 | ||||||||||||||||||||||||||||
| Created: | July 2, 2003 | Updated: | August 13, 2003 | ||||||||||||||||||||||||||||
| Description: | In PHP version 4.3.1 and earlier, when transparent session ID support is enabled using the "session.use_trans_sid" option, the session ID is not escaped before use. This allows a Cross Site Scripting attack. | ||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||
phpbb: sql injection
| Package(s): | phpbb | CVE #(s): | CAN-2003-0486 | ||||
| Created: | June 28, 2003 | Updated: | July 2, 2003 | ||||
| Description: | An SQL injection vulnerability in viewtopic.php for phpBB 2.0.5 and earlier allows remote attackers to steal password hashes via the topic_id parameter. | ||||||
| Alerts: |
| ||||||
proftpd: SQL injection
| Package(s): | proftpd | CVE #(s): | |||||
| Created: | June 30, 2003 | Updated: | June 30, 2003 | ||||
| Description: | runlevel [runlevel@raregazz.org] reported that ProFTPD's PostgreSQL authentication module is vulnerable to a SQL injection attack. This vulnerability could be exploited by a remote, unauthenticated attacker to execute arbitrary SQL statements, potentially exposing the passwords of other users, or to connect to ProFTPD as an arbitrary user without supplying the correct password. | ||||||
| Alerts: |
| ||||||
tcptraceroute: problems dropping root privileges
| Package(s): | tcptraceroute | CVE #(s): | CAN-2003-0489 | ||||||||
| Created: | June 28, 2003 | Updated: | July 10, 2003 | ||||||||
| Description: | tcptraceroute 1.4 and earlier does not fully drop privileges after obtaining a file descriptor for capturing packets. This may allow local users to gain access to the descriptor via a separate vulnerability in tcptraceroute. | ||||||||||
| Alerts: |
| ||||||||||
unzip: directory traversal vulnerability
| Package(s): | unzip | CVE #(s): | CAN-2003-0282 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Created: | July 1, 2003 | Updated: | November 13, 2003 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description: | A vulnerabilitiy in unzip version 5.50 and earlier allows attackers to overwrite arbitrary files during archive extraction by placing invalid (non-printable) characters between two "." characters. These non-printable characters are filtered, resulting in a ".." sequence. See the full advisory for further information. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
xgalaga: buffer overflows
| Package(s): | xgalaga | CVE #(s): | CAN-2003-0454 | ||||
| Created: | June 30, 2003 | Updated: | July 2, 2003 | ||||
| Description: | Steve Kemp discovered several buffer overflows in the game xgalaga, which can be triggered by a long HOME environment variable. This vulnerability could be exploited by a local attacker to gain gid 'games'. | ||||||
| Alerts: |
| ||||||
Resources
Linux Advisory Watch
The June 27 issue of the Linux Advisory Watch newsletter from LinuxSecurity.com is available.Linux Security Week
The June 30 issue of the Linux Security Week newsletter from LinuxSecurity.com is available.
Events
NEbraskaCERT Conference
NEbraskaCERT is holding the 5th annual NEbraskaCERT conference, the leading Security Conference in the midwest. The conference will be held August 5 - 7, 2003 at the Peter Kiewit Institute, Scott Conference Center, Omaha, NE USA.
Page editor: Rebecca Sobol
Kernel development
A Note to Kernel Page Readers
For the next two weeks, the normal Kernel Page editor will be away having a good time on the beach. Please bear with your temporary guest editor as he tries to make sense of the complexities of the Linux Kernel development process. A few of the below patches may be mis-categorized.
Brief items
Kernel release status
The current development kernel is 2.5.74, which was released by Linus on July 2. The summary says: "Updates all over, the patch itself is big largely because of a MIPS/MIPS64 merge (and SH, for that matter). Network driver updates, USB updates, PnP, SCTP, s390, you name it. See the changelog for more details."
The current stable kernel is 2.4.21.
Marcelo has released the second 2.4.22 prepatch. This one includes some network driver updates, a big aic7xxx update, and many other fixes.
Status 2.5
Guillaume Boissiere has posted a 2.5 status summary.2.5.73-mm3 Released
Andrew Morton has released 2.5.73-mm3.
Kernel development news
perfctr-2.6.0-pre1 released
Mikael Pettersson has released a new version of perfctr, the Linux/x86 performance monitoring counters driver.
Driver porting
Using read-copy-update
| This article is part of the LWN Porting Drivers to 2.6 series. |
The first step in using RCU within a subsystem is to define a structure containing the data to be protected. Often that structure already exists; for example, RCU has been retrofitted into the dentry cache (using struct dentry), the network routing cache (struct rtable), and several other, similar contexts. The structures need to be allocated dynamically and accessed via a pointer - RCU cannot be used with static structures.
Code which reads data structures protected by RCU need only take a couple of simple precautions:
- A call to rcu_read_lock() should be made before accessing
the data, and rcu_read_unlock() should be called afterward.
This call disables preemption (and does nothing else) - a fast but
necessary operation for RCU to work properly. These calls (along with
the rest of the RCU definitions) are found in
<linux/rcupdate.h>.
- The code must not sleep while the "RCU read lock" is held.
Thus, code which reads an RCU-protected data structure will look something like:
struct my_stuff *stuff;
rcu_read_lock();
stuff = find_the_stuff(args...);
do_something_with(stuff); /* Cannot sleep */
do_something_else_with(stuff); /* ditto */
rcu_read_unlock();
The write side of RCU is a little more complicated, but not that difficult. To update a data structure, the code starts by allocating a new copy of that structure, and filling in the new information. The code should then replace the pointer to the outdated structure with the new one, keeping a copy of the old pointer. After this operation, kernel code running on any other processor will find the new version of the structure. The old one cannot yet be freed, however, since it is possible that another processor is still using it.
The code should arrange to dispose of the old structure when it is known that it cannot be referenced anywhere else in the system. That is done through a call to call_rcu():
void call_rcu(struct rcu_head *head,
void (*func)(void *arg),
void *arg);
The calling code must provide an rcu_head structure, but need not initialize it in any way. Usually, that structure is embedded within the larger structure protected by RCU. The function func will be called when the structure can be safely freed, with arg as its one argument. All that func need do, normally, is call something like kfree() to free up the structure.
The RCU algorithm works by waiting until every processor in the system has scheduled at least once. Since the rules require that references to RCU-protected structures cannot be held over sleeps, no processor can possibly hold a reference to an old structure after it has scheduled. When all processors have scheduled (after the pointer change), references to the old structure can not exist, and the structure can be freed.
For what it's worth, the RCU code exports the "wait for everybody to schedule" functionality, should it be useful elsewhere. To perform this wait, one need only make a call to synchronize_kernel().
Patches and updates
Kernel trees
Architecture-specific
Build system
Core kernel code
Development tools
Device drivers
Documentation
Filesystems and block I/O
Memory management
Networking
Benchmarks and bugs
Miscellaneous
Page editor: Forrest Cook
Distributions
News and Editorials
New Debian-based Projects: Adamantix and Bonzai Linux
[This article was contributed by Ladislav Bodnar]
Adamantix and Bonzai Linux are two recently announced Debian-based projects. Both have changed their names since launch; Adamantix used to be known as Trusted Debian, while Bonzai Linux was originally called miniwoody. Let's take a brief look at these projects to see what they are about.Adamantix http://www.adamantix.org/
The Adamantix project has set a goal to create a highly secure extension of Debian's stable branch. Because it lacks an installer, it is not a distribution which one can download and install independently; instead the project provides a small subset of Debian packages together with a set of Adamantix-specific security software that make the default Debian installation more secure and more resilient to malicious exploits. Peter Busser, who is the project's initiator and maintainer argues that while Linux security patches and features are actively being developed by several projects, the mainstream Linux distributions seem reluctant to incorporate them into their own products. Adamantix is an attempt to remedy this situation for Debian users.
Which security features can we find in Adamantix? One of the more important ones is its protection against buffer overflows. The term "buffer overflow" refers to a software bug, where a program either fails to allocate enough memory for an input string, or fails to test whether the length of the string lies within its valid range. A hacker can exploit such a weakness by submitting an extra-long input to the program, designed to overflow its allocated input buffer and modify the values of nearby variables. This can cause the program to jump to unintended places, or even replace the program's instructions by arbitrary code. Buffer overflows are possibly the most common bugs found in software written in the C language and the subject of many security advisories.
One method to prevent buffer overflow bugs from being exploited is to patch the Linux kernel with PaX. PaX has too many features to mention them all, but the most important one lies in its ability to separate data from code. This prevents the attacker from overwriting data in overflown buffers and executing them as code. Another important feature is the ability of PaX to randomize space and memory allocation, as illustrated here by a stack randomization example. Linux systems not patched with PaX will allocate the same stack address to variables every time the program is executed. A malicious attacker exploiting a buffer overflow knows the address of the stack and knows exactly what gets overwritten by the malicious input. A PaX-enabled kernel allocates the stack address randomly every time the program is executed, so the attacker can never be sure what part of the stack gets overwritten. Besides the stack, PaX applies the same randomization to the heap, shared libraries and executable programs. As long as the attacker cannot figure out the randomization scheme, the effort at exploiting the known overflow is a hit-and-miss situation with odds heavily against the success of the attacker's intent.
Another important kernel patch used by Adamantix is RSBAC. RSBAC stands for Rule Set Based Access Control and, as the name implies, it is an access control framework designed for use with current Linux kernels. Again, its features are too numerous to detail here, but in essence, the RSBAC patch implements a detailed control mechanism for access to files, pipes, network sockets, system control data, devices, users and processes. It provides users with pre-made rules (conceptually similar to iptables rules), as well as methods for creating custom rules, some of which can go as far as eliminating the concept of a superuser - and associated risks. RSBAC also includes a powerful logging system which makes intrusion attempts easily detectable. RSBAC is an open source project, currently free of any patent issues, which sometimes plague other similar efforts.
Installing Adamantix on an existing Debian system (only the current stable version is supported) is done by modifying the sources.list file and pointing its sources to one of the mirrors; in fact many Debian mirrors now carry the complete Adamantix tree. As is the case with most new projects, the documentation on the site leaves a lot to be desired, but Adamantix provides mailing lists with active discussion and information about current development. The project certainly deserves the attention of security conscious system administrators and developers.
Bonzai Linux http://developer.berlios.de/projects/bonzai/
Developed by Marcus Moeller, Bonzai Linux is a modified version of the Debian "netinst" boot CD. The "netinst" CD was introduced shortly before the release of Debian GNU/Linux 3.0 (Woody) and was meant to replace the traditional Debian boot floppies, thus making the installation process less cumbersome. After loading the necessary network kernel modules, a user could initiate a network installation and get all the components from a local network or, more commonly, from a remote FTP or HTTP source.
Bonzai Linux expands on the idea by providing a basic Debian system, including the latest stable kernel and KDE packages on the CD. It is no longer necessary to load kernel modules in the beginning; in fact, it is no longer necessary to have intimate knowledge of the hardware at hand - the "discover" utility is able to auto-detect all common hardware. This, together with a much simplified package selection menu (as opposed to the archaic and unintuitive "dselect") greatly simplifies the installation procedure. Bonzai Linux can be used both as a stand-alone Linux distribution based on Debian Woody, but with the latest KDE, and it can also be used as a more user-friendly Debian installer.
Adamantix and Bonzai Linux are specialist distributions, each suitable for a particular task or solving a particular problem. If some day you require a security solution for your Debian installation, take a close look at Adamantix, and if you need an easy-to-install Debian system, Bonzai Linux might be just the right tool for the job.
A Lindows short story
Last week's article about Lindows inspired some comment. Even though the article stated, "It goes without saying that LindowsOS does not prevent security conscious users from setting up user accounts and passwords.", the perception exists that LindowsOS runs everything as root. That may have been true in version 1.0, but it is not true now.
The following story, subtitled Lindows saves the vacation is a true story, told to me by LWN co-founder Elizabeth Coolbaugh (Liz). Liz was going on a vacation with both her mother and her daughter. Three generations embarking on a trip to meet relatives in Europe. The night before she planned to leave there was a power outage in Liz's neighborhood. Since she was already packed she took her daughter and headed to her parents house early. Only when she arrived she realized that an email with vital information was still on the mail server and had not been printed or copied.
Lindows to the rescue. Liz's father had just bought a brand new Lindows computer. He had usernames set up on the system because during setup he was told to do so. He set up a username for Liz and used Click-and-Run to find and install OpenSSH. Liz got to the mail server and found the email and the information contained therein.
So I, like most of you, have never run Lindows, but I do have it on good authority that setting up usernames and not running everything as root is the default behaviour for the current product.
Distribution News
Debian Weekly News
The Debian Weekly News for July 1, 2003 is out. This week: The South Australian government discusses a bill that requires government departments to use Free Software where practicable; British scientists found out that debugging in open source projects is always faster than in closed source projects; and much more.Gentoo Weekly Newsletter -- Volume 2, Issue 26
The Gentoo Weekly Newsletter for June 30, 2003 is out. This week's topics include; Gentoo Linux adopts a new management structure, Fork of Gentoo Linux announced, GWN seeking additional translators, and more.Lycoris Desktop/LX
Lycoris, Microtel and www.walmart.com have teamed together to bring back the $199 Desktop/LX powered PC. Click below for details.Mandrake Linux
HP has announced a desktop PC for small and medium businesses (SMB), the HP Compaq Business Desktop d220 Microtower, which offers Mandrake Linux v9.1 as a choice of operating system.The XFS-related tools released with Mandrake Linux 9.1 were out-dated at release. This update brings all of the XFS-related tools up to date which provide better support for the XFS filesystem, fix bugs, and offer other enhancements.
MontaVista Linux
IDT and MontaVista Software announced the extension of a partnership to provide Linux support for the IDT Interprise family of integrated communications processors. MontaVista Linux Professional Edition 3.0 supports the IDT 79EB438 evaluation board that includes the IDT RC32438 Interprise PCI processor.Trustix Secure Linux
Trustix has released Trustix Secure Linux 2.0 (Cloud). Click below for details.Hitachi H8 Integrated Into uClinux
SnapGear, Inc. has released a technical paper describing its recently completed integration of support for the Hitachi H8 300S processor with the uClinux distribution.Red Hat Linux
Red Hat has an updated redhat-config-date package fixing a symlink-related bug, for Red Hat Linux 8.0 and Red Hat Linux 9.Slackware Linux
Slackware Linux: Some patches were applied to readline, similar to the ones applied previously to bash. See the slackware-current changelog for complete details.Yellow Dog Linux
Yellow Dog has updated redhat-config-date packages for Yellow Dog Linux 3.0.
New Distributions
BSLinux
BSLinux, from Blue Sock Linux Solutions, is a GNU/Debian-based distribution with a very simple installation process based on KDE. It supports many partition types, including XFS, JFS, ReiserFS, VFAT, EXT2, and EXT3. It uses XML and provides many new viewpoints to the way things can be done. Beta 1 was released June 27, 2003.LGIS GNU/Linux
LG Internet Solutions has announced the immediate availability of LGIS GNU/Linux 9. LGIS GNU/Linux is a Ximianized version of Red Hat Linux. (Found on GnomeDesktop).
Minor distribution updates
Astaro Security Linux
Astaro Security Linux has released v3.219 (Stable 3.x) with minor feature enhancements. "Changes: This Up2Date adds the "V4 Upgrade" functionality to the "System->Up2Date" menu."
Coyote Linux
Coyote Linux has released v2.00-pre6 with major bugfixes. "Changes: Typos in the init scripts that would prevent static IP address configurations from working properly have been fixed. Code has been added to build a resolver config for DHCP clients so that the internal DHCP server will initialize properly. A bug in the firewalling code that would prevent NAT rulesets from being enabled for PPPoE configurations has been fixed." Then 2.00-beta2 was released with more bug fixes.
Damn Small Linux
Damn Small Linux has released v0.3.11 with minor feature enhancements. "Changes: This release has PCMCIA support, and an experimental routine to grab Mozilla Firebird from the Internet and auto-install the browser while holding it in memory."
MoviX2
MoviX2 has released v0.3.0rc2 with minor bugfixes. "Changes: This release has been done mainly to replace Microsoft's TrueType fonts with OpenSource similar fonts. A few bugs have been also fixed (ISA/SCSI module loading) and a few new features introduced (support for serial remotes and a way to set easily custom defaults for the boot args)."
Pingwinek GNU/Linux
Pingwinek GNU/Linux has released v0.24 with minor feature enhancements. "Changes: This version features many new packages including Evolution, Conglomerate, Apache2, PPP, and others."
Recovery Is Possible! (RIP)
Recovery Is Possible! (RIP) has released v56 with major feature enhancements. "Changes: All the included programs have been updated to the full versions, and the image viewer program zgv has been added. tmpfs is now used, so half of your system memory will be used as virtual disk space."
RxLinux
RxLinux has released v1.4.5 with major feature enhancements. "Changes: This release rebuilds the root filesystem from sources following the Linux From Scratch 4.1 instructions and rebuilds the package selection interface."
uClinux
uClinux has released Linux kernel patches, v2.4.21-uc0, with major feature enhancements. "Changes: Major changes were made to IDE support. A few additions were made to the "asm" include directories, and basic testing was performed on the 68328/Coldfire/ARM/SuperH and H8300. IDE was also tested on the Coldfire 5249."
Distribution reviews
Getting to Know Debian (SitePoint)
Jono Bacon has written an article introducing Debian. "The Debian project is entirely volunteer-run and doesn't seek to generate profit. This essentially means that, while the will is there to continue to improve Debian, the project will always progress, irrespective of economic matters." (Found on Debian Planet)
Page editor: Rebecca Sobol
Development
SCons, a Software Construction Tool
SCons is a software build tool that is intended to replace the common utility Make. It is loosely based on CONS, another build tool.
The SCons
FAQ page says:
"SCons is implemented as a Python script and set of modules, and SCons "configuration files" are actually executed as Python scripts. This gives SCons many powerful capabilities not found in other software build tools.
"
Some of the SCons features include:
- Cross-platform operation.
- Python-based configuration scripts for solving software build problems with a powerful language.
- Automatic dependency analysis, no need for make depend/make clean.
- Support for C, C++, FORTRAN, Java, Yacc, and Lex.
- Extensible, support for other languages and file types can be added.
- Support for fetching files via SCCS, RCS, CVS, BitKeeper and Perforce.
- Works with timestamps and MD5 signatures.
- Better parallel build support compared to Make.
- Built-in Autoconf-like support for working with #include files, libraries, functions and typedefs.
- Global view of all dependencies, multiple build passes are not necessary.
- Can share pre-built files in a cache, this speeds up multiple builds.
- scons: The basic SCons installation and utility tools.
- scons-local: A component that is intended to be included with other software packages that are built using SCons.
- scons-src: The complete SCons source distribution tree, useful for those who wish to build SCons itself.
For more information, see the online SCons Documentation. Downloads of SCons are availalble on the SCons page at SourceForge. SCons has been released under the MIT license.
Version 0.90 has been released, the authors claim that due to their software building methodology, SCons is already quite stable. A 1.0 release is coming soon. Maybe its time for someone to try setting the Linux kernel up to build under SCons.
System Applications
Audio Projects
Linux Audio Workstation 1.1 released
The Linux Audio Workstation distribution has released version 1.1, named "message in a bottle". This release works with RedHat 7.2, 8.0, and 9 and features ALSA upgrades, documentation pages for all audio applications, and more.
Database Software
JDO Persistence, Part 2 (O'ReillyNet)
O'Reilly continues its excerpt series on JDO persistence with part two. "In part two in this three-part series of excerpts on JDO persistence from Java Database Best Practices, author George Reese covers basic JDO persistence best practices for transaction management and query control."
MySQL FULLTEXT Searching (O'ReillyNet)
Joe Stump shows how to do FULLTEXT searching with MySQL. "Have you ever wanted to search text stored in your database, but couldn't figure out how to do it efficiently? Are you lazy like me and don't enjoy maintaining reverse indexes, dictionaries, and word scores? You're in luck. The release of MySQL 4.0 has made searching text stored in databases available to the masses."
PostgreSQL Weekly News
The June 26, 2003 edition of the PostgreSQL Weekly News has been published with the week's roundup of PostgreSQL database news.
Mail Software
SpamAssassin Milter 0.2.0 released
Version 0.2.0 of the SpamAssassin Milter Plugin is available. The change summary says: "Lots of new features: Spam can be redirected to a separate email address. Arbitrary netblocks can be excluded from scanning. You can now pass custom arguments to spamc without recompiling. Sends extra headers to spamc to mimic the ones the local sendmail adds. The manpage should now be readable on all OSes. And some minor bugfixes concerning messages with no headers and localhost mail submission."
Defending Your Site Against Spam (O'Reilly)
Dru Nelson discusses Spam filtering on O'Reilly. "Like so many other people out on the Internet, I get unsolicited commercial email or "spam". Until recently, I could handle spam by just deleting it or using email aliases. Unfortunately, my server was rendered useless by a spam attack launched by an unknown spammer. The experience forced me to improve my spam defenses. In two articles, I will share the research and results of my effort to implement an anti-spam system. In this first installment, I will briefly cover various anti-spam systems and the system I chose, a network level defense. In the next installment, I'll dig deeper into the details of an implementation with qmail. (The information is general enough that it could be applied to other email systems such as Postfix or Sendmail.)"
Medical Software
OpenEMR 2.0.0 Release (LinuxMedNews)
Version 2.0.0 of OpenEMR has been released. "OpenEMR is a modular, HIPAA compliant, Open Source, cross-platform Electronic Medical Records system (EMRS) developed by Synitech Incorporated. OpenEMR runs under Apache or IIS, PHP and MySQL, and includes advanced authorization and auditing functionality, automatic timeouts, group-based user configuration, extensive logging, and supports patient-requested file changes."
Networking Tools
Network programming with the Twisted framework, Part 1 (IBM developerWorks)
David Mertz looks at Twisted on IBM's developerWorks. "Twisted is an increasingly popular pure-Python framework for programming network services and applications. While there are a large number of loosely coupled modular components within Twisted, a central concept to the framework is the idea of non-blocking asynchronous servers. In this article, David introduces you to this style of programming -- a novel one for developers accustomed to threading or forking servers, but one capable of great efficiency under heavy loads."
Printing
LinuxPrinting.org news
The latest changes on LinuxPrinting.org include support for the Canon LBP-470, HP OfficeJet 4105, HP OfficeJet 4115, HP OfficeJet 4110, and HP PSC 2175 printers, and improvements to the Samsung GDI printer driver.
Security
Sussen 0.4 released
Version 0.4 of Sussen, a client for the Nessus security scanner, has been released. This release adds an embedded MySQL server backend, customizable report generation capabilities, bug fixes, and more.
Web Site Development
mnoGoSearch 3.2.12 released
Version 3.2.12 of mnoGoSearch, a web site search engine, has been released. This release features the ability to create and drop the database structure, as well as several bug fixes. See the Change Log document for details.Issue Handler 0.8.16 released (ZopeMembers)
Version 0.8.16 of Issue Handler, an information management application for Zope, has been released. "This release features minor feature enhancements".
Scratchy 0.5.1 released
Scratchy is a Python-based Apache log file report generator. "Scratchy is a set of scripts to parse Apache web server log files and extract useful information. From this data, Scratchy will create HTML reports so that website administrators can easily view the information and determine trends and their typical audience."
Silva 0.9.2 released! (ZopeMembers)
ZopeMembers has an announcement for Silva release 0.9.2. The list of new features includes: a revised user interface, a new metadata architecture, text is now stored as unicode, indexing is now done with the Zope catalog, and performance improvements.Top Ten Tomcat Configuration Tips (O'ReillyNet)
Jason Brittain and Ian F. Darwin write about the configuration of Tomcat on O'Reilly. "Now that writing Java web applications has become a common way to create and deploy new web content, people around the globe are finding the Jakarta Tomcat servlet and JSP container useful. It's free, it's multiplatform, it's rich in features, it's rapidly evolving and improving, and it's never been more popular."
ZShellScripts v0.41 is out with Ruby support (ZopeMembers)
Version 0.41 of ZShellScripts has been announced. "ZShellScripts unifies the Zope notion of scripting by allowing scripts to be written in a bunch of different languages. This version features Ruby support,meaning that you can now write scripts in Python, Perl, Ruby, PHP, Lisp, or Bash and have them executed from within Zope, with a more or less semi-transparent access to Zope objects and variables."
Zope 2.6.2 Beta 3 Released (ZopeMembers)
Versions 2.6.2 Beta 3 of Zope has been released. Changes include bug fixes, Python 2.2 compatibility fixes, several back-port fixes, and more.ZTimeReg 1.0 Released (ZopeMembers)
ZTimeReg is a Zope product that lets employees register time spent on customers and projects. Version 1.0 stable was just released.ZWiki 0.20.0 released (ZopeMembers)
Version 0.20.0 of Zwiki, a Zope-based Web Wiki, has been released. The change summary says: "Simpler page types, smarter message handling, auto subscription option; mail, skin and miscellaneous bugfixes; python 2.1 or greater now required."
Web Services
High-impact Web tier clustering, Part 1 (IBM developerWorks)
Sing Li looks at several Java-based web services packages on IBM's developerWorks. "As the J2EE platform has matured, it has opened up the opportunity to deploy commodity servers in networked cluster configurations for scaling of Web services and Web applications at the Web tier. These commodity servers, interconnected through commodity LAN hardware, can provide cost-effective clustering solutions. The last piece of the clustering puzzle is in the software. In this series, Sing Li examines three open source software substrates that can enable high-impact Web tier clustering, beginning with JavaGroups."
Miscellaneous
Gled 1.2.0 released
Version 1.2.0 of Gled is available. "Gled is an implementation of a hierarchic server-proxy-client-viewer model written in C++ and offering a mixture of object oriented framework and toolkit." The Gled status page says: "
Gled v1.2 is a functional base upon which higher-level functionality can be built. Minimal changes in the core implementation are expected. Gled as an OO framework/toolkit is stable enough to allow development of user classes and applications."
Desktop Applications
Audio Applications
Ardour 0.9 beta 1 released
A Slackware Linux package for version 0.9 beta 1 of Ardour, a multi-track audio recording application, has been released. This is the initial release of Ardour. "I am happy to announce that the first public tarball release of Ardour, numbered 0.9beta1, is now available for download. This very much a beta release, there are still many bugs to be fixed before 1.0 release scheduled for late July/early August."
BEAST/BSE 0.5.3 released
Version 0.5.3 of BEAST/BSE, the Bedevilled Audio SysTem and the Bedevilled Sound Engine, are available. BSE is "a library for music composition, audio synthesis and sample manipulation". "This new development series of BEAST comes with a lot of the internals redone, many new GUI features and a sound generation back-end separated from any GUI activities. The most outstanding new features are the track editor which allowes for easy selection of synthesizers or samples as track sources, loop support and unlimited UnDo/ReDo capabilities."
Glame 1.0.1 released
Version 1.0.1 of Glame, an audio editor, is available. This release adds support for importing mp3 and Ogg Vorbis audio files.
Desktop Environments
KDE Traffic #56 is Out
Issue #56 of KDE Traffic is out. The KDE.News summary says: "This week we have some news about LinuxTag, a fun and interesting little contest that I hope a certain developer has a sense of humor about, some news about KOffice (thanks Jürgen!) and more."
KDE-CVS-Digest
The June 27, 2003 KDE-CVS-Digest is out, here's the summary: "Multimedia gets some attention, with fixes to aRts and artsbuilder. KGhostview now has a full screen mode. Work starts on a BIDI mode for Kate. Cervisia, the GUI frontend for CVS, now has an SSH password authentication dialog. KMail encryption plugins as well as IMAP support is improved. Plus bug fixes and improvements in Kopete, KHTML, KWin and many others."
YAGnoBS, GCipher, Heartbeat, & GNOME 2.0 turns 1 (GnomeDesktop)
GnomeDesktop.org has published a multiple announcement for new versions of the YAGNobs GNOME build script, and the Heartbeat system monitoring tool, and GCipher.Final Modules List for the GNOME 2.4 Desktop Release (GnomeDesktop)
GnomeDesktop.org reports on the contents of the GNOME 2.4 Desktop Release. "Here is the final modules list for the GNOME 2.4 Desktop Release! It was a very tough process, as anyone who watched the d-d-l threads knows, because all of the modules proposed for inclusion are top-notch, brilliant pieces of GNOME software."
Games
Graphics
GIMP 1.3.16 Released (GnomeDesktop)
The GIMP version 1.3.16 has been announced and comes with lots of new features.
GUI Packages
SPTK 2.0a3 available
Version 2.0a3 of SPTK, the Simply Powerful ToolKit has been released, it features bug fixes and some improved widgets.
Interoperability
Samba 3.0.0 beta2 released
Samba 3.0.0 beta2 has been released. "The Samba Team is proud to announce the availability of the second beta release of the Samba 3.0.0 code base. While we are significantly closer to the final release, you should be reminded that this is a non-production release provided for testing only."
Office Applications
AbiWord Weekly News
The June 29, 2003 edition of the AbiWord Weekly News is out with the latest AbiWord word processor news. "The remainders of GUADEC, the death of the hash downloader, a new preferences mock-up, 2.0 beta, anti-abi advertising, Mac OS X and that has nothing to do with the more interesting stories, like Linux going to Congo schools and Microsoft using DRM to lockout other office competitors, all of this and screenshots are waiting within."
Web Browsers
Epiphany 0.7.2 released (GnomeDesktop)
Version 0.7.2 of the Epiphany web browser for GNOME has been announced, many code changes and bug fixes are included.Demonstration of Robin Remote XUL Desktop Available (MozillaZine)
MozillaZine reports on a remote XUL desktop environment called Robin, the Remote Operating System Build in Netscape.The Future of Mozilla Application Development (O'ReillyNet)
O'Reilly covers recent changes to the Mozilla development roadmap. "In April, mozilla.org announced a major update to its development roadmap. Some of the changes in the new document represent a fundamental shift in the direction and goals of the Mozilla community. To help make sense of how these changes will affect Mozilla application developers, this article provides an analysis of the new roadmap and also demonstrates how to convert an existing XPFE-based application into an application that uses the new XUL toolkit."
Mozilla 1.4 Released (MozillaZine)
MozillaZine reports on the release of version 1.4 of the Mozilla web browser. "This release offers several enhancements over Mozilla 1.3.1, including NTLM authentication support (Windows only), bookmarks improvements, click-and-drag image and table resizing in Composer, smooth scrolling (disabled by default), junk mail improvements and proxy auto-config failover."
Netscape 7.1 Released (MozillaZine)
MozillaZine has an announcement for the newly released Netscape 7.1 web browser. "Netscape Communications Corporation today released its new Netscape 7.1 browser, which is based on Mozilla 1.4. This version — codenamed Buffy during development — offers several new features, including automatic image resizing, which shrinks large images to fit in the browser window, and Find As You Type, a tool that allows users to search for links or text on a webpage just by typing."
2003-06-24 Release of WaMCom Available (MozillaZine)
MozillaZine has an announcement for a new release of WaMCom, the Web and Mail Communicator. "WaMCom is a distribution of Mozilla 1.3.1 that incorporates 480 additional trunk bug fixes and also some extra features that are not yet part of the Mozilla Application Suite."
Mozilla Status Update
The June 27, 2003 Mozilla Status Update is out. "This status update contains news on Mozilla 1.4 Release Candidate 3, the Mozilla 1.5 Alpha schedule, Composer, Mozilla Thunderbird, ChatZilla, tabbed browsing, the DOM Inspector and more."
Multiple Mozilla Staff Meeting Minutes
The minutes of the Mozilla.org staff meetings from June 16 and June 23, 2003 are available for your inspection.
Miscellaneous
Peacock 0.6.1 released
Version 0.6.1 of Peacock, an HTML Editor for GTK+/GNOME, has been released. New features include find/replace, a shift of file operations to the GnomeVFS architecture, and GtkHTML preview click functionality.
Languages and Tools
Caml
Caml Weekly News
The July 1, 2003 edition of the Caml Weekly News is out with the latest Caml language development news.
Java
Using the Jakarta Commons, Part 1 (O'ReillyNet)
Vikram Goyal writes about the Jakarta Commons on O'Reilly. "Ever find yourself thinking "Someone's surely solved this problem before?" That's the beauty of open source. In this first of three articles, Vikram Goyal explores the Jakarta Commons, mature and well-defined reusable Java components."
Lisp
Perl
This Week on perl5-porters (use Perl)
The June 23-29, 2003 edition of This Week on perl5-porters has hit the virtual street. "This week's p5p summary is going to be a bit unusual : a few very long threads will be summarized (logically) in longer paragraphs. Read about hashing algorithm vulnerabilities, new proposed syntax, CHECK and INIT blocks, and other unlittle things."
This week on Perl 6
Two editions of This week on Perl 6 have been published. The summary for the June 22, 2003 report says: "Continuation Passing Shenanigans, evil dlopen() tricks, and controlling method dispatch dominate perl6-internals and perl6-language, according to fearless summarizer Piers Cawley."
The
June 29, 2003 summary says:
"Exceptions, continuations, patches, and reconstituted flying cheeseburgers all dominated discussion on perl6-internals and perl6-language, according to summarizer Piers Cawley. No kidding.
"
Perl 6 Design Philosophy
O'Reilly has published an excerpt from the book Perl 6 Essentials. "Perl 6 Essentials is the first book to offer a peek into the next major version of the Perl language. It covers the development of Perl 6 syntax as well as Parrot, the language-independent interpreter developed as part of the Perl 6 design strategy. In this excerpt from Chapter 3 of the book, the authors take an in-depth look of some of the most important principles of natural language and their impact on the design decisions made in Perl 6."
Power Regexps, Part II
Simon Cozens continues his series on Perl regular expressions with Part II. "In the previous article, we looked at some of the more intermediate features of regular expressions, including multiline matching, quoting, and interpolation. This time, we're going to look at more-advanced features. We'll also look at some modules that can help us handle regular expressions."
PHP
PHP Weekly Summary for June 30, 2003
The PHP Weekly Summary for June 30, 2003 is out. Topics include: PHP 5 beta test, Apache 2 support, preg_match_*, Bundling libxml2 (continued), SQLlite extension, PHP 4.4, Major CVS changes.
Python
Dr. Dobb's Python-URL!
The Dr. Dobb's Python-URL for June 30, 2003 is out, with news and links for the Python community.
Scheme
Scheme Weekly News
The June 30, 2003 edition of the Scheme Weekly News is out. Take a look for the latest Scheme language news.
Tcl/Tk
Dr. Dobb's Tcl-URL!
The June 30, 2003 edition of Dr. Dobb's Tcl-URL is out with the weeks' Tcl/Tk development news.
XML
Unofficial XML-RPC Errata
Fredrik Lundh has published an Unofficial XML-RPC Errata document. "This is an unofficial errata, intended to clarify certain details in the XML-RPC specification, as well as hint at "best practices" to use when designing your own XML-RPC implementations. This errata is mostly based on real-life experiences from early adopters and toolkit implementors (filtered through the brain of one such early adopter/implementor)."
XULMaker 0.50 Released (MozillaZine)
According to MozillaZine, version 0.50 of XULMaker, a visual XUL application builder, is available. "This release includes support for the complete set of XUL elements, attributes and values."
The Open Applications Group Integration Specification (IBM developerWorks)
Michael Rowell inspects The Open Applications Group Integration Specification on IBM's developerWorks. "The Open Applications Group Integration Specification (OAGIS) is an effort to provide a canonical business language for information integration. It uses XML as the common alphabet for defining business messages, and for identifying business processes (scenarios) that allow businesses and business applications to communicate. Not only is OAGIS the most complete set of XML business messages currently available, but it also accommodates the additional requirements of specific industries by partnering with various vertical industry groups."
Web-based XML Editing with W3C XML Schema and XSLT, Part 2 (O'Reilly)
Ali Mesbah and Arjan Vermeij continue their series on web-based XML editing with Part Two. "This article describes a concept in which elements can be inserted into an XML instance document through an automatically created form-based GUI, based on the XML Schema of the instance document." You may want to start with the first article.
How (Not) to Grow a Technology (O'Reilly)
Kendall Grant Clark discusses the growth of the XML standard on O'Reilly. "In this article I consider the two most common ways of growing XML technologies, particularly in the context of standards bodies and the XML development community. While these two methods are well-known, I draw my inspiration from an XML-DEV posting by Roger Costello. His post suggests that there are two ways in which a technology may be developed: by committee or by "the market." In the committee case, a group of people -- often an element of a standards body -- is primarily responsible for the development of the technology."
Editors
Conglomerate XML Editor 0.5.4 Released (GnomeDesktop)
GnomeDesktop.org has an announcement for version 0.5.4 of Conglomerate, an XML editor. This release features bug fixes, build improvements, and more.
IDEs
Anjuta 1.1.97 released (GnomeDesktop)
GnomeDesktop.org has an announcement for version 1.1.97 of the Anjuta IDE for GNOME. This version features support for all text file encodings, line and word selection menu entries, .css files highlighting, bug fixes, and more.
Version Control
Vertoo - simple versioning support tool
A new versioning tool called Vertoo has been released. "Vertoo is a tool that lightens developer's burden to maintain up-to-date versioning information across project's files. Vertoo provides simple interface to change the version (or it's part) and distribute these changes through the project's files. Configuration describes versions used in a project, each in arbitrary, user-specified scheme and formats for each of the occurences of the version's data in the project files."
Miscellaneous
Mono 0.25 released. (GnomeDesktop)
GnomeDesktop.org has an announcement for version 0.25 of Mono, an open source implementation of the .NET Development Framework. See the RELEASE NOTES for more information.
Page editor: Forrest Cook
Linux in the news
Recommended Reading
Windows Refund Day II: Next Steps (Linux Journal)
Linux Journal takes a look at what happened during Windows Refund Day II -- and what still needs to happen. "[Toshiba] will spend thousands of dollars in legal fees to protect the hundreds that would be paid out for this individual refund request. Does anyone honestly think that they would continue to follow this path if only 10 additional customers filed similar actions? Personally, I don't think it is unreasonable to expect at least one case to be filed against a major computer manufacturer in every state of the US. Multiple concurrent claims (regardless of which manufacturer is targeted) will open their eyes to the magnitude of this situation. This is the logical course of action for us to take in order to achieve the change we are seeking."
Linux Xbox group squeezes Microsoft (ZDNet)
ZDNet reports on a group of Australian XBox hackers. "A group of Xbox security researchers say they have found a way to run Linux on the Xbox game console without a so-called mod chip and will go public with the technique if Microsoft won't talk to them about releasing an official Linux boot loader."
Open source trade clash (Australian IT)
Here is an article in Australian IT that reveals the backers of an anti-open source lobby. "The Washington-based and Microsoft-backed Initiative for Software Choice (ISC) has condemned South Australian moves to introduce open source preference legislation as "hidden protectionism" that discriminates against US software companies."
Trade Shows and Conferences
KDE at the Linux User & Developer Conference
Jon Bacon has written a report on the KDE experience at the Linux User & Developer Conference in Birmingham. "Generally at the booth we got some pretty good feedback about KDE. There was an obvious number of of people who had used KDE before and were interested in new features that were in the latest KDE. One particular application that was gaining particular interest was Kexi. It seems that the Linux based LAMP platform is gaining massive popularity and the need for GUI database manager in a similar fashion to Microsoft Access was in great demand. There were quite a few people who got out their pencil and paper and wrote the name down. I suspect the Kexi developers will have a fair few new people interested in the project."
Open source invades middleware (vnunet)
Vnunet takes a look at Tim O'Reilly's speech at LinuxExpo. "Open source is creeping through middleware, turning it into a profit-less commodity and forcing technology companies to seek value further up the food chain, according to two leading open source experts."
Companies
SCO may audit IBM's AIX customers (vnunet)
SCO CEO Darl McBride, it seems, has told vnunet that he may go after AIX users. "McBride claimed that SCO has the right to audit IBM's customers. 'We have other rights under the contract we are looking at. For example, we can audit IBM customers. SCO has audit rights on its customers,' he said. 'The reality is that we are going into discovery right now and that might be the vehicle to be able to investigate what we need there anyway.'" One might well wonder how many AIX (and other proprietary Unix) customers thought they were giving audit rights to SCO when they bought their systems.
Penguin on Thin Ice? (FindLaw)
FindLaw looks at the SCO suit. "The second principle is that a party's rights can be affected by its later conduct - which can constitute a 'waiver,' giving away rights. Until recently, SCO was a willing player in the Linux movement, releasing code under the open source ('copyleft') license. Everything that happened to Linux was in the open. Yet SCO delayed in suing. That delay triggers not only the waiver doctrine, but also similar equitable doctrines such as laches. Indeed, SCO may run afoul of the relevant statutes of limitations as well."
Linux Adoption
Electronics makers rally around Linux (News.com)
News.com covers the introduction of CELF, the Consumer Electronics Linux Forum. "CELF grew out of a Linux development alliance between Sony and Matsushita inked last December. At the time, the two companies agreed to collaborate on a new version of the open-source operating system for consumer electronics devices and said they would consider founding a forum to further those goals."
Linux Plays Starring Role in 'Sinbad' (eWeek)
According to eWeek, all of the animation for the movie Sinbad was performed on Linux machines. "More than 250 mostly 3-D accelerated dual-monitor HP workstations running Red Hat Linux made up the the core of DreamWorks' graphics platform for the artists working on "Sinbad.""
At Orbitz, Linux Delivers Double The Performance At One-Tenth The Cost (TechWeb)
TechWeb covers Linux performance at Orbitz, an online travel service. "Privately held Chicago-based Orbitz uses more than 750 Linux-on-Intel Compaq computers in its data center to download fares, service search requests and run the company's booking engine. In the fall, Orbitz migrated its web applications running on Sun Microsystems' Enterprise 4500 servers to Compaq machines. The migration meant moving the software from Solaris running on 168 Sparc processors to Linux running on 100 Intel chips."
Austin, Texas to Begin Linux Pilot Project (Linux Journal)
Linux Journal heads to Austin, Texas to see how Linux in faring in the local government. "As a result of all the above, the city's attitude towards the use of Linux and open source software has taken a 180 degree turn. When I first started tracking the City of Austin/Microsoft/Linux saga two years ago, a deputy director in the IT department told me that if he found Linux being used on a desktop he would have it removed."
Interviews
Selling Linux keeps getting easier (NewsForge)
Robin 'Roblimo' Miller talks with Teresa Spangler in this NewsForge article. "Teresa Spangler started marketing Linux-based products back in 1997 as co-founder of a small startup company in North Carolina. From there she went to Red Hat. Now she's the U.S. general manager for Trustix. Teresa says Linux is an easier corporate "sell" today than ever before, and is likely to be an even easier one in the future."
Linux: so what's in it for me? (Register)
The Register interviews industry experts at the Linux User & Development Expo in Birmingham this week. "Although they wouldn't speak on the record, several industry figures at Linux User, noted the geekie image continues to be pervasive in the Linux world - even at a time when a majority of visitors to Linux events are suits."
Interview Jeff Waugh
LinuxMagAu interviews Jeff Waugh, coordinator of the Gnome Release Team. "More seriously, The Next Big Thing in the GNOME world is our 2.4 Desktop release, which will have all sorts of new goodies in it. We're approaching our feature freeze at the moment, so here's a list of all the big features likely to make the cut"...
'Head First Java' Author Interview (O'ReillyNet)
O'Reilly has published an interview with the authors of the book Head First Java. "Kathy Sierra and Bert Bates are the authors of the recently released Head First Java, a language tutorial unlike any other. In this interview, they explain their unique teaching style and how it works in practice."
Andrew Stanley-Jones on KSirc (KDE.News)
KDE.News has posted a recently translated interview with Andrew Stanley-Jones. "In the following interview, Andrew Stanley-Jones, original author of KSirc, gives us some of the insights behind the design of KSirc -- the Internet Relay Chat (IRC) client for KDE. Read on for such gems as "No company I've ever worked for has offered to pay me to write a client that allows you to waste time chatting online" and "I argue [that chatting on IRC] keeps me awake during a chick flick"."
French ex-PM condemns Software Patents
Michel Rocard MEP, former prime minister of France, condemned software patents in an interview with French newspaper Liberation. Click below for a translation of the interview.
Resources
WorldWatch Week in Review (Linux Journal)
Linux Journal presents the WorldWatch Week in Review, with open source news from around the world. "We unsuccessfully tried to ignore the SCO v. IBM fracas, mostly because Eric Raymond came out with an updated position paper that probably will become an amicus curiae brief in the case." We know just how you feel. The OSI position paper can be found here.
Secure Cooking with Linux, Part 2 (O'ReillyNet)
O'ReillyNet presents more recipes from the Linux Security Cookbook. "This week, we offer recipes that fall into an intermediate-level category. Learn how to restrict access to network services by time of day, and how to use sudo to permit read-only access to a shared file."
The Journal of Free and Open Source Medical Computing
A new publication called The Journal of Free and Open Source Medical Computing, JOSMC, is now online. "The Journal of Free and Open Source Medical Computing (JOSMC) is open and issuing its first call for papers. The Journal was started after the success of Linux Medical News indicated the need for a more scholarly publication. The Journal '...is an electronic forum for disseminating information on free and open source medical computing. Scholarly work on any aspect of free and open source medical computing will be considered for peer-reviewed"
Linux Access in State and Local Government, Part III (Linux Journal)
Linux Journal continues its tour of Linux in state and local governments with a comparison of Linux in schools. "In the K12Linux domain, if you need an application, you probably would stop at SchoolForge and then click the link to the Seul/Edu Educational Application Index to discover a repository of applications. Here you can find 80 administrative applications that one can download, plus 98 language programs and more. The site contains 612 open-source applications in 23 categories, such as courseware, math and library applications. And that's only one of several K12Linux web sites. Imagine such a collection of government software somewhere."
Reviews
The Killer Kontact
KDE.News has a review of the Kontact PIM integrator by former Microsoft user Savanna. "One of the huge reasons I switched from Microsoft to Linux around a year ago was because Outlook was eating all of my mail. This would happen on average every three to six months, and there was simply nothing that I could do about it. The classic "format and reinstall" solution had become such a feared process for me that I simply didn't want to have anything to do with computers any longer."
Big boost for wireless Linux development (vnunet)
Vnunet looks at a development platform from Metrowerks. "The company claimed that its OpenPDA platform, designed for Motorola's i.MX1 next-generation PDA microprocessor, could help mobile Linux developers to shorten design cycles."
Page editor: Forrest Cook
Announcements
Non-Commercial announcements
The European Public Sector Switches on to Open Standards
This week almost a dozen governments announced significant forward strides in their move to adopt Linux, confirming the overwhelming momentum behind the open source operating system. Country by country, governments around the world are adopting Linux in record numbers to save costs, consolidate workloads, increase efficiency and integrate their infrastructure.European Parliament Rejects Attempt to Rush Vote on Software Patent Directive
The European Parliament has postponed the vote on the software patent directive back to the original date of 1st of September. Arlene McCarthy (UK Labour MEP of Manchester) and her supporters were lobbying to rush the vote to June 30, a mere twelve days after publication of the highly controversial report and ten days after the unexpected change of schedule.FSF Statement on SCO v. IBM
Eben Moglen has written an official statement detailing the position of the Free Software Foundation in light of SCO vs. IBM. "The Foundation has no basis to believe that GNU contains any material about which SCO or anyone else could assert valid trade secret or copyright claims. Contributors could have made misrepresentations of fact in their copyright assignment statements, but failing willful misrepresentation by a contributor, which has never happened so far as the Foundation is aware, there is no significant likelihood that our supervision of the freedom of our free software has failed. The Foundation notes that despite the alarmist statements SCO's employees have made, the Foundation has not been sued, nor has SCO, despite our requests, identified any work whose copyright the Foundation holds-including all of IBM's modifications to the kernel for use with IBM's S/390 mainframe computers, assigned to the Foundation by IBM--that SCO asserts infringes its rights in any way." (Thanks to Paul Sladen)
Reasoning Releases Results of a Software Code Audit of the Apache Web Server
Reasoning has announced the results of a study in which the company inspected the code of the Apache Open Source Web Server V2.1. Reasoning found that the Apache Open Source server had a similar defect density compared to the average defect density of several proprietary equivalents.
Commercial announcements
HP and SuSE Linux Expand Global Alliance
HP and SuSE Linux have announced that HP will resell and support SuSE Linux Enterprise Server 8, powered by UnitedLinux, on industry-standard HP ProLiant servers and HP's Itanium-based servers. This relationship provides customers a single point of purchase, support and maintenance for SuSE Linux Enterprise Server 8 and makes SuSE Linux a preferred vendor for HP."Learning Perl Objects, References, and Modules" Released by O'Reilly
O'Reilly has published the book "Learning Perl Objects, References, and Modules".MySQL Reference Manual Now Available in French
A French translation of the MySQL database user manual has been announced. "The MySQL reference manual was translated into French by MySQL partner NexenServices.com, a French Web hosting company that provides expert Web hosting with PHP and MySQL."
Neuros Digital Audio Computer Announces Availability of Positron for Linux Platform Support and Ogg Vorbis Playback
Neuros Digital Audio Computer has announced the availability of their Positron open-source synchronization application. The software allows ogg-Vorbis audio files to be transferred from a Linux platform to the Neuros audio device.O'Reilly Releases "Secure Coding: Principles & Practices"
O'Reilly has released Secure Coding: Principles & Practices. "Jeremy Allison, the coauthor of Samba calls "Secure Coding": "A wonderful book...I wish it had been available when I was writing parts of Samba. I might not have had the last two security embarrassments to my name." Stephen E. Hansen, Information Security officer for Google, Inc., agrees: "I wish I had this book years ago as it has taken me years to figure these things out for myself.""
Trolltech releases QSA
Trolltech has released Qt Script for Applications, (QSA) Version 1.0. "Trolltech, a leader in multiplatform software development tools, today announced that Qt applications are now scriptable with the release of Qt Script for Applications (QSA). Leveraging the powerful Qt API, QSA takes static Qt/C++ applications, and makes them dynamic."
Resources
LDP Weekly News
The July 1, 2003 edition of the LDP Weekly News is out with the latest Linux Documentation news. Volunteers are needed for bringing out of date documents up to date. "In an ever-changing environment, our documents become outdated tremendously fast: a one year old HOWTO is like pre-historic charcoal writing on stone. Apart from people with a technical background, we also need user reviews to check on a document's usability."
Upcoming Events
Tenth Annual Tcl/Tk Conference
The 10th Annual Tcl/Tk Conference is scheduled for July 28 through August 2 in Ann Arbor, Michigan.Perl Lightning Talk schedule for OSC 2003
The tentative schedule for the OSCon 2003 Perl track is online.YAPC::EU 2003 Talk Summaries Are Online
The summary of talks for the YAPC::EU 2003 conference are online. The conference will be held at CNAM in Paris, France on July 23-25, 2003. Thanks to Emmanuel Seyman.Events: July 3 - August 28, 2003
| Date | Event | Location |
|---|---|---|
| July 7 - 11, 2003 | O'Reilly Open Source Convention 2003(OSCON) | (Portland Marriot)Portland, Oregon |
| July 9 - 12, 2003 | Libre Software Meeting | Metz, France |
| July 10 - 13, 2003 | LinuxTag | Karlsruhe, Germany |
| July 12 - 17, 2003 | Debcamp | Oslo, Norway |
| July 18 - 20, 2003 | Debconf 3 | (The University of Oslo)Oslo, Norway |
| July 23 - 26, 2003 | Ottawa Linux Symposium | Ottawa Canada |
| July 23 - 25, 2003 | YAPC::Europe 2003 | (CNAM Conservatory)Paris, France |
| July 25 - 27, 2003 | Fifth Annual Linux Festival in Kaluga Region | (bank of the river Protva)Kaluga region, Russia |
| July 29 - August 2, 2003 | The 10th Annual Tcl/Tk Conference | Ann Arbor, Michigan |
| July 31 - August 3, 2003 | UKUUG Linux Developers' Conference(LINUX 2003) | (George Watson's College)Edinburgh Scotland |
| August 4 - 7, 2003 | LinuxWorld Conference and Expo 2003 | (Moscone Convention Center)San Francisco, CA |
| August 5 - 7, 2003 | 5th Annual CERT Conference(NEbraskaCERT) | (Scott Conference Center)Omaha, NE USA |
| August 7 - 10, 2003 | Chaos Communication Camp 2003 | Paulshof, Altlandsberg, Germany |
| August 18 - 21, 2003 | New Security Paradigms Workshop 2003(NSPW 2003) | (Centro Stefano Francini)Ascona, Switzerland |
| August 23 - 25, 2003 | KDE Developers' Conference | (Zamek Castle)Nove Hrady, Czech Republic |
| August 27 - 29, 2003 | International Conference on Principles and Practice of Declarative Programming(PPDP 2003) | (Uppsala University)Uppsala, Sweden |
Event Reports
EuroPython 2003 Conference Report, day 2
Stéfane Fermigier has put together a report for day 2 of the EuroPython conference.ERP5 demonstrated at EuroPython 2003
A public demonstration of ERP5,an Open Source Free Entreprise Resource Planning system, was held at the EuroPython 2003 international conference in Belgium. "A live demonstration of an ERP5 system used by a large apparel factory located 200 Km away from Charleroi was presented. ERP5 is published under GPL license. ERP5 has been the first ERP solution exclusively based on Open Source / Free Software to be successfully implemented in European industry since January 2003."
Web sites
The OSPedia Open Source Wiki
OSPedia is a new Web Wiki that's dedicated to the discussion of open source issues. "It is completely open to -anyone- to contribute in anyway they feel they can and there is no editorial agenda other than letting the FOSS communities have their say on any subject regarding FOSS."
Software announcements
This week's software announcements
Here are the software announcements, courtesy of Freshmeat.net. They are available in two formats:
- Sorted alphabetically,
- Sorted by license.
Miscellaneous
OMG Object Application Awards 2003
The winners of the ninth European OMG Object Application Awards 2003 have been announced.
Page editor: Forrest Cook
Letters to the editor
xpdf vulnerability - CAN-2003-0434
| From: | Andries.Brouwer@cwi.nl | |
| To: | announce@mandrakesecure.net, bugtraq@securityfocus.com, letters@lwn.net | |
| Subject: | xpdf vulnerability - CAN-2003-0434 | |
| Date: | Sat, 28 Jun 2003 19:33:12 +0200 (MEST) |
I see RedHat and Mandrake reactions to the vulnerability
in xpdf reported by Martyn Gilmore. But their updates do
not fix the problem.
They change xpdf, and make it filter out backquotes before
invoking urlCommand. I think that was unnecessary.
On the other hand, urlCommand must be very careful what it
does with the URL since it was remote-user-supplied.
A urlCommand like the default "netscape -remote 'openURL(%s)'"
is OK since the %s is protected by single quotes.
A urlCommand like the RedHat "/usr/bin/xpdf-handle-url %s"
is bad since %s is not protected and funny games are possible.
In other words, not xpdf but /etc/xpdfrc must be fixed.
Next, RedHat /usr/bin/xpdf-handle-url is bad as well, since
it does
xterm -e sh -c "echo Edit $0 to include your URL handler; echo $1; read"
exposing the unquoted URL to sh -c.
For example, on a RedHat 8.0 system that I have here, clicking the URL
like "nailto:me; rm /tmp/abc" will remove the indicated file, also
after the fix is applied.
A testexample for playing with pdflatex:
\documentclass[11pt]{minimal}
\usepackage{color}
\usepackage[urlcolor=blue,colorlinks=true,pdfpagemode=none]{hyperref}
\begin{document}
\href{prot:hyperlink with stuff, say, `rm -rf /tmp/abc`; touch /tmp/pqr}{\textt\
t{Click me}}
\end{document}
All shell metacharacters are dangerous. Not only backquote.
Andries
SCO can not win "SCO vs Linux" case. Seriously.
| From: | Khimenko Victor <khim@sch57.msk.ru> | |
| To: | lwn@lwn.net | |
| Subject: | SCO can not win "SCO vs Linux" case. Seriously. | |
| Date: | Sun, 29 Jun 2003 18:32:12 +0400 (MSD) |
I'm looking on "SCO vs IBM" case for some time and every time "SCO vs IBM"
case is discussed like it's "SCO vs Linux" case. But it's not! Even more:
even if SCO will win "SCO vs IBM" case SCO can not do ANYTHING to Linux
(except may be make it illegal to distribute for some time).
How so ? Ok, SCO would like to get license fees from Linux vendors, right ?
SCO is not interested in removing offending code from Linux - they only
want money, right ? Oops. Thay can not have it. No matter what Linus and
IBM done. Even if they own rights for half of Linux's code.
Why so ? Linux's license is GPL. Reread this part of GPL once more, please:
-- cut --
7. If, as a consequence of a court judgment or allegation of patent
infringement or for any other reason (not limited to patent issues),
conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License. If you cannot distribute
so as to satisfy simultaneously your obligations under this License and
any other pertinent obligations, then as a consequence you may not
distribute the Program at all. For example, if a patent license would not
permit royalty-free redistribution of the Program by all those who receive
copies directly or indirectly through you, then the only way you could
satisfy both it and this License would be to refrain entirely from
distribution of the Program.
-- cut --
What this means ? This means that even if SCO has some rights for Linux
code (all or some parts of it) then there are ONLY TWO CHOICES:
1. SCO grants everyone rights to redistribute Linux for free (like IBM
done with RCU patents)
2. SCO forbids everyone to distribute linux without SCO's license and
thus makes linux UNDISTRIBUTABLE IS US FOR ALL INCLUDING SCO ITSELF!
There are NO other choices. Even if RedHat or IBM will buy license from
SCO they can not redistribute Linux ! If they'll try then EVERYONE who
EVER contributed to Linux can sue them. IBM, Intel, HP, SGI ...
Oh, of course all those companies can sue SCO for illegal redistribution
once SCO claims are proven :-) Since SCO obviously redistributed Linux
while agreements with other parties made it impossible for SCO to even
show code (or so SCO claims).
Why this side of the issue never discussed ? Why every columnist is
writing about how "Linux community doing nothing" when THE ONLY THING
Linux community CAN DO is to remove offending code and it's not possible
till SCO shows what code should be removed ?
Page editor: Forrest Cook